Verifying Configuration for CNI for Kubernetes
Use the verification steps in this topic to view and verify your configuration of Contrail Container Network Interface (CNI) for Kubernetes.
View Pod Name and IP Address
Use the following command to view the IP address allocated to a pod.
[root@device ~]# kubectl get pods --all-namespaces -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE default client-1 1/1 Running 0 19d 10.47.25.247 k8s-minion-1-3 default client-2 1/1 Running 0 19d 10.47.25.246 k8s-minion-1-1 default client-x 1/1 Running 0 19d 10.84.21.272 k8s-minion-1-1
Verify Reachability of Pods
Perform the following steps to verify if the pods are reachable to each other.
Verify If Isolated Namespace-Pods Are Not Reachable
Perform the following steps to verify if pods in isolated namespaces cannot be reached by pods in non-isolated namespaces.
Verify If Non-Isolated Namespace-Pods Are Reachable
Perform the following steps to verify if pods in non-isolated namespaces can be reached by pods in isolated namespaces.
Verify If a Namespace is Isolated
Namespace annotations are used to turn on isolation in a Kubernetes
namespace. In isolated Kubernetes namespaces, the namespace metadata
is annotated with the opencontrail.org/isolation : true
annotation.
Use the following command to view annotations on a namespace.
[root@a7s16 ~]# kubectl describe namespace test-isolated-ns Name: test-isolated-ns Labels: <none> Annotations: opencontrail.org/isolation : true Namespace is isolated Status: Active