search

kubeovn / kube-ovn

A Bridge between SDN and Cloud Native (Project under CNCF)
https://kubeovn.github.io/docs/stable/en/
Apache License 2.0
1.98k stars 450 forks source link

[Feature Request] NodeSelector for LoadBalancer Service Pod #4756

Open tgdfool2 opened 1 day ago

tgdfool2 commented 1 day ago

Description

Hi Everyone,

In our setup, we have VLAN interfaces that are only available/configured on the Kubernetes Master Nodes.

The following NetworkAttachmentDefinition has been created:

---
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: vlan201-external-subnet
  namespace: kube-system
spec:
  config: '{
      "cniVersion": "0.3.1",
      "type": "macvlan",
      "master": "bond0.201",
      "mode": "bridge",
      "ipam": {
        "type": "kube-ovn",
        "server_socket": "/run/openvswitch/kube-ovn-daemon.sock",
        "provider": "vlan201-external-subnet.kube-system"
      }
    }'

The VpcNatGateway is deployed with the following selector, which forces it to run on kube-ovn masters:

---
kind: VpcNatGateway
apiVersion: kubeovn.io/v1
metadata:
  name: vlan201-nat-gw
spec:
  vpc: vlan201-vpc
  subnet: vlan201-internal-subnet
  lanIp: 100.105.0.100
  selector:
    - "kubernetes.io/os: linux"
    - "kube-ovn/role: master"
  externalSubnets:
    - vlan201-external-subnet

The issue comes when a LoadBalancer Service gets created and wants to request an IP in the vlan201-external-subnet Subnet. If the lb-svc-* Pod gets scheduled on a non-kube-ovn master node, it fails to get an IP. Manually editing the Deployment and specifying a nodeSelector fixes this issue:

      nodeSelector:
        kube-ovn/role: master
        kubernetes.io/os: linux

Is there already a way to specify this nodeSelector? Looking at the source code, it does not seem to be the case:

Thanks in advance for your support!

Who will benefit from this feature?

No response

Anything else?

No response

hongzhen-ma commented 1 day ago

It seems that there is indeed a lack of a way to pass labels from lb-svc to deployment。

tgdfool2 commented 1 day ago

Thanks for confirming!

Not sure what would be the best way to enable this kind of configuration; maybe a new ConfigMap similar to the ovn-vpc-nat-config (https://kube-ovn.readthedocs.io/zh-cn/latest/en/guide/vpc/#enabling-the-vpc-gateway) one?