Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Contrail] How to configure a namespace level FIP Pool Contrail 5 Kubernetes environment

0

0

Article ID: KB35133 KB Last Updated: 22 Jan 2020Version: 1.0
Summary:

Three possible FIP scopes in Contrail 5 kubernetes were introduced in KB35083 - Understanding Floating IP Pool Scopes in Kubernetes environment.

This article introduces how to allocate a namespace level FIP pool and its corresponding scope.

Solution:

Namespace level FIP pool applies to all objects in the same namespace. Each namespace can define its own FIP pool. The same way as kubernetes annotations object is used to give a subnet to a VN, it is also used to specify a FIP pool. 

Example of the yaml file to assign a FIP pool to a namespace:

----
#ns-user-1-default-pool.yaml
apiVersion: v1
kind: Namespace
metadata:
  annotations:
    opencontrail.org/isolation: "true"
    opencontrail.org/fip-pool: "{'domain': 'default-domain', 'project': 'k8s-ns-user-1', 'network': 'vn-ns-default', 'name': 'pool-ns-default'}"
  name: ns-user-1
----

----
$ kubectl apply -f ns/ns-user-1-default-pool.yaml
namespace/ns-user-1 crated

$ kubectl describe ns ns-user-1
Name:         ns-user-1
Labels:       <none>
Annotations:  kubectl.kubernetes.io/last-applied-configuration:
                {"apiVersion":"v1","kind":"Namespace","metadata":{"annotations":{"opencontrail.org/fip-pool":"{'domain':
                'default-domain','name': 'pool-ns...
              opencontrail.org/fip-pool:
                {'domain': 'default-domain','name': 'pool-ns-default','network':
                'k8s-vn-ns-default-pod-network','project': 'k8s-ns-user-1'}
              opencontrail.org/isolation: true
Status:       Active

No resource quota.

No resource limits.
----

In this example, namespace `ns-user-1` is given a namespace level FIP pool named `pool-ns-default`, and the corresponding VN is `vn-ns-default`

Once the namespace `ns-user-1` is created with this yaml file, any new objects which requires an FIP, if not created with the object-specific pool name in its yaml file, will get a FIP allocated from this pool. If the object was created with a different FIP pool, then this namespace level FIP pool will be skipped and only the object-specific pool will be applied.

In practice, for security and management convenience, most namespace will need its own namespace level default pool. This type of configuration will be seen often in the field.  

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search