Skip to content

Azure IPAM Support#10089

Merged
tgraf merged 16 commits intomasterfrom
pr/tgraf/azure-ipam
Mar 2, 2020
Merged

Azure IPAM Support#10089
tgraf merged 16 commits intomasterfrom
pr/tgraf/azure-ipam

Conversation

@tgraf
Copy link
Copy Markdown
Contributor

@tgraf tgraf commented Feb 7, 2020
edited
Loading

This PR implements IPAM using the Azure API similarly to how AWS ENI is currently supported:

azure_arch

The PR is split into two parts:

Part 1 - Refactoring of existing ENI code to prepare Azure IPAM:

      eni: Move Limits type to pkg/ipam
      ipam: Factor out IPAM related metrics
      eni: Unexport GetLimits
      k8s: CiliumNode: Move generic IPAM parmeters into Spec.IPAM
      api: Factor out metrics accounting for external API usage
      operator: Rename --eni-parallel-workers to --parallel-alloc-workers
      operator: Rename --aws-client-burst and --aws-client-qps options
      api: Factor out API helpers into pkg/api/helpers
      ipam: Move generic types from pkg/aws/eni to pkg/ipam/types
      ec2/mock: Support returning different ENIs, subnets and security groups
      eni: Refactor ENI IPAM into generic ipam.NodeManager
      operator: Move CiliumNode update logic out of ENI
      operator: Decopule IPAM and node interactions from ENI

Part 2 - Implementation of Azure IPAM

      ipam: Support for Azure IPAM
      cni: Add Azure IPAM support
      doc: Azure installation instructions & concepts

The function is similar to how AWS ENI mode operates with a couple of key differences:

  • A single interface provides enough IPs to host all local pods so support to create additional interfaces is not required.
  • The Azure API does not support allocating IP itself. It can only assign IPs to interfaces. The cilium-operator thus maintains a small allocator to keep track of available IPs in all subnets.

This change is Reviewable

@tgraf tgraf added wip release-note/major This PR introduces major new functionality to Cilium. labels Feb 7, 2020
@tgraf tgraf requested review from a team as code owners February 7, 2020 14:18
@tgraf tgraf requested a review from a team February 7, 2020 14:18
@tgraf tgraf requested a review from a team as a code owner February 7, 2020 14:18
@maintainer-s-little-helper
Copy link
Copy Markdown

maintainer-s-little-helper bot commented Feb 7, 2020

Commit 13d7eb6 does not contain "Signed-off-by".

Please follow instructions provided in https://docs.cilium.io/en/stable/contributing/contributing/#developer-s-certificate-of-origin

@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Feb 7, 2020
houndci-bot
houndci-bot reviewed Feb 7, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 7, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 7, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 7, 2020
View reviewed changes
@coveralls
Copy link
Copy Markdown

coveralls commented Feb 7, 2020
edited
Loading

Coverage Status

Coverage increased (+0.1%) to 45.681% when pulling fa8aa88 on pr/tgraf/azure-ipam into 21fa852 on master.

@tgraf tgraf force-pushed the pr/tgraf/azure-ipam branch from 4fe88fa to 47a4807 Compare February 9, 2020 09:51
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-sign-off The author needs to add signoff to their commits before merge. label Feb 9, 2020
@tgraf tgraf mentioned this pull request Feb 11, 2020
Closed
@aanm aanm added the dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs label Feb 14, 2020
@aanm aanm added this to the 1.8 milestone Feb 18, 2020
@aanm aanm removed the dont-merge/wait-until-release Freeze window for current release is blocking non-bugfix PRs label Feb 18, 2020
@tgraf tgraf force-pushed the pr/tgraf/azure-ipam branch from 47a4807 to e3d039c Compare February 20, 2020 15:49
@tgraf tgraf requested a review from a team February 20, 2020 15:49
@tgraf tgraf force-pushed the pr/tgraf/azure-ipam branch from e3d039c to ba48b37 Compare February 21, 2020 13:26
@tgraf
Copy link
Copy Markdown
Contributor Author

tgraf commented Feb 21, 2020

test-me-please

@tgraf tgraf force-pushed the pr/tgraf/azure-ipam branch from ba48b37 to e589796 Compare February 27, 2020 23:44
houndci-bot
houndci-bot reviewed Feb 27, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 27, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 27, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 27, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 27, 2020
View reviewed changes
tgraf added 3 commits February 28, 2020 16:16
@tgraf
eni: Refactor ENI IPAM into generic ipam.NodeManager
2802b08 
The concept of node specific IPAM and the relevant management required to do so
has been part of pkg/eni and tightly coupled with it.

This commit decouples the node management and base IPAM logic from pkg/eni and
moves it into pkg/ipam to prepare support for additional IPAM backends.

A couple of changes are required to do so:

 - Slight modifications to the calculations of needed addresses due to a split
   in code between pkg/ipam and pkg/eni

 - New tests in pkg/ipam/node_manager_test.go which does not assume interface
   creation is required prior to allocation and with removed address per
   interface limits.

 - The instances manager mock can be removed as the eni.InstancesManager now
   serves as the abstraction to the NodeManager and the NodeManager no longer
   requires an EC2 mock as all of those details are now isolated in pkg/eni.

The existing tests in pkg/aws/eni/node_manager_test.go are mostly unchanged to
verify that the refactoring does not change behavior of the existing ENI
allocator.

Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf
operator: Move CiliumNode update logic out of ENI
e08d00c 
This is a pure refactoring to move the CiliumNode update logic implementation
out of being ENI specific.

Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf
operator: Decopule IPAM and node interactions from ENI
66a9aea 
Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf
Copy link
Copy Markdown
Contributor Author

tgraf commented Feb 28, 2020

test-docs-please

@tgraf tgraf force-pushed the pr/tgraf/azure-ipam branch from 956b08e to 833b349 Compare February 28, 2020 16:36
houndci-bot
houndci-bot reviewed Feb 28, 2020
View reviewed changes
houndci-bot
houndci-bot reviewed Feb 28, 2020
View reviewed changes
@tgraf
Copy link
Copy Markdown
Contributor Author

tgraf commented Feb 28, 2020

test-me-please

tgraf added 3 commits February 28, 2020 17:49
@tgraf
ipam: Support for Azure IPAM
d9b0e62 
Following the refactoring of the AWS ENI IPAM logic to be generic. This commit
adds support for Azure IPAM.

The function is similar to how AWS ENI mode operates with a couple of key
differences:
 - A single interface provides enough IPs to host all local pods so support to
   create additional interfaces is not required.
 - The Azure API does not support allocating IP itself. It can only assign IPs
   to interfaces. The cilium-operator thus maintains a small allocator to keep
   track of available IPs in all subnets.

In order to access the Azure API, a service principal is required. The
credentials for the service principal is passed to the operator as environment
variables or command line arguments.

Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf
cni: Add Azure IPAM support
72b7a50 
Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf
doc: Azure installation instructions & concepts
fa8aa88 
Add helm chart option to enable Azure support along with Documentation on how
to use it.

Add a concepts section to explain how Azure mode functions.

Signed-off-by: Thomas Graf <thomas@cilium.io>
@tgraf tgraf force-pushed the pr/tgraf/azure-ipam branch from 833b349 to fa8aa88 Compare February 28, 2020 17:08
@tgraf
Copy link
Copy Markdown
Contributor Author

tgraf commented Feb 28, 2020

test-me-please

@tgraf
Copy link
Copy Markdown
Contributor Author

tgraf commented Feb 28, 2020

Also, @tgraf I don't know why but I have a diff in the generated code if I run make generate-k8s-api

Ran make generate-k8s-api again after moving Azure bits into pkg/azure/types Diff looks good now.

@tgraf
Copy link
Copy Markdown
Contributor Author

tgraf commented Feb 29, 2020

test-docs-please

@tgraf tgraf merged commit 6e5be2f into master Mar 2, 2020
@tgraf tgraf deleted the pr/tgraf/azure-ipam branch March 2, 2020 09:34
tklauser
tklauser reviewed Mar 2, 2020
View reviewed changes
@tklauser tklauser mentioned this pull request Mar 2, 2020
Merged
tklauser added a commit that referenced this pull request Mar 2, 2020
@tklauser
ipam/metrics: mention interfaces instead of ENI
f15532d 
As suggested in #10089 (comment)

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
aanm pushed a commit that referenced this pull request Mar 3, 2020
@tklauser @aanm
ipam/metrics: mention interfaces instead of ENI
94e6ccd 
As suggested in #10089 (comment)

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
@joestringer joestringer mentioned this pull request Mar 9, 2020
Closed
4 tasks
@christarazi christarazi mentioned this pull request May 29, 2020
Open
@tklauser tklauser mentioned this pull request Jun 3, 2020
Merged
@HadrienPatte HadrienPatte mentioned this pull request Jan 8, 2025
Merged
8 tasks
HadrienPatte added a commit that referenced this pull request Apr 2, 2026
@HadrienPatte
ipam: Remove obsolete fields from cloud provider IPAM types
c3c61e4 
Remove deprecated fields that have been unused for 5+ years:
* Azure `AzureInterface.GatewayIP` (obsolete since v1.10, see #15182)
* AWS `ENISpec.InstanceID` (obsolete since v1.8, see #10569)
* AWS `ENISpec.{MinAllocate,PreAllocate,MaxAboveWatermark}` (obsolete since v1.8, see #10089)

Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
@HadrienPatte HadrienPatte mentioned this pull request Apr 2, 2026
Open
HadrienPatte added a commit that referenced this pull request Apr 2, 2026
@HadrienPatte
ipam: Remove obsolete fields from cloud provider IPAM types
e45b778 
Remove deprecated fields that have been unused for 5+ years:
* Azure `AzureInterface.GatewayIP` (obsolete since v1.10, see #15182)
* AWS `ENISpec.InstanceID` (obsolete since v1.8, see #10569)
* AWS `ENISpec.{MinAllocate,PreAllocate,MaxAboveWatermark}` (obsolete since v1.8, see #10089)

Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tklauser tklauser tklauser left review comments

@aanm aanm aanm approved these changes

+1 more reviewer

@houndci-bot houndci-bot houndci-bot left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

integration/cloud Related to integration with cloud environments such as AKS, EKS, GKE, etc. release-note/major This PR introduces major new functionality to Cilium.

Projects

None yet

Milestone

1.8

Development

Successfully merging this pull request may close these issues.

5 participants

@tgraf @coveralls @tklauser @aanm @houndci-bot