SlideShare a Scribd company logo

Kubernetes in Hybrid Environments with Submariner

Kublr
Kublr

Submariner enables direct networking between Pods and Services in different Kubernetes clusters, either on-premises or in the cloud. As Kubernetes gains adoption, teams are finding they must deploy and manage multiple clusters to facilitate features like geo-redundancy, scale, and fault isolation for their applications. With Submariner, your applications and services can span multiple cloud providers, data centers, and regions. Submariner is completely open source, and designed to be network plugin (CNI) agnostic. Submariner Provides: cross-cluster L3 connectivity using encrypted VPN tunnels; service Discovery across clusters; subctl, a friendly deployment tool; support for interconnecting clusters with overlapping CIDRs

Software
1 of 16
Download to read offline
Hybrid K8S Environments with Submariner Oleg Chunikhin | CTO, Kublr
Oleg Chunikhin CTO, Kublr • 25 years in software architecture & development • Working w/ Kubernetes since its release in 2015 • Software architect behind Kublr—an enterprise ready container management platform • @olgch Introductions
Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE
Service discovery Overlay network Physical network Kubernetes Networking Node 1 172.16.0.10 Node 2 172.16.0.11 Pod 1 100.64.0.10 Pod 2 100.64.0.11 my-service.my-ns.svc.cluster.local infrastructure kubelet, kube-proxy, CNI K8S, coredns Service 100.96.0.10
Inter-cluster connectivity Service discovery Overlay network Physical network Node 1 172.16.0.10 Node 2 172.16.0.11 Pod 1 100.64.0.10 Pod 2 100.64.0.11 Service 100.96.0.10 my-service.my-ns.svc.cluster.local infrastructure kubelet, kube-proxy, CNI K8S, coredns Service discovery Overlay network Physical network Node 1 172.18.0.10 Pod 1 100.128.0.10 Service 100.160.0.10 my-service.my-ns.svc.cluster2.local kubelet, kube-proxy, CNI K8S, coredns 1. VPN 2. peering 3. routing 1. VPN 2. CNI 3. routing 1. DNS forwarding 2. SVC export
Inter-cluster connectivity Service discovery Overlay network Physical network Node 1 172.16.0.10 Node 2 172.16.0.11 Pod 1 100.64.0.10 Pod 2 100.64.0.11 Service 100.96.0.10 my-service.my-ns.svc.cluster.local infrastructure kubelet, kube-proxy, CNI K8S, coredns Service discovery Overlay network Physical network Node 1 172.16.0.10 Pod 1 100.64.0.10 Service 100.96.0.10 my-service.my-ns.svc.cluster.local kubelet, kube-proxy, CNI K8S, coredns Shared my-service.my-ns.svc.clusterset.local Service 100.160.0.10 VPN + routing
Submariner: VPN Worker Node Worker Node Passive Gateway Node Active Gateway Node Gateway Label Gateway Label Public Network Passive Gateway Node Active Gateway Node Gateway Label Gateway Label Worker Node Worker Node Cluster Node Route Agent Gateway Engine VxLAN Traffic IPSEC Traffic Broker Namespace
Submariner: service discovery
Submariner Components ● Broker ○ No active components; ns used to exchange connection info ● Gateway Engine (managed by operator) ○ Gateway management, failover, reconnection, LB, routing ○ gateway, route agent ● Service discovery (managed by operator) ○ Services export and import ○ lighthouse agent, lighthouse coredns
Submariner Responsibilities ● Broker and operator ○ Share and coordinate connection info between clusters ● Gateway Engine (managed by operator) ○ (Re-)configure routes on each node on changes in ■ peered clusters ■ active gateway ■ imported/exported services ○ Failover gateways ○ (Re-)connect ○ Load balancing ● Service discovery (managed by operator) ○ Share service import/export information ○ Serve DNS requests for clusterset.local domain
kind: Cluster metadata: name: demo-hybrid-1-aws spec: ... network: apiServerSecurePort: 6443 locations: - name: aws1 aws: ... master: minNodes: 1 ... locations: - aws: ... nodes: - name: group1 minNodes: 3 ... locations: - aws: ... features: monitoring: { ... } packages: submariner-broker: { ... } Cluster Specification Kublr metadata for the cluster - name, space, labels Cluster-wide non provider specific configuration - network, cluster-wide settings, k8s version, etc Infrastructure provider specific cluster-wide configuration - account, access creds, AZs etc Infrastructure provider specific group configuration - AZs, image, group type, zone locking, etc Group-specific non provider specific configuration - k8s options, autoscaling, etc Kublr-specific built-in K8S components Additional custom helm packages
kind: Cluster metadata: name: demo-hybrid-1-aws spec: ... network: clusterCIDR: 100.64.0.0/10 dnsDomain: cluster1.local stubDomains: - dns: cluster2.local servers: - 100.128.0.10 locations: - name: aws1 aws: resourcesCloudFormationExtras: SgDefaultSubmariner500: Type: AWS::EC2::SecurityGroupIngress ... ... master: minNodes: 1 ... locations: - aws: groupType: asg-mip mixedInstancesPolicyCloudFormationExtras: ... nodes: - name: group1 minNodes: 3 ... locations: - aws: groupType: asg-mip mixedInstancesPolicyCloudFormationExtras: ... pinToZone: pin availabilityZones: - us-east-1a - us-east-1b - us-east-1c Infrastructure Additional ports for VPN kind: Cluster metadata: name: demo-hybrid-2-azure spec: ... network: clusterCIDR: 100.128.0.0/10 dnsDomain: cluster2.local stubDomains: - dns: cluster1.local servers: - 100.64.0.10 locations: - name: azure1 azure: virtualNetworkSubnetCidrBlock: 172.18.0.0/16 armTemplateExtras: securityGroup: ... ... master: minNodes: 1 ... locations: - azure: armTemplateExtras: ... priority: Spot nodes: - name: group1 minNodes: 3 ... locations: - azure: armTemplateExtras: ... priority: Spot zones: - '1' - '2' - '3' pinToZone: pin Non-intersecting CIDR Mutual discoverability Mixed instance policy and spot instances Multi-zone
Beyond the Demo ● Optimization: Resources, Throughput, ... ● Intersecting CIDR ● Failover and load balancing ● CNI Support
References @olgch; @kublr github.com/kublr/submariner-demo github.com/kublr/hybrid-demo kublr.com/ docs.kublr.com/ submariner.io/getting-started/architecture/ github.com/submariner-io/ github.com/submariner-io/submariner github.com/submariner-io/submariner-operator github.com/submariner-io/submariner-charts github.com/kubernetes-sigs/mcs-api K8S multi-cluster EP
Q&A
Oleg Chunikhin CTO oleg@kublr.com @olgch Follow Us @kublr Thank You

