$ oc -n kuryr get pods -o wide NAME READY STATUS RESTARTS AGE IP NODE kuryr-cni-ds-66kt2 2/2 Running 0 3d 192.168.99.14 infra-node-0.openshift.example.com kuryr-cni-ds-ggcpz 2/2 Running 0 3d 192.168.99.16 master-0.openshift.example.com kuryr-cni-ds-mhzjt 2/2 Running 0 3d 192.168.99.6 app-node-1.openshift.example.com kuryr-cni-ds-njctb 2/2 Running 0 3d 192.168.99.12 app-node-0.openshift.example.com kuryr-cni-ds-v8hp8 2/2 Running 0 3d 192.168.99.5 infra-node-1.openshift.example.com kuryr-controller-59fc7f478b-qwk4k 1/1 Running 0 3d 192.168.99.5 infra-node-1.openshift.example.com
- Documentation
- OKD
- Configuring Clusters
- Configuring Kuryr SDN
Soon, all Red Hat OpenShift documentation will only be available on docs.redhat.com, the official location of all Red Hat product documentation. Get familiar with the updated experience today!
You are viewing documentation for a release that is no longer maintained. To view the documentation for the most recent version, see the latest OKD docs.
- About
- What's New?
- Getting Started
- Architecture
- Container Security Guide
- Installing Clusters
- Upgrading Clusters
- Configuring Clusters
- Overview
- Setting up the Registry
- Setting up a Router
- Deploying Red Hat CloudForms
- Prometheus Cluster Monitoring
- Accessing and Configuring the Red Hat Registry
- Master and Node Configuration
- OpenShift Ansible Broker Configuration
- Adding Hosts to an Existing Cluster
- Loading the Default Image Streams and Templates
- Configuring Custom Certificates
- Redeploying Certificates
- Configuring Authentication and User Agent
- Syncing groups with LDAP
- Configuring LDAP failover
- Configuring the SDN
- Configuring Nuage SDN
- Configuring NSX-T SDN
- Configuring Kuryr SDN
- Configuring for AWS
- Configuring for Red Hat Virtualization
- Configuring for OpenStack
- Configuring for Google Compute Engine
- Configuring for Azure
- Configuring for VMware vSphere
- Configuring Local Volumes
- Configuring Persistent Storage
- Overview
- Using NFS
- Using GlusterFS
- Using OpenStack Cinder
- Using Ceph RBD
- Using AWS Elastic Block Store
- Using GCE Persistent Disk
- Using iSCSI
- Using Fibre Channel
- Using Azure Disk
- Using Azure File
- Using FlexVolume
- Using VMware vSphere volumes for persistent storage
- Using Local Volume
- Using Container Storage Interface (CSI)
- Using OpenStack Manila shares
- Dynamic Provisioning and Creating Storage Classes
- Volume Security
- Selector-Label Volume Binding
- Enabling Controller-managed Attachment and Detachment
- Persistent Volume Snapshots
- Using hostPath
- Persistent Storage Examples
- Overview
- Sharing an NFS PV Across Two Pods
- Using Ceph RBD for Persistent Storage
- Using Ceph RBD for dynamic provisioning
- Complete Example Using GlusterFS
- Complete Example Using GlusterFS for Dynamic Provisioning
- Mounting Volumes To Privileged Pods
- Mount Propagation
- Switching an Integrated OpenShift Container Registry to GlusterFS
- Binding Persistent Volumes by Label
- Using StorageClasses for Dynamic Provisioning
- Using StorageClasses for Existing Legacy Storage
- Configuring Azure Blob Storage for Integrated Container Image Registry
- Configuring Ephemeral Storage
- Working with HTTP Proxies
- Configuring Global Build Defaults and Overrides
- Configuring Pipeline Execution
- Configuring Route Timeouts
- Configuring Native Container Routing
- Routing from Edge Load Balancers
- Aggregating Container Logs
- Aggregate Logging Sizing Guidelines
- Enabling Cluster Metrics
- Customizing the Web Console
- Deploying External Persistent Volume Provisioners
- Installing the Operator Framework (Technology Preview)
- Uninstalling Operator Lifecycle Manager
- Day Two Operations Guide
- Cluster Administration
- Overview
- Managing Nodes
- Restoring your cluster
- Replacing a master host
- Managing Users
- Managing Projects
- Managing Pods
- Managing Networking
- Configuring Service Accounts
- Managing Role-based Access Control
- Image Policy
- Image Signatures
- Scoped Tokens
- Monitoring Images
- Managing Security Context Constraints
- Scheduling
- Overview
- Default Scheduling
- Descheduling
- Custom Scheduling
- Controlling Pod Placement
- Pod Priority and Preemption
- Advanced Scheduling
- Advanced Scheduling and Node Affinity
- Advanced Scheduling and Pod Affinity/Anti-affinity
- Advanced Scheduling and Node Selectors
- Advanced Scheduling and Taints and Tolerations
- Setting Quotas
- Setting Multi-Project Quotas
- Pruning objects
- Extending the Kubernetes API with Custom Resources
- Garbage Collection
- Allocating Node Resources
- Overcommitting
- Out of Resource Handling
- Setting Limit Ranges
- Node Problem Detector
- Assigning Unique External IPs for Ingress Traffic
- Monitoring and Debugging Routers
- High Availability
- IPtables
- Securing Builds by Strategy
