mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
158 lines
5.3 KiB
Plaintext
158 lines
5.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/hardware_networks/configuring-sriov-device.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="nw-configuring-sriov-in-app-namespace_{context}"]
|
|
= Configuring SriovNetwork in application namespaces
|
|
|
|
When an SriovNetwork custom resource (CR) is deployed in an application namespace, do not define or populate the `spec.networkNamespace` field. In this scenario, the NetworkAttachmentDefinition will be created in the same namespace as the SriovNetwork CR.
|
|
|
|
The SR-IOV Network Operator webhook rejects the creation of an `SriovNetwork` resource in an application namespace if the `spec.networkNamespace` field is defined.
|
|
|
|
Follow this procedure to create an `SriovNetwork` resource in an application namespace and attach a pod to the additional network.
|
|
|
|
.Prerequisites
|
|
|
|
The following steps must be completed by a cluster administrator before an application owner can configure a namespaced SriovNetwork resource:
|
|
|
|
* The SR-IOV Network Operator is installed in the `openshift-sriov-network-operator` namespace.
|
|
* Nodes with SR-IOV hardware are labeled for the operator to identify the nodes.
|
|
|
|
As an application owner you need to have administrator privileges on the application namespace.
|
|
|
|
.Procedure
|
|
|
|
. Specify the SR-IOV network device configuration for a node by creating an SR-IOV network node policy. The `SriovNetworkNodePolicy` object is created in the `openshift-sriov-network-operator` namespace to define the SR-IOV network device configuration for nodes. Example configuration for Intel DPK is as follows:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: sriovnetwork.openshift.io/v1
|
|
kind: SriovNetworkNodePolicy
|
|
metadata:
|
|
name: intel-dpdk-node-policy
|
|
namespace: openshift-sriov-network-operator
|
|
spec:
|
|
resourceName: intelnics
|
|
nodeSelector:
|
|
feature.node.kubernetes.io/network-sriov.capable: "true"
|
|
priority: 10
|
|
numVfs: 4
|
|
nicSelector:
|
|
vendor: "8086"
|
|
deviceID: "158b"
|
|
pfNames: [""]
|
|
deviceType: netdevice
|
|
----
|
|
|
|
. Create an application namespace. For example, create a namespace named `sriov-app` by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ cat <<EOF | oc create -f -
|
|
apiVersion: v1
|
|
kind: Namespace
|
|
metadata:
|
|
name: sriov-app
|
|
EOF
|
|
----
|
|
|
|
. Create a YAML file, for example, `sriovnetwork.yaml`, to define the `SriovNetwork` object in the application namespace.
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: sriovnetwork.openshift.io/v1
|
|
kind: SriovNetwork
|
|
metadata:
|
|
name: test-network
|
|
namespace: sriov-app
|
|
spec:
|
|
resourceName: intelnics
|
|
ipam:
|
|
type: host-local
|
|
subnet: "10.0.0.0/24"
|
|
routes:
|
|
- dst: "0.0.0.0/0"
|
|
gw: "10.0.0.1"
|
|
vlan: 10
|
|
----
|
|
* `namespace`: The value must match the name of the application namespace, for example, `sriov-app`.
|
|
* `resourceName`: This value must match the `spec.resourceName` defined in the `SriovNetworkNodePolicy` created by the cluster administrator, which in the example is `intelnics`.
|
|
|
|
. Apply the YAML file to create the `SriovNetwork` object in the application namespace.
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f sriovnetwork.yaml
|
|
----
|
|
+
|
|
After an application owner has created the SriovNetwork resource, they can create a pod that uses the newly defined network. You attach a pod to the additional network by adding a specific annotation to the pod's YAML manifest.
|
|
|
|
. Create a YAML file, for example, `test-pod.yaml`, to define a pod that uses the new network attachment:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: test-pod
|
|
namespace: sriov-app
|
|
annotations:
|
|
k8s.v1.cni.cncf.io/networks: test-network
|
|
spec:
|
|
containers:
|
|
- name: test-pod-container
|
|
image: centos/tools
|
|
command: ["/bin/bash", "-c", "sleep 3600"]
|
|
----
|
|
+
|
|
* `namespace`: The namespace where the pod is created. This must be the same namespace where the `SriovNetwork` object is created.
|
|
* `annotations`: `k8s.v1.cni.cncf.io/networks` specifies the additional network that the pod connects to. The value must match the `metadata.name` of the `SriovNetwork` object.
|
|
|
|
. Apply the YAML file to create the pod in the application namespace by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f test-pod.yaml
|
|
----
|
|
|
|
.Verification
|
|
|
|
. Verify that the NetworkAttachmentDefinition has been created in the same namespace by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get net-attach-def -n sriov-app
|
|
----
|
|
+
|
|
Where `sriov-app` is the application namespace where the `SriovNetwork` object is created.
|
|
+
|
|
.Example output
|
|
+
|
|
[source,terminal]
|
|
----
|
|
NAME AGE
|
|
test-network 2m
|
|
----
|
|
|
|
. Verify the pod is running and get its network status by describing the pod with the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc describe pod test-pod -n sriov-app
|
|
----
|
|
+
|
|
Where `sriov-app` is the application namespace where the pod is created.
|
|
+
|
|
In the output, look for the `k8s.v1.cni.cncf.io/network-status` annotation. This shows the name of the network and the IP assigned to the pod on that interface.
|
|
|
|
. Check that the pod has the additional network interface by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc exec -it test-pod -n sriov-app -- ip a
|
|
----
|
|
+
|
|
Look for a secondary network interface, for example `net1` or `eth1`, in addition to the default eth0 interface. The `net1` interface should have an IP address from the subnet you defined in the SriovNetwork object, for example `10.0.0.0/24`. This confirms the pod is using the new network attachment definition.
|
|
|