Recommended

Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Let's build Developer Portal with Backstage
Let's build Developer Portal with BackstageLet's build Developer Portal with Backstage
Let's build Developer Portal with Backstage
Opsta
 
OpenStack Presentation
OpenStack PresentationOpenStack Presentation
OpenStack Presentation
Allan Searle
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Using Libvirt with Cluster API to manage baremetal Kubernetes
Using Libvirt with Cluster API to manage baremetal KubernetesUsing Libvirt with Cluster API to manage baremetal Kubernetes
Using Libvirt with Cluster API to manage baremetal Kubernetes
Himani Agrawal
 
Modern CI/CD Pipeline Using Azure DevOps
Modern CI/CD Pipeline Using Azure DevOpsModern CI/CD Pipeline Using Azure DevOps
Modern CI/CD Pipeline Using Azure DevOps
GlobalLogic Ukraine
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
ArangoDB Database
 
Jenkins
JenkinsJenkins
Jenkins
Roger Xia
 

Recommended

Intro to kubernetes
Intro to kubernetesIntro to kubernetes
Intro to kubernetes
Faculty of Technical Sciences, University of Novi Sad
 
Let's build Developer Portal with Backstage
Let's build Developer Portal with BackstageLet's build Developer Portal with Backstage
Let's build Developer Portal with Backstage
Opsta
 
OpenStack Presentation
OpenStack PresentationOpenStack Presentation
OpenStack Presentation
Allan Searle
 
infrastructure as code
infrastructure as codeinfrastructure as code
infrastructure as code
Amazon Web Services
 
Using Libvirt with Cluster API to manage baremetal Kubernetes
Using Libvirt with Cluster API to manage baremetal KubernetesUsing Libvirt with Cluster API to manage baremetal Kubernetes
Using Libvirt with Cluster API to manage baremetal Kubernetes
Himani Agrawal
 
