Closed akunszt closed 10 months ago
defaultNetworks
makes target net-attach-def is 'default', this means, all pod have this net-attach-def.
k8s.v1.cni.cncf.io/networks: multus-cni/aws-cni - results aws-cni@eth0, hiya@net1, aws-cni@net2 which was unexpected, especially the hiya@net1 part So in this case, clusterNetwork + hiya (defaultNetwork) + aws-cni is expected results.
k8s.v1.cni.cncf.io/networks: "" - results aws-cni@eth0, hiya@net1 This is same as no annotation, k8s.v1.cni.cncf.io/networks.
v1.multus-cni.io/default-network: multus-cni/aws-cni - results aws-cni@eth0, hiya@net1, it was ignored? "v1.multus-cni.io/default-network" just replaces clusterNetwork hence aws-cni is eth0. (but the annotation is not recommend to use, we don't officially support that annotation).
I guess that you want to have the net-attach-def
Currently we don't have such option yet. We only have 'defaultNetwork' (always enabled secondary network interface) and 'clusterNetwork' (of course enabled for cluster network/primary network interface)
What happened:
First of all, this is my first round with Multus CNI so this very likely just an oversight from my end. I read all the docs but they are very-very confusing about how to configure exactly and which directories meant for which cause.
We are running our clusters in AWS on EC2 instances. We are already using aws-vpc-cni but as that does not support dual-stack then we want to introduce a simple ipvlan CNI as well only for IPv6. It is working nicely but we cannot define the CNI configuration in the CRD as every node has a different CNI configuration.
As this change could cause unexpected issues we would like to be able to opt-out on a per-pod basis.
We are using this daemon configuration (the hiya is just our fancy name for a very specific ipvlan configuration):
As a test I wanted to create a pod only using aws-cni.
k8s.v1.cni.cncf.io/networks: multus-cni/aws-cni
- results aws-cni@eth0, hiya@net1, aws-cni@net2 which was unexpected, especially the hiya@net1 partk8s.v1.cni.cncf.io/networks: ""
- results aws-cni@eth0, hiya@net1v1.multus-cni.io/default-network: multus-cni/aws-cni
- results aws-cni@eth0, hiya@net1, it was ignored?v1.multus-cni.io/default-network: "[]"
- results in error, so it looks like multus-cni check this annotationv1.multus-cni.io/default-network: ""
- results in errorMy goal is to find an annotation which makes pods to run only with aws-cni@eth0 for a few exceptions and have the default aws-cni@eth0, hiya@net1 for the rest of the pods.
Can this be achieved? Is there a documentation about the available annotations and what they does? For it looked like that the
k8s.v1.cni.cncf.io/networks
just appended to the configuration stored in the daemon-config.json file.What you expected to happen:
The pod receive IP only from the aws-vpc-cni when using
k8s.v1.cni.cncf.io/networks: multus-cni/aws-cni
annotation.How to reproduce it (as minimally and precisely as possible):
Create a daemon-config.json with defaultNetworks and add a
k8s.v1.cni.cncf.io/networks
annotation to the pod.Anything else we need to know?:
I tried to keep the
/etc/cni/net.d
"empty" an use only CRDs but in that case Multus CNI refused to start.Environment:
Multus version: 4.0.2, image was self-built from the official binary release as we have ARM64 nodes, I can include the Dockerfile if needed
Kubernetes version (use
kubectl version
):Primary CNI for Kubernetes cluster: aws-vpc-cni
OS (e.g. from /etc/os-release):
File of '/etc/cni/net.d/'
File of '/etc/cni/multus/net.d'
It is not available on the host's filesystem, this is from the running container. The files in
net.d
are exactly the same as the ones on the host as the/etc/cni/net.d
was mounted into/etc/cni/multus/net.d
too.kubectl get net-attach-def -o yaml
)kubectl get pod <podname> -o yaml
)