[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
BGP in a containers
On Fri 2018-Jun-15 05:18:05 -0300, Raymond Burkholder <ray at oneunified.net> wrote:
>On 06/14/2018 09:22 PM, Michael Thomas wrote:
>>So I have to ask, why is it advantageous to put this in a container
>>rather than just run it directly
>>on the container's host?
Some bits similar to Raymond's comments, but in our case this was
specifically for a Kubernetes deployment. Our k8s deployment is mostly
"self-hosted", i.e. the k8s control plane runs within k8s, with the workers
being disposable. Dropping the routing into a container that runs in the
host's/worker's network namespace means it is just another container
(daemonset) that Kubernetes will schedule to the worker as part of initial
bootstrapping.
So, we don't run BGP within the application containers themselves but
rather on the container hosts. Advertising service IPs is handled by IPVS
pods that anycast the service IPs and do DSR + tunnel mode to the k8s pods
backing a given L4 service, with an HTTP reverse proxy layer (Kubernetes
ingress controllers) in the middle for HTTP/s services.
--
Hugo Slabbert | email, xmpp/jabber: hugo at slabnet.com
pgp key: B178313E | also on Signal
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180615/7f95c3d2/attachment.sig>