
# **Mohammad Sada and Justas Balcas**

# **Sixth National Research Platform (6NRP) Workshop**

# **San Diego Supercomputer Center**

# **January 28th, 2025**


# Introduction

Network Experiment on `node-2-6` and `node-2-7`

### Step 1: Import Required Libraries

We begin by importing the necessary Python libraries. The `kubernetes` module provides the client for interacting with the Kubernetes API, and `yaml` helps with serializing and deserializing configurations.

In [62]:
# Import required libraries
from kubernetes import client, config
from kubernetes.client import ApiException
import yaml
from kubernetes.stream import stream

### Step 2: Define Kubernetes API Server and Token

In this step, we define the API server URL, the authentication token for the service account, and the namespace in which resources will be created.

- **KUBE_API_SERVER**: The Kubernetes API server URL.
- **KUBE_TOKEN**: The service account token used for authentication.
- **NAMESPACE**: The Kubernetes namespace where resources will be managed.


In [64]:
# Kubernetes API setup with token and server
KUBE_API_SERVER = "https://67.58.53.147:6443"
KUBE_TOKEN = "eyJhbGciOiJSUzI1NiIsImtpZCI6Illyc2M5bTg5czdZQlJYTFZjVTNNME5MRVBENEVFbWw2VHhoRXZZLWhkR3cifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzM4MDc5MjQxLCJpYXQiOjE3MzgwNzU2NDEsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiI2bnJwIiwic2VydmljZWFjY291bnQiOnsibmFtZSI6InNtYXJ0bmljIiwidWlkIjoiNDZlYzU1OTEtYjNhMi00NDY0LTlmODItODA2YmQ3MmQ1ODhjIn19LCJuYmYiOjE3MzgwNzU2NDEsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDo2bnJwOnNtYXJ0bmljIn0.hzdtS5q6E08pjaC0bcS9NvuRIBf0Px6wkXUKnX4wsMYsYJXAfHH6K-PGONr5Uw5Qkn9nKFT483VFUA3QonXCwOwoDpXHgBECxoNMPlfgjT_6hx6HCEyMUb6D-f31n3jjKk0D6JC49cF-6f1LQX_vL5p1bNkA3EwEuChJLMDrKl-9MU0APXBWIGQwZRi5gTGMrpUYMq6iCAVgFddH5svCe_0qV60_QE0nIE9lttH7ouPorNcTHAdMNu8k6Li2RaNYlgo3y6XYXN8LmSFPRuBPJoLkgGO7J9obeD3OLjCAdfKHzJ2yPIEElFEOH7kOgRRZhC44EIoQlSTF17RIp2nv6A"
NAMESPACE = "6nrp"  

### Step 3: Configure the Kubernetes Client

Here, we configure the Kubernetes client with the provided API server URL and token. The `client.Configuration` object is used to set up the connection settings, such as:

- **host**: The URL of the Kubernetes API server.
- **verify_ssl**: Set to `False` to disable SSL verification (useful for testing or self-signed certificates).
- **api_key**: The authentication token for the service account.

Once configured, we initialize the `v1` and `networking_v1` API clients to interact with the core Kubernetes API and the custom networking API respectively.


In [73]:
# Configuration to use the embedded token and API server
configuration = client.Configuration()
configuration.host = KUBE_API_SERVER
configuration.verify_ssl = False
configuration.debug = False
configuration.api_key = {"authorization": f"Bearer {KUBE_TOKEN}"}
client.Configuration.set_default(configuration)

# Create the API clients
v1 = client.CoreV1Api()
networking_v1 = client.CustomObjectsApi()

print("Kubernetes API client configured successfully!")


Kubernetes API client configured successfully!


### Step 4: Create the SENSE Path

In [74]:
sense_path = {
    "apiVersion": "6nrp.example.com/v1",
    "kind": "SensePath",
    "metadata": {
        "name": "my-sense-path",
    },
    "spec": {
        "uri1": "urn:ogf:network:nrp-nautilus.io:2020:node-2-6.sdsc.optiputer.net:enp65s0f1np1",
        "uri2": "urn:ogf:network:nrp-nautilus.io:2020:node-2-7.sdsc.optiputer.net:enp65s0f1np1",
        "bandwidth": 1000,
    },
    "status": "",
}

# Create the SensePath resource
try:
    networking_v1.create_namespaced_custom_object(
        group="6nrp.example.com",
        version="v1",
        namespace=NAMESPACE,
        plural="sense-paths",
        body=sense_path,
    )
    print("SensePath created successfully!")
except ApiException as e:
    print(f"Exception when creating SensePath: {e}")


SensePath created successfully!




