diff --git a/docs/README.en.md b/docs/README.en.md
index 37251488f..b4d22e1cf 100644
--- a/docs/README.en.md
+++ b/docs/README.en.md
@@ -8,7 +8,7 @@ To solve this problem, EgressGateway has been introduced into the k8s cluster. I
## Architecture
-
+
## Why EgressGateway
diff --git a/docs/README.zh.md b/docs/README.zh.md
index 4f5a11be4..7184fbb2f 100644
--- a/docs/README.zh.md
+++ b/docs/README.zh.md
@@ -5,7 +5,7 @@
## 架构
-
+
## 为什么选择 EgressGateway
diff --git a/docs/backends.md b/docs/backends.md
deleted file mode 100644
index 6be308a69..000000000
--- a/docs/backends.md
+++ /dev/null
@@ -1,9 +0,0 @@
-# egressgateway
-
-## Background
-
-
-
-Starting with 2021, we received some feedback as follows.
-
-There are two clusters A and B. Cluster A is VMWare-based and runs mainly Database workloads, and Cluster B is a Kubernetes cluster. Some applications in Cluster B need to access the database in Cluster A, and the network administrator wants the cluster Pods to be managed through an egress gateway.
diff --git a/docs/concepts/Architecture.en.md b/docs/concepts/Architecture.en.md
index 1cc832b8f..77df6ed15 100644
--- a/docs/concepts/Architecture.en.md
+++ b/docs/concepts/Architecture.en.md
@@ -2,7 +2,7 @@
EgressGateway consists of two parts: the control plane and the data plane. The control plane is composed of four control loops, and the data plane is composed of three. The control plane is deployed as a Deployment, supporting multiple replicas for high availability, and the data plane is deployed as a DaemonSet. The control loops are as follows in the diagram below:
-
+
## Controller
diff --git a/docs/concepts/Architecture.zh.md b/docs/concepts/Architecture.zh.md
index 9de784d38..1e220aa8e 100644
--- a/docs/concepts/Architecture.zh.md
+++ b/docs/concepts/Architecture.zh.md
@@ -1,6 +1,6 @@
EgressGateway 由控制面和数据面 2 部分组成,控制面由 4 个控制循环组成,数据面由 3 个控制循环组成。控制面以 Deployment 方式部署,支持多副本高可用,数据面以 DaemonSet 的方式部署。控制循环具体如下图:
-
+
## 控制器
diff --git a/docs/proposal/01-egress-gateway/Agent-Reconcile-Flow.png b/docs/images/Agent-Reconcile-Flow.png
similarity index 100%
rename from docs/proposal/01-egress-gateway/Agent-Reconcile-Flow.png
rename to docs/images/Agent-Reconcile-Flow.png
diff --git a/docs/proposal/01-egress-gateway/Controller-Reconcile-Flow.png b/docs/images/Controller-Reconcile-Flow.png
similarity index 100%
rename from docs/proposal/01-egress-gateway/Controller-Reconcile-Flow.png
rename to docs/images/Controller-Reconcile-Flow.png
diff --git a/docs/proposal/01-egress-gateway/Egress-Gateway-Datapath.png b/docs/images/Egress-Gateway-Datapath.png
similarity index 100%
rename from docs/proposal/01-egress-gateway/Egress-Gateway-Datapath.png
rename to docs/images/Egress-Gateway-Datapath.png
diff --git a/docs/Egress-Gateway.png b/docs/images/Egress-Gateway.png
similarity index 100%
rename from docs/Egress-Gateway.png
rename to docs/images/Egress-Gateway.png
diff --git a/docs/proposal/03-egress-ip/arch.png b/docs/images/arch.png
similarity index 100%
rename from docs/proposal/03-egress-ip/arch.png
rename to docs/images/arch.png
diff --git a/docs/architecture.png b/docs/images/architecture.png
similarity index 100%
rename from docs/architecture.png
rename to docs/images/architecture.png
diff --git a/docs/architecture02.png b/docs/images/architecture02.png
similarity index 100%
rename from docs/architecture02.png
rename to docs/images/architecture02.png
diff --git a/docs/speed.svg b/docs/images/speed.svg
similarity index 100%
rename from docs/speed.svg
rename to docs/images/speed.svg
diff --git a/docs/proposal/06-underlay-cni-supports/underlay_datapath.png b/docs/images/underlay_datapath.png
similarity index 100%
rename from docs/proposal/06-underlay-cni-supports/underlay_datapath.png
rename to docs/images/underlay_datapath.png
diff --git a/docs/proposal/06-underlay-cni-supports/underlay_error_reply_datapath.png b/docs/images/underlay_error_reply_datapath.png
similarity index 100%
rename from docs/proposal/06-underlay-cni-supports/underlay_error_reply_datapath.png
rename to docs/images/underlay_error_reply_datapath.png
diff --git a/docs/proposal/06-underlay-cni-supports/underlay_reply_datapath.png b/docs/images/underlay_reply_datapath.png
similarity index 100%
rename from docs/proposal/06-underlay-cni-supports/underlay_reply_datapath.png
