OpenShift/KuryrBridging the infrastructure gap

Vikas ChoudharyAntoni Segura PuimedonLuis Tomás Bolívar

Hybrid workloadsOne infrastructure

What is Kuryr?

❏ Repositories❏ Kuryr: library for common code❏ Kuryr-libnetwork: Docker libnetwork IPAM and remote driver❏ Fuxi: Docker storage driver❏ Kuryr-kubernetes: Kubernetes Controller and CNI driver

❏ Started around August 2015 by Midokura and Huawei to bring production ready networking to containers

❏ OpenStack Big tent project

Why did Kuryr start?

● Operators and vendors wanted to have datacenters under a single networking solution

● We believe Neutron provides valuable, production ready networking abstractions and has a good foothold in datacenters thanks to plugins

● Envisioned a smooth transition to the container world:○ OpenStack services running inside containers○ VMs and containers sharing Neutron virtual topology○ Keystone as a façade to Orgs’ identity and role management○ Ability to transition workloads to containers/microservices at your own pace

What can Kuryr bring you

● A good story around having:○ A single, community sourced networking whether you run containers, VMs or, more likely,

both.○ Leveraging vendor OpenStack support experience in the container space○ A quicker path to Kubernetes & Openshift for users of Neutron networking

● OpenShift + OpenStack support● A future where OpenStack services can be deployed by Kubernetes on

OpenStack managed networking

Kuryr - Kubernetes

Kubernetes integration

● Originally prototyped @Midokura with MidoNet and Python3 only

● Reimplemented upstream with Python2/3 support

● Generic vendor support based on Neutron + os-vif

● Stevedore Plugin based Network Resources acquisition

● Services backed by LBaaS v2● External access with Floating

IPs● Baremetal and container-in-VM

Enter OpenShift

● Open Source PaaS rebuilt around Container Standards

● Leverages Kubernetes● Moving to standardize on CNI

for Network extensions● Brings SELinux isolation to

container environments● Has its own SDN that wraps

Kubernetes networking● Native master HA with haproxy

in front of the masters

OpenShift

Getting it all together

● Replaces kube-proxy and openshift SDN

● Gets networking from pre-existing Keystone + Neutron deployment

● Supports baremetal and Pod-in-VM*

● Kuryr Controller HA**● OpenShift services get

translated to LBaaSv2 entities that vendors can implement

OpenShiftwith Kuryr

Openshift integration

● Leverages the Kubernetes integration

● Giving back Kuryr upstream:○ HTTPS client support

● Neutron plugins:○ ovs hybrid (tested)○ ovs native○ Dragonflow

Controller - CNI pod creation interaction

Kuryr Kubernetes demo

Demo functionality

❏ Connectivity❏ Pod <-> Pod❏ Pod <-> VM

❏ Neutron ovs hybrid mode❏ ManageIQ integration

❏ Pod networking shows up under Networks -> Network Port

Demo

Stay tuned

❏ Connectivity❏ Pod <-> Pod❏ Pod <-> VM❏ Container-in-VM (vlan trunk mode)❏ ExternalIP❏ Neutron native ovs firewall driver

❏ Services❏ LBaaSv2 based service implementation*❏ Replica scaling*

❏ ManageIQ integration❏ Pod networking shows up under Networks -> Network Ports❏ Services show up in Networks -> Load Balancers*

Q&A