SlideShare une entreprise Scribd logo

Kuryr kubernetes: the seamless path to adding pods to your datacenter networking

Antoni Segura Puimedon
Antoni Segura Puimedon

OpenStack Boston Summit session about bringing Neutron networking to your baremetal or nova instance supported Kubernetes clusters

Logiciels
1  sur  25
Télécharger pour lire hors ligne
Kuryr-Kubernetes Adding Pods to your Datacenter Networking Irena Berezovsky @irenab Antoni Segura Puimedon @celebdor
Kuryr-Kubernetes Project motivation ● Hard to connect VMs, bare metal and nested containers ○ No unified networking infrastructure ● Overlay 2 for Pods running in VMs ○ Performance, latency, SLA, management penalties ● Need for a smooth transition to the Cloud Native Applications ○ Ability to transition workloads to microservices at your own pace ○ VMs and Pods sharing networking infrastructure ● Bare Metal OpenStack Storage support with Fuxi-Kubernetes
Kuryr-Kubernetes Project Mission ● Neutron, unified, community sourced networking for Pods & VMs ● OpenStack vendor support experience in the Container space ● Get Neutron users faster into container workloads ○ VMs and Pods on the same Neutron network ○ Enable both L2 and L3 connectivity between OS VMs and K8s Pods ● Easier transition to microservices ○ Connect to VM layer in the same infrastructure
Bare Metal Use Case ● Centralized Kuryr Controller ● Kuryr Controller maps ○ K8s Pods into Neutron ports ○ K8s Services into Neutron Load Balancers ● Kuryr CNI on each Worker node performs Pod binding
Pod in VM Use Case ● Security ● Easier node allocation ● Single overlay ● VM and Pods as targetable network resources ● Can use either Neutron trunk ports or macvlan based VM port allocation
Mixed Use Case ● Connect to existing services in VMs ● Legacy applications alongside microservices ● VM NFVs ● Use existing cloud for Kubernetes workloads
Supported functionality ● Pods networking ○ Kubernetes native networking ○ Pods as Neutron ports on the cluster Neutron network ○ Single tenant ○ Full connectivity enabled by default ● Kubernetes ClusterIP Services ○ Implemented by Neutron LBaaSv2 ● Bare Metal and Pod in VM support
Kuryr-Kubernetes Architecture
Kubernetes Services ● Cluster IP translates to Neutron VIP ● Service endpoints translate to Pool Members ● Uses Neutron Lbaas v2 ● Planned addition of Octavia driver
Kuryr Controller ● Secure connection to the Neutron API Server ○ Keystone as Authorization service ● Watches Kubernetes API resources with a service account ● Stevedore Plugin based Network resources translation ○ Handlers: Receive Kubernetes resource events and patch them ○ Drivers: Used by handlers to allocate Neutron resources, allowing multiple implementations and vendors. ● Os-vif for interface plugging
Kuryr Controller ServiceAccount --- apiVersion: v1 kind: ServiceAccount metadata: name: kuryrctl namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kuryrctl-global subjects: - kind: User name: kuryrctl apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: kuryrctl apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kuryrctl rules: - apiGroups: - "" verbs: - get - list - watch resources: - deployments - endpoints - ingress - nodes - pods - policies - services - apiGroups: - "" verbs: - update - patch resources: - endpoints - ingress - pods - policies - nodes - services - services/status
Kuryr CNI Driver ● Kuryr CNI driver only communicates with Kubernetes API ○ Kubelet already has connection to K8s API ○ Performs local binding of the neutron port ● Supports CNI versioned output (0.3.0) ● Watches Pod resources for Controller-driven vif annotations "annotations": { "openstack.org/kuryr-vif": { "active": true, "address": "fa:16:3e:6c:1f:ff", "bridge_name": "br-int", "has_traffic_filtering": true, "id": "ba8f8d4b-1dfb-4aaf-8ab2-80c25711da3f", "network": { "bridge": "br-int", "id": "a10c5bf4-99b2-4b0d-82b1-2a2639dda4de", "label": "private", "mtu": 1450, "multi_host": false, "should_provide_bridge": false, "should_provide_vlan": false, "subnets": {[{ "cidr": "10.0.0.0/26", "dns": [], "gateway": "10.0.0.1", "ips": [{ "address": "10.0.0.8"}], "routes": [] }]} }, "plugin": "ovs", "port_profile": { "interface_id": "ba8f8d4b-1dfb-4aaf-8ab2-80c25711da3f" }, "preserve_on_delete": false, "vif_name": "tapba8f8d4b-1d" } }
Kuryr CNI ServiceAccount --- apiVersion: v1 kind: ServiceAccount metadata: name: kuryrcni namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kuryrcni-global subjects: - kind: User name: kuryrcni apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: kuryrcni apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: # "namespace" omitted since ClusterRoles are not namespaced name: kuryrcni rules: - apiGroups: - "" verbs: - get - list - watch resources: - pods
Controller - CNI baremetal pod creation
Trunk ports - Neutron extension
Trunk ports - Neutron extension
Controller - CNI pod-in-VM creation
Cluster service creation flow
Scaling Kuryr ● Generic resource Pooling ○ VIF ○ Load Balancers* ● Stevedore pluggability to choose pooling behavior ● Pre-allocates Neutron resources in batch operations ● Burst tolerant
Demo: Guestbook ● 2-tier ● 3 services ● PHP frontend, Redis backend
● Features ○ LoadBalancer Kubernetes Service Type ○ Resource Management ○ Ingress support ○ Policy support ○ Multi-Tenancy, Multiple Networks support ○ Management CLI ● Improvements ○ CNI split into exec and daemon ○ Handler/Driver Profiles ○ Active-Passive HA What’s Next
Join us ● Project launchpad ○ https://launchpad.net/kuryr-kubernetes ● Repository ○ https://github.com/openstack/kuryr-kubernetes ● IRC ○ Weekly meeting #openstack-meeting-4 Mondays 14:00 UTC ○ #openstack-kuryr at Freenode ● Mailing list ○ [kuryr] in openstack-dev@lists.openstack.org
Resources ● Documentation ○ https://docs.openstack.org/developer/kuryr-kubernetes ● Getting started ○ https://ltomasbo.wordpress.com/2017/01/29/side-by-side-and-nested-kubernetes-and-op enstack-deployment-with-kuryr/
Demo: services Demo recording

