Vancouver, BC
May 21-24, 2018

Event Details

Please note: All times listed below are in Central Time Zone

<< Go back
Kubernetes network-policies and Neutron security groups - two sides of the same coin?
Container Infrastructure

In version 1.8 network-policies became an official part of the kubernetes-api.  Kubernetes network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoint.

Kuryr-kubernetes is an OpenStack project that enables native neutron-based networking in Kubernetes. In Kuryr we choose to apply the Kubernetes network policies in OpenStack environment by leveraging the Neutron security groups.

In this talk we will present the difficulties that we’ve encountered with the network policies translation. We will talk about the implementation of the translation to Neutron security groups compared to other Kubernetes open-source networking solutions like kubernetes-ovn or Cilium.  


What can I expect to learn?
  • Kubernetes network policies 
  • Neutron secuirty groups 
  • Integrating Kubernetes policies in OpenStack env 
  • Pros and cons in Neutron security group in comparison to alternative open source solution . 
Tuesday, May 22, 5:20pm-5:30pm (12:20am - 12:30am UTC)
Vancouver Convention Centre West - Level Two - Lightning Talk Theater sponsored by SUSE
Slides: Kubernetes network-policies and Neutron security groups - two sides of the same coin?
View video
Difficulty Level: Intermediate
Tags: Technical Upstream Development OpenStack Neutron Kubernetes Kuryr
Daniel Mellado
Principal Software Engineer - CTO Office, Telco Platform
Daniel is a Principal Software Engineer at Red Hat contributing to upstream OpenStack and RDO and Kuryr's PTL since the Rocky cycle. He's passionate about networking, development, and messing around with python and deployment tools! He holds a MSc Degree in Telecommunications from Universidad Carlos III de Madrid and is an active contributor to several OpenStack, Kubernetes and open source... FULL PROFILE
Pino de Candia
Cloud Architect
Pino is cloud architect at Huawei's Tel Aviv Research Center, where he contributes to open source projects Dragonflow (SDN) and Tatu (SSH). Before joining Huawei, Pino was CTO at Midokura, where he led development of the company's open-source software-defined networking technology, MidoNet. Previously, Pino built Dynamo, a highly available data store originally intended for Amazon.com's... FULL PROFILE