-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why danm CNI k8s namespace and pods namespace should be same?? #49
Comments
1: you can define different allocation_pools for both. So, you provide the same CIDR, but divide the CIDR into two non-overlapping allocation pools 2: technically would be possible, but practically speaking as you say network administration is an operator responsibility. Deployment / Pod etc. manifests are usually submitted to the cluster by an application though, or by an application deployment engineer. The two roles are usually separate, done by different users, having different set of privileges. BTW I'm not against providing a configuration interface for defining cluster-wide networks, but it shall be done in a way that still only operators can access that configuration interface. |
I guess a ValidationWebhook could make sure allocation_pools are not overlapping between DanmNetes BTW I'm not against providing a configuration interface for defining cluster-wide networks, but it shall be done in a way that still only operators can access that configuration interface. |
1: A Webhook is definitely planned, we even have an issue open for that. Though the primary focus of the hook would be validating other things, but this is a good additional use-case for the component. 2: For the time being as I described above you can have achieve this configuration by splitting the allocation pool between namespaces. If you don't mind I will close the issue case I think it is answered, but I will expand the validator use-case list, and will discuss how to approach concept of cluster-wide networks. |
(for the second purpose you can also use Flannel BTW. as Flannel manages its own IPs, you don't need to define CIDR, and allocation pool parameters per namespace) |
Hi ,
I have 2 questions , here
How the ipam management is done, If we create a same network(subnet) in 2 different namespaces? Can this be handled using Admission controller?
Since CNI (Danmnets) creation is the Administrator responsibility ,May not have been deployed in different namespace. Can we provide a option in Annotation block to provide a k8S namespace as well along with other details?
Please share your opinion on these 2 questions/Issues.
Br,
Anand
The text was updated successfully, but these errors were encountered: