From kube-dc
Manage Kube-DC networking resources — create External IPs (EIp), Floating IPs (FIp), and understand VPC networking. Includes decision guide for choosing between EIP and FIP.
npx claudepluginhub kube-dc/kube-dc-public --plugin kube-dcThis skill uses the workspace's default tool permissions.
- Target project must exist and be Ready
Create a new Kube-DC project with isolated VPC networking inside an existing organization. Handles network type selection (cloud vs public), organization verification, and project manifest generation.
Generates Kubernetes NetworkPolicy manifests for zero-trust networking, ingress/egress rules using pod labels, namespaces, CIDRs, and ports.
Provides expert guidance on modern cloud networking, security architectures, load balancing, DNS, service discovery, and SSL/TLS for AWS, Azure, GCP.
Share bugs, ideas, or general feedback.
{org}-{project}externalNetworkType: public EIPs, check publicIPv4 quota first — use the check-quota skill (no burst; hard limit per plan)An IP address allocated from an external network pool. Used with LoadBalancer services to expose apps.
A 1:1 NAT mapping from a public IP directly to a VM or pod. Traffic goes straight to the target — no LoadBalancer needed.
Every project gets {namespace}/default — an isolated Kube-OVN subnet. All VMs and pods connect here.
| Need | → Use |
|---|---|
| Expose a Service (HTTP/TCP/UDP) | EIp + LoadBalancer (or Gateway Route) |
| Direct IP access to a VM | FIp with vmTarget |
| Multiple services on one IP | EIp + multiple LoadBalancer services |
| Dedicated IP per VM | FIp (one FIP per VM interface) |
| SSH to a VM | FIp OR EIp + LoadBalancer port 22 |
apiVersion: kube-dc.com/v1
kind: EIp
metadata:
name: {eip-name}
namespace: {project-namespace}
spec:
externalNetworkType: public # public = routable internet IP
# cloud = shared NAT pool IP
See @eip-template.yaml
annotations:
service.nlb.kube-dc.com/bind-on-eip: "{eip-name}"
apiVersion: kube-dc.com/v1
kind: FIp
metadata:
name: {fip-name}
namespace: {project-namespace}
spec:
externalNetworkType: public
vmTarget:
vmName: {vm-name}
interfaceName: default
See @fip-template.yaml
kubectl get fip {fip-name} -n {project-namespace}
# Shows allocated external IP in status
kubectl get eip -n {project-namespace}
kubectl get fip -n {project-namespace}
kubectl get svc -n {project-namespace}
After creating networking resources:
# 1. Check EIP has allocated IP
kubectl get eip {eip-name} -n {project-namespace} -o jsonpath='{.status.ipAddress}'
# Expected: allocated IP address
# 2. Check EIP phase
kubectl get eip {eip-name} -n {project-namespace} -o jsonpath='{.status.phase}'
# Expected: Active
# 1. Check FIP has allocated IP
kubectl get fip {fip-name} -n {project-namespace} -o jsonpath='{.status.ipAddress}'
# Expected: allocated public IP
# 2. Check FIP is bound to target
kubectl get fip {fip-name} -n {project-namespace} -o jsonpath='{.status.phase}'
# Expected: Active
# 3. Test connectivity to VM via FIP
ping -c 3 {fip-external-ip}
ssh -i /tmp/vm_ssh_key {os-user}@{fip-external-ip}
Success: IP allocated, phase Active.
Failure: kubectl describe eip|fip {name} -n {project-namespace} — check events.
externalNetworkType: public auto-create an EIP — don't manually create bothexternalNetworkType: public when you need internet-routable IPsexternalNetworkType: cloud for internal/NAT-only access