metadata:
annotations:
k8s.v1.cni.cncf.io/networks: <network>[,<network>,...] (1)- Documentation
- OpenShift Container Platform
- Networking
- Hardware networks
- Adding Pod to an SR-IOV network history
- About
- Release notes
- Architecture
-
Installing
-
Installing on AWS
- Configuring an AWS account
- Manually creating IAM
- Installing a cluster quickly on AWS
- Installing a cluster on AWS with customizations
- Installing a cluster on AWS with network customizations
- Installing a cluster on AWS into an existing VPC
- Installing a private cluster on AWS
- Installing a cluster on AWS using CloudFormation templates
- Installing a cluster on AWS in a restricted network
- Uninstalling a cluster on AWS
-
Installing on Azure
- Configuring an Azure account
- Manually creating IAM
- Installing a cluster quickly on Azure
- Installing a cluster on Azure with customizations
- Installing a cluster on Azure with network customizations
- Installing a cluster on Azure into an existing VNet
- Installing a private cluster on Azure
- Installing a cluster on Azure using ARM templates
- Uninstalling a cluster on Azure
-
Installing on GCP
- Configuring a GCP project
- Manually creating IAM
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP into an existing VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Restricted network GCP installation
- Uninstalling a cluster on GCP
- Installing on bare metal
- Installing on IBM Z and LinuxONE
- Installing on IBM Power
- Installing on OpenStack
- Installing on vSphere
- Gathering installation logs
- Support for FIPS cryptography
- Installation configuration
-
Installing on AWS
- Updating clusters
- Support
- Web console
-
Authentication
- Understanding authentication
- Certificate types and descriptions
- Configuring the internal OAuth server
- Understanding identity provider configuration
-
Configuring identity providers
- Configuring an HTPasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Configuring certificates
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Configuring the user agent
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Managing Security Context Constraints
- Impersonating the system:admin user
- Syncing LDAP groups
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
-
Networking
- Understanding networking
- Accessing hosts
- Understanding the Cluster Network Operator (CNO)
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Network policy
-
Multiple networks
- Understanding multiple networks
- Attaching a Pod to an additional network
- Removing a Pod from an additional network
- Configuring a bridge network
- Configuring a macvlan network
- Configuring an ipvlan network
- Configuring a host-device network
- Editing an additional network
- Removing an additional network
- Configuring PTP
- Hardware networks
- OpenShift SDN default CNI network provider
- Configuring Routes
- Configuring ingress cluster traffic
- Configuring the cluster-wide proxy
- Configuring a custom PKI
-
Storage
- Understanding ephemeral storage
- Understanding persistent storage
-
Configuring persistent storage
- Persistent storage using Amazon EFS
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Container Storage Interface (CSI)
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent storage using hostPath
- Persistent Storage using iSCSI
- Persistent storage using local volumes
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Container Storage
- Persistent storage using VMware vSphere
- Expanding persistent volumes
- Dynamic provisioning
- Registry
-
Operators
- Understanding Operators
- Understanding the Operator Lifecycle Manager (OLM)
- Understanding the OperatorHub
- Adding Operators to a cluster
- Configuring proxy support
- Deleting Operators from a cluster
- Creating applications from installed Operators
- Viewing Operator status
- Creating policy for Operator installations and upgrades
- Using OLM on restricted networks
- CRDs
- Operator SDK
-
Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Creating and using ConfigMaps
- Images
- Applications
- Machine management
-
Nodes
- Working with pods
-
Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Configuring the default scheduler to control pod placement
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Using Jobs and DaemonSets
-
Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing Nodes
- Managing the maximum number of Pods per Node
- Using the Node Tuning Operator
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Viewing node audit logs
- Machine Config Daemon metrics
-
Working with containers
- Using containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Working with clusters
-
Logging
- About cluster logging
- About deploying cluster logging
- Deploying cluster logging
- Updating cluster logging
- Viewing cluster logs
- Viewing cluster logs using Kibana
-
Configuring your cluster logging deployment
- About configuring cluster logging
- Changing cluster logging management state
- Configuring cluster logging
- Configuring Elasticsearch
- Configuring Kibana
- Configuring Curator
- Configuring the logging collector
- Collecting and storing Kubernetes events
- Using tolerations to control cluster logging pod placement
- Forward logs to third party systems
- Configuring systemd-journald for cluster logging
- Viewing Elasticsearch status
- Viewing cluster logging status
- Moving the cluster logging resources with node selectors
- Manually rolling out Elasticsearch
- Troubleshooting Kibana
- Exported fields
- Uninstalling cluster logging
- Monitoring
- Metering
-
