From a2a072000a391540be6764ef1209ad00acee4c1d Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 20 May 2021 11:29:38 +0700
Subject: [PATCH 01/15] add scale-from-zero example

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 apps/nsc-kernel/nsc.yaml                      |   2 +-
 apps/nse-supplier-k8s/kustomization.yaml      |   6 ++
 apps/nse-supplier-k8s/supplier.yaml           |  49 +++++++++
 apps/nsmgr/nsmgr.yaml                         |   4 +
 examples/features/scale-from-zero/README.md   | 102 ++++++++++++++++++
 .../features/scale-from-zero/patch-nsc.yaml   |  15 +++
 .../scale-from-zero/patch-supplier.yaml       |  29 +++++
 .../scale-from-zero/pod-template.yaml         |  50 +++++++++
 .../features/scale-from-zero/scale-ns.yaml    |  15 +++
 .../scale-from-zero/supplier-role.yaml        |  22 ++++
 10 files changed, 293 insertions(+), 1 deletion(-)
 create mode 100644 apps/nse-supplier-k8s/kustomization.yaml
 create mode 100644 apps/nse-supplier-k8s/supplier.yaml
 create mode 100644 examples/features/scale-from-zero/README.md
 create mode 100644 examples/features/scale-from-zero/patch-nsc.yaml
 create mode 100644 examples/features/scale-from-zero/patch-supplier.yaml
 create mode 100644 examples/features/scale-from-zero/pod-template.yaml
 create mode 100644 examples/features/scale-from-zero/scale-ns.yaml
 create mode 100644 examples/features/scale-from-zero/supplier-role.yaml

