openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
058e1713b5d53f7607bab71fc500a04471fdb79b
openshift-docs/modules/virt-creating-linux-bridge-nad-cli.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

75 lines
3.0 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
:_mod-docs-content-type: PROCEDURE
[id="virt-creating-linux-bridge-nad-cli_{context}"]
= Creating a Linux bridge NAD by using the command line
You can create a network attachment definition (NAD) to provide layer-2 networking to pods and virtual machines (VMs) by using the command line.
The NAD and the VM must be in the same namespace.
[WARNING]
====
Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
====
.Prerequisites
* The node must support nftables and the `nft` binary must be deployed to enable MAC spoof check.
.Procedure
. Add the VM to the `NetworkAttachmentDefinition` configuration, as in the following example:
+
[source,yaml]
----
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: bridge-network <1>
annotations:
k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/bridge-interface <2>
spec:
config: '{
"cniVersion": "0.3.1",
"name": bridge-network, <3>
"type": cnv-bridge, <4>
"bridge": bridge-interface, <5>
"macspoofchk": true, <6>
"vlan": 100, <7>
"preserveDefaultVlan": false <8>
}'
----
<1> The name for the `NetworkAttachmentDefinition` object.
<2> Optional: Annotation key-value pair for node selection, where `bridge-interface` must match the name of a bridge configured on some nodes. If you add this annotation to your network attachment definition, your virtual machine instances will only run on the nodes that have the `bridge-interface` bridge connected.
<3> The name for the configuration. It is recommended to match the configuration name to the `name` value of the network attachment definition.
<4> The actual name of the Container Network Interface (CNI) plugin that provides the network for this network attachment definition. Do not change this field unless you want to use a different CNI.
<5> The name of the Linux bridge configured on the node.
<6> Optional: Flag to enable MAC spoof check. When set to `true`, you cannot change the MAC address of the pod or guest interface. This attribute provides security against a MAC spoofing attack by allowing only a single MAC address to exit the pod.
<7> Optional: The VLAN tag. No additional VLAN configuration is required on the node network configuration policy.
<8> Optional: Indicates whether the VM connects to the bridge through the default VLAN. The default value is `true`.
+
[NOTE]
====
A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
====
. Create the network attachment definition:
+
[source,terminal]
----
$ oc create -f network-attachment-definition.yaml <1>
----
<1> Where `network-attachment-definition.yaml` is the file name of the network attachment definition manifest.
.Verification
* Verify that the network attachment definition was created by running the following command:
+
[source,terminal]
----
$ oc get network-attachment-definition bridge-network
----
View Git Blame Copy Permalink