Modern CI/CD Pipeline Using Azure DevOps
Modern CI/CD Pipeline Using Azure DevOpsModern CI/CD Pipeline Using Azure DevOps
Modern CI/CD Pipeline Using Azure DevOps
GlobalLogic Ukraine
 
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
gVisor, Kata Containers, Firecracker, Docker: Who is Who in the Container Space?
ArangoDB Database
 
Jenkins
JenkinsJenkins
Jenkins
Roger Xia
 
Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Vishal Biyani
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
AAD authentication for azure app v0.1.20.0317
AAD authentication for azure app v0.1.20.0317AAD authentication for azure app v0.1.20.0317
AAD authentication for azure app v0.1.20.0317
Ayumu Inaba
 
Kubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | EdurekaKubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | Edureka
Edureka!
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
Karpenter
KarpenterKarpenter
Karpenter
Knoldus Inc.
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arcrajramab
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot Microservices
NexThoughts Technologies
 
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformKubernetes: An Introduction to the Open Source Container Orchestration Platform
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Michael O'Sullivan
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
Abdelghani Azri
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
Pradeep Patel, PMP®
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
Amazon Web Services LATAM
 
Autoscaling Kubernetes
Autoscaling KubernetesAutoscaling Kubernetes
Autoscaling Kubernetes
craigbox
 
Exploring Cloud Computing with Amazon Web Services (AWS)
Exploring Cloud Computing with Amazon Web Services (AWS)Exploring Cloud Computing with Amazon Web Services (AWS)
Exploring Cloud Computing with Amazon Web Services (AWS)
Kalema Edgar
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
James Falkner
 
Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 

More Related Content

What's hot

Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
Vishal Biyani
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
Kyohei Mizumoto
 
AAD authentication for azure app v0.1.20.0317
AAD authentication for azure app v0.1.20.0317AAD authentication for azure app v0.1.20.0317
AAD authentication for azure app v0.1.20.0317
Ayumu Inaba
 
Kubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | EdurekaKubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | Edureka
Edureka!
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
Aspen Mesh
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
Weaveworks
 
Karpenter
KarpenterKarpenter
Karpenter
Knoldus Inc.
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
Georgios Andrianakis
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
Knoldus Inc.
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arcrajramab
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
Jason Vance
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot Microservices
NexThoughts Technologies
 
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformKubernetes: An Introduction to the Open Source Container Orchestration Platform
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Michael O'Sullivan
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
Abdelghani Azri
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Crevise Technologies
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
Pradeep Patel, PMP®
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
Amazon Web Services LATAM
 
Autoscaling Kubernetes
Autoscaling KubernetesAutoscaling Kubernetes
Autoscaling Kubernetes
craigbox
 
Exploring Cloud Computing with Amazon Web Services (AWS)
Exploring Cloud Computing with Amazon Web Services (AWS)Exploring Cloud Computing with Amazon Web Services (AWS)
Exploring Cloud Computing with Amazon Web Services (AWS)
Kalema Edgar
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
James Falkner
 

What's hot (20)

Introduction to Kubernetes
Introduction to KubernetesIntroduction to Kubernetes
Introduction to Kubernetes
 
Istio service mesh introduction
Istio service mesh introductionIstio service mesh introduction
Istio service mesh introduction
 
AAD authentication for azure app v0.1.20.0317
AAD authentication for azure app v0.1.20.0317AAD authentication for azure app v0.1.20.0317
AAD authentication for azure app v0.1.20.0317
 
Kubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | EdurekaKubernetes Installation on Ubuntu | Edureka
Kubernetes Installation on Ubuntu | Edureka
 
The Complete Guide to Service Mesh
The Complete Guide to Service MeshThe Complete Guide to Service Mesh
The Complete Guide to Service Mesh
 
Building internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOpsBuilding internal developer platform with EKS and GitOps
Building internal developer platform with EKS and GitOps
 
Karpenter
KarpenterKarpenter
Karpenter
 
Introduction to Istio Service Mesh
Introduction to Istio Service MeshIntroduction to Istio Service Mesh
Introduction to Istio Service Mesh
 
Kubernetes Architecture
Kubernetes Architecture Kubernetes Architecture
Kubernetes Architecture
 