diff --git a/apps/nsc-kernel/nsc.yaml b/apps/nsc-kernel/nsc.yaml
index c63d4f2fe7bf..2b482b4754ef 100644
--- a/apps/nsc-kernel/nsc.yaml
+++ b/apps/nsc-kernel/nsc.yaml
@@ -34,7 +34,7 @@ spec:
               readOnly: true
           resources:
             limits:
-              memory: 15Mi
+              memory: 20Mi
               cpu: 100m
       volumes:
         - name: spire-agent-socket
diff --git a/apps/nse-supplier-k8s/kustomization.yaml b/apps/nse-supplier-k8s/kustomization.yaml
new file mode 100644
index 000000000000..a029fdece097
--- /dev/null
+++ b/apps/nse-supplier-k8s/kustomization.yaml
@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - supplier.yaml
diff --git a/apps/nse-supplier-k8s/supplier.yaml b/apps/nse-supplier-k8s/supplier.yaml
new file mode 100644
index 000000000000..b8d2cd3a8a16
--- /dev/null
+++ b/apps/nse-supplier-k8s/supplier.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nse-supplier-k8s
+  labels:
+    app: nse-supplier-k8s
+spec:
+  selector:
+    matchLabels:
+      app: nse-supplier-k8s
+  template:
+    metadata:
+      labels:
+        app: nse-supplier-k8s
+    spec:
+      containers:
+        - name: nse-supplier
+          image: cmd-nse-supplier-k8s
+          imagePullPolicy: Never
+          env:
+            - name: SPIFFE_ENDPOINT_SOCKET
+              value: unix:///run/spire/sockets/agent.sock
+            - name: NSE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NSE_CONNECT_TO
+              value: unix:///var/lib/networkservicemesh/nsm.io.sock
+          volumeMounts:
+            - name: spire-agent-socket
+              mountPath: /run/spire/sockets
+              readOnly: true
+            - name: nsm-socket
+              mountPath: /var/lib/networkservicemesh
+              readOnly: true
+          resources:
+            limits:
+              memory: 40Mi
+              cpu: 100m
+      volumes:
+        - name: spire-agent-socket
+          hostPath:
+            path: /run/spire/sockets
+            type: Directory
+        - name: nsm-socket
+          hostPath:
+            path: /var/lib/networkservicemesh
+            type: DirectoryOrCreate
diff --git a/apps/nsmgr/nsmgr.yaml b/apps/nsmgr/nsmgr.yaml
index 9d382cc3b5a1..4d5e7f47ccd8 100644
--- a/apps/nsmgr/nsmgr.yaml
+++ b/apps/nsmgr/nsmgr.yaml
@@ -38,6 +38,10 @@ spec:
                   fieldPath: status.podIP
             - name: NSM_LISTEN_ON
               value: unix:///var/lib/networkservicemesh/nsm.io.sock,tcp://:5001
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
           volumeMounts:
             - name: spire-agent-socket
               mountPath: /run/spire/sockets
diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
new file mode 100644
index 000000000000..f4827340f7f8
--- /dev/null
+++ b/examples/features/scale-from-zero/README.md
@@ -0,0 +1,102 @@
+# Test automatic scale from zero
+
+This example shows that NSEs can be created on the fly, allowing effective scaling.
+
+## Run
+
+Create test namespace:
+```bash
+NAMESPACE=($(kubectl create -f ../namespace.yaml)[0])
+NAMESPACE=${NAMESPACE:10}
+```
+
+Register namespace in `spire` server:
+```bash
+kubectl exec -n spire spire-server-0 -- \
+/opt/spire/bin/spire-server entry create \
+-spiffeID spiffe://example.org/ns/${NAMESPACE}/sa/default \
+-parentID spiffe://example.org/ns/spire/sa/spire-agent \
+-selector k8s:ns:${NAMESPACE} \
+-selector k8s:sa:default
+```
+
+Create customization file:
+```bash
+cat > kustomization.yaml <<EOF
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: ${NAMESPACE}
+
+bases:
+- ../../../apps/nse-supplier-k8s
+- ../../../apps/nsc-kernel
+
+resources:
+- supplier-role.yaml
+
+configMapGenerator:
+- name: supplier-pod-template-configmap
+  files:
+  - pod-template.yaml
+      
+patchesStrategicMerge:
+- patch-nsc.yaml
+- patch-supplier.yaml
+EOF
+```
+
+Register network service:
+```bash
+kubectl apply -f scale-ns.yaml
+```
+
+Deploy NSC and supplier:
+```bash
+kubectl apply -k .
+```
+
+Wait for applications ready:
+```bash
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-icmp-responder -n ${NAMESPACE}
+```
+
+Find NSC and NSE pods by labels:
+```bash
+NSC=$(kubectl get pods -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+```
+```bash
+NSE=$(kubectl get pods -l app=nse-icmp-responder -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+```
+
+Check connectivity:
+```bash
+kubectl exec ${NSC} -n ${NAMESPACE} -- ping -c 4 169.254.0.0
+```
+
+Check connectivity:
+```bash
+kubectl exec ${NSE} -n ${NAMESPACE} -- ping -c 4 169.254.0.1
+```
+
+Remove the client pod:
+```bash
+kubectl scale -n ${NAMESPACE} deployment nsc-kernel --replicas=0
+```
+
+Wait for the NSE pod to be deleted:
+```bash
+kubectl wait --for=delete --timeout=1m pod -l app=nse-icmp-responder -n ${NAMESPACE}
+```
+
+## Cleanup
+
+Delete namespace:
+```bash
+kubectl delete ns ${NAMESPACE}
+```
+Delete network service:
+```bash
+kubectl delete -n nsm-system networkservices.networkservicemesh.io autoscale-icmp-responder
+```
\ No newline at end of file
diff --git a/examples/features/scale-from-zero/patch-nsc.yaml b/examples/features/scale-from-zero/patch-nsc.yaml
new file mode 100644
index 000000000000..582cfec3df70
--- /dev/null
+++ b/examples/features/scale-from-zero/patch-nsc.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nsc-kernel
+spec:
+  template:
+    spec:
+      containers:
+        - name: nsc
+          env:
+            - name: NSM_NETWORK_SERVICES
+              value: kernel://autoscale-icmp-responder/nsm-1
+            - name: NSM_REQUEST_TIMEOUT
+              value: 1m
diff --git a/examples/features/scale-from-zero/patch-supplier.yaml b/examples/features/scale-from-zero/patch-supplier.yaml
new file mode 100644
index 000000000000..fadc096a3f9f
--- /dev/null
+++ b/examples/features/scale-from-zero/patch-supplier.yaml
@@ -0,0 +1,29 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nse-supplier-k8s
+spec:
+  template:
+    spec:
+      containers:
+        - name: nse-supplier
+          env:
+            - name: NSE_SERVICE_NAME
+              value: autoscale-icmp-responder
+            - name: NSE_POD_DESCRIPTION_FILE
+              value: /run/supplier/pod-template.yaml
+            - name: NSE_LABELS
+              value: app:supplier
+            - name: NSE_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          volumeMounts:
+            - name: pod-file
+              mountPath: /run/supplier
+              readOnly: true
+      volumes:
+        - name: pod-file
+          configMap:
+            name: supplier-pod-template-configmap
diff --git a/examples/features/scale-from-zero/pod-template.yaml b/examples/features/scale-from-zero/pod-template.yaml
new file mode 100644
index 000000000000..c861dbb3b002
--- /dev/null
+++ b/examples/features/scale-from-zero/pod-template.yaml
@@ -0,0 +1,50 @@
+---
+apiVersion: apps/v1
+kind: Pod
+metadata:
+  name: nse-icmp-responder
+  labels:
+    app: nse-icmp-responder
+spec:
+  restartPolicy: Never
+  containers:
+    - name: nse-icmp-responder
+      image: networkservicemeshci/cmd-nse-icmp-responder:b3689e33
+      imagePullPolicy: IfNotPresent
+      env:
+        - name: SPIFFE_ENDPOINT_SOCKET
+          value: unix:///run/spire/sockets/agent.sock
+        - name: NSE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NSE_CONNECT_TO
+          value: unix:///var/lib/networkservicemesh/nsm.io.sock
+        - name: NSE_CIDR_PREFIX
+          value: 169.254.0.0/16
+        - name: NSE_SERVICE_NAME
+          value: autoscale-icmp-responder
+        - name: NSE_LABELS
+          value: app:nse-icmp-responder
+        - name: NSE_IDLE_TIMEOUT
+          value: 15s
+      volumeMounts:
+        - name: spire-agent-socket
+          mountPath: /run/spire/sockets
+          readOnly: true
+        - name: nsm-socket
+          mountPath: /var/lib/networkservicemesh
+          readOnly: true
+      resources:
+        limits:
+          memory: 20Mi
+          cpu: 100m
+  volumes:
+    - name: spire-agent-socket
+      hostPath:
+        path: /run/spire/sockets
+        type: Directory
+    - name: nsm-socket
+      hostPath:
+        path: /var/lib/networkservicemesh
+        type: DirectoryOrCreate
diff --git a/examples/features/scale-from-zero/scale-ns.yaml b/examples/features/scale-from-zero/scale-ns.yaml
new file mode 100644
index 000000000000..645e0ecc484d
--- /dev/null
+++ b/examples/features/scale-from-zero/scale-ns.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networkservicemesh.io/v1
+kind: NetworkService
+metadata:
+  name: autoscale-icmp-responder
+  namespace: nsm-system
+spec:
+  name: autoscale-icmp-responder
+  matches:
+    - sourceSelector:
+      routes:
+        - destinationSelector:
+            app: nse-icmp-responder
+        - destinationSelector:
+            app: nse-supplier-k8s
diff --git a/examples/features/scale-from-zero/supplier-role.yaml b/examples/features/scale-from-zero/supplier-role.yaml
new file mode 100644
index 000000000000..6a6da76a3fd1
--- /dev/null
+++ b/examples/features/scale-from-zero/supplier-role.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-manupulator
+  namespace: default
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "delete", "patch", "watch", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: default-pod-manupulator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pod-manupulator
+subjects:
+  - kind: ServiceAccount
+    name: default

