Adding support in CNI for managing multiple network interface card on the instance #3232
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jaydeokar
force-pushed
the
multi-nic-ipamd-changes
branch
4 times, most recently
from
1762e22 to
6762628
Compare
jaydeokar
changed the title
jaydeokar
force-pushed
the
multi-nic-ipamd-changes
branch
2 times, most recently
from
02bd18c to
5d6d399
Compare
* remove apiserver dependency for ipamd startup * fix format issue in UT * wait apiserver connectivty for pod annotate feature * return maxPods value directly when parsing the local file
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.36.0 to 1.36.2. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.36.0...v1.36.2) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.30.0 to 0.31.0. - [Commits](golang/sys@v0.30.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/sys dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
jaydeokar
force-pushed
the
multi-nic-ipamd-changes
branch
2 times, most recently
from
4e58726 to
f8539d9
Compare
…et (aws#3254) * Skip configuring network policies if network_policy_enforcing_mode is not set * make format and update chart * fix vuln checks * fix metrics agent and readme
Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.31.3 to 0.32.3. - [Commits](kubernetes/cli-runtime@v0.31.3...v0.32.3) --- updated-dependencies: - dependency-name: k8s.io/cli-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jay Deokar <[email protected]>
jaydeokar
force-pushed
the
multi-nic-ipamd-changes
branch
3 times, most recently
from
cb2d534 to
39339ad
Compare
jaydeokar
force-pushed
the
multi-nic-ipamd-changes
branch
from
39339ad to
4cc953e
Compare
jaydeokar
force-pushed
the
multi-nic-ipamd-changes
branch
from
4cc953e to
19af501
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
feature
Which issue does this PR fix?:
N/A
What does this PR do / Why do we need it?:
Amazon VPC CNI only manages Network Card 0 on all instances (including multicard supported instances). This restricts the bandwidth usage to only network card 0 as pod interfaces are only connected to NIC 0. With this change, CNI now starts to manage all the available network cards.
A pod can now request access to these network cards via an annotation to make use of all the available bandwidth. A pod which requires this support can do so via annotation. This will create interfaces in the pod namespace equal to the number of network cards available for use on the instance. The pods can then use these interfaces for their egress traffic which has certain BW requirements.
Describing major changes as the change log is significant
CNI
Add flow
k8s.amazonaws.com/nicConfig: multi-nic-attachment, CNI will ask for multiple IPs from network cards available on the instance.<pod-namespace>.<pod-name>.<index>. However we still retain the original naming convention for the first interface of the pod<pod-namespace>.<pod-name>mNicIfegmNicf1,mNicIf2...(network card index * max ENIs per NIC) + device-number + 1. Note Route table number 1 (device 0, network card 0) is the main route table for CNIPciID, which is used to cleanup pod networking when IPAMD is down (del with prev result)Delete flow
IPAMD
Node Init Flow
a. For IPv6, it adds an additional rule in NAT table to exlude SNAT for link local traffic. This is required for DHCPv6 address
Testing done on this change:
Yes, ran all the test suites on a single card instance and ran manual tests on a multicard- instance
Will this PR introduce any new dependencies?:
No
Will this break upgrades or downgrades? Has updating a running cluster been tested?:
Upgrades should be fine. Downgrade requires to delete the pods using multi-nic annotation and then downgrade otherwise the Pod IPs/Host Networking setup can leak
Does this change require updates to the CNI daemonset config files to work?:
No
Does this PR introduce any user-facing change?:
Yes, customers will now see interfaces attached to NIC > 0 on supported instances
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.