• 1. Introduction
• 2. Problem statement
• 3. Proposed solution
• 3.1 Default
• 3.1.1 Pods
• 3.1.2 Pod subnet:
• 3.2 Namespace isolation mode
• 3.3 Custom isolation mode
• 3.4 Nested Mode (BETA feature in Contrail 4.0.0.0)
• 3.5 Services
• 3.6 Ingress
• 4. Contrail Kubernetes Solution
• 4.1 Contrail kubernetes manager
• 4.2 Contrail CNI plugin
• 4.3 ECMP Loadbalancer for K8s service
• 4.4 Haproxy Loadbalancer for K8s ingress
• 4.5 Security groups for K8s network policy
• 4.6 DNS
• 5. Performance and scaling impact
• 5.1 Forwarding performance
• 6. Upgrade
• 7. Deprecations
• 8. Dependencies
• 9. Debugging
• 9.1 Pod IP Address Info:
• 9.2 Check Pods reachability:
• 9.3 Verify that default virtual-network for a cluster is created:
• 9.4 Verify a virtual-network is created for an isolated namespace:
• 9.5 Verify that Pods from non-isolated namespace CANNOT reach Pods in isolated namespace.
• 9.6 Verify that Pods in isolated namespace can reach Pods in in non-isolated namespaces.
• 9.7 How to check if a Kubernetes namespace is isolated.
• 10. Testing
• 10.1 Unit tests
• 10.2 Dev tests
• 10.3 System tests
• 11. Installation