From 144eae467fbb50a7b6fcf774f7f628acb296b642 Mon Sep 17 00:00:00 2001
From: Uzlov Danil <36223296+d-uzlov@users.noreply.github.com>
Date: Wed, 26 May 2021 12:01:58 +0700
Subject: [PATCH 02/15] Update README.md

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index f4827340f7f8..fcd1d3f71980 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -1,6 +1,6 @@
 # Test automatic scale from zero
 
-This example shows that NSEs can be created on the fly, allowing effective scaling.
+This example shows that NSEs can be created on the fly, allowing effective scaling by the node.
 
 ## Run
 
@@ -99,4 +99,4 @@ kubectl delete ns ${NAMESPACE}
 Delete network service:
 ```bash
 kubectl delete -n nsm-system networkservices.networkservicemesh.io autoscale-icmp-responder
-```
\ No newline at end of file
+```

From 231a6e9ae262091ab6f769cf75b4e0f5cc0fbcd3 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Wed, 26 May 2021 12:09:28 +0700
Subject: [PATCH 03/15] move role file into supplier app folder

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 apps/nse-supplier-k8s/kustomization.yaml    |  1 +
 apps/nse-supplier-k8s/role.yaml             | 22 +++++++++++++++++++++
 examples/features/scale-from-zero/README.md |  3 ---
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 apps/nse-supplier-k8s/role.yaml

diff --git a/apps/nse-supplier-k8s/kustomization.yaml b/apps/nse-supplier-k8s/kustomization.yaml
index a029fdece097..e705bb596353 100644
--- a/apps/nse-supplier-k8s/kustomization.yaml
+++ b/apps/nse-supplier-k8s/kustomization.yaml
@@ -4,3 +4,4 @@ kind: Kustomization
 
 resources:
   - supplier.yaml
+  - role.yaml
diff --git a/apps/nse-supplier-k8s/role.yaml b/apps/nse-supplier-k8s/role.yaml
new file mode 100644
index 000000000000..6a6da76a3fd1
--- /dev/null
+++ b/apps/nse-supplier-k8s/role.yaml
@@ -0,0 +1,22 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-manupulator
+  namespace: default
+rules:
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs: ["get", "list", "delete", "patch", "watch", "create"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: default-pod-manupulator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: pod-manupulator
+subjects:
+  - kind: ServiceAccount
+    name: default
diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index fcd1d3f71980..427f4a880bea 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -33,9 +33,6 @@ bases:
 - ../../../apps/nse-supplier-k8s
 - ../../../apps/nsc-kernel
 
-resources:
-- supplier-role.yaml
-
 configMapGenerator:
 - name: supplier-pod-template-configmap
   files:

From f7a2b30d6cc0fefd0527dc35f7f9b2d4e0a0c4db Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Wed, 26 May 2021 12:21:47 +0700
Subject: [PATCH 04/15] move pod template into supplier app folder

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 apps/nse-supplier-k8s/kustomization.yaml               |  5 +++++
 .../nse-supplier-k8s}/pod-template.yaml                |  0
 apps/nse-supplier-k8s/supplier.yaml                    |  8 ++++++++
 examples/features/scale-from-zero/README.md            |  5 -----
 examples/features/scale-from-zero/patch-supplier.yaml  | 10 ----------
 5 files changed, 13 insertions(+), 15 deletions(-)
 rename {examples/features/scale-from-zero => apps/nse-supplier-k8s}/pod-template.yaml (100%)

diff --git a/apps/nse-supplier-k8s/kustomization.yaml b/apps/nse-supplier-k8s/kustomization.yaml
index e705bb596353..bce70c09e683 100644
--- a/apps/nse-supplier-k8s/kustomization.yaml
+++ b/apps/nse-supplier-k8s/kustomization.yaml
@@ -5,3 +5,8 @@ kind: Kustomization
 resources:
   - supplier.yaml
   - role.yaml
+
+configMapGenerator:
+  - name: supplier-pod-template-configmap
+    files:
+      - pod-template.yaml
diff --git a/examples/features/scale-from-zero/pod-template.yaml b/apps/nse-supplier-k8s/pod-template.yaml
similarity index 100%
rename from examples/features/scale-from-zero/pod-template.yaml
rename to apps/nse-supplier-k8s/pod-template.yaml
diff --git a/apps/nse-supplier-k8s/supplier.yaml b/apps/nse-supplier-k8s/supplier.yaml
index b8d2cd3a8a16..b1c9ba276c3c 100644
--- a/apps/nse-supplier-k8s/supplier.yaml
+++ b/apps/nse-supplier-k8s/supplier.yaml
@@ -27,6 +27,8 @@ spec:
                   fieldPath: metadata.name
             - name: NSE_CONNECT_TO
               value: unix:///var/lib/networkservicemesh/nsm.io.sock
+            - name: NSE_POD_DESCRIPTION_FILE
+              value: /run/supplier/pod-template.yaml
           volumeMounts:
             - name: spire-agent-socket
               mountPath: /run/spire/sockets
@@ -34,6 +36,9 @@ spec:
             - name: nsm-socket
               mountPath: /var/lib/networkservicemesh
               readOnly: true
+            - name: pod-file
+              mountPath: /run/supplier
+              readOnly: true
           resources:
             limits:
               memory: 40Mi
@@ -47,3 +52,6 @@ spec:
           hostPath:
             path: /var/lib/networkservicemesh
             type: DirectoryOrCreate
+        - name: pod-file
+          configMap:
+            name: supplier-pod-template-configmap
diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index 427f4a880bea..8f33013f08b9 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -33,11 +33,6 @@ bases:
 - ../../../apps/nse-supplier-k8s
 - ../../../apps/nsc-kernel
 
-configMapGenerator:
-- name: supplier-pod-template-configmap
-  files:
-  - pod-template.yaml
-      
 patchesStrategicMerge:
 - patch-nsc.yaml
 - patch-supplier.yaml
