Merge pull request #69 from alauda/docs/crd-ipv6

docs: add crd/ipv6 docs and bump version 0.6.0

CHANGELOG.md

@@ -1,5 +1,17 @@
 # CHANGELOG
 
+## v0.6.0 -- 2019/07/22
+### Features
+* Support traffic mirror
+* Use webhook to check ip conflict
+* Beta IPv6 support
+* Use subnet CRD to replace namespace annotation
+* Use go mod to manage dependency
+
+### Bug fixes
+* Remove RBAC dependency on cluster-admin
+* Use kubernetes nodename to replace hostname
+
 ## v0.5.0 -- 2019/06/06
 ### Features
 * Support NetworkPolicy by OVN ACL

README.md

@@ -17,6 +17,7 @@ Kube-OVN integrates the OVN-based Network Virtualization with Kubernetes. It off
 - **Namespaced Gateways**: Every Namespace can have a dedicated Gateway for Egress traffic.
 - **Direct External Connectivity**：Pod IP can be exposed to external network directly.
 - **Traffic Mirror**: Duplicated container network traffic for monitoring and diagnosing.
+- **IPv6 support**: Kube-OVN support ipv6-only mode pod network.
 
 ## Planned Future Work
 - Hardware Offloading and DPDK Support
@@ -35,12 +36,13 @@ Kube-OVN is easy to install with all necessary components/dependencies included.
 
 ## Documents
 - [Namespaced Subnets](docs/subnet.md)
-- [Subnet Isolation](docs/isolation.md)
+- [Subnet Isolation](docs/subnet.md#isolation)
 - [Static IP](docs/static-ip.md)
 - [Dynamic QoS](docs/qos.md)
-- [Gateway and Direct connect](docs/gateway.md)
+- [Gateway and Direct connect](docs/subnet.md#gateway)
 - [Traffic Mirror](docs/mirror.md)
 - [Webhook](docs/webhook.md)
+- [IPv6](docs/ipv6.md)
 
 ## Contact
 Mail: mengxin#alauda.io

docs/install.md

@@ -12,22 +12,24 @@ Kube-OVN includes two parts:
 
 *NOTE* Ubuntu 16.04 users should build the related ovs-2.11.1 kernel module to replace the kernel built-in module 
 
-## To install
+## To Install
 
 1. Add the following label to the Node which will host the OVN DB and the OVN Control Plane:
 
     `kubectl label node <Node on which to deploy OVN DB> kube-ovn/role=master`
 2. Install native OVS and OVN components:
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/v0.5.0/yamls/ovn.yaml`
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/v0.6.0/yamls/ovn.yaml`
 3. Install the Kube-OVN Controller and CNI plugins:
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/v0.5.0/yamls/kube-ovn.yaml`
-
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/v0.6.0/yamls/kube-ovn.yaml`
+    
 That's all! You can now create some pods and test connectivity.
 
 For high-available ovn db, see [high available](high-available.md)
 
+If you want to enable IPv6 on default subnet and node subnet, please apply https://raw.githubusercontent.com/alauda/kube-ovn/v0.6.0/yamls/kube-ovn-ipv6.yaml on Step 3.
+
 ## More Configuration
 
 ### Controller Configuration
@@ -72,7 +74,7 @@ For high-available ovn db, see [high available](high-available.md)
 1. Remove Kubernetes resources:
 
     ```bash
-    wget https://raw.githubusercontent.com/alauda/kube-ovn/v0.5.0/dist/images/cleanup.sh
+    wget https://raw.githubusercontent.com/alauda/kube-ovn/v0.6.0/dist/images/cleanup.sh
     bash cleanup.sh
     ```
 

docs/ipv6.md

@@ -0,0 +1,5 @@
+# IPv6
+
+Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and  service discovery if you use a protocol other than the kubernetes control plan. We recommend you use only one same ip protocol that same with kubernetes control plan.
+
+To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/v0.6.0/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.

docs/subnet.md

@@ -1,42 +1,59 @@
 # Subnets
 
-Kube-OVN uses annotations on Namespaces to create and share Subnets. If a Namespace has no related annotations, it will use the default Subnet (10.16.0.0/16)
+From v0.6.0 Kube-OVN will use Subnet crd to manage subnets. If you still use a version prior to v0.6.0 please update to this version to use new subnet.
 
