Experimental version. The functionality may undergo significant changes. Compatibility with future versions is not guaranteed.

Introduction

This guide describes the process of creating and modifying resources to manage a software-defined network.

Preparing the сluster for module use

Initial infrastructure setup:

  • For creating additional networks based on tagged VLANs:

    • Allocate VLAN ID ranges on the data center switches and configure them on the corresponding switch interfaces.
    • Reserve physical interfaces on the nodes for subsequent configuration of tagged VLAN interfaces. You can reuse interfaces already used by the DKP local network.

  • For creating additional networks based on direct, untagged access to a network interface:

    • Reserve separate physical interfaces on the nodes and connect them into a single local network at the data center level.

After enabling the module, NodeNetworkInterface resources will automatically appear in the cluster, reflecting the current state of the nodes:

$ kubectl get nodenetworkinterface
NAME                            MANAGEDBY   NODE           TYPE     IFNAME           IFINDEX   STATE      AGE
virtlab-ap-0-nic-1c61b4a68c2a   Deckhouse   virtlab-ap-0   NIC      eth1             3         Up         35d
virtlab-ap-0-nic-fc34970f5d1f   Deckhouse   virtlab-ap-0   NIC      eth0             2         Up         35d
virtlab-ap-1-nic-1c61b4a6a0e7   Deckhouse   virtlab-ap-1   NIC      eth1             3         Up         35d
virtlab-ap-1-nic-fc34970f5c8e   Deckhouse   virtlab-ap-1   NIC      eth0             2         Up         35d
virtlab-ap-2-nic-1c61b4a6800c   Deckhouse   virtlab-ap-2   NIC      eth1             3         Up         35d
virtlab-ap-2-nic-fc34970e7ddb   Deckhouse   virtlab-ap-2   NIC      eth0             2         Up         35d

In this example, each cluster node has two network interfaces: eth0 (DKP local network) and eth1 (dedicated interface for additional networks).

Next, you need to label the reserved interfaces with an appropriate tag for additional networks:

$ kubectl label nodenetworkinterface virtlab-ap-0-nic-1c61b4a68c2a nic-group=extra
$ kubectl label nodenetworkinterface virtlab-ap-1-nic-1c61b4a6a0e7 nic-group=extra
$ kubectl label nodenetworkinterface virtlab-ap-2-nic-1c61b4a6800c nic-group=extra

Configuring and connecting additional networks for workloads

Administrative resources

ClusterNetwork

To create a network available to all projects, use the ClusterNetwork interface.

Example for a network based on tagged traffic:

apiVersion: network.deckhouse.io/v1alpha1
kind: ClusterNetwork
metadata:
  name: my-cluster-network
spec:
  type: Vlan
  vlan:
    id: 900
  parentNodeNetworkInterfaces:
    labelSelector:
      matchLabels:
        nic-group: extra # manually applied label on NodeNetworkInterface resources

Example for a network based on direct interface access:

apiVersion: network.deckhouse.io/v1alpha1
kind: ClusterNetwork
metadata:
  name: my-cluster-network
spec:
  type: Access
  parentNodeNetworkInterfaces:
    labelSelector:
      matchLabels:
        nic-group: extra # manually applied label on NodeNetworkInterface resources
NetworkClass

The NetworkClass interface is used to allow users to create their own dedicated networks based on tagged traffic while preventing them from affecting the infrastructure. It provides:

  • Restriction of the set of physical network devices on the nodes.
  • Limitation of the VLAN ID ranges available to users.

Example:

apiVersion: network.deckhouse.io/v1alpha1
kind: NetworkClass
metadata:
  name: my-network-class
spec:
  vlan:
    idPool:
    - 600-800
    - 1200
    parentNodeNetworkInterfaces:
      labelSelector:
        matchLabels:
          nic-group: extra

User resources/Custom resources

Network

To create a project-specific network, use the Network resource:

apiVersion: network.deckhouse.io/v1alpha1
kind: Network
metadata:
  name: my-network
  namespace: my-namespace
spec:
  networkClass: my-network-class # mandatory
  type: Vlan
  vlan:
    id: 601 # optional, but must be from the pool

Notes:

  • You cannot create networks of the Access type using the Network resource.
  • If spec.vlan.id is not specified, it will be automatically allocated from the pool and assigned to the network.

Connecting additional networks to pods

Additional networks are configured using a pod annotation:

network.deckhouse.io/networks-spec: |
  [
    {
      "type": "Network",
      "name": "my-network",
      "ifName": "veth_mynet",    #tap interface name inside the pod (optional)
      "mac": "aa:bb:cc:dd:ee:ff" # MAC address to assign to the tap interface (optional)
    },
    {
      "type": "ClusterNetwork",
      "name": "my-cluster-network",
      "ifName": "veth_public",
    }
  ]