Skip to content

pinggit/kubernetes-contrail-day-one

Repository files navigation

Contrail books

Day One: Building Containers Using Kubernetes and Contrail

This book details the long list of Juniper Contrail features that can enrich Kubernetes implementatons. Startng with the basic concepts of containers and moving through virtual networks and Contrail architecture, the authors review the basic foundaton and key components of Kubernetes, including several diferent Kubernetes features without Contrail integraton. But the core of the book is devoted to detailed labs and use cases of Contrail and Kubernetes together. Contrail can build and manage virtual networks that integrate containers, VMs, and bare metal servers of all types, so the authors focus on how to integrate a popular pair: Kubernetes and Contrail.

This book is available here:

Currently the book is also listed in:

page.junipermain
  • the JNCIE-cloud certification page, as one of the "Additional Resources":

page.jnciecloud

Key Juniper Contrail Resources

The Juniper TechLibrary has been supporting Contrail with its excellent documentation for years. The Contrail selection is thorough, and it’s kept up-to-date with the latest technologies and GUI changes. This book is no substitution for that body of information. The authors assume that you have some familiarity with Juniper Contrail documentation: https://www.juniper.net/documentation/product/en_US/contrail-networking/5.0

The authors keep a GitHub website at https://github.com/pinggit/kubernetes-contrail-day-one , where you can find the book’s content, all the YAML file source code used for the examples, figures, etc. Add com- ments, suggestions or questions regarding the book, too.”

book content

topics

  • Container technology and different Kubernetes features using YAML.

  • Kubernetes integration with Contrail.

  • Kubernetes network policy and Contrail firewall security.

  • Configuring isolated Kubernetes Namespaces using Contrail.

  • Configuring Floating IP in Contrail to provide container’s outside connectivity.

  • Configuring load balancer and cluster IP services in Kubernetes using Contrail.

  • Configuring different types of Kubernetes ingress using Contrail.

  • Configuring and building multi-interfaces/multi-network containers using Contrail.

  • Deploying Contrail service chaining using the Juniper cSRX in Kubernetes.

chapters

This book details the long list of Juniper Contrail features that can enrich Kubernetes implementations. It starts with the basics and builds from there to cover more complex setups. It’s structured as follows:

  • Chapter 1: Provides a basic understanding of containers, virtual networks, and Contrail architecture.

  • Chapter 2: Lays down the basic foundation and key components of Kubernetes.

  • Chapter 3: Explains different Kubernetes features using labs and without any Contrail integration.

  • Chapters 4 through 10: These chapters are the core of the book. They begin by explaining Contrail inte- gration with Kubernetes, then continue on to cover a number of detailed labs and use cases using Con- trail/Kubernetes.

detail TOC

Here is the structure of book content:

