github.com/cilium/cilium@v1.16.2/Documentation/network/concepts/ipam/azure-delegated-ipam.rst (about)

     1  .. only:: not (epub or latex or html)
     2  
     3      WARNING: You are looking at unreleased Cilium documentation.
     4      Please use the official rendered version released here:
     5      https://docs.cilium.io
     6  
     7  .. _azure_delegated_ipam:
     8  
     9  ####################
    10  Azure Delegated IPAM
    11  ####################
    12  
    13  The Azure CNI powered by Cilium cluster utilizes a delegated IPAM (IP Address Manager) approach to allocate 
    14  IP addresses for pods that are created using the Cilium CNI. This delegated IPAM component manages IP allocation 
    15  within individual nodes of the cluster. It collaborates closely with the AKS (Azure Kubernetes Service) control plane 
    16  components to seamlessly integrate with the broader Azure Virtual Network stack. 
    17  
    18  ************
    19  Architecture
    20  ************
    21  
    22  .. image:: azure_delegated_ipam_arch.png
    23      :align: center
    24  
    25  Azure Delegated Ipam allocator builds on top of CRD-backed allocator. AKS control plane creates ``NodeNetworkConfig`` 
    26  custom resource on each node matching node name. This custom resource contains unique ip prefix for node ``status.primaryIP`` 
    27  in overlay mode or block of unique IP addresses in PodSubnet mode. Delegated Ipam Agent running on each node receives this resource and 
    28  manages the IP Allocation for pods within node. It makes sure IPs are programmed on Azure Network stack before 
    29  giving out IPs to Cilium CNI.
    30  
    31  ********************
    32  Cilium Configuration
    33  ********************
    34  
    35  The cilium agent must run with ``ipam: delegated-plugin``. Since cilium agent not managing IPs for pods, its also required 
    36  to specify ``local-router-ipv4: 169.254.23.0`` to configure IP for ``cilium_host`` interface.
    37  
    38  ************************
    39  Cilium CNI Configuration
    40  ************************
    41  
    42  Cilium CNI is specifically configured with delegated IPAM details in its configuration, allowing it to interact 
    43  with the delegated Azure IPAM. This configuration ensures that the Cilium CNI triggers the delegated IPAM during 
    44  both pod addition and deletion operations. Upon receiving an Add request, the delegated IPAM allocates an available 
    45  IP address from its cache. Similarly on a Delete request, the delegated IPAM marks the IP as available. 
    46  
    47  The following JSON snippet represents Cilium CNI config with Azure Delegated IPAM configuration.
    48  
    49  .. code-block:: json
    50  
    51          {
    52            "cniVersion": "0.3.1",
    53            "name": "cilium",
    54            "plugins": [
    55              {
    56                "type": "cilium-cni",
    57                "ipam": {
    58                  "type": "azure-ipam"
    59                 },
    60                 "enable-debug": true,
    61                 "log-file": "/var/log/cilium-cni.log"
    62              }
    63            ]
    64          }