Recommandé

Kuryr + open shift
Kuryr + open shiftKuryr + open shift
Kuryr + open shiftAntoni Segura Puimedon
 
OpenShift on OpenStack with Kuryr
OpenShift on OpenStack with KuryrOpenShift on OpenStack with Kuryr
OpenShift on OpenStack with KuryrAntoni Segura Puimedon
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersKuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersAntoni Segura Puimedon
 
OpenStack Boston Summit: Kuryr project updates
OpenStack Boston Summit: Kuryr project updatesOpenStack Boston Summit: Kuryr project updates
OpenStack Boston Summit: Kuryr project updatesAntoni Segura Puimedon
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextAntoni Segura Puimedon
 
Introduction to MidoNet
Introduction to MidoNetIntroduction to MidoNet
Introduction to MidoNetTaku Fukushima
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 

Recommandé

Kuryr + open shift
Kuryr + open shiftKuryr + open shift
Kuryr + open shiftAntoni Segura Puimedon
 
OpenShift on OpenStack with Kuryr
OpenShift on OpenStack with KuryrOpenShift on OpenStack with Kuryr
OpenShift on OpenStack with KuryrAntoni Segura Puimedon
 
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersKuryr & Fuxi: OpenStack networking and storage for Docker Swarm containers
Kuryr & Fuxi: OpenStack networking and storage for Docker Swarm containersAntoni Segura Puimedon
 
OpenStack Boston Summit: Kuryr project updates
OpenStack Boston Summit: Kuryr project updatesOpenStack Boston Summit: Kuryr project updates
OpenStack Boston Summit: Kuryr project updatesAntoni Segura Puimedon
 
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...
Kuryr-Kubernetes: The perfect match for networking cloud native workloads - I...Cloud Native Day Tel Aviv
 
Project kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextProject kuryr returns: Docker delivered, Kubernetes Next
Project kuryr returns: Docker delivered, Kubernetes NextAntoni Segura Puimedon
 
Introduction to MidoNet
Introduction to MidoNetIntroduction to MidoNet
Introduction to MidoNetTaku Fukushima
 
Kubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanKubernetes Networking - Giragadurai Vallirajan
Kubernetes Networking - Giragadurai VallirajanNeependra Khare
 
Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack CinderSean McGinnis
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrTaku Fukushima
 
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networksChe-Chia Chang
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & SecurityVietnam Open Infrastructure User Group
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep DiveOpen Networking Summit
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
 
Practical CNI
Practical CNIPractical CNI
Practical CNILinuxCon ContainerCon CloudOpen China
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with KubernetesMatt Baldwin
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Deploying OpenDaylight and OpenStack at Ease
Deploying OpenDaylight and OpenStack at EaseDeploying OpenDaylight and OpenStack at Ease
Deploying OpenDaylight and OpenStack at EaseMichelle Holley
 
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기OpenStack Korea Community
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Arthur Berezin
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migrationopenstackindia
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationLinuxCon ContainerCon CloudOpen China
 
VietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VMVietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VMVietnam Open Infrastructure User Group
 
OpenStack Tokyo Summit Keynote Slides
OpenStack Tokyo Summit Keynote SlidesOpenStack Tokyo Summit Keynote Slides
OpenStack Tokyo Summit Keynote Slidesmestery
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...OpenStack Korea Community
 
Keystone at openstack multi sites
Keystone at openstack multi sitesKeystone at openstack multi sites
Keystone at openstack multi sitesVietnam Open Infrastructure User Group
 
Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Brent Doncaster
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewrajdeep
 

Contenu connexe

Tendances

Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack CinderSean McGinnis
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrTaku Fukushima
 
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016Cloud Native Day Tel Aviv
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes NetworkingCJ Cullen
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationFawad Khaliq
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with KubernetesMatt Baldwin
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowPLUMgrid
 
Deploying OpenDaylight and OpenStack at Ease
Deploying OpenDaylight and OpenStack at EaseDeploying OpenDaylight and OpenStack at Ease
Deploying OpenDaylight and OpenStack at EaseMichelle Holley
 
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기OpenStack Korea Community
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Arthur Berezin
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migrationopenstackindia
 
OpenStack Tokyo Summit Keynote Slides
OpenStack Tokyo Summit Keynote SlidesOpenStack Tokyo Summit Keynote Slides
OpenStack Tokyo Summit Keynote Slidesmestery
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...OpenStack Korea Community
 

Tendances (20)

Introduction to OpenStack Cinder
Introduction to OpenStack CinderIntroduction to OpenStack Cinder
Introduction to OpenStack Cinder
 
Container Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack KuryrContainer Orchestration Integration: OpenStack Kuryr
Container Orchestration Integration: OpenStack Kuryr
 
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
How OpenStack is Built - Anton Weiss - OpenStack Day Israel 2016
 
Kubernetes networks
Kubernetes networksKubernetes networks
Kubernetes networks
 
Kubernetes networking & Security
Kubernetes networking & SecurityKubernetes networking & Security
Kubernetes networking & Security
 
Kubernetes Networking
Kubernetes NetworkingKubernetes Networking
Kubernetes Networking
 
Container Networking Deep Dive
Container Networking Deep DiveContainer Networking Deep Dive
Container Networking Deep Dive
 
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron IntegrationNetworking For Nested Containers: Magnum, Kuryr, Neutron Integration
Networking For Nested Containers: Magnum, Kuryr, Neutron Integration
 
Practical CNI
Practical CNIPractical CNI
Practical CNI
 
Using OpenContrail with Kubernetes
Using OpenContrail with KubernetesUsing OpenContrail with Kubernetes
Using OpenContrail with Kubernetes
 
Docker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know nowDocker Networking in OpenStack: What you need to know now
Docker Networking in OpenStack: What you need to know now
 
Deploying OpenDaylight and OpenStack at Ease
Deploying OpenDaylight and OpenStack at EaseDeploying OpenDaylight and OpenStack at Ease
Deploying OpenDaylight and OpenStack at Ease
 
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
[OpenStack Days 2016] Track4 - OpenNSL으로 브로드콜 기반 네트,워크 스위치 제어하기
 
Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...Deep dive into highly available open stack architecture openstack summit va...
Deep dive into highly available open stack architecture openstack summit va...
 
