Skip to content

Latest commit

 

History

History
 
 

spire-upgrade

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
client.yaml
client.yaml
 
 
kustomization.yaml
kustomization.yaml
 
 
netsvc.yaml
netsvc.yaml
 
 
patch-nse.yaml
patch-nse.yaml
 
 

README.md

SPIRE upgrade

This example shows that NSM keeps working after the SPIRE deployment removed and re-installed.

NSC and NSE are using the kernel mechanism to connect to its local forwarder. Forwarders are using the vxlan mechanism to connect with each other.

Requires

Make sure that you have completed steps from basic or memory setup.

Run

Create test namespace:

kubectl create ns ns-spire-upgrade

Deploy NSC and NSE:

kubectl apply -k https://github.com/networkservicemesh/deployments-k8s/examples/heal/spire-upgrade?ref=aad7c26ad32fb4c3b515179bbe85d59c811c52f1

Wait for applications ready:

kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-kernel -n ns-spire-upgrade
kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-kernel -n ns-spire-upgrade

Ping from NSC to NSE:

kubectl exec pods/alpine -n ns-spire-upgrade -- ping -c 4 172.16.1.100

Ping from NSE to NSC:

kubectl exec deployments/nse-kernel -n ns-spire-upgrade -- ping -c 4 172.16.1.101

Remove SPIRE deployment completely:

kubectl delete crd clusterspiffeids.spire.spiffe.io
kubectl delete crd clusterfederatedtrustdomains.spire.spiffe.io
kubectl delete validatingwebhookconfiguration.admissionregistration.k8s.io/spire-controller-manager-webhook
kubectl delete ns spire

Deploy SPIRE and wait for SPIRE server and agents:

kubectl apply -k https://github.com/networkservicemesh/deployments-k8s/examples/spire/single_cluster?ref=aad7c26ad32fb4c3b515179bbe85d59c811c52f1
kubectl wait --for=condition=ready --timeout=3m pod -l app=spire-server -n spire
kubectl wait --for=condition=ready --timeout=1m pod -l app=spire-agent -n spire

Apply the ClusterSPIFFEID CR for the cluster:

kubectl apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/aad7c26ad32fb4c3b515179bbe85d59c811c52f1/examples/spire/single_cluster/clusterspiffeid-template.yaml
kubectl apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/aad7c26ad32fb4c3b515179bbe85d59c811c52f1/examples/spire/base/clusterspiffeid-webhook-template.yaml

Ping from NSC to NSE:

kubectl exec pods/alpine -n ns-spire-upgrade -- ping -c 4 172.16.1.100

Ping from NSE to NSC:

kubectl exec deployments/nse-kernel -n ns-spire-upgrade -- ping -c 4 172.16.1.101

Cleanup

Delete ns:

kubectl delete ns ns-spire-upgrade