Add documentation for secondary network IPAM (#3634)

Add a document for secondary network IPAM, and add the Antrea IPAM
option to the Multus cookbook.

Signed-off-by: Jianjun Shen <shenj@vmware.com>

build/yamls/antrea-aks.yml

@@ -2773,7 +2773,8 @@ data:
     #  Egress: true
 
     # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
-    # bridging mode and allocates IPs to Pods in bridging mode.
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable multicast traffic. This feature is supported only with noEncap mode.
@@ -2842,9 +2843,9 @@ data:
     #trafficEncryptionMode: none
 
     # Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected
-    # to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are
-    # allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and
-    # forwarded/routed by the underlay network.
+    # to the OVS bridge, and cross-Node/VLAN traffic of AntreaIPAM Pods (Pods whose IP addresses are
+    # allocated by AntreaIPAM from IPPools) is sent to the underlay network, and forwarded/routed by the
+    # underlay network.
     # This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only
     # IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`,
     # `trafficEncapMode` is `noEncap`, and `noSNAT` is true.
@@ -3018,8 +3019,9 @@ data:
     # Run Kubernetes NodeIPAMController with Antrea.
     #  NodeIPAM: false
 
-    # Enable flexible IPAM mode for Antrea. This mode allows to assign IP Ranges to Namespaces,
-    # Deployments and StatefulSets via IP Pool annotation.
+    # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
@@ -3076,7 +3078,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-82h2mk24gg
+  name: antrea-config-mkbgmf6ct6
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3147,7 +3149,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-82h2mk24gg
+          value: antrea-config-mkbgmf6ct6
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3198,7 +3200,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-82h2mk24gg
+          name: antrea-config-mkbgmf6ct6
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3437,7 +3439,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-82h2mk24gg
+          name: antrea-config-mkbgmf6ct6
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-eks.yml

@@ -2773,7 +2773,8 @@ data:
     #  Egress: true
 
     # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
-    # bridging mode and allocates IPs to Pods in bridging mode.
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable multicast traffic. This feature is supported only with noEncap mode.
@@ -2842,9 +2843,9 @@ data:
     #trafficEncryptionMode: none
 
     # Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected
-    # to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are
-    # allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and
-    # forwarded/routed by the underlay network.
+    # to the OVS bridge, and cross-Node/VLAN traffic of AntreaIPAM Pods (Pods whose IP addresses are
+    # allocated by AntreaIPAM from IPPools) is sent to the underlay network, and forwarded/routed by the
+    # underlay network.
     # This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only
     # IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`,
     # `trafficEncapMode` is `noEncap`, and `noSNAT` is true.
@@ -3018,8 +3019,9 @@ data:
     # Run Kubernetes NodeIPAMController with Antrea.
     #  NodeIPAM: false
 
-    # Enable flexible IPAM mode for Antrea. This mode allows to assign IP Ranges to Namespaces,
-    # Deployments and StatefulSets via IP Pool annotation.
+    # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
@@ -3076,7 +3078,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-82h2mk24gg
+  name: antrea-config-mkbgmf6ct6
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3147,7 +3149,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-82h2mk24gg
+          value: antrea-config-mkbgmf6ct6
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3198,7 +3200,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-82h2mk24gg
+          name: antrea-config-mkbgmf6ct6
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3439,7 +3441,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-82h2mk24gg
+          name: antrea-config-mkbgmf6ct6
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-gke.yml

@@ -2773,7 +2773,8 @@ data:
     #  Egress: true
 
     # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
-    # bridging mode and allocates IPs to Pods in bridging mode.
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable multicast traffic. This feature is supported only with noEncap mode.
@@ -2842,9 +2843,9 @@ data:
     #trafficEncryptionMode: none
 
     # Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected
-    # to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are
-    # allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and
-    # forwarded/routed by the underlay network.
+    # to the OVS bridge, and cross-Node/VLAN traffic of AntreaIPAM Pods (Pods whose IP addresses are
+    # allocated by AntreaIPAM from IPPools) is sent to the underlay network, and forwarded/routed by the
+    # underlay network.
     # This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only
     # IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`,
     # `trafficEncapMode` is `noEncap`, and `noSNAT` is true.
@@ -3018,8 +3019,9 @@ data:
     # Run Kubernetes NodeIPAMController with Antrea.
     #  NodeIPAM: false
 
-    # Enable flexible IPAM mode for Antrea. This mode allows to assign IP Ranges to Namespaces,
-    # Deployments and StatefulSets via IP Pool annotation.
+    # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
@@ -3076,7 +3078,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-c9ck44454h
+  name: antrea-config-2c8t9465tc
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3147,7 +3149,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-c9ck44454h
+          value: antrea-config-2c8t9465tc
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3198,7 +3200,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-c9ck44454h
+          name: antrea-config-2c8t9465tc
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3440,7 +3442,7 @@ spec:
           path: /home/kubernetes/bin
         name: host-cni-bin
       - configMap:
-          name: antrea-config-c9ck44454h
+          name: antrea-config-2c8t9465tc
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea-ipsec.yml

@@ -2773,7 +2773,8 @@ data:
     #  Egress: true
 
     # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
-    # bridging mode and allocates IPs to Pods in bridging mode.
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable multicast traffic. This feature is supported only with noEncap mode.
@@ -2842,9 +2843,9 @@ data:
     trafficEncryptionMode: ipsec
 
     # Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected
-    # to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are
-    # allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and
-    # forwarded/routed by the underlay network.
+    # to the OVS bridge, and cross-Node/VLAN traffic of AntreaIPAM Pods (Pods whose IP addresses are
+    # allocated by AntreaIPAM from IPPools) is sent to the underlay network, and forwarded/routed by the
+    # underlay network.
     # This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only
     # IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`,
     # `trafficEncapMode` is `noEncap`, and `noSNAT` is true.
@@ -3023,8 +3024,9 @@ data:
     # Run Kubernetes NodeIPAMController with Antrea.
     #  NodeIPAM: false
 
-    # Enable flexible IPAM mode for Antrea. This mode allows to assign IP Ranges to Namespaces,
-    # Deployments and StatefulSets via IP Pool annotation.
+    # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
@@ -3081,7 +3083,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-tmhkc66d6c
+  name: antrea-config-29g6gtcctg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3161,7 +3163,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-tmhkc66d6c
+          value: antrea-config-29g6gtcctg
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3212,7 +3214,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-tmhkc66d6c
+          name: antrea-config-29g6gtcctg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3486,7 +3488,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-tmhkc66d6c
+          name: antrea-config-29g6gtcctg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/antrea.yml

@@ -2773,7 +2773,8 @@ data:
     #  Egress: true
 
     # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
-    # bridging mode and allocates IPs to Pods in bridging mode.
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable multicast traffic. This feature is supported only with noEncap mode.
@@ -2842,9 +2843,9 @@ data:
     #trafficEncryptionMode: none
 
     # Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected
-    # to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are
-    # allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and
-    # forwarded/routed by the underlay network.
+    # to the OVS bridge, and cross-Node/VLAN traffic of AntreaIPAM Pods (Pods whose IP addresses are
+    # allocated by AntreaIPAM from IPPools) is sent to the underlay network, and forwarded/routed by the
+    # underlay network.
     # This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only
     # IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`,
     # `trafficEncapMode` is `noEncap`, and `noSNAT` is true.
@@ -3023,8 +3024,9 @@ data:
     # Run Kubernetes NodeIPAMController with Antrea.
     #  NodeIPAM: false
 
-    # Enable flexible IPAM mode for Antrea. This mode allows to assign IP Ranges to Namespaces,
-    # Deployments and StatefulSets via IP Pool annotation.
+    # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
+    # bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+    # IPAM when configuring secondary network interfaces with Multus.
     #  AntreaIPAM: false
 
     # Enable managing external IPs of Services of LoadBalancer type.
@@ -3081,7 +3083,7 @@ kind: ConfigMap
 metadata:
   labels:
     app: antrea
-  name: antrea-config-hkhbh5gf99
+  name: antrea-config-bb75mkktfg
   namespace: kube-system
 ---
 apiVersion: v1
@@ -3152,7 +3154,7 @@ spec:
             fieldRef:
               fieldPath: spec.serviceAccountName
         - name: ANTREA_CONFIG_MAP_NAME
-          value: antrea-config-hkhbh5gf99
+          value: antrea-config-bb75mkktfg
         image: projects.registry.vmware.com/antrea/antrea-ubuntu:latest
         imagePullPolicy: IfNotPresent
         livenessProbe:
@@ -3203,7 +3205,7 @@ spec:
         key: node-role.kubernetes.io/master
       volumes:
       - configMap:
-          name: antrea-config-hkhbh5gf99
+          name: antrea-config-bb75mkktfg
         name: antrea-config
       - name: antrea-controller-tls
         secret:
@@ -3442,7 +3444,7 @@ spec:
         operator: Exists
       volumes:
       - configMap:
-          name: antrea-config-hkhbh5gf99
+          name: antrea-config-bb75mkktfg
         name: antrea-config
       - hostPath:
           path: /etc/cni/net.d

build/yamls/base/conf/antrea-agent.conf

@@ -32,7 +32,8 @@ featureGates:
 #  Egress: true
 
 # Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
-# bridging mode and allocates IPs to Pods in bridging mode.
+# bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+# IPAM when configuring secondary network interfaces with Multus.
 #  AntreaIPAM: false
 
 # Enable multicast traffic. This feature is supported only with noEncap mode.
@@ -101,9 +102,9 @@ featureGates:
 #trafficEncryptionMode: none
 
 # Enable bridging mode of Pod network on Nodes, in which the Node's transport interface is connected
-# to the OVS bridge, and cross-Node/VLAN traffic from AntreaIPAM Pods (Pods whose IP addresses are
-# allocated by AntreaIPAM from IPPools) is sent to the underlay network via the uplink, and
-# forwarded/routed by the underlay network.
+# to the OVS bridge, and cross-Node/VLAN traffic of AntreaIPAM Pods (Pods whose IP addresses are
+# allocated by AntreaIPAM from IPPools) is sent to the underlay network, and forwarded/routed by the
+# underlay network.
 # This option requires the `AntreaIPAM` feature gate to be enabled. At this moment, it supports only
 # IPv4 and Linux Nodes, and can be enabled only when `ovsDatapathType` is `system`,
 # `trafficEncapMode` is `noEncap`, and `noSNAT` is true.

build/yamls/base/conf/antrea-controller.conf

@@ -17,8 +17,9 @@ featureGates:
 # Run Kubernetes NodeIPAMController with Antrea.
 #  NodeIPAM: false
 
-# Enable flexible IPAM mode for Antrea. This mode allows to assign IP Ranges to Namespaces,
-# Deployments and StatefulSets via IP Pool annotation.
+# Enable AntreaIPAM, which can allocate IP addresses from IPPools. AntreaIPAM is required by the
+# bridging mode and allocates IPs to Pods in bridging mode. It is also required to use Antrea for
+# IPAM when configuring secondary network interfaces with Multus.
 #  AntreaIPAM: false
 
 # Enable managing external IPs of Services of LoadBalancer type.