Guts & OpenStack migration
Guts & OpenStack migrationGuts & OpenStack migration
Guts & OpenStack migration
 
OpenDaylight OpenStack Integration
OpenDaylight OpenStack IntegrationOpenDaylight OpenStack Integration
OpenDaylight OpenStack Integration
 
VietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VMVietOpenStack meetup 7th High Performance VM
VietOpenStack meetup 7th High Performance VM
 
OpenStack Tokyo Summit Keynote Slides
OpenStack Tokyo Summit Keynote SlidesOpenStack Tokyo Summit Keynote Slides
OpenStack Tokyo Summit Keynote Slides
 
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
[OpenStack Days Korea 2016] Track1 - Mellanox CloudX - Acceleration for Cloud...
 
Keystone at openstack multi sites
Keystone at openstack multi sitesKeystone at openstack multi sites
Keystone at openstack multi sites
 

Similaire à Kuryr kubernetes: the seamless path to adding pods to your datacenter networking

Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Brent Doncaster
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewrajdeep
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Prem Sankar Gopannan
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerKamesh Pemmaraju
 
Container network security
Container network securityContainer network security
Container network securityDaisuke Nakajima
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKevin Lynch
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networkingmarkmcclain
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesImesh Gunaratne
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack NetworkingIlya Shakhat
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first partlilliput12
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDNinakipascual
 
Overview of OpenDaylight Container Orchestration Engine Integration
Overview of OpenDaylight Container Orchestration Engine IntegrationOverview of OpenDaylight Container Orchestration Engine Integration
Overview of OpenDaylight Container Orchestration Engine IntegrationMichelle Holley
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...Xiaohui Chen
 
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward LibertyOpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward Libertymestery
 
OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013Edgar Magana
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorialmestery
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014yfauser
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016Phil Estes
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxDanielHertzberg4
 

Similaire à Kuryr kubernetes: the seamless path to adding pods to your datacenter networking (20)

Open stackaustinmeetupsept21
Open stackaustinmeetupsept21Open stackaustinmeetupsept21
Open stackaustinmeetupsept21
 
Openstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overviewOpenstack meetup-pune-aug22-overview
Openstack meetup-pune-aug22-overview
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2
 
June Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data centerJune Boston openStack Summit: Preparing quantum for the data center
June Boston openStack Summit: Preparing quantum for the data center
 
Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101Networking in Openstack - Neutron 101
Networking in Openstack - Neutron 101
 
Container network security
Container network securityContainer network security
Container network security
 
Kubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the DatacenterKubernetes @ Squarespace: Kubernetes in the Datacenter
Kubernetes @ Squarespace: Kubernetes in the Datacenter
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networking
 
Deploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on KubernetesDeploying WSO2 Middleware on Kubernetes
Deploying WSO2 Middleware on Kubernetes
 
OpenStack Networking
OpenStack NetworkingOpenStack Networking
OpenStack Networking
 
Openstack Networking Internals - first part
Openstack Networking Internals - first partOpenstack Networking Internals - first part
Openstack Networking Internals - first part
 
Openstack Neutron and SDN
Openstack Neutron and SDNOpenstack Neutron and SDN
Openstack Neutron and SDN
 
Overview of OpenDaylight Container Orchestration Engine Integration
Overview of OpenDaylight Container Orchestration Engine IntegrationOverview of OpenDaylight Container Orchestration Engine Integration
Overview of OpenDaylight Container Orchestration Engine Integration
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
 
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward LibertyOpenStack Neutron: What's New In Kilo and a Look Toward Liberty
OpenStack Neutron: What's New In Kilo and a Look Toward Liberty
 
OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013OpenStack Neutron Havana Overview - Oct 2013
OpenStack Neutron Havana Overview - Oct 2013
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
Open stack networking_101_update_2014
Open stack networking_101_update_2014Open stack networking_101_update_2014
Open stack networking_101_update_2014
 
"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016"One network to rule them all" - OpenStack Summit Austin 2016
"One network to rule them all" - OpenStack Summit Austin 2016
 
Nynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptxNynog-K8s-networking-101.pptx
Nynog-K8s-networking-101.pptx
 

Plus de Antoni Segura Puimedon

Plus de Antoni Segura Puimedon (20)

Revista juny 2013
Revista juny 2013Revista juny 2013
Revista juny 2013
 
Revista maig 2013
Revista maig 2013Revista maig 2013
Revista maig 2013
 
Revista el bloc Novembre 2011
Revista el bloc Novembre 2011Revista el bloc Novembre 2011
Revista el bloc Novembre 2011
 
Programa Bloc Olesà 2011
Programa Bloc Olesà 2011Programa Bloc Olesà 2011
Programa Bloc Olesà 2011
 
Revista de final de campanya
Revista de final de campanyaRevista de final de campanya
Revista de final de campanya
 
Revista Casc Antic
Revista Casc AnticRevista Casc Antic
Revista Casc Antic
 
Revista de Sant Bernat
Revista de Sant BernatRevista de Sant Bernat
Revista de Sant Bernat
 
Revista Collet de Sant Joan
Revista Collet de Sant JoanRevista Collet de Sant Joan
Revista Collet de Sant Joan
 
Revista La Central
Revista La CentralRevista La Central
Revista La Central
 
Revista de la Rambla-Eixample
Revista de la Rambla-EixampleRevista de la Rambla-Eixample
Revista de la Rambla-Eixample
 
Revista Les Planes
Revista Les PlanesRevista Les Planes
Revista Les Planes
 
Revista Closos
Revista ClososRevista Closos
Revista Closos
 
Revista Poble Sec
Revista Poble SecRevista Poble Sec
Revista Poble Sec
 
Revista Ribes Blaves
Revista Ribes BlavesRevista Ribes Blaves
Revista Ribes Blaves
 
Revista Maig 2011
Revista Maig 2011Revista Maig 2011
Revista Maig 2011
 
Revista Març 2004
Revista Març 2004Revista Març 2004
Revista Març 2004
 
Revista Juny 2005
Revista Juny 2005Revista Juny 2005
Revista Juny 2005
 
Revista Juliol 2006
Revista Juliol 2006Revista Juliol 2006
Revista Juliol 2006
 
Revista Novembre 2006
Revista Novembre 2006Revista Novembre 2006
Revista Novembre 2006
 
Revista Gener 2007
Revista Gener 2007Revista Gener 2007
Revista Gener 2007
 

Dernier

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...panagenda
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 

Dernier (20)

+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
W01_panagenda_Navigating-the-Future-with-The-Hitchhikers-Guide-to-Notes-and-D...
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 

