Skip to content


Using Webhook, you can verify CRD resources within Kube-OVN. Currently, Webhook mainly performs fixed IP address conflict detection and Subnet CIDR conflict detection, and prompts errors when such conflicts happen.

Since Webhook intercepts all Subnet and Pod creation requests, you need to deploy Kube-OVN first and Webhook later.

Install Cert-Manager

Webhook deployment requires certificate, we use cert-manager to generate the associated certificate, we need to deploy cert-manager before deploying Webhook.

You can use the following command to deploy cert-manager:

kubectl apply -f

More cert-manager usage please refer to cert-manager document

Install Webhook

Download Webhook yaml and install:

# kubectl apply -f
deployment.apps/kube-ovn-webhook created
service/kube-ovn-webhook created created created created

Verify Webhook Take Effect

Check the running Pod and get the Pod IP

# kubectl get pod -o wide
NAME                      READY   STATUS    RESTARTS   AGE     IP           NODE              NOMINATED NODE   READINESS GATES
static-7584848b74-fw9dm   1/1     Running   0          2d13h   kube-ovn-worker   <none> 

Write yaml to create a Pod with the same IP:

apiVersion: v1
kind: Pod
  annotations: 00:00:00:53:6B:B6
    app: static
  name: staticip-pod
  namespace: default
  - image: nginx:alpine
    imagePullPolicy: IfNotPresent
    name: qatest

When using the above yaml to create a fixed address Pod, it prompts an IP address conflict:

# kubectl apply -f pod-static.yaml
Error from server (annotation ip address is conflict with ip crd static-7584848b74-fw9dm.default error when creating "pod-static.yaml": admission webhook "" denied the request: annotation ip address is conflict with ip crd static-7584848b74-fw9dm.default

微信群 Slack Twitter Support

Last update: July 16, 2022
Created: June 30, 2022


Back to top