Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Verifying Configuration for CNI for Kubernetes

Note:

This topic covers Contrail Networking in Kubernetes-orchestrated environments that are using Contrail Networking Release 21-based releases.

Starting in Release 22.1, Contrail Networking evolved into Cloud-Native Contrail Networking. Cloud-Native Contrail Networking offers significant enhancements to optimize networking performance in Kubernetes-orchestrated environments. We recommend using Cloud-Native Contrail for networking in most Kubernetes-orchestrated environments.

For general information about Cloud-Native Contrail, see the Cloud-Native Contrail Networking Techlibrary homepage.

Use the verification steps in this topic to view and verify your configuration of Contrail Container Network Interface (CNI) for Kubernetes.

View Pod Name and IP Address

Use the following command to view the IP address allocated to a pod.

Verify Reachability of Pods

Perform the following steps to verify if the pods are reachable to each other.

  1. Determine the IP address and name of the pod.
  2. Ping the destination pod from the source pod to verify if the pod is reachable.

Verify If Isolated Namespace-Pods Are Not Reachable

Perform the following steps to verify if pods in isolated namespaces cannot be reached by pods in non-isolated namespaces.

  1. Determine the IP address and name of a pod in an isolated namespace.
  2. Determine the IP address of a pod in a non-solated namespace.
  3. Ping the IP address of the pod in the isolated namespace from the pod in the non-isolated namespace.

Verify If Non-Isolated Namespace-Pods Are Reachable

Perform the following steps to verify if pods in non-isolated namespaces can be reached by pods in isolated namespaces.

  1. Determine the IP address of a pod in a non-isolated namespace.
  2. Determine the IP address and name of a pod in an isolated namespace.
  3. Ping the IP address of the pod in the non-isolated namespace from a pod in the isolated namespace.

Verify If a Namespace is Isolated

Namespace annotations are used to turn on isolation in a Kubernetes namespace. In isolated Kubernetes namespaces, the namespace metadata is annotated with the opencontrail.org/isolation : true annotation.

Use the following command to view annotations on a namespace.

Related Documentation