OpenContrail – Kubernetes Integration

Kubernetes is rapidly gaining momentum as an efficient way to manage containerized applications in a clustered environment. As applications become more dynamic and based on highly distributed and portable application components, Kubernetes helps ease the management of related distributed components across heterogeneous infrastructure.

OpenContrail developers have been working on a kubernetes-contrail plugin designed to stitch the cluster management capabilities of Kubernetes with the network service automation capabilities of OpenContrail.   Given the event-driven abstractions of pods and services inherent in Kubernetes, it is a simple extension to address network service enforcement by leveraging OpenContrail’s Virtual Network policy approach and programmatic API’s.

This eliminates unnecessary proxies and ensures a resilient, scale-out networking implementation that addresses the access control requirements and simplifies the inter-operability with existing mixed vendor IP network services.

The initial OpenContrail – Kubernetes prototype was captured in this blog post and a brief demo video of the evolved Kubernetes + OpenContrail plugin integration (based on the initial prototype) is available here:

Demo: OpenContrail-Kubernetes

In this Kubernetes setup, kube-network-manager plugin runs in kubernetes master node, registers to kube-apiserver, listens to creation/deletion/update events for pods and services, generates appropriate virtual-networks and policies configuration automatically from the kubernetes objects configuration (pods, services, etc.), and applies/injects them into OpenContrail API server.

In the nodes, there is a small plugin as well which is invoked directly by kubelet during docker container networking setup.This opencontrail-kubernetes plugin removes docker interface out of the docker bridge and remaps it into vrouter (OpenContrail forwarding kernel module). From there, all networking is handled by OpenContrail and hence, obviates kube-proxy entirely (the Kubernetes component which provides networking to pods using iptables-NAT and port redirection)

Note: This plugin development is in trials, but can be applied to any model designed to integrate Kubernetes like interface with OpenContrail.

Congratulations to the Kubernetes community on the Kubernetes 1.0 launch this week. We have already seen many OpenContrail community members following this open source project with anticipation, and we look forward to working together to scale, automate and simplify cloud application deployments across dynamic networked environments.

—– Thanks to Ananth Suryanarayana in helping with enabling this integration