From daa9c046122b87d0d25337dff23ed356fc2d02a9 Mon Sep 17 00:00:00 2001 From: Jason Boxman Date: Fri, 29 Oct 2021 16:53:40 -0400 Subject: [PATCH] Only the first container can use SR-IOV network attachment - https://bugzilla.redhat.com/show_bug.cgi?id=1990953 --- modules/nw-multus-add-pod.adoc | 6 +++++- networking/hardware_networks/about-sriov.adoc | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/nw-multus-add-pod.adoc b/modules/nw-multus-add-pod.adoc index f423824987..3edfece871 100644 --- a/modules/nw-multus-add-pod.adoc +++ b/modules/nw-multus-add-pod.adoc @@ -29,7 +29,11 @@ The pod must be in the same namespace as the additional network. ifdef::sriov[] [NOTE] ===== -If a network attachment is managed by the SR-IOV Network Operator, the SR-IOV Network Resource Injector adds the `resource` field to the `Pod` object automatically. +The SR-IOV Network Resource Injector adds the `resource` field to the first container in a pod automatically. + +If you are using an Intel network interface controller (NIC) in Data Plane Development Kit (DPDK) mode, only the first container in your pod is configured to access the NIC. Your SR-IOV additional network is configured for DPDK mode if the `deviceType` is set to `vfio-pci` in the `SriovNetworkNodePolicy` object. + +You can work around this issue by either ensuring that the container that needs access to the NIC is the first container defined in the `Pod` object or by disabling the Network Resource Injector. For more information, see link:https://bugzilla.redhat.com/show_bug.cgi?id=1990953[BZ#1990953]. ===== ifdef::bz[] diff --git a/networking/hardware_networks/about-sriov.adoc b/networking/hardware_networks/about-sriov.adoc index cad73e6f4d..708a5d7aeb 100644 --- a/networking/hardware_networks/about-sriov.adoc +++ b/networking/hardware_networks/about-sriov.adoc @@ -38,7 +38,7 @@ SR-IOV Network Operator webhook:: A dynamic admission controller webhook that validates the Operator custom resource and sets appropriate default values for unset fields. SR-IOV Network resources injector:: -A dynamic admission controller webhook that provides functionality for patching Kubernetes pod specifications with requests and limits for custom network resources such as SR-IOV VFs. +A dynamic admission controller webhook that provides functionality for patching Kubernetes pod specifications with requests and limits for custom network resources such as SR-IOV VFs. The SR-IOV network resources injector adds the `resource` field to only the first container in a pod automatically. SR-IOV network device plug-in:: A device plug-in that discovers, advertises, and allocates SR-IOV network virtual function (VF) resources. Device plug-ins are used in Kubernetes to enable the use of limited resources, typically in physical devices. Device plug-ins give the Kubernetes scheduler awareness of resource availability, so that the scheduler can schedule pods on nodes with sufficient resources.