rename to docs/images/underlay_reply_datapath.png
diff --git a/docs/proposal/06-underlay-cni-supports/underlay_send_datapath.png b/docs/images/underlay_send_datapath.png
similarity index 100%
rename from docs/proposal/06-underlay-cni-supports/underlay_send_datapath.png
rename to docs/images/underlay_send_datapath.png
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index e685d2f1c..80daa5336 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -89,6 +89,7 @@ nav:
- Failover: usage/EgressGatewayFailover.md
- Move EgressIP: usage/MoveIP.md
- Run EgressGateway on Aliyun Cloud: usage/Aliyun.md
+ - Troubleshooting: usage/Troubleshooting.md
- Concepts:
- Architecture: concepts/Architecture.md
- Datapath: concepts/Datapath.md
@@ -102,7 +103,6 @@ nav:
- CRD EgressClusterInfo: reference/EgressClusterInfo.md
- egctl cli: reference/egctl.md
- metrics: reference/metrics.md
- - Troubleshooting: Troubleshooting.md
- Development:
- DataFlow: develop/Dataflow.md
- Contribute: develop/Contribute.md
diff --git a/docs/proposal/01-egress-gateway/Egress-Gateway.png b/docs/proposal/01-egress-gateway/Egress-Gateway.png
deleted file mode 100644
index 8d2f7bdff..000000000
Binary files a/docs/proposal/01-egress-gateway/Egress-Gateway.png and /dev/null differ
diff --git a/docs/proposal/01-egress-gateway/EgressGateway.md b/docs/proposal/01-egress-gateway/EgressGateway.md
index acc50b736..143bd1ce0 100644
--- a/docs/proposal/01-egress-gateway/EgressGateway.md
+++ b/docs/proposal/01-egress-gateway/EgressGateway.md
@@ -90,7 +90,7 @@ spec:
### Datapath
-
+
A combination of vxlan tunnel, ipset, iptables, route is required to complete policy control.
@@ -162,12 +162,12 @@ iptables -t nat -I POSTROUTING 1 -m mark --mark 0x12000000 -j ACCEPT -m comment
Controller consists of Webhook Validator and Reconcile Flow.
-
+
Controller has 2 control processes, the first Watch cluster nodes, generate tunnel IP address and MAC address for Node, then `Create` or `Update` EgressTunnel CR Status. The second control flow watch `EgressTunnel` and `Egressgateway`, sync match node list from `labelSelector`, election egress gateway node.
### Agent
-
+
Agent has two control processes, the first Watch `EgressTunnel` CR, which manages node tunnel, and node tunnel is a pluggable interface that can be replaced by Geneve. The second control process manages datapath policy, which watches `EgressTunnel`, `EgressGateway` and `Egresspolicy`, and sends them to the host through the police interface. It is currently implemented by a combination of *ipset*, *iptables*, and *route*, and it can be replaced by *eBPF*.
diff --git a/docs/proposal/03-egress-ip/README.en.md b/docs/proposal/03-egress-ip/README.en.md
index 5133833ba..33c9770b6 100644
--- a/docs/proposal/03-egress-ip/README.en.md
+++ b/docs/proposal/03-egress-ip/README.en.md
@@ -338,4 +338,4 @@ When an EIP is not used by a policy, it will be recycled, recycling means delete
#### Code Design
-
+
diff --git a/docs/proposal/03-egress-ip/README_zh-CN.md b/docs/proposal/03-egress-ip/README_zh-CN.md
index 90ab6ad78..9b3304a87 100644
--- a/docs/proposal/03-egress-ip/README_zh-CN.md
+++ b/docs/proposal/03-egress-ip/README_zh-CN.md
@@ -315,5 +315,5 @@ data:
#### 代码设计
-
+
diff --git a/docs/proposal/06-underlay-cni-supports/README.en.md b/docs/proposal/06-underlay-cni-supports/README.en.md
index 3c375d97a..fccdcfb19 100644
--- a/docs/proposal/06-underlay-cni-supports/README.en.md
+++ b/docs/proposal/06-underlay-cni-supports/README.en.md
@@ -12,7 +12,7 @@ EgressGateway supports nanotube traffic in an Underlay CNI environment.
As shown in the diagram, the datapath for the round-trip Underlay access to the external Server is: "Process <-> A <-> B <-> Server".
-
+
The EgressGateway's rules don't work at all, and in order to pipe the Underlay traffic, two things need to be addressed, hijacking the traffic to the Pod's host and avoiding routing asymmetric messages from being dropped when the answering traffic arrives at the Pod's host
@@ -30,13 +30,13 @@ Thing 2, you can route, iptables, etc. to forward the matched traffic to the hos
As shown in the figure, by adding a new veth pair and routing the traffic through the veth to the host, the datapath is actually the same as the overlay.
