Add multi forwarder examples

apps/nsc-kernel/nsc.yaml

@@ -2,17 +2,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nsc
+  name: nsc-kernel
   labels:
-    app: nsc
+    app: nsc-kernel
 spec:
   selector:
     matchLabels:
-      app: nsc
+      app: nsc-kernel
   template:
     metadata:
       labels:
-        app: nsc
+        app: nsc-kernel
     spec:
       containers:
         - name: nsc

apps/nsc-memif/nsc.yaml

@@ -2,17 +2,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nsc
+  name: nsc-memif
   labels:
-    app: nsc
+    app: nsc-memif
 spec:
   selector:
     matchLabels:
-      app: nsc
+      app: nsc-memif
   template:
     metadata:
       labels:
-        app: nsc
+        app: nsc-memif
     spec:
       containers:
         - name: nsc

apps/nsc-vfio/nsc.yaml

@@ -2,17 +2,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nsc
+  name: nsc-vfio
   labels:
-    app: nsc
+    app: nsc-vfio
 spec:
   selector:
     matchLabels:
-      app: nsc
+      app: nsc-vfio
   template:
     metadata:
       labels:
-        app: nsc
+        app: nsc-vfio
     spec:
       containers:
         - name: pinger

apps/nse-kernel/nse.yaml

@@ -2,17 +2,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nse
+  name: nse-kernel
   labels:
-    app: nse
+    app: nse-kernel
 spec:
   selector:
     matchLabels:
-      app: nse
+      app: nse-kernel
   template:
     metadata:
       labels:
-        app: nse
+        app: nse-kernel
     spec:
       containers:
         - name: nse

apps/nse-memif/nse.yaml

@@ -2,17 +2,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nse
+  name: nse-memif
   labels:
-    app: nse
+    app: nse-memif
 spec:
   selector:
     matchLabels:
-      app: nse
+      app: nse-memif
   template:
     metadata:
       labels:
-        app: nse
+        app: nse-memif
     spec:
       containers:
         - name: nse

apps/nse-vfio/nse.yaml

@@ -2,17 +2,17 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nse
+  name: nse-vfio
   labels:
-    app: nse
+    app: nse-vfio
 spec:
   selector:
     matchLabels:
-      app: nse
+      app: nse-vfio
   template:
     metadata:
       labels:
-        app: nse
+        app: nse-vfio
     spec:
       hostNetwork: true
       containers:

examples/features/.gitignore

@@ -0,0 +1,3 @@
+**/kustomization.yaml
+**/patch-nsc.yaml
+**/patch-nse.yaml

examples/features/ipv6/Kernel2Kernel/README.md

@@ -54,7 +54,7 @@ cat > patch-nsc.yaml <<EOF
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nsc
+  name: nsc-kernel
 spec:
   template:
     spec:
@@ -75,7 +75,7 @@ cat > patch-nse.yaml <<EOF
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nse
+  name: nse-kernel
 spec:
   template:
     spec:
@@ -96,18 +96,18 @@ kubectl apply -k .
 
 Wait for applications ready:
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc -n ${NAMESPACE}
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-kernel -n ${NAMESPACE}
 ```
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nse -n ${NAMESPACE}
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-kernel -n ${NAMESPACE}
 ```
 
 Find NSC and NSE pods by labels:
 ```bash
-NSC=$(kubectl get pods -l app=nsc -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSC=$(kubectl get pods -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 ```bash
-NSE=$(kubectl get pods -l app=nse -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSE=$(kubectl get pods -l app=nse-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 
 Check connectivity:

examples/features/ipv6/Memif2Memif/README.md

@@ -53,7 +53,7 @@ cat > patch-nsc.yaml <<EOF
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nsc
+  name: nsc-memif
 spec:
   template:
     spec:
@@ -74,7 +74,7 @@ cat > patch-nse.yaml <<EOF
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nse
+  name: nse-memif
 spec:
   template:
     spec:
@@ -95,18 +95,18 @@ kubectl apply -k .
 
 Wait for applications ready:
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc -n ${NAMESPACE}
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-memif -n ${NAMESPACE}
 ```
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nse -n ${NAMESPACE}
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-memif -n ${NAMESPACE}
 ```
 
 Find NSC and NSE pods by labels:
 ```bash
-NSC=$(kubectl get pods -l app=nsc -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSC=$(kubectl get pods -l app=nsc-memif -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 ```bash
-NSE=$(kubectl get pods -l app=nse -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSE=$(kubectl get pods -l app=nse-memif -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 
 Check connectivity:

examples/features/opa/README.md

@@ -64,7 +64,7 @@ cat > patch-nsc.yaml <<EOF
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nsc
+  name: nsc-kernel
 spec:
   template:
     spec:
@@ -87,7 +87,7 @@ cat > patch-nse.yaml <<EOF
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: nse
+  name: nse-kernel
 spec:
   template:
     spec:
@@ -107,19 +107,19 @@ kubectl apply -k .
 ```
 
 8. Wait for applications ready:
-```bash 
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc -n ${NAMESPACE}
+```bash
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-kernel -n ${NAMESPACE}
 ```
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nse -n ${NAMESPACE}
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-kernel -n ${NAMESPACE}
 ```
 
 9. Find nsc and nse pods by labels:
 ```bash
-NSC=$(kubectl get pods -l app=nsc -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSC=$(kubectl get pods -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 ```bash
-NSE=$(kubectl get pods -l app=nse -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSE=$(kubectl get pods -l app=nse-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 
 10. Check that NSC is not privileged and it cannot connect to NSE.

examples/multiforwarder/README.md

@@ -0,0 +1,42 @@
+## Requires
+
+- [spire](../spire)
+
+## Includes
+
+- [VFIO Connection](../use-cases/Vfio2Noop)
+- [Kernel Connection](../use-cases/SriovKernel2Noop)
+- [Memif to Memif Connection](../use-cases/Memif2Memif)
+- [Kernel to Kernel Connection](../use-cases/Kernel2Kernel)
+- [Kernel to VXLAN to Kernel Connection](../use-cases/Kernel2Vxlan2Kernel)
+- [Kernel to Kernel Connection & VFIO Connection](../use-cases/Kernel2Kernel&Vfio2Noop)
+- [Kernel to VXLAN to Kernel Connection & VFIO Connection](../use-cases/Kernel2Vxlan2Kernel&Vfio2Noop)
+
+## Run
+
+Create ns for deployments:
+```bash
+kubectl create ns nsm-system
+```
+
+Register `nsm-system` namespace in spire:
+```bash
+kubectl exec -n spire spire-server-0 -- \
+/opt/spire/bin/spire-server entry create \
+-spiffeID spiffe://example.org/ns/nsm-system/sa/default \
+-parentID spiffe://example.org/ns/spire/sa/spire-agent \
+-selector k8s:ns:nsm-system \
+-selector k8s:sa:default
+```
+
+Apply NSM resources for basic tests:
+```bash
+kubectl apply -k .
+```
+
+## Cleanup
+
+Delete ns:
+```bash
+kubectl delete ns nsm-system
+```

examples/multiforwarder/kustomization.yaml

@@ -0,0 +1,11 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: nsm-system
+
+bases:
+- ../../apps/nsmgr
+- ../../apps/forwarder-vpp
+- ../../apps/forwarder-sriov
+- ../../apps/registry-memory

examples/use-cases/.gitignore

@@ -0,0 +1,3 @@
+**/kustomization.yaml
+**/patch-nsc.yaml
+**/patch-nse.yaml