Table of Contents
outline true

Introduction

The ICN blueprint family intends to address deployment of workloads in a large number of edges and also in public clouds using K8s as resource orchestrator in each site and Edge Multi-Cluster Orchestration (EMCO) as service level orchestrator (across sites).  ICN also intends to integrate infrastructure orchestration which is needed to bring up a site using bare-metal servers. Infrastructure orchestration, which is the focus of this page, needs to ensure that the infrastructure software required on edge servers is installed on a per-site basis, but controlled from a central dashboard.  Infrastructure orchestration is expected to do the following:

• Installation: First-time installation of all infrastructure software.
  • Keep monitoring for new servers and install the software based on the role of the server machine.
• Patching:  Continue to install the patches (mainly security-related) if new patch release is made in any one of the infrastructure software packages.
  • May need to work with resource and service orchestrators to ensure that workload functionality does not get impacted.
• Software updates:  Updating software due to new releases.

The user experience needs to be as simple as possible and even a novice user should be able to set up a site.

Use Cases

1. SDEWAN Controller with Open source based SDWAN CNF and SDEWAN HUB to establish IPSEC tunneling between Edge Distributions with Service Function Chaining (SFC)
2. Composite vFirewall (vFW) to show case telco and cable use cases using EMCO

Where on the Edge

Nowadays best efforts are put to keep the Cloud native control plane close to workload to reduce latency, increase performance, and fault tolerance. A single orchestration engine to be lightweight and maintain the resources in a cluster of compute node, Where the customer can deploy multiple Network Functions, such as VNF, CNF, Micro service, Function as a service (FaaS), and also scale the orchestration infrastructure depending upon the customer demand.

ICN target on-premises edge, 5G, IoT, SDWAN, Video streaming, Edge Gaming Cloud. A single deployment model to target multiple edge use case.

Overall Architecture

On an edge deployment, there may be multiple edges that need to be brought up.  The Administrator going to each location, using the infra-local-controller to bring up application-K8S clusters in compute nodes of each location, is not scalable.  Therefore, we have an "infra-global-controller" to control multiple "infra-local-controllers" which are controlling the worker nodes. The "infra-global-controller" is expected to provide a centralized software provisioning and configuration system.  It provides one single-pane-of-glass for administrating the edge locations with respect to infrastructure. The worker nodes may be bare metal servers, or they may be virtual machines resident on the infra-local-controller. So the minimum platform configuration is one global controller and one local controller (although the local controller can be run without a global controller).

Since, there are a few K8s clusters, let us define them:

• infra-global-controller-k8s :  This is the K8s cluster where infra-global-controller related containers are run.
• infra-local-controller-k8s:  This is the K8s cluster where the infra-local-controller related containers are run, which bring up compute nodes.
• application-k8s:  These are K8s clusters on compute nodes, where application workloads are run.

Flows & Sequence Diagrams

Image Removed

Each edge location has infra local controller, which has a bootstrap cluster, which has all the components required to boot up the compute cluster.

Platform Architecture

Image Removed

Infra-global-controller: 

   Administration involves

• First time bring up.
• Addition of new compute nodes in locations.
• Removal of compute nodes from locations
• Software patching
• Software upgrading

The infra-local-controller will be brought up in each location.  The infra-local-controller kubeconfig will be made known to the infra-global-controller. Beyond that, everything else is taken care by the infra-global-controller. The infra-global-controller communicates with various infra-local-controllers to do the job of software installation and provisioning.

Infra-global-controller runs in its own K8s cluster. All the components of infra-global-controllers are containers.  The following components are part of the infra-global-controller.

...

Table of Contents
outline true

Introduction

The ICN blueprint family intends to address deployment of workloads in a large number of edges and also in public clouds using K8s as resource orchestrator in each site and Edge Multi-Cluster Orchestration (EMCO) as service level orchestrator (across sites).  ICN also intends to integrate infrastructure orchestration which is needed to bring up a site using bare-metal servers. Infrastructure orchestration, which is the focus of this page, needs to ensure that the infrastructure software required on edge servers is installed on a per-site basis, but controlled from a central dashboard.  Infrastructure orchestration is expected to do the following:

• Installation: First-time installation of all infrastructure software.
  • Keep monitoring for new servers and install the software based on the role of the server machine.
• Patching:  Continue to install the patches (mainly security-related) if new patch release is made in any one of the infrastructure software packages.
  • May need to work with resource and service orchestrators to ensure that workload functionality does not get impacted.
• Software updates:  Updating software due to new releases.

The user experience needs to be as simple as possible and even a novice user should be able to set up a site.

