azure-container-networking icon indicating copy to clipboard operation
azure-container-networking copied to clipboard

Published 20 hours ago verified publisher icon Azure

Reclaim IPs in PodSubnet when subnet is full or close to full

Open tyler-lloyd opened this issue 2 years ago • 5 comments

Component (Azure NPM or Azure CNI):

Azure CNI + pod subnet (CNS)

Describe in detail the feature/behavior/change you'd like to see:

When a pod subnet has completely or nearly exhausted the IPs available, there should be a way to reclaim some of the unused IPs on different nodes since nodes are allocated IPs in batches of 16 but it does not mean IPs are necessarily in use.

Orchestrator(e.g. Kubernetes, Docker):

Kubernetes

Operating System (Linux/Windows):

Both

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

tyler-lloyd avatar Sep 12 '22 12:09 tyler-lloyd

Collecting existing PRs for this feature:

  • [ ] https://github.com/Azure/azure-container-networking/pull/1465
  • [ ] https://github.com/Azure/azure-container-networking/pull/1487
  • [ ] https://github.com/Azure/azure-container-networking/pull/1492
  • [ ] https://github.com/Azure/azure-container-networking/pull/1494
  • [ ] https://github.com/Azure/azure-container-networking/pull/1591
  • [ ] https://github.com/Azure/azure-container-networking/pull/1593
  • [ ] https://github.com/Azure/azure-container-networking/pull/1594

rbtr avatar Sep 12 '22 19:09 rbtr

@rbtr good summary. However I wonder that if it have been discussed here as option that Azure CNI would allow users to define different subnet for pod than what is used by AKS nodes?

Because as far I can see AKS nodes have ip-masq-agent-v2 enabled for all traffic which target is outside of cluster-cidr. That way users would be able to create 100.64.0.0/10 subnet for this purpose which based on this looks to be supported.

That would be very useful for all of those companies who have a lot of private IPv4 addresses in use already.

olljanat avatar Oct 06 '22 05:10 olljanat

@olljanat pods and nodes can have separate subnets already:

"The new dynamic IP allocation capability in Azure CNI solves this problem by allotting pod IPs from a subnet separate from the subnet hosting the AKS cluster."

That is actually the only mode in which this feature will work 😉

rbtr avatar Oct 06 '22 15:10 rbtr

That is actually the only mode in which this feature will work 😉

@rbtr Thanks. That is already useful. However the fact that those need to be different subnets inside of same vnet it problematic because on then also pods subnets get automatically included to network peering so even if I use those slices from that 100.64.0.0/10 those need to be unique inside of whole Azure landing zone setup. Would be nice to be able to create it similarly like kubenet works but I need setup which works also on Windows nodes.

olljanat avatar Oct 11 '22 13:10 olljanat

@olljanat maybe you are looking for something like AzCNI Overlay which is just now in public preview? 🙂

rbtr avatar Oct 11 '22 16:10 rbtr

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Dec 11 '22 00:12 github-actions[bot]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Feb 11 '23 00:02 github-actions[bot]

Issue closed due to inactivity.

github-actions[bot] avatar Feb 25 '23 00:02 github-actions[bot]