ACI Containers


Once you initialize the integration, kubernetes will download in each node a series of containers that perform different functions for the operations of the CNI. Using the same micro-services architecture the deployment runs a series of containers with different functions.

ACI Container controller

The ACI container controller is a deployment in the kubernetes cluster that runs the noiro/aci-container-controller container. This container perform the following functions:

  • Handles Kubernetes IP Address Management (IPAM)
  • Keeps track of Kubernetes endpoint state
  • Performs Policy Mapping (using annotations)
  • Controls Load Balancing (monitors K8s endpoint objects)
  • Pushes configurations into the APIC cluster

kubectl get deployments -n kube-system

NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
aci-containers-controller   1/1     1            1           17h
coredns                     2/2     2            2           18h

Using docker ps to see the active containers you can see see the current running containers.

docker ps | grep noiro

We have cut some columns to make it fit easier in the documentation.

564adff3a43f  noiro/aci-containers-host     "/usr/local/bin/la..."   k8s_aci-containers-host_aci-containers-host-v2g4g_kube-system_cad70285-65a5-11e8-a8b3-005056181903_3
3e9fddfdaa58  noiro/opflex                  "/bin/sh /usr/loca..."   k8s_mcast-daemon_aci-containers-host-v2g4g_kube-system_cad70285-65a5-11e8-a8b3-005056181903_2
ef863fc900fd  noiro/opflex                  "/usr/local/bin/la..."   k8s_opflex-agent_aci-containers-host-v2g4g_kube-system_cad70285-65a5-11e8-a8b3-005056181903_2
9a273aa3cd85  noiro/openvswitch             "/usr/local/bin/la..."   k8s_aci-containers-openvswitch_aci-containers-openvswitch-r2z2t_kube-system_caed3faf-65a5-11e8-a8b3-005056181903_2

ACI Containers host

The ACI containers host is composed of three distinct containers.

  1. ACI Container Host (aci-containers-host)
    • Responsible to keep Endpoint metadata
    • Kubernetes POD IP Address management
    • Container Interface Configuration
  2. OpFlex Agent (opflex-agent)
    • Manage configuration of OVS to render policy to openflow rules to program OVS
    • Implements Stateful Security Groups
    • Handles loadbalanced services (connection tracking, natting, etc…)
  3. Multicast Daemon (mcast-daemon)
    • Handles Broadcast, unknown unicast and multicast replication

This managed as a daemonset in kubernetes

kubectl get daemonsets -n kube-system

aci-containers-host          3         3         3         3            3           [none]          9d
aci-containers-openvswitch   3         3         3         3            3           [none]          9d

ACI Containers OpenVSwitch

And finally the openvswitch container that manages the communications bewteen POD across the internal host. This container buils openvswitch flows that are in the kernel shared across the different pods.

  • Bridge and route traffic between PODs and/or between PODs and physical interfaces
  • Enforce policies (Kubernetes NetworkPolicies and/or ACI Contracts)