Kuryr kubernetes: the seamless path to adding pods to your datacenter networking

  • 1. Kuryr-Kubernetes Adding Pods to your Datacenter Networking Irena Berezovsky @irenab Antoni Segura Puimedon @celebdor
  • 2. Kuryr-Kubernetes Project motivation ● Hard to connect VMs, bare metal and nested containers ○ No unified networking infrastructure ● Overlay 2 for Pods running in VMs ○ Performance, latency, SLA, management penalties ● Need for a smooth transition to the Cloud Native Applications ○ Ability to transition workloads to microservices at your own pace ○ VMs and Pods sharing networking infrastructure ● Bare Metal OpenStack Storage support with Fuxi-Kubernetes
  • 3. Kuryr-Kubernetes Project Mission ● Neutron, unified, community sourced networking for Pods & VMs ● OpenStack vendor support experience in the Container space ● Get Neutron users faster into container workloads ○ VMs and Pods on the same Neutron network ○ Enable both L2 and L3 connectivity between OS VMs and K8s Pods ● Easier transition to microservices ○ Connect to VM layer in the same infrastructure
  • 4. Bare Metal Use Case ● Centralized Kuryr Controller ● Kuryr Controller maps ○ K8s Pods into Neutron ports ○ K8s Services into Neutron Load Balancers ● Kuryr CNI on each Worker node performs Pod binding
  • 5. Pod in VM Use Case ● Security ● Easier node allocation ● Single overlay ● VM and Pods as targetable network resources ● Can use either Neutron trunk ports or macvlan based VM port allocation
  • 6. Mixed Use Case ● Connect to existing services in VMs ● Legacy applications alongside microservices ● VM NFVs ● Use existing cloud for Kubernetes workloads
  • 7. Supported functionality ● Pods networking ○ Kubernetes native networking ○ Pods as Neutron ports on the cluster Neutron network ○ Single tenant ○ Full connectivity enabled by default ● Kubernetes ClusterIP Services ○ Implemented by Neutron LBaaSv2 ● Bare Metal and Pod in VM support
  • 9. Kubernetes Services ● Cluster IP translates to Neutron VIP ● Service endpoints translate to Pool Members ● Uses Neutron Lbaas v2 ● Planned addition of Octavia driver
  • 10.
  • 11. Kuryr Controller ● Secure connection to the Neutron API Server ○ Keystone as Authorization service ● Watches Kubernetes API resources with a service account ● Stevedore Plugin based Network resources translation ○ Handlers: Receive Kubernetes resource events and patch them ○ Drivers: Used by handlers to allocate Neutron resources, allowing multiple implementations and vendors. ● Os-vif for interface plugging
  • 12. Kuryr Controller ServiceAccount --- apiVersion: v1 kind: ServiceAccount metadata: name: kuryrctl namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kuryrctl-global subjects: - kind: User name: kuryrctl apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: kuryrctl apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kuryrctl rules: - apiGroups: - "" verbs: - get - list - watch resources: - deployments - endpoints - ingress - nodes - pods - policies - services - apiGroups: - "" verbs: - update - patch resources: - endpoints - ingress - pods - policies - nodes - services - services/status
  • 13. Kuryr CNI Driver ● Kuryr CNI driver only communicates with Kubernetes API ○ Kubelet already has connection to K8s API ○ Performs local binding of the neutron port ● Supports CNI versioned output (0.3.0) ● Watches Pod resources for Controller-driven vif annotations "annotations": { "openstack.org/kuryr-vif": { "active": true, "address": "fa:16:3e:6c:1f:ff", "bridge_name": "br-int", "has_traffic_filtering": true, "id": "ba8f8d4b-1dfb-4aaf-8ab2-80c25711da3f", "network": { "bridge": "br-int", "id": "a10c5bf4-99b2-4b0d-82b1-2a2639dda4de", "label": "private", "mtu": 1450, "multi_host": false, "should_provide_bridge": false, "should_provide_vlan": false, "subnets": {[{ "cidr": "10.0.0.0/26", "dns": [], "gateway": "10.0.0.1", "ips": [{ "address": "10.0.0.8"}], "routes": [] }]} }, "plugin": "ovs", "port_profile": { "interface_id": "ba8f8d4b-1dfb-4aaf-8ab2-80c25711da3f" }, "preserve_on_delete": false, "vif_name": "tapba8f8d4b-1d" } }
  • 14. Kuryr CNI ServiceAccount --- apiVersion: v1 kind: ServiceAccount metadata: name: kuryrcni namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: kuryrcni-global subjects: - kind: User name: kuryrcni apiGroup: rbac.authorization.k8s.io roleRef: kind: ClusterRole name: kuryrcni apiGroup: rbac.authorization.k8s.io --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: # "namespace" omitted since ClusterRoles are not namespaced name: kuryrcni rules: - apiGroups: - "" verbs: - get - list - watch resources: - pods
  • 15. Controller - CNI baremetal pod creation
  • 16. Trunk ports - Neutron extension
  • 17. Trunk ports - Neutron extension
  • 18. Controller - CNI pod-in-VM creation
  • 20. Scaling Kuryr ● Generic resource Pooling ○ VIF ○ Load Balancers* ● Stevedore pluggability to choose pooling behavior ● Pre-allocates Neutron resources in batch operations ● Burst tolerant
  • 21. Demo: Guestbook ● 2-tier ● 3 services ● PHP frontend, Redis backend
  • 22. ● Features ○ LoadBalancer Kubernetes Service Type ○ Resource Management ○ Ingress support ○ Policy support ○ Multi-Tenancy, Multiple Networks support ○ Management CLI ● Improvements ○ CNI split into exec and daemon ○ Handler/Driver Profiles ○ Active-Passive HA What’s Next
  • 23. Join us ● Project launchpad ○ https://launchpad.net/kuryr-kubernetes ● Repository ○ https://github.com/openstack/kuryr-kubernetes ● IRC ○ Weekly meeting #openstack-meeting-4 Mondays 14:00 UTC ○ #openstack-kuryr at Freenode ● Mailing list ○ [kuryr] in openstack-dev@lists.openstack.org
  • 24. Resources ● Documentation ○ https://docs.openstack.org/developer/kuryr-kubernetes ● Getting started ○ https://ltomasbo.wordpress.com/2017/01/29/side-by-side-and-nested-kubernetes-and-op enstack-deployment-with-kuryr/