Customize JCNR Helm Chart for EKS Deployment
SUMMARY Read this topic to learn about the deployment configuration available for the Juniper
Cloud-Native Router when deployed on Amazon EKS.
You can deploy and operate Juniper Cloud-Native Router in the L3 mode on Amazon EKS. You
configure the deployment mode by editing the appropriate attributes in the
values.yaml file prior to deployment.
Helm Chart Attributes and Descriptions
Juniper_Cloud_Native_Router_release-number/helmchart/values.yaml
file. The configuration keys of the helm chart are shown in the table below. | Key | Additional Key Configuration | Description |
|---|---|---|
| registry | Defines the docker registry for the vRouter, cRPD and jcnr-cni container images.
The default value is set to:
|
|
| repository | Defines the repository path for the vRouter, cRPD and jcnr-cni container images.
This is a global key and takes precedence over "repository" paths under "common"
section. The default value is:
|
|
| imagePullSecret | Defines the registry authentication credentials. View the Configure Repository Credentials topic for more information. | |
| registryCredentials | Base64 representation of your Docker registry credentials. | |
| secretName | Name of the secret object that will be created. | |
| common | Defines repository paths and tags for the vRouter, cRPD and jcnr-cni container images. Use default. | |
| repository | Defines the repository path. The global repository key takes precedence if
defined. The default value is set to:
|
|
| tag | Defines the image tag. The default value is configured to the appropriate tag number for the JCNR release version. | |
| replicas | (Optional) Indicates the number of cRPD replicas deployed on the worker nodes in a multi-node cluster. If the value is not specified, the default value 1 is considered. The value for this key must be specified for multi-node clusters and must match the number of nodes to which JCNR must be deployed. | |
| storageClass |
Indicates the name of the storage class for cRPD. Must be specified as
|
|
| awsregion | Defines the AWS region for the EKS deployment. | |
| noLocalSwitching | Not applicable for EKS deployments. | |
| fabricInterface |
Provide a list of interfaces to be bound to the DPDK. You can also provide subnets instead of interface names. If both the interface name and the subnet are specified, then the interface name takes precedence over subnet/gateway combination. The subnet/gateway combination is useful when the interface names vary in a multi-node cluster. Note: Use the L3 only section to configure fabric interfaces for Amazon EKS. The L2
only and L2-L3 sections are not applicable for EKS deployments.
For example: # L3 only
- eth1:
ddp: "off"
- eth2:
ddp: "off"
|
|
| subnet | An alternative mode of input for interface names. For example:
- subnet: 10.40.1.0/24 gateway: 10.40.1.1 ddp: "off" With
the |
|
| ddp |
Not applicable for EKS deployments. |
|
| interface_mode | Not applicable for EKS deployments. | |
| vlan-id-list |
Not applicable for EKS deployments. |
|
| storm-control-profile |
Not applicable for EKS deployments. |
|
| native-vlan-id | Not applicable for EKS deployments. | |
| no-local-switching | Not applicable for EKS deployments. | |
| fabricWorkloadInterface | Not applicable for EKS deployments. | |
| log_level | Defines the log severity. Available value options are: DEBUG, INFO, WARN, and ERR. Note:
Leave the log_level set to the default INFO unless instructed to change it by Juniper support. |
|
| log_path |
The defined directory stores various JCNR related descriptive logs such as contrail-vrouter-agent.log, contrail-vrouter-dpdk.log, etc. The default value is /var/log/jcnr/. |
|
| syslog_notifications |
Indicates the absolute path to the file that stores syslog-ng generated notifications in JSON format. The default value is /var/log/jcnr/jcnr_notifications.json. |
|
| corePattern |
Indicates the core pattern to denote how the core file is generated. If this configuration is left blank, then JCNR pods will not overwrite the default pattern. Note:
Set the corePattern value on host before deploying JCNR. You may change the value
in |
|
| coreFilePath | Indicates the path for the core file. If the value is left blank, then vRouter considers /var/crashes as the default value. | |
| nodeAffinity |
