Add more remote vlan examples (#4433) (#4465)

- The existing suite was broken into two parts:
  - internal
  - vlan breaktrough
- Added OVS-forwarder example
- Added multiple NS example

Signed-off-by: Laszlo Kiraly <laszlo.kiraly@est.tech>

Co-authored-by: Szilard Vincze <szilard@est.home>

apps/nse-remote-vlan/nse-remote-vlan.yaml

@@ -21,22 +21,13 @@ spec:
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 5003
-              hostPort: 5003
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock
             - name: NSM_NAME
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.name
-            - name: NSM_CONNECT_TO
-              value: "registry:5002"
-            - name: NSM_SERVICES
-              value: "finance-bridge { vlan: 100; via: gw1}"
-            - name: NSM_CIDR_PREFIX
-              value: "172.10.0.0/24"
-            - name: NSM_IPV6_PREFIX
-              value: "100:200::/64"
             - name: NSM_POINT2POINT
               value: "False"
             - name: NSM_REGISTER_SERVICE

examples/remotevlan/README.md

@@ -1,80 +1,107 @@
 # NSM Remote Vlan Examples
 
-This setup can be used to check remote vlan mechanism. Contain basic setup for NSM that includes `nsmgr`, `registry-k8s`, `admission-webhook-k8s`, `nse-remote-vlan`. The `nse-remote-vlan` belongs to the nsm-system since does not have role in data-plane connection.
+This setup can be used to check remote vlan mechanism with both OVS and VPP forwarder. Contain basic setup for NSM that includes `nsmgr`, `registry-k8s`, `admission-webhook-k8s`, `nse-remote-vlan`. The `nse-remote-vlan` belongs to the nsm-system since does not have role in data-plane connection.
 
 ## Requires
 
 - [spire](../spire)
 
 ## Includes
 
+- [Remote VLAN mechanism using forwarder-ovs](./rvlanovs)
 - [Remote VLAN mechanism using forwarder-vpp](./rvlanvpp)
 
 ## Run
 
-1. Create secondary bridge network and connect kind-worker nodes:
-
-    ```bash
-    docker network create bridge-2
-    docker network connect bridge-2 kind-worker
-    docker network connect bridge-2 kind-worker2
-    ```
-
-2. Rename the newly generated interface to eth1 in both kind-workers:
-
-    ```bash
-    ifw1=$(echo $(docker exec kind-worker ip link | tail -2 | head -1) | cut -f1 -d"@" | cut -f2 -d" ")
-    docker exec kind-worker ip link set $ifw1 down
-    docker exec kind-worker ip link set $ifw1 name eth1
-    docker exec kind-worker ip link set eth1 up
-    ifw2=$(echo $(docker exec kind-worker2 ip link | tail -2 | head -1) | cut -f1 -d"@" | cut -f2 -d" ")
-    docker exec kind-worker2 ip link set $ifw2 down
-    docker exec kind-worker2 ip link set $ifw2 name eth1
-    docker exec kind-worker2 ip link set eth1 up
-    ```
-
-3. Create ns for deployments:
-
-    ```bash
-    kubectl create ns nsm-system
-    ```
-
-4. Apply NSM resources for basic tests:
-
-    ```bash
-    kubectl apply -k .
-    ```
-
-5. Wait for NSE application:
-
-    ```bash
-    kubectl -n nsm-system wait --for=condition=ready --timeout=2m pod -l app=nse-remote-vlan
-    ```
-
-6. Wait for admission-webhook-k8s:
-
-    ```bash
-    WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
-    kubectl wait --for=condition=ready --timeout=1m pod ${WH} -n nsm-system
-    ```
+Create secondary bridge network and connect kind-worker nodes:
+
+```bash
+docker network create bridge-2
+docker network connect bridge-2 kind-worker
+docker network connect bridge-2 kind-worker2
+```
+
+Rename the newly generated interface to eth1 in both kind-workers:
+
+```bash
+ifw1=$(echo $(docker exec kind-worker ip link | tail -2 | head -1) | cut -f1 -d"@" | cut -f2 -d" ")
+docker exec kind-worker ip link set $ifw1 down
+docker exec kind-worker ip link set $ifw1 name eth1
+docker exec kind-worker ip link set eth1 up
+ifw2=$(echo $(docker exec kind-worker2 ip link | tail -2 | head -1) | cut -f1 -d"@" | cut -f2 -d" ")
+docker exec kind-worker2 ip link set $ifw2 down
+docker exec kind-worker2 ip link set $ifw2 name eth1
+docker exec kind-worker2 ip link set eth1 up
+```
+
+Create ns for deployments:
+
+```bash
+kubectl create ns nsm-system
+```
+
+Create NSE patch:
+
+```bash
+cat > patch-nse.yaml <<EOF
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+    name: nse-remote-vlan
+spec:
+  template:
+    spec:
+      containers:
+        - name: nse
+          env:
+          - name: NSM_CONNECT_TO
+            value: "registry:5002"
+          - name: NSM_SERVICES
+            value: "finance-bridge { vlan: 100; via: gw1}"
+          - name: NSM_CIDR_PREFIX
+            value: "172.10.0.0/24"
+          - name: NSM_IPV6_PREFIX
+            value: "100:200::/64"
+EOF
+```
+
+Apply NSM resources for basic tests:
+
+```bash
+kubectl apply -k .
+```
+
+Wait for NSE application:
+
+```bash
+kubectl -n nsm-system wait --for=condition=ready --timeout=2m pod -l app=nse-remote-vlan
+```
+
+Wait for admission-webhook-k8s:
+
+```bash
+WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+kubectl wait --for=condition=ready --timeout=1m pod ${WH} -n nsm-system
+```
 
