mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
77 lines
3.1 KiB
Plaintext
77 lines
3.1 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="virt-creating-linux-bridge-nad-cli_{context}"]
|
|
= Creating a Linux bridge NAD by using the command line
|
|
|
|
You can create a network attachment definition (NAD) to provide layer-2 networking to pods and virtual machines (VMs) by using the command line.
|
|
|
|
The NAD and the VM must be in the same namespace.
|
|
|
|
[WARNING]
|
|
====
|
|
Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* The node must support nftables and the `nft` binary must be deployed to enable MAC spoof check.
|
|
|
|
.Procedure
|
|
|
|
. Add the VM to the `NetworkAttachmentDefinition` configuration, as in the following example:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
apiVersion: "k8s.cni.cncf.io/v1"
|
|
kind: NetworkAttachmentDefinition
|
|
metadata:
|
|
name: bridge-network <1>
|
|
annotations:
|
|
k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/br1 <2>
|
|
spec:
|
|
config: |
|
|
{
|
|
"cniVersion": "0.3.1",
|
|
"name": "bridge-network", <3>
|
|
"type": "bridge", <4>
|
|
"bridge": "br1", <5>
|
|
"macspoofchk": false, <6>
|
|
"vlan": 100, <7>
|
|
"disableContainerInterface": true,
|
|
"preserveDefaultVlan": false <8>
|
|
}
|
|
----
|
|
<1> The name for the `NetworkAttachmentDefinition` object.
|
|
<2> Optional: Annotation key-value pair for node selection for the bridge configured on some nodes. If you add this annotation to your network attachment definition, your virtual machine instances will only run on the nodes that have the defined bridge connected.
|
|
<3> The name for the configuration. It is recommended to match the configuration name to the `name` value of the network attachment definition.
|
|
<4> The actual name of the Container Network Interface (CNI) plugin that provides the network for this network attachment definition. Do not change this field unless you want to use a different CNI.
|
|
<5> The name of the Linux bridge configured on the node. The name should match the interface bridge name defined in the `NodeNetworkConfigurationPolicy` manifest.
|
|
<6> Optional: A flag to enable the MAC spoof check. When set to `true`, you cannot change the MAC address of the pod or guest interface. This attribute allows only a single MAC address to exit the pod, which provides security against a MAC spoofing attack.
|
|
<7> Optional: The VLAN tag. No additional VLAN configuration is required on the node network configuration policy.
|
|
<8> Optional: Indicates whether the VM connects to the bridge through the default VLAN. The default value is `true`.
|
|
+
|
|
[NOTE]
|
|
====
|
|
A Linux bridge network attachment definition is the most efficient method for connecting a virtual machine to a VLAN.
|
|
====
|
|
|
|
. Create the network attachment definition:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc create -f network-attachment-definition.yaml <1>
|
|
----
|
|
<1> Where `network-attachment-definition.yaml` is the file name of the network attachment definition manifest.
|
|
|
|
.Verification
|
|
|
|
* Verify that the network attachment definition was created by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc get network-attachment-definition bridge-network
|
|
----
|