Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

LF_OVS_17_OVN and Containers - An update.

Open vSwitch Fall Conference 2017

  • Loggen Sie sich ein, um Kommentare anzuzeigen.

LF_OVS_17_OVN and Containers - An update.

  1. 1. OVN and Containers Guru Shetty <guru@ovn.org> November 16-17, 2017 | San Jose, CA
  2. 2. Integration with OVS br-int 1. ovs-vsctl add-br br-int 2. ip netns add ns1 ns1 3. ip link add p0_l type veth peer name p0_c 4. ip link set p0_c netns ns1 5. ip netns exec p0_c ip link set dev p0_c name eth0 6. ovs-vsctl add-port br-int p0_l eth0 ns2 eth0
  3. 3. Integration with OVN br-int ns1 eth0 ovs-vsctl add-port br-int p0_l p0_l ovs-vsctl set interface p0_l external- ids:iface-id=“port0” ovn-nbctl ls-add ls0 ovn-nbctl lsp-add ls0 port0 -- lsp-set-addresses port0 “$MAC $IP” host1 br-int ns2 eth0 p0_l host2 ovs-vsctl add-port br-int p0_l -- set interface p0_l external-ids:iface- id=“port1” ovn-nbctl lsp-add ls0 port1 -- lsp-set- addresses port1 “$MAC $IP”
  4. 4. Integration with container orchestrators br-int pod1 eth0 p0_l host kubectl create -f pod1.yaml kubeletplugin ovs-vsctl add-port br-int p0_l ovs-vsctl set interface p0_l external-ids:iface- id=“port0” ovn-nbctl lsp-add ls0 port0 -- lsp-set-addresses port0 “$MAC $IP” kubectl delete -f pod1.yaml
  5. 5. OVN objects • Logical Switch Port • Logical Switch • Logical Router • ACL • Load-balancers • DHCP and DNS • Gateways and NAT
  6. 6. Popular Orchestrators • Docker • Docker Swarm • Kubernetes • Mesos and DC/OS
  7. 7. Kubernetes • A pod is a group of containers that share the same network namespace. • Containers inside a pod speak via localhost with each other. • A host can have multiple pods. • pods speak to each other via their pod IP. • All pods in a cluster should be able to talk to each other via their own IP. • A pod should also be able to speak to Kubernetes central daemons. • Pods are fungible. They can be destroyed and re-created in a different host with a different IP.
  8. 8. OVN networking for kubernetes P1 OVS master 1. kubernetes central daemons 2. OVN database and daemons OVS P2 P3 P4 P5 P6 minion2minion1 ovn-controller ovn-controller cni cni healt h check healt h check
  9. 9. OVN networking for kubernetes S R P1 P2 P3 P4 P5 P6 S Master Logical Space S healthhealth
  10. 10. OVN Kubernetes north/south networking R S S S GR1 GR2 GR3 join
  11. 11. Kubernetes Services • A Service is a front end to a Pod (or group of pods) • Pods discover each other via the Service IP or service name. • The service IP is constant (a VIP), but the pods backing it can change. • Service discovery by application happens either via DNS or via Environmental variables. • Each service has a set of endpoint objects (pods) that can be queried. 11
  12. 12. OVN Kubernetes Watcher • Continuously watches K8s API server. • Creates a logical port when a pod gets created. • Creates load-balancer entries in OVN when services are created. • Creates ACLs in OVN when kubernetes network policy is created.
  13. 13. Multi-tenancy in Kubernetes • OVN and Network Virtualization shines. • Kubernetes seen as an application deployment tool. • Preference for multiple kubernetes clusters.
  14. 14. Service mesh in Kubernetes • Each pod has an Envoy container to act as a proxy • iptables rules inside the pods • Envoy can do the load-balancing
  15. 15. Questions • https://github.com/openvswitch/ovn-kubernetes/