Alauda Container Platform

Configuring Kube-OVN Network to Support Pod Multi-Network Interfaces (Alpha)

By using Multus CNI, you can add multiple network interfaces with different networks to Pods. Use Kube-OVN network's Subnet and IP CRDs for advanced IP management, implementing subnet management, IP reservation, random allocation, fixed allocation, and other features.

TOC

Installing Multus CNI

Deploying the Multus CNI Plugin

  1. Go to Administrator.

  2. In the left navigation bar, click Marketplace > Cluster Plugins.

  3. In the search bar, type "multus" to find the Multus CNI plugin.

  4. Locate the "Alauda Container Platform Networking for Multus" plugin in the list.

  5. Click the three dots (⋮) next to the plugin entry and select Install.

  6. The plugin will be deployed to your cluster. You can monitor the installation status in the State column.

NOTE

The Multus CNI plugin serves as middleware between other CNI plugins and Kubernetes, enabling Pods to have multiple network interfaces.

Creating Subnets

Create an attachnet subnet according to the following example: network-attachment-definition.yml.

NOTE

The provider format in config is <NAME>.<NAMESPACE>.ovn, where <NAME> and <NAMESPACE> are the name and namespace of this NetworkAttachmentDefinition CR respectively.

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: attachnet
  namespace: default
spec:
  config: '{
      "cniVersion": "0.3.0",
      "type": "kube-ovn",
      "server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
      "provider": "attachnet.default.ovn"
    }'

After creation, apply the resource:

kubectl apply -f network-attachment-definition.yml

Use the following example to create the Kube-OVN subnet for the second network interface: subnet.yml.

NOTE
  • spec.provider must be consistent with the provider in NetworkAttachmentDefinition.
  • If you need to use an Underlay subnet, set the spec.vlan of the subnet to the VLAN CR name you want to use. Configure other subnet parameters as needed.
apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
  name: subnet1
spec:
  cidrBlock: 172.170.0.0/16
  provider: attachnet.default.ovn

After creation, apply the resource:

kubectl apply -f subnet.yml

Creating Pod with Multiple Network Interfaces

Create a pod according to the following example.

NOTE
  • The metadata.annotations must contain a key-value pair k8s.v1.cni.cncf.io/networks=default/attachnet, where the value format is <NAMESPACE>/<NAME>, and <NAMESPACE> and <NAME> are the namespace and name of the NetworkAttachmentDefinition CR respectively.
  • If the Pod needs three network interfaces, configure the value of k8s.v1.cni.cncf.io/networks as default/attachnet,default/attachnet2.
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  annotations:
    k8s.v1.cni.cncf.io/networks: default/attachnet
spec:
  containers:
  - name: web
    image: nginx:latest
    ports:
    - containerPort: 80

After the Pod is created successfully, use the command kubectl exec pod1 -- ip a to view the Pod's IP addresses.

Verifying Dual Network Interface Creation

Use the following command to verify that the dual network interfaces have been created successfully:

kubectl exec pod1 -- ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
151: eth0@if152: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1400 qdisc noqueue state UP
    link/ether a6:3c:d8:ae:83:06 brd ff:ff:ff:ff:ff:ff
    inet 10.3.0.8/16 brd 10.3.255.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::a43c:d8ff:feae:8306/64 scope link
       valid_lft forever preferred_lft forever
153: net1@if154: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1400 qdisc noqueue state UP
    link/ether 0a:36:08:01:dc:df brd ff:ff:ff:ff:ff:ff
    inet 172.170.0.3/16 brd 172.170.255.255 scope global net1
       valid_lft forever preferred_lft forever
    inet6 fe80::836:8ff:fe01:dcdf/64 scope link
       valid_lft forever preferred_lft forever

Additional Features

Fixed IP

  • Primary Network Interface (First Interface): If you need to fix the IP of the primary network interface, the method is the same as using a fixed IP with a single network interface. Add the annotation ovn.kubernetes.io/ip_address=<IP> to the Pod.

  • Secondary Network Interface (Second Interface or Other Interfaces): The basic method is similar to the primary network interface, with the difference that the ovn in the Annotation Key is replaced with the corresponding NetworkAttachmentDefinition provider. Example: attachnet.default.ovn.kubernetes.io/ip_address=172.170.0.101.

Additional Routes

Starting from version 1.8.0, Kube-OVN supports configuring additional routes for secondary network interfaces. When using this feature, add the routers field to the config in NetworkAttachmentDefinition and fill in the routes you need to configure. Example:

apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: attachnet
  namespace: default
spec:
  config: '{
      "cniVersion": "0.3.0",
      "type": "kube-ovn",
      "server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
      "provider": "attachnet.default.ovn",
      "routes": [
        {
          "dst": "19.10.0.0/16"
        },
        {
          "dst": "19.20.0.0/16",
          "gw": "19.10.0.1"
        }
      ]
    }'