- Restricting Application Capabilities Using Seccomp
- Sysctls
- Encrypting Data at Datastore Layer
- Encrypting traffic between nodes with IPsec
- Building Dependency Trees
- Replacing a failed etcd member
- Restoring etcd quorum
- Troubleshooting Networking
- Diagnostics Tool
- Idling Applications
- Analyzing Cluster Capacity
- Configuring the cluster auto-scaler in AWS
- Disabling Features using Feature Gates
- Kuryr SDN Administration
- Scaling and Performance Guide
- Overview
- Recommended Installation Practices
- Recommended Host Practices
- Optimizing Compute Resources
- Optimizing Persistent Storage
- Optimizing Ephemeral Storage
- Network Optimization
- Routing Optimization
- Scaling Cluster Metrics
- Scaling Cluster Monitoring
- Tested Maximums per Cluster
- Using Cluster Loader
- Using CPU Manager
- Managing Huge Pages
- Optimizing On GlusterFS Storage
- Developer Guide
- Overview
- Application Life Cycle Management
- Authentication
- Authorization
- Projects
- Migrating Applications
- Tutorials
- Builds
- Deployments
- Templates
- Opening a Remote Shell to Containers
- Service Accounts
- Managing Images
- Quotas and Limit Ranges
- Getting Traffic into a Cluster
- Routes
- Integrating External Services
- Using Device Manager
- Using Device Plug-ins
- Secrets
- ConfigMaps
- Downward API
- Projected Volumes
- Using Daemonsets
- Pod Autoscaling
- Managing Volumes
- Using Persistent Volumes
- Expanding Persistent Volumes
- Executing Remote Commands
- Copying Files
- Port Forwarding
- Shared Memory
- Application Health
- Events
- Managing Environment Variables
- Jobs
- OpenShift Pipeline
- Cron Jobs
- Create from URL
- Creating an object from a custom resource definition
- Application memory sizing
- Creating Images
- Using Images
- CLI Reference
- Ansible Playbook Bundle Development Guide
- Operators
- API reference
- API list
- Common object reference
- core
- About core
- Binding [core/v1]
- ComponentStatus [core/v1]
- ConfigMap [core/v1]
- Endpoints [core/v1]
- Event [core/v1]
- LimitRange [core/v1]
- Namespace [core/v1]
- Node [core/v1]
- PersistentVolumeClaim [core/v1]
- PersistentVolume [core/v1]
- Pod [core/v1]
- PodTemplate [core/v1]
- ReplicationController [core/v1]
- ResourceQuota [core/v1]
- Secret [core/v1]
- ServiceAccount [core/v1]
- Service [core/v1]
- admissionregistration.k8s.io
- apiregistration.k8s.io
- apps
- apps.openshift.io
- authentication.k8s.io
- authorization.k8s.io
- authorization.openshift.io
- About authorization.openshift.io
- ClusterRoleBinding [authorization.openshift.io/v1]
- ClusterRole [authorization.openshift.io/v1]
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- RoleBindingRestriction [authorization.openshift.io/v1]
- RoleBinding [authorization.openshift.io/v1]
- Role [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- autoscaling
- batch
- build.openshift.io
- certificates.k8s.io
- events.k8s.io
- image.openshift.io
- network.openshift.io
- networking.k8s.io
- oauth.openshift.io
- policy
- project.openshift.io
- quota.openshift.io
- rbac.authorization.k8s.io
- route.openshift.io
- scheduling.k8s.io
- security.openshift.io
- storage.k8s.io
- template.openshift.io
- user.openshift.io
- CRI-O Runtime
×
Configuring Kuryr SDN
Kuryr SDN and OKD
Kuryr (or more specifically Kuryr-Kubernetes) is an SDN solution built using CNI and OpenStack Neutron. Its advantages include being able to use a wide range of Neutron SDN backends and providing inter-connectivity between Kubernetes pods and OpenStack virtual machines (VMs).
Kuryr-Kubernetes and OKD integration is primarily designed for
OKD clusters running on OpenStack VMs. Kuryr-Kubernetes components
are installed as pods on OKD in the kuryr namespace:
-
kuryr-controller - a single service instance, installed on an
infranode. Modeled in OKD as aDeployment. -
kuryr-cni - container installing and configuring Kuryr as CNI driver on each OKD node. Modeled in OKD as a
DaemonSet.
The Kuryr controller watches the OpenShift API server for pod, service, and namespace create, update, and delete events. It maps the OKD API calls to corresponding objects in Neutron and Octavia. This means that every network solution that implements the Neutron trunk port functionality can be used to back OKD via Kuryr. This includes open source solutions such as OVS and OVN as well as Neutron-compatible commercial SDNs.
Installing Kuryr SDN
For the Kuryr SDN installation on an OpenStack cloud, you must follow the steps described in the OpenStack configuration documentation.
Verification
Once the installation of OKD is finished, you can check if Kuryr pods are deployed successfully:
kuryr-cni pods run on every OKD node. Single
kuryr-controller instances run on any of the infra nodes.
|
Network policies and nodeport services are not supported when Kuryr SDN is enabled. |