diff --git a/examples/features/scale-from-zero/patch-supplier.yaml b/examples/features/scale-from-zero/patch-supplier.yaml
index fadc096a3f9f..fd2293bc816f 100644
--- a/examples/features/scale-from-zero/patch-supplier.yaml
+++ b/examples/features/scale-from-zero/patch-supplier.yaml
@@ -11,19 +11,9 @@ spec:
           env:
             - name: NSE_SERVICE_NAME
               value: autoscale-icmp-responder
-            - name: NSE_POD_DESCRIPTION_FILE
-              value: /run/supplier/pod-template.yaml
             - name: NSE_LABELS
               value: app:supplier
             - name: NSE_NAMESPACE
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-          volumeMounts:
-            - name: pod-file
-              mountPath: /run/supplier
-              readOnly: true
-      volumes:
-        - name: pod-file
-          configMap:
-            name: supplier-pod-template-configmap

From 9e20316d0e45f968d67b1f0371c7e88ae95441b4 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Wed, 26 May 2021 12:23:56 +0700
Subject: [PATCH 05/15] remove supplier role file from example

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 .../scale-from-zero/supplier-role.yaml        | 22 -------------------
 1 file changed, 22 deletions(-)
 delete mode 100644 examples/features/scale-from-zero/supplier-role.yaml

diff --git a/examples/features/scale-from-zero/supplier-role.yaml b/examples/features/scale-from-zero/supplier-role.yaml
deleted file mode 100644
index 6a6da76a3fd1..000000000000
--- a/examples/features/scale-from-zero/supplier-role.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: pod-manupulator
-  namespace: default
-rules:
-  - apiGroups: [""]
-    resources: ["pods"]
-    verbs: ["get", "list", "delete", "patch", "watch", "create"]
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  name: default-pod-manupulator
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: pod-manupulator
-subjects:
-  - kind: ServiceAccount
-    name: default

From c67e8ebe50102f2f546c2d8eec5cba54a8b8a8d6 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Wed, 26 May 2021 15:30:44 +0700
Subject: [PATCH 06/15] use supplier image from remote image repository

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 apps/nse-supplier-k8s/supplier.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/nse-supplier-k8s/supplier.yaml b/apps/nse-supplier-k8s/supplier.yaml
index b1c9ba276c3c..391ee70d31f3 100644
--- a/apps/nse-supplier-k8s/supplier.yaml
+++ b/apps/nse-supplier-k8s/supplier.yaml
@@ -16,8 +16,8 @@ spec:
     spec:
       containers:
         - name: nse-supplier
-          image: cmd-nse-supplier-k8s
-          imagePullPolicy: Never
+          image: networkservicemeshci/cmd-nse-supplier-k8s:adf56c06
+          imagePullPolicy: IfNotPresent
           env:
             - name: SPIFFE_ENDPOINT_SOCKET
               value: unix:///run/spire/sockets/agent.sock

From 7ae6219ed9f592302d732700e5e9ad6b6c7d1a86 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Wed, 26 May 2021 15:31:01 +0700
Subject: [PATCH 07/15] add missing wait commands

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/README.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index 8f33013f08b9..920f7b1e6fb8 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -51,6 +51,12 @@ kubectl apply -k .
 
 Wait for applications ready:
 ```bash
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-supplier-k8s -n ${NAMESPACE}
+```
+```bash
+kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-kernel -n ${NAMESPACE}
+```
+```bash
 kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-icmp-responder -n ${NAMESPACE}
 ```
 

From 6639fa89d3fb3fc28ff5463374d0531b82165aa6 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 12:26:44 +0700
Subject: [PATCH 08/15] fix ping not working

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/scale-ns.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/features/scale-from-zero/scale-ns.yaml b/examples/features/scale-from-zero/scale-ns.yaml
index 645e0ecc484d..f679e10375ff 100644
--- a/examples/features/scale-from-zero/scale-ns.yaml
+++ b/examples/features/scale-from-zero/scale-ns.yaml
@@ -5,6 +5,7 @@ metadata:
   name: autoscale-icmp-responder
   namespace: nsm-system
 spec:
+  payload: ETHERNET
   name: autoscale-icmp-responder
   matches:
     - sourceSelector:

From ec600c903b8a0201cecab9044cbd07424d530c66 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 13:19:05 +0700
Subject: [PATCH 09/15] add test that endpoint spawns on the same node as the
 client

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/.gitignore                  |  3 +-
 examples/features/scale-from-zero/README.md   | 71 +++++++++++++++++--
 .../features/scale-from-zero/patch-nsc.yaml   | 15 ----
 .../scale-from-zero/patch-supplier.yaml       | 19 -----
 4 files changed, 69 insertions(+), 39 deletions(-)
 delete mode 100644 examples/features/scale-from-zero/patch-nsc.yaml
 delete mode 100644 examples/features/scale-from-zero/patch-supplier.yaml

diff --git a/examples/features/.gitignore b/examples/features/.gitignore
index 69328c98acca..e0a88beca437 100644
--- a/examples/features/.gitignore
+++ b/examples/features/.gitignore
@@ -1,3 +1,4 @@
 **/kustomization.yaml
 **/patch-nsc.yaml
-**/patch-nse.yaml
\ No newline at end of file
+**/patch-nse.yaml
+**/patch-supplier.yaml
diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index 920f7b1e6fb8..5b9110499f9d 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -20,6 +20,61 @@ kubectl exec -n spire spire-server-0 -- \
 -selector k8s:sa:default
 ```
 