-
+
### Reply datapath
As shown in the figure, the datapath returned is "Server->D->C->B->E->Process"
-
+
- The srcIP=ServerIP, dstIP=EIP of the message as it passes through the D-segment datapath to the EgressGateway.
- The C datapath looks up the connection tracking table and NATs the message, srcIP=ServerIP, dstIP=PodIP.
@@ -80,7 +80,7 @@ iptables -t mangle -A POSTROUTING -m mark --mark 0x27 -j MARK --set-mark 0x00
As shown in the figure, after the above rule, the new answer datapath is "Server->D->C->B->A->Process"
-
+
The biggest difference is that from the gateway node to the node where the Pod is located, it is through the EgressGateway tunnel, and after the message arrives at the node where the Pod is located, it is forwarded to the Pod from the veth pair through the route, and the spiderpool will send out the corresponding route when it creates the veth pair for the Pod, or it can send out the corresponding route through the agent. The spiderpool will issue the corresponding route while creating the veth pair for the Pod, or it can issue the corresponding routing rules through the agent. Because it passes through the host's network stack. This avoids the routing asymmetry problem.
diff --git a/docs/proposal/06-underlay-cni-supports/README_zh-CN.md b/docs/proposal/06-underlay-cni-supports/README_zh-CN.md
index a7e4c548d..51641bacc 100644
--- a/docs/proposal/06-underlay-cni-supports/README_zh-CN.md
+++ b/docs/proposal/06-underlay-cni-supports/README_zh-CN.md
@@ -11,7 +11,7 @@ EgressGateway 支持纳管 Underlay CNI 环境下的流量
## 需要解决的问题
如图所示,Underlay 访问外部 Server 来回的 datapath 为:"Process <-> A <-> B <-> Server"。
-
+
EgressGateway 的规则根本不生效,要想将 Underlay 的流量进行纳管,则需要解决两件事,将流量劫持到 Pod 的所在的主机上,及当应答的流量到达 Pod 所在主机时,避免路由不对称报文被丢弃
@@ -30,13 +30,13 @@ EgressGateway 的规则根本不生效,要想将 Underlay 的流量进行纳
如图所示,通过新增 veth pair,并通过路由将流量通过 veth 转发到主机上,此时的 datapath 与 overlay 其实是一样的。
-
+
### 应答 datapath
如图所示,返回的 datapath 为 "Server->D->C->B->E->Process"
-
+
- 报文经过 D 段 datapath 到达 EgressGateway 时的 srcIP=ServerIP、dstIP=EIP
- C 段 datapath 会查询连接跟踪表,会将报文进行 NAT,srcIP=ServerIP、dstIP=PodIP
@@ -80,7 +80,7 @@ iptables -t mangle -A POSTROUTING -m mark --mark 0x27 -j MARK --set-mark 0x00
如图所示,经过上面的规则,新的应答 datapath 为 "Server->D->C->B->A->Process"
-
+
最大的不同就是,从网关节点到 Pod 所在节点,是通过 EgressGateway 隧道,报文到达 Pod 所在节点后,通过路由指定从 veth pair 转发给 Pod,spiderpool 在前面给 Pod 创建 veth pair 的同时,会下发对应的路由,或者可以通过 agent 下发相应的路由规则。因为经过了主机的网络协议栈。从而规避了路由不对称问题
diff --git a/docs/Troubleshooting.en.md b/docs/usage/Troubleshooting.en.md
similarity index 98%
rename from docs/Troubleshooting.en.md
rename to docs/usage/Troubleshooting.en.md
index a65d5df2c..3a1d7119e 100644
--- a/docs/Troubleshooting.en.md
+++ b/docs/usage/Troubleshooting.en.md
@@ -24,7 +24,7 @@ The following are the data from our stress tests using bare metal servers.
| case2 | egress vxlan -> egress vxlan | `9.11 Gbits/sec sender - 9.09 Gbits/sec receiver` |
| case3 | pod -> egress node -> target | `9.01 Gbits/sec sender - 8.98 Gbits/sec receiver` |
-
+
#### Virtual machine
diff --git a/docs/Troubleshooting.zh.md b/docs/usage/Troubleshooting.zh.md
similarity index 98%
rename from docs/Troubleshooting.zh.md
rename to docs/usage/Troubleshooting.zh.md
index 5e984a923..ce0fbdfcf 100644
--- a/docs/Troubleshooting.zh.md
+++ b/docs/usage/Troubleshooting.zh.md
@@ -24,7 +24,7 @@ EgressGateway 使用了 vxlan 隧道,经过测试 vxlan 损耗在 10% 左右
| case2 | egress vxlan -> egress vxlan | `9.11 Gbits/sec sender - 9.09 Gbits/sec receiver` |
| case3 | pod -> egress node -> target | `9.01 Gbits/sec sender - 8.98 Gbits/sec receiver` |
-
+
#### 虚拟机