### Step 5: Create the Multus NADs

In [None]:
# Define the NetworkAttachmentDefinition for VLAN 1784
nad = {
    "apiVersion": "k8s.cni.cncf.io/v1",
    "kind": "NetworkAttachmentDefinition",
    "metadata": {
        "name": "my-vlan-1784",
        "namespace": NAMESPACE,
    },
    "spec": {
        "config": yaml.dump({
            "cniVersion": "0.4.0",
            "type": "macvlan",
            "master": "vlan.1784",
            "mode": "bridge",
            "ipam": {
                "type": "host-local",
                "subnet": "10.251.87.160/30",
                "rangeStart": "10.251.87.161",
                "rangeEnd": "10.251.87.162",
                "gateway": "10.251.87.159",
            },
        })
    }
}

# Create the NAD
try:
    networking_v1.create_namespaced_custom_object(
        group="k8s.cni.cncf.io",
        version="v1",
        namespace=NAMESPACE,
        plural="network-attachment-definitions",
        body=nad,
    )
    print("NetworkAttachmentDefinition 'vlan-1784' created successfully!")
except ApiException as e:
    print(f"Exception when creating NAD: {e}")


In [49]:
import yaml

# Define the NetworkAttachmentDefinition for VLAN 1784
nad = {
    "apiVersion": "k8s.cni.cncf.io/v1",
    "kind": "NetworkAttachmentDefinition",
    "metadata": {
        "name": "my-vlan-1784-2",
        "namespace": NAMESPACE,
    },
    "spec": {
        "config": """
        {
          "cniVersion": "0.4.0",
          "type": "macvlan",
          "master": "vlan.1784",
          "mode": "bridge",
          "ipam": {
            "type": "host-local",
            "subnet": "10.251.87.160/30",
            "rangeStart": "10.251.87.162",
            "rangeEnd": "10.251.87.163",
            "gateway": "10.251.87.159"
          }
        }
        """
    }
}

# Create the NAD
try:
    networking_v1.create_namespaced_custom_object(
        group="k8s.cni.cncf.io",
        version="v1",
        namespace=NAMESPACE,
        plural="network-attachment-definitions",
        body=nad,
    )
    print("NetworkAttachmentDefinition 'my-vlan-1784-2' created successfully!")
except ApiException as e:
    print(f"Exception when creating NAD: {e}")


Exception when creating NAD: (409)
Reason: Conflict
HTTP response headers: HTTPHeaderDict({'Audit-Id': '30cb8b0a-df20-418b-a906-b1630b50568e', 'Cache-Control': 'no-cache, private', 'Content-Type': 'application/json', 'X-Kubernetes-Pf-Flowschema-Uid': '5d8b88e8-3799-4126-9528-48f2d3ddf6cc', 'X-Kubernetes-Pf-Prioritylevel-Uid': 'a3e2ebab-2463-4309-98ea-34fb239007c6', 'Date': 'Tue, 28 Jan 2025 14:47:54 GMT', 'Content-Length': '300'})
HTTP response body: {"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"network-attachment-definitions.k8s.cni.cncf.io \"my-vlan-1784-2\" already exists","reason":"AlreadyExists","details":{"name":"my-vlan-1784-2","group":"k8s.cni.cncf.io","kind":"network-attachment-definitions"},"code":409}






