Page History

...

Multus CNI is a container network interface (CNI) plugin for Kubernetes that enables attaching multiple network interfaces to pods. This is accomplished by Multus acting as a "meta-plugin", a CNI plugin that can call multiple other CNI plugins.
A 'NetworkAttachmentDefinition' is used to set up the network attachment, i.e. secondary interface for the pod.
A pod is created with requesting specific network annotations with bridge CNI to create multiple interfaces. When the pod is up and running, we can attach to it to check the network interfaces on it by running ip a command

...

OVN4NFV Nodus provide Provider networks using VLAN networking and Service Function Chaining.
After the pod is up and running we will be able to attach to the pod and check for multiple interfaces created inside the container.
OVN4NFV Nodus networking is setup and created along the EMCO composite vFW testing

Node Feature Discovery for Kubernetes detects hardware features available on each node in a Kubernetes cluster and advertises those features using node labels.
Create a pod with specific label information in the case the pods are scheduled only on nodes whose major kernel version is 3 and above. Since the NFD master and worker daemonset is already running, the master has all the label information about the nodes which is collected by the worker.
If the OS version matches, the Pod will be scheduled and up. Otherwise, the Pod will be in a pending state in case there are no nodes with matching labels that are requested by the Pod

...

The SRIOV network device plugin is Kubernetes device plugin for discovering and advertising SRIOV network virtual functions (VFs) in a Kubernetes host.
We first determine which hosts are SRIOV capable and install the drivers on them and run the DaemonSet and register Network Attachment Definition
On an SRIOV capable hosts, we can get the resources for the node before we run the pod. When we run the test case, there is a request for a VF from the pod, therefore the number of resources for the node is increased.

KUD identify if there are QAT devices in the host and decide whether to deploy QAT device plugin into Kubernetes cluster.
The QAT device plugin discovers and advertises QAT virtual functions (VFs) to Kubernetes cluster.
KUD assign 1 QAT VF to the Kernel workloads. After the assignment finished, the allocated resources in node description will increase.

CPU Manager for Kubernetes provides CPU pinning for K8s workloads. In KUD, there are two test cases for the exclusive and shared CPU pools testing.

Use KUd KUD to setup 3 clusters (sdewan-hub, edge-a, edge-b)
Run the SDEWAN CRD Controller in each clusters.
Create SDEWAN CNF instance and dummy pod (using httpbin instead) in edge-a, SDEWAN CNF instance and httpbin pod in edge-b
Create IPSec CR to configure sdewan-hub as responder to provide virtual IP addresses to any authenticated party requesting for IP addresses through SDEWAN CRD Controller.
Create IPSec CR to configure edge-a and edge-b IPSec configuration to get the IP addresses through SDEWAN CRD Controller.
Establish edge-a tunnel to sdewan-hub, edge-b tunnel to sdewan-hub, and hub XFRM policies will automatically route traffic between edge-a and edge-b
Create SNAT CR to establish SNAT rule in edge-a and DNAT CR to establish DNAT rule in edge-b which will enable TCP connection from edge-a to edge-b's httpbin service.
Verify curl command is successful from edge-a dummy pod (using httpbin instead) to edge-b's httpbin service. The function of the curl command is to return back the ip address of the requester.

...

Layer	Result	Comments	Nexus
os/lynis	PASS with exceptions	Exceptions: USB-2000 SSH-7408: Checking MaxSessions, Checking Port KRNL-6000: net.ipv4.conf.all.forwarding	Logs
os/vuls	PASS with exceptions	Exceptions: CVE-2016-1585 CVE-2017-18342 CVE-2017-8283 CVE-2018-20839 CVE-2019-17041 CVE-2019-17042 CVE-2019-19814	Logs
k8s/conformance	PASS with exceptions	Exceptions: Sonobuoy v0.16.1 does not support Kubernetes v1.18.9	Logs
k8s/kube-hunter	PASS	With aquasec/kube-hunter:edge image	Logs