kuryr + open shift
TRANSCRIPT
OpenShift/KuryrBridging the infrastructure gap
Vikas ChoudharyAntoni Segura PuimedonLuis Tomás Bolívar
What is Kuryr?
❏ Repositories❏ Kuryr: library for common code❏ Kuryr-libnetwork: Docker libnetwork IPAM and remote driver❏ Fuxi: Docker storage driver❏ Kuryr-kubernetes: Kubernetes Controller and CNI driver
❏ Started around August 2015 by Midokura and Huawei to bring production ready networking to containers
❏ OpenStack Big tent project
Why did Kuryr start?
● Operators and vendors wanted to have datacenters under a single networking solution
● We believe Neutron provides valuable, production ready networking abstractions and has a good foothold in datacenters thanks to plugins
● Envisioned a smooth transition to the container world:○ OpenStack services running inside containers○ VMs and containers sharing Neutron virtual topology○ Keystone as a façade to Orgs’ identity and role management○ Ability to transition workloads to containers/microservices at your own pace
What can Kuryr bring you
● A good story around having:○ A single, community sourced networking whether you run containers, VMs or, more likely,
both.○ Leveraging vendor OpenStack support experience in the container space○ A quicker path to Kubernetes & Openshift for users of Neutron networking
● OpenShift + OpenStack support● A future where OpenStack services can be deployed by Kubernetes on
OpenStack managed networking
Kubernetes integration
● Originally prototyped @Midokura with MidoNet and Python3 only
● Reimplemented upstream with Python2/3 support
● Generic vendor support based on Neutron + os-vif
● Stevedore Plugin based Network Resources acquisition
● Services backed by LBaaS v2● External access with Floating
IPs● Baremetal and container-in-VM
● Open Source PaaS rebuilt around Container Standards
● Leverages Kubernetes● Moving to standardize on CNI
for Network extensions● Brings SELinux isolation to
container environments● Has its own SDN that wraps
Kubernetes networking● Native master HA with haproxy
in front of the masters
OpenShift
● Replaces kube-proxy and openshift SDN
● Gets networking from pre-existing Keystone + Neutron deployment
● Supports baremetal and Pod-in-VM*
● Kuryr Controller HA**● OpenShift services get
translated to LBaaSv2 entities that vendors can implement
OpenShiftwith Kuryr
Openshift integration
● Leverages the Kubernetes integration
● Giving back Kuryr upstream:○ HTTPS client support
● Neutron plugins:○ ovs hybrid (tested)○ ovs native○ Dragonflow
Demo functionality
❏ Connectivity❏ Pod <-> Pod❏ Pod <-> VM
❏ Neutron ovs hybrid mode❏ ManageIQ integration
❏ Pod networking shows up under Networks -> Network Port
Stay tuned
❏ Connectivity❏ Pod <-> Pod❏ Pod <-> VM❏ Container-in-VM (vlan trunk mode)❏ ExternalIP❏ Neutron native ovs firewall driver
❏ Services❏ LBaaSv2 based service implementation*❏ Replica scaling*
❏ ManageIQ integration❏ Pod networking shows up under Networks -> Network Ports❏ Services show up in Networks -> Load Balancers*