Abstract:Today, Cloud Native applications have very simple network requirements: discoverable service endpoints with routable IP addresses. This allows Kubernetes to be deployed easily on any network, including public and private IaaS, and even across the Internet. However, as Kubernetes looks to introduce multi-tenancy, and as applications require more sophisticated access control and traffic management policies, network segmentation for isolation and traffic control will be necessary.
One common approach for multi-tenant networking is to deploy a virtual network using VXLAN overlays and an SDN controller. VXLAN segmentation provides the isolation necessary for network multi-tenancy and enables policy based security and traffic management. However, building and managing overlay virtual networks is complex and introduces a number of difficult operational challenges.
In this session, we introduce Romana, a new open source SDN solution that lets operators build Cloud Native Networks without the complexity of virtual network overlays. Romana networks provide multi-tenancy directly on the physical network, which makes them easier to operate and perform better than overlay virtual networks.
We will also show Kubernetes with multi-tenant networks and how to apply network security policies using CNI and the new NetworkPolicy Third Party Resource in Kubernetes 1.2.
Outline:
- Introduction (1-2 mins)
- Cloud Native SDN (8-10 mins)
- Layer 3 tenancy model
- Network isolation and multi-tenancy
- Kubernetes 1.2 NetworkPolicy Objects
- Demonstration (12-15 mins)
- Multi-tenant Kubernetes
- Applying Network Policy
- Service insertion