(Optional) Defines labels on nodes to determine where to place the vRouter pods. By default the vRouter pods are deployed to all nodes of a cluster. In the example below, the node affinity label is defined as "key1=jcnr". You must apply this label to each node where JCNR must be deployed: nodeAffinity:
- key: key1
operator: In
values:
- jcnr
Note:
This key is a global setting. |
|
| key | Key-value pair that represents a node label that must be matched to apply the node affinity. | |
| operator | Defines the relationship between the node label and the set of values in the matchExpression parameters in the pod specification. This value can be In, NotIn, Exists, DoesNotExist, Lt, or Gt. | |
| cni_bin_dir | (Optional) The default path is /opt/cni/bin. You can override the default cni path with a path used by your distribution e.g. /var/opt/cni/bin. | |
| grpcTelemetryPort |
(Optional) Enter a value for this parameter to override cRPD telemetry gRPC server default port of 50051. |
|
| grpcVrouterPort | (Optional) Enter a value for this parameter to override vRouter gRPC server default port of 50052. | |
| vRouterDeployerPort | (Optional) Default value is 8081. Configure to override if the default port is unavailable. | |
| restoreInterfaces | Recommend to set the value of this key to true to restore the interfaces back to their original state in case the vRouter pod crashes or restarts. | |
| bondInterfaceConfigs | Not applicable for EKS deployments. | |
| mtu | Maximum Transmission Unit (MTU) value for all physical interfaces (VFs and PFs). Default value is 9000. | |
| cpu_core_mask |
Indicates the vRouter forward core mask. If qos is enabled, you will need to allocate 4 CPU cores. Use the cores not used by the host OS in your EC2 instance. |
|
| stormControlProfiles | Not applicable for EKS deployments. | |
|
dpdkCommandAdditionalArgs |
Pass any additional dpdk cmd line parameters. The --yield_option 0 is set by default and it implies the dpdk forwarding cores will not yield the cpu cores it is assigned to. Additional common parameters that can be added are tx and rx descriptors and mempool. For example: dpdkCommandAdditionalArgs: "--yield_option 0 --dpdk_txd_sz 2048 --dpdk_rxd_sz 2048 --vr_mempool_sz 131072" |
|
| ddp | Not applicable for EKS deployments. | |
| qosEnable |
Set to false for EKS deployments. |
|
| vrouter_dpdk_uio_driver | The uio driver is vfio-pci. |
|
|
agentModeType |
Can be dpdk or xdp. Setting agentModeType to dpdk will bringup dpdk datapath. Setting agentModeType to xdp uses ebpf. The default value is dpdk. |
|
|
fabricRpfCheckDisable |
Set this flag to false to enable the RPF check on all the fabric interfaces of the JNCR. By default RPF check is disabled. | |
|
persistConfig |
Set this flag to true if you wish jcnr-cni generated pod configuration to persist even after uninstallation. The option must be set only for L2 mode. The default value is false. |
Note:
For Amazon EKS, you need to additionally update the
dpdkCommandAdditionalArgs key and set tx and
rx descriptors to 256. For example:
dpdkCommandAdditionalArgs: "--yield_option 0 --dpdk_txd_sz 256 --dpdk_rxd_sz 256"
Sample Helm Charts
Sample EKS JCNR helm charts are provided below:
Helm Chart for Amazon EKS Deployment (Subscription via Juniper Support Site)
A working Amazon EKS L3 helm chart sample is shown below. The configured sections are highlighted in bold:
####################################################################
# Common Configuration (global vars) #
####################################################################
global:
registry: enterprise-hub.juniper.net/
# uncomment below if all images are available in the same path; it will
# take precedence over "repository" paths under "common" section below
repository: jcnr/
# uncomment below if you are using a private registry that needs authentication
# registryCredentials - Base64 representation of your Docker registry credentials
# secretName - Name of the Secret object that will be created
#imagePullSecret:
#registryCredentials: <base64-encoded-credential>
#secretName: regcred
common:
vrouter:
repository: atom-docker/cn2/bazel-build/dev/x86_64/
tag: R23.4-85
crpd:
repository: junos-docker-local/warthog/amd64/
tag: 23.4R1.8
jcnrcni:
repository: junos-docker-local/warthog/amd64/
tag: 23.4-20231215-50817e3
telemetryExporter:
repository: atom-docker/cn2/bazel-build/dev/x86_64/
tag: R23.4-85
# Number of replicas for cRPD; this option must be used for multinode clusters
# JCNR will take 1 as default if replicas is not specified
replicas: “2”
