Kubernetes network connectivity check

After you deploy a CNI plugin into your kubernetes cluster, you may be wondering: how do we check if inter-node network traffic is really working?

Of course, we can start digging logs of your CNI pods, or check system routing table (in the case of Calico). Still, they are somewhat troublesome.

Recently, when trying out Cilium in our k8s deployment, I found that Cilium developers provide an easy and hassle-free approach to this question: deploy two sets of ping-pong pods and let them try to communicate with each others.

echo

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
apiVersion: v1
kind: Service
metadata:
  name: echo
spec:
  type: ClusterIP
  ports:
  - port: 80
  selector:
    name: echo
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: echo
spec:
  selector:
    matchLabels:
      name: echo
  replicas: 5
  template:
    metadata:
      labels:
        name: echo
    spec:
      containers:
      - name: echo-container
        image: docker.io/cilium/json-mock
        livenessProbe:
          exec:
            command:
            - curl
            - -sS
            - -o
            - /dev/null
            - localhost
        readinessProbe:
          exec:
            command:
            - curl
            - -sS
            - -o
            - /dev/null
            - localhost

probe

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
apiVersion: apps/v1
kind: Deployment
metadata:
  name: probe
spec:
  selector:
    matchLabels:
      name: probe
  replicas: 5
  template:
    metadata:
      labels:
        name: probe
    spec:
      containers:
      - name: probe-container
        image: docker.io/cilium/json-mock
        livenessProbe:
          exec:
            command:
            - curl
            - "-4"
            - -sS
            - -o
            - /dev/null
            - echo.default.svc.cluster.local
          initialDelaySeconds: 20
        readinessProbe:
          exec:
            command:
            - curl
            - "-4"
            - -sS
            - -o
            - /dev/null
            - echo.default.svc.cluster.local
          initialDelaySeconds: 20

The above two yamls are a little bit different from that on the Cilium website in that the probe pods now have 20 second initial delay in case the probe pods send requests to echo pods before echo pods are ready.

Comments

2020-01-29
⬆︎TOP