Comments (4)
1: you can define different allocation_pools for both. So, you provide the same CIDR, but divide the CIDR into two non-overlapping allocation pools
Yeah I guess a ValidationWebhook could make sure allocation_pools are not overlapping between DanmNetes
2: technically would be possible, but practically speaking as you say network administration is an operator responsibility. Deployment / Pod etc. manifests are usually submitted to the cluster by an application though, or by an application deployment engineer. The two roles are usually separate, done by different users, having different set of privileges.
If we would allow applications to overrule administrators, and then use networks not meant for them would be a violation of data privacy.
E.g. operator creates "flannel" NetworkType DanmNet in namespace vnf1, but not in vnf2. Application in vnf2 should not be able to use this network from namespace vnf1, and thus connect to a network it is not allowed to.
BTW I'm not against providing a configuration interface for defining cluster-wide networks, but it shall be done in a way that still only operators can access that configuration interface.
from danm.
I guess a ValidationWebhook could make sure allocation_pools are not overlapping between DanmNetes
->>>> Is this Webhook planned in future releases?
BTW I'm not against providing a configuration interface for defining cluster-wide networks, but it shall be done in a way that still only operators can access that configuration interface.
->>>> For example products like CSCF,HSS(UDM)... Can share the common OAM network created in different namespace in same cluster. Is there any plan to support this kind of configuration.
from danm.
1: A Webhook is definitely planned, we even have an issue open for that. Though the primary focus of the hook would be validating other things, but this is a good additional use-case for the component.
Will record it in its own thread
2: For the time being as I described above you can have achieve this configuration by splitting the allocation pool between namespaces.
I don't have a proposal right now for the long run, we need to figure out the right configuration interface.
If you don't mind I will close the issue case I think it is answered, but I will expand the validator use-case list, and will discuss how to approach concept of cluster-wide networks.
If we have a good way I'm gonna open a new Issue specifically for it. Ofc we are also open to suggestions, as long as the main constraint of network management being operator responsibility remains as-is.
from danm.
(for the second purpose you can also use Flannel BTW. as Flannel manages its own IPs, you don't need to define CIDR, and allocation pool parameters per namespace)
from danm.
Related Issues (20)
- spoof check is turning on automatically while using vf's from mellanox nic HOT 4
- Build fail HOT 1
- failed to get Pod info from K8s API server due to:Unauthorized HOT 1
- cannot create pod due to `Error delegating ADD to CNI plugin:flannel because:OS exec call failed:missing network name` HOT 2
- Unable to deploy the pod with SRIOV-VF's HOT 4
- add ipv6 address to network interface fail HOT 3
- Support building danm with default CRI HOT 2
- IP Address allocation fails HOT 15
- Tenant network always loss ipvlan link HOT 4
- How to check what is the VF getting assigned to a POD/container while created? HOT 1
- SRIOV VF not released back to resource pool HOT 3
- Error delegating ADD to CNI plugin:calico because:OS exec call failed:invalid configuration: no configuration has been provided, try setting KUBERNETES_MASTER environment variable HOT 2
- Support for NodePort service on secondary POD interfaces HOT 3
- How to use host-device plugin? HOT 1
- "Static IP allocation failed", requested IP address already in use HOT 2
- CNI delegation failed due to error:Error delegating ADD to CNI plugin:sriov because:OS exec call faild:netplugin failed with no error message HOT 2
- danm/calico: pod to pod communication does not traverse nodes HOT 6
- Not able to deploy Danm 4.3.0 in kubernetes 1.21.8 using installer job. HOT 1
- [v4.3.0] - invalid version: module contains a go.mod file, so module path must match major version HOT 1
- Ipv6 global mngtmpaddr dynamic address observed in interface HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from danm.