# storageClass: Name of the storage class for cRPD. This option is must for
# cloud deployments such as AWS where gp2 can be used
storageClass: gp2
# Set AWS Region for AWS deployments
awsregion: us-east-1
#noLocalSwitching: [700]
# fabricInterface: provide a list of interfaces to be bound to dpdk
# You can also provide subnets instead of interface names. Interfaces name take precedence over
# Subnet/Gateway combination if both specified (although there is no reason to specify both)
# Subnet/Gateway combination comes handy when the interface names vary in a multi-node cluster
fabricInterface:
#########################
# L2 only
#- eth1:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
#- eth2:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [700]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
#- bond0:
# ddp: "auto" # auto/on/off # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# #native-vlan-id: 100
# #no-local-switching: true
#########################
# L3 only
#- eth11:
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
#- eth2:
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
########################
# L2L3
#- eth1:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
#- eth2:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
##################################
# Provide subnets instead of interface names
# Interfaces will be auto-detected in each subnet
# Only one of the interfaces or subnet range must
# be configured. This form of input is particularly
# helpful when the interface names vary in a multi-node
# K8s cluster
- subnet: 10.0.3.0/24
gateway: 10.0.3.1
ddp: "off"
- subnet: 10.0.5.0/24
gateway: 10.0.5.1
ddp: "off"
##################################
# fabricWorkloadInterface is applicable only for Pure L2 deployments
#
#fabricWorkloadInterface:
#- enp59s0f1v0:
# interface_mode: access
# vlan-id-list: [700]
#- enp59s0f1v1:
# interface_mode: trunk
# vlan-id-list: [800, 900]
#########################
# defines the log severity. Possible options: DEBUG, INFO, WARN, ERR
log_level: "INFO"
# "log_path": this directory will contain various jcnr related descriptive logs
# such as contrail-vrouter-agent.log, contrail-vrouter-dpdk.log etc.
log_path: "/var/log/jcnr/"
# "syslog_notifications": absolute path to the file that will contain syslog-ng
# generated notifications in json format
syslog_notifications: "/var/log/jcnr/jcnr_notifications.json"
# core pattern to denote how the core file will be generated
# if left empty, JCNR pods will not overwrite the default pattern
corePattern: ""
# path for the core file; vrouter considers /var/crashes as default value if not specified
coreFilePath: /var/crash
# nodeAffinity: Can be used to inject nodeAffinity for vRouter, cRPD and syslog-ng pods
# You may label the nodes where we wish to deploy JCNR and inject affinity accodingly
nodeAffinity:
- key: key1
operator: In
values:
- jcnr
# cni_bin_dir: Path where the CNI binary will be put; default: /opt/cni/bin
# this may be overriden in distributions other than vanilla K8s
# e.g. OpenShift - you may use /var/lib/cni/bin or /etc/kubernetes/cni/net.d
#cni_bin_dir: /var/lib/cni/bin
# grpcTelemetryPort: use this parameter to override cRPD telemetry gRPC server default port of 50051
#grpcTelemetryPort: 50055
# grpcVrouterPort: use this parameter to override vRouter gRPC server default port of 50052
#grpcVrouterPort: 50060
# vRouterDeployerPort: use this parameter to override vRouter deployer port default port of 8081
#vRouterDeployerPort: 8082
jcnr-vrouter:
# restoreInterfaces: setting this to true will restore the interfaces
# back to their original state in case vrouter pod crashes or restarts
restoreInterfaces: true
# Enable bond interface configurations L2 only or L2 L3 deployment
#bondInterfaceConfigs:
# - name: "bond0"
# mode: 1 # ACTIVE_BACKUP MODE
# slaveInterfaces:
# - "enp59s0f0v0"
# - "enp59s0f0v1"
# primaryInterface: "enp59s0f0v0"
# MTU for all physical interfaces( all VF’s and PF’s)
mtu: "9000"
# vrouter fwd core mask
# if qos is enabled, you will need to allocate 4 CPU cores (primary and siblings)
cpu_core_mask: "2,3,22,23"
# rate limit profiles for bum traffic on fabric interfaces in bytes per second
stormControlProfiles:
rate_limit_pf1:
bandwidth:
level: 0
#rate_limit_pf2:
# bandwidth:
# level: 0
dpdkCommandAdditionalArgs: "--yield_option 0"