+Select node to deploy NSC:
+```bash
+NODES=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{ .metadata.name }} {{end}}{{end}}'))
+NSC_NODE=${NODES[0]}
+SUPPLIER_NODE=${NODES[0]}
+```
+
+Create patch for NSC:
+```bash
+cat > patch-nsc.yaml <<EOF
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nsc-kernel
+spec:
+  template:
+    spec:
+      nodeName: ${NSC_NODE}
+      containers:
+        - name: nsc
+          env:
+            - name: NSM_NETWORK_SERVICES
+              value: kernel://autoscale-icmp-responder/nsm-1
+            - name: NSM_REQUEST_TIMEOUT
+              value: 30s
+EOF
+```
+
+Create patch for NSC:
+```bash
+cat > patch-supplier.yaml <<EOF
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: nse-supplier-k8s
+spec:
+  template:
+    spec:
+      nodeName: ${SUPPLIER_NODE}
+      containers:
+        - name: nse-supplier
+          env:
+            - name: NSE_SERVICE_NAME
+              value: autoscale-icmp-responder
+            - name: NSE_LABELS
+              value: app:supplier
+            - name: NSE_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+EOF
+```
+
 Create customization file:
 ```bash
 cat > kustomization.yaml <<EOF
@@ -62,10 +117,8 @@ kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-icmp-responder -n
 
 Find NSC and NSE pods by labels:
 ```bash
-NSC=$(kubectl get pods -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
-```
-```bash
-NSE=$(kubectl get pods -l app=nse-icmp-responder -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSC=$(kubectl get pod -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSE=$(kubectl get pod -l app=nse-icmp-responder -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
 ```
 
 Check connectivity:
@@ -78,6 +131,16 @@ Check connectivity:
 kubectl exec ${NSE} -n ${NAMESPACE} -- ping -c 4 169.254.0.1
 ```
 
