This folder contains a set of files that can be used to deploy Contiv-VPP network plugin on Kubernetes.
The main deployment file that can be used to deploy Contiv-VPP network plugin using kubeadm
:
# deploy
kubectl apply -f contiv-vpp.yaml
# undeploy
kubectl delete -f contiv-vpp.yaml
Optionally you can edit contiv-vpp.yaml
to deploy the dev-contiv-vswitch image, built
in local environment with ../docker/build-all.sh
.
sed -i "s@image: contivvpp/vswitch@image: dev-contiv-vswitch:<your image version>@g" ./contiv-vpp.yaml
This manifest can be generated and updated from the contiv-vpp helm chart:
make generate-manifest
And optionally, a new manifest can be generated with different configuration values than the defaults in contiv-vpp/values.yaml:
helm template --name contiv-vpp contiv-vpp \
--set vswitch.image.repository=dev-contiv-vswitch \
--set vswitch.image.tag=<your image version> > dev-contiv-vpp.yaml
Which can be deployed/undeployed using the above kubectl steps on your newly generated manifest.
To use the development image for testing with specific version of VPP, see DEVIMAGE.md.
contiv.yaml
Configuration file for Contiv agent is deployed via the Config map contiv-agent-cfg
into the location /etc/agent/contiv.yaml
of vSwitch. It includes several options
allowing to customize the network connectivity between pods, such as the configuration
of interfaces and allocation of IP addresses.
-
Pod-to-VPP connectivity (top-level options)
TCPstackDisabled
: if the flag is set totrue
, neither VPP TCP stack nor STN is configured and only VETHs or TAPs are used to connect Pods with VPPTCPChecksumOffloadDisabled
: disable checksum offloading for eth0 of every deployed podUseL2Interconnect
: use pure L2 node interconnect instead of VXLANsUseTAPInterfaces
: use TAP interfaces instead of VETHs for Pod-to-VPP and VPP-to-Host interconnectionTAPInterfaceVersion
: select1
to use the standard VPP TAP interface or2
for a faster, virtio-based, VPP TAPv2 interface (default);StealInterface
: enable Steal The NIC feature on the specified interface on each node;``StealFirstNIC
: enable Steal The NIC feature on the first interface on each node;TAPv2RxRingSize
: number of entries to allocate for TAPv2 Rx ring (default is 256)TAPv2TxRingSize
: number of entries to allocate for TAPv2 Tx ring (default is 256)NatExternalTraffic
: if enabled, traffic with cluster-outside destination is S-NATed with the node IP before being sent out from the node (applies for all nodes)MTUSize
: maximum transmission unit (MTU) size (default is 1500)ServiceLocalEndpointWeight
: how much more likely a service local endpoint is to receive connection over a remotely deployed one (default is1
, i.e. equal distribution)
-
IPAM (section
IPAMConfig
)PodSubnetCIDR
: subnet used for all pods across all nodesPodIfIPCIDR
: subnet CIDR for VPP-side POD addressesPodNetworkPrefixLen
: subnet prefix length used for all pods of 1 k8s node (pod network = pod subnet for one k8s node);VPPHostSubnetCIDR
: subnet used in each node for VPP-to-host connectivity;VPPHostNetworkPrefixLen
: prefix length of the subnet used for VPP-to-host connectivity on 1 k8s node (VPPHost network = VPPHost subnet for one k8s node)NodeInterconnectCIDR
: subnet used for main interfaces of all nodesNodeInterconnectDHCP
: use DHCP to acquire IP for all nodes by defaultVxlanCIDR
: subnet used for VXLAN addressing providing node-interconnect overlayServiceCIDR
: subnet used for allocation of Cluster IPs for services. Default value is the default kubernetes service range10.96.0.0/12
-
Node configuration (section
NodeConfig
; one entry for each node)NodeName
: name of a Kubernetes node;MainVPPInterface
: name of the interface to be used for node-to-node connectivity. IP address is allocated fromHostNodeSubnetCidr
defined in the IPAM section OR can be specified manually:InterfaceName
: name of the main interface;IP
: IP address to be attached to the main interface;UseDHCP
: acquire IP address using DHCP (beware: the change of IP address is not supported)
StealInterface
: name of the interface in the Linux host stack, that should be "stolen" and used by VPP;OtherVPPInterfaces
(other configured interfaces only get IP address assigned in VPP)InterfaceName
: name of the interface;IP
: IP address to be attached to the interface;
Gateway
: IP address of the default gateway for external traffic, if it needs to be configured;NatExternalTraffic
: if enabled, traffic with cluster-outside destination is S-NATed with the node IP before being sent out from the node.
