Awesome
weave-endpoint
Download resources to deploy Weave Net
Raison d'etre
Since the Weave Cloud was shut down in September 2022, the recommended method of installing the Weave Net CNI plugin became unavailable. This project was started to recreate that method.
On February 5th, 2024, Weaveworks CEO Alexis Richardson announced via LinkedIn and Twitter that Weaveworks is winding down. A fork, rajch/weave was already being maintained at that point. This project now serves manifests that use images created from that fork.
This project is currently hosted on a Free-tier Azure Web App, accessible at https://reweave.azurewebsites.net/
.
How to use
Weave Net can now be installed on a kubernetes cluster using:
KUBEVER=$(kubectl version | base64 | tr -d '\n')
kubectl apply -f https://reweave.azurewebsites.net/k8s/net?k8s-version=$KUBEVER
OR
kubectl apply -f https://reweave.azurewebsites.net/k8s/v1.25/net.yaml
where the v1.25
part can be replaced with any kubernetes version down to 1.8.
Customising the manifest
You can customise the YAML you get by passing some of Weave Net's options, arguments and environment variables as query parameters. Note: This is a work in progress. The parameters that have been implemented are called out below.
-
version
: Weave Net's version. Default:latest
, i.e. latest release. N.B.: This only changes the specified version inside the generated YAML file, it does not ensure that the rest of the YAML is compatible with that version. To freeze the YAML version save a copy of the YAML file from the release page and use that copy instead of downloading it each time. Note: This is implemented. -
password-secret
: name of the Kubernetes secret containing your password. N.B.: The Kubernetes secret name, and the name of the key containing your password must be the same - the value of this parameter. Example:$ echo "Swordfish" > /var/lib/weave/weave-passwd $ kubectl create secret -n kube-system generic weave-passwd --from-file=/var/lib/weave/weave-passwd
The resulting Secret object will look like this:
apiVersion: v1 kind: Secret metadata: name: weave-passwd data: weave-passwd: U3dvcmRmaXNoCg==
Then, the value of the
password-secret
parameter can be set toweave-passwd
, like this:$ kubectl apply -f "https://reweave.azurewebsites.net/k8s/v1.25/net.yaml&password-secret=weave-passwd"
Note: This is implemented.
-
known-peers
: comma-separated list of hosts. Default: empty. -
trusted-subnets
: comma-separated list of CIDRs. Default: empty. -
disable-npc
: boolean (true|false
). Default:false
. Note: This is implemented. -
env.NAME=VALUE
: add environment variableNAME
and set it toVALUE
. Note: This is implemented, for the allowed set of variables. -
seLinuxOptions.NAME=VALUE
: add SELinux optionNAME
and set it toVALUE
, e.g.seLinuxOptions.type=spc_t
. Note: This is implemented, but no sanity check on SELinux options.
The list of variables you can set is:
CHECKPOINT_DISABLE
- if set to 1, disable checking for new Weave Net versions (default is 1, i.e. check is disabled)CONN_LIMIT
- soft limit on the number of connections between peers. Defaults to 200.HAIRPIN_MODE
- Weave Net defaults to enabling hairpin on the bridge side of theveth
pair for containers attached. If you need to disable hairpin, e.g. your kernel is one of those that can panic if hairpin is enabled, then you can disable it by settingHAIRPIN_MODE=false
.IPALLOC_RANGE
- the range of IP addresses used by Weave Net and the subnet they are placed in (CIDR format; default10.32.0.0/12
)EXPECT_NPC
- set to 0 to disable Network Policy Controller (default is on)KUBE_PEERS
- list of addresses of peers in the Kubernetes cluster (default is to fetch the list from the api-server)IPALLOC_INIT
- set the initialization mode of the IP Address Manager (defaults to consensus amongst theKUBE_PEERS
)WEAVE_EXPOSE_IP
- set the IP address used as a gateway from the Weave network to the host network - this is useful if you are configuring the addon as a static pod.WEAVE_METRICS_ADDR
- address and port that the Weave Net daemon will serve Prometheus-style metrics on (defaults to 0.0.0.0:6782)WEAVE_PASSWORD
- shared key to use during session key generation to encrypt traffic between peers. It is recommended that you use thepassword-secret
parameter defined above instead.WEAVE_STATUS_ADDR
- address and port that the Weave Net daemon will serve status requests on (defaults to disabled)WEAVE_MTU
- Weave Net defaults to 1376 bytes, but you can set a smaller size if your underlying network has a tighter limit, or set a larger size for better performance if your network supports jumbo frames - more details coming soon from/site/tasks/manage/fastdp.md#mtu
.NO_MASQ_LOCAL
- set to 0 to disable preserving the client source IP address when accessing Service annotated withservice.spec.externalTrafficPolicy=Local
. This feature works only with Weave IPAM (default).IPTABLES_BACKEND
- set tonft
to usenftables
backend foriptables
(default isiptables
)
Example:
$ kubectl apply -f "https://reweave.azurewebsites.net/k8s/v1.28/net.yaml?env.WEAVE_MTU=1337"
This command -- notice ?env.WEAVE_MTU=1337
at the end of the URL -- generates a YAML file containing, among other things:
[...]
containers:
- name: weave
[...]
env:
- name: WEAVE_MTU
value: '1337'
[...]
Note: The YAML file can also be saved for later use or manual editing by using, for example:
$ curl -fsSLo weave-daemonset.yaml "https://reweave.azurewebsites.net/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
Finally, the weave
script can be downloaded using:
curl -fsSLo weave "https://reweave.azurewebsites.net/get-weave"