Pull Request Description

Describe what this PR does / why we need it

Introduce a new feature: support specifying MAC address via pod annotation.

Does this pull request fix one issue?

Fixes #190

Describe how you did it

1. Verify the validness of specified MAC address in validating webhook;
2. Check whether the specified MAC address is in conflict with existing IP instances.

Describe how to verify it

Specify a static MAC address via annotation "networking.alibaba.com/specified-mac" on Pod.

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

iptables tools is confronted with nftables compatibility problem on host, eg. CentOS 8.

kube-proxy and cilium has solved this problem, so should we.

Does this pull request fix one issue?

Fixes #29

Describe how you did it

COPY and RUN iptables-wrapper-install.sh in Dockerfile

The shell script comes from: https://github.com/kubernetes-sigs/iptables-wrappers/

Describe how to verify it

Pull image. on k8s cluster on both iptables-legacy based hosts and iptables-nft based hosts.

Run sudo iptables-save | grep RAMA, then you should see related entries on both types of hosts.

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

Support specify MAC address pool via pod annotation for stateful workloads.

Does this pull request fix one issue?

Fixes #190

Describe how you did it

1. Verify the validness of specified MAC addresses in validating webhook;
2. Introduce SpecifiedMACAddress as one of the couple/recouple options;
3. Check whether the specified MAC address is in conflict with existing IP instances.

Describe how to verify it

Similar to ip pool assignment which is described in wiki docs. Just specify MAC addresses via annotation networking.alibaba.com/mac-pool on stateful workload pod templates, and separate them by comma.

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

Change Kube-ovn to Kube-OVN and fix grammar issues

Does this pull request fix one issue?

No

Describe how you did it

No

Describe how to verify it

Doc change

Special notes for reviews

Also make some clarification that Kube-OVN has the default VPC and Subnet that can be used by workloads in all namespaces. Even if users have no idea about the VPC and the Subnet, the default settings will make all things work just like Flannel.

Bug Report

Type: bug report

What happened

An compatibility problem might it be.

I set up a k8s cluster with CentOS 8 (which links iptables to nftables) and runs pods on Overlay and Underlay networks. I observed that on the host machines, the cmd lsmod | grep ip_tables shows that ip_tables is used by iptable_nat, iptable_mangle, and iptable_filter.

After checking the logs of daemon pods, I believe the iptables rule is written without error. But on host machine, no rama-related iptables rules shown through either iptables-save or nft rule list.

To be mentioned, iptables-save warns that there are more rules on iptables-legacy.

What you expected to happen

I should observe rama-related rules in iptables-save.

How to reproduce it (as minimally and precisely as possible)

Set up a k8s cluster CentOS 8 nodes. Install rama and run several Overlay/Underlay pods.

Anything else we need to know?

CentOS 8 removes iptables from packages and links it to nftables.

Kube-proxy works perfectly.

Environment

• rama version: v1
• OS (e.g. cat /etc/os-release): CentOS 8
• Kernel (e.g. uname -a): Linux 4.18.0-305.7.1.el8_4.x86_6
• Kubernetes version: v1.21.

as mentioned in issue #350
vlanId should not be greater than 4094

Describe what this PR does / why we need it

vanId range bugfix

Does this pull request fix one issue?

Fixes #350

Describe how you did it

changed 4096 to 4094

Describe how to verify it

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

Does this pull request fix one issue?

Describe how you did it

Describe how to verify it

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

1. Use the Calico Typha daemon to increase scale and reduce impact on the datastore.
2. Add init container to clean felix iptables rule automatically while policy is disabled.

Does this pull request fix one issue?

Describe how you did it

Describe how to verify it

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

1. Make liveness probe of daemon configurable.
2. Make metrics port of manager configurable.
3. Introduce performance parameters of manager to chart for large scale.

Does this pull request fix one issue?

NONE

Describe how you did it

Describe how to verify it

Special notes for reviews

Pull Request Description

Describe what this PR does / why we need it

1. Rename the default name of cni conf file from /etc/cni/net.d/00-hybridnet.conflist to /etc/cni/net.d/06-hybridnet.conflist.
2. Remove the bandwidth plugin in cni conf.
3. Introduce some environment variables for install-cni container of daemon:
   • Use CNI_CONF_NAME to rename the cni conf file, e.g.,04-hybridnet.conflist.
   • Use NEEDED_COMMUNITY_CNI_PLUGINS to specify which cni community plugins need to be copied by hybridnet from inside container to the /opt/cni/bin/ directory of host, e.g. loopback,bandwidth.
   • Use CNI_CONF_SRC to specify which file in the container need to be copied to the /etc/cni/net.d directory of host, with which users can mount a custom cni conf file (e.g. using configmap as volume) into install-cni container and distribute it to every node.

Does this pull request fix one issue?

Describe how you did it

Describe how to verify it

Special notes for reviews

Bug Report

Type: bug report

What happened

Enhanced address is being used, when we want to ping local pods from node. This will cause the ICMP reply will never come back.

What you expected to happen

How to reproduce it (as minimally and precisely as possible)

Anything else we need to know?

Environment

• hybridnet version: 3.2.0
• OS (e.g. cat /etc/os-release):
• Kernel (e.g. uname -a):
• Kubernetes version:
• Install tools:
• Others:

Issue Description

Type: feature request

Describe what feature you want

1. Support IP multicast in overlay network
2. Support IP multicast between underlay network pod and underlying network

Additional context

Issue Description

Type: feature request

Describe what feature you want

Add "can-reach" parameters for daemon to choose host NIC, just like calico.

Additional context

Issue Description

Type: feature request

Describe what feature you want

Now hybridnet is choosing preferred host interface through two flags. They are not configurable enough. We need a new CRD which can be attached to subnets.

Additional context

Issue Description

Type: feature request

Describe what feature you want

Multi-tenancy is a common topic in kubernetes, as we know, some container networking solutions may have related abilities on this. If this done, the following advantages will reach,

• Container networking isolation between tenants
• Allow IPAM conflict between tenants

Additional context