Kubernetes Technical Analysis of OpenVSwitch

Docker's popularity has always been tepid PaaS, with the emergence of various types of Micro-PaaS, Kubernetes is one of the most representative of it, it is Google for many years of large-scale container management Open source version of the technology. This series of articles will analyze Kubernetes one by one, this article describes how to use OpenVSwitch to achieve Kubernetes network model.

Kubernetes + OpenVSwitch

Kubernetes is a flat network model, each Pod has a globally unique IP (IP-per-pod), Pod can communicate across the host, Docker and can not support the container cross-host communication, so the need to enhance the Docker , The existing programs are Flannel, OpenVSwitch, Weave, etc. This article will explain how to use OpenVSwitch to achieve Kubernetes network model.

OpenVSwitch builds the network that must meet the same network plane:

  1. Host to communicate with each other.
  2. The containers can communicate with each other.
  3. Hosts and containers can communicate with each other.

There are now two hosts, respectively, to create three containers:
QQ截图20150907105334.png
Then to meet:

  1. Host1 and Host2 can communicate.
  2. Contain1 and Container2 (same host), Container2 and Container3 (cross-host) can communicate.
  3. Host1 and Container1 / Container2 (same host), Container3 (cross-host) to communicate.

Now through OpenVSwitch to achieve these, to achieve the model as follows:
QQ截图20150907105431.png
First install OpenVSwitch and bridge-utils, this environment is CentOS7, OpenVSwitch2.3.2:

  $ Yum install -y openvswitch bridge-utils 

Note: Install OpenVSwitch failure, you can install through the source, refer to http://1.chaoxu.sinaapp.com/archives/2350

In order to ensure that the container IP does not conflict, it must plan docker network segment,

  • Host1: 10.246.0.0/24
  • Host2: 10.246.1.0/24

Then you need to set the docker's bridge:

Host1:

  $ Brctl addbr cbr0 
$ Ip link set dev cbr0 up
$ Ifconfig cbr0 10.246.0.1 netmask 255.255.255.0 up

Host2:

  $ Brctl addbr cbr0 
$ Ip link set dev cbr0 up
$ Ifconfig cbr0 10.246.1.1 netmask 255.255.255.0 up

Also set the docker's startup parameters –bridge = cbr0

And then create an OpenVSwitch virtual bridge that connects to each network device:
Host1:

 # Create obr0 
$ Ovs-vsctl add-br obr0 - set Bridge obr0 fail-mode = secure
$ Ovs-vsctl set bridge obr0 protocols = OpenFlow13

# Create a gre0 tunnel
$ Ovs-vsctl add-port obr0 gre0 - set Interface gre0 type = gre options: remote_ip = flow options: key = flow ofport_request = 10

# Create tun0 to connect to cbr0 and obr0
$ Ovs-vsctl add-port obr0 tun0 - set Interface tun0 type = internal ofport_request = 9
$ Brctl addif cbr0 tun0
$ Ip link set tun0 up

# Set the OpenFlow rule
$ Ovs-ofctl -O OpenFlow13 del-flows obr0
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, ip, in_port = 10, nw_dst = 10.246.0.1 / 24, actions = output: 9
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, arp, in_port = 10, nw_dst = 10.246.0.1 / 24, actions = output: 9
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, in_port = 9, ip, nw_dst = 10.246.1.1 / 24, actions = set_field: 192.168.3.149-> tun_dst, output: 10
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, in_port = 9, arp, nw_dst = 10.246.1.1 / 24, actions = set_field: 192.168.3.149-> tun_dst, output: 10

Host2:

  # Create obr0 
$ Ovs-vsctl add-br obr0 - set Bridge obr0 fail-mode = secure
$ Ovs-vsctl set bridge obr0 protocols = OpenFlow13

# Create a gre0 tunnel
$ Ovs-vsctl add-port obr0 gre0 - set Interface gre0 type = gre options: remote_ip = flow options: key = flow ofport_request = 10

# Create tun0 to connect to cbr0 and obr0
$ Ovs-vsctl add-port obr0 tun0 - set Interface tun0 type = internal ofport_request = 9
$ Brctl addif cbr0 tun0
$ Ip link set tun0 up

# Set the OpenFlow rule
$ Ovs-ofctl -O OpenFlow13 del-flows obr0
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, ip, in_port = 10, nw_dst = 10.246.1.1 / 24, actions = output: 9
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, arp, in_port = 10, nw_dst = 10.246.1.1 / 24, actions = output: 9
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, in_port = 9, ip, nw_dst = 10.246.0.1 / 24, actions = set_field: 192.168.3.148-> tun_dst, output: 10
$ Ovs-ofctl -O OpenFlow13 add-flow obr0 table = 0, in_port = 9, arp, nw_dst = 10.246.0.1 / 24, actions = set_field: 192.168.3.148-> tun_dst, output: 10

Last configured route:
Host1:

  $ Ip route add 10.246.0.0/16 dev cbr0 scope link src 10.246.0.1 

Host2

  $ Ip route add 10.246.0.0/16 dev cbr0 scope link src 10.246.1.1 

reference

  • Https://github.com/kubernetes/ … ng.md

================================================== ========
Author brief introduction <br /> Wu Longhui, the current network of senior technical engineers, is committed to cloud computing PaaS research and practice, active in CloudFoundry, Docker, Kubernetes and other open source community, contribute code and write technical documents.
E-mail: wulh@chinanetcenter.com / wlh6666@qq.com

    Heads up! This alert needs your attention, but it's not super important.