# Set ddp to enable Dynamic Device Personalization (DDP)
# Provides datapath optimization at NIC for traffic like GTPU, SCTP etc.
# Options include auto or on or off; default: off
ddp: "auto"
# Set true/false to Enable or Disable QOS, note: QOS is not supported on X710 NIC.
qosEnable: false
# uio driver will be vfio-pci or uio_pci_generic
vrouter_dpdk_uio_driver: "vfio-pci"
# agentModeType will be dpdk or xdp. set agentModeType dpdk will bringup dpdk datapath. set agentModeType to xdp to use ebpf.
agentModeType: dpdk
# fabricRpfCheckDisable: Set this flag to false to enable the RPF check on all the fabric interfaces of the JNCR, by default RPF check is disabled
#fabricRpfCheckDisable: false
#jcnr-cni:
# persistConfig: set this flag to true if you wish jcnr-cni generated pod configuration to persist even after uninstallation
# use this option only in case of l2 mode
# default value is false if not specfied
#persistConfig: trueHelm Chart for EKS Deployment (Subscription via AWS Marketplace)
A working Amazon EKS L3 helm chart sample is shown below. The configured sections are highlighted in bold:
####################################################################
# Common Configuration (global vars) #
####################################################################
global:
registry: 709825985650.dkr.ecr.us-east-1.amazonaws.com/
# uncomment below if all images are available in the same path; it will
# take precedence over "repository" paths under "common" section below
repository: juniper-networks/
# uncomment below if you are using a private registry that needs authentication
# registryCredentials - Base64 representation of your Docker registry credentials
# secretName - Name of the Secret object that will be created
#imagePullSecret:
#registryCredentials: <base64-encoded-credential>
#secretName: regcred
common:
vrouter:
repository: atom-docker/cn2/bazel-build/dev/x86_64/
tag: R23.4-85
crpd:
repository: junos-docker-local/warthog/amd64/
tag: 23.4R1.8
jcnrcni:
repository: junos-docker-local/warthog/amd64/
tag: 23.4-20231215-50817e3
telemetryExporter:
repository: atom-docker/cn2/bazel-build/dev/x86_64/
tag: R23.4-85
# Number of replicas for cRPD; this option must be used for multinode clusters
# JCNR will take 1 as default if replicas is not specified
replicas: “2”
# storageClass: Name of the storage class for cRPD. This option is must for
# cloud deployments such as AWS where gp2 can be used
storageClass: gp2
# Set AWS Region for AWS deployments
awsregion: us-east-1
#noLocalSwitching: [700]
# fabricInterface: provide a list of interfaces to be bound to dpdk
# You can also provide subnets instead of interface names. Interfaces name take precedence over
# Subnet/Gateway combination if both specified (although there is no reason to specify both)
# Subnet/Gateway combination comes handy when the interface names vary in a multi-node cluster
fabricInterface:
#########################
# L2 only
#- eth1:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
#- eth2:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [700]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
#- bond0:
# ddp: "auto" # auto/on/off # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# #native-vlan-id: 100
# #no-local-switching: true
#########################
# L3 only
#- eth11:
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
#- eth2:
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
########################
# L2L3
#- eth1:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
#- eth2:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
##################################
# Provide subnets instead of interface names
# Interfaces will be auto-detected in each subnet
# Only one of the interfaces or subnet range must
# be configured. This form of input is particularly
# helpful when the interface names vary in a multi-node
# K8s cluster
- subnet: 10.0.3.0/24
gateway: 10.0.3.1
ddp: "off"
- subnet: 10.0.5.0/24
gateway: 10.0.5.1
ddp: "off"
##################################
# fabricWorkloadInterface is applicable only for Pure L2 deployments
#
#fabricWorkloadInterface:
#- enp59s0f1v0:
# interface_mode: access
# vlan-id-list: [700]
#- enp59s0f1v1:
# interface_mode: trunk
# vlan-id-list: [800, 900]
#########################
# defines the log severity. Possible options: DEBUG, INFO, WARN, ERR
log_level: "INFO"