Use Cases

1. SDEWAN Controller with Open source based SDWAN CNF and SDEWAN HUB to establish IPSEC tunneling between Edge Distributions with Service Function Chaining (SFC)
2. Composite vFirewall (vFW) to show case telco and cable use cases using EMCO

Where on the Edge

Nowadays best efforts are put to keep the Cloud native control plane close to workload to reduce latency, increase performance, and fault tolerance. A single orchestration engine to be lightweight and maintain the resources in a cluster of compute node, Where the customer can deploy multiple Network Functions, such as VNF, CNF, Micro service, Function as a service (FaaS), and also scale the orchestration infrastructure depending upon the customer demand.

ICN target on-premises edge, 5G, IoT, SDWAN, Video streaming, Edge Gaming Cloud. A single deployment model to target multiple edge use case.

Overall Architecture

On an edge deployment, there may be multiple edges that need to be brought up.  The Administrator going to each location, using the infra-local-controller to bring up application-K8S clusters in compute nodes of each location, is not scalable.  Therefore, we have an "infra-global-controller" to control multiple "infra-local-controllers" which are controlling the worker nodes. The "infra-global-controller" is expected to provide a centralized software provisioning and configuration system.  It provides one single-pane-of-glass for administrating the edge locations with respect to infrastructure. The worker nodes may be bare metal servers, or they may be virtual machines resident on the infra-local-controller. So the minimum platform configuration is one global controller and one local controller (although the local controller can be run without a global controller).

Since, there are a few K8s clusters, let us define them:

• infra-global-controller-k8s :  This is the K8s cluster where infra-global-controller related containers are run.
• infra-local-controller-k8s:  This is the K8s cluster where the infra-local-controller related containers are run, which bring up compute nodes.
• application-k8s:  These are K8s clusters on compute nodes, where application workloads are run.

Flows & Sequence Diagrams

Image Added

Each edge location has infra local controller, which has a bootstrap cluster, which has all the components required to boot up the compute cluster.

Platform Architecture

Image Added

Infra-global-controller: 

   Administration involves

• First time bring up.
• Addition of new compute nodes in locations.
• Removal of compute nodes from locations
• Software patching
• Software upgrading

The infra-local-controller will be brought up in each location.  The infra-local-controller kubeconfig will be made known to the infra-global-controller. Beyond that, everything else is taken care by the infra-global-controller. The infra-global-controller communicates with various infra-local-controllers to do the job of software installation and provisioning.

Infra-global-controller runs in its own K8s cluster. All the components of infra-global-controllers are containers.  The following components are part of the infra-global-controller.

• Provisioning controller  (PC) Micro Services
• Binary Provisioning Manager (BPM) Micro services
• K8s Provisioning Manager (KPM) Micro-services
• Certificate and Secret Management (CSM) related Micro-services
• Cluster-API related Micro-services
• MongoDB for storing packages and OS images.
• Prometheus: Monitoring and alerting

...

SDEWAN CNF module is worked as a software-defined router located in each edge location and central hub K8s cluster to manage central-edge and edge-edge communication. It's functionality is realized via CNF (Containerized Network Function) and deployed by K8s, it is based on OpenWRT (an open-source project based on Linux, and used on embedded devices to route network traffic) and leverages Linux kernel functionality for packet processing to support network functionalities such as multiple wan link support (mwan3), firewall/SNAT/DNAT (fw3) , IPSec (strongswan) etc. It exposes Restful APIs for configuration, detail information can be found at: SDEWAN CNF

SDEWAN Configure Agent (also named SDEWAN Controller)  module is worked as K8s controller located in each edge location and central hub K8s cluster to support configuration of SDEWAN CNF functionalities (e.g. mwan3, firwall, SNAT, DNAT, IPSec etc.) and monitor SDEWAN CNF status. It exposes CRDs to support configuration via K8s API server for unified authentication and authorization, detail information can be found at: SDEWAN CRD Controller

Cloud Storage:

Cloud Storage (Cloud Storage Design) act as storage service and plugins, currently can divide into two parts:

1. Storage Service for Local controller: which used by BPA Rest Agent to provide storage service for image objects with binary, container and operating system. There are 2 solutions, MinIO and GridFS, with the consideration of Cloud native and Data reliability, we propose to use MinIO, which is CNCF project for object storage and compatible with Amazon S3 API, and provide language plugins for client application, it is also easy to deploy in K8s and flexible scale-out. MinIO also provide storage service for HTTP Server. Since MinIO need export volume in bootstrap, local-storage is a simple solution but lack of reliability for the data safety, we will switch to reliability volume provided by Ceph CSI RBD in next release. 
2. Optane Persistent Memory plugin in KUD, which can provide LVM and direct volumes on Optane PM namespaces, since the Optane PM has high performance and low latency compared with normal SSD storage device, it can be used as cache, metadata volume or other high throughput and low latency scenarios.