|Chapter 1: Foundation Principles
. |Containers Overview
. . |Understanding Containers
. . |Juniper VSRX vs CSRX
. . |Understanding Docker
. |Contrail overview
. . |Contrail Architecture Fundamentals
. . |Contrail VRouter
|Chapter 2: Kubernetes Basics
. |What is kubernetes
. |Kubernetes Architecture and Components
. . |Kubernetes Master
. . |Kubernetes Node
. . |Kubernetes Work Flow
. . |Kubernetes Objects
. |Kubernetes Pod
. . |YAML file
. . |Pause Container
. . |Intra Pod Communication
. |Kubectl Tool
|Chapter 3: Kubernetes in Practice
. |Labels
. |Namespace
. . |what is Namespace
. . |Create NS
. . |Quota
. |Replication Controller
. . |Create RC
. . |Evaluate RC
. |ReplicaSet
. |Deployment
. . |Create Deployment
. . |Deployment Work Flow
. . |Rolling Update
. . . |evalaute rolling update
. . . |how it works
. . . |record
. . . |pause/resume/undo
. |Secret
. . |Opaque Secret
. . . |define opaque secret
. . . |refer opaque secret
. . |DockerConfigJson secret
. . . |docker credential data
. . . |docker credential file (`~/.docker/config.json`)
. . . |yaml file
. . . |refer `dockerconfigjson` secret in pod: `imagePullSecrets`
. . |Secret Benefits
. |Service
. . |ClusterIP Service
. . . |create clusterIP service
. . . |verify cluserIP service
. . . |specify a clusterIP
. . |NodePort Service
. . |Loadbalancer Service
. . . |`externalIPs`
. . |Kube-Proxy
. |Endpoints
. |Ingress
. . |Ingress vs Service
. . |Ingress Object
. . |Ingress Controller
. . |Ingress Examples
. . . |single service ingress
. . . |simple fanout ingress
. . . |virtual host ingress
. . |Multiple Ingress Controllers
. |contrail Network Policy (ch3)
. . |network policy introduction
. . |network policy definition
. . . |selecting target pods
. . . |policy types
. . . |policy rules
. . . . |network policy rules
. . . . |`AND` vs `OR`
. . . . |protocol and ports
. . . . |line by line explanation
. . |create network policy
. |Liveness Probe and Readiness Probe
. . |Liveness Probe
. . |Readiness Probe
. . |Probe Parameters
. |Annotation
|Chapter 4: Kubernetes and Contrail Integration
. |Contrail-Kubernetes Architecture
. . |Why Contrail with Kubernetes ?
. . |Contrail-Kube-Manager
. . |Kubernetes to Contrail Object Mapping
. |Contrail Lab environment
. . |Contrail Setup
. . |Contrail Command
. |Contrail Namespaces and Isolation
. . |Non-Isolated NS
. . |Isolated NS
. . |Pods Communication across NS
. |Contrail Floating IP
. . |Overlay Internet Access
. . |Floating IP and FIP Pool
. . . |Create FIP Pool
. . . |FIP Pool Scope
. . . . |Object FIP Pool
. . . . |NS FIP Pool
. . . . |Global FIP pool
. . |FIP for Pods
. . |Advertising FIP
. . |summarization
|chapter 5: Contrail Services
. |Kubernetes Service
. |Contrail Service
. . |Contrail Openstack Loadbalancer
. . |Contrail Sevice Loadbalancer
. . |Contrail Loadbalancer Objects
. . . |Loadbalancer
. . . |Listener
. . . |Pool and Member
. |Contrail ClusterIP Service
. . |ClusterIP as FIP
. . |ECMP Routing Table
. . . |Control Node Perspective
. . . |Compute Node Perspective
. . |ClusterIP Service Workflow
. . |Multiple Port Service
. . |Contrail Flow Table
. |Contrail Loadbalancer Service
. . |External IP as FIP
. . |Gateway Router VRF Table
. . |Loadbalancer Service Workflow
. . . |Verify `Loadbalancer` Service
. . . |Loadbalancer Service ECMP
. . . |Verify `Loadbalancer` Service ECMP
|chapter 6: Contrail Ingress
. |Contrail Ingress Loadbalancer
. |Contrail Ingress Workflow
. |Contrail Ingress Traffic Flow
. |Single Service Ingress
. . |`Ingress` Objects Definition
. . . |`Ingress` Definition
. . . |Backend `service` Definition
. . . |Backend `pod` Definition
. . . |An "all in one" Yaml File
. . . |Deploy the Single Service Ingress
. . |`Ingress` Post Examination
. . . |Ingress Object
. . . |Service Objects
. . . |Backend and Client Pod
. . . |Haproxy Processes
. . . |Ingress Loadbalancer Objects
. . . |`haproxy.conf` File
. . . |Gateway Router VRF Table
. . . |`Ingress` Verification: Internal
. . . |`Ingress` Verification: External (Internet host)
. |Simple Fanout Ingress
. . |`Ingress` Objects Definition
. . . |`ingress` Definition
. . . |backend `service` definition
. . . |backend `pod` definition
. . . |deploy `simple fanout Ingress`
. . |`Ingress` post examination
. . . |ingress objects and ingress loadbalancer
. . . |haproxy process and haproxy.cfg file
. . |`Ingress` verification: from internal
. . |`Ingress` verification: from external (Internet host)
. |Virtual Hosting Ingress
. . |`Ingress` objects definition
. . . |`ingress` definition
. . . |an "all in one" yaml file
. . |`Ingress` post examination
. . . |examine ingress objects
. . . |exploring Ingress loadbalancer objects
. . . |examine `haproxy.conf` file
. . |`Ingress` verification: from internal
. . |`Ingress` verification: from external (Internet host)
. |Service vs Ingress Traffic Flow
|chapter 7: Packet Flow in Contrail: End to End View
. |Setup and Utils/Tools
. |Packet Flow Analysis
. . |Internet Host: Analyze HTTP Request
. . |Internet Host to Gateway Router
. . |Gateway router to Ingress Public FIP: MPLS over GRE
. . |Ingress Public FIP to Ingress Pod IP: FIP(NAT)
. . |Ingress Pod IP to Service IP: MPLS over UDP
. . |Service IP to Backend Pod IP: FIP(NAT)
. . |Backend Pod: Analyze HTTP Request
. . |Return Traffic
|chapter 8: Contrail Network Policy
. |introducing Contrail Firewall
. |contrail kubernetes Network Policy usage case
. . |network design
. . |lab preparation
. . |traffic mode before kubernetes network policy creation
. . |create kubernetes network policy
. . |post kubernetes network policy creation
. . . |ingress policy on `webserver-dev`
. . . |egress policy on `webserver-dev` pod
. . . |network policy on `dbserver-dev` pod
. . . |egress policy on `dbserver-dev`
. . . |the drop action in flow table
. |contrail implementation details
. . |construct mappings
. . |Application Policy Set (APS)
. . |policies
. . . |contrail firewall policy naming convention
. . . |the `k8s-allowall` and `k8s-denyall` firewall policy
. . . |sequence number
. . |firewall policy rules
. . . |rules in `k8s-dev-policy1` firewall policy
. . . |rules in `k8s-denyall` firewall policy
. . . |rules in `k8s-allowall` firewall policy
. . |sequence number
. . . |sequence number in firewall policies
. . . |sequence number in firewall policy rules
. . |tag
. . |UI visualization
|chapter 9: Contrail Multiple Interface Pod
. |Contrail as a CNI
. |NetworkAttachmentDefinition CRD
. |Multiple Interface Pod
|chapter 10: Contrail Service Chaining with CSRX
. |Contrail Service Chaining Introduction
. |Bringing Up Client and CSRX Pods
. . |Create VNs
. . |Create Client Pods
. . |Create CSRX Pod
. . |Verify podIP
. . |Ping Test
. . |Troubleshooting Ping Issue
. |Service Chaining
. . |Create Service Chaining
. . |Verify Service Chaining
. . |Security Policy
|appendix
. |contrail kubernetes setup installation
. . |HW/SW prerequisites
. . |3 nodes cluster only setup
. . . |topology
. . . |yaml template
. . |deploy setup based on yaml file
. . |verification

