-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Kernel2Kernel and Memif2Memif IPv6 examples
Signed-off-by: Artem Belov <artem.belov@xored.com>
- Loading branch information
Artem Belov
committed
Mar 22, 2021
1 parent
8003763
commit df16d16
Showing
4 changed files
with
269 additions
and
129 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,128 @@ | ||
| # Test kernel to kernel connection | ||
|
|
||
|
|
||
| This example shows that NSC and NSE on the one node can find each other by ipv6 addresses. | ||
|
|
||
| NSC and NSE are using the `kernel` mechanism to connect to its local forwarder. | ||
|
|
||
| ## Run | ||
|
|
||
| Create test namespace: | ||
| ```bash | ||
| NAMESPACE=($(kubectl create -f ../../namespace.yaml)[0]) | ||
| NAMESPACE=${NAMESPACE:10} | ||
| ``` | ||
|
|
||
| Register namespace in `spire` server: | ||
| ```bash | ||
| kubectl exec -n spire spire-server-0 -- \ | ||
| /opt/spire/bin/spire-server entry create \ | ||
| -spiffeID spiffe://example.org/ns/${NAMESPACE}/sa/default \ | ||
| -parentID spiffe://example.org/ns/spire/sa/spire-agent \ | ||
| -selector k8s:ns:${NAMESPACE} \ | ||
| -selector k8s:sa:default | ||
| ``` | ||
|
|
||
| Select node to deploy NSC and NSE: | ||
| ```bash | ||
| NODE=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{index .metadata.labels "kubernetes.io/hostname"}} {{end}}{{end}}')[0]) | ||
| ``` | ||
|
|
||
| Create customization file: | ||
| ```bash | ||
| cat > kustomization.yaml <<EOF | ||
| --- | ||
| apiVersion: kustomize.config.k8s.io/v1beta1 | ||
| kind: Kustomization | ||
| namespace: ${NAMESPACE} | ||
| bases: | ||
| - ../../../../apps/nsc-kernel | ||
| - ../../../../apps/nse-kernel | ||
| patchesStrategicMerge: | ||
| - patch-nsc.yaml | ||
| - patch-nse.yaml | ||
| EOF | ||
| ``` | ||
|
|
||
| Create NSC patch: | ||
| ```bash | ||
| cat > patch-nsc.yaml <<EOF | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: nsc | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: nsc | ||
| env: | ||
| - name: NSM_NETWORK_SERVICES | ||
| value: kernel://icmp-responder/nsm-1 | ||
| nodeSelector: | ||
| kubernetes.io/hostname: ${NODE} | ||
| EOF | ||
| ``` | ||
|
|
||
| Create NSE patch: | ||
| ```bash | ||
| cat > patch-nse.yaml <<EOF | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: nse | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: nse | ||
| env: | ||
| - name: NSE_CIDR_PREFIX | ||
| value: 2001:db8::/116 | ||
| nodeSelector: | ||
| kubernetes.io/hostname: ${NODE} | ||
| EOF | ||
| ``` | ||
|
|
||
| Deploy NSC and NSE: | ||
| ```bash | ||
| kubectl apply -k . | ||
| ``` | ||
|
|
||
| Wait for applications ready: | ||
| ```bash | ||
| kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc -n ${NAMESPACE} | ||
| ``` | ||
| ```bash | ||
| kubectl wait --for=condition=ready --timeout=1m pod -l app=nse -n ${NAMESPACE} | ||
| ``` | ||
|
|
||
| Find NSC and NSE pods by labels: | ||
| ```bash | ||
| NSC=$(kubectl get pods -l app=nsc -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') | ||
| ``` | ||
| ```bash | ||
| NSE=$(kubectl get pods -l app=nse -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') | ||
| ``` | ||
|
|
||
| Check connectivity: | ||
| ```bash | ||
| kubectl exec ${NSC} -n ${NAMESPACE} -- ping -c 4 2001:db8:: | ||
| ``` | ||
|
|
||
| Check connectivity: | ||
| ```bash | ||
| kubectl exec ${NSE} -n ${NAMESPACE} -- ping -c 4 2001:db8::1 | ||
| ``` | ||
|
|
||
| ## Cleanup | ||
|
|
||
| Delete ns: | ||
| ```bash | ||
| kubectl delete ns ${NAMESPACE} | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,131 @@ | ||
