OpenSHift CNI , route and Ingress - unix1998/technical_notes GitHub Wiki

In OpenShift, the networking is indeed a complex aspect that involves several components, including Software Defined Networking (SDN), Container Network Interface (CNI), Routes, and Ingress. Here’s how each of these components is implemented and how they interact:

OpenShift Routes

  • Routes in OpenShift are used to expose services externally. When you create a route, OpenShift handles the external DNS resolution and load balancing.
  • Routes are implemented using the OpenShift Router, which is based on HAProxy or Envoy. The router runs as a pod within the cluster and listens for Route objects to configure the necessary load balancing and traffic routing.

Container Network Interface (CNI)

  • CNI is a specification and library for configuring network interfaces in Linux containers. It is used by Kubernetes (and hence OpenShift) to manage container networking.
  • OpenShift uses CNI plugins to integrate with various networking solutions, including its default SDN and other third-party network providers like Calico, Flannel, or Weave.

Ingress

  • Ingress in Kubernetes (and similarly in OpenShift) provides HTTP and HTTPS routing to services within the cluster. It allows you to define rules for how requests are routed to services based on the URL.
  • In OpenShift, Ingress can be implemented similarly to Kubernetes using Ingress resources and Ingress controllers. OpenShift's native routing mechanism (Routes) can be considered a higher-level abstraction that provides similar functionality.

Software Defined Networking (SDN)

  • SDN is a key component of OpenShift's networking architecture. OpenShift SDN creates a unified, software-defined network layer for the entire cluster, allowing pods to communicate with each other across nodes.
  • The OpenShift SDN is responsible for implementing network isolation, policy enforcement, and inter-pod communication.

How They Work Together

  1. SDN and CNI: The OpenShift SDN uses the CNI framework to configure network interfaces for pods. It ensures that each pod can communicate with other pods within the cluster, respecting any network policies defined.
  2. Routes and SDN: When a Route is created, the OpenShift Router configures the necessary endpoints and load balancing rules. The SDN ensures that traffic from external sources can reach the appropriate pods.
  3. Ingress and SDN: If using Kubernetes-style Ingress, the Ingress controller (e.g., NGINX, Traefik) configures the necessary rules for routing HTTP/HTTPS traffic. The SDN ensures that these requests are correctly routed to the target services and pods.

Summary

  • OpenShift Routes: Implemented using the OpenShift Router (HAProxy or Envoy), providing external access to services.
  • CNI: Used for configuring network interfaces for containers, integrating with the OpenShift SDN and other network providers.
  • Ingress: Provides HTTP/HTTPS routing to services, can be implemented using standard Kubernetes Ingress controllers in OpenShift.
  • SDN: The underlying network architecture in OpenShift, managing pod communication, network policies, and integrating with CNI.

By leveraging SDN, OpenShift ensures a robust and flexible networking solution that supports internal pod communication, external access via Routes, and optional Ingress controllers, all managed through a unified interface.