Is there a way in Kubernetes or there's a network plugin on which we can limit the range of IP allocation. For example, I am trying to use weave and using a subnet 192.168.16.0/24. I want to limit the allocation of IPs through Kubernetes to pods to the range of 192.168.16.10-30.
However, my app might use the rest of the IPs based on requirements i.e. my app can start a virtual IP from 192.168.16.31-50 but I want some mechanism to make sure that the IP range I specified will not be allocated by K8s and my app can consume that.
I need something like this: https://www.weave.works/docs/net/latest/tasks/ipam/configuring-weave/.
It's a good question actually. It depends on your CNI, in your case when using weavenet.
I am assuming you are using a daemonset for your Weavenet. If so, add something like this on your daemonset yaml file.
spec:
containers:
- name: weave
command:
- /home/weave/launch.sh
env:
- name: IPALLOC_RANGE
value: 192.168.16.32/27This gives your pods an IP range from 192.168.16.32-63.
You can also setup this with Weave CLI, let me know if you need that.
Hope this is helpful.
See Documentation
An example NetworkPolicy might look like this:
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: test-network-policy namespace: default spec: podSelector: matchLabels: role: db policyTypes: - Ingress - Egress ingress: - from: - ipBlock: cidr: 172.17.0.0/16 except: - 172.17.1.0/24 - namespaceSelector: matchLabels: project: myproject - podSelector: matchLabels: role: frontend ports: - protocol: TCP port: 6379 egress: - to: - ipBlock: cidr: 10.0.0.0/24 ports: - protocol: TCP port: 5978
The rule ipBlock describes the network ranges for ingress and egress rules. E.g.:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24CIDR stands for Classless Inter-Domain Routing, see samples of IPv4 CIDR blocks
k8s networking by Reuven Harrison