Skip to main content
Version: latest

Network Service Platform (NSP)

Description

The Network Service Platform (NSP) is a GRPC server listening on port 7778 (configurable) that can be consumed using a kubernetes clusterIP service (over the kubernetes primary network).

The NSP has two responsabilities:

  • Watch the configuration changes and propagate the updates to every Meridio component.
  • Manage the targets.

Configuration Manager

Since Meridio can handle configuration changes during runtime, the components (Load-balancer, proxy, targets...) need to get notification about the changes.

Meridio uses a configmap to store the configuration of all resources (trench, conduits, streams...) and their properties. To get notified about the changes in the configmap, the NSP uses the Kubernetes API to watch the configmap. Once the modifications are received, the NSP will forward all updated resources to the clients.

Clients of the NSP configuration manager can use multiple different functions to watch all types of resources and filter them if needed via the parameter of each function. The proto file of the configuration manager can be found here.

Target Registry

The NSP Service allows targets to notify their availability or unavailability by sending their IPs, stream, status and a key-value pair (e.g. identifiers). The service is also providing the possibility to receive notifications on registration / unregistration of targets via a watch function. The proto file of the target registry can be found here.

In order to avoid "ghost" targets if a target cannot unregister itself from the NSP service (Node crash, ungraceful terminaison of a target...), the target registry removes the targets which are not refreshing their registration. To do so, a target has to update its entry by calling the Register function regularly.

Data persistence

Running as StatefulSet with a single replica, the NSP handles restarts and pod deletions by saving the data in a local sqlite stored in a persistent volume requested via a volumeClaimTemplates.

Configuration

https://github.com/Nordix/Meridio/blob/master/cmd/nsp/config.go

Environment variableTypeDescriptionDefault
NSM_NAMESPACEstringNamespace the pod is running ondefault
NSM_PORTstringTrench the pod is running on7778
NSM_CONFIG_MAP_NAMEstringName of the ConfigMap containing the configurationmeridio-configuration
NSM_DATASOURCEstringPath and file name of the sqlite database/run/nsp/data/registry.db
NSM_LOG_LEVELstringLog levelDEBUG
NSM_ENTRY_TIMEOUTtime.DurationTimeout of the entries60s
NSM_GRPC_PROBE_RPC_TIMEOUTtime.DurationRPC timeout of internal gRPC health probe1s

Command Line

CommandActionDefault
--helpDisplay a help describing
--versionDisplay the version
--debugPrints meridio-version, unix-time, network-interfaces, rules, route, neighbors, system information, and environment-variables in a json format

Communication

Here are all components the nsp is communicating with:

ComponentSecuredMethodDescription
SpireTBDUnix SocketObtain and validate SVIDs
Kubernetes APITBDTCPWatch the trench configmap

An overview of the communications between all components is available here.

Health check

The health check is provided by the GRPC Health Checking Protocol. The status returned can be UNKNOWN, SERVING, NOT_SERVING or SERVICE_UNKNOWN.

ServiceDescription
LivenessA unique service to be used by liveness probe to return status, can aggregate other lesser services
ReadinessA unique service to be used by readiness probe to return status, can aggregate other lesser services
ServiceProbeDescription
NSPLivenessMonitor status of the server

Privileges

To work properly, here are the privileges required by the nsp:

NameDescription
Kubernetes APInsp-role - configmaps - watch