Configure multiple DHCP ranges using Subnet resources¶
To facilitate multi-rack and other types of distributed bare metal datacenter topologies, the dnsmasq DHCP server used for host provisioning in Container Cloud supports working with multiple L2 segments through network routers that support DHCP relay.
Networks used for hosts provisioning of a managed cluster must have routes to the PXE network (when a dedicated PXE network is configured) or to the combined PXE/management network of the management cluster. This configuration enables hosts to have access to the management cluster services that are used during host provisioning.
To configure DHCP ranges for dnsmasq, create the
tagged with the
ipam/SVC-dhcp-range label while setting up subnets
for a managed cluster using CLI.
dhcp-range record, Container Cloud also configures the
dhcp-option record to pass the default route through the default gateway
from the corresponding subnet to all hosts that obtain addresses
from that DHCP range. You can also specify DNS server addresses for servers
that boot over PXE. They will be configured by Container Cloud using another
Subnetobjects for DHCP ranges should not reference any specific cluster, as DHCP server configuration is only applicable to the management or regional cluster. The
kaas.mirantis.com/regionlabel that specifies the region will be used to determine where to apply the DHCP ranges from the given
Clusterreference will be ignored.
baremetal-operatorchart allows using multiple DHCP ranges in the
dnsmasq.conffile. The chart iterates over a list of the
dhcp-rangeparameters from its values and adds all items from the list to the dnsmasq configuration.
baremetal-operatorchart allows using single DHCP range for backwards compatibility. By default, the
KAAS_BM_BM_DHCP_RANGEenvironment variable is still used to define the DHCP range for a management or regional cluster nodes during provisioning.
Override the default dnsmasq settings¶
The dnsmasq configuration options
are absent in the default configuration. So, by default, dnsmasq
will send the DNS server and default route to DHCP clients as defined in the
dnsmasq official documentation:
The netmask and broadcast address are the same as on the host running dnsmasq.
The DNS server and default route are set to the address of the host running dnsmasq.
If the domain name option is set, this name is sent to DHCP clients.
If such default behavior is not desirable during deployment of managed clusters:
Open the management cluster spec for editing.
baremetal-operatorrelease values, remove the
regional: - helmReleases: - name: baremetal-operator values: dnsmasq: dhcp_range: 10.204.1.0,10.204.5.255,255.255.255.0
Set the desired DHCP ranges and options using the
Subnetobjects as described in Configure DHCP ranges for dnsmasq.
Configure DHCP ranges for dnsmasq¶
Subnetobjects tagged with the
To create the
Subnetobjects, refer to Create subnets.
Use the following
Subnetobject example to specify DHCP ranges and DHCP options to pass the default route and DNS server addresses:
apiVersion: "ipam.mirantis.com/v1alpha1" kind: Subnet metadata: name: mgmt-dhcp-range namespace: default labels: ipam/SVC-dhcp-range: "" kaas.mirantis.com/provider: baremetal kaas.mirantis.com/region: region-one spec: cidr: 10.0.0.0/24 gateway: 10.0.0.1 includeRanges: - 10.0.0.121-10.0.0.125 - 10.0.0.191-10.0.0.199 nameservers: - 184.108.40.206 - 220.127.116.11
After creating the above
Subnetobject, the following dnsmasq parameters will be set using the
dhcp-range=set:mgmt-dhcp-range-0,10.0.0.121,10.0.0.125,255.255.255.0 dhcp-range=set:mgmt-dhcp-range-1,10.0.0.191,10.0.0.199,255.255.255.0 dhcp-option=tag:mgmt-dhcp-range-0,option:router,10.0.0.1 dhcp-option=tag:mgmt-dhcp-range-1,option:router,10.0.0.1 dhcp-option=tag:mgmt-dhcp-range-0,option:dns-server,18.104.22.168,22.214.171.124 dhcp-option=tag:mgmt-dhcp-range-1,option:dns-server,126.96.36.199,188.8.131.52
DHCP range is set according to the
includeRangesparameters of the
mgmt-dhcp-range-0tag is formed from the
Subnetobject name and address range index within the
The default router option is set according to the
gatewayparameter of the
Subnetobject. The tag is the same as in the
Optional, available when the
nameserversparameter is set in the
Subnetobject. The DNS server option is set according to the
nameserversparameter of the
Subnetobject. The tag is the same as in the
Verify that the changes are applied to
kubectl --kubeconfig <pathToMgmtOrRegionalClusterKubeconfig> \ -n kaas get cm dnsmasq-config -ojson| jq -r '.data."dnsmasq.conf"'
Configure DHCP relay on ToR switches¶
For servers to access the DHCP server across the L2 segment boundaries, for example, from another rack with a different VLAN for PXE network, you must configure DHCP relay service on the border switch of the segment. For example, on a top-of-rack (ToR) or leaf (distribution) switch, depending on the data center network topology.
In Container Cloud, the
dnsmasq server listens on the PXE interface of the
management cluster node.
To configure DHCP relay, you need to specify the address(es) of a DHCP helper or the server that handles DHCP requests.
Depending on the PXE network setup, select from the following options:
If the PXE network is combined with the management network, identify LCM addresses of the management cluster nodes:
kubectl -n default get lcmmachine -o wide
In the output, select the addresses from the
INTERNALIPcolumn to use as the DHCP helper addresses.
If you use a dedicated PXE network, identify the addresses assigned to your nodes using the corresponding
kubectl -n default get ipamhost -o yaml
status.netconfigV2of each management cluster host, obtain the interface name used for PXE network and collect associated addresses to use as the DHCP helper addresses. For example:
status: ... netconfigV2: ... bridges: ... k8s-pxe: addresses: - 10.0.1.4/24 dhcp4: false dhcp6: false interfaces: - ens3
In this example,
k8s-pxeis the PXE interface name and
10.0.1.4is the address to use as one of the DHCP helper addresses.