Underlay mode solve double overlay? about ovn-kubernetes HOT 8 CLOSED

Thanks for raising this question... the answer is: "Yes it will (at least I hope)!"

@shettyg did some PoC code for the underlay mode a while ago: https://github.com/shettyg/ovn-k8s-poc

We will probably need some tweak to the logic for creating logical ports, but most watcher operations should be the same as for the overlay mode. The CNI plugin will then take care of configuring the appropriate VLAN id for the container interface on a OVS bridge instance running on the node.

from ovn-kubernetes.

I guess the larger question is whether we should do the OpenStack integration here or let Kuyr do it from northbound and OVN will be the backend.

The only trickiness here is whether we should offload east-west load-balancing to OpenStack APIs or do it in individual VMs with our own kube-proxy type agent that programs OVS in the VM just for LB. If we choose the later approach, it should be fairly straightforward - maybe a week or two's work to add the integration.

from ovn-kubernetes.

Well, I avoided on purpose bringing up OpenStack...
If OpenStack is managing the underlay, then in my opinion the first option should be for Kuryr to drive OVN NB. This mostly because OpenStack deployers would pick that first.
Doing OpenStack integration as a part of this project is another - and secondary - option imho.

Then a question larger than your larger question is what we should do when the underlay=OpenStack.

As for E/W load balancing, I think we will be a lot better off with our own agent which leverages CT-NAT to translate service IPs into Pod IPs.

from ovn-kubernetes.

Thanks for your answer
I think have a Kuryr intergration is good option when run on OpenStack
By the way, if I run OpenStack neutron-OVN and Kubernetes OVN (underlay mode) on OpenStack's VM, they (pods and VMs) will connect same virtual network, mean solve double overlay? I read it from article
https://blog.russellbryant.net/2015/04/08/ovn-and-openstack-integration-development-update/

This initial design allows hooking up VMs or containers to OVN managed virtual networks. There was an update to the design merged that addresses the use case of running containers inside of VMs. It seems like most existing work just creates another layer of overlay networks for containers. What’s interesting about this proposal is that it allows you to connect those containers directly to the OVN managed virtual networks. In the OpenStack world, that means you could have your containers hooked up directly to virtual networks managed by Neutron. Further, the container hosting VM and all of its containers do not have to be connected to the same network and this works without having to create an extra layer of overlay networks.

Please tell me If I wrong!
Thanks

from ovn-kubernetes.

@CBR09

You will need to use neutron-OVN and Kuryr (depending on when it has the ability for underlay mode) without using this repo. OVN itself has the capability to avoid double overlays. But, you will need something to configure OVN. So it will be Kuryr for you.

from ovn-kubernetes.

Hi @shettyg
I understand when using Kuryr to translate to neutron networking, it will solve double overlay
But what purpose ovn-kubernetes with "underlay" mode for?. I saw

Some use cases for the underlay mode.

1. One big use case (after speaking to many potential and current
   deployers of containers) is the ability to have seamless connectivity
   between your existing services (in VMs and Physical machines) with
   your new applications running in your containers in a k8 cluster. This
   means that you need a way to connect your containers running in a k8
   cluster on top of VMs access your physical machines and other VMs.
   Doing something like this in a secure way needs the support for
   "underlay" mode.
   ......
   from https://patchwork.ozlabs.org/patch/534113/

I thought when I run k8s with ovn-kubernetes underlay mode on top openstack's vms, containers can connect to other VMs and don't have double overlay issue.
Thanks

from ovn-kubernetes.

So what purpose ovn-kubernetes with "underlay" mode for?

Non-OpenStack.

I thought when I run k8s on top openstack's vms, containers can connect to VMs and don't have double overlay issue.

OVN has the capability. But you still need someone to write the OpenStack APIs. As you mentioned, you would rather Kuryr do it, right?

If not and and you are a developer familiar with OpenStack APIs, and are willing to work on it to add it to this repo, then all you need to start with is to write a new file called openstack.py similar to
https://github.com/openvswitch/ovn-kubernetes/blob/master/ovn_k8s/modes/overlay.py

You don't even need to write anything related to load_balancers, but just creation and deletion of logical ports to start with.

from ovn-kubernetes.

I will think about it and choose the right way for me, thank for your detailed explanation and have a nice day!.

from ovn-kubernetes.