exclude-prefixes

Test kernel to kernel connection with excluded prefixes

This example shows kernel to kernel example where we excluded 2 prefixes from provided IP prefix range.

NSC and NSE are using the kernel mechanism to connect to its local forwarder.

Requires

Make sure that you have completed steps from basic or memory setup.

Run

Create test namespace:

NAMESPACE=($(kubectl create -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/91e80e8e4531562720d50ea9e84a82299813db65/examples/use-cases/namespace.yaml)[0])
NAMESPACE=${NAMESPACE:10}

Select node to deploy NSC and NSE:

NODE=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints  }}{{index .metadata.labels "kubernetes.io/hostname"}} {{end}}{{end}}')[0])

Create customization file:

cat > kustomization.yaml <<EOF
---
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

namespace: ${NAMESPACE}

bases:
- https://github.com/networkservicemesh/deployments-k8s/apps/nsc-kernel?ref=91e80e8e4531562720d50ea9e84a82299813db65
- https://github.com/networkservicemesh/deployments-k8s/apps/nse-kernel?ref=91e80e8e4531562720d50ea9e84a82299813db65

patchesStrategicMerge:
- patch-nsc.yaml
- patch-nse.yaml
EOF

Create NSC patch:

cat > patch-nsc.yaml <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nsc-kernel
spec:
  template:
    spec:
      containers:
        - name: nsc
          env:
            - name: NSM_NETWORK_SERVICES
              value: kernel://icmp-responder/nsm-1
      nodeName: ${NODE}
EOF

Create NSE patch:

cat > patch-nse.yaml <<EOF
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nse-kernel
spec:
  template:
    spec:
      containers:
        - name: nse
          env:
            - name: NSM_CIDR_PREFIX
              value: 172.16.1.100/30
      nodeName: ${NODE}
EOF

Create config map with excluded prefixes

kubectl apply -f exclude-prefixes-config-map.yaml

Deploy NSC and NSE:

kubectl apply -k .

Wait for applications ready:

kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-kernel -n ${NAMESPACE}

kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-kernel -n ${NAMESPACE}

Find nsc and nse pods by labels:

NSC=$(kubectl get pods -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')

NSE=$(kubectl get pods -l app=nse-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')

Ping from NSC to NSE:

kubectl exec ${NSC} -n ${NAMESPACE} -- ping -c 4 172.16.1.100

Ping from NSE to NSC:

kubectl exec ${NSE} -n ${NAMESPACE} -- ping -c 4 172.16.1.103

Cleanup

Delete ns:

kubectl delete configmap excluded-prefixes-config
kubectl delete ns ${NAMESPACE}