You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This is a brief instruction on how to deploy pm-mapper in docker env and how to configure filters in pm-mapper

Prerequisite

  • Docker
  • make
  • bash
  • linux(ubuntu 18+)

Installation

copy pm-mapper repo from onap gerrit

clone pm-mapper repo
git clone "https://gerrit.onap.org/r/dcaegen2/services/pm-mapper"

go to sub-directory:

cd tools/development
cd tools/development

install dmapp-dr, cbs, consul, files-publisher and dmaap-mr:

install cilium
make setup-local

install pm-mapper:

install cilium
make run-pm-mapper

After successful installation, we should see the docker containers:

Config dmaap

config dmaap-dr to create a feed for pm-mapper to subscribe:

config dmaap
make config-dmaap

Subscribe to dmaap-dr feed

config dmaap to create a feed for pm-mapper to subscribe:

subscribe
make subscribe-pm-mapper

List files in container files-publisher

files-publisher is a micro-servive designed for test/demo purpose, it has some prepared files to publish to dmaap-dr:

list prepared files
make list-files

In real onap instance, files-publisher is replaced by Data-File-Collector.

Publish file to dmapp-dr

in the same sub-directory, there are two scripts to do this:

send-meas-collec.sh & send-meas-data.sh

we can pick one files from above list, eg:

subscribe
./send-meas-collec.sh A20181002.0000-1000-0015-1000_5G.xml.gz

Configure filters


Clean env

clean env

clean env
make clean-env



Now we have network plugin enabled in k8s cluster, we can then apply network policy to NONRTRIC.

Deploy NONRTRIC

deploy nonrtric
kubectl apply -f https://raw.githubusercontent.com/yanhuanwang/k8s/master/statefulset/nosdnc.yml

after deployment, you should be able to see nonrtric services/pods are up and running:

pay attention to the labels above, in this demo we will use labels to define the network-policy rules.

Apply network-policy

$ cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: nonrtric
spec:
  podSelector:
    matchLabels:
      app: a1-sim
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: policy-agent-container
  - from:
    - podSelector:
        matchLabels:
          app: a1-sim
EOF

The example policy above applies a rule on endpoint with lable "a1-sim", it only allows traffic coming from pod with labels "policy-agent-container" and "a1-sim".

Feel free to change the labels and apply it.

After successfully applying above policy, we login to pod "policy-agent-container-xxxxxx", command:

kubectl -n nonrtric exec -it policy-agent-container-78d6b988c9-jnw42 -- sh

curl a1-interface-osc-0.a1-sim

We should be able to see:

If we update labels in the above policy, for exemple:

$ cat <<EOF | kubectl apply -f -
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: nonrtric
spec:
  podSelector:
    matchLabels:
      app: a1-sim
  policyTypes:
  - Ingress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          app: policy-xxxx-container
  - from:
    - podSelector:
        matchLabels:
          app: a1-sim
EOF

After applying this changed policy, we cannot access "a1-sim" endpoints from "policy-agent-container" anymore because the labels do not match.

curl/ping command can no longer reach "a1-sim".

  • No labels