Contiv-VPP STN daemon installer / uninstaller, that can be used as follows:
# install
./stn-install.sh
# uninstall
./stn-install.sh --uninstall
This script can be used to pull the newest version of the :latest
tag of all Docker images
that Contiv-VPP plugin uses. This may be needed in case that you have already used Contiv-VPP plugin
on the host before and have the old (outdated) versions of docker images stored locally.
This script simplifies the setup of multi-node cluster - installs DPDK kernel module, pull the images, interactively creates startup config for vpp,... It has to be executed on each node of the cluster.
./setup-node.sh
#########################################
# Contiv - VPP #
#########################################
Do you want to setup multinode cluster? [Y/n] y
PCI UIO driver is loaded
The following network devices were found
1) eth0 0000:00:03.0
2) eth1 0000:00:08.0
3) eth2 0000:00:09.0
Select interface for node interconnect [1-3]:3
Device 'eth2' must be shutdown, do you want to proceed? [Y/n] y
unix {
nodaemon
cli-listen /run/vpp/cli.sock
cli-no-pager
poll-sleep-usec 100
}
nat {
endpoint-dependent
translation hash buckets 1048576
translation hash memory 268435456
user hash buckets 1024
max translations per user 10000
}
dpdk {
dev 0000:00:09.0
}
File /etc/vpp/contiv-vswitch.conf will be modified, do you want to proceed? [Y/n] y
Do you want to pull the latest images? [Y/n] y
latest: Pulling from contivvpp/vswitch
Digest: sha256:51d875236ae4e59d03805900875b002f539fec8ab68b94156ba47cad3fef8630
Status: Image is up to date for contivvpp/vswitch:latest
latest: Pulling from contivvpp/ksr
Digest: sha256:abf120fd901af3c8e265c5ddab9f918823999f5cd934ea8b7538c2e0b30411c2
Status: Image is up to date for contivvpp/ksr:latest
latest: Pulling from contivvpp/cni
Digest: sha256:7330227f9d7c717f6c0ecf1e214488af8e419123eca9332889712fd81a78be50
Status: Image is up to date for contivvpp/cni:latest
In order to use Kubernetes services custom Kube-proxy is required, do you want to install it? [Y/n] y
v1.8.0: Pulling from contivvpp/kube-proxy
Digest: sha256:eabddcb0c3cf8be21d1254547601dbfebd4a4a20472acf3b993467e55aaa4eeb
Status: Image is up to date for contivvpp/kube-proxy:v1.8.0
v1.8.1: Pulling from contivvpp/kube-proxy
Digest: sha256:32b436584115ef9da70b721b43285893c10eacec7e56e4b2111f193733847ee1
Status: Image is up to date for contivvpp/kube-proxy:v1.8.1
v1.8.2: Pulling from contivvpp/kube-proxy
Digest: sha256:11f9ee588accf7d05a98d415426f7e9dc0aedc604eba24073adfacae864cbc9b
Status: Image is up to date for contivvpp/kube-proxy:v1.8.2
v1.8.3: Pulling from contivvpp/kube-proxy
Digest: sha256:12c5936c2428fcdce182a41f8f7982540d7d3f8498aff263e4433506e07f8ce3
Status: Image is up to date for contivvpp/kube-proxy:v1.8.3
v1.8.4: Pulling from contivvpp/kube-proxy
Digest: sha256:50bf7bfc1d4b6732b41a234f9697b0e7db30d310f4c94c288eb43c3070d91073
Status: Image is up to date for contivvpp/kube-proxy:v1.8.4
Configuration of the node finished successfully.