+Get NSE node:
+```bash
+NSE_NODE=$(kubectl get pod -l app=nse-icmp-responder -n $NAMESPACE --template '{{range .items}}{{.spec.nodeName}}{{"\n"}}{{end}}')
+```
+
+Check that the NSE spawned on the same node as NSC:
+```bash
+if [ $NSC_NODE == $NSE_NODE ]; then echo "OK"; else echo "different nodes"; false; fi
+```
+
 Remove the client pod:
 ```bash
 kubectl scale -n ${NAMESPACE} deployment nsc-kernel --replicas=0
diff --git a/examples/features/scale-from-zero/patch-nsc.yaml b/examples/features/scale-from-zero/patch-nsc.yaml
deleted file mode 100644
index 582cfec3df70..000000000000
--- a/examples/features/scale-from-zero/patch-nsc.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nsc-kernel
-spec:
-  template:
-    spec:
-      containers:
-        - name: nsc
-          env:
-            - name: NSM_NETWORK_SERVICES
-              value: kernel://autoscale-icmp-responder/nsm-1
-            - name: NSM_REQUEST_TIMEOUT
-              value: 1m
diff --git a/examples/features/scale-from-zero/patch-supplier.yaml b/examples/features/scale-from-zero/patch-supplier.yaml
deleted file mode 100644
index fd2293bc816f..000000000000
--- a/examples/features/scale-from-zero/patch-supplier.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: nse-supplier-k8s
-spec:
-  template:
-    spec:
-      containers:
-        - name: nse-supplier
-          env:
-            - name: NSE_SERVICE_NAME
-              value: autoscale-icmp-responder
-            - name: NSE_LABELS
-              value: app:supplier
-            - name: NSE_NAMESPACE
-              valueFrom:
-                fieldRef:
-                  fieldPath: metadata.namespace

From d6854e08a59eaefbf6357b39f5ce693127bb453d Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 13:40:11 +0700
Subject: [PATCH 10/15] improve test uniformity

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/README.md | 26 ++++++++++-----------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index 5b9110499f9d..8e66b72e0e64 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -38,7 +38,7 @@ metadata:
 spec:
   template:
     spec:
-      nodeName: ${NSC_NODE}
+      nodeName: $NSC_NODE
       containers:
         - name: nsc
           env:
@@ -60,7 +60,7 @@ metadata:
 spec:
   template:
     spec:
-      nodeName: ${SUPPLIER_NODE}
+      nodeName: $SUPPLIER_NODE
       containers:
         - name: nse-supplier
           env:
@@ -82,7 +82,7 @@ cat > kustomization.yaml <<EOF
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: ${NAMESPACE}
+namespace: $NAMESPACE
 
 bases:
 - ../../../apps/nse-supplier-k8s
@@ -106,34 +106,34 @@ kubectl apply -k .
 
 Wait for applications ready:
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-supplier-k8s -n ${NAMESPACE}
+kubectl wait -n $NAMESPACE --for=condition=ready --timeout=1m pod -l app=nse-supplier-k8s
 ```
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nsc-kernel -n ${NAMESPACE}
+kubectl wait -n $NAMESPACE --for=condition=ready --timeout=1m pod -l app=nsc-kernel
 ```
 ```bash
-kubectl wait --for=condition=ready --timeout=1m pod -l app=nse-icmp-responder -n ${NAMESPACE}
+kubectl wait -n $NAMESPACE --for=condition=ready --timeout=1m pod -l app=nse-icmp-responder
 ```
 
 Find NSC and NSE pods by labels:
 ```bash
-NSC=$(kubectl get pod -l app=nsc-kernel -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
-NSE=$(kubectl get pod -l app=nse-icmp-responder -n ${NAMESPACE} --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
+NSC=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' -l app=nsc-kernel)
+NSE=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' -l app=nse-icmp-responder)
 ```
 
 Check connectivity:
 ```bash
-kubectl exec ${NSC} -n ${NAMESPACE} -- ping -c 4 169.254.0.0
+kubectl exec $NSC -n $NAMESPACE -- ping -c 4 169.254.0.0
 ```
 
 Check connectivity:
 ```bash
-kubectl exec ${NSE} -n ${NAMESPACE} -- ping -c 4 169.254.0.1
+kubectl exec $NSE -n $NAMESPACE -- ping -c 4 169.254.0.1
 ```
 
 Get NSE node:
 ```bash
-NSE_NODE=$(kubectl get pod -l app=nse-icmp-responder -n $NAMESPACE --template '{{range .items}}{{.spec.nodeName}}{{"\n"}}{{end}}')
+NSE_NODE=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.spec.nodeName}}{{"\n"}}{{end}}' -l app=nse-icmp-responder)
 ```
 
 Check that the NSE spawned on the same node as NSC:
@@ -143,12 +143,12 @@ if [ $NSC_NODE == $NSE_NODE ]; then echo "OK"; else echo "different nodes"; fals
 
 Remove the client pod:
 ```bash
-kubectl scale -n ${NAMESPACE} deployment nsc-kernel --replicas=0
+kubectl scale -n $NAMESPACE deployment nsc-kernel --replicas=0
 ```
 
 Wait for the NSE pod to be deleted:
 ```bash
-kubectl wait --for=delete --timeout=1m pod -l app=nse-icmp-responder -n ${NAMESPACE}
+kubectl wait -n $NAMESPACE --for=delete --timeout=1m pod -l app=nse-icmp-responder
 ```
 
 ## Cleanup

From f4ee15ecc202f2e6304ece17e59dd4fae7360daf Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 13:47:33 +0700
Subject: [PATCH 11/15] refactor .md text

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/README.md          | 12 +++++-------
 .../{scale-ns.yaml => autoscale-netsvc.yaml}         |  0
 2 files changed, 5 insertions(+), 7 deletions(-)
 rename examples/features/scale-from-zero/{scale-ns.yaml => autoscale-netsvc.yaml} (100%)

diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index 8e66b72e0e64..aded204d6214 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -20,7 +20,7 @@ kubectl exec -n spire spire-server-0 -- \
 -selector k8s:sa:default
 ```
 
-Select node to deploy NSC:
+Select node to deploy NSC and supplier:
 ```bash
 NODES=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{ .metadata.name }} {{end}}{{end}}'))
 NSC_NODE=${NODES[0]}
@@ -49,7 +49,7 @@ spec:
 EOF
 ```
 
-Create patch for NSC:
+Create patch for supplier:
 ```bash
 cat > patch-supplier.yaml <<EOF
 ---
@@ -96,7 +96,7 @@ EOF
 
 Register network service:
 ```bash
-kubectl apply -f scale-ns.yaml
+kubectl apply -f autoscale-netsvc.yaml
 ```
 
 Deploy NSC and supplier:
@@ -131,17 +131,15 @@ Check connectivity:
 kubectl exec $NSE -n $NAMESPACE -- ping -c 4 169.254.0.1
 ```
 
-Get NSE node:
+Check that the NSE spawned on the same node as NSC:
 ```bash
 NSE_NODE=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.spec.nodeName}}{{"\n"}}{{end}}' -l app=nse-icmp-responder)
 ```
-
-Check that the NSE spawned on the same node as NSC:
 ```bash
 if [ $NSC_NODE == $NSE_NODE ]; then echo "OK"; else echo "different nodes"; false; fi
 ```
 
-Remove the client pod:
+Remove NSC:
 ```bash
 kubectl scale -n $NAMESPACE deployment nsc-kernel --replicas=0
 ```
diff --git a/examples/features/scale-from-zero/scale-ns.yaml b/examples/features/scale-from-zero/autoscale-netsvc.yaml
similarity index 100%
rename from examples/features/scale-from-zero/scale-ns.yaml
rename to examples/features/scale-from-zero/autoscale-netsvc.yaml

From 0ec32e42b239b94fe19accf0afc6b3f69746f78e Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 14:04:12 +0700
Subject: [PATCH 12/15] correct md file according to review comments

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/README.md | 46 +++++++++++++--------
 1 file changed, 29 insertions(+), 17 deletions(-)

diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index aded204d6214..b305244b3c4a 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -1,16 +1,30 @@
 # Test automatic scale from zero
 
-This example shows that NSEs can be created on the fly, allowing effective scaling by the node.
+This example shows that NSEs can be created on the fly on NSC requests.
+This allows effective scaling for endpoints.
+The requested endpoint will be automatically spawned on the same node as NSC (see step 12),
+allowing the best performance for connectivity.
+
+Here we are using an endpoint that automatically shuts down
+when it has no active connection for specified time.
+We are using very short timeout for the purpose of the test: 15 seconds.
+
+We are only using one client in this test,
+so removing it (see step 13) will cause the NSE to shut down.
+
+Supplier watches for endpoints it created
+and clears endpoints that finished their work,
+thus saving cluster resources (see step 14).
 
