VPN
Table of contents
Network Service Mesh is capable of composing together many Endpoints to work together to provide the desired Network Service. In the vpn example, the user wants secure-intranet-connectivity with the traffic from the App Pod Client passing through first a firewall, and then two other passthrough security appliances before finally getting to a VPN Gateway.
Deploy
Utilize the Run instructions to install the NSM infrastructure, and then type:
helm install nsm/vpn
What it does
This will install Deployments for:
Name | Advertises Network Service | Labels | Description |
---|---|---|---|
vpn-gateway-nsc | The Client | ||
vppagent-firewall-nse | secure-intranet-connectivity | app=firewall | A passthrough firewall Endpoint |
vppagent-passthrough-nse-1 | secure-intranet-connectivity | app=passthrough-1 | A generic passthrough Endpoint |
vppagent-passthrough-nse-2 | secure-intranet-connectivity | app=passthrough-2 | A generic passthrough Endpoint |
vpn-gateway-nse | secure-intranet-connectivity | app=vpn-gateway | A simulated VPN Gateway |
And also a Network Service:
apiVersion: networkservicemesh.io/v1alpha1
kind: NetworkService
metadata:
name: secure-intranet-connectivity
spec:
payload: IP
matches:
- match:
sourceSelector:
app: "firewall"
route:
- destination:
destinationSelector:
app: "passthrough-1"
- match:
sourceSelector:
app: "passthrough-1"
route:
- destination:
destinationSelector:
app: "passthrough-2"
- match:
sourceSelector:
app: "passthrough-2"
route:
- destination:
destinationSelector:
app: "vpn-gateway"
- match:
route:
- destination:
destinationSelector:
app: "firewall"
That describes how to compose together the various providers of Network Service secure-intranet-connectivity.
When the Client requests Network Service ‘secure-intranet-connectivity with no labels:
it falls all the way through the secure-intranet-connectivity matches to:
- match:
route:
- destination:
destinationSelector:
app: "firewall"
And is connected to the Firewall Endpoint:
The Firewall Endpoint then requests secure-intranet-connectivity with labels app=firewall
and matches to:
- match:
sourceSelector:
app: firewall
route:
- destination:
destinationSelector:
app: "passthrough-1"
And gets wired to the Passthrough-1 Endpoint:
Which requests secure-intranet-connectivity with labels app=passthrough-1:
and matches to:
- match:
sourceSelector:
app: "passthrough-1"
route:
- destination:
destinationSelector:
app: "passthrough-2"
Which requests secure-intranet-connectivity with labels app=passthrough-2:
and matches to:
- match:
sourceSelector:
app: "passthrough-2"
route:
- destination:
destinationSelector:
app: "vpn-gateway"
Verify
First verify that the vpn example Pods are all up and running:
kubectl get pods
To see the vpn example in action, you can run:
curl -s https://raw.githubusercontent.com/networkservicemesh/networkservicemesh/master/scripts/verify_vpn_gateway.sh | bash
Table of contents