Antrea

Antrea Logo

Build Status

Go Report CardCII Best PracticesLicense

GitHub release

Overview

Antrea is a Kubernetes networking solution intended to be Kubernetes native. It operates at Layer3/4 to provide networking and security services for a Kubernetes cluster, leveraging

Open vSwitch as the networking data plane.

Antrea Overview

Open vSwitch is a widely adopted high-performance programmable virtual switch; Antrea leverages it to implement Pod networking and security features. For instance, Open vSwitch enables Antrea to implement Kubernetes Network Policies in a very efficient manner.

Prerequisites

Antrea has been tested with Kubernetes clusters running version 1.16 or later.

  • NodeIPAMController must be enabled in the Kubernetes cluster.
    When deploying a cluster with kubeadm the --pod-network-cidr <cidr> option must be specified.
  • Open vSwitch kernel module must be present on every Kubernetes node.

Getting Started

Getting started with Antrea is very simple, and takes only a few minutes. See how it’s done in the Getting started document.

Contributing

The Antrea community welcomes new contributors. We are waiting for your PRs!

Also check out @ProjectAntrea on Twitter!

Features

  • Kubernetes-native: Antrea follows best practices to extend the Kubernetes APIs and provide familiar abstractions to users, while also leveraging Kubernetes libraries in its own implementation.
  • Powered by Open vSwitch: Antrea relies on Open vSwitch to implement all networking functions, including Kubernetes Service load-balancing, and to enable hardware offloading in order to support the most demanding workloads.
  • Run everywhere: Run Antrea in private clouds, public clouds and on bare metal, and select the appropriate traffic mode (with or without overlay) based on your infrastructure and use case.
  • Windows Node support: Thanks to the portability of Open vSwitch, Antrea can use the same data plane implementation on both Linux and Windows Kubernetes Nodes.
  • Comprehensive policy model: Antrea provides a comprehensive network policy model, which builds upon Kubernetes Network Policies with new features such as policy tiering, rule priorities and cluster-level policies.
  • Troubleshooting and monitoring tools: Antrea comes with CLI and UI tools which provide visibility and diagnostics capabilities (packet tracing, policy analysis, flow inspection). It exposes Prometheus metrics and supports exporting network flow information which can be visualized in Kibana dashboards.
  • Encryption: Encryption of inter-Node Pod traffic with IPsec tunnels when using an overlay Pod network.
  • Easy deployment: Antrea is deployed by applying a single YAML manifest file.

Refer to the Changelog for a detailed list of features introduced for each version release.

Roadmap

We are adding features very quickly to Antrea. Check out the list of features we are considering on our Roadmap page. Feel free to throw your ideas in!

License

Antrea is licensed under the Apache License, version 2.0