Automate SFC testing is done in 3 steps
Bring up the vagrant machines
vagrant up
Deploy k8s cluster with Nodus network controller
vagrant provision --provision-with deployment
Bring up the demo
vagrant provision --provision-with demo
This project offers a means for deploying a Kubernetes cluster that satisfies the requirements of Nodus sfc setup
This project uses Vagrant tool for provisioning Virtual Machines automatically. The setup bash script contains the Linux instructions to install dependencies and plugins required for its usage. This script supports two Virtualization technologies (Libvirt and VirtualBox).
$ sudo ./setup.sh -p libvirt
There is a default.yml in the ./config directory which creates multiple vm.
Once Vagrant is installed, it's possible to provision a vm using the following instructions:
$ vagrant up
In-depth documentation and use cases of various Vagrant commands Vagrant commands is available on the Vagrant site.
Install the docker in the master, minion01 and minion02 vm.
Follow the steps in create cluster kubeadm to create kubernetes cluster in master
In the master vm run the kubeadm init as below. The nodus uses same pod network cidr 10.233.64.0/18.
Join minion01 and minion02 by running the kubeadm join on each node as root as mentioned in create cluster kubeadm
Please follow the Nodus installation steps - nodus installation
ssh into the TM1 vm and run the following command to attach TM1 to the left provider network.
$ ip addr flush dev eth1
$ ip link add link eth1 name eth1.100 type vlan id 100
$ ip link set dev eth1.100 up
$ ip addr add 172.30.10.101/24 dev eth1.100
$ ip route del default
$ ip route add default via 172.30.10.3
ssh into the TM2 vm and run the following command to attach TM2 to the right provider network.
$ ip addr flush dev eth1
$ ip link add link eth1 name eth1.200 type vlan id 200
$ ip link set dev eth1.200 up
$ ip addr add 172.30.20.2/24 dev eth1.200
Run the following commands to create virtual router
$ ip route add 172.30.10.0/24 via 172.30.20.3
$ ip route add 172.30.33.0/24 via 172.30.20.3
$ ip route add 172.30.44.0/24 via 172.30.20.3
$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$ iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
$ iptables -A FORWARD -i eth1.200 -o eth0 -j ACCEPT
Deploy the SDEWAN controller in cluster
$ git clone https://github.com/akraino-edge-stack/icn-sdwan.git
$ cd icn-sdwan/platform/crd-ctrlr
$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v0.11.0/cert-manager.yaml --validate=false
$ kubectl apply -f examples/sdewan-controller.yaml
From TM1 try to ping google.com, the ping operation will fails.
Deploy the SFC as following
$ kubectl apply -f demo/sfc-setup/deploy/sfc-virtual-network.yaml
$ kubectl apply -f demo/sfc-setup/deploy/slb-ngfw-sdewan-cnf-deployment.yaml
$ kubectl apply -f demo/sfc-setup/deploy/ms1.yaml
This show the test scenario we created in this demo.
Pinging for goole.com or curl example.com should fail in both ms1 and TM1
$ kubectl apply -f demo/sfc-setup/deploy/sfc.yaml
Pinging for google.com or curl example.com should be successful in both ms1 and TM1
Let try to apply icmp reject rule in SDEWAN cnf
$ kubectl apply -f demo/sfc-setup/deploy/firewall-dyn-net-2.yaml
$ kubectl apply -f demo/sfc-setup/deploy/firewall-right-pnetwork.yaml
$ kubectl apply -f demo/sfc-setup/deploy/firewall-rule-reject-icmp-right-pnetwork.yaml
Pinging for google.com will fail and curl example.com should be successful in both ms1 and TM1
Apache-2.0