Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-5596

Support using a (stable) Service IP for NATted pod network

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • CNV Network
    • service-for-vm-pod-network-ip
    • Hide

      1. A Service is used to provide an IP for a vNIC attached to the pod network
      2. This VM is accessible via the Service's ClusterIP
      3. Egress traffic from this VM has the ClusterIP set as the source
      4. This is opt-in

      Show
      1. A Service is used to provide an IP for a vNIC attached to the pod network 2. This VM is accessible via the Service's ClusterIP 3. Egress traffic from this VM has the ClusterIP set as the source 4. This is opt-in
    • To Do
    • 100% To Do, 0% In Progress, 0% Done

      Goal

      Today NAT-ing bindings (like masquerade) need to be used with the pod network in case that live migration needs to be used. The drawback of NAT-ted bindings so far is, that the VM is getting a "private" ip, which is not visible outside the VM (and pod). This epic is about implementing a mechanism to give a VM an IP on the pod network connected vNIC that is the same internally and externally. The suggested method for that is to bind VM a ClusterIP of a Service.

      User Stories

      • As a VM owner,
        I want my VM with an IP on the pod network that is the same internally and externally,
        so that the tools I am using inside the VM see the same IP that other cluster participants see - this is important i.e. for kubeadm.
      • As a developer,
        I want to have a VM with a stable IP on the network,
        so that after a live migraiton I can still reach the VM using the same IP.

      Non-Requirements

      • List of things not included in this epic, to alleviate any doubt raised during the grooming process.

      Notes

      The approach that is being investigated is to assign VM to a Service. ClusterIP of the service can be then used to access the VM. To ensure that VM sees the same IP internally, we use this ClusterIP as the link-local IP for the masquerade binding (this has a complication where we need to reserve two Service IPs, one for masquerade gateway and one for the guest). Finally, we will need to make sure that outgoing traffic has this public Service IP set as the source, that can be done on the NAT.

      Owners

      Role Contact
      PM TBD
      Documentation Owner TBD
      Delivery Owner (See assignee)
      Quality Engineer (See QA contact)

      Done Checklist

      Who What Reference
      DEV Upstream roadmap issue <link to GitHub Issue>
      DEV Upstream code and tests merged <link to meaningful PR or GitHub Issue>
      DEV Upstream documentation merged <link to meaningful PR or GitHub Issue>
      DEV gap doc updated <name sheet and cell>
      DEV Upgrade consideration <link to upgrade-related test or design doc>
      QE Test plans in Polarion <link or reference to Polarion>
      QE Automated tests merged <link or reference to automated tests>
      DOC Downstream documentation merged <link to meaningful PR>

              phoracek@redhat.com Petr Horacek
              fdeutsch@redhat.com Fabian Deutsch
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: