Skip to content

Part 2: Network Visibility

What Will You Do

In this part of the self-paced exercise, you will deploy a test application and view the network traffic flow visualization for that application.

This application refers to Star Wars where we have two teams/groups:

  • Empire
  • Rebels

a) We will create two namespaces one for each team.

b) Then you will deploy test workloads into each namespace.

  • tiefighter-workload: This contains tiefighter and deathstar pods and will be placed into the empire namespace.
  • xwing-workload: This contains an xwing pod and will be placed into the rebels namespace.

    Namespace Visual


Create Namespaces

  • Navigate to the Namespaces page
  • Create a new namespace for empire, specify the name as empire and select type as Wizard
  • In the placement section, select the cluster that you want to deploy the namespace to
  • Click Save & Go to Publish
  • Publish the namespace

Follow the same process to create another namespace and specify the name as rebels.

Namespace Creation

Namespace Creation


Deploy the test applications

  • Navigate to the Workloads page
  • Create a new Workload, specify the name as tiefighter-workload and Package type as K8s yaml
  • Select Upload files manually as the Artifact Sync option
  • Select the empire namespace from the dropdown menu
  • Select continue
  • Upload the tiefighter.yaml file
  • Click Save and Go to Placement
  • Select the cluster that you want to deploy the workload to, Click Save and Go to Publish
  • Click Publish

Follow the same process with the xwing naming it xwing-workload and placing it in the rebels namespace you created.

tiefighter-workload YAML

---
apiVersion: v1
kind: Service
metadata:
  name: deathstar
  labels:
    app.kubernetes.io/name: deathstar
spec:
  type: ClusterIP
  ports:
  - port: 80
  selector:
    org: empire
    class: deathstar
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deathstar
  labels:
    app.kubernetes.io/name: deathstar
spec:
  replicas: 2
  selector:
    matchLabels:
      org: empire
      class: deathstar
  template:
    metadata:
      labels:
        org: empire
        class: deathstar
        app.kubernetes.io/name: deathstar
    spec:
      containers:
      - name: deathstar
        image: docker.io/cilium/starwars
---
apiVersion: v1
kind: Pod
metadata:
  name: tiefighter
  labels:
    org: empire
    class: tiefighter
    app.kubernetes.io/name: tiefighter
spec:
  containers:
  - name: spaceship
    image: docker.io/tgraf/netperf
    command:
      - sh
      - "-c"
      - |
        while true
        do
        sleep 3
        curl -m 1 -s -XPOST deathstar.empire.svc.cluster.local/v1/request-landing
        done

xwing-workload YAML

---
apiVersion: v1
kind: Pod
metadata:
  name: xwing
  labels:
    app.kubernetes.io/name: xwing
    org: alliance
    class: xwing
spec:
  containers:
  - name: spaceship
    image: docker.io/tgraf/netperf
    command:
      - sh
      - "-c"
      - |
        while true
        do
        sleep 3
        curl -m 1 -s -XPOST deathstar.empire.svc.cluster.local/v1/request-landing
        done

Workload Publish

Workload Publish


Visibility into Traffic Flows

  • Click Home
  • Select Dashboards (option available next to Home)
  • Select Network Policy
  • Select the Project, Cluster
  • Select the empire and rebels namespaces from the namespace drop down

Visibility Dashboard


Recap

Congratulations! At this point, you have successfully deployed a test application and are able to view the network traffic flows for the application.


Create Namespaces

You can alternatively create a namespace by using the declarative spec YAML. For more information on automation via RCTL CLI, refer here

Important

Ensure that you update the "value: demo-network-policy" with the name of the cluster in your project

kind: ManagedNamespace
apiVersion: config.rafay.dev/v2
metadata:
  name: empire
  description: for tiefighter-workload
spec:
  type: RafayWizard
  placement:
    placementType: ClusterSpecific
    clusterLabels:
    - key: rafay.dev/clusterName
      value: demo-network-policy
kind: ManagedNamespace
apiVersion: config.rafay.dev/v2
metadata:
  name: rebels
  description: for xwing-workload
spec:
  type: RafayWizard
  placement:
    placementType: ClusterSpecific
    clusterLabels:
    - key: rafay.dev/clusterName
      value: demo-network-policy
  • Type the command below to create the new namespaces
rctl create namespace -f <path-to-filename>.yaml
  • Type the command below to create the new namespaces
rctl publish namespace <namespace_name>
  • Type the command below to verify creation of the namespaces
rctl get namespace

Deploy the test applications

You can alternatively deploy the test application by using the declarative spec YAML. For more information on automation via RCTL CLI, refer here

name: tiefighter-workload
namespace: empire
project: defaultproject
type: NativeYaml
clusters: demo-network-policy
payload: <path-to-filename>.yaml
name: xwing-workload
namespace: rebels
project: defaultproject
type: NativeYaml
clusters: demo-network-policy
payload: <path-to-filename>.yaml
  • Type the command below to create the workloads
rctl create workload <path-to-filename>.yaml

If there were no errors, you should see a message like below

Workload created successfully
  • Type the command below to publish the tiefighter workload
rctl publish workload tiefighter-workload
  • Type the command below to publish the xwing workload
rctl publish workload xwing-workload

In the web console, click on Applications -> Workloads. You should see the workload deployment status as In Progress. After a few minutes, you will see the workload deployment status as Ready


tiefighter-workload YAML

---
apiVersion: v1
kind: Service
metadata:
  name: deathstar
  labels:
    app.kubernetes.io/name: deathstar
spec:
  type: ClusterIP
  ports:
  - port: 80
  selector:
    org: empire
    class: deathstar
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: deathstar
  labels:
    app.kubernetes.io/name: deathstar
spec:
  replicas: 2
  selector:
    matchLabels:
      org: empire
      class: deathstar
  template:
    metadata:
      labels:
        org: empire
        class: deathstar
        app.kubernetes.io/name: deathstar
    spec:
      containers:
      - name: deathstar
        image: docker.io/cilium/starwars
---
apiVersion: v1
kind: Pod
metadata:
  name: tiefighter
  labels:
    org: empire
    class: tiefighter
    app.kubernetes.io/name: tiefighter
spec:
  containers:
  - name: spaceship
    image: docker.io/tgraf/netperf
    command:
      - sh
      - "-c"
      - |
        while true
        do
        sleep 3
        curl -m 1 -s -XPOST deathstar.empire.svc.cluster.local/v1/request-landing
        done

xwing-workload YAML

---
apiVersion: v1
kind: Pod
metadata:
  name: xwing
  labels:
    app.kubernetes.io/name: xwing
    org: alliance
    class: xwing
spec:
  containers:
  - name: spaceship
    image: docker.io/tgraf/netperf
    command:
      - sh
      - "-c"
      - |
        while true
        do
        sleep 3
        curl -m 1 -s -XPOST deathstar.empire.svc.cluster.local/v1/request-landing
        done

Visibility into Traffic Flows

  • Click Home
  • Select Dashboards (option available next to Home)
  • Select Network Policy
  • Select the Project, Cluster
  • Select the empire and rebels namespaces from the namespace drop down

Visibility Dashboard


Recap

Congratulations! At this point, you have successfully deployed a test application and are able to view the network traffic flows for the application.