How Raven Enables Non-Intrusive Cross-Edge Container Networking in OpenYurt v0.7.0

Release Overview

OpenYurt v0.7.0 (released 27 May 2023) introduces the Raven solution for cross‑public‑network pod communication in a single‑cluster edge environment. It adds support for EdgeX Foundry LTS (Jakarta), Kubernetes v1.22, and IPv6 networking.

Problem Statement

In edge deployments, pods located in different physical edge zones (edge‑edge or edge‑cloud) must communicate using Pod IP, Service IP or DNS name, but native CNI plugins only route intra‑zone traffic. Existing YurtTunnel only handles operational traffic and does not provide container‑network connectivity across zones.

Raven Architecture

Raven is designed to be non‑intrusive, compatible with existing CNI plugins (Flannel, Calico, etc.), and to secure cross‑zone traffic with IPsec tunnels.

Raven Controller Manager – deployed as a Deployment on selected cloud nodes. It watches node status, creates a Gateway custom resource for each edge node pool, selects a gateway node, and performs failover when the gateway becomes unavailable. All cross‑zone traffic is directed to the selected gateway.

Raven Agent – deployed as a DaemonSet on every node. Depending on the node role (gateway or non‑gateway) it configures routing tables or establishes an IPsec VPN tunnel to the gateway.

The two components exchange configuration through the Gateway CRD defined in the controller manager repository.

Key Features

Non‑intrusive: only cross‑zone traffic is intercepted; intra‑pool traffic uses the native CNI.

Security: IPsec encrypts all cross‑zone packets.

Compatibility: works with Flannel, Calico and other CNI plugins without modification.

Performance: prefers direct edge‑to‑edge VPN tunnels, avoiding unnecessary routing through a central cloud node.

Platform Support

EdgeX Foundry LTS (Jakarta)

Raven adds compatibility with EdgeX Jakarta (API v2). Integration logic and related CRDs were updated accordingly.

Kubernetes v1.22

Adaptations include handling the removal of v1beta1.CSR, updating CSR.signerName validation, supporting Service Topology via EndpointSlice, and adjusting YurtTunnel for the removal of the StreamingProxyRedirects feature gate.

IPv6 Networking

When the underlying CNI supports IPv6, Raven updates Yurthub and YurtTunnel to configure IPv6 routes and certificates.

Installation

Clone and deploy the two components:

git clone https://github.com/openyurtio/raven-controller-manager.git
cd raven-controller-manager
# apply CRDs and deploy controller manager
kubectl apply -f config/crd
kubectl apply -f config/manager

git clone https://github.com/openyurtio/raven.git
cd raven
# deploy daemonset on all nodes
kubectl apply -f deploy/agent.yaml

The Gateway CRD source can be inspected at:

https://github.com/openyurtio/raven-controller-manager/blob/main/pkg/ravencontroller/apis/raven/v1alpha1/gateway_types.go

Future Work

Development of OpenYurt v0.8.0 is ongoing, with SIGs for ControlPlane, DataPlane and IoT coordinating more than 15 projects. The roadmap is available at https://github.com/openyurtio/openyurt/blob/master/docs/roadmap.md#v080-roadmap.