English | 简体中文
SpiderIPPool resources represent the IP address ranges allocated by Spiderpool for Pods. To create SpiderIPPool resources in your cluster, refer to the SpiderIPPool CRD.
- Single-stack, dual-stack, and IPv6 Support
- IP address range control
- Gateway route control
- Exclusive or global default pool control
- Compatible with various resource affinity settings
Spiderpool supports three modes of IP address allocation: IPv4-only, IPv6-only, and dual-stack. Refer to configmap for details.
When installing Spiderpool via Helm, you can use configuration parameters to specify:
--set ipam.enableIPv4=true --set ipam.enableIPv6=true
.
If dual-stack mode is enabled, you can manually specify which IPv4 and IPv6 pools should be used for IP address allocation:
In a dual-stack environment, you can also configure Pods to only receive IPv4 or IPv6 addresses using the annotation
ipam.spidernet.io/ippool: '{"ipv4": ["custom-ipv4-ippool"]}'
.
apiVersion: apps/v1
kind: Deployment
metadata:
name: custom-dual-ippool-deploy
spec:
replicas: 3
selector:
matchLabels:
app: custom-dual-ippool-deploy
template:
metadata:
annotations:
ipam.spidernet.io/ippool: |-
{
"ipv4": ["custom-ipv4-ippool"],"ipv6": ["custom-ipv6-ippool"]
}
labels:
app: custom-dual-ippool-deploy
spec:
containers:
- name: custom-dual-ippool-deploy
image: busybox
imagePullPolicy: IfNotPresent
command: ["/bin/sh", "-c", "trap : TERM INT; sleep infinity & wait"]
For the priority rules when specifying the SpiderIPPool, refer to the Candidate Pool Acquisition.
You can use annotations like ipam.spidernet.io/ippool
or ipam.spidernet.io/ippools
on a Pod's annotation to indicate which IP pools should be used. The ipam.spidernet.io/ippools
annotation is primarily used for specifying multiple network interfaces. Additionally, you can specify multiple pools as fallback options. If one pool's IP addresses are exhausted, addresses can be allocated from the other specified pools.
ipam.spidernet.io/ippool: |-
{
"ipv4": ["demo-v4-ippool1", "backup-ipv4-ippool"],
"ipv6": ["demo-v6-ippool1", "backup-ipv6-ippool"]
}
When using the annotation ipam.spidernet.io/ippools
for specifying multiple network interfaces, you can explicitly indicate the interface name by specifying the interface
field. Alternatively, you can use array ordering to determine which IP pools are assigned to which network interfaces. Additionally, the cleangateway
field indicates whether a default route should be generated based on the gateway
field of the IPPool. When cleangateway
is set to true, it means that no default route needs to be generated (default is false).
In scenarios with multiple network interfaces, it is generally not possible to generate two or more default routes in the
main
routing table. The pluginCoordinator
already solved this problem and you can ignoreclengateway
field. If you want to use Spiderpool IPAM plugin alone, you can usecleangateway: true
to indicate that a default route should not be generated based on the IPPoolgateway
field.
ipam.spidernet.io/ippools: |-
[{
"ipv4": ["demo-v4-ippool1"],
"ipv6": ["demo-v6-ippool1"],
},{
"ipv4": ["demo-v4-ippool2"],
"ipv6": ["demo-v6-ippool2"],
"cleangateway": true
}]
ipam.spidernet.io/ippools: |-
[{
"interface": "eth0",
"ipv4": ["demo-v4-ippool1"],
"ipv6": ["demo-v6-ippool1"],
"cleangateway": true
},{
"interface": "net1",
"ipv4": ["demo-v4-ippool2"],
"ipv6": ["demo-v6-ippool2"],
"cleangateway": false
}]
You can annotate the Namespace with ipam.spidernet.io/default-ipv4-ippool
and ipam.spidernet.io/default-ipv6-ippool
. When deploying applications, IP pools can be selected based on these annotations of the application's namespace:
If IP pool is not explicitly specified, rules defined in the Namespace annotation take precedence.
apiVersion: v1
kind: Namespace
metadata:
annotations:
ipam.spidernet.io/default-ipv4-ippool: '["ns-v4-ippool1","ns-v4-ippool2"]'
ipam.spidernet.io/default-ipv6-ippool: '["ns-v6-ippool1","ns-v6-ippool2"]'
name: kube-system
...
You can specify the default IPv4 and IPv6 pools for an application in the CNI configuration file. For more details, refer to CNI Configuration
If IP pool is not explicitly specified using Pod Annotation and no IP pool is specified through Namespace annotation, the rules defined in the CNI configuration file take precedence.
{
"name": "macvlan-vlan0",
"type": "macvlan",
"master": "eth0",
"ipam": {
"type": "spiderpool",
"default_ipv4_ippool":["default-v4-ippool","backup-ipv4-ippool"],
"default_ipv6_ippool":["default-v6-ippool","backup-ipv6-ippool"]
}
}
In the SpiderIPPool CRD, the spec.default
field is a boolean type. It determines the cluster default pool when no specific IPPool is specified through annotations or the CNI configuration file:
- If no IP pool is specified using Pod annotations, and no IP pool is specified through Namespace annotations, and no IP pool is specified in the CNI configuration file, the system will use the pool defined by this field as the cluster default.
- Multiple IPPool resources can be set as the cluster default level.
apiVersion: spiderpool.spidernet.io/v2beta1
kind: SpiderIPPool
metadata:
name: master-172
spec:
default: true
...
Refer to SpiderIPPool Affinity for details.
Refer to Route Support for details.
As a result, Pods will receive the default route based on the gateway, as well as custom routes defined in the IP pool. If the IP pool does not have a gateway configured, the default route will not take effect.
To simplify the viewing of properties related to SpiderIPPool resources, we have added some additional fields that can be displayed using the kubectl get sp -o wide
command:
ALLOCATED-IP-COUNT
represents the number of allocated IP addresses in the pool.TOTAL-IP-COUNT
represents the total number of IP addresses in the pool.DEFAULT
indicates whether the pool is set as the cluster default level.DISABLE
indicates whether the pool is disabled.NODENAME
indicates the nodes have an affinity with the pool.MULTUSNAME
indicates the Multus instances have an affinity with the pool.APP-NAMESPACE
is specific to the SpiderSubnet feature. It signifies that the pool is automatically created by the system and corresponds to the namespace of the associated application.
~# kubectl get sp -o wide
NAME VERSION SUBNET ALLOCATED-IP-COUNT TOTAL-IP-COUNT DEFAULT DISABLE NODENAME MULTUSNAME APP-NAMESPACE
auto4-demo-deploy-subnet-eth0-fcca4 4 172.100.0.0/16 1 2 false false kube-system
test-pod-ippool 4 10.6.0.0/16 0 10 false false ["master","worker1"] ["kube-system/macvlan-vlan0"]
We have also supplemented SpiderIPPool resources with relevant metric information. For more details, refer to metric