Configuring Kuryr SDN

Kuryr SDN and OKD

Kuryr (or more specifically Kuryr-Kubernetes) is an SDN solution built using CNI and OpenStack Neutron. Its advantages include being able to use a wide range of Neutron SDN backends and providing inter-connectivity between Kubernetes pods and OpenStack virtual machines (VMs).

Kuryr-Kubernetes and OKD integration is primarily designed for OKD clusters running on OpenStack VMs. Kuryr-Kubernetes components are installed as pods on OKD in the kuryr namespace:

  • kuryr-controller - a single service instance, installed on an infra node. Modeled in OKD as a Deployment.

  • kuryr-cni - container installing and configuring Kuryr as CNI driver on each OKD node. Modeled in OKD as a DaemonSet.

The Kuryr controller watches the OpenShift API server for pod, service, and namespace create, update, and delete events. It maps the OKD API calls to corresponding objects in Neutron and Octavia. This means that every network solution that implements the Neutron trunk port functionality can be used to back OKD via Kuryr. This includes open source solutions such as OVS and OVN as well as Neutron-compatible commercial SDNs.

Installing Kuryr SDN

For the Kuryr SDN installation on an OpenStack cloud, you must follow the steps described in the OpenStack configuration documentation.

Verification

Once the installation of OKD is finished, you can check if Kuryr pods are deployed successfully:

  1. $ oc -n kuryr get pods -o wide
  2. NAME                                READY     STATUS    RESTARTS   AGE       IP              NODE
  3. kuryr-cni-ds-66kt2                  2/2       Running   0          3d        192.168.99.14   infra-node-0.openshift.example.com
  4. kuryr-cni-ds-ggcpz                  2/2       Running   0          3d        192.168.99.16   master-0.openshift.example.com
  5. kuryr-cni-ds-mhzjt                  2/2       Running   0          3d        192.168.99.6    app-node-1.openshift.example.com
  6. kuryr-cni-ds-njctb                  2/2       Running   0          3d        192.168.99.12   app-node-0.openshift.example.com
  7. kuryr-cni-ds-v8hp8                  2/2       Running   0          3d        192.168.99.5    infra-node-1.openshift.example.com
  8. kuryr-controller-59fc7f478b-qwk4k   1/1       Running   0          3d        192.168.99.5    infra-node-1.openshift.example.com

kuryr-cni pods run on every OKD node. Single kuryr-controller instances run on any of the infra nodes.

Network policies and nodeport services are not supported when Kuryr SDN is enabled.