### Step 7: Create the Experiment Pods

In [56]:
pod_node_2_6 = {
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "pod-node-2-6",
        "namespace": NAMESPACE,
        "annotations": {
            "k8s.v1.cni.cncf.io/networks": "my-vlan-1784-1",
        },
    },
    "spec": {
        "nodeName": "node-2-6.sdsc.optiputer.net",
        "containers": [
            {
                "name": "my-container",
                "image": "ubuntu:20.04",
                "command": ["sleep", "3600"],
                "resources": {
                    "requests": {"memory": "64Mi", "cpu": "100m"},
                    "limits": {"memory": "128Mi", "cpu": "100m"},
                },
                "securityContext": {
                    "capabilities": {
                        "add": [
                            "NET_ADMIN",
                            "NET_RAW",]
                    }
                }
            }
        ],
    },
}

pod_node_2_7 = {
    "apiVersion": "v1",
    "kind": "Pod",
    "metadata": {
        "name": "pod-node-2-7",
        "namespace": NAMESPACE,
        "annotations": {
            "k8s.v1.cni.cncf.io/networks": "my-vlan-1784-2",
        },
    },
    "spec": {
        "nodeName": "node-2-7.sdsc.optiputer.net",
        "containers": [
            {
                "name": "my-container",
                "image": "ubuntu:20.04",
                "command": ["sleep", "3600"],
                "resources": {
                    "requests": {"memory": "64Mi", "cpu": "100m"},
                    "limits": {"memory": "128Mi", "cpu": "100m"},
                },
                "securityContext": {
                    "capabilities": {
                        "add": [
                            "NET_ADMIN",
                            "NET_RAW",]
                    }
                }
            }
        ],
    },
}


for pod in [pod_node_2_6, pod_node_2_7]:
    try:
        v1.create_namespaced_pod(namespace=NAMESPACE, body=pod)
        print(f"Pod '{pod['metadata']['name']}' created successfully!")
    except ApiException as e:
        print(f"Exception when creating pod {pod['metadata']['name']}: {e}")




Pod 'pod-node-2-6' created successfully!
Pod 'pod-node-2-7' created successfully!


### Step 8: Install `ping` on the pods

In [57]:
# Install necessary tools in the pods
def install_ping_in_pod(pod_name):
    exec_command = ["/bin/bash", "-c", "apt-get update && apt-get install iputils-ping -y"]
    try:
        response = stream(
            v1.connect_get_namespaced_pod_exec,
            name=pod_name,
            namespace=NAMESPACE,
            command=exec_command,
            stderr=True,
            stdin=False,
            stdout=True,
            tty=False,
        )
        print(f"'ping' installed successfully in {pod_name}!")
        print(response)
    except ApiException as e:
        print(f"Exception when installing ping in {pod_name}: {e}")

install_ping_in_pod("pod-node-2-6")
install_ping_in_pod("pod-node-2-7")


'ping' installed successfully in pod-node-2-6!
Get:1 http://archive.ubuntu.com/ubuntu focal InRelease [265 kB]
Get:2 http://security.ubuntu.com/ubuntu focal-security InRelease [128 kB]
Get:3 http://archive.ubuntu.com/ubuntu focal-updates InRelease [128 kB]
Get:4 http://archive.ubuntu.com/ubuntu focal-backports InRelease [128 kB]
Get:5 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages [4214 kB]
Get:6 http://security.ubuntu.com/ubuntu focal-security/restricted amd64 Packages [4321 kB]
Get:7 http://archive.ubuntu.com/ubuntu focal/multiverse amd64 Packages [177 kB]
Get:8 http://archive.ubuntu.com/ubuntu focal/universe amd64 Packages [11.3 MB]
Get:9 http://security.ubuntu.com/ubuntu focal-security/multiverse amd64 Packages [30.9 kB]
Get:10 http://security.ubuntu.com/ubuntu focal-security/universe amd64 Packages [1297 kB]
Get:11 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages [1275 kB]
Get:12 http://archive.ubuntu.com/ubuntu focal/restricted amd64 Packages [33.4

### Step 9: Ping from pods

In [None]:
# Test connectivity between the pods
def test_connectivity(source_pod, target_ip):
    exec_command = ["ping", "-c", "4", target_ip]
    try:
        response = stream(
            v1.connect_get_namespaced_pod_exec,
            name=source_pod,
            namespace=NAMESPACE,
            command=exec_command,
            stderr=True,
            stdin=False,
            stdout=True,
            tty=False,
        )
        print(f"Ping from {source_pod} to {target_ip} successful!")
        print(response)
    except ApiException as e:
        print(f"Exception when pinging {target_ip} from {source_pod}: {e}")

test_connectivity("pod-node-2-6", "10.251.87.162")  # Ping pod-node-2-7
test_connectivity("pod-node-2-7", "10.251.87.161")  # Ping pod-node-2-6
