bpfnet

This repository is for educational purposes only.

• Do not use it in production.
• The goal is to learn how Kubernetes networking works by experimenting directly.
• Features, safety checks, and test coverage are intentionally minimal.

What this project currently does

• Creates a netkit interface pair for each pod
• Keeps interfaces in BLACKHOLE policy until an eBPF program is attached
• Allocates pod IPs sequentially from 10.0.0.0/24
• Ships a Helm chart and local-dev workflow for a single-node kind cluster

Tested scope (very basic)

At the moment, validated scenarios are only:

• Ping between two pods
• Ping from a pod to 8.8.8.8

Anything beyond this should be considered untested.

Requirements

• Linux kernel >= 6.7 (first kernel line with netkit support)

Recommended local run

From the repository root:

make run-kind

This is the recommended command for local testing. It will create a kind cluster with bpfnet CNI installed by default.

You can install a couple of pods with:

kubectl apply -f ./test/e2e/testdata/simple_app.yaml
# Wait for the pods to be ready and try a ping
kubectl exec -it client -- ping -c 1 8.8.8.8

Manual kind setup (alternative)

If you prefer, you can create the cluster yourself and deploy components manually:

kind create cluster --config ./kind-cluster.yaml
docker build -t ghcr.io/tmp/bpfnet:latest .
kind load docker-image ghcr.io/tmp/bpfnet:latest
helm install bpfnet ./charts/bpfnet

Then deploy your test workloads and verify connectivity.

Build binaries

make build-all

E2E connectivity tests (Kind-first)

You can run Kubernetes end-to-end connectivity tests using:

make test-e2e-kind

Regenerate protobuf files

protoc \
  --go_out=. --go_opt=paths=source_relative \
  --go-grpc_out=. --go-grpc_opt=paths=source_relative \
  ./proto/agentcniservice/v1/agent_cni_service.proto