Get started with IP address management
Big picture
Understand how IP address management (IPAM) functions in a Kubernetes cluster using Calico Enterprise.
Value
Different IPAM techniques provide different feature sets. Calico Enterprise’s IPAM provides additional IP allocation efficiency and flexibility compared to other address management approaches.
Concepts
IPAM in Kubernetes
Kubernetes uses IPAM plugins to allocate and manage IP addresses assigned to pods. Different IPAM plugins provide different feature sets. Calico Enterprise provides its own IPAM plugin called calico-ipam which is designed to work well with Calico Enterprise and includes a number of features.
Calico Enterprise IPAM
The calico-ipam plugin uses Calico Enterprise’s IP pool resource to control how IP addresses are allocated to pods within the cluster. This is the default plugin used by most Calico Enterprise installations.
By default, Calico Enterprise uses a single IP pool for the entire Kubernetes pod CIDR, but you can divide the pod CIDR into several pools. You can assign separate IP pools to particular selections of nodes, or to teams, users, or applications within a cluster using namespaces.
You can control which pools Calico Enterprise uses for each pod using
- node selectors
- an annotation on the pod’s namespace, or
- an annotation on the pod
Calico Enterprise also supports the host-local IPAM plugin. However, when using the host-local IPAM plugin some Calico Enterprise features are not available.
Calico Enterprise IPAM blocks
In Calico Enterprise IPAM, IP pools are subdivided into blocks -- smaller chunks that are associated with a particular node in the cluster. Each node in the cluster can have one or more blocks associated with it. Calico Enterprise will automatically create and destroy blocks as needed as the number of nodes and pods in the cluster grows or shrinks.
Blocks allow Calico Enterprise to efficiently aggregate addresses assigned to pods on the same node, reducing the size of the routing table. By default Calico Enterprise will try to allocate IP addresses from within an associated block, creating a new block if necessary. Calico Enterprise can also assign addresses to pods on a node that are not within a block associated with that node. This allows for IP allocations independent of the node on which a pod is launched.
By default, Calico Enterprise creates blocks with room for 64 addresses (a /26), but you can control block sizes for each IP pool.
Host-local IPAM
The host-local plugin is a simple IP address management plugin. It uses predetermined CIDRs statically allocated to each node to choose addresses for pods. Once set, the CIDR for a node cannot be modified. Pods can be assigned addresses only from within the CIDR allocated to the node.
Calico Enterprise can use the host-local IPAM plugin, using the Node.Spec.PodCIDR field in the Kubernetes API to determine the CIDR to use for each node. However, per-node, per-pod, and per-namespace IP allocation features are not available using the host-local plugin.
The host-local IPAM plugin is primarily used by other methods of routing pod traffic from one host to another. For example, it is used when installing Calico Enterprise for policy enforcement with flannel networking, as well as when using Calico Enterprise in Google Kubernetes Engine (GKE).
Before you begin
Limitations
- Works for platforms that use the Calico CNI
How to
Install Calico Enterprise with calico-ipam
Follow one of the getting started guides to install Calico Enterprise.
Install Calico Enterprise with host-local IPAM
Follow one of the getting started guides to install Calico Enterprise with flannel networking, or on GKE.
Or, see the reference documentation on host-local IPAM.
Tutorial
For a blog/tutorial on IP pools, see Calico Enterprise IPAM: Explained and Enhanced.
Additional resources
There are several other ways to leverage Calico Enterprise IPAM including: