Kuryr is a networking solution that bridges the gap between containers and traditional VMs by leveraging OpenStack's Neutron service, enabling users to manage both workloads under a single networking solution. Initially developed by Midokura and Huawei in 2015, Kuryr provides seamless integration with Kubernetes and OpenShift, allowing for the deployment of OpenStack services within a containerized environment. Key features include support for multiple networking plugins, high availability, and connectivity between pods and VMs, enhancing the operational synergy of hybrid workloads.

1. OpenShift/Kuryr
Bridging the infrastructure gap
Vikas Choudhary
Antoni Segura Puimedon
Luis Tomás Bolívar

2. Hybrid workloads
One infrastructure

3. What is Kuryr?
❏ Repositories
❏ Kuryr: library for common code
❏ Kuryr-libnetwork: Docker libnetwork IPAM and remote driver
❏ Fuxi: Docker storage driver
❏ Kuryr-kubernetes: Kubernetes Controller and CNI driver
❏ Started around August 2015 by Midokura and Huawei to bring production
ready networking to containers
❏ OpenStack Big tent project

4. Why did Kuryr start?
● Operators and vendors wanted to have datacenters under a single
networking solution
● We believe Neutron provides valuable, production ready networking
abstractions and has a good foothold in datacenters thanks to plugins
● Envisioned a smooth transition to the container world:
○ OpenStack services running inside containers
○ VMs and containers sharing Neutron virtual topology
○ Keystone as a façade to Orgs’ identity and role management
○ Ability to transition workloads to containers/microservices at your own pace

5. What can Kuryr bring you
● A good story around having:
○ A single, community sourced networking whether you run containers, VMs or, more likely,
both.
○ Leveraging vendor OpenStack support experience in the container space
○ A quicker path to Kubernetes & Openshift for users of Neutron networking
● OpenShift + OpenStack support
● A future where OpenStack services can be deployed by Kubernetes on
OpenStack managed networking

6. Kuryr - Kubernetes

7. Kubernetes
integration
● Originally prototyped
@Midokura with MidoNet and
Python3 only
● Reimplemented upstream with
Python2/3 support
● Generic vendor support based
on Neutron + os-vif
● Stevedore Plugin based
Network Resources acquisition
● Services backed by LBaaS v2
● External access with Floating
IPs
● Baremetal and container-in-VM

8. Enter OpenShift

9. ● Open Source PaaS rebuilt
around Container Standards
● Leverages Kubernetes
● Moving to standardize on CNI
for Network extensions
● Brings SELinux isolation to
container environments
● Has its own SDN that wraps
Kubernetes networking
● Native master HA with haproxy
in front of the masters
OpenShift

10. Getting it all together

11. ● Replaces kube-proxy and
openshift SDN
● Gets networking from
pre-existing Keystone + Neutron
deployment
● Supports baremetal and
Pod-in-VM*
● Kuryr Controller HA**
● OpenShift services get
translated to LBaaSv2 entities
that vendors can implement
OpenShift
with Kuryr

12. Openshift
integration
● Leverages the Kubernetes
integration
● Giving back Kuryr upstream:
○ HTTPS client support
● Neutron plugins:
○ ovs hybrid (tested)
○ ovs native
○ Dragonflow

13. Controller - CNI pod creation interaction

14. Kuryr Kubernetes demo

15. Demo functionality
❏ Connectivity
❏ Pod <-> Pod
❏ Pod <-> VM
❏ Neutron ovs hybrid mode
❏ ManageIQ integration
❏ Pod networking shows up under Networks -> Network Port

16. Demo

17. Stay tuned
❏ Connectivity
❏ Pod <-> Pod
❏ Pod <-> VM
❏ Container-in-VM (vlan trunk mode)
❏ ExternalIP
❏ Neutron native ovs firewall driver
❏ Services
❏ LBaaSv2 based service implementation*
❏ Replica scaling*
❏ ManageIQ integration
❏ Pod networking shows up under Networks -> Network Ports
❏ Services show up in Networks -> Load Balancers*

18. Q&A