| # Test memif to memif connection | ||
|
|
||
| This example shows that NSC and NSE on the one node can find each other by ipv6 addresses. | ||
|
|
||
| NSC and NSE are using the `memif` mechanism to connect to its local forwarder. | ||
|
|
||
| ## Run | ||
|
|
||
| Create test namespace: | ||
| ```bash | ||
| NAMESPACE=($(kubectl create -f ../../namespace.yaml)[0]) | ||
| NAMESPACE=${NAMESPACE:10} | ||
| ``` | ||
|
|
||
| Register namespace in `spire` server: | ||
| ```bash | ||
| kubectl exec -n spire spire-server-0 -- \ | ||
| /opt/spire/bin/spire-server entry create \ | ||
| -spiffeID spiffe://example.org/ns/${NAMESPACE}/sa/default \ | ||
| -parentID spiffe://example.org/ns/spire/sa/spire-agent \ | ||
| -selector k8s:ns:${NAMESPACE} \ | ||
| -selector k8s:sa:default | ||
| ``` | ||
|
|
||
| Select node to deploy NSC and NSE: | ||
| ```bash | ||
| NODE=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{index .metadata.labels "kubernetes.io/hostname"}} {{end}}{{end}}')[0]) | ||
| ``` | ||
|
|
||
| Create customization file: | ||
| ```bash | ||
| cat > kustomization.yaml <<EOF | ||
| --- | ||
| apiVersion: kustomize.config.k8s.io/v1beta1 | ||
| kind: Kustomization | ||
| namespace: ${NAMESPACE} | ||
| bases: | ||
| - ../../../../apps/nsc-memif | ||
| - ../../../../apps/nse-memif | ||
| patchesStrategicMerge: | ||
| - patch-nsc.yaml | ||
| - patch-nse.yaml | ||
| EOF | ||
| ``` | ||
|
|
||
| Create NSC patch: | ||
| ```bash | ||
| cat > patch-nsc.yaml <<EOF | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: nsc | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: nsc | ||
| env: | ||
| - name: NSM_NETWORK_SERVICES | ||
| value: memif://icmp-responder/nsm-1 | ||
| nodeSelector: | ||
| kubernetes.io/hostname: ${NODE} | ||
| EOF | ||
| ``` | ||
|
|
||
| Create NSE patch: | ||
| ```bash | ||
| cat > patch-nse.yaml <<EOF | ||
| --- | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: nse | ||
| spec: | ||
| template: | ||
| spec: | ||
| containers: | ||
| - name: nse | ||
| env: | ||
| - name: NSE_CIDR_PREFIX | ||
| value: 2001:db8::/116 | ||
| nodeSelector: | ||
| kubernetes.io/hostname: ${NODE} | ||
| EOF | ||
| ``` | ||
|
|
||
| Deploy NSC and NSE: | ||
| ```bash | ||
| kubectl apply -k . | ||
| ``` | ||
|
|
||
| Wait for applications ready: | ||
| ```bash | ||
| kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc -n ${NAMESPACE} | ||
| ``` | ||
| ```bash | ||
| kubectl wait --for=condition=ready --timeout=1m pod -l app=nse -n ${NAMESPACE} | ||
| ``` | ||
|
|
||
| Find NSC and NSE pods by labels: | ||
| ```bash | ||
| NSC=$(kubectl get pods -l app=nsc -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') | ||
| ``` | ||
| ```bash | ||
| NSE=$(kubectl get pods -l app=nse -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}') | ||
| ``` | ||
|
|
||
| Check connectivity: | ||
| ```bash | ||
| result=$(kubectl exec "${NSC}" -n "${NAMESPACE}" -- vppctl ping ipv6 2001:db8:: repeat 4) | ||
| echo ${result} | ||
| ! echo ${result} | grep -E -q "(100% packet loss)|(0 sent)|(no egress interface)" | ||
| ``` | ||
|
|
||
| Check connectivity: | ||
| ```bash | ||
| result=$(kubectl exec "${NSE}" -n "${NAMESPACE}" -- vppctl ping ipv6 2001:db8::1 repeat 4) | ||
| echo ${result} | ||
| ! echo ${result} | grep -E -q "(100% packet loss)|(0 sent)|(no egress interface)" | ||
| ``` | ||
|
|
||
| ## Cleanup | ||
|
|
||
| Delete ns: | ||
| ```bash | ||
| kubectl delete ns ${NAMESPACE} | ||
| ``` |
Oops, something went wrong.