Vancouver, BC
May 21-24, 2018

Event Details

Please note: All times listed below are in Central Time Zone

Kubernetes network-policies and Neutron security groups - two sides of the same coin?

In version 1.8 network-policies became an official part of the kubernetes-api.  Kubernetes network policy is a specification of how groups of pods are allowed to communicate with each other and other network endpoint.

Kuryr-kubernetes is an OpenStack project that enables native neutron-based networking in Kubernetes. In Kuryr we choose to apply the Kubernetes network policies in OpenStack environment by leveraging the Neutron security groups.

In this talk we will present the difficulties that we’ve encountered with the network policies translation. We will talk about the implementation of the translation to Neutron security groups compared to other Kubernetes open-source networking solutions like kubernetes-ovn or Cilium.  

What can I expect to learn?
  • Kubernetes network policies 
  • Neutron secuirty groups 
  • Integrating Kubernetes policies in OpenStack env 
  • Pros and cons in Neutron security group in comparison to alternative open source solution . 
Tuesday, May 22, 5:20pm-5:30pm (12:20am - 12:30am UTC)
Difficulty Level: Intermediate
Principal Software Engineer - CTO Office, Telco Platform
Daniel is a Principal Software Engineer at Red Hat contributing to upstream OpenStack and RDO and Kuryr's PTL since the Rocky cycle. He's passionate about networking, development, and messing around with python and deployment tools! He holds a MSc Degree in Telecommunications from Universidad Carlos III de Madrid and is an active contributor to several OpenStack, Kubernetes and open source... FULL PROFILE
Cloud Architect
Pino is cloud architect at Huawei's Tel Aviv Research Center, where he contributes to open source projects Dragonflow (SDN) and Tatu (SSH). Before joining Huawei, Pino was CTO at Midokura, where he led development of the company's open-source software-defined networking technology, MidoNet. Previously, Pino built Dynamo, a highly available data store originally intended for's... FULL PROFILE