Chapter 15. Configuring Nuage SDN
15.1. Nuage SDN and OpenShift Container Platform
Nuage Networks Virtualized Services Platform (VSP) provides virtual networking and software-defined networking (SDN) infrastructure to Docker container environments that simplifies IT operations and expands OpenShift Container Platform’s native networking capabilities.
Nuage Networks VSP supports Docker-based applications running on OpenShift Container Platform to accelerate the provisioning of virtual networks between pods and traditional workloads, and to enable security policies across the entire cloud infrastructure. VSP allows for the automation of security appliances to include granular security and microsegmentation policies for container applications.
Integrating VSP with the OpenShift Container Platform application workflow allows business applications to be quickly turned up and updated by removing the network lag faced by DevOps teams. VSP supports different workflows with OpenShift Container Platform in order to accommodate scenarios where users can choose ease-of-use or complete control using policy-based automation.
See Networking for more information on how VSP is integrated with OpenShift Container Platform.
15.2. Developer Workflow
This workflow is used in developer environments and requires little input from the developer in setting up the networking. In this workflow, nuage-openshift-monitor is responsible for creating the VSP constructs (Zone, Subnets, etc.) needed to provide appropriate policies and networking for pods created in an OpenShift Container Platform project. When a project is created, a default zone and default subnet for that project are created by nuage-openshift-monitor. When the default subnet created for a given project gets depleted, nuage-openshift-monitor dynamically creates additional subnets.
A separate VSP Zone is created for each OpenShift Container Platform project ensuring isolation amongst the projects.
15.3. Operations Workflow
This workflow is used by operations teams rolling out applications. In this workflow, the network and security policies are first configured on the VSD in accordance with the rules set by the organization to deploy applications. Administrative users can potentially create multiple zones and subnets and map them to the same project using labels. While spinning up the pods, the user can use the Nuage Labels to specify what network a pod needs to attach to and what network policies need to be applied to it. This allows for deployments where inter- and intra-project traffic can be controlled in a fine-grained manner. For example, inter-project communication is enabled on a project by project basis. This may be used to connect projects to common services that are deployed in a shared project.
15.4. Installation
The VSP integration with OpenShift Container Platform works for both virtual machines (VMs) and bare metal OpenShift Container Platform installations.
An environment with High Availability (HA) can be configured with multiple masters and multiple nodes.
Nuage VSP integration in multi-master mode only supports the native HA configuration method described in this section. This can be combined with any load balancing solution, the default being HAProxy. The inventory file contains three master hosts, the nodes, an etcd server, and a host that functions as the HAProxy to balance the master API on all master hosts. The HAProxy host is defined in the [lb] section of the inventory file enabling Ansible to automatically install and configure HAProxy as the load balancing solution.
In the Ansible nodes file, the following parameters need to be specified in order to setup Nuage VSP as the network plug-in:
# Create and OSEv3 group that contains masters, nodes, load-balancers, and etcd hosts masters nodes etcd lb # Nuage specific parameters openshift_use_openshift_sdn=False openshift_use_nuage=True os_sdn_network_plugin_name='nuage/vsp-openshift' openshift_node_proxy_mode='userspace' # VSP related parameters vsd_api_url=https://192.168.103.200:8443 vsp_version=v4_0 enterprise=nuage domain=openshift vsc_active_ip=192.168.103.201 vsc_standby_ip=192.168.103.202 uplink_interface=eth0 # rpm locations nuage_openshift_rpm=http://location_of_rpm_server/openshift/RPMS/x86_64/nuage-openshift-monitor-4.0.X.1830.el7.centos.x86_64.rpm vrs_rpm=http://location_of_rpm_server/openshift/RPMS/x86_64/nuage-openvswitch-4.0.X.225.el7.x86_64.rpm plugin_rpm=http://location_of_rpm_server/openshift/RPMS/x86_64/vsp-openshift-4.0.X1830.el7.centos.x86_64.rpm # Required for Nuage Monitor REST server and HA openshift_master_cluster_method=native openshift_master_cluster_hostname=lb.nuageopenshift.com openshift_master_cluster_public_hostname=lb.nuageopenshift.com nuage_openshift_monitor_rest_server_port=9443 # Optional parameters nuage_interface_mtu=1460 nuage_master_adminusername='admin's user-name' nuage_master_adminuserpasswd='admin's password' nuage_master_cspadminpasswd='csp admin password' nuage_openshift_monitor_log_dir=/var/log/nuage-openshift-monitor # Required for brownfield install (where a {product-title} cluster exists without Nuage as the networking plugin) nuage_dockker_bridge=lbr0 # Specify master hosts [masters] fqdn_of_master_1 fqdn_of_master_2 fqdn_of_master_3 # Specify load balancer host [lb] fqdn_of_load_balancer