Today, we are happy to release Romana v2.0 for general availability. It includes important architectural advances that increase deployment flexibility and simplify operations. Romana v2.0 was available in a preview release for over three months and has gone through extensive testing. During that time, it has proven to be stable and scalable for production deployments on hundreds of nodes in EC2, as well as in datacenters with complex multi-network topologies.
Romana v2.0 includes new topology aware IP address management and network advertisement for deployment in routed networks. Also in Romana v2.0 are Romana VIPs, which lets on premises Kubernetes clusters expose services on their datacenter network with automatic failover to other nodes, without an external load balancer.
Topology aware IPAM and network advertisement
Fundamental to Romana is intelligent IP address management that lets real network CIDRs define isolation boundaries for microsegmentation. This has numerous advantages including eliminating overlays and the ability to use route aggregation to minimize network updates, which enables higher performance and simpler, more secure operations.
Maintaining address boundaries is also important for integration with legacy security infrastructure since most enterprise still rely on VLAN segmentation.
Romana v1.x IPAM provided simple IP address allocation, which in some circumstances could result in inefficient use of addresses. Topology aware IPAM lets operators capture network topology so that Kubernetes has the flexibility it needs to schedule pods anywhere on the network, even across different subnets, without requiring additional route updates.
With address prefixes set by network topology, upstream network devices are easily configured by announcing only the prefixes. Not only is this very fast and efficient, new endpoints are immediately reachable without requiring additional network updates. Defining networks in this way also allow routes to be filtering for a more secure network.
Romana v2.0 supports both BGP and OSPF protocols for network advertisement.
Network advertisement in EC2
For network advertisement in EC2, Romana v2.0 updates the VPC route table directly via the API in a manner similar to kubnet’s EC2 cloud provider function. This lets applications use native VPC networking, avoid an overlay and deliver the highest network performance possible.
In addition, unlike kubnet, Romana aggregates routes. This means that large clusters can be built without running out of VPC routes. Romana v2.0 configures Kubernetes nodes to forward traffic to other nodes, effectively turning them into routers. More details are available here.
Romana performs healthchecks and configures a failover route on instance failure. Robust routing with automatic failover allows users to confidently build HA clusters across availability zones that use native VPC networking.
Together, these new features enable native VPC networking on clusters of any size deployed on one or more zones.
Kubernetes users running on premises that want an easy way to expose their services outside a cluster on their datacenter network can use ExternalIPs. Although ExternalIPs are simple, they represent a single point of failure for the service and require manual allocation and configuration on the nodes. When there are many to configure, this can be tedious and prone to error. Romana VIPs are a solution to these problems.
Romana VIPs are defined by an annotation in a service spec. Romana then automatically brings up that IP on a node. Romana chooses a node with a pod running locally to avoid network latency within the cluster. When a node with a Romana VIP fails, Romana will bring up the VIP on a new node, providing failover for external services.
Romana VIPs are useful for exposing services that only need simple kubeproxy load balancing across pods. Romana VIPs can also be used to expose individual pods when a stable IP is required, such as Cassandra and other Big Data applications. Romana VIPs work in conjunction with Romana DNS, which can be deployed as a service discovery mechanism for individual pods exposed outside of a cluster.
Romana v2.0 available now
Romana v2.0 is available today, here on GitHub. See release notes for details on supported capabilities and configurations.