Azure Overview Arc
Azure Overview ArcAzure Overview Arc
Azure Overview Arc
 
Terraform introduction
Terraform introductionTerraform introduction
Terraform introduction
 
Springboot Microservices
Springboot MicroservicesSpringboot Microservices
Springboot Microservices
 
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
Kubernetes: An Introduction to the Open Source Container Orchestration PlatformKubernetes: An Introduction to the Open Source Container Orchestration Platform
Kubernetes: An Introduction to the Open Source Container Orchestration Platform
 
Microservices architecture
Microservices architectureMicroservices architecture
Microservices architecture
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
DevOps for beginners
DevOps for beginnersDevOps for beginners
DevOps for beginners
 
Automatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWSAutomatice el proceso de entrega con CI/CD en AWS
Automatice el proceso de entrega con CI/CD en AWS
 
Autoscaling Kubernetes
Autoscaling KubernetesAutoscaling Kubernetes
Autoscaling Kubernetes
 
Exploring Cloud Computing with Amazon Web Services (AWS)
Exploring Cloud Computing with Amazon Web Services (AWS)Exploring Cloud Computing with Amazon Web Services (AWS)
Exploring Cloud Computing with Amazon Web Services (AWS)
 
Red Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform OverviewRed Hat OpenShift Container Platform Overview
Red Hat OpenShift Container Platform Overview
 

Similar to Kubernetes in Hybrid Environments with Submariner

Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
Kublr
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
Kublr
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
Xiaohui Chen
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
Rohit Agarwalla
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
Kublr
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
Michelle Holley
 
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesBest Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes Services
QAware GmbH
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
Docker, Inc.
 
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Davide Benvegnù
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetes
Oleg Chunikhin
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2
Prem Sankar Gopannan
 
Deploying kubernetes at scale on OpenStack
Deploying kubernetes at scale on OpenStackDeploying kubernetes at scale on OpenStack
Deploying kubernetes at scale on OpenStack
Victor Palma
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
Abhinandan P.b
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarm
Docker, Inc.
 
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
AWS User Group Kochi
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istio
Andrea Monacchi
 
AKS
AKSAKS
AKS
girish goudar
 
Agile OpenStack Networking with Cisco Solutions
Agile OpenStack Networking with Cisco SolutionsAgile OpenStack Networking with Cisco Solutions
Agile OpenStack Networking with Cisco Solutions
Cisco DevNet
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
Sivaprakash
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)
Allan Naim
 

Similar to Kubernetes in Hybrid Environments with Submariner (20)

Intro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on KubernetesIntro into Rook and Ceph on Kubernetes
Intro into Rook and Ceph on Kubernetes
 
Hybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stackHybrid architecture solutions with kubernetes and the cloud native stack
Hybrid architecture solutions with kubernetes and the cloud native stack
 
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
网易云K8S应用实践 | practices for kubernetes cluster provisioning, management and ap...
 
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
BRKDCT-2445 Agile OpenStack Networking with Cisco Solutions - Cisco Live! US ...
 
Kubernetes Ingress 101
Kubernetes Ingress 101Kubernetes Ingress 101
Kubernetes Ingress 101
 
Tungsten Fabric Overview
Tungsten Fabric OverviewTungsten Fabric Overview
Tungsten Fabric Overview
 
Best Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes ServicesBest Practices with Azure Kubernetes Services
Best Practices with Azure Kubernetes Services
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
Consolidating Infrastructure with Azure Kubernetes Service - MS Online Tech F...
 
Application portability with kubernetes
Application portability with kubernetesApplication portability with kubernetes
Application portability with kubernetes
 
Container world hybridnetworking_rev2
Container world hybridnetworking_rev2Container world hybridnetworking_rev2
Container world hybridnetworking_rev2
 
Deploying kubernetes at scale on OpenStack
Deploying kubernetes at scale on OpenStackDeploying kubernetes at scale on OpenStack
Deploying kubernetes at scale on OpenStack
 
Networking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and SwarmNetworking in Docker EE 2.0 with Kubernetes and Swarm
Networking in Docker EE 2.0 with Kubernetes and Swarm
 
Networking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarmNetworking in docker ee with kubernetes and swarm
Networking in docker ee with kubernetes and swarm
 
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
ACDKOCHI19 - Turbocharge Developer productivity with platform build on K8S an...
 
