This document will help you configure two Vagrant boxes in a Kubernetes cluster with a master and a worker node. You will also deploy the Network Service Mesh components in the cluster.
You can find instructions for your operation systems in the links below:
If you have another Linux distribution or prefer to go with the upstream, make sure you have the following dependencies installed:
git clone https://github.com/networkservicemesh/networkservicemesh
cd networkservicemeshThen we'll configure a Kubernetes cluster. A master and a worker node will be launched in two separate Vagrant machines. The Network Service Mesh components will then be deployed to the cluster.
Start the Vagrant machines:
make vagrant-startEnsure your kubectl is configured to point to Vagrant's Kubernetes cluster:
source scripts/vagrant/env.shAll commands have been wrapped in make machining tooling.
First, let's build the Docker images of the various components of Network Service Mesh:
make k8s-saveLoad the images on the Vagrant Machines.
make k8s-load-imagesThe core Network Service Mesh infrastructure is deployed via Helm with the following command:
make helm-init
make helm-install-nsmThe following check should show two nsmgr, two nsm-vpp-forwarder, and one nsm-admission-webhook pod
kubectl get pods -n nsm-system
NAME READY STATUS RESTARTS AGE
nsm-admission-webhook-8597995474-2p7vc 1/1 Running 0 2m4s
nsm-vpp-forwarder-9lfnv 1/1 Running 0 2m5s
nsm-vpp-forwarder-w424k 1/1 Running 0 2m5s
nsmgr-5mkr2 3/3 Running 0 2m5s
nsmgr-gc976 3/3 Running 0 2m5sThis will allow you to see your Network Service Mesh daemonset running:
kubectl get daemonset nsmgr -n nsm-system
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
nsmgr 2 2 2 2 2 <none> 19mmake helm-install-nsm-monitoringWhen deployed successfully two skydive-agent, one skydive-analyzer, one crossconnect-monitor and one jaeger pod will be running in the nsm-system namespace.
kubectl get pods -n nsm-system
NAME READY STATUS RESTARTS AGE
crossconnect-monitor-57dcf588dd-qk2n9 1/1 Running 0 43s
jaeger-f5d6744c5-t2tc8 1/1 Running 0 43s
skydive-agent-hr9xh 1/1 Running 0 43s
skydive-agent-jxmm9 1/1 Running 0 43s
skydive-analyzer-778fc98897-9cr5w 1/1 Running 0 43sNow that we have the NSM infrastructure deployed, we can proceed with deploying some of the examples.
- The basic ICMP example is deployed like this:
make helm-install-endpoint helm-install-client- The VPN service composition example is deployed with:
make helm-install-vpnBoth of the examples can be verified by running a simple check:
-
icmp-responder
make k8s-icmp-check
-
vpn
make k8s-vpn-check
-
For ICMP you should see ping succeeding as below:
./scripts/nsc_ping_all.sh
===== >>>>> PROCESSING nsc-84799b768f-99wgf <<<<< ===========
PING 10.20.1.2 (10.20.1.2): 56 data bytes
64 bytes from 10.20.1.2: seq=0 ttl=64 time=6.313 ms
--- 10.20.1.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.313/6.313/6.313 ms
NSC nsc-84799b768f-99wgf with IP 10.20.1.1/30 pinging icmp-responder-nse TargetIP: 10.20.1.2 successful
===== >>>>> PROCESSING nsc-84799b768f-d82w5 <<<<< ===========
PING 10.20.1.2 (10.20.1.2): 56 data bytes
64 bytes from 10.20.1.2: seq=0 ttl=64 time=1.015 ms
--- 10.20.1.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 1.015/1.015/1.015 ms
NSC nsc-84799b768f-d82w5 with IP 10.20.1.1/30 pinging icmp-responder-nse TargetIP: 10.20.1.2 successful
===== >>>>> PROCESSING nsc-84799b768f-ktm4w <<<<< ===========
PING 10.30.1.2 (10.30.1.2): 56 data bytes
64 bytes from 10.30.1.2: seq=0 ttl=64 time=3.199 ms
--- 10.30.1.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 3.199/3.199/3.199 ms
NSC nsc-84799b768f-ktm4w with IP 10.30.1.1/30 pinging vppagent-icmp-responder-nse TargetIP: 10.30.1.2 successful
===== >>>>> PROCESSING nsc-84799b768f-wvxwt <<<<< ===========
PING 10.30.1.2 (10.30.1.2): 56 data bytes
64 bytes from 10.30.1.2: seq=0 ttl=64 time=6.070 ms
--- 10.30.1.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 6.070/6.070/6.070 ms
NSC nsc-84799b768f-wvxwt with IP 10.30.1.1/30 pinging vppagent-icmp-responder-nse TargetIP: 10.30.1.2 successful- Validating the VPN example will output the following:
===== >>>>> PROCESSING vpn-gateway-nsc-5458d48c86-zh4xf <<<<< ===========
PING 10.60.1.2 (10.60.1.2): 56 data bytes
64 bytes from 10.60.1.2: seq=0 ttl=64 time=11.728 ms
--- 10.60.1.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 11.728/11.728/11.728 ms
NSC vpn-gateway-nsc-5458d48c86-zh4xf with IP 10.60.1.1/30 pinging vpn-gateway-nse TargetIP: 10.60.1.2 successful
Connecting to 10.60.1.2:80 (10.60.1.2:80)
null 100% |*******************************| 112 0:00:00 ETA
NSC vpn-gateway-nsc-5458d48c86-zh4xf with IP 10.60.1.1/30 accessing vpn-gateway-nse TargetIP: 10.60.1.2 TargetPort:80 successful
Connecting to 10.60.1.2:8080 (10.60.1.2:8080)
wget: download timed out
command terminated with exit code 1
NSC vpn-gateway-nsc-5458d48c86-zh4xf with IP 10.60.1.1/30 blocked vpn-gateway-nse TargetIP: 10.60.1.2 TargetPort:8080
All check OK. NSC vpn-gateway-nsc-5458d48c86-zh4xf behaving as expected.