1. Documentation
×

Configuring Kuryr SDN

Kuryr SDN and OpenShift Origin

Kuryr (or more specifically Kuryr-Kubernetes) is an SDN solution built using CNI and OpenStack Neutron. Its advantages include being able to use a wide range of Neutron SDN backends and providing interconnectivity between Kubernetes pods and OpenStack virtual machines (VMs).

Kuryr-Kubernetes and OpenShift Origin integration is primarily designed for OpenShift Origin clusters running on OpenStack VMs. Kuryr-Kubernetes components are installed as pods on OpenShift Origin in the kube-system namespace:

  • kuryr-controller - a single service instance, installed on any node. Modeled in OpenShift Origin as a Deployment.

  • kuryr-cni - container installing and configuring Kuryr as CNI driver on each OpenShift Origin node. Modeled in OpenShift Origin as a DaemonSet.

Installation

In the Ansible nodes file, specify the following parameters in order to set up Kuryr-Kubernetes as the network plug-in:

 # Enable Kuryr.
 openshift_use_openshift_sdn=False
 openshift_use_kuryr=True
 os_sdn_network_plugin_name=cni

 # Set userspace so that there are no iptables remains.
 openshift_node_proxy_mode='userspace'

 # Disable management of the OpenShift Registry and OpenShift Router. If you
 # need those services, install them manually after OpenShift deployment using
 # `oadm`. This way services will get correct IPs provided by Kuryr.
 openshift_hosted_manage_registry=false
 openshift_hosted_manage_router=false

 # Keystone URL.
 kuryr_openstack_auth_url=http://127.0.0.1/identity

 # OpenStack domain name of user owning Kuryr resources.
 kuryr_openstack_user_domain_name=default

 # OpenStack project name of user owning Kuryr resources.
 kuryr_openstack_user_project_name=admin

 # OpenStack project id for Kuryr resources.
 kuryr_openstack_project_id=ec0b31802fd043c08bc15b74d2f9a3d3

 # OpenStack username that will own kuryr resources.
 kuryr_openstack_username=admin

 # Password for that user.
 kuryr_openstack_password=password

 # Default Neutron security groups' IDs for Kubernetes pods
 kuryr_openstack_pod_sg_id=f74c83a8-a520-421a-930e-21b6cd098c6a,01f85594-9950-4ded-a92c-5ad546a41188

 # Default Neutron subnet ID for Kubernetes pods.
 kuryr_openstack_pod_subnet_id=c85cdee6-0ed1-4d8f-ae61-7afa4674b311

 # Default OpenStack project ID for Kubernetes resources.
 kuryr_openstack_pod_project_id=ec0b31802fd043c08bc15b74d2f9a3d3

 # Neutron subnet ID for Kubernetes worker node VMs.
 kuryr_openstack_worker_nodes_subnet_id=477cfa49-e641-4d31-a7b5-5bc834743f61

 # Default Neutron subnet ID for Kubernetes services.
 kuryr_openstack_service_subnet_id=3b31a106-4084-4db9-bc0c-00b97afe186e

Verification

Once the installation of OpenShift Origin is finished, you can check if Kuryr pods are deployed successfully:

 $ oc get pods --all-namespaces -o wide
 NAMESPACE     NAME                                READY     STATUS    RESTARTS   AGE       IP           NODE
 kube-system   kuryr-cni-ds-77hkc                  1/1       Running   0          12m       10.11.0.5    10.11.0.5
 kube-system   kuryr-cni-ds-9v8zs                  1/1       Running   0          12m       10.11.0.14   10.11.0.14
 kube-system   kuryr-cni-ds-f9k0b                  1/1       Running   0          12m       10.11.0.11   10.11.0.11
 kube-system   kuryr-cni-ds-pxthn                  1/1       Running   0          12m       10.11.0.8    10.11.0.8
 kube-system   kuryr-cni-ds-t1m0s                  1/1       Running   0          12m       10.11.0.10   10.11.0.10
 kube-system   kuryr-controller-4121192376-1vl1k   1/1       Running   0          1h        10.11.0.8    10.11.0.8

kuryr-cni pods should run on every OpenShift Origin node. Single kuryr-controller instance should run on any of the nodes.