IPAM for Multi Network Interface

From version 1.1, the IPAM part of Kube-OVN can provides subnet and static ip allocation functions to other CNI plugins, such as macvlan/vlan/host-device.

How it works

By using Intel Multus CNI, we can attach multiple network interfaces into a Kubernetes Pod.
However, we still need some cluster-wide IPAM utilities to manage IP addresses for multi network to better mange other CNI plugins.
In Kube-OVN we already has CRDs like Subnet and IP and functions for advanced IPAM like ip reservation, random allocation, static allocation and so on.
We extend the Subnet to network providers other than ovn, so other CNI plugins can take use all the IPAM functions already exist in Kube-OVN.

Work Flow

The diagram below shows how Kube-OVN allocate address for other CNI plugins. The default ovn eht0 network still goes the same way as before.
The net1 network comes from the NetworkAttachmentDefinition defined by multus-cni.
When a new pod appears, the kube-ovn-controller will read the pod annotations and find an available address then write it to the pod annotations.
Then on the CNI side, the attached CNI plugins can chain kube-ovn-ipam as the ipam plugin, which will read the pod annotations above and return the allocated address to the attached CNI plugins.

Limitation

Kube-OVN now uses ovn network as the pod default network, other network can only act as network attachments.
We will fully separate the IPAM functions to provide a more general IPAM later.

topology

How to use it

Install Kube-OVN and Multus-CNI

Please refer to Kube-OVN installation and Multus how to use to install Kube-OVN and Multus-CNI.

Create network attachment definition

We use macvlan as the second container network and chain it with kube-ovn ipam.

  1. apiVersion: "k8s.cni.cncf.io/v1"
  2. kind: NetworkAttachmentDefinition
  3. metadata:
  4.   name: macvlan
  5.   namespace: default
  6. spec:
  7.   config: '{
  8.       "cniVersion": "0.3.0",
  9.       "type": "macvlan",
  10.       "master": "eth0",
  11.       "mode": "bridge",
  12.       "ipam": {
  13.         "type": "kube-ovn",
  14.         "server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
  15.         "provider": "macvlan.default"
  16.       }
  17.     }'

type: Should be kube-ovn to invoke Kube-OVN plugin to fetch the address

server_socket: Is the socket file that Kube-OVN plugin communicate with. Default location is /run/openvswitch/kube-ovn-daemon.sock

provider: The <namespace>.<name> of this NetworkAttachmentDefinition, Kube-OVN plugin will later use it to find the related subnet.

Create a Kube-OVN subnet

Create a Kube-OVN Subnet, set the desired cidr, exclude ips and the provider should be the related NetworkAttachmentDefinition

  1. apiVersion: kubeovn.io/v1
  2. kind: Subnet
  3. metadata:
  4.   name: macvlan
  5. spec:
  6.   protocol: IPv4
  7.   provider: macvlan.default
  8.   cidrBlock: 172.17.0.0/16
  9.   gateway: 172.17.0.1
  10.   excludeIps:
  11.   - 172.17.0.0..172.17.0.10

Other options like gateway, private, nat are not available for attachment network.

Create pod with multi network

For random allocation, just add the k8s.v1.cni.cncf.io/networks:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: samplepod
  5.   namespace: default
  6.   annotations:
  7.     k8s.v1.cni.cncf.io/networks: macvlan
  8. spec:
  9.   containers:
  10.   - name: samplepod
  11.     command: ["/bin/ash", "-c", "trap : TERM INT; sleep infinity & wait"]
  12.     image: alpine

Create Pod with static IP

For static allocation, add the <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_address annotations:

  1. apiVersion: v1
  2. kind: Pod
  3. metadata:
  4.   name: static-ip
  5.   namespace: default
  6.   annotations:
  7.     k8s.v1.cni.cncf.io/networks: macvlan
  8.     ovn.kubernetes.io/ip_address: 10.16.0.15
  9.     ovn.kubernetes.io/mac_address: 00:00:00:53:6B:B6
  10.     macvlan.default.kubernetes.io/ip_address: 172.17.0.100
  11.     macvlan.default.kubernetes.io/mac_address: 00:00:00:53:6B:BB
  12. spec:
  13.   containers:
  14.   - name: static-ip
  15.     image: nginx:alpine

Create Workload with static IP

For workload need ippool allocation, add the <networkAttachmentName>.<networkAttachmentNamespace>.kubernetes.io/ip_pool annotations:

  1. apiVersion: apps/v1
  2. kind: Deployment
  3. metadata:
  4.   namespace: default
  5.   name: static-workload
  6.   labels:
  7.     app: static-workload
  8. spec:
  9.   replicas: 2
  10.   selector:
  11.     matchLabels:
  12.       app: static-workload
  13.   template:
  14.     metadata:
  15.       labels:
  16.         app: static-workload
  17.       annotations:
  18.         k8s.v1.cni.cncf.io/networks: macvlan
  19.         ovn.kubernetes.io/ip_pool: 10.16.0.15,10.16.0.16,10.16.0.17
  20.         macvlan.default.kubernetes.io/ip_pool: 172.17.0.200,172.17.0.201,172.17.0.202
  21.     spec:
  22.       containers:
  23.       - name: static-workload
  24.         image: nginx:alpine