Re: BGP in a containers

[Hugo Slabbert <hugo () slabnet com>]

On Fri 2018-Jun-15 05:18:05 -0300, Raymond Burkholder <ray () oneunified net> wrote:

> On 06/14/2018 09:22 PM, Michael Thomas wrote:
> > So I have to ask, why is it advantageous to put this in a container 
> > rather than just run it directly
> > on the container's host?

Some bits similar to Raymond's comments, but in our case this was 
specifically for a Kubernetes deployment.  Our k8s deployment is mostly 
"self-hosted", i.e. the k8s control plane runs within k8s, with the workers 
being disposable.  Dropping the routing into a container that runs in the 
host's/worker's network namespace means it is just another container 
(daemonset) that Kubernetes will schedule to the worker as part of initial 
bootstrapping.

So, we don't run BGP within the application containers themselves but 
rather on the container hosts.  Advertising service IPs is handled by IPVS 
pods that anycast the service IPs and do DSR + tunnel mode to the k8s pods 
backing a given L4 service, with an HTTP reverse proxy layer (Kubernetes 
ingress controllers) in the middle for HTTP/s services.

--
Hugo Slabbert       | email, xmpp/jabber: hugo () slabnet com
pgp key: B178313E   | also on Signal

Attachment: signature.asc
Description: Digital signature