I want to make sure, my pods under a namespace are assigned a specific ip addresses. Can anyone help me on how may I do this!
Static IPs for pods is generally considered an anti-pattern, services are the means in which you create a “static” mapping to one or more pods so that you can upgrade/downgrade/scale without having to change anything within your application.
If you really do need to create a static IP for a pod, it’s not something Kubernetes directly supports. Some CNI do however e.g. Calico.
1 Like
Agreeing with Bob. In general, you can’t describe a namespace with a single CIDR or even an arbitrary netmask. Many/most implementations do pod IPAM by pre-allocating a range to a node. When pods run, they take single IPs from the per-node range on whichever node they run. Some implementations don’t pre-allocate per-node, which can maybe do what you want, but you need a separate place to allocate and track per-namespace ranges.
1 Like
Hey @mrbobbytables, @thockin , Thanks for your response.
Services might be the pattern for incoming traffic. But identifying the source IPs of a namespace would for me still be a pattern to consider. Insofar Pod IP CIDRs per namespace (maybe in combination with BGP) would allow identifying traffic sources to an external firewall solution.
This depends entirely on how your installation does pod IP routing. The “usual” method involves allocating smallish (e.g. /24 - /28) ranges per-node, but nodes and namespaces are orthogonal. To do this you would need to allocate a large range per namespaces and a small range per-namespace-per-node. Very inefficient.
If you do direct advertisement, instead of pre-configured routing, you could maybe make it work, but your CNI driver needs to do that IPAM.