Question

Do we have duplicate IP check in the Karbon / NKE cluster creation process?

  • 20 March 2024
  • 4 replies
  • 43 views

Badge +1

We hit the below scenario today.

 

  • We have a single IP pool
  • IPAM network pool included the CVM/Host IPs
  • When deployed a K8 cluster using this IPAM network, system generated IP list contains 2 IPs of CVM
  • Cluster creation task proceeded without any issue
  • After the K8 cluster creation task , nutanix cluster went down , due to the duplicate IP issue

Do we have any check introduced in code for duplicate ip check in the creation task?


This topic has been closed for comments

4 replies

Userlevel 4
Badge +5

Hi Sandeep,

NKE doesn’t check if between those IPs the CVM is included. This should be handle by the IPAM functionality to not let the user create a pool which includes the CVM IP addresses. 

Badge +1

@JoseNutanix  AFAIK currently  IPAM doesnt look for CVM or Hypervisor IP in the list.

It will be better karbon do  a check , Like we have the ping check in other enable workflows, we should include the ping validation , before starting the deployment.

Userlevel 4
Badge +5

Sandeep,

NKE cannot check the IPs in advance until the IPAM assigns them during VM creation (late at the deployment stage), hence the comment that IPAM should be the one handling this situation when creating an IP pool. This time it was NKE, but it could be another VM deployment in the future causing the same issue. Until then, you can use the acli net.add_to_ip_blacklist command to exclude the IPs from the IPAM pool.

Badge +1

Yeah I agree. 

But what confusing me is the API calls which i noticed as part of the cluster creation form navigation.

  • In the first page once we selected the cluster, karbon check the list of networks available in the cluster
https://PC_IP:9440/karbon/prism/api/nutanix/v3/subnets/list
  • When we move to the next stage, it queries the IPAM network and then comes back with 5 IPs from which 1 is selected in the VIP.
https://PC_IP:9440/karbon/acs/k8s/subnet/cb8b4459-1245-4c3d-a2ef-47194a9e03c2/static_ip/list

 So if it have the capability to query the unused IP, we should have the check in place to validate those IPs are used or not . Maybe for the VIP IP validation, we do check, i am not sure.

I agree with your point. IPAM should take care of this part, as in the current flow we only send the spec and IP handling takes care by IPAM. 

Or we should change the creation workflow, similar to the VIP and then include that in the payload to assign static.

 

Thanks @JoseNutanix  for the response.