Manage OCI Reserved IPs as Custom Resources in your Kubernetes cluster and assign them your pods or private IPs.
Warning: This project is still work in progress. There might be breaking API changes in the future. Use at your own risk.
- Your pod IPs must be allocated from your VCN subnets or the pod must be running in
hostNetwork. - Your worker nodes must reside in a public subnet.
Run:
$ kubectl apply -f config/crd/bases # install Custom Resource Definition (CRD) for ReservedIP Custom Resource
$ kubectl apply -f deploy/ # install the operatorCreate a new file example.yaml:
apiVersion: oci.k8s.logmein.com/v1alpha1
kind: ReservedIP
metadata:
name: my-reserved-ip
spec:
tags:
owner: My teamApply it:
$ kubectl apply -f example.yaml
ReservedIP.oci.k8s.logmein.com/my-reserved-ip createdDescribe it:
$ kubectl get reservedip my-reserved-ip
NAME STATE PUBLIC IP POD
my-reserved-ip allocated 34.228.250.93Request a random address from a BYOIP address pool:
apiVersion: oci.k8s.logmein.com/v1alpha1
kind: ReservedIP
# ...
spec:
publicIPv4Pool: <your pool ID here>
# ...Request a specific address from a BYOIP address pool:
apiVersion: oci.k8s.logmein.com/v1alpha1
kind: ReservedIP
# ...
spec:
publicIPv4Address: 12.34.56.78
# ...Adjust example.yaml to include an assignment section:
apiVersion: oci.k8s.logmein.com/v1alpha1
kind: ReservedIP
metadata:
name: my-reserved-ip
spec:
tags:
owner: My team
assignment:
podName: some-podApply it:
$ kubectl apply -f example.yaml
reservedip.oci.k8s.logmein.com/my-reserved-ip configuredDescribe it:
$ kubectl get reservedip my-reserved-ip
NAME STATE PUBLIC IP POD
my-reserved-ip assigned 34.228.250.93 my-podAllocating and assigning can also be done in one step.
Remove the assignment section again and reapply the manifest.
$ kubectl delete reservedip my-reserved-ip
ReservedIP.oci.k8s.logmein.com/my-reserved-ip deletedUnassigning and releasing can also be done in one step.
You can use an initContainer as part of your pod definition to create the ReservedIP custom resource. This requires that your pod has RBAC permissions to create ReservedIP resources.
apiVersion: v1
kind: ServiceAccount
metadata:
name: reservedip-user
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: ReservedIP-user-role
rules:
- apiGroups:
- oci.k8s.logmein.com
resources:
- reservedips
verbs:
- '*'
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: reservedip-user-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: reservedip-user-role
subjects:
- kind: ServiceAccount
name: reservedip-user
---
apiVersion: apps/v1
kind: Deployment
# ...
spec:
# ...
template:
spec:
# ...
serviceAccountName: reservedip-user
initContainers:
- name: init-reservedip
image: <some image that has kubectl>
env:
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
command:
- /bin/sh
- -c
- |
# allocate and assign ReservedIP
cat <<EOS | kubectl apply -f-
apiVersion: oci.k8s.logmein.com/v1alpha1
kind: ReservedIP
metadata:
name: $(MY_POD_NAME)
namespace: $(MY_POD_NAMESPACE)
spec:
tags:
owner: My team
pod: $(MY_POD_NAME)
namespace: $(MY_POD_NAMESPACE)
assignment:
podName: $(MY_POD_NAME)
EOS
# wait for ReservedIP to be assigned
while [ "$(kubectl get reservedip $(MY_POD_NAME) -o jsonpath='{.status.state}')" != "assigned" ]
do
sleep 1
doneYou can ensure that an ReservedIP is released when your pod is terminated by including ownerReferences in your ReservedIP resource. Setting blockOwnerDeletion: true prevents the pod from vanishing until the ReservedIP is unassigned and released.
apiVersion: oci.k8s.logmein.com/v1alpha1
kind: ReservedIP
metadata:
name: my-reserved-ip
ownerReferences:
- apiVersion: v1
kind: Pod
name: some-pod
uid: ... # put the UID of the pod here
blockOwnerDeletion: true
spec:
tags:
owner: My team
assignment:
podName: some-pod