Contrail Command

Contrail Command(CC) is the new user interface (UI) starting with Contrail 5.0.1. Throughout this book we use both the new CC and the old UI to demonstrate the lab studies. The publication date for this book is November 2019, so depending on when you are reading it, keep in mind that CC will soon be the only UI; the legacy one is slated to be discontinued at some time. Detailed information about CC is available from the Juniper documentation website, so we don’t elaborate on it here. To access CC use this URL in your web browser: https://Contrail-Command-Server-IP-Address:9091. The CC server can be the same as, or different from, the Kubernetes master server or the Contrail Controller node. In this book, we’ve installed them in same server. The functions and settings in CC are grouped in a main menu. This makes a great entry point where you can navigate through different Contrail functions. To get the CC main menu, click on the group name right next to the Contrail Command logo on the upper left corner of the UI.

60282872 ed684380 98d5 11e9 92f7 e1df07c5fecf
Figure 1. Contrail Command Main Menu

Remember, our focus is not on CC but on giving you some basic insights into CC, which will be helpful to you as you build containers using Kubernetes.

issues/suggestions/contributions

This book is free and is maintained as a "open source" project! you can find all text, diagrams, source code it refers in this GitHub repository:

  • README.adoc : this file

  • kubernetes-contrail-v1.pdf : version v1, this is the PFD available in all official channels. the TOC (Table of Content) has problems

  • kubernetes-contrail-v1.1pdf : version v1.1, with corrections on TOC

  • kubernetes-contrail-v1.mobi : for kindle

  • kubernetes-contrail.pdf : original draft (before editor’s editing), with original TOC

  • kubernetes-contrail.html : original draft in html format, with a TOC panel on the right side, making it the same looking and feeling as the PDF, but much smaller.

