Skip to content

Commit

Permalink
Merge pull request #630 from alauda/docs/vpc
Browse files Browse the repository at this point in the history
docs: add docs for vpc
  • Loading branch information
oilbeater authored Jan 4, 2021
2 parents 5cd5a06 + b8f221b commit 6c031bf
Show file tree
Hide file tree
Showing 3 changed files with 110 additions and 2 deletions.
2 changes: 2 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,7 @@ The Kube-OVN community is waiting for you participation!
- **Vlan Support**: Kube-OVN also support underlay Vlan mode network for better performance and throughput.
- **DPDK Support**: DPDK application now can run in Pod with OVS-DPDK.
- **ARM Support**: Kube-OVN can run on x86_64 and arm64 platforms.
- **VPC Support**: Multi-tenant network with overlapped address spaces.
- **TroubleShooting Tools**: Handy tools to diagnose, trace, monitor and dump container network traffic to help troubleshooting complicate network issues.
- **Prometheus & Grafana Integration**: Exposing network quality metrics like pod/node/service/dns connectivity/latency in Prometheus format.

Expand Down Expand Up @@ -80,6 +81,7 @@ If you want to install Kubernetes from scratch, you can try [kubespray](https://
- [Webhook](docs/webhook.md)
- [IPv6](docs/ipv6.md)
- [DualStack](docs/dual-stack.md)
- [VPC](docs/vpc.md)
- [Tracing/Diagnose/Dump Traffic with Kubectl Plugin](docs/kubectl-plugin.md)
- [Prometheus Integration](docs/prometheus.md)
- [Metrics](docs/ovn-ovs-monitor.md)
Expand Down
2 changes: 0 additions & 2 deletions docs/dpdk.md
Original file line number Diff line number Diff line change
Expand Up @@ -210,7 +210,6 @@ Create the Pod Spec, name it pod.yaml
apiVersion: v1
kind: Pod
metadata:
generateName: testpmd-dpdk-
annotations:
k8s.v1.cni.cncf.io/networks: ovs-dpdk-br0, ovs-dpdk-br0
spec:
Expand Down Expand Up @@ -255,7 +254,6 @@ The pod spec needs to be updated as shown below. The name of the volumeMount nee
<pre><code>apiVersion: v1
kind: Pod
metadata:
generateName: testpmd-dpdk-
annotations:
k8s.v1.cni.cncf.io/networks: ovs-dpdk-br0, ovs-dpdk-br0
spec:
Expand Down
108 changes: 108 additions & 0 deletions docs/vpc.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,108 @@
# VPC

From v1.6.0, users can create custom VPC. Each VPC has independent address space, users can set overlapped CIDR, Subnet and Routes.

By default, all subnets without VPC options belong to the default VPC. All functions and usages remain unchanged for users who are not intended to use custom VPC.

*To connect custom VPC network with the external network, custom gateway is needed. This part of work is still work in progress.*

## Steps
1. Create a custom VPC
```
kind: Vpc
metadata:
name: test-vpc-1
spec:
namespaces:
- ns1
---
kind: Vpc
metadata:
name: test-vpc-2
spec: {}
```

The `namespace` list can limit which namespace can bind to the VPC, no limit if the list is empty

2. Create subnet
```
kind: Subnet
apiVersion: kubeovn.io/v1
metadata:
name: net1
spec:
vpc: test-vpc-1
namespaces:
- ns1
cidrBlock: 10.0.1.0/24
default: true
gatewayType: distributed
natOutgoing: false
private: false
protocol: IPv4
provider: ovn
underlayGateway: false
---
kind: Subnet
apiVersion: kubeovn.io/v1
metadata:
name: net2
spec:
vpc: test-vpc-2
cidrBlock: 10.0.1.0/24
default: false
gatewayType: distributed
natOutgoing: false
private: false
protocol: IPv4
provider: ovn
underlayGateway: false
```

In the examples above, two subnet in different VPCs can use same IP space

3. Create Pod

Pod can inherent VPC from the namespace or explicitly bind to subnet by annotation
```
apiVersion: v1
kind: Pod
metadata:
annotations:
ovn.kubernetes.io/logical_switch: ne1
namespace: default
name: vpc1-pod
---
apiVersion: v1
kind: Pod
metadata:
annotations:
ovn.kubernetes.io/logical_switch: ne2
namespace: default
name: vpc2-pod
```

4. Custom routes

VPC level policy routes to orchestrate traffic.

```
kind: Vpc
metadata:
name: test-vpc-1
spec:
staticRoutes:
- cidr: 0.0.0.0/0
nextHopIP: 10.0.1.254
policy: policyDst
- cidr: 172.31.0.0/24
nextHopIP: 10.0.1.253
policy: policySrc
```

## Custom VPC limitation

- Custom VPC can not access host network
- Not support DNS/Service/Loadbalancer
- Not support EIP/SNAT

0 comments on commit 6c031bf

Please sign in to comment.