[openstack-dev] [kuryr] Does Kuryr support multi-tenant

Liping Mao (limao) limao at cisco.com
Tue Jan 26 07:58:53 UTC 2016 

Hi Gal,

Thanks for your answer.

>The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal
>server then Kuryr already support this. (by tenant credential configuration)

   I understand kuryr can configure with tenant credential, but we still need neutron-openvswitch-agent on
the bare-metal server, it need admin account…

Thanks.

Regards,
Liping Mao

From: Gal Sagie <gal.sagie at gmail.com<mailto:gal.sagie at gmail.com>>
Reply-To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: 2016年1月26日 星期二 下午12:47
To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

Hi Liping Mao,

The question is what you mean by multi-tenancy, if you mean that different tenants each control their own bare-metal
server then Kuryr already support this. (by tenant credential configuration)

If what i think you mean, and thats running multi tenants on the same bare-metal then the problem
here is that Docker and Kubernetes doesnt support something like that either (mostly for security reasons) and
the networking is just part of it (Which is what Kuryr focus on).
For this, you usually pick with what Magnum offer and thats running containers inside tenant VMs.

However, there are some interesting technologies and open source projects which enable
something like that and we are evaluating them, its definitely a long term goal for us.



On Tue, Jan 26, 2016 at 5:06 AM, Liping Mao (limao) <limao at cisco.com<mailto:limao at cisco.com>> wrote:
Thanks Mohammad for your clear explanation.
Do we have any way or roadmap or idea to support kuryr in multi-tenant in bare metal servers now?

Thanks.

Regards,
Liping Mao


From: Mohammad Banikazemi <mb at us.ibm.com<mailto:mb at us.ibm.com>>
Reply-To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: 2016年1月26日 星期二 上午2:35
To: OpenStack List <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Subject: Re: [openstack-dev] [kuryr] Does Kuryr support multi-tenant


Considering that the underlying container technology is not multi-tenant (as of now), your observation is correct in that all neutron resources are made for a single tenant. Until Docker supports multi tenancy, we can possibly use network options and/or wrappers for docker/swarm clients to achieve some kind of multi tenancy support. Having said that, I should add that as of now we do not have such a feature in Kuryr.

Best,

Mohammad


[Inactive hide details for "Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi  Kuryr guys, I'm a new bee in kuryr, and using de]"Liping Mao (limao)" ---01/25/2016 06:39:44 AM---Hi Kuryr guys, I'm a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kur

From: "Liping Mao (limao)" <limao at cisco.com<mailto:limao at cisco.com>>
To: "OpenStack Development Mailing List (not for usage questions)" <openstack-dev at lists.openstack.org<mailto:openstack-dev at lists.openstack.org>>
Date: 01/25/2016 06:39 AM
Subject: [openstack-dev] [kuryr] Does Kuryr support multi-tenant

________________________________



Hi Kuryr guys,

I’m a new bee in kuryr, and using devstack to try kuryr now, I notice when I use kuryr to create network/port for container, the resources are in “admin”.
Do kuryr support multi-tenant now? For example, if I want try kuryr in demo tenant, how can I do this?

Thanks for your help and any help would be appreciated.

Regards,
Liping Mao__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org<mailto:OpenStack-dev-request at lists.openstack.org>?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe<http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev




--
Best Regards ,

The G.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160126/6b848e26/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: graycol.gif
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20160126/6b848e26/attachment.gif>

More information about the OpenStack-dev mailing list