add working example of linkerd

Signed-off-by: Nikita Skrynnik <[email protected]>

examples/interdomain/README.md

@@ -21,5 +21,6 @@ This setup is basic for interdomain examples on two clusters. This setup can be
 - [NSM vl3 + Consul](./nsm_consul_vl3)
 - [NSM + Istio](./nsm_istio)
 - [NSM vl3 + Kuma universal](nsm_kuma_universal_vl3)
+- [NSM + Linkerd](./nsm_linkerd)
 
 

examples/interdomain/dns/configmap.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+            lameduck 5s
+        }
+        ready
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
+            pods insecure
+            fallthrough in-addr.arpa ip6.arpa
+            ttl 30
+        }
+        k8s_external my.cluster2
+        prometheus :9153
+        forward . /etc/resolv.conf {
+            max_concurrent 1000
+        }
+        loop
+        reload 5s
+    }
+    my.cluster1:53 {
+      forward . 172.18.1.128:53 {
+        force_tcp
+      }
+    }

examples/interdomain/dns/custom-configmap.yaml

@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  server.override: |
+    k8s_external my.cluster1
+  proxy1.server: |
+    my.cluster1:53 {
+      forward . 172.18.1.128:53 {
+        force_tcp
+      }
+    }

examples/interdomain/loadbalancer/metallb-config.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: metallb-system
+  name: config
+data:
+  config: |
+    address-pools:
+    - name: default
+      protocol: layer2
+      addresses:
+      - 172.18.2.128/25

examples/interdomain/nsm_consul_vl3/consul.hcl

@@ -0,0 +1,23 @@
+data_dir = "/opt/consul"
+datacenter = "dc1"
+encrypt = "6c6dc12Zy1MD+q96zL5dmYopEyynzIt0Cy4sFrfJwx0="
+tls {
+  defaults {
+    ca_file = "consul-agent-ca.pem"
+    cert_file = "dc1-server-consul-0.pem"
+    key_file = "dc1-server-consul-0-key.pem"
+    verify_incoming = true
+    verify_outgoing = true
+  }
+  internal_rpc {
+    verify_server_hostname = true
+  }
+}
+auto_encrypt {
+  allow_tls = true
+}
+acl {
+  enabled = true
+  default_policy = "allow"
+  enable_token_persistence = true
+}

examples/interdomain/nsm_consul_vl3/server.hcl

@@ -0,0 +1,13 @@
+server = true
+bootstrap_expect = 1
+bind_addr = "169.254.0.3"
+connect {
+  enabled = true
+}
+
+addresses {
+  grpc = "127.0.0.1"
+}
+ports {
+  grpc  = 8502
+}

examples/interdomain/nsm_linkerd/.gitignore

@@ -0,0 +1,2 @@
+!**/kustomization.yaml
+!**/patch-*.yaml

examples/interdomain/nsm_linkerd/README.md

@@ -0,0 +1,78 @@
+## Requires
+
+- [Load balancer](../loadbalancer)
+- [Interdomain DNS](../dns)
+- [Interdomain spire](../spire)
+- [Interdomain nsm](../nsm)
+
+
+## Run
+
+Install Istio for second cluster:
+```bash
+curl --proto '=https' --tlsv1.2 -sSfL https://run.linkerd.io/install | sh -
+export PATH=$PATH:$HOME/.linkerd2/bin
+
+export KUBECONFIG=$KUBECONFIG2
+linkerd check --pre
+linkerd install --crds | kubectl apply -f -
+linkerd install | kubectl apply -f -
+linkerd check
+```
+
+Install networkservice for the second cluster:
+```bash
+kubectl create ns ns-nsm-linkerd
+kubectl --kubeconfig=$KUBECONFIG2 apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/4f16417ecc19fce0843902abfc2d021836726521/examples/interdomain/nsm_linkerd/networkservice.yaml
+```
+
+Start `alpine` with networkservicemesh client on the first cluster:
+
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/4f16417ecc19fce0843902abfc2d021836726521/examples/interdomain/nsm_linkerd/greeting/client.yaml
+```
+
+Start `auto-scale` networkservicemesh endpoint:
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 apply -k https://github.com/networkservicemesh/deployments-k8s/examples/interdomain/nsm_linkerd/nse-auto-scale?ref=4f16417ecc19fce0843902abfc2d021836726521
+```
+
+Install http-server for the second cluster:
+```bash
+kubectl --kubeconfig=$KUBECONFIG2 apply -f https://raw.githubusercontent.com/networkservicemesh/deployments-k8s/4f16417ecc19fce0843902abfc2d021836726521/examples/interdomain/nsm_linkerd/greeting/server.yaml
+kubectl get deploy greeting -o yaml | linkerd inject - | kubectl apply -f -
+```
+
+Wait for the `alpine` client to be ready:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 wait --timeout=2m --for=condition=ready pod -l app=alpine
+```
+
+Set route for DNS on nsc:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 exec deploy/alpine -c alpine -- ip ro add 10.96.0.10 via 10.244.1.1
+```
+
+Get curl for nsc:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 exec deploy/alpine -c cmd-nsc -- apk add curl
+```
+
+Verify connectivity:
+```bash
+kubectl --kubeconfig=$KUBECONFIG1 exec deploy/alpine -c cmd-nsc -- curl -s greeting.default:9080 | grep -o "hello world from linkerd"
+```
+**Expected output** is "hello world from linkerd"
+
+Congratulations! 
+You have made a interdomain connection between two clusters via NSM + Linkerd!
+
+## Cleanup
+
+```bash
+export KUBECONFIG=$KUBECONFIG2
+kubectl delete deployment greeting
+kubectl delete ns ns-nsm-linkerd
+linkerd uninstall | kubectl delete -f -
+kubectl --kubeconfig=$KUBECONFIG1 delete deployment alpine
+```

