šļø Run: Streaming gNMI Telemetry from cEOS in Kubernetes
š Missed the earlier phases? Start from the beginning.
š The Goal
In the “Run” phase, we stream real-time telemetry from an Arista cEOS container running in Kubernetes. We’ll:
- Enable gNMI on cEOS
- Install and configure
gnmic - Query live interface stats
- Deploy the topology via Clabverter to Kubernetes
- Set up image delivery via DigitalOcean Container Registry
- Optionally configure certificate-based authentication
š³ Step 1: Push Image to DigitalOcean Container Registry (DOCR)
If you’re using a private image (like Arista cEOS), upload it to DOCR:
# Tag your local image
docker tag ceos:4.33.1F registry.digitalocean.com/<your-registry-name>/ceos:4.33.1F
# Login to DigitalOcean registry
doctl registry login
# Push the image
docker push registry.digitalocean.com/<your-registry-name>/ceos:4.33.1F
š” Make sure your Kubernetes cluster has permission to pull from this registry. You may need to create an image pull secret.
š§¬ Step 2: Deploy cEOS via Clabverter
Convert and deploy your Containerlab topology:
clabverter --stdout --naming non-prefixed --topologyFile ./ceos.lab.yaml | kubectl apply -f -
Verify your deployment:
kubectl get ns
kubectl get topology -n c9s-ceos-lab
kubectl get pods -n c9s-ceos-lab -o wide
š Step 3 (Optional): Enable Certificate Authentication
To secure your telemetry setup, configure gNMI to use certificates.
Generate Certs with Containerlab
Use containerlab cert to generate a valid CA and device certs:
containerlab cert generate --name ceos1 --ip 10.109.0.28
Copy ceos1.key, ceos1.crt, and ca.crt to the appropriate location.
On the cEOS device:
conf t
management api gnmi
transport grpc default
gnmi certificate
gnmi server-certificate flash:server.crt
gnmi server-private-key flash:server.key
end
write memory
On the client (gnmic):
# gnmic.yaml
targets:
ceos1:
address: 10.109.0.28:6030
username: admin
password: admin
tls-ca: ./ca.crt
tls-cert: ./client.crt
tls-key: ./client.key
āļø Step 4: Enable gNMI on cEOS
SSH into your cEOS pod:
kubectl exec -it -n c9s-ceos-lab ceos1-XXXXX -- ssh admin@ceos1
Inside the CLI, configure gNMI:
conf t
management api gnmi
transport grpc default
gnmi insecure
end
write memory
Verify it’s on:
show management api gnmi
You should see something like:
Enabled: yes
Transports:
grpc default (insecure)
š§ Step 5: Install gnmic
On your local machine or another pod, install gnmic:
brew install gnmic # or see docs for other platforms
Create a config file:
# gnmic.yaml
targets:
ceos1:
address: 10.109.0.28:6030 # adjust to match your pod's IP
skip-verify: true
insecure: true
username: admin
password: admin
š Step 6: Stream Interface Counters
Use gnmic to pull data:
gnmic -c gnmic.yaml get --path "/interfaces/interface/state/counters" --encoding json_ietf
Sample output:
{
"/interfaces/interface[name=Ethernet1]/state/counters": {
"in-octets": 123456,
"out-octets": 789012
}
}
You’re now pulling live telemetry from your Kubernetes-native cEOS node.
š§° What’s Next?
You’re now in position to:
- Set up subscriptions with
--streamfor real-time graphs - Push data into a time series DB (e.g., InfluxDB, Prometheus)
- Build dashboards (Grafana, Streamlit, etc.)
š§ Run Phase Recap
- Deployed cEOS to Kubernetes using Clabverter
- Uploaded images to DOCR and used them in the pod spec
- Enabled gNMI on a live cEOS pod
- Used
gnmicto pull interface counters - Optionally configured certificate-based authentication with
containerlab cert
Next blog? We might just glue it all together in a real-time dashboard ā or even automate it all with Terraform + GitHub Actions. Let’s keep running šļø