 ## Run
 
-Create test namespace:
+1. Create test namespace:
 ```bash
 NAMESPACE=($(kubectl create -f ../namespace.yaml)[0])
 NAMESPACE=${NAMESPACE:10}
 ```
 
-Register namespace in `spire` server:
+2. Register namespace in `spire` server:
 ```bash
 kubectl exec -n spire spire-server-0 -- \
 /opt/spire/bin/spire-server entry create \
@@ -20,14 +34,14 @@ kubectl exec -n spire spire-server-0 -- \
 -selector k8s:sa:default
 ```
 
-Select node to deploy NSC and supplier:
+3. Select node to deploy NSC and supplier:
 ```bash
 NODES=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{ .metadata.name }} {{end}}{{end}}'))
 NSC_NODE=${NODES[0]}
 SUPPLIER_NODE=${NODES[0]}
 ```
 
-Create patch for NSC:
+4. Create patch for NSC:
 ```bash
 cat > patch-nsc.yaml <<EOF
 ---
@@ -49,7 +63,7 @@ spec:
 EOF
 ```
 
-Create patch for supplier:
+5. Create patch for supplier:
 ```bash
 cat > patch-supplier.yaml <<EOF
 ---
@@ -75,7 +89,7 @@ spec:
 EOF
 ```
 
-Create customization file:
+6. Create customization file:
 ```bash
 cat > kustomization.yaml <<EOF
 ---
@@ -94,17 +108,17 @@ patchesStrategicMerge:
 EOF
 ```
 
-Register network service:
+7. Register network service:
 ```bash
 kubectl apply -f autoscale-netsvc.yaml
 ```
 
-Deploy NSC and supplier:
+8. Deploy NSC and supplier:
 ```bash
 kubectl apply -k .
 ```
 
-Wait for applications ready:
+9. Wait for applications ready:
 ```bash
 kubectl wait -n $NAMESPACE --for=condition=ready --timeout=1m pod -l app=nse-supplier-k8s
 ```
@@ -115,23 +129,21 @@ kubectl wait -n $NAMESPACE --for=condition=ready --timeout=1m pod -l app=nsc-ker
 kubectl wait -n $NAMESPACE --for=condition=ready --timeout=1m pod -l app=nse-icmp-responder
 ```
 
-Find NSC and NSE pods by labels:
+10. Find NSC and NSE pods by labels:
 ```bash
 NSC=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' -l app=nsc-kernel)
 NSE=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}' -l app=nse-icmp-responder)
 ```
 
-Check connectivity:
+11. Check connectivity:
 ```bash
 kubectl exec $NSC -n $NAMESPACE -- ping -c 4 169.254.0.0
 ```
-
-Check connectivity:
 ```bash
 kubectl exec $NSE -n $NAMESPACE -- ping -c 4 169.254.0.1
 ```
 
-Check that the NSE spawned on the same node as NSC:
+12. Check that the NSE spawned on the same node as NSC:
 ```bash
 NSE_NODE=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.spec.nodeName}}{{"\n"}}{{end}}' -l app=nse-icmp-responder)
 ```
@@ -139,12 +151,12 @@ NSE_NODE=$(kubectl get pod -n $NAMESPACE --template '{{range .items}}{{.spec.nod
 if [ $NSC_NODE == $NSE_NODE ]; then echo "OK"; else echo "different nodes"; false; fi
 ```
 
-Remove NSC:
+13. Remove NSC:
 ```bash
 kubectl scale -n $NAMESPACE deployment nsc-kernel --replicas=0
 ```
 
-Wait for the NSE pod to be deleted:
+14. Wait for the NSE pod to be deleted:
 ```bash
 kubectl wait -n $NAMESPACE --for=delete --timeout=1m pod -l app=nse-icmp-responder
 ```

From 5df8c4b6f62cb197c6a22e32f89d33ab281c7648 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 17:26:05 +0700
Subject: [PATCH 13/15] deploy supplier on a different node from NSC, if
 possible

