Slides for the OpenStack Newton Summit in Austin that cover the changes done during the Mitaka cycle and the direction we will take for Neutron. Swarm and Kubernetes integrations explained
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽❤️🧑🏻 89...
Project kuryr returns: Docker delivered, Kubernetes Next
1. Project Kuryr
Docker delivered, Kubernetes Next!
Mohammad Banikazemi @MBanikazemi
Gal Sagie @GalSagie
Antoni Segura Puimedon @celebdor
2. What Are the Problems?
❏ Reinventing networking abstractions
❏ Changing and vendor specific solutions
❏ Overlay
2
for VM nested containers
❏ Performance, latency, SLA, management penalties
❏ Lack of isolation and policy level constructs
❏ Security
❏ 3-Tier Applications
❏ Hard to connect VMs, bare metal and nested containers
❏ No unified networking infrastructure
6. Kuryr Project Overview
❏ Open source
❏ Part of OpenStack Big-Tent
❏ Brings the Neutron networking model to containers
❏ Aims to support different Container Runtimes (docker, rkt, etc)
❏ E.g. Kubernetes, Mesos, Docker Swarm
❏ Weekly IRC meetings
❏ Working together with OpenStack community
❏ Neutron, Magnum, Kolla
7. Current Supported Features
❏ Utilizes Neutron and Keystone
❏ Supports Docker networking
❏ Network Plugin
❏ IPAM Plugin
❏ Allows for out of band use of Security Groups
❏ Supports use of existing Neutron resources
❏ Networks
❏ Subnets
❏ Load balancers
❏ Supports Docker Swarm
8. New features for containers
Security Groups
Subnet Pools
NAT (SNAT / DNAT – Floating IP)
Port Security (ARP Spoofing)
QoS
Quota Management
Neutron pluggable IPAM
Provide well-integrated COE Load balancing through Neutron
FWaaS for Containers
Plugging into existing Neutron networks
14. $ neutron net-show mynet
+---------------------------+----------------------------------------------------+
| Field | Value |
+---------------------------+----------------------------------------------------+
| tags | kuryr.net.uuid.uh:4ca3f3fc3fc48a8c9cd902ed7508f1cd |
| | kuryr.net.uuid.lh:12f769bd2697f2200f27f60753bd5dad |
| | kuryr.net.existing |
Existing Neutron Networks (Cont’d)
❏ Neutron tags added to the network
❏ Subnet if existing is used, otherwise gets created
❏ Neutron network is not deleted upon deletion of Docker network
❏ If not using Mitaka release (i.e., Liberty or earlier):
❏ Neutron network name is modified
❏ Deleting Docker network → deletion of Neutron network if no ports
16. Kubernetes Integration
❏ Secure connection to the Neutron API Server
❏ Kuryr watcher on admin/tenant machine
❏ Kuryr CNI plugin only communicates with K8s API
❏ Kubelet must already have a channel to the API
❏ Only performs the binding to the correct Neutron port
❏ Raven updates policy using Neutron
❏ Policy information gets translated into security groups
20. Packaging
❏ Automated container builds at https://hub.docker.com/r/kuryr/
❏ Libnetwork
❏ Raven
❏ Kubelet
❏ Kolla Integration
❏ Under review
❏ Distribution packaging with systemd unit files
❏ Debian
❏ RDO
❏ Heat Templates
❏ Magnum Integration
21. Kuryr Roadmap
❏ Newton cycle
❏ Kubernetes integration
❏ CNI and watcher parts upstreaming
❏ Policy support using security groups
❏ Nested containers and Magnum integration
❏ Neutron advanced services (FWaaS VPNaaS)
❏ DNS integration and Port Forwarding
❏ Docker exposed ports
❏ Packaging and Deployment
❏ Mesos
22. Kuryr and Storage
❏ Kuryr as incubator for bringing native OpenStack services to containers
❏ Cinder
❏ Manila
❏ Swift
❏ Freezer
❏ Smaug