'Kubernetes NetworkAttachmentDefinition

currently I'm running a Kubernetes Cluster.

Host Network: 10.17.20.x Docker Network: 172.17.60.x

Im running a RabbitMQ pod which has the IP: 172.17.60.217 Annotations:

  • cni.projectcalico.org/podIP: 172.17.60.217/32 cni.projectcalico.org/podIPs: 172.17.60.217/32

All my pods need to be connected to RabbitMQ. This works quite fine. I need to run pod "A" as macvlan cause it needs to be reachable from the Hostnetwork for peripherie.

So from the topology point of view. My pod "A" need to have two Network interfaces to be able to connect to rabbitmq 172.17.60.217 and get a Hostnetwork IP assigned. Therefore a came up with NetworkAttachmentDefinitions. My Plan was to create a NetworkAttachment to assign a IP from the Hostnetwork.

NetworkAttachmentDefinition:
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-conf
spec:
  config: '{
      "cniVersion": "0.3.1",
      "plugins": [
        {
          "type": "macvlan",
          "capabilities": { "ips": true },
          "master": "ens224",
          "mode": "bridge",
          "ipam": {
            "type": "static",
            "routes": [
              {
                "dst": "0.0.0.0/0",
                "gw": "10.17.20.1"
              }
            ]
          }
        }
      ]
    }'

It seems that the IP's are assigned correct.

apiVersion: v1
kind: Pod
metadata:
  labels:
    run: udpechroute
  name: udpechoroute
  annotations:
  annotations:
    k8s.v1.cni.cncf.io/networks: '[ {
      "name": "macvlan-conf",
      "ips": [ "10.17.20.124/24" ],
      "route": [ "10.17.20.1" ]
      }]'
spec:
  containers:
  - image: alpine/socat:latest
    imagePullPolicy: Never
    name: udpecho
    args:
      - "-v"
      - "PIPE"
      - "udp-recvfrom:5553,fork"
  restartPolicy: Always
status: {}

kubectl describe pod udpechoroute

Name:         udpechoroute
Namespace:    kube-system
Priority:     0
Node:         openstack1/10.17.20.21
Start Time:   Fri, 26 Nov 2021 17:38:10 +0100
Labels:       run=udpechroute
Annotations:  cni.projectcalico.org/podIP: 172.17.60.206/32
              cni.projectcalico.org/podIPs: 172.17.60.206/32
              k8s.v1.cni.cncf.io/network-status:
                [{
                    "name": "",
                    "ips": [
                        "172.17.60.206"
                    ],
                    "default": true,
                    "dns": {}
                },{
                    "name": "kube-system/macvlan-conf",
                    "interface": "net1",
                    "ips": [
                        "10.17.20.124"
                    ],
                    "mac": "26:7f:a1:40:79:c9",
                    "dns": {}
                }]
              k8s.v1.cni.cncf.io/networks: [ { "name": "macvlan-conf", "ips": [ "10.17.20.124/24" ], "route": [ "10.17.20.1" ] }]
              k8s.v1.cni.cncf.io/networks-status:
                [{
                    "name": "",
                    "ips": [
                        "172.17.60.206"
                    ],
                    "default": true,
                    "dns": {}
                },{
                    "name": "kube-system/macvlan-conf",
                    "interface": "net1",
                    "ips": [
                        "10.17.20.124"
                    ],
                    "mac": "26:7f:a1:40:79:c9",
                    "dns": {}
                }]

[root@openstack1]# kubectl exec -it udpechoroute /bin/sh -- route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
10.17.20.0      *               255.255.255.0   U     0      0        0 net1
169.254.1.1     *               255.255.255.255 UH    0      0        0 eth0

[root@openstack1]# kubectl exec -it udpechowithoutan /bin/sh -- route

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         169.254.1.1     0.0.0.0         UG    0      0        0 eth0
169.254.1.1     *               255.255.255.255 UH    0      0        0 eth0

My Issue: I delpyoed a Pod which is not using any NetworkAttachmentDefinition so to know the Gateway information for the pod. But from my udpechoroute Pod I'm able to ping the RabbitMQ adresse but it cannot be reached from the peripherie on IP 10.17.20.124.

kubectl exec -it udpechoroute -- ping 172.17.60.217:

PING 172.17.60.217 (172.17.60.217): 56 data bytes
64 bytes from 172.17.60.217: seq=0 ttl=63 time=0.164 ms
64 bytes from 172.17.60.217: seq=1 ttl=63 time=0.131 ms
64 bytes from 172.17.60.217: seq=2 ttl=63 time=0.106 ms

From 10.17.20.x the Ping to 10.17.20.124 doesn't work.

Pinging 10.17.20.124 with 32 bytes of data:
Request timed out.

No Firewall rules are blocking the communication.

Do you have any idea what i did wrong?



Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source