Kuryr + open shift
1 like737 views
Kuryr is a networking solution that bridges the gap between containers and traditional VMs by leveraging OpenStack's Neutron service, enabling users to manage both workloads under a single networking solution. Initially developed by Midokura and Huawei in 2015, Kuryr provides seamless integration with Kubernetes and OpenShift, allowing for the deployment of OpenStack services within a containerized environment. Key features include support for multiple networking plugins, high availability, and connectivity between pods and VMs, enhancing the operational synergy of hybrid workloads.
Kuryr + open shift
- 1. OpenShift/Kuryr Bridging the infrastructure gap Vikas Choudhary Antoni Segura Puimedon Luis Tomás Bolívar
- 3. What is Kuryr? ❏ Repositories ❏ Kuryr: library for common code ❏ Kuryr-libnetwork: Docker libnetwork IPAM and remote driver ❏ Fuxi: Docker storage driver ❏ Kuryr-kubernetes: Kubernetes Controller and CNI driver ❏ Started around August 2015 by Midokura and Huawei to bring production ready networking to containers ❏ OpenStack Big tent project
- 4. Why did Kuryr start? ● Operators and vendors wanted to have datacenters under a single networking solution ● We believe Neutron provides valuable, production ready networking abstractions and has a good foothold in datacenters thanks to plugins ● Envisioned a smooth transition to the container world: ○ OpenStack services running inside containers ○ VMs and containers sharing Neutron virtual topology ○ Keystone as a façade to Orgs’ identity and role management ○ Ability to transition workloads to containers/microservices at your own pace
- 5. What can Kuryr bring you ● A good story around having: ○ A single, community sourced networking whether you run containers, VMs or, more likely, both. ○ Leveraging vendor OpenStack support experience in the container space ○ A quicker path to Kubernetes & Openshift for users of Neutron networking ● OpenShift + OpenStack support ● A future where OpenStack services can be deployed by Kubernetes on OpenStack managed networking
- 7. Kubernetes integration ● Originally prototyped @Midokura with MidoNet and Python3 only ● Reimplemented upstream with Python2/3 support ● Generic vendor support based on Neutron + os-vif ● Stevedore Plugin based Network Resources acquisition ● Services backed by LBaaS v2 ● External access with Floating IPs ● Baremetal and container-in-VM
- 9. ● Open Source PaaS rebuilt around Container Standards ● Leverages Kubernetes ● Moving to standardize on CNI for Network extensions ● Brings SELinux isolation to container environments ● Has its own SDN that wraps Kubernetes networking ● Native master HA with haproxy in front of the masters OpenShift
- 10. Getting it all together
- 11. ● Replaces kube-proxy and openshift SDN ● Gets networking from pre-existing Keystone + Neutron deployment ● Supports baremetal and Pod-in-VM* ● Kuryr Controller HA** ● OpenShift services get translated to LBaaSv2 entities that vendors can implement OpenShift with Kuryr
- 12. Openshift integration ● Leverages the Kubernetes integration ● Giving back Kuryr upstream: ○ HTTPS client support ● Neutron plugins: ○ ovs hybrid (tested) ○ ovs native ○ Dragonflow
- 13. Controller - CNI pod creation interaction
- 15. Demo functionality ❏ Connectivity ❏ Pod <-> Pod ❏ Pod <-> VM ❏ Neutron ovs hybrid mode ❏ ManageIQ integration ❏ Pod networking shows up under Networks -> Network Port
- 16. Demo
- 17. Stay tuned ❏ Connectivity ❏ Pod <-> Pod ❏ Pod <-> VM ❏ Container-in-VM (vlan trunk mode) ❏ ExternalIP ❏ Neutron native ovs firewall driver ❏ Services ❏ LBaaSv2 based service implementation* ❏ Replica scaling* ❏ ManageIQ integration ❏ Pod networking shows up under Networks -> Network Ports ❏ Services show up in Networks -> Load Balancers*
- 18. Q&A