Edgemesh test env config guide

install Containerd

  • please refer to the following link to install

install CNI plugin

  • get cni plugin and these five version are sopported (0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0)
  • and then use ‘tar -zxvf’ to extract to /opt/cni/bin
  • configure cni plugin
  1. $ mkdir -p /etc/cni/net.d/
  • please Make sure docker0 does not exist !!
  • field “bridge” must be “docker0”
  • field “isGateway” must be true
  1. $ cat >/etc/cni/net.d/10-mynet.conf <<EOF
  2. {
  3.     "cniVersion": "0.2.0",
  4.     "name": "mynet",
  5.     "type": "bridge",
  6.     "bridge": "docker0",
  7.     "isGateway": true,
  8.     "ipMasq": true,
  9.     "ipam": {
  10.         "type": "host-local",
  11.         "subnet": "10.22.0.0/16",
  12.         "routes": [
  13.             { "dst": "0.0.0.0/0" }
  14.         ]
  15.     }
  16. }
  17. EOF

Configure port mapping manually on node on which server is running

can see the examples in the next section.
  • step1. execute iptables command as follows
  1. $ iptables -t nat -N PORT-MAP
  2. $ iptables -t nat -A PORT-MAP -i docker0 -j RETURN
  3. $ iptables -t nat -A PREROUTING -p tcp -m addrtype --dst-type LOCAL -j PORT-MAP
  4. $ iptables -t nat -A OUTPUT ! -d 127.0.0.0/8 -p tcp -m addrtype --dst-type LOCAL -j PORT-MAP
  5. $ iptables -P FORWARD ACCEPT
  • step2. execute iptables command as follows
  • portIN is the service map at the host
  • containerIP is the IP in the container. Can be find out on master by kubectl get pod -o wide
  • portOUT is the port that monitored In-container
  1. $ iptables -t nat -A PORT-MAP ! -i docker0 -p tcp -m tcp --dport portIN -j DNAT --to-destination containerIP:portOUT
  • by the way, If you redeployed the service,you can use the command as follows to delete the rule, and perform the second step again.
  1.  $ iptables -t nat -D PORT-MAP 2

Example for Edgemesh test env

../_images/edgemesh-test-env-example.pngedgemesh test env example

Edgemesh end to end test guide

model

../_images/model.jpgmodel

  • a headless service(a service with selector but ClusterIP is None)
  • one or more pods’ labels match the headless service’s selector
  • so when request a server: <service_name>.<service_namespace>.svc.<cluster>:
    • get the service’s name and namespace from domain name
    • query the backend pods from metaManager by service’s namespace and name
    • load balance return the real backend container’s hostIP and hostPort

flow from client to server

../_images/endtoend-test-flow.jpgflow

  • client request to server’s domain name
  • DNS request hijacked to edgemesh by iptables, return a fake ip
  • request hijacked to edgemesh by iptables
  • edgemesh resolve request, get domain name, protocol, request and so on
  • edgemesh load balance:
    • get the service name and namespace from the domain name
    • query backend pod of the service from metaManager
    • choose a backend based on strategy
  • edgemesh transport request to server wait server response and then response to client

how to test end to end

  • create a headless service(no need specify port):
  1. apiVersion: v1
  2. kind: Service
  3. metadata:
  4.   name: test-headless
  5.   namespace: default
  6. spec:
  7.   clusterIP: None
  8.   selector:
  9.     app: whatapp
  • create server deployment:
  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: test-deployment
  5.   labels:
  6.     app: whatapp
  7. spec:
  8.   replicas: 1
  9.   selector:
  10.     matchLabels:
  11.       app: whatapp
  12.   template:
  13.     metadata:
  14.       labels:
  15.         app: whatapp
  16.     spec:
  17.       nodeSelector:
  18.         name: ${label of the node server run}
  19.       containers:
  20.       - name: whatapp
  21.         image: docker.io/cloudnativelabs/whats-my-ip:latest
  22.         ports:
  23.         - containerPort: 8080
  24.           hostPort: 8080
  25.       initContainers:
  26.       - args: 
  27.         - -p
  28.         - "8080"
  29.         - -i
  30.         - "192.168.1.2/24,156.43.2.1/26"
  31.         - -t
  32.         - "12345,5432,8080"
  33.         - -c
  34.         - "9292"
  35.         name: init1
  36.         image: docker.io/ytsobd/edgemesh_init:v1.0
  37.         securityContext:
  38.           privileged: true
  • create client deployment:
  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   name: client-deployment
  5.   labels:
  6.     app: whatapp
  7. spec:
  8.   replicas: 1
  9.   selector:
  10.     matchLabels:
  11.       app: client
  12.   template:
  13.     metadata:
  14.       labels:
  15.         app: client
  16.     spec:
  17.       nodeSelector:
  18.         name: ${label of the node server run}
  19.       containers:
  20.       - name: whatapp
  21.         image: docker.io/cloudnativelabs/whats-my-ip:latest
  22.       initContainers:
  23.       - args: 
  24.         - -p
  25.         - "8080"
  26.         - -i
  27.         - "192.168.1.2/24,156.43.2.1/26"
  28.         - -t
  29.         - "12345,5432,8080"
  30.         - -c
  31.         - "9292"
  32.         name: init1
  33.         image: docker.io/ytsobd/edgemesh_init:v1.0
  34.         securityContext:
  35.           privileged: true

note: -p: whitelist, only port in whitelist can go out from client to edgemesh then to server

  • there is two ways to exec the ‘curl’ command to access your service
  • 1st: use ‘ctr’ command attach in the container and make sure there is ‘curl’ command in the container
  1. $ ctr -n k8s.io t exec --exec-id 123 <containerID> sh
  2.  
  • 2nd: switch the network namespace.(Recommended Use)
  1. # first step get the id,this command will return a id start with 'cni-xx'. and make sure the 'xx' is related to the pod which you can get from 'kubectl describe <podName>' 
  2. $ ip netns
  3. # and the use this id to switch the net namespace. And the you can exec curl to access the service
  4. $ ip netns exec <id> bash