Introduction to istio
Introduction to istioIntroduction to istio
Introduction to istio
 
AKS
AKSAKS
AKS
 
Agile OpenStack Networking with Cisco Solutions
Agile OpenStack Networking with Cisco SolutionsAgile OpenStack Networking with Cisco Solutions
Agile OpenStack Networking with Cisco Solutions
 
Setup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPSSetup Kubernetes Cluster On AWS Using KOPS
Setup Kubernetes Cluster On AWS Using KOPS
 
Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)Openstack days sv building highly available services using kubernetes (preso)
Openstack days sv building highly available services using kubernetes (preso)
 

More from Kublr

Container Runtimes and Tooling, v2
Container Runtimes and Tooling, v2Container Runtimes and Tooling, v2
Container Runtimes and Tooling, v2
Kublr
 
Container Runtimes and Tooling
Container Runtimes and ToolingContainer Runtimes and Tooling
Container Runtimes and Tooling
Kublr
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
Kublr
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
Kublr
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
Kublr
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Kublr
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
Kublr
 
Advanced Scheduling in Kubernetes
Advanced Scheduling in KubernetesAdvanced Scheduling in Kubernetes
Advanced Scheduling in Kubernetes
Kublr
 
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-stepSetting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Kublr
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Kublr
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive Environments
Kublr
 
Building Portable Applications with Kubernetes
Building Portable Applications with KubernetesBuilding Portable Applications with Kubernetes
Building Portable Applications with Kubernetes
Kublr
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
Kublr
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
Kublr
 
Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure Abstraction
Kublr
 
Centralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsCentralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive Environments
Kublr
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
Kublr
 
The Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes ClusterThe Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes Cluster
Kublr
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Kublr
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
Kublr
 

More from Kublr (20)

Container Runtimes and Tooling, v2
Container Runtimes and Tooling, v2Container Runtimes and Tooling, v2
Container Runtimes and Tooling, v2
 
Container Runtimes and Tooling
Container Runtimes and ToolingContainer Runtimes and Tooling
Container Runtimes and Tooling
 
Multi-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with VeleroMulti-cloud Kubernetes BCDR with Velero
Multi-cloud Kubernetes BCDR with Velero
 
Kubernetes Networking 101
Kubernetes Networking 101Kubernetes Networking 101
Kubernetes Networking 101
 
Kubernetes persistence 101
Kubernetes persistence 101Kubernetes persistence 101
Kubernetes persistence 101
 
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and JenkinsPortable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
Portable CI/CD Environment as Code with Kubernetes, Kublr and Jenkins
 
Kubernetes 101
Kubernetes 101Kubernetes 101
Kubernetes 101
 
Advanced Scheduling in Kubernetes
Advanced Scheduling in KubernetesAdvanced Scheduling in Kubernetes
Advanced Scheduling in Kubernetes
 
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-stepSetting up CI/CD Pipeline with Kubernetes and Kublr step by-step
Setting up CI/CD Pipeline with Kubernetes and Kublr step by-step
 
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
Canary Releases on Kubernetes with Spinnaker, Istio, & Prometheus (2020)
 
How to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive EnvironmentsHow to Run Kubernetes in Restrictive Environments
How to Run Kubernetes in Restrictive Environments
 
Building Portable Applications with Kubernetes
Building Portable Applications with KubernetesBuilding Portable Applications with Kubernetes
Building Portable Applications with Kubernetes
 
Introduction to Kubernetes RBAC
Introduction to Kubernetes RBACIntroduction to Kubernetes RBAC
Introduction to Kubernetes RBAC
 
How Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact ReliabilityHow Self-Healing Nodes and Infrastructure Management Impact Reliability
How Self-Healing Nodes and Infrastructure Management Impact Reliability
 
Kubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure AbstractionKubernetes as Infrastructure Abstraction
Kubernetes as Infrastructure Abstraction
 
Centralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive EnvironmentsCentralizing Kubernetes Management in Restrictive Environments
Centralizing Kubernetes Management in Restrictive Environments
 
Kubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive EnvironmentsKubernetes in Highly Restrictive Environments
Kubernetes in Highly Restrictive Environments
 
The Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes ClusterThe Evolution of your Kubernetes Cluster
The Evolution of your Kubernetes Cluster
 
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and PrometheusCanary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
Canary Releases on Kubernetes w/ Spinnaker, Istio, and Prometheus
 
Centralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container OperationsCentralizing Kubernetes and Container Operations
Centralizing Kubernetes and Container Operations
 

Recently uploaded

Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
Donna Lenk
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
Hornet Dynamics
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
Shane Coughlan
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
Łukasz Chruściel
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Crescat
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
Google
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
Max Andersen
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
Roshan Dwivedi
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
Boni García
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
Philip Schwarz
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Neo4j
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
Neo4j
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
Drona Infotech
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Mind IT Systems
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
Paco van Beckhoven
 

Recently uploaded (20)

Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"Navigating the Metaverse: A Journey into Virtual Evolution"
Navigating the Metaverse: A Journey into Virtual Evolution"
 
E-commerce Application Development Company.pdf
E-commerce Application Development Company.pdfE-commerce Application Development Company.pdf
E-commerce Application Development Company.pdf
 
openEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain SecurityopenEuler Case Study - The Journey to Supply Chain Security
openEuler Case Study - The Journey to Supply Chain Security
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf2024 eCommerceDays Toulouse - Sylius 2.0.pdf
2024 eCommerceDays Toulouse - Sylius 2.0.pdf
 
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...
 
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI AppAI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
AI Fusion Buddy Review: Brand New, Groundbreaking Gemini-Powered AI App
 
OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024OpenMetadata Community Meeting - 5th June 2024
OpenMetadata Community Meeting - 5th June 2024
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
Quarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden ExtensionsQuarkus Hidden and Forbidden Extensions
Quarkus Hidden and Forbidden Extensions
 
Launch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in MinutesLaunch Your Streaming Platforms in Minutes
Launch Your Streaming Platforms in Minutes
 
APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)APIs for Browser Automation (MoT Meetup 2024)
APIs for Browser Automation (MoT Meetup 2024)
 
A Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of PassageA Sighting of filterA in Typelevel Rite of Passage
A Sighting of filterA in Typelevel Rite of Passage
 
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissancesAtelier - Innover avec l’IA Générative et les graphes de connaissances
Atelier - Innover avec l’IA Générative et les graphes de connaissances
 
GraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph TechnologyGraphSummit Paris - The art of the possible with Graph Technology
GraphSummit Paris - The art of the possible with Graph Technology
 
Mobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona InfotechMobile App Development Company In Noida | Drona Infotech
Mobile App Development Company In Noida | Drona Infotech
 
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket ManagementUtilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
Utilocate provides Smarter, Better, Faster, Safer Locate Ticket Management
 
Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024Cracking the code review at SpringIO 2024
Cracking the code review at SpringIO 2024
 

