GitHub user dstoy53 added a comment to the discussion: one to many secondary IP for a floating VIP with SG
I agree that some type of flag would be good for safety, otherwise an api user won't know if they're allocating a shared secondary IP without first checking the allocation status. The UI would already recognize the IP as allocated and hide it on the NIC page, so that might need some adjustments to enable this behavior. I think kubernetes clusters with a cni managed overlay will work well enough since outbound traffic would get a SNAT with the primary VM IP of each node. In this scenario the inbound traffic would need a load balancer with a VIP for the control plane nodes and a VIP for an ingress controller (or other nodeport services), so only the VIPs would need to be able to float. Attaching pods directly to the network would get more complicated and the CNI would need to talk to the cloudstack api to attach/detach IPs. This is what cilium does in aws. In AWS there's also prefix delegation, because if the CNI keeps requesting /32s for each pod you hit a maximum on the ENI, and if it keeps adding ENIs you hit the maximum ENIs for the instance type. Prefix delegation allocates a /28 to the ENI (consuming the same capacity as a single /32 on the ENI) and pod addresses are assigned from that prefix. GitHub link: https://github.com/apache/cloudstack/discussions/10979#discussioncomment-13392195 ---- This is an automatically sent email for users@cloudstack.apache.org. To unsubscribe, please send an email to: users-unsubscr...@cloudstack.apache.org
