Vancouver, BC
May 21-24, 2018

Event Details

Kubernetes network-policies and Neutron security groups - two sides of the same coin?

In version 1.8 network-policies became an official part of the kubernetes-api.  Kubernetes network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoint.

Kuryr-kubernetes is an OpenStack project that enables native neutron-based networking in Kubernetes. In Kuryr we choose to apply the Kubernetes network policies in OpenStack environment by leveraging the Neutron security groups.

In this talk we will present the difficulties that we’ve encountered with the network policies translation. We will talk about the implementation of the translation to Neutron security groups compared to other Kubernetes open-source networking solutions like kubernetes-ovn or Cilium.  

What can I expect to learn?
  • Kubernetes network policies 
  • Neutron secuirty groups 
  • Integrating Kubernetes policies in OpenStack env 
  • Pros and cons in Neutron security group in comparison to alternative open source solution . 
Tuesday, May 22, 5:20pm-5:30pm
Level: Intermediate
Red Hat Inc.
Daniel is a Senior Software Engineer at Red Hat contributing to upstream OpenStack and RDO and Kuryr's PTL for the Rocky cycle. He's passionate about networking, development, and messing around with python and deployment tools! He holds a MSc Degree in Telecommunications from Universidad Carlos III de Madrid and is a core reviewer for the interop project, as well as an active contributor to... FULL PROFILE
Pino is cloud architect at Huawei's Tel Aviv Research Center, where he contributes to open source projects Dragonflow (SDN) and Tatu (SSH). Before joining Huawei, Pino was CTO at Midokura, where he led development of the company's open-source software-defined networking technology, MidoNet. Previously, Pino built Dynamo, a highly available data store originally intended for's... FULL PROFILE