https://github.com/nokia/k8s-ipam

https://github.com/nokia/k8s-ipam

Last synced: about 1 year ago
JSON representation

• Host: GitHub
• URL: https://github.com/nokia/k8s-ipam
• Owner: nokia
• License: apache-2.0
• Created: 2022-11-02T13:26:17.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-10-09T04:56:47.000Z (over 1 year ago)
• Last Synced: 2025-04-09T20:15:30.330Z (about 1 year ago)
• Language: Go
• Size: 1.35 MB
• Stars: 19
• Watchers: 7
• Forks: 9
• Open Issues: 3
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          

[![Go Report](https://img.shields.io/badge/go%20report-A%2B-blue?style=flat-square&color=00c9ff&labelColor=bec8d2)](https://goreportcard.com/report/github.com/henderiw-nephio/ipam)

---

# A Native Kubernetes IPAM

The IPAM is a kubernetes native IP address management, which supports:

- virtual networks to allow for overlapping IP(s)

- IP addresses, IP prefixes, IP pools and IP ranges within a virtual network

- A k8s api using CRD(s) for configuring and allocating IP addresses within a virtual network

- A GRPC API for allocating and deallocating IP addresses/prefixes/pools

- labels as selectors for IP address allocation or to provide metadata to the ipam resource

- IPv6 and IPv4 in single stack or dual stack mode

![ipam architecture](ipam-architecture.jpg)

## ipam logic and terminology

◊

The IPAM has multiple network contexts (implemented as network-instances) that can have multiple prefixes that can be nested. The top prefix of a nested hierarchy is called an aggregated prefix. At the bottom layer we can have IP ranges or IP addresses that are allocated from within a prefix.

![ipam hierarchy](ipam-hierarchy.jpg)

Prefix - A subnet defined within an aggregate prefix. Prefixes extend the hierarchy by nesting within one another. (For example, 2000:1:1::/64 will appear within 2000:1::/48.)

IP Range - An arbitrary range of individual IP addresses within a prefix, all sharing the same mask. (out of scope for now)

IP Address - An individual IP address along with its subnet mask, automatically arranged beneath its parent prefix.

The actual IPPrefix CRD does not distinguish between an address or a prefix, since an address is a special case of a prefix. An address has a /128 or /32 for ipv6, ipv4 resp.

### ipam use cases

Everything in the IPAM is modelled as an IP Prefix. An IP address is a specific implementation of an IP prefix, meaning is is resp /32 or /128 for ipv4 and ipv6. Besides the IP address There are various use cases for an IP Prefix, like interface based IP(s), loopback based IPs and IP pools/ranges. In order to allow for flexibility a prefix kind is introduced and hence an ip prefix can have various kinds:

- Aggregate: 

  - IP Prefixes are naturally hierarchical and are typically drawn from a specific space that someone operates with. An aggregate prefix-kind can be seen as the top level when nesting IP prefixes. E.g. if an operator got a IP prefix assigned from the RIR it would be implemented as an aggergate. 

  - An aggregate can be nested. E.g. if someone wants to subdivide an address space they can define multiple aggregates where multiple teams operate with.

  - Children of an aggregate IP prefix can be of kind: network, pool and loopback

  - Parents of an aggregate IP prefix can be of kind: aggregate

- network: 

  - IP prefixes that are assigned on (virtual/physical) interfaces of a application would be modelled as a prefix kind network. IP prefixes of this kind can have a mesh relationship between them. E.g. a LAN environment can have multiple routers and hosts that all are in the same subnet.

  - Children of a network IP prefix can be of kind: network

  - Parents of a network IP prefix can be of kind: aggregate

- pool:

  - IP prefixes can also be assigned to pools. E.g. a pool for a DHCP server, a pool for NAT, a pool for allocating IP adddresses to users. The IP prefix of kind pool allows for this use case

  - Children of a pool IP prefix can be of kind: pool

  - Parents of a pool IP prefix can be of kind: aggregate or pool

- loopback

  - IP prefixes can also be assigned to a loopback interface in the application. E.g. a socket for a RADIUS server, Diameter, HTTP srever. The IP prefix of kind loopback allows for this use case

  - Children of a loopback IP prefix can be of kind: loopback

  - Parents of a loopback IP prefix can be of kind: aggregate 

## Injector

Besides the base IPAM block there is also a injector functions which looks at IP Allocations within a GitRepo/package revision and allocates/deallocates IP(s) using a GRPC interface. This is a pluggable system which allows to interact with 3rd party IPAM systems.

## use cases

### run IPAM

```

make run

```

### run IPAM using kpt

```

kpt live init blueprint/ipam

kpt live apply blueprint/ipam

```

### Setup IPAM

To steup the IPAM, one needs to configure a virtual network, implemented through a network-instance

```

cat <

```

### IP address allocation 

To request an IP address from the IPAM system we either use the K8s or the GRPC API.

By providing a network-instance and network-name label-selector an IP address will be allocated

from an IPAM prefix that matches these labels.

```

cat <