/fabedge

Secure Edge Networking Solution Based On Kubernetes

Primary LanguageGoApache License 2.0Apache-2.0

What is FabEdge

main Releases license

FabEdge is a secure edge networking solution based on Kubernetes. It enables cloud-edge, edge-edge collaboration and solves the problems including complex configuration management, network isolation, lack of topology-aware routing, etc.

FabEdge supports weak transport network, such as 4/5G, WiFi,LoRa, etc. It is suitable for scenarios such as IoT (Internet of Things), IoV (Internet of Vehicles), etc.

Features

  • Kubernetes Native: Compatible with Kubernetes, transparent to applications.
  • Automatic Address Management:Management of the subnets allocation and IP address assignment for edge containers.
  • Cloud-Edge/Edge-Edge Collaboration: Secure tunnels between cloud-edge, edge-edge nodes for synergy.
  • Edge Node Community Control: Use CRD of “community” to control which edge nodes can communicate with each others.
  • Topology-aware service: Improve service latency by giving higher priority to local endpoints, while still able to access endpoints in remote cloud.

Advantages

  • Standard: fully compatible with Kubernetes, support any cluster, any application, plug and play.
  • Secure: all communication over secure IPSec tunnels with certificate based authentication.
  • Easy to use: designed using operator pattern, minimized ongoing operation effort.

How it works

fabedge-arch-v2

  • The cloud can be any Kubernetes cluster with supported CNI network plug-in, including Calico, Flannel, etc.
  • FabEdge builds a layer 3 data plane with tunnels in additional to the control plan managed by KubeEdge, SuperEdge, OpenYurt,etc.
  • Fabedge consists of three key components: Operators, Connector and Agent
  • Operator monitors k8s resources such as node, service, and endpoint in the cloud, and creates a configmap for each edge node, which contains the configuration information such as the subnet, tunnel, and load balancing rules. The operator is also responsible to manage the life cycle of agent pod for each edge node.
  • Connector is responsible to terminate the tunnels from edge nodes, and forward traffic between the cloud and the edge. It relies on the cloud CNI plug-in to forward traffic to other non-connector nodes in the cloud.
  • The edge node uses the existing k8s CNI plug-in bridge and host-local.
  • Each edge node runs an agent and consumes its own configmap including the following functions:
    • Manage the configuration file of the CNI plug-in of this node
    • Manage the tunnels of this node
    • Manage the load balancing rules of this node

FabEdge vs Calico/Flannel

Fabedge is different from generic Kubernetes network plug-ins such as Calico/Flannel. As in the above architecture diagram, Calico/Flannel is used in the cloud for communication between cloud nodes. Fabedge is a complement to it for the edge-cloud, edge-edge communication.

Guides

See the docs.

Meeting

Regular community meeting at 2nd and 4th Thursday of every month

Resources:
Meeting notes and agenda
Meeting recordings:bilibili channel

Contact

Any question, feel free to reach us in the following ways:

· Email: fabedge@beyondcent.com
· Scan the QR code to join WeChat Group

License

FabEdge is under the Apache 2.0 license. See the LICENSE file for details.