 ## Cleanup
 
-1. To free resources follow the next command:
+To free resources follow the next command:
 
-    ```bash
-    WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
-    kubectl delete mutatingwebhookconfiguration ${WH}
-    kubectl delete ns nsm-system
-    ```
+```bash
+WH=$(kubectl get pods -l app=admission-webhook-k8s -n nsm-system --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+kubectl delete mutatingwebhookconfiguration ${WH}
+kubectl delete ns nsm-system
+```
 
-2. Delete secondary network and kind-worker node connections:
+Delete secondary network and kind-worker node connections:
 
-    ```bash
-    docker network disconnect bridge-2 kind-worker
-    docker network disconnect bridge-2 kind-worker2
-    docker network rm bridge-2
-    docker exec kind-worker ip link del eth1
-    docker exec kind-worker2 ip link del eth1
-    true
-    ```
+```bash
+docker network disconnect bridge-2 kind-worker
+docker network disconnect bridge-2 kind-worker2
+docker network rm bridge-2
+docker exec kind-worker ip link del eth1
+docker exec kind-worker2 ip link del eth1
+true
+```

examples/remotevlan/kustomization.yaml

@@ -5,7 +5,10 @@ kind: Kustomization
 namespace: nsm-system
 
 bases:
-- ../../apps/nsmgr
-- ../../apps/registry-k8s
-- ../../apps/nse-remote-vlan
-- ../../apps/admission-webhook-k8s
+  - ../../apps/nsmgr
+  - ../../apps/registry-k8s
+  - ../../apps/nse-remote-vlan
+  - ../../apps/admission-webhook-k8s
+
+patchesStrategicMerge:
+  - patch-nse.yaml

examples/remotevlan/rvlanovs/README.md

@@ -0,0 +1,35 @@
+# NSM Remote Vlan OVS Forwarder
+
+Contains setup for `forwarder-ovs` and device configuration file for remote vlan mechanism.
+
+## Requires
+
+Make sure that you have completed steps from [remotevlan](../../remotevlan) setup.
+
+## Includes
+
+- [Kernel2RVlanInternal](../../use-cases/Kernel2RVlanInternal)
+- [Kernel2RVlanBreakout](../../use-cases/Kernel2RVlanBreakout)
+- [Kernel2RVlanMultiNS](../../use-cases/Kernel2RVlanMultiNS)
+
+## Run
+
+Deploy the forwarder:
+
+```bash
+kubectl apply -k .
+```
+
+Wait forwarder to start:
+
+```bash
+kubectl -n nsm-system wait --for=condition=ready --timeout=2m pod -l app=forwarder-ovs
+```
+
+## Cleanup
+
+Delete the forwarder:
+
+```bash
+kubectl delete -k .
+```

examples/remotevlan/rvlanovs/kustomization.yaml

@@ -0,0 +1,16 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: nsm-system
+
+bases:
+  - ../../../apps/forwarder-ovs
+
+configMapGenerator:
+  - name: device-selector
+    files:
+      - selector
+
+patchesStrategicMerge:
+  - patch-forwarder-ovs.yaml

examples/remotevlan/rvlanovs/patch-forwarder-ovs.yaml

@@ -0,0 +1,24 @@
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: forwarder-ovs
+spec:
+  template:
+    spec:
+      containers:
+        - name: forwarder-ovs
+          env:
+            - name: NSM_L2_RESOURCE_SELECTOR_FILE
+              value: /var/lib/networkservicemesh/device-selector.yaml
+          volumeMounts:
+            - name: devsel-vol
+              mountPath: /var/lib/networkservicemesh/device-selector.yaml
+              subPath: device-selector.yaml
+      volumes:
+      - name: devsel-vol
+        configMap:
+          name: device-selector
+          items:
+          - key: selector
+            path: device-selector.yaml

examples/remotevlan/rvlanovs/selector

@@ -0,0 +1,7 @@
+---
+interfaces:
+  - name: eth1
+    bridge: br0
+    matches:
+       - labelSelector:
+           - via: gw1

examples/remotevlan/rvlanvpp/README.md

@@ -8,7 +8,9 @@ Make sure that you have completed steps from [remotevlan](../../remotevlan) setu
 
 ## Includes
 
-- [Kernel2RVlan](../../use-cases/Kernel2RVlan)
+- [Kernel2RVlanInternal](../../use-cases/Kernel2RVlanInternal)
+- [Kernel2RVlanBreakout](../../use-cases/Kernel2RVlanBreakout)
+- [Kernel2RVlanMultiNS](../../use-cases/Kernel2RVlanMultiNS)
 
 ## Run
 
@@ -17,3 +19,17 @@ Deploy the forwarder:
 ```bash
 kubectl apply -k .
 ```
+
+Wait forwarder to start:
+
+```bash
+kubectl -n nsm-system wait --for=condition=ready --timeout=2m pod -l app=forwarder-vpp
+```
+
+## Cleanup
+
+Delete the forwarder:
+
+```bash
+kubectl delete -k .
+```

examples/remotevlan/rvlanvpp/kustomization.yaml

@@ -7,8 +7,9 @@ namespace: nsm-system
 bases:
 - ../../../apps/forwarder-vpp
 
-resources:
-  - device-selector.yaml
-
+configMapGenerator:
+  - name: device-selector
+    files:
+      - selector
 patchesStrategicMerge:
   - patch-forwarder-vpp.yaml

examples/remotevlan/rvlanvpp/selector

@@ -0,0 +1,6 @@
+---
+interfaces:
+  - name: eth1
+    matches:
+       - labelSelector:
+           - via: gw1