examples/interdomain/nsm_linkerd/greeting/client.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: alpine
+  labels:
+    app: alpine
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: alpine
+  template:
+    metadata:
+      labels:
+        app: alpine
+      annotations:
+        networkservicemesh.io: kernel://[email protected]/nsm-1?app=greeting
+    spec:
+      containers:
+        - name: alpine
+          image: alpine:3.15.0
+          imagePullPolicy: IfNotPresent
+          stdin: true
+          tty: true
+          securityContext:
+            privileged: true

examples/interdomain/nsm_linkerd/greeting/server.yaml

@@ -0,0 +1,51 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: greeting
+  labels:
+    app: greeting
+    service: greeting
+spec:
+  ports:
+  - port: 9080
+    name: http
+  selector:
+    app: greeting
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: greeting-sa
+  labels:
+    account: greeting
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: greeting
+  labels:
+    app: greeting
+  annotations:
+    linkerd.io/inject: enabled
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: greeting
+  template:
+    metadata:
+      labels:
+        app: greeting
+    spec:
+      serviceAccountName: greeting-sa
+      containers:
+      - name: server
+        image: hashicorp/http-echo:alpine
+        args:
+          - -text="hello world from linkerd"
+          - -listen=:9080
+        ports:
+          - containerPort: 9080
+            name: http
+---

examples/interdomain/nsm_linkerd/networkservice.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: networkservicemesh.io/v1
+kind: NetworkService
+metadata:
+  name: nsm-linkerd
+  namespace: nsm-system
+spec:
+  payload: IP
+  matches:
+    - source_selector:
+      fallthrough: true
+      routes:
+        - destination_selector:
+            podName: "{{ .podName }}"
+    - source_selector:
+      routes:
+        - destination_selector:
+            any: "true"

examples/interdomain/nsm_linkerd/nse-auto-scale/iptables-map.yaml

@@ -0,0 +1,2 @@
+---
+- -t nat -I PREROUTING 1 -p tcp -i {{ .NsmInterfaceName }} -j DNAT --to-destination 127.0.0.1:4140

examples/interdomain/nsm_linkerd/nse-auto-scale/kustomization.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: ns-nsm-linkerd
+bases:
+- https://github.com/networkservicemesh/deployments-k8s/apps/nse-supplier-k8s?ref=4f16417ecc19fce0843902abfc2d021836726521
+
+patchesStrategicMerge:
+- patch-supplier.yaml
+
+configMapGenerator:
+  - name: supplier-pod-template-configmap
+    files:
+      - pod-template.yaml
+  - name: iptables-map
+    files:
+      - iptables-map.yaml
+
+generatorOptions:
+  disableNameSuffixHash: true

examples/interdomain/nsm_linkerd/nse-auto-scale/patch-supplier.yaml

@@ -0,0 +1,29 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nse-supplier-k8s
+spec:
+  template:
+    spec:
+      containers:
+        - name: nse-supplier
+          env:
+            - name: NSM_SERVICE_NAME
+              value: nsm-linkerd
+            - name: NSM_LABELS
+              value: any:true
+            - name: NSM_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: NSM_POD_DESCRIPTION_FILE
+              value: /run/supplier/pod-template.yaml
+          volumeMounts:
+            - name: pod-file
+              mountPath: /run/supplier
+              readOnly: true
+      volumes:
+        - name: pod-file
+          configMap:
+            name: supplier-pod-template-configmap