# "log_path": this directory will contain various jcnr related descriptive logs
# such as contrail-vrouter-agent.log, contrail-vrouter-dpdk.log etc.
log_path: "/var/log/jcnr/"
# "syslog_notifications": absolute path to the file that will contain syslog-ng
# generated notifications in json format
syslog_notifications: "/var/log/jcnr/jcnr_notifications.json"
# core pattern to denote how the core file will be generated
# if left empty, JCNR pods will not overwrite the default pattern
corePattern: ""
# path for the core file; vrouter considers /var/crashes as default value if not specified
coreFilePath: /var/crash
# nodeAffinity: Can be used to inject nodeAffinity for vRouter, cRPD and syslog-ng pods
# You may label the nodes where we wish to deploy JCNR and inject affinity accodingly
nodeAffinity:
- key: key1
operator: In
values:
- jcnr
# cni_bin_dir: Path where the CNI binary will be put; default: /opt/cni/bin
# this may be overriden in distributions other than vanilla K8s
# e.g. OpenShift - you may use /var/lib/cni/bin or /etc/kubernetes/cni/net.d
#cni_bin_dir: /var/lib/cni/bin
# grpcTelemetryPort: use this parameter to override cRPD telemetry gRPC server default port of 50051
#grpcTelemetryPort: 50055
# grpcVrouterPort: use this parameter to override vRouter gRPC server default port of 50052
#grpcVrouterPort: 50060
# vRouterDeployerPort: use this parameter to override vRouter deployer port default port of 8081
#vRouterDeployerPort: 8082
jcnr-vrouter:
# restoreInterfaces: setting this to true will restore the interfaces
# back to their original state in case vrouter pod crashes or restarts
restoreInterfaces: true
# Enable bond interface configurations L2 only or L2 L3 deployment
#bondInterfaceConfigs:
# - name: "bond0"
# mode: 1 # ACTIVE_BACKUP MODE
# slaveInterfaces:
# - "enp59s0f0v0"
# - "enp59s0f0v1"
# primaryInterface: "enp59s0f0v0"
# MTU for all physical interfaces( all VF’s and PF’s)
mtu: "9000"
# vrouter fwd core mask
# if qos is enabled, you will need to allocate 4 CPU cores (primary and siblings)
cpu_core_mask: "2,3,22,23"
# rate limit profiles for bum traffic on fabric interfaces in bytes per second
stormControlProfiles:
rate_limit_pf1:
bandwidth:
level: 0
#rate_limit_pf2:
# bandwidth:
# level: 0
dpdkCommandAdditionalArgs: "--yield_option 0"
# Set ddp to enable Dynamic Device Personalization (DDP)
# Provides datapath optimization at NIC for traffic like GTPU, SCTP etc.
# Options include auto or on or off; default: off
ddp: "auto"
# Set true/false to Enable or Disable QOS, note: QOS is not supported on X710 NIC.
qosEnable: false
# uio driver will be vfio-pci or uio_pci_generic
vrouter_dpdk_uio_driver: "vfio-pci"
# agentModeType will be dpdk or xdp. set agentModeType dpdk will bringup dpdk datapath. set agentModeType to xdp to use ebpf.
agentModeType: dpdk
# fabricRpfCheckDisable: Set this flag to false to enable the RPF check on all the fabric interfaces of the JNCR, by default RPF check is disabled
#fabricRpfCheckDisable: false
#jcnr-cni:
# persistConfig: set this flag to true if you wish jcnr-cni generated pod configuration to persist even after uninstallation
# use this option only in case of l2 mode
# default value is false if not specfied
#persistConfig: true