kuryr

Providing external network connectivity to containers

Registered by vikas choudhary

At default configuration kuryr should be able to provide externel connectivity to containers. Currently this functionality is missing. To provide this, IMO , one possible approach is to provide "external router name" in kuryr config. Now, on receiving CreateEndpoint and just after subnet creation following steps should be performed by kuryr:

if external router exists:
                       A. connect newly created subnet with externel router
                       B. Fetch external subnet and connect router to external subnet.
Else:
                       A. Create external router with name provided in config.
                       B. Connect newly created subnet and external subnet with router

Blueprint information

Status:
Not started
Approver:
Antoni Segura Puimedon
Priority:
Medium
Drafter:
vikas choudhary
Direction:
Approved
Assignee:
None
Definition:
New
Series goal:
None
Implementation:
Unknown
Milestone target:
None

Related branches

Sprints

Whiteboard

NOTE: Should be moved to a spec in the kuryr repo.

[irenab] Can you please explain more about the use case? My personal
preference not to apply global settings via config.

[Vikas] If there are more than one routers, how kuryr will know which router
i should connect to for external network access?

[fawadkhaliq] I am not in favor implicit operations to create items. Why not
consider a check for baseline of Neutron networking for the particular use case
and if the baseline does not exist, error out to the user. Implicit operations
can lead to several problems, we should avoid. So an example would be:

Check if external router exists and is connected to the external subnet:
    A. connect newly created subnet with external router
    Else:       raise

Having said that, I would like to understand. How are these special router and
external subnet identified by Kuryr?

[apuimedo]
I'm with Fawad on just performing the routing when the external router does
exist. Although when not defined or missing I would just log it instead of
raising. It seems fine to me to have networks without outside connectivity.

At the same time, I also wonder if we could not, when labels are correctly
passed to `docker network create` just do:

    docker network create -d kuryr --subnet 10.0.0.0/24 --gateway 10.0.0.1 \
    --ip-range 10.0.0.0/24 --opt \
    ext_router_id=e0793088-d30c-4d77-9122-5d238933c6c8

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.