Create Client Pods
Now let’s create two Ubuntu Pods, one in each network using the following annotation object:
#left-ubuntu-sc.yaml apiVersion: v1 kind: Pod metadata: name: left-ubuntu-sc labels: app: webapp-sc annotations: k8s.v1.cni.cncf.io/networks: '[ { "name": "vn-left" }]' spec: containers: - name: ubuntu-left-pod-sc image: contrailk8sdayone/ubuntu securityContext: privileged: true capabilities: add: - NET_ADMIN #right-ubuntu-sc.yaml apiVersion: v1 kind: Pod metadata: name: right-ubuntu-sc labels: app: webapp-sc annotations: k8s.v1.cni.cncf.io/networks: '[ { "name": "vn-right" }]' spec: containers: - name: ubuntu-right-pod-sc image: contrailk8sdayone/ubuntu securityContext: privileged: true capabilities: add: - NET_ADMIN # kubectl create -f right-ubuntu-sc.yaml # kubectl create -f left- ubuntu-sc.yaml # kubectl get pod NAME READY STATUS RESTARTS AGE left-ubuntu-sc 1/1 Running 0 25h right-ubuntu-sc 1/1 Running 0 25h # kubectl describe pod Name: left-ubuntu-sc Namespace: default Priority: 0 PriorityClassName: <none> Node: cent22/10.85.188.17 Start Time: Thu, 13 Jun 2019 03:40:20 -0400 Labels: app=webapp-sc Annotations: k8s.v1.cni.cncf.io/ network-status: [ { "ips": "10.10.10.1", "mac": "02:7d:b1:09:00:8d", "name": "vn-left" }, { "ips": "10.47.255.249", "mac": "02:7d:99:ff:62:8d", "name": "cluster-wide-default" } ] k8s.v1.cni.cncf.io/networks: [ { "name": "vn-left" }] Status: Running IP: 10.47.255.249 Containers: ubuntu-left-pod-sc: Container ID: docker://2f9a22568d844c68a1c4a45de4a81478958233052e 08d4473742827482b244cd Image: contrailk8sdayone/ubuntu Image ID: docker-pullable://contrailk8sdayone/ubuntu@sha256:fa2930cb8f4b766e5b335dfa42de510ecd30af6433ceada14cdaae8de9065d2a ...<snipped>... Name: right-ubuntu-sc Namespace: default Priority: 0 PriorityClassName: <none> Node: cent22/10.85.188.17 Start Time: Thu, 13 Jun 2019 04:09:18 -0400 Labels: app=webapp-sc Annotations: k8s.v1.cni.cncf.io/ network-status: [ { "ips": "10.20.20.1", "mac": "02:89:cc:86:48:8d", "name": "vn-right" }, { "ips": "10.47.255.252", "mac": "02:89:b0:8e:98:8d", "name": "cluster-wide-default" } ] k8s.v1.cni.cncf.io/networks: [ { "name": "vn-right" }] Status: Running IP: 10.47.255.252 Containers: ubuntu-right-pod-sc: Container ID: docker://4e0b6fa085905be984517a11c3774517d01f481fa 43aadd76a633ef15c58cbfe Image: contrailk8sdayone/ubuntu Image ID: docker-pullable://contrailk8sdayone/ubuntu@sha256:fa2930cb8f4b766e5b335dfa42de510ecd30af6433ceada14cdaae8de9065d2a ...<snipped>...
Create cSRX Pod
Now create a Juniper cSRX container that has one interface on the left network and one interface on the right network, using this YAML file:
Confirm that the interface placement is in the correct network:
# kubectl describe pod csrx1-sc Name: csrx1-sc Namespace: default Priority: 0 PriorityClassName: <none> Node: cent22/10.85.188.17 Start Time: Thu, 13 Jun 2019 03:40:31 -0400 Labels: app=webapp-sc Annotations: k8s.v1.cni.cncf.io/ network-status: [ { "ips": "10.10.10.2", "mac": "02:84:71:f4:f2:8d", "name": "vn-left" }, { "ips": "10.20.20.2", "mac": "02:84:8b:4c:18:8d", "name": "vn-right" }, { "ips": "10.47.255.248", "mac": "02:84:59:7e:54:8d", "name": "cluster-wide-default" } ] k8s.v1.cni.cncf.io/networks: [ { "name": "vn-left" }, { "name": "vn-right" } ] Status: Running IP: 10.47.255.248 Containers: csrx1-sc: Container ID: docker://82b7605172d937895269d76850d083b6dc6e278e41cb45b4cb8cee21283e4f17 Image: contrailk8sdayone/csrx Image ID: docker://sha256:329e805012bdf081f4a15322f994e5e3116b31c90f108a19123cf52710c7617e ...<snipped>...
Each container has one interface belonging to cluster-wide-default network regardless of the use of the annotations object because the annotations object above creates, and puts one extra interface in, a specific network.
Verify PodIP
To verify the podIP, log in to the left pord, right Pod and the cSRX to confirm the IP/MAC addresses:
# kubectl exec -it left-ubuntu-sc bash root@left-ubuntu-sc:/# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 13: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:7d:99:ff:62:8d brd ff:ff:ff:ff:ff:ff inet 10.47.255.249/12 scope global eth0 valid_lft forever preferred_lft forever 15: eth1@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:7d:b1:09:00:8d brd ff:ff:ff:ff:ff:ff inet 10.10.10.1/24 scope global eth1 valid_lft forever preferred_lft forever # kubectl exec -it right-ubuntu-sc bash root@right-ubuntu-sc:/# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 23: eth0@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:89:b0:8e:98:8d brd ff:ff:ff:ff:ff:ff inet 10.47.255.252/12 scope global eth0 valid_lft forever preferred_lft forever 25: eth1@if26: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default link/ether 02:89:cc:86:48:8d brd ff:ff:ff:ff:ff:ff inet 10.20.20.1/24 scope global eth1 valid_lft forever preferred_lft forever # kubectl exec - it csrx1-sc cli root@csrx1-sc> root@csrx1-sc> show interfaces Physical interface: ge-0/0/1, Enabled, Physical link is Up Interface index: 100 Link-level type: Ethernet, MTU: 1514 Current address: 02:84:71:f4:f2:8d, Hardware address: 02:84:71:f4:f2:8d Physical interface: ge-0/0/0, Enabled, Physical link is Up Interface index: 200 Link-level type: Ethernet, MTU: 1514 Current address: 02:84:8b:4c:18:8d, Hardware address: 02:84:8b:4c:18:8d
Unlike other pods the cSRX didn’t acquire IP with DHCP, and it starts with the factory default configuration hence it needs to be configured.
By default, cSRX eth0 is visible only from the shell and used for management. When attaching networks, the first attached network is mapped to eth1, which is GE-0/0/1, and the second attached is mapped to eth2, which is GE-0/0/0.