loader

KubeSlice Overview
Introduction

KubeSlice combines network, application, Kubernetes, and deployment services in a framework to accelerate application deployment in a multi-cluster, multi-tenant environment. KubeSlice achieves this by creating logical application “slice” boundaries which allow pods and services to communicate seamlessly across clusters, clouds, edges, and data centers.

Why KubeSlice?

As enterprises expand application architectures to span multiple clusters located either in data centers, cloud provider regions, or across cloud providers, Kubernetes clusters need the ability to fully integrate connectivity and pod to pod communications with namespace propagation across clusters.

KubeSlice enables the creation of multiple logical slices in a single cluster or group of clusters regardless of their physical location.  Existing intra-cluster communication remains local to the cluster utilizing the CNI interface.  Native KubeSlice configuration allows for isolation of network traffic between clusters by creating an overlay network for inter-cluster communication.

KubeSlice accomplishes this by adding a second interface to the pod allowing for local traffic to remain on the CNI interface, and traffic bound for external clusters route over the overlay network to its destination pod making KubeSlice CNI agnostic.

KubeSlice solves the complex problem of overlapping IP addressing between cloud providers, data centers, and edge locations. The overlay network is configured with a non-overlapping RFC1918 address space. Since KubeSlice creates network isolation, KubeSlice also takes the responsibility of allocating subnets that are configurable based on the number of pods that are allocated to have inter-cluster reachability. In addition, the same RFC1918 address can be configured across multiple slices created on the same cluster or cluster sets further simplifying ip address management.

KubeSlice offers services that dramatically increase application velocity for platform and product teams in order to achieve uniformity for applications in multi-cluster environments.

KubeSlice Features

Services

Feature

Description

Application

Namespace Sameness

Allows the freedom to deploy applications across clusters, coupled with the ability to have automatic privileges.

Service Exports and Service Imports

Automatic service imports and exports allow for service discovery across cluster boundaries.

Micro-Segmentation

Allows micro-segmentation by association of application namespaces

Network

East-West cluster communication

Enabled by automatically creating tunnels between clusters, on a per slice basis, establishing an overlay network enabling service-to-service communication as a flat Layer 3 network. Kubeslice can also be configured to utilize East-West ingress and egress gateways.

North-South Ingress Traffic

Applications requiring additional controls and authentication may choose to communicate via North-South traffic patterns utilizing Ingress gateways.

Remove IP Addressing Complexity

KubeSlice solves the complex problem of IP addressing between clusters across cloud providers, data centers and edge locations. The overlay network is configured with a non-overlapping RFC1918 address space removing overlapping CNI CIDR concerns.

QoS Profiling

Slices in a cluster have a QoS profile defined per slice, allowing granular traffic control inside and across clusters.

Security

Cross cluster Layer 3 secure connectivity

KubeSlice gateway nodes establish encrypted VPN tunnels between all registered clusters.

Network Policy Management

Kubernetes provides Network Policies which are normalized across all clusters registered in the slice configuration can be tied to a slice forming network segmentation at Layer 3 that allow/deny traffic to applications external from the slice namespaces.

Multi-Tenancy

KubeSlice manages namespaces defined at slice creation that are associated with the slice creating application isolation and blast radius.

KubeSlice Architecture

Architecture


< PREVIOUS
KubeSlice Overview KubeSlice combines network, application, Kubernetes, and deployment services in a framework to accelerate application deployment in a multi-cluster, multi-tenant environment. KubeSlice achieves this by creating logical application “slice” boundaries which allow pods and services to communicate seamlessly across clusters, clouds, edges, and data centers. Read More
NEXT >
Architecture KubeSlice is a set of cloud resident controller services and Kubernetes native network services that operators can use to build and manage application slices. The application slice is the key construct of KubeSlice that allows for the creation of logical slices in a single cluster or across clusters designed to group application pods based on one or more organizing principles such as organization, department, application, compliance, and governance to name a few. Read More