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 examples/features/scale-from-zero/README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index b305244b3c4a..5143735fbfe5 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -34,11 +34,12 @@ kubectl exec -n spire spire-server-0 -- \
 -selector k8s:sa:default
 ```
 
-3. Select node to deploy NSC and supplier:
+3. Select nodes to deploy NSC and supplier:
 ```bash
 NODES=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{ .metadata.name }} {{end}}{{end}}'))
 NSC_NODE=${NODES[0]}
-SUPPLIER_NODE=${NODES[0]}
+SUPPLIER_NODE=${NODES[1]}
+if [ "$SUPPLIER_NODE" == "" ]; then SUPPLIER_NODE=$NSC_NODE; fi
 ```
 
 4. Create patch for NSC:

From b69eafcd73fb77e7ed0d9df96bde06c510c9b00e Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 17:48:13 +0700
Subject: [PATCH 14/15] Move pod template from supplier app back to example

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 apps/nse-supplier-k8s/kustomization.yaml      |  5 -----
 apps/nse-supplier-k8s/supplier.yaml           |  8 --------
 examples/features/scale-from-zero/README.md   | 17 +++++++++++++++-
 .../scale-from-zero/patch-template.yaml       | 20 +++++++++++++++++++
 .../scale-from-zero}/pod-template.yaml        |  0
 5 files changed, 36 insertions(+), 14 deletions(-)
 create mode 100644 examples/features/scale-from-zero/patch-template.yaml
 rename {apps/nse-supplier-k8s => examples/features/scale-from-zero}/pod-template.yaml (100%)

diff --git a/apps/nse-supplier-k8s/kustomization.yaml b/apps/nse-supplier-k8s/kustomization.yaml
index bce70c09e683..e705bb596353 100644
--- a/apps/nse-supplier-k8s/kustomization.yaml
+++ b/apps/nse-supplier-k8s/kustomization.yaml
@@ -5,8 +5,3 @@ kind: Kustomization
 resources:
   - supplier.yaml
   - role.yaml
-
-configMapGenerator:
-  - name: supplier-pod-template-configmap
-    files:
-      - pod-template.yaml
diff --git a/apps/nse-supplier-k8s/supplier.yaml b/apps/nse-supplier-k8s/supplier.yaml
index 391ee70d31f3..da6ec0f8e0be 100644
--- a/apps/nse-supplier-k8s/supplier.yaml
+++ b/apps/nse-supplier-k8s/supplier.yaml
@@ -27,8 +27,6 @@ spec:
                   fieldPath: metadata.name
             - name: NSE_CONNECT_TO
               value: unix:///var/lib/networkservicemesh/nsm.io.sock
-            - name: NSE_POD_DESCRIPTION_FILE
-              value: /run/supplier/pod-template.yaml
           volumeMounts:
             - name: spire-agent-socket
               mountPath: /run/spire/sockets
@@ -36,9 +34,6 @@ spec:
             - name: nsm-socket
               mountPath: /var/lib/networkservicemesh
               readOnly: true
-            - name: pod-file
-              mountPath: /run/supplier
-              readOnly: true
           resources:
             limits:
               memory: 40Mi
@@ -52,6 +47,3 @@ spec:
           hostPath:
             path: /var/lib/networkservicemesh
             type: DirectoryOrCreate
-        - name: pod-file
-          configMap:
-            name: supplier-pod-template-configmap
diff --git a/examples/features/scale-from-zero/README.md b/examples/features/scale-from-zero/README.md
index 5143735fbfe5..701946a554a4 100644
--- a/examples/features/scale-from-zero/README.md
+++ b/examples/features/scale-from-zero/README.md
@@ -39,7 +39,7 @@ kubectl exec -n spire spire-server-0 -- \
 NODES=($(kubectl get nodes -o go-template='{{range .items}}{{ if not .spec.taints }}{{ .metadata.name }} {{end}}{{end}}'))
 NSC_NODE=${NODES[0]}
 SUPPLIER_NODE=${NODES[1]}
-if [ "$SUPPLIER_NODE" == "" ]; then SUPPLIER_NODE=$NSC_NODE; fi
+if [ "$SUPPLIER_NODE" == "" ]; then SUPPLIER_NODE=$NSC_NODE; echo "Only 1 node found, testing that pod is created on the same node is useless"; fi
 ```
 
 4. Create patch for NSC:
@@ -87,6 +87,16 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+            - name: NSE_POD_DESCRIPTION_FILE
+              value: /run/supplier/pod-template.yaml
+          volumeMounts:
+            - name: pod-file
+              mountPath: /run/supplier
+              readOnly: true
+      volumes:
+        - name: pod-file
+          configMap:
+            name: supplier-pod-template-configmap
 EOF
 ```
 
@@ -106,6 +116,11 @@ bases:
 patchesStrategicMerge:
 - patch-nsc.yaml
 - patch-supplier.yaml
+
+configMapGenerator:
+  - name: supplier-pod-template-configmap
+    files:
+      - pod-template.yaml
 EOF
 ```
 
diff --git a/examples/features/scale-from-zero/patch-template.yaml b/examples/features/scale-from-zero/patch-template.yaml
new file mode 100644
index 000000000000..6c9f7e52dbf2
--- /dev/null
+++ b/examples/features/scale-from-zero/patch-template.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: apps/v1
+kind: Pod
+metadata:
+  name: nse-icmp-responder
+  labels:
+    app: nse-icmp-responder
+spec:
+  restartPolicy: Never
+  containers:
+    - name: nse-icmp-responder
+      env:
+        - name: NSE_CIDR_PREFIX
+          value: 169.254.0.0/16
+        - name: NSE_SERVICE_NAME
+          value: autoscale-icmp-responder
+        - name: NSE_LABELS
+          value: app:nse-icmp-responder
+        - name: NSE_IDLE_TIMEOUT
+          value: 15s
diff --git a/apps/nse-supplier-k8s/pod-template.yaml b/examples/features/scale-from-zero/pod-template.yaml
similarity index 100%
rename from apps/nse-supplier-k8s/pod-template.yaml
rename to examples/features/scale-from-zero/pod-template.yaml

From a9d5ffc973aa56770df9d43dc616190feb42e2f1 Mon Sep 17 00:00:00 2001
From: Danil Uzlov <DanilUzlov@yandex.ru>
Date: Thu, 27 May 2021 17:53:34 +0700
Subject: [PATCH 15/15] revert unneeded resource limit change

Signed-off-by: Danil Uzlov <DanilUzlov@yandex.ru>
---
 apps/nsc-kernel/nsc.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/nsc-kernel/nsc.yaml b/apps/nsc-kernel/nsc.yaml
index 2b482b4754ef..c63d4f2fe7bf 100644
--- a/apps/nsc-kernel/nsc.yaml
+++ b/apps/nsc-kernel/nsc.yaml
@@ -34,7 +34,7 @@ spec:
               readOnly: true
           resources:
             limits:
-              memory: 20Mi
+              memory: 15Mi
               cpu: 100m
       volumes:
         - name: spire-agent-socket