openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/nw-udn-cr.adoc

153 lines
5.4 KiB
Plaintext
Raw Permalink Blame History

//module included in the following assembly:
//
// * networking/multiple_networks/primary_networks/about-user-defined-networks.adoc
:_mod-docs-content-type: PROCEDURE
[id="nw-udn-cr_{context}"]
= Creating a UserDefinedNetwork CR by using the CLI
[role="_abstract"]
Create a `UserDefinedNetwork` CR by using the CLI to enable namespace-scoped network segmentation and isolation, allowing you to define custom Layer 2 or Layer 3 network topologies for pods within specific namespaces.
The following procedure creates a `UserDefinedNetwork` CR that is namespace scoped. Based upon your use case, create your request by using either the `my-layer-two-udn.yaml` example for a `Layer2` topology type or the `my-layer-three-udn.yaml` example for a `Layer3` topology type.
[NOTE]
====
When deploying a `UserDefinedNetwork` custom resource (CR) on {ibm-power-name} Virtual Server with installer-provisioned infrastructure (IPI), you must set the MTU size to `1300` or `1250`.
====
.Prerequisites
* You have logged in with `cluster-admin` privileges, or you have `view` and `edit` role-based access control (RBAC).
.Procedure
. Optional: For a `UserDefinedNetwork` CR that uses a primary network, create a namespace with the `k8s.ovn.org/primary-user-defined-network` label by entering the following command:
+
[source,yaml]
----
$ cat << EOF | oc apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: <udn_namespace_name>
labels:
k8s.ovn.org/primary-user-defined-network: ""
EOF
----
. Create a user-defined network for either a `Layer2` or `Layer3` topology type:
.. Create a YAML file, such as `my-layer-two-udn.yaml`, to define your request for a `Layer2` topology as in the following example:
+
[source, yaml]
----
apiVersion: k8s.ovn.org/v1
kind: UserDefinedNetwork
metadata:
name: udn-1
namespace: <some_custom_namespace>
spec:
topology: Layer2
layer2: <3>
role: Primary
subnets:
- "10.0.0.0/24"
- "2001:db8::/60"
----
+
where:
`name`:: Name of your `UserDefinedNetwork` resource. This should not be `default` or duplicate any global namespaces created by the Cluster Network Operator (CNO).
`topology`:: Specifies the network configuration; accepted values are `Layer2` and `Layer3`. Specifying a `Layer2` topology type creates one logical switch that is shared by all nodes.
`role`:: Specifies a `Primary` or `Secondary` role.
`subnets`:: For `Layer2` topology types the following specifies config details for the `subnet` field:
+
* The subnets field is optional.
* The subnets field is of type `string` and accepts standard CIDR formats for both IPv4 and IPv6.
* The subnets field accepts one or two items. For two items, they must be of a different family. For example, subnets values of `10.100.0.0/16` and `2001:db8::/64`.
* `Layer2` subnets can be omitted. If omitted, users must configure IP addresses for the pods. As a consequence, port security only prevents MAC spoofing.
* The `Layer2` `subnets` field is mandatory when the `ipamLifecycle` field is specified.
+
.. Create a YAML file, such as `my-layer-three-udn.yaml`, to define your request for a `Layer3` topology as in the following example:
+
[source, yaml]
----
apiVersion: k8s.ovn.org/v1
kind: UserDefinedNetwork
metadata:
name: udn-2-primary
namespace: <some_custom_namespace>
spec:
topology: Layer3
layer3:
role: Primary
subnets:
- cidr: 10.150.0.0/16
hostSubnet: 24
- cidr: 2001:db8::/60
hostSubnet: 64
# ...
----
+
where:
`name`:: Name of your `UserDefinedNetwork` resource. This should not be `default` or duplicate any global namespaces created by the Cluster Network Operator (CNO).
`topology`:: Specifies the network configuration; accepted values are `Layer2` and `Layer3`. Specifying a `Layer2` topology type creates one logical switch that is shared by all nodes.
`role`:: Specifies a `Primary` or `Secondary` role.
`subnets`:: For `Layer3` topology types the following specifies config details for the `subnet` field:
+
* The `subnets` field is mandatory.
* The type for the `subnets` field is `cidr` and `hostSubnet`:
** `cidr` is equivalent to the `clusterNetwork` configuration settings of a cluster. The IP addresses in the CIDR are distributed to pods in the user defined network. This parameter accepts a string value.
** `hostSubnet` defines the per-node subnet prefix.
** For IPv6, only a `/64` length is supported for `hostSubnet`.
+
. Apply your request by running the following command:
+
[source,terminal]
----
$ oc apply -f <my_layer_two_udn>.yaml
----
+
Where `<my_layer_two_udn>.yaml` is the name of your `Layer2` or `Layer3` configuration file.
. Verify that your request is successful by running the following command:
+
[source, terminal]
----
$ oc get userdefinednetworks udn-1 -n <some_custom_namespace> -o yaml
----
+
Where `some_custom_namespace` is the namespace you created for your user-defined network.
+
.Example output
[source,terminal]
----
apiVersion: k8s.ovn.org/v1
kind: UserDefinedNetwork
metadata:
creationTimestamp: "2024-08-28T17:18:47Z"
finalizers:
- k8s.ovn.org/user-defined-network-protection
generation: 1
name: udn-1
namespace: some-custom-namespace
resourceVersion: "53313"
uid: f483626d-6846-48a1-b88e-6bbeb8bcde8c
spec:
layer2:
role: Primary
subnets:
- 10.0.0.0/24
- 2001:db8::/60
topology: Layer2
status:
conditions:
- lastTransitionTime: "2024-08-28T17:18:47Z"
message: NetworkAttachmentDefinition has been created
reason: NetworkAttachmentDefinitionReady
status: "True"
type: NetworkCreated
----
View Git Blame Copy Permalink