Prerequisites: Multus + NetworkAttachmentDefinition CRD installed.
In order to have DHCP working as an IPAM plugin -- you'll need to have the DHCP CNI binary running.
In this example, we'll run this (as a daemonset) from the dougbtv/dhcp image, which is based on Tomo's dockerfile.
About my setup: In this setup, I use a macvlan plugin as the secondary interface for Multus. In my setup, I used an upstream Kubernetes running on KVM guests. The master device for macvlan is eth0 and that device is connected to a bridge in the 192.168.122.0/24 network space, and has an already running DHCP server available.
Create this daemonset, as a file and apply it:
---
apiVersion: extensions/v1beta1
kind: DaemonSet
metadata:
name: kube-dhcp-ds-amd64
namespace: kube-system
labels:
tier: node
app: dhcp
spec:
template:
metadata:
labels:
tier: node
app: dhcp
spec:
hostNetwork: true
nodeSelector:
beta.kubernetes.io/arch: amd64
tolerations:
- operator: Exists
effect: NoSchedule
initContainers:
- name: dhcp-daemon-initialization
image: dougbtv/dhcp:latest
command: ["/bin/sh"]
args: ["-c", "rm -f /var/run/cni/dhcp.sock"]
volumeMounts:
- name: socketpath
mountPath: /var/run/cni
containers:
- name: kube-dhcp
# Based on: https://github.com/s1061123/cni-dhcp-daemon/blob/master/Dockerfile
image: dougbtv/dhcp:latest
resources:
requests:
cpu: "100m"
memory: "50Mi"
limits:
cpu: "100m"
memory: "50Mi"
command: ["./dhcp"]
args:
- "daemon"
- "-hostprefix"
- "/host"
securityContext:
privileged: true
volumeMounts:
- name: socketpath
mountPath: /run/cni
- name: procpath
mountPath: /host/proc
volumes:
- name: socketpath
hostPath:
path: /run/cni
- name: procpath
hostPath:
path: /proc
Apply it, wait for it to come up:
[centos@kube-nonetwork-master ~]$ kubectl create -f dhcp.yml
daemonset.extensions/kube-dhcp-ds-amd64 created
[centos@kube-nonetwork-master ~]$ kubectl get pods --namespace=kube-system -o wide | grep -P "NAME|dhcp"
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
kube-dhcp-ds-amd64-66rsf 1/1 Running 0 57s 192.168.122.233 kube-nonetwork-master <none>
kube-dhcp-ds-amd64-6kxv7 1/1 Running 0 57s 192.168.122.46 kube-nonetwork-node-1 <none>
I created mine like so:
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: dhcppod
annotations:
k8s.v1.cni.cncf.io/networks: dhcp-conf
spec:
containers:
- name: dhcppod
command: ["/bin/bash", "-c", "trap : TERM INT; sleep infinity & wait"]
image: dougbtv/centos-network
EOF
And the pod I created was:
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: Pod
metadata:
name: dhcppod
annotations:
k8s.v1.cni.cncf.io/networks: dhcp-conf
spec:
containers:
- name: dhcppod
command: ["/bin/bash", "-c", "sleep 2000000000000"]
image: dougbtv/centos-network
EOF
I then verified that a DHCP address was assigned to the secondary interface:
[centos@kube-nonetwork-master ~]$ kubectl exec -it dhcppod -- ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
3: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UP
link/ether 0a:58:0a:f4:01:08 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.244.1.8/24 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f003:cff:fe19:1cb5/64 scope link tentative dadfailed
valid_lft forever preferred_lft forever
4: net1@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 9e:a7:91:3f:d2:65 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 192.168.122.74/24 scope global net1
valid_lft forever preferred_lft forever
inet6 fe80::9ca7:91ff:fe3f:d265/64 scope link
valid_lft forever preferred_lft forever