Kubernetes in Hybrid Environments with Submariner

  • 1. Hybrid K8S Environments with Submariner Oleg Chunikhin | CTO, Kublr
  • 2. Oleg Chunikhin CTO, Kublr • 25 years in software architecture & development • Working w/ Kubernetes since its release in 2015 • Software architect behind Kublr—an enterprise ready container management platform • @olgch Introductions
  • 3. Automation Ingress Custom Clusters Infrastructure Logging Monitoring Observability API Usage Reporting RBAC IAM Air Gap TLS Certificate Rotation Audit Storage Networking Container Registry CI / CD App Mgmt Infrastructure Container Runtime Kubernetes OPERATIONS SECURITY & GOVERNANCE
  • 4. Service discovery Overlay network Physical network Kubernetes Networking Node 1 172.16.0.10 Node 2 172.16.0.11 Pod 1 100.64.0.10 Pod 2 100.64.0.11 my-service.my-ns.svc.cluster.local infrastructure kubelet, kube-proxy, CNI K8S, coredns Service 100.96.0.10
  • 5. Inter-cluster connectivity Service discovery Overlay network Physical network Node 1 172.16.0.10 Node 2 172.16.0.11 Pod 1 100.64.0.10 Pod 2 100.64.0.11 Service 100.96.0.10 my-service.my-ns.svc.cluster.local infrastructure kubelet, kube-proxy, CNI K8S, coredns Service discovery Overlay network Physical network Node 1 172.18.0.10 Pod 1 100.128.0.10 Service 100.160.0.10 my-service.my-ns.svc.cluster2.local kubelet, kube-proxy, CNI K8S, coredns 1. VPN 2. peering 3. routing 1. VPN 2. CNI 3. routing 1. DNS forwarding 2. SVC export
  • 6. Inter-cluster connectivity Service discovery Overlay network Physical network Node 1 172.16.0.10 Node 2 172.16.0.11 Pod 1 100.64.0.10 Pod 2 100.64.0.11 Service 100.96.0.10 my-service.my-ns.svc.cluster.local infrastructure kubelet, kube-proxy, CNI K8S, coredns Service discovery Overlay network Physical network Node 1 172.16.0.10 Pod 1 100.64.0.10 Service 100.96.0.10 my-service.my-ns.svc.cluster.local kubelet, kube-proxy, CNI K8S, coredns Shared my-service.my-ns.svc.clusterset.local Service 100.160.0.10 VPN + routing
  • 7. Submariner: VPN Worker Node Worker Node Passive Gateway Node Active Gateway Node Gateway Label Gateway Label Public Network Passive Gateway Node Active Gateway Node Gateway Label Gateway Label Worker Node Worker Node Cluster Node Route Agent Gateway Engine VxLAN Traffic IPSEC Traffic Broker Namespace
  • 9. Submariner Components ● Broker ○ No active components; ns used to exchange connection info ● Gateway Engine (managed by operator) ○ Gateway management, failover, reconnection, LB, routing ○ gateway, route agent ● Service discovery (managed by operator) ○ Services export and import ○ lighthouse agent, lighthouse coredns
  • 10. Submariner Responsibilities ● Broker and operator ○ Share and coordinate connection info between clusters ● Gateway Engine (managed by operator) ○ (Re-)configure routes on each node on changes in ■ peered clusters ■ active gateway ■ imported/exported services ○ Failover gateways ○ (Re-)connect ○ Load balancing ● Service discovery (managed by operator) ○ Share service import/export information ○ Serve DNS requests for clusterset.local domain
  • 11. kind: Cluster metadata: name: demo-hybrid-1-aws spec: ... network: apiServerSecurePort: 6443 locations: - name: aws1 aws: ... master: minNodes: 1 ... locations: - aws: ... nodes: - name: group1 minNodes: 3 ... locations: - aws: ... features: monitoring: { ... } packages: submariner-broker: { ... } Cluster Specification Kublr metadata for the cluster - name, space, labels Cluster-wide non provider specific configuration - network, cluster-wide settings, k8s version, etc Infrastructure provider specific cluster-wide configuration - account, access creds, AZs etc Infrastructure provider specific group configuration - AZs, image, group type, zone locking, etc Group-specific non provider specific configuration - k8s options, autoscaling, etc Kublr-specific built-in K8S components Additional custom helm packages
  • 12. kind: Cluster metadata: name: demo-hybrid-1-aws spec: ... network: clusterCIDR: 100.64.0.0/10 dnsDomain: cluster1.local stubDomains: - dns: cluster2.local servers: - 100.128.0.10 locations: - name: aws1 aws: resourcesCloudFormationExtras: SgDefaultSubmariner500: Type: AWS::EC2::SecurityGroupIngress ... ... master: minNodes: 1 ... locations: - aws: groupType: asg-mip mixedInstancesPolicyCloudFormationExtras: ... nodes: - name: group1 minNodes: 3 ... locations: - aws: groupType: asg-mip mixedInstancesPolicyCloudFormationExtras: ... pinToZone: pin availabilityZones: - us-east-1a - us-east-1b - us-east-1c Infrastructure Additional ports for VPN kind: Cluster metadata: name: demo-hybrid-2-azure spec: ... network: clusterCIDR: 100.128.0.0/10 dnsDomain: cluster2.local stubDomains: - dns: cluster1.local servers: - 100.64.0.10 locations: - name: azure1 azure: virtualNetworkSubnetCidrBlock: 172.18.0.0/16 armTemplateExtras: securityGroup: ... ... master: minNodes: 1 ... locations: - azure: armTemplateExtras: ... priority: Spot nodes: - name: group1 minNodes: 3 ... locations: - azure: armTemplateExtras: ... priority: Spot zones: - '1' - '2' - '3' pinToZone: pin Non-intersecting CIDR Mutual discoverability Mixed instance policy and spot instances Multi-zone
  • 13. Beyond the Demo ● Optimization: Resources, Throughput, ... ● Intersecting CIDR ● Failover and load balancing ● CNI Support
  • 15. Q&A