Skip to content

Californium as k8s service

Jump to bottom Edit New page
Achim Kraus edited this page Nov 4, 2021 · 17 revisions

In the last years, k8s got very common to run applications in the cloud. Though at the begin UDP was rarely supported, this was changed and now many cloud-providers, not all, provide also support for UDP.

A k8s application is provided as containers and the maintained and orchestrated by k8s using REST APIs or kubectl.

Containers

Using Californium as Container requires some tools to build such a container. One common tool is docker. You find installation instructions here.

Each Container is described by a Dockerfile. Californium requires a java runtime to be executed, so the easiest way is to start with that in the Dockerfile:

FROM docker.io/openjdk:11-jre-slim

After that, prepare a folder and copy the Californium jar together with adjusted Californium3???.properties into the Container.

RUN mkdir /opt/app
COPY ./service/build ./CaliforniumReceivetest3.properties ./target/cf-extplugtest-server-3.0.0.jar /opt/app/

The define the network interface:

#EXPOSE 5683/udp
#EXPOSE 5683/tcp
#EXPOSE 5684/udp
#EXPOSE 5684/tcp
EXPOSE 5783/udp
#EXPOSE 5783/tcp
EXPOSE 5784/udp
#EXPOSE 5784/tcp
EXPOSE 5884/udp
EXPOSE 5884/tcp
EXPOSE 8080/tcp

CoAP uses 5683 and 5684 as default ports. The main protocol is UDP, TCP is only implemented experimental. The examples only exposes 5783/udp and 5784/udp, because the extended-plugtest-server is listening on these interfaces. 5884/udp is used for Californium internal CID cluster support, 5884/tcp to download credentials for dtls graceful restart. And 8080/tcp used by k8s for liveness and readiness checks.

Finally, the java process is started with

WORKDIR /opt/app
CMD ["java", "-XX:+UseContainerSupport", "-XX:MaxRAMPercentage=75", "-jar", "./cf-extplugtest-server-3.0.0.jar", "--no-plugtest", "--no-tcp", "--benchmark", "--k8s-dtls-cluster", ":5784;:5884;5884", "--k8s-monitor", ":8080", "--k8s-restore", ":5884"]

(See cf-extplugtest-server for further details.)

To create the container from that Dockerfile, execute

docker build . -f service/Dockerfile

assuming, the current directory contains the CaliforniumReceivetest3.properties a service folder with the Dockerfile, and a target folder with the Californium jar. If all works well, you now have a Container in your local docker installation.

k8s

Depending on your usage, you may install a local k8s implementation, e.g. minikube or microk8s. Or you use a managed k8s of your cloud provider.

For comments and improvements, just create a New Issue here in this repository.

cf_64

Resources

Education - Courses - Tutorials

Links to research information about CoAP and DTLS 1.2

History of reported Attacks around CoAP and DTLS

Installation

Californium - running the sandbox locally for integration tests

Californium as old style unix systemd service

Californium as k8s service

General

Logs and IP Capturing ‐ How To Provide The Right Information

DTLS 1.2 based firewall

DTLS 1.2 connection ID bypassing NATs

DTLS 1.2 connection ID based load balancer

CoAP over TCP - RFC 8323

Clone this wiki locally