Authors: Chen Jinci, He Linbo
On May 27th, Beijing time, OpenYurt released version v0.7.0.
The new version focuses on the release of the Raven solution, which elegantly solves the problem of cloud-side and side-to-side Pod communication across the public network without invading the native container network solution, and conveniently satisfies the cloud-side collaboration scenario The following demands for container networks. At the same time, in OpenYurt v0.7.0, support for EdgeX Foundry's LTS version (Jakarta) and K8s version v1.22 are also completed.
Non-intrusive single-cluster cross-edge container network connection solution Raven
The OpenYurt cluster provides single-cluster container network connectivity including edge-edge and edge-cloud across the public network. The main technical principle is to enable container networks on different edge nodes to communicate with each other through the public network encrypted tunnel , so as to achieve Cross-edge business traffic or communication of control traffic. And it is compatible with the current mainstream container network solutions (such as flannel, calico, etc.), that is, the communication in NodePool still uses the native container network solution.
Background of the project
In edge computing, edge-edge and edge-cloud communication are common network communication scenarios. For the OpenYurt project, we have introduced YurtTunnel to deal with the network problems of operation, maintenance and monitoring in edge-cloud collaboration. It provides the ability to execute kubectl exec/logs on edge nodes and get monitoring metrics from edge nodes. However, the problem solved by YurtTunnel is only a subset of edge-cloud communication. Before v0.7.0, there was no solution for edge-edge, edge-cloud container network communication.
That is, in some cases, Pods in different physical regions in an OpenYurt cluster may need to use Pod IP, Service IP or Service name to communicate with other Pods, although these Pods are in a single K8s cluster, but they are in different physical regions (network domains) cannot communicate directly.
Design Concept and Architecture
The Raven project is based on the collaboration of the members of the open source community from the discussion of requirements, to the design of the scheme, and the final implementation. The overall design concepts are as follows:
- No intrusion: No intrusion into the native K8s CNI network, only cross-border traffic is hijacked for forwarding
- Works seamlessly with mainstream container networking solutions (such as flannel, calico)
- High security: ensure the data security of communication across the public network
At the same time, the architecture of the Raven solution is as follows:
- Raven Controller Manager : The standard Kubernetes controller, deployed in some cloud nodes in the form of Deployment, is responsible for monitoring the status of edge nodes, selecting an exit for cross-edge traffic as gateway node for each edge node pool, and can be used in the current gateway. The switchover of the gateway node is completed when the node is deactivated. All cross-edge traffic will be forwarded by the gateway nodes of each edge node pool.
- Raven Agent : Deployed in the form of DaemonSet, running on each node of the cluster, it configures routing information or VPN tunnel information on the node according to the role of each node (gateway or non-gateway).
The above two components exchange the necessary information for configuring routes and establishing VPN tunnels through a Gateway CRD, as shown in Figure 2:
For more details, please refer to the project code repository:
- Raven Controller Manager : https://github.com/openyurtio/raven-controller-manager
- Raven Agent : https://github.com/openyurtio/raven
Features and Benefits
- No intrusion: No intrusion to the native K8s CNI network, that is, no hijacking of the traffic in the same edge node pool, reuse of the CNI capabilities of the cluster itself
- Safe and reliable: use mature and stable IPsec technology to encrypt cross-border traffic
- Perfect compatibility: It can work seamlessly with mainstream container network solutions (such as flannel, calico)
- High performance: Raven will try to use the network capabilities of the edge itself in the processing of cross-edge traffic, create edge-to-edge VPN tunnels as much as possible, and will not forward all cross-edge traffic through the cloud center
EdgeX Foundry LTS version supported
EdgeX Foundry Jakarta is the first LTS release and is widely considered a production release. Support for the EdgeX Foundry Jakarta version has been completed in OpenYurt v0.7.0. Since the EdgeX Jakarta version is switched to API v2, OpenYurt has optimized the adaptation logic with EdgeX, and CRD has also been partially optimized. For details, please refer to [#30]
Support Kubernetes v1.22 version
In order to adapt to Kubernetes v1.22, OpenYurt's main work includes: After v1beta1.CSR has been removed from resources and CSR.signerName has been verified and updated, OpenYurt has made corresponding adaptations for each component that applies for certificates. At the same time, the Service Topology feature adapts to requests for v1.EndpointSlice resources, and the YurtTunnel for Cloud Edge Tunnel is adapted to remove the StreamingProxyRedirects featuregate. For details, see [#809]
Support IPv6 network
IPv6 network first needs CNI container network support. In OpenYurt, mainly Yurthub and YurtTunnel involve network configuration, certificate application and other related processing to complete the relevant adaptation. Specific reference [#842]
Future plan
The OpenYurt v0.7.0 version focuses on the introduction of Raven, a cross-network domain solution, as well as EdgeX Foundry LTS version support, K8s v.122 support, IPv6 network and other multi-directional capabilities. Thanks again for the great contributions of dozens of students from VMware, Intel, Telecom Tianyi Cloud, Sangfor, Xinhua Zhiyun, Zhejiang University, JD.com, Meituan, Byte, and Alibaba Cloud.
At present, the development of OpenYurt v0.8.0 is progressing steadily. At the same time, in order to better support the development of the community, the OpenYurt community has established ControlPlane, DataPlane, IoT and other SIGs to collaborate with 15+ projects in the community. At the same time, interested students are also welcome to participate in the co-construction and jointly explore the de facto standard of a stable and reliable non-intrusive cloud-native edge computing platform.
Please follow the roadmap of OpenYurt v0.8.0: https://github.com/openyurtio/openyurt/blob/master/docs/roadmap.md
Reference link:
OpenYurt Release v0.7.0
https://github.com/openyurtio/openyurt/releases/tag/v0.7.0
OpenYurt v0.7.0 CHANGELOG
https://github.com/openyurtio/openyurt/blob/master/CHANGELOG.md#v070
OpenYurt v0.8.0 RoadMap
https://github.com/openyurtio/openyurt/blob/master/docs/roadmap.md#v080-roadmap
Gateway CRD
[#30]:
https://github.com/openyurtio/yurt-device-controller/pull/30
[#809]:
https://github.com/openyurtio/openyurt/pull/809
[#842]:
https://github.com/openyurtio/openyurt/pull/842
If you have any questions about OpenYurt, please use DingTalk to scan the QR code or search the group number (31993519) to join the DingTalk exchange group.
Click here to learn about the OpenYurt project now!
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。