MacVlan network with kubernetes

Question

I setup the kubernetes cluster using k3s. I have one master and two nodes. I created docker macvlan network on one of the node. I want to achieve below mentioned scenario.

1. Assign IP to container/pod.(user defined IP, not cluster IP).

q1.Is there any alternative option for docker macvlan?

q2.Can we run command on node (not on pod/container)? (while deploying the pod/service)

q3.can we create kubernetes network with user defined IP? (I don`t think LB/NP/Ingress will help for user defined IP, correct me if I am wrong!)

Answer 1

Kubernetes has its own very specialized network implementation. It can't easily assign a unique externally accessible IP address to each process the way the Docker MacVLAN setup can. Kubernetes also can't reuse the Docker networking infrastructure. Generally the cluster takes responsibility for assigning IP addresses to pods and services, and you can't specify them yourself.

So, in Kubernetes:

1. You can't manually assign IP addresses to things;
2. The cluster-internal IP addresses aren't directly accessible from outside the cluster;
3. The Kubernetes constructs can only launch containers on arbitrarily chosen nodes (possibly with some constraints; possibly on every node), but you don't usually launch a container on a single specific node, and you can't run a non-container command on a node.

Given what you're describing, a more general-purpose cluster automation tool like Salt Stack, Ansible, or Chef might meet your needs better. This will let you launch processes directly on managed nodes, and if those are server-type processes, they'll be accessible using the host's IP address as normal.

Answer 2

You can look into MetalLB, specifically into the Layer2 & Local traffic policy (https://metallb.universe.tf/usage/) You cannot assign IPs to the Pods but when you'll create a service type LoadBalancer (for example a http routing service like Traefik), MetalLB will help bind that service to the IP of the node.

As an example, you can see the external IP of the service Trafik is reported as my node's address - 192.168.1.201

NAME     STATUS   ROLES                  AGE   VERSION        INTERNAL-IP     EXTERNAL-IP   OS-IMAGE             KERNEL-VERSION   CONTAINER-RUNTIME
node02   Ready    <none>                 8d    v1.20.2+k3s1   192.168.1.202   <none>        Alpine Linux v3.13   5.10.10-0-virt   containerd://1.4.3-k3s1
node01   Ready    control-plane,master   8d    v1.20.2+k3s1   192.168.1.201   <none>        Alpine Linux v3.13   5.10.10-0-virt   containerd://1.4.3-k3s1

For q2: Of course you can, k8s doesn't take over the node. You ssh into it and run whatever you like.

For q1: No.

NAMESPACE     NAME                              TYPE           CLUSTER-IP      EXTERNAL-IP     PORT(S)                                     
default       service/kubernetes                ClusterIP      10.43.0.1       <none>          443/TCP                                    
kube-system   service/kube-dns                  ClusterIP      10.43.0.10      <none>          53/UDP,53/TCP,9153/TCP                  
kube-system   service/metrics-server            ClusterIP      10.43.254.20    <none>          443/TCP                                 
kube-system   service/traefik                   LoadBalancer   10.43.130.1     192.168.1.201   80:31666/TCP,443:31194/TCP,8080:31199/TCP
default       service/whoami                    ClusterIP      10.43.61.10     <none>          80/TCP