-Use the following annotations to define a Subnet:
+## Example
 
-- `ovn.kubernetes.io/cidr`: The CIDR of the Subnet.
-- `ovn.kubernetes.io/gateway`: The Gateway address for the Subnet.
-- `ovn.kubernetes.io/logical_switch`: The Logical Switch name in OVN.
-- `ovn.kubernetes.io/exclude_ips`: Addresses that should not be allocated to Pods.
+```bash
+apiVersion: kubeovn.io/v1
+kind: Subnet
+  name: subnet-gateway
+spec:
+  protocol: IPv4
+  default: false
+  namespaces:
+  - ns1
+  - ns2
+  cidrBlock: 100.64.0.0/16
+  gateway: 100.64.0.1
+  excludeIps:
+  - 100.64.0.1
+  private: true
+  allowSubnets:
+  - 10.16.0.0/16
+  - 10.18.0.0/16
+  gatewayType: centralized
+  gatewayNode: node1
+  natOutgoing: true
+```
+## Basic Configuration
 
+- `protocol`: The ip protocol ,can be IPv4 or IPv6. *Note*: Through kube-ovn support both protocol subnets coexist in a cluster, kubernetes control plan now only support one protocol. So you will lost some ability like probe and  service discovery if you use a protocol other than the kubernetes control plan. 
+- `default`: If set true, all namespaces that not bind to any subnets will use this subnet to allocate pod ip and share other network configuration. Note: Kube-OVN will create a default subnet and set this field to true. There can only be one default subnet in a cluster.
+- `namespaces`: List of namespaces that bind to this subnet. If you want to bind a namespace to this subnet, edit and add the namespace name to this field.
+- `cidrBlock`: The cidr of this subnet.
+- `gateway`: The gateway address of this subnet.
+- `excludeIps`: List of ips that you do not want to be allocated.
 
-Example:
+## Isolation
 
-```bash
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    ovn.kubernetes.io/cidr: 10.17.0.0/16
-    ovn.kubernetes.io/gateway: 10.17.0.1
-    ovn.kubernetes.io/logical_switch: ovn-subnet
-    ovn.kubernetes.io/exclude_ips: "192.168.0.4,192.168.0.30..192.168.0.60,192.168.0.110..192.168.0.120"
-  name: ovn-subnet
-```
+Besides standard NetworkPolicy，Kube-OVN also supports network isolation and access control at the Subnet level to simplify the use of access control. 
 
-This YAML will create a Logical Switch named `ovn-subnet` in OVN, with CIDR 10.17.0.0/16, and Gateway 10.17.0.1. The IP addresses between 10.17.0.0 and 10.17.0.10 will not be allocated to the Pods.
+*Note*: NetworkPolicy take a higher priority than subnet isolation rules.
 
-**NOTE**: In the current version, we only support creating a Subnet while creating a new Namespace. Modifying annotations after Namespace creation will not trigger Subnet creation/update in OVN. Dynamic Subnet configuration is planned for a future release.
+- `private`: Boolean, controls whether to deny traffic from IP addresses outside of this Subnet. Default: false.
+- `allow`: Strings of CIDRs separated by commas, controls which addresses can access this Subnet, if `private=true`.
 
-To share a Subnet across multiple Namespaces, point the annotation `ovn.kubernetes.io/logical_switch` to an existing Logical Switch when creating the Namespace. For example:
+## Gateway
 
-```bash
-apiVersion: v1
-kind: Namespace
-metadata:
-  annotations:
-    ovn.kubernetes.io/logical_switch: ovn-subnet
-  name: ovn-share
-```
+Gateway is used to enable external network connectivity for Pods within the OVN Virtual Network. 
+
+Kube-OVN supports two kinds of Gateways: the distributed Gateway and the centralized Gateway. Also user can expose pod ip directly to external network.
+
+For a distributed Gateway, outgoing traffic from Pods within the OVN network to external destinations will go through the Node where the Pod is hosted.
+
+For a centralized gateway, outgoing traffic from Pods within the OVN network to external destinations will go through Gateway Node for the Namespace.
 
-This YAML will create a Namespace ovn-share that uses the same Subnet as the previous Namespace `ovn-subnet`.
+- `gatewayType`: `distributed` or `centralized`, default is `distributed`.
+- `gatewayNode`: when `gatewayType` is `centralized` used this field to specify which node act as the namespace gateway.
+- `natOutgoing`: `true` or `false`, whether pod ip need to be masqueraded when go through gateway. When `false`, pod ip will be exposed to external network directly, default `false`.