Cloud-native applications based on Kubernetes are highly portable and distributed – allowing for dynamic scaling and resiliency across private and public clouds. With this power comes new challenges, especially in the areas of networking and security. When applications are distributed, the network becomes integral to them. We can no longer rely on perimeter-based security alone in the cloud-native world; it’s important to bring enforcement as close to the workload as possible.
Juniper Networks’ Contrail Networking provides an extensive solution to these tough challenges across multiple clouds, bridging operations across teams. It provides NetOps and SecOps teams control and visibility while its Kubernetes CNI keeps security and networking simple for DevOps teams.
Today, we are taking Contrail Networking’s existing capabilities a step further with the announcement of the following new features:
- CNI plugin for Amazon EKS
- Integration with Google Anthos
- Management of Network Policy for Virtual Machines running with KubeVirt
Benefits of Contrail Networking for Kubernetes Workloads
Contrail Networking customers can already bring advanced virtual networking, persistent, pervasive security and visualization to their virtual environments, whether they are based on Openstack, VMware or Kubernetes. Contrail Networking provides multi-tenancy within a single Kubernetes cluster and brings that same consistent networking and security to multi-cluster deployments — even across clusters located in different connected clouds. These networks and policies can also be extended to bare metal servers.
Today, Contrail’s power can be extended to Kubernetes workloads running on public cloud virtual machines such as Amazon EC2 instances. In fact, many users choose to run their container workloads inside of managed Kubernetes environments in public clouds. These solutions let users deploy containerized applications quickly. Further, it’s often useful to run workloads that require a full virtual machine under Kubernetes management to support connectivity and reduce the management domain. Kubevirt is an open source project that allows full virtual machines to be managed as pods within Kubernetes.
Three New Extensions of Contrail Networking
With this latest release of Contrail Networking, customers can now bring the same networking, security and visualization to managed Kubernetes environments, specifically Google Anthos and Amazon EKS. It also provides the same consistent networking between containers and virtual machines running under Kubevirt alike. Customers benefit from a consistent platform that can provide the best networking and security for their cloud-native applications. Contrail Networking’s visualization allows users to easily see traffic flows and security policies between different tiers of their application.
Let’s delve into what’s new.
Ramp Up Quickly with Amazon EKS
Amazon EKS is one of the most used managed Kubernetes services available. Many users get started with Kubernetes managed containers by using Amazon’s EKS – it’s easy to deploy new workloads since it’s Kubernetes as a service. It’s painless to deploy new clusters and allows the user to only worry about their workloads without managing the infrastructure upon which the clusters run.
Amazon EKS, unlike other managed Kubernetes environments, provides the ability to bring your own CNI plugin, making it easy to use Contrail for your networking and security needs within the environment. Once you add the Contrail CNI to EKS, you’re instantly on the road to enhancing the networking capabilities and security posture for any applications you’ve deployed. Add to that visualization and you have a complete networking solution for Kubernetes that provides multi-tenancy, multi-network federation and multi-cluster networking and security.
With the EKS Anywhere service, users can bring EKS services to the data center. And with Contrail’s CNI, it’s easy to manage the required virtual networking no matter where your workloads reside—anywhere!
Multicloud, Multi-Cluster with Google Anthos
More than just a managed Kubernetes offering, Anthos allows customers to manage multi-cluster Kubernetes across different environments. Contrail enables provides the same virtual networking across these environments and enables users to create different policies for enforcement to allow or deny traffic between them.
It’s in Contrail’s DNA to provide one SDN controller for multiple Kubernetes clusters. Creating multiple Kubernetes namespaces with Contrail network namespaces enables hard multi-tenancy — even within a single cluster.
VMs and Containers — KubeVirt Brings Them Together
While container-based applications are clearly on the rise, it may be the case that there are applications that still require virtual machines – this could be due to kernel parameters or these applications could simply be in process of a container migration.
Kubevirt allows virtual machines to be run and managed as pods within a Kubernetes cluster. The use of one controller also prevents tool sprawl.
In this release, Contrail enables the same virtual networking and security policy across your entire Kubernetes clusters or as mentioned, between clusters — and now, full virtual machines can directly participate in this environment.
We’re excited to introduce this new functionality in the latest Contrail Networking release.
If you’d like to try out Kubernetes with the Contrail CNI for yourself, you can visit Juniper vLabs or talk to your Juniper account team or channel partner. In vLabs, you’ll find an environment complete with the Contrail controller, three Kubernetes nodes and an example scenario that you can follow to see how Contrail can improve your Kubernetes deployments.
For a deeper dive into Contrail CNI, listen to this Juniper Networks podcast on Contrail and cloud-native technologies.