Why danm CNI k8s namespace and pods namespace should be same?? about danm HOT 4 CLOSED

1: you can define different allocation_pools for both. So, you provide the same CIDR, but divide the CIDR into two non-overlapping allocation pools
Yeah I guess a ValidationWebhook could make sure allocation_pools are not overlapping between DanmNetes

2: technically would be possible, but practically speaking as you say network administration is an operator responsibility. Deployment / Pod etc. manifests are usually submitted to the cluster by an application though, or by an application deployment engineer. The two roles are usually separate, done by different users, having different set of privileges.
If we would allow applications to overrule administrators, and then use networks not meant for them would be a violation of data privacy.
E.g. operator creates "flannel" NetworkType DanmNet in namespace vnf1, but not in vnf2. Application in vnf2 should not be able to use this network from namespace vnf1, and thus connect to a network it is not allowed to.

BTW I'm not against providing a configuration interface for defining cluster-wide networks, but it shall be done in a way that still only operators can access that configuration interface.

from danm.

I guess a ValidationWebhook could make sure allocation_pools are not overlapping between DanmNetes
->>>> Is this Webhook planned in future releases?

BTW I'm not against providing a configuration interface for defining cluster-wide networks, but it shall be done in a way that still only operators can access that configuration interface.
->>>> For example products like CSCF,HSS(UDM)... Can share the common OAM network created in different namespace in same cluster. Is there any plan to support this kind of configuration.

from danm.

1: A Webhook is definitely planned, we even have an issue open for that. Though the primary focus of the hook would be validating other things, but this is a good additional use-case for the component.
Will record it in its own thread

2: For the time being as I described above you can have achieve this configuration by splitting the allocation pool between namespaces.
I don't have a proposal right now for the long run, we need to figure out the right configuration interface.

If you don't mind I will close the issue case I think it is answered, but I will expand the validator use-case list, and will discuss how to approach concept of cluster-wide networks.
If we have a good way I'm gonna open a new Issue specifically for it. Ofc we are also open to suggestions, as long as the main constraint of network management being operator responsibility remains as-is.

from danm.

(for the second purpose you can also use Flannel BTW. as Flannel manages its own IPs, you don't need to define CIDR, and allocation pool parameters per namespace)

from danm.