  • kubernetes-contrail.mobi : original draft in kindle format

  • kubernetes-contrail.adoc : "source code" of the original "draft" of the whole book, the format in which we’ve writen/maintained.

  • diagrams : all diagrams (except screenshots)

If you discover errors or omissions in the source code(yaml file, command line output, etc), documentation, or anything else, please don’t hesitate to submit an issue.

If you want to help by improving upon it, you can also fork the project, revise the content, then send a pull request. When the pull request is merged, the content will be updated automatically.

2019 by Juniper Networks, Inc. All rights reserved. Juniper Networks and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. The Juniper Networks Logo and the Junos logo, are trademarks of Juniper Networks, Inc. All other trademarks, service marks, registered trademarks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. Published by Juniper Networks Books

Authors

  • Author: Ping Song, Ayman Aborabh,Yuvaraja Mariappan

  • Editor in Chief: Patrick Ames

  • Copyeditor: Nancy Koerbel

  • Technical Reviewers: Yuvaraja Mariappan, Vincent Zhang

  • ISBN: 978-1-941441-96-1

  • Version History: v1, November. 2019

known issues

diff between pdf version and adoc/html version

This book was originally written in adoc format, which is github version control friendly. with this format it went through many changes via git commit/PR flow during the writing process. However, some final modifications (mostly minor though) between authors and reviewer/editors are through an "offline" process (in MS-word and adobe-PDF format), and hence have not get cought by the adoc source and github yet. In another word, those last changes are in PDF format only (at of now) and has not been merged into adoc/html format yet.

PDF book TOC problem

the TOC of original book PDF (Containers_Kubernetes_Contrail.pdf) has some problem.

for example chapter 6 cuently shows:

|chapter 6: Contrail Ingress
. |Contrail Ingress Workflow
. |Contrail Ingress Traffic Flow

but it should look like:

|chapter 6: Contrail Ingress
. |Contrail Ingress Loadbalancer
. |Contrail Ingress Workflow
. |Contrail Ingress Traffic Flow
. |Single Service Ingress
. . |`Ingress` Objects Definition
. . . |`Ingress` Definition
. . . |Backend `service` Definition
. . . |Backend `pod` Definition
. . . |An "all in one" Yaml File
. . . |Deploy the Single Service Ingress
. . |`Ingress` Post Examination
. . . |Ingress Object
. . . |Service Objects
. . . |Backend and Client Pod
. . . |Haproxy Processes
. . . |Ingress Loadbalancer Objects
. . . |`haproxy.conf` File
. . . |Gateway Router VRF Table
. . . |`Ingress` Verification: Internal
. . . |`Ingress` Verification: External (Internet host)
. |Simple Fanout Ingress
. . |`Ingress` Objects Definition
. . . |`ingress` Definition
. . . |backend `service` definition
. . . |backend `pod` definition
. . . |deploy `simple fanout Ingress`
. . |`Ingress` post examination
. . . |ingress objects and ingress loadbalancer
. . . |haproxy process and haproxy.cfg file
. . |`Ingress` verification: from internal
. . |`Ingress` verification: from external (Internet host)
. |Virtual Hosting Ingress
. . |`Ingress` objects definition
. . . |`ingress` definition
. . . |an "all in one" yaml file
. . |`Ingress` post examination
. . . |examine ingress objects
. . . |exploring Ingress loadbalancer objects
. . . |examine `haproxy.conf` file
. . |`Ingress` verification: from internal
. . |`Ingress` verification: from external (Internet host)
. |Service vs Ingress Traffic Flow

I may find some time to fix it and post a new one. before that, if this is a problem for you, read these files:

  • pdf kubernetes-contrail-v1.1.pdf (some corrections to PDF bookmarks only)

  • adoc kubernetes-contrail.adoc

  • html kubernetes-contrail.html

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Packages

No packages published

Languages