Software components:

...

Components

...

Link

...

Akraino Release target

...

Provision stack - Metal3

...

https://github.com/akraino-icn/baremetal-operator - v2.0-icn

...

R5

...

Host Operating system

...

Ubuntu 18.04

...

R5

...

NIC drivers

...

XL710 - https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/xl710-10-40-controller-datasheet.pdf

...

R5

...

Intel® Optane™ DC 256GB Persistent Memory Module  - 

https://www.intel.com/content/www/us/en/products/memory-storage/optane-dc-persistent-memory/optane-dc-256gb-persistent-memory-module.html

PMDK: Persistent Memory Development Kit - https://github.com/pmem/pmdk/

...

EMCO

(formerly known as ONAP4K8s)

...

https://github.com/open-ness/EMCO

...

R5

...

SDEWAN CNFs

...

https://github.com/akraino-edge-stack/icn-sdwan - v1.0

https://hub.docker.com/repository/docker/integratedcloudnative/openwrt - 0.3.1

...

R5

...

KUD

...

https://git.onap.org/multicloud/K8s/ 

...

R5

...

Kubespray

...

https://github.com/kubernetes-sigs/kubespray v2.14.1

...

R5

...

K8s

...

https://github.com/kubernetes/kubeadm - v1.18.9

...

R5

...

Docker

...

https://github.com/docker - 19.03

...

R5

...

Virtlet

...

https://github.com/Mirantis/virtlet -1.4.4

...

R5

...

SDN - OVN

...

https://github.com/akraino-icn/ovn/ - v20.06.0

(mirror repo - https://github.com/ovn-org/ovn)

...

R5

...

https://github.com/akraino-icn/ovs - v2.14.0

(mirror repo - https://github.com/openvswitch/ovs )

...

Ansible

...

https://github.com/ansible/ansible - 2.9.7

...

R5

...

Helm

...

https://github.com/helm/helm - 3.2.4

...

R5

...

Istio

...

https://github.com/istio/istio - 1.0.3

...

R5

...

Rook/Ceph

...

https://rook.io/docs/rook/v1.0/helm-operator.html v1.0

...

R5

...

MetalLB

...

https://github.com/danderson/metallb/releases - v0.7.3

...

R5

...

https://github.com/akraino-edge-stack/icn-sdwan - v1.0

https://hub.docker.com/repository/docker/integratedcloudnative/sdewan-controller - 0.3.0

...

Node Feature Discovery

...

https://github.com/kubernetes-sigs/node-feature-discovery  - v0.7.0

...

R5

...

CNI

...

https://github.com/coreos/flannel/ - v0.12.0

https://github.com/containernetworking/cni - release tag v0.7.0

https://github.com/containernetworking/plugins - v0.8.7

https://github.com/akraino-icn/multus-cni - v3.7

https://github.com/k8snetworkplumbingwg/sriov-cni

...

R5

...

) etc. It exposes Restful APIs for configuration, detail information can be found at: SDEWAN CNF

SDEWAN Configure Agent (also named SDEWAN Controller)  module is worked as K8s controller located in each edge location and central hub K8s cluster to support configuration of SDEWAN CNF functionalities (e.g. mwan3, firwall, SNAT, DNAT, IPSec etc.) and monitor SDEWAN CNF status. It exposes CRDs to support configuration via K8s API server for unified authentication and authorization, detail information can be found at: SDEWAN CRD Controller

Cloud Storage:

Cloud Storage (Cloud Storage Design) act as storage service and plugins, currently can divide into two parts:

1. Storage Service for Local controller: which used by BPA Rest Agent to provide storage service for image objects with binary, container and operating system. There are 2 solutions, MinIO and GridFS, with the consideration of Cloud native and Data reliability, we propose to use MinIO, which is CNCF project for object storage and compatible with Amazon S3 API, and provide language plugins for client application, it is also easy to deploy in K8s and flexible scale-out. MinIO also provide storage service for HTTP Server. Since MinIO need export volume in bootstrap, local-storage is a simple solution but lack of reliability for the data safety, we will switch to reliability volume provided by Ceph CSI RBD in next release. 
2. Optane Persistent Memory plugin in KUD, which can provide LVM and direct volumes on Optane PM namespaces, since the Optane PM has high performance and low latency compared with normal SSD storage device, it can be used as cache, metadata volume or other high throughput and low latency scenarios.

Software components:

Please refer to list of software components in the ICN R5 Release Notes

Hardware and Software Management

...

Licensing

Refer Software Components list

...