Tungsten Fabric project is an open source project agreement, which is based on a standard protocol development, and provides all the components of the network virtualization and network security essential. Components of the project include: SDN controller, virtual router, the analysis engine, to the north of the API release, hardware integration, cloud orchestration software and extensive REST API.
This article all links pdf: https://tungstenfabric.org.cn/assets/uploads/files/tf-ceg-with-link.pdf
What is the role of this guide is?
This guide is intended for application developers or computing platform for infrastructure design engineers consider the option Kubernetes network, with particular emphasis on Tungsten Fabric Carbide.
For applications running on Kubernetes, "Kubernetes cluster network" function is essential. These features include:
- Network communications between Pod by services;
- Network communication between the outside world and external facing services;
- Of allowed network traffic policy fine-grained control of the network.
To this end, Kubernetes cluster container must install a network interface ( "CNI") plug-ins. Kubernetes documentation Web site lists a number of options, we introduce Tungsten Fabric options in this document.
We will use the example of a three-layer application to traverse the three major functional areas listed above and described Tungsten Fabric function in each case. Tungsten Fabric Kubernetes provide additional functionality beyond the baseline, we will introduce in these places.
To follow our use case, you should deploy your own TF with Kubernetes ( "K8s") a copy of a fast start on AWS.
prerequisites
This guide assumes that you are familiar with how to:
- CloudFormation template will be deployed to your AWS account;
- SSH using the SSH client and the private key is connected to the AWS EC2 instance;
- Use kubectl CLI tool to deploy applications to Kubernetes;
- Using Linux CLI / end tool, such as less and nano.
Sample Application Profile
To demonstrate Tungsten Fabric how to help us make the application run, providing access from the Internet and security, we will use simulation application called "yelb" of. It is written by a developer advocate AWS and maintenance. Select the application of reason is simple, complete documentation, and can run on Kubernetes.
See the "Yelb architecture" link for more details, but at a higher level, it looks like this:
The application consists of four deployment Composition: yelb-ui, yelb-appserver, yelb-db and yelb-cache. Each deployment has its own Kubernetes service. yelb-ui services can also be managed through Kubernetes Ingress, L7 HTTP to provide routing for you.
be ready
For our practice, you need the following:
- Using Access installed Tungsten Fabric cluster of Kubernetes by Kubernetes of kubectl CLI tools;
- A copy of yelb
Visit our Kubernetes cluster
If you follow the steps Tungsten Fabric Carbide Quick Start Guide on the AWS, you should be able to log on to the QuickStart sandbox control node in accordance with the "Accessing the Cluster" section of the instructions in this guide. To find the sandbox control node's public DNS host name, please find the template for the deployment of Kubernetes with TF Carbide in the "Outputs" tab in the AWS CloudFormation UI:
After entering the sandbox control node, run:
sudo -s
kubectl get nodes
It should be similar to the following output:
Obtain a copy of the application Yelb
After successfully connect to the sandbox control node and verify kubectl work, use the following command to get a copy yelb, and change the working directory (run as root) to the working directory with Kubernetes list:
The next step
At this point, you will have a functional sandbox Kubernetes a cluster with two compute nodes, and applications that can be used to verify functionality. The remainder of this document will provide an example you introduce some common network and security situation in the development and operation of run-time application on Kubernetes, how to deal with may encounter.
Each use case is independent and does not require you to complete any other use cases in this document.
Free to skip the one that you see fit:
- Basic application is connected via Kubernetes service
- Advanced external applications via the Ingress Kubernetes
- Kubernetes isolated by roughening application namespace
- Application performed by the micro-segment network policy Kubernetes
( "TF Chinese community" public number will be released details of four use cases, so stay tuned) 
Focus on micro letter: TF Chinese community