On Mon, at 5:15 PM, Miles Chen for now, docker run supports both -mac-address= while kubernetes Plugins, what does that even mean? We might be able to support if for ourĭefault plugin, but no guarantees on other plugins.Īnyway, consider this "in the queue". Mac address is more fun - in the face of network I think we've already said yes to hostname, though we need to iron out theįinal design details. On Nov 26, 2014, at 1:48 AM, Tim Hockin wrote: This in particular is something raised by a customer asking about Kube and how they bridge their SDN solutions into the new space, so I wanted to raise the issue in general. Example: annotations or namespace might be info relevant to bridging / qos / isolation decisions. Its more of a network level problem - ideally we would pass more info about pods into Docker / the network stack so that custom infrastructure can make choices about the shape of the network for SDN. Having something predictable in MAC, Unix uid, source ip, etc helps bridge the gap between existing infra and monitoring and greases the skids. We run into these operational / predictability things a lot with customers - they have existing infrastructure (SDN, etc) that varies based on one axis and then makes a bunch assumptions down the line. Reply to this email directly or view it on GitHub Here since they won't (likely? probably?) be exposed/visible outside. I just don't see the point of the mac management Underlying infrastructure, but you claim no need to systemically manage Guess some people do it.) Pod IPs are much more likely to leak out into the (at least the CoreOSĮxample kube setup does leak the pod MAC out to the infrastructure, so I So the hosting infrastructure never sees them. With meaningful info rather than random info. MAC prefix DEADBEEF" would be somewhat useful. Or "why are all those packets coming from Kubernetes that cleverly have the To say "oh hey, that darn pod djeickektnejciekt escaped its bounds again" Is that true? I had assumed they would occasionally escape, so being able Inside the cluster and (likely? hopefully?) only in an overlay network. On Tue, at 3:11 PM, Clayton Coleman Nov 11, 2014, at 5:24 PM, Eric Paris a question of usefulness in my mind. This is problematic in aīunch of ways for GCE, so the whole thing needs to be optional. Reply to this email directly or view it on GitHub.Ĭatching up on older issues that have languished. I just don't see the point of the mac management here since they won't (likely? probably?) be exposed/visible outside. (at least the CoreOS example kube setup does leak the pod MAC out to the infrastructure, so I guess some people do it.) Pod IPs are much more likely to leak out into the underlying infrastructure, but you claim no need to systemically manage them from the outside. Would rather fill the MAC with meaningful info rather than random info. Is that true? I had assumed they would occasionally escape, so being able to say "oh hey, that darn pod djeickektnejciekt escaped its bounds again" or "why are all those packets coming from Kubernetes that cleverly have the MAC prefix DEADBEEF" would be somewhat useful.
Pod MAC addresses exist only inside the cluster and (likely? hopefully?) only in an overlay network. It's a question of usefulness in my mind. On Nov 11, 2014, at 5:24 PM, Eric Paris wrote:
0 kommentar(er)
