By Project Antrea Maintainers: Antonin Bas, Salvatore Orlando, Jianjun Shen, Quan Tian
We are excited to announce Project Antrea – an open source networking and security project for Kubernetes clusters.
The project is designed using Kubernetes architecture and technologies from the ground up and aims to provide an open, flexible and performant networking and security solution for Kubernetes with a focus on operations and scale.
Antrea uses Kubernetes extension mechanisms and the Open vSwitch (OVS) data plane to provide pod networking and help enforce network policies for Kubernetes clusters.
Designed for Kubernetes
Antrea is designed for Kubernetes cluster networking and uses the Kubernetes Controller architecture, API server infrastructure and CRDs to build the control plane and extend the Kubernetes API. The project aims to use Kubernetes and Kubernetes-native solutions as much as possible to deliver an open, simple and Kubernetes-centric networking and security solution.
Leverages OVS as the Data Plane
Antrea uses OVS to bring the benefits of programmable networks to the Kubernetes networking solution space. OVS is an open source, programmable software switch for Linux and Windows that originated at VMware and has proven itself in numerous commercial and academic applications since 2009. It is currently a Linux Foundation Collaborative Project, with a large and active community of contributors.
Antrea uses Kubernetes extension mechanisms and the Open vSwitch data plane to deliver:
- Performance – Network performance is critical to many applications running in containers. OVS performs better than iptables, especially as the number of rules increases. There are numerous efforts in the OVS community to speed up packet IO and packet processing through technologies like Intel DPDK, AF_XDP sockets, hardware offloading, etc.
- Portability – OVS runs on Linux, Windows and other operating systems. Integrating this data path portability of OVS in Antrea helps the Kubernetes community run and manage Kubernetes clusters on top of any cloud and any operating system.
- Operations – Antrea is designed to ease deployment, operations and troubleshooting. Antrea aims to simplify network troubleshooting leveraging the good built-in troubleshooting mechanisms of OVS; and thanks to the OVS support of protocols like IPFIX, NetFlow, sFlow(R), IPFIX, SPAN and RSPAN, Antrea can integrate with existing networking monitoring tools.
For GUI fans, Antrea provides a simple web UI experience by plugging into Project Octant. Runtime information about the different Antrea components is exposed as Kubernetes CRDs, which can be visualized through Octant to facilitate monitoring and troubleshooting.
Antrea also comes with a CLI tool that displays additional runtime information about Antrea networking components. The CLI can be used as a kubectl plugin, thus enabling a unified command-line interface to the cluster.
- Flexibility and extensibility – Antrea will bring the benefits of the OVS data plane, particularly extensibility, to Kubernetes users and operators. Antrea leverages the programmability of OVS in its architecture to easily enable the integration of new features and simplify Kubernetes networking with a unified data plane.
Join Project Antrea
Much work remains to be done on the project, and we invite you to join the effort in making K8s networking as powerful as it can be. You can:
Join the Antrea community
- Get updates on Twitter (@projectantrea)
- Join the conversation: https://groups.google.com/forum/#!forum/projectantrea-dev
Come See Us at KubeCon NA in San Diego
Antrea team members will be at KubeCon NA in San Diego from Nov 17-20th at the VMware booth. Our maintainers are scheduled to be at the VMware booth on Tuesday, November 19 from noon to 6:00 p.m. and Wednesday, November 20 from 9:00 a.m. to 3:00 p.m.