RETIRED, Kubernetes integration with OpenStack networking

Go to file

Michał Dulko 8d8b84ca13 CNI: Confirm pods in cache before connecting In highly distributed environment like Kubernetes installation with Kuryr, we need to plan for network outages in any case. If we don't, we end up with bugs like one this patch tries to fix. If we'd lose a Pod delete event on kuryr-daemon following can happen: 1. Pod A of name "foo" gets created. 2. It gets annotated normally and CNI ADD request gives it an IP X. 3. Pod A gets deleted. 4. Somehow the delete event gets lost on kuryr-daemon's watcher. 5. CRI sends CNI DEL request and pod gets unplugged successfully. It never gets deleted from the daemon's registry, because we never got the Pod delete event from K8s API. 6. Pod B of the same name "foo" gets created. 7. CNI looks up registry by <namespace>/<pod>, finds old VIF there and plugs pod B with pod A's VIF X. 8. kuryr-controller never notices that and assigns IP X to another pod. 9. We get an IP conflict. To solve the issue this patch makes sure that when handling ADD CNI calls, we always get the pod from K8s API first, and if uid of the API one doesn't match the one in the registry, we remove the registry entry. That way we can make sure the pod we've cached isn't stale. This adds one K8s API call per CNI ADD request, which is a significant load increase, but hopefully the K8s API can handle it. Closes-Bug: 1854928 Change-Id: I9916fca41bd917d85be973b8625b65a61139c3b3		2020-05-20 17:58:08 +02:00
.zuul.d	Pin OVN to branch-20.03	2020-05-07 16:32:32 +02:00
contrib	Removing six library.	2020-02-28 14:45:46 +01:00
devstack	Ignore errors when removing containers in DevStack	2020-05-12 10:02:33 +00:00
doc	Use VFs for DPDK apps in pods inside VM	2020-05-12 13:08:22 +00:00
etc	Proceed CNI output in format of version 0.3.1	2018-07-04 13:04:35 +00:00
kubernetes_crds	Preserve unknown in remote_ip_prefixes in NP CRD	2020-03-18 11:58:14 +01:00
kuryr_cni	Log CNI_ARGS and CNI_NETNS in kuryr-cni	2020-03-04 13:49:58 +01:00
kuryr_kubernetes	CNI: Confirm pods in cache before connecting	2020-05-20 17:58:08 +02:00
playbooks	Switch to use Ubuntu Bionic Octavia Amphora	2019-12-03 16:30:24 +01:00
releasenotes	Update master for stable/ussuri	2020-04-23 15:26:49 +00:00
tools	Add option cafile default value in kuryr-controller's config	2020-04-22 09:49:03 +08:00
.coveragerc	tox: fix coverage	2016-11-18 10:14:56 +03:00
.dockerignore	ignore docker files for better docker image reuse	2020-03-16 16:40:57 +03:00
.gitignore	ignore Editor tags	2018-09-25 12:16:08 +02:00
.gitreview	OpenDev Migration Patch	2019-04-19 19:44:54 +00:00
.pre-commit-config.yaml	Add support for pre-commit-hooks	2018-09-27 13:05:43 +02:00
.stestr.conf	Switch to using stestr	2018-07-16 15:43:10 +00:00
.testr.conf	cookiecutter commit for kuryr-kubernetes	2016-05-22 08:54:07 +03:00
babel.cfg	cookiecutter commit for kuryr-kubernetes	2016-05-22 08:54:07 +03:00
cni_ds_init	Implement kuryr-cni in golang	2019-06-17 12:58:37 +02:00
cni.Dockerfile	Upgrade centos in dockerfiles	2020-04-24 13:46:13 +02:00
CONTRIBUTING.rst	[ussuri][goal] Update contributor docs	2020-04-23 12:00:44 +02:00
controller.Dockerfile	Upgrade centos in dockerfiles	2020-04-24 13:46:13 +02:00
HACKING.rst	Fix inconsistency in headlines format.	2019-11-13 11:39:10 +01:00
LICENSE	cookiecutter commit for kuryr-kubernetes	2016-05-22 08:54:07 +03:00
lower-constraints.txt	Removing six library.	2020-02-28 14:45:46 +01:00
README.rst	Change inline hyperlinks to link-target pairs.	2019-11-13 12:50:05 +01:00
requirements.txt	Removing six library.	2020-02-28 14:45:46 +01:00
setup.cfg	Merge "Support DPDK application on bare-metal host"	2020-03-17 15:31:39 +00:00
setup.py	Updated from global requirements	2017-03-15 12:44:19 +00:00
test-requirements.txt	Fix hacking min version to 3.0.1	2020-05-13 10:24:05 +02:00
tox.ini	Remove Python 2 support	2019-11-19 12:34:54 +01:00

README.rst

Team and repository tags

Project description

Kubernetes integration with OpenStack networking

The OpenStack Kuryr project enables native Neutron-based networking in Kubernetes. With Kuryr-Kubernetes it's now possible to choose to run both OpenStack VMs and Kubernetes Pods on the same Neutron network if your workloads require it or to use different segments and, for example, route between them.

Free software: Apache license
Documentation: https://docs.openstack.org/kuryr-kubernetes/latest
Source: https://opendev.org/openstack/kuryr-kubernetes
Bugs: https://bugs.launchpad.net/kuryr-kubernetes
Overview and demo: https://superuser.openstack.org/articles/networking-kubernetes-kuryr
Release notes: https://docs.openstack.org/releasenotes/kuryr-kubernetes/

Contribution guidelines

For the process of new feature addition, refer to the Kuryr Policy.