Bug 1328983

Summary: [RFE] comma delimited list of networks for serviceNetworkCIDR and clusterNetworkCIDR
Product: OpenShift Container Platform Reporter: Ryan Howe <rhowe>
Component: RFEAssignee: Ben Bennett <bbennett>
Status: CLOSED DEFERRED QA Contact: Johnny Liu <jialiu>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 3.2.0CC: ahoness, aos-bugs, bbennett, dcbw, dfroehli, eparis, jokerman, mbarrett, mmccomas, rhowe, sjr, stwalter
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-03-12 13:54:36 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Ryan Howe 2016-04-20 19:43:36 UTC 
Description:

Requesting the ability to provide a comma delimited list of networks for serviceNetworkCIDR and clusterNetworkCIDR vs a single large network. 

With large infrastructures allocating large /16 networks is hard as internal IP space is limited.  


Looking to set the following in the master-config.yaml file

  clusterNetworkCIDR: 10.1.0.0/24, 10.1.5.0/24, 10.2.1.0/24 ...
Comment 1 Ben Bennett 2016-04-21 13:51:54 UTC 
Trello card:
  https://trello.com/c/C4Lvp34e/201-make-the-cluster-ip-range-more-flexible-by-allowing-multiple-subnets-for-host-and-service-ranges
Comment 2 Dan Williams 2016-04-21 19:57:30 UTC 
The SDN subnet (10.x) only exists within the SDN overlay itself, so those addresses should not leak out of the overlay, and thus won't conflict with anything outside.

Where the conflict could happen is on each node, since the tun0 port has a route to the cluster network subnet (eg, 10.x/16).  So if the network which the nodes are connected to is 10.x, there will obviously be problems as both tun0 and eth0 will have addresses and routes in the 10.x space.  That's typically fixed by moving the OpenShift cluster to a different subnet (172.16) or making the OpenShift cluster network smaller than /16.

To be clear; setting up OpenShift doesn't require reserving a /16 from an internal network or anything, because none of the pods that receive an address from this space are actually exposed to the organization's network; they are all NAT-ed to the node's eth0 IP address.  But if you're running other stuff on the node itself or if the pods need to access other non-OpenShift resources, then the IP range of those external resources cannot overlap with the OpenShift SDN cluster network range.

Ryan, can you provide more information about what problems people are running into currently with address conflicts?
Comment 9 Eric Rich 2018-03-12 13:54:36 UTC 
This bug has been identified as a dated (created more than 3 months ago) bug. 
This bug has been triaged (has a trello card linked to it), or reviewed by Engineering/PM and has been put into the product backlog, 
however this bug has not been slated for a currently planned release (3.9, 3.10 or 3.11), which cover our releases for the rest of the calendar year. 

As a result of this bugs age, state on the current roadmap and PM Score (being below 70), this bug is being Closed - Differed, 
as it is currently not part of the products immediate priorities.

Please see: https://docs.google.com/document/d/1zdqF4rB3ea8GmVIZ7qWCVYUaQ7-EexUrQEF0MTwdDkw/edit for more details.