[openstack-dev] [tripleo][kolla][openstack-helm][kuryr] OpenStack on containers leaveraging kuryr

Dan Sneddon dsneddon at redhat.com
Thu Feb 9 21:00:48 UTC 2017

Pete, thanks for mentioning network isolation and segmentation. That's
my area of interest, since I'm focused on underlay networking for
TripleO and bare-metal networking in Ironic.

Network isolation is going to be important for several reasons:

1) Separation of control and data plane in deployments
2) Tenant isolation in multi-tenant Ironic BMaaS
3) Network Function Virtualization (NFV) use cases

The intention of the isolated networking model for TripleO was to
separate control and data plane, as well as tenant from administrative
traffic. A secondary goal was to make this highly configurable and
customizable. This has been well received by many operators who have
rigid security isolation requirements (such as PCI-DSS for financial
transactions), or those who customize their underlay network to
integrate into an existing networking topology. I'm thinking about how
to do something similar in Kubernetes, perhaps with Kuryr.

The Harbor project looks very interesting. Do you have any more
information about how Harbor uses Raven to achieve isolation? Also, are
you saying that Harbor uses an older (prototype) version of Raven, or
are you referring to Raven itself as a prototype?

I'll be at the PTG Tuesday through Friday morning. I'm looking forward
to having some conversations about this topic.

Dan Sneddon         |  Senior Principal OpenStack Engineer
dsneddon at redhat.com |  redhat.com/openstack
dsneddon:irc        |  @dxs:twitter

On 02/09/2017 09:56 AM, Pete Birley wrote:
> Hi Flavio,
> I've been doing some work on packaging Kuryr for use with K8s as an
> underlay for OpenStack on Kubernetes. When we met up in Brno the Harbor
> project I showed you used Tony's old Raven Prototype to provide the
> network isolation and segmentation in K8s. I've since begun to lay the
> groundwork for OpenStack-Helm to support similar modes of operation,
> allowing both service isolation and also combined networking between
> OpenStack and K8s, where pods and VMs can co-exist on the same Neutron
> Networks.
> I'm not sure I will have things fully functional within OpenStack-Helm
> by the PTG, but it would be great to sit down and work out how we can
> ensure that not only do we not end up replicating work needlessly, but
> also find further opportunities to collaborate. I'll be in Atlanta all
> week, though I think some of the OS-Helm and Kolla-K8s developers will
> be leaving on Wed, would a particular day/time work best for you?
> Cheers
> Pete (portdirect)
> On Thu, Feb 9, 2017 at 8:57 AM, Flavio Percoco <flavio at redhat.com
> <mailto:flavio at redhat.com>> wrote:
>     Greetings,
>     I was talking with Tony and he mentioned that he's recording a new
>     demo for
>     kuryr and, well, it'd be great to also use the containerized version
>     of TripleO
>     for the demo.
>     His plan is to have this demo out by next week and that may be too
>     tight for the
>     containerized version of TripleO (it may be not, let's try). That
>     said, I think
>     it's still a good opportunity for us to sit down at the PTG and play
>     with this a
>     bit further.
>     So, before we set a date and time for this, I wanted to extend the
>     invite to
>     other folks and see if there's some interest. It be great to also
>     have folks
>     from Kolla and openstack-helm joining.
>     Looking forward to hearing ideas and hacking with y'all,
>     Flavio
>     -- 
>     @flaper87
>     Flavio Percoco
>     __________________________________________________________________________
>     OpenStack Development Mailing List (not for usage questions)
>     Unsubscribe:
>     OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
>     <http://OpenStack-dev-request@lists.openstack.org?subject:unsubscribe>
>     http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
>     <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev>
> -- 
> Port.direct <https://port.direct>
> Pete Birley / Director 
> pete at port.direct <mailto:pete at port.direct> / +447446862551
> United Kingdom 
> https://port.direct
> This e-mail message may contain confidential or legally privileged
> information and is intended only for the use of the intended
> recipient(s). Any unauthorized disclosure, dissemination, distribution,
> copying or the taking of any action in reliance on the information
> herein is prohibited. E-mails are not secure and cannot be guaranteed to
> be error free as they can be intercepted, amended, or contain viruses.
> Anyone who communicates with us by e-mail is deemed to have accepted
> these risks. Port.direct is not responsible for errors or omissions in
> this message and denies any responsibility for any damage arising from
> the use of e-mail. Any opinion and other statement contained in this
> message and any attachment are solely those of the author and do not
> necessarily represent those of the company.
> __________________________________________________________________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

More information about the OpenStack-dev mailing list