JUMP TO
Certification Levels

SUSE Certified – Container Network Interface (CNI)

Definition

The “SUSE Certified - Container Network Interface (CNI)” certification is part of the “SUSE Certified” product certification framework and it covers networking products that integrate with Rancher using a CNI plugin. Here are step-by-step instructions for SUSE partners on how to certify their CNI plugin running in a RKE2 cluster managed by Rancher. 

 

Certifying a CNI plugin to run on Rancher-managed RKE2 clusters ensures compatibility and provides a seamless experience for users deploying a partner CNI plugin. By following this step-by-step process, partners can effectively certify their CNI plugin and enhance its adoption within the Rancher community. 

 

The “SUSE Certified - Container Network Interface (CNI)” certification aims to: 

  • Ensure Compatibility: This certification ensures that CNI plugins and solutions are fully compatible with Rancher, promoting seamless integration and reducing the likelihood of conflicts or issues. 

  • Promote Interoperability: The CNI certification guarantees that certified CNI plugins can work effectively with other certified components within the Rancher stack, fostering a more collaborative and efficient ecosystem. 

  • Encourage Best Practices: By adhering to the certification criteria, partners can demonstrate their commitment to following industry best practices for Kubernetes networking, ensuring the robustness and reliability of their CNI solutions. 

  • Simplify Deployment and Management: The certification process verifies that CNI plugins can be easily deployed and managed in a RKE2 cluster managed by Rancher, providing a smooth experience for end-users and administrators. 

  • Streamline Support: With a certified CNI solution, partners can showcase their commitment to supporting their CNI when deployed within a RKE2 cluster managed by Rancher, ensuring that Rancher Prime customers can rely on expert assistance when needed. 

  • Build Trust and Recognition: The CNI Certification serves as a mark of quality and trust, demonstrating to customers that the certified CNI solution meets industry standards and is backed by SUSE's endorsement. 

By obtaining the “SUSE Certified - Container Network Interface (CNI)” certification, SUSE partners can showcase their commitment to delivering high-quality, reliable, and interoperable Kubernetes networking solutions, while benefiting from the comprehensive product certification framework within the SUSE One Partner Program. 

Certification Prerequisites

  1. An RKE2 cluster running Rancher 

  1. A compatible CNI plugin 

  1. Familiarity with Kubernetes, Rancher, and CNI concepts 

  1. Kubernetes Network Plugins documentation 

  1. Rancher documentation  

  1. CNI documentation 

  1. Review the SUSE One Partner Program requirements and sign up for the SUSE One Partner Program if you are not a SUSE One Partner yet.

Certification Requirements

  1. All certification testing done on latest release of Rancher 

  1. All certification testing done against latest Rancher supported version of RKE2 

Certification Workflow

 

  1.  Prepare the CNI plugin for certification 

1.1. Ensure that your CNI plugin adheres to the CNI specification 

1. 2. Verify that your CNI plugin is compatible with the latest Rancher supported version of RKE2 

1.3. Create comprehensive documentation for your CNI plugin, including installation, configuration, and troubleshooting guides 

     1.3.1. Create a document with step-by-step instructions for installing the CNI into a new Rancher cluster 

     1.3.2. Create a document with step-by-step instructions for upgrading the CNI into an existing Rancher cluster 

 

  1. Test the CNI plugin on a Rancher-managed RKE2 cluster 

     2.1. Set up a test environment, including a Rancher-managed RKE2 cluster 

     2.2. Install the CNI plugin on the test cluster following the plugin's installation instructions 

     2.3. Validate that the CNI plugin is functioning correctly by deploying sample applications and testing network connectivity between them 

     2.4. Monitor the performance of your CNI plugin using Rancher's built-in monitoring tools 

 

  1. Package your CNI plugin for distribution 

     3.1. Create a Helm chart for your CNI plugin that follows the Helm best practices and the workflow process outlined in the Rancher partner charts repo  

     3.2. Test the Helm chart by deploying it on the Rancher-managed RKE2 test cluster 

 

  1. Submit your CNI plugin for certification 

     4.1. Submit your CNI plugin for certification and provide the necessary documentation to the SUSE certification team  

     4.2. Collaborate with the certification team to address any issues or concerns that arise during the certification process 

      4.3. Testing performed by the SUSE certification team 

       4.3.1. Set up latest version of Rancher 

       4.3.2. Follow partner provided documentation to install custom CNI into a Rancher provisioned RKE2 cluster 

      4.3.3. Run validation tool on cluster with custom CNI  

       4.3.3.1. Sonobuoy e2e with focus on Network Policy: 

  • Download the latest release for your client platform.  

  • Extract the tarball: 

  • tar -xvf <RELEASE_TARBALL_NAME>.tar.gz 

  • Move the extracted sonobuoy executable to somewhere on your PATH. 

  • sonobuoy run --e2e-focus=NetworkPolicy 

  • sonobuoy status  

  • sonobuoy retrieve (this will download a tar with the results) 

  • the test info is in the tar under plugins/e2e/results/global/e2e.log 

 

       4.3.3.2. Network Connectivity test: 

  • Create couple of pods and a service (use different namespaces) 

  • Perform ping test between 2 pods 

  • Ping between 2 pods in different namespaces 

  • Check connectivity between pod and service 

  • Check if the service is reachable from the inside 

  • Check if the service is reachable from the outside 

 

  1. Complete the certification process 

     5.1. Receive confirmation from the SUSE certification team that your CNI plugin is certified. Once approved, your CNI certification will be listed in the SUSE Partner Certification and Solutions Catalog (PCSC) 

    5.2. Update your CNI plugin's documentation to reflect the certification status 

   5.3. Promote your certified CNI plugin to the Rancher community and customers 

 

  1. Maintain and recertify your certified CNI plugin 

     6.1. Keep your CNI plugin up-to-date with the latest Rancher and RKE2 releases 

     6.2. Address any reported issues or bugs in a timely manner 

     6.3. You need to recertify your CNI with each new minor Rancher and RKE2 release 

     6.4. Update your CNI plugin's certification status with SUSE as needed, following any updates or changes to your plugin