feature request: floating IP

[sergey-safarov]

trafficstars

We use SIP servers in kubernetes environment. Because many VoIP carriers and customers use firewall rules we cannot place (create) new call and route this via specific IP address as source IP:

1. new outbound TCP connection cannot be send via Application Load Balancer (ALB);
2. new outbound UDP or TCP connection cannot be send via Network Load Balancer (ALB);
3. elastic IP cannot be assigned to Kubernetes resource;

Also we use SIP peers via VPN connections and faced with same issue. We cannot assign static IP pod directly or via statefulset resource. Reason kubernetes does not support static IP.

More details and discussion with Tim Hockin you can find at https://github.com/kubernetes/kubernetes/issues/80122

Static IP support may be changed in kubernetes future releases, but not now. Could you add support plugin API endpoint that i may call to assign/release specific IP to one of available eni interfaces. And mark this IP as not assignable to pods. Later i will configure this IP on node 'ethX' interface as secondary IP address and start new container on this node with host network.

Optionaly May be possible to parse statefulset annotation like

apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: kamailio
  annotations:
    private_ip_pool: "172.21.0.16 172.21.1.16 172.21.2.16 172.21.3.16"

And assign private IP addresses from private_ip_pool annotation to new created pods.

[sergey-safarov]

As Calico supported by AWS, looks as this feature may be implemented by floating IP. https://docs.projectcalico.org/v3.10/networking/add-floating-ip

[sergey-safarov]

If you prefer add floating IP feature directly into amazon-vpc-cni-k8s, then exist example of implementation https://github.com/cbeneke/hcloud-fip-controller

[jayanthvn]

Hi @sergey-safarov

Can you please let us know if you still prefer to have this feature?

/cc @mikestef9

Thank you!

[sergey-safarov]

@jayanthvn , yes, implementation wanted.

From my point of view this goal may be reached using these approaches:

1. attach a preconfigured ENI interface (to be sure IP not used);
2. assign VIP to ENI as secondary address. Used for one zone redundancy VIP;
3. assign Elastic IP (EIP) to private IP on ENI and create a static route for EIP address in the VPC route table (case when default route set to DX link); This case used when required external connectivity from Internet to VIP;
4. assign static route in VPC route table and set ENI as next-hop. USed for multizone redundancy VIP.

[jw-maynard]

We have a use case that would benefit simply by step 3 in the above. It would be nice to have the CNI able to assign a Elastic IP (EIP) to a pods private IP perhaps using an annotation on the pod (passed along via deployment etc). We're a game company and need to provide users direct connections to our game servers to provide the lowest possible latency.

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

[github-actions[bot]]

Issue closed due to inactivity.

[jayanthvn]

/reopen

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

[jayanthvn]

/notstale

[github-actions[bot]]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

[github-actions[bot]]

Issue closed due to inactivity.