[WireGuard] Kubernetes/Neutron support

[Pete Birley <pete@port.direct>]

[-- Attachment #1: Type: text/plain, Size: 1319 bytes --]

Hi,

I'm investigating using Wireguard to provide a network solution for 
Kubernetes via a CNI or exec network driver - has anyone done anything 
on this already?

We currently have about 500 pods, on 30 nodes, in our production 
cluster (though plan to scale to about 20-30 times this), and use a 
combination of OpenvSwitch (gre+IPsec tunnels between hosts) and 
Flannel (Each host has a sub-net on a standard Linux bridge) to provide 
connectivity. Though need to both improve availability and east-west 
traffic distribution, especially when pods may be located is different 
geographic regions, and are migrating to a solution based on OpenStack 
Neutron with Dragonflow as the SDN layer.

Does anyone have any advice on the best way to implement such a 
solution? We plan to implement a reasonably 'intelligent' strategy 
where by our Neutron plugin identifies the most appropriate link for 
each compute node, and so expect WireGuard to only be utilized for 
inter-dc connections. In particular any input on the number of 
connections a single node can take (ie full-mesh style topology), 
before dedicated network nodes and a hub and spoke topology makes 
sense? Any advice would be appreciated, and if we find that Wireguard 
fits our needs then I'd love to get involved in the project.


Cheers


Pete Birley

[-- Attachment #2: Type: text/html, Size: 1449 bytes --]