Scalability and performance
- Recommended installation practices
- Recommended host practices
- Recommended cluster scaling practices
- Using the Node Tuning Operator
- Using Cluster Loader
- Using CPU Manager
- Using Topology Manager
- Scaling the Cluster Monitoring Operator
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- What huge pages do and how they are consumed by apps
- Backup and restore
-
Migration
-
Migrating from OpenShift Container Platform 3
- About migrating from OpenShift Container Platform 3 to 4
- Planning your migration from OpenShift Container Platform 3 to 4
- Migration tools and prerequisites
- Deploying the Cluster Application Migration tool
- Configuring a replication repository
- Migrating applications with the CAM web console
- Migrating control plane settings with the Control Plane Migration Assistant
- Troubleshooting
- Migrating from OpenShift Container Platform 4.1
- Migrating from OpenShift Container Platform 4.2 and later
-
Migrating from OpenShift Container Platform 3
-
CLI tools
- OpenShift CLI (oc)
-
OpenShift Do developer CLI (odo)
- Understanding odo
- odo architecture
- Installing odo
- Using odo in a restricted environment
- Creating a single-component application with odo
- Creating a multicomponent application with odo
- Creating an application with a database
- Using sample applications
- Debugging applications in odo
- Managing environment variables in odo
- Configuring the odo CLI
- odo CLI reference
- odo release notes
- Helm CLI
- Knative CLI (kn) for use with OpenShift Serverless
- OpenShift REST APIs
-
Service Mesh
-
Service Mesh 1.x
- Service Mesh 1.x release notes
- Service Mesh architecture
- Service Mesh and Istio differences
- Preparing to install Service Mesh
- Installing Service Mesh
- Customizing the installation
- Deploying applications on Service Mesh
- Data visualization and observability
- Security
- Traffic management
- Using the 3scale Istio adapter
-
Service Mesh 1.x
- Jaeger
-
Container-native virtualization
- About container-native virtualization
- Container-native virtualization release notes
- Container-native virtualization installation
- Upgrading container-native virtualization
- Using the CLI tools
-
Virtual machines
- Creating virtual machines
- Editing virtual machines
- Deleting virtual machines
- Controlling virtual machines states
- Accessing virtual machine consoles
- Installing VirtIO driver on an existing Windows virtual machine
- Installing VirtIO driver on a new Windows virtual machine
- Advanced virtual machine management
- Importing virtual machines
- Cloning virtual machines
- Virtual machine networking
-
Virtual machine disks
- Configuring local storage for virtual machines
- Uploading local disk images by using the virtctl tool
- Uploading a local disk image to a block storage DataVolume
- Moving a local virtual machine disk to a different node
- Expanding virtual storage by adding blank disk images
- Storage defaults for DataVolumes
- Preparing CDI scratch space
- Virtual machine templates
- Live migration
- Node maintenance
- Logging, events, and monitoring
- Serverless applications
×
Adding a Pod to an SR-IOV additional network
You can add a Pod to an existing Single Root I/O Virtualization (SR-IOV) network.
Adding a Pod to an additional network
You can add a Pod to an additional network. The Pod continues to send normal cluster-related network traffic over the default network.
When a Pod is created additional networks are attached to it. However, if a Pod already exists, you cannot attach additional networks to it.
|
If a NetworkAttachmentDefinition is managed by the SR-IOV Network Operator, the SR-IOV Network Resource Injector adds the |
|
When specifying an SR-IOV hardware network for a Deployment resource or a ReplicationController resource, you must specify the namespace of the NetworkAttachmentDefinition CR. For more information, see the following bugs: BZ#1846333 and BZ#1840962. |
Prerequisites
-
The Pod must be in the same namespace as the additional network.
-
Install the OpenShift CLI (
oc). -
You must log in to the cluster.
-
You must have the SR-IOV Operator installed and a SriovNetwork CR defined.
Procedure
-
Add an annotation to the Pod object. Only one of the following annotation formats can be used:
-
To attach an additional network without any customization, add an annotation with the following format. Replace
<network>with the name of the additional network to associate with the Pod:1 To specify more than one additional network, separate each network with a comma. Do not include whitespace between the comma. If you specify the same additional network multiple times, that Pod will have multiple network interfaces attached to that network. -
To attach an additional network with customizations, add an annotation with the following format:
metadata: annotations: k8s.v1.cni.cncf.io/networks: |- [ { "name": "<network>", (1) "namespace": "<namespace>", (2) "default-route": ["<default-route>"] (3) } ]1 Specify the name of the additional network defined by a NetworkAttachmentDefinition CR. 2 Specify the namespace where the NetworkAttachmentDefinition CR is defined. 3 Optional: Specify an override for the default route, such as 192.168.17.1.
-
-
To create the Pod, enter the following command. Replace
<name>with the name of the Pod.$ oc create -f <name>.yaml -
Optional: To Confirm that the annotation exists in the Pod CR, enter the following command, replacing
<name>with the name of the Pod.$ oc get pod <name> -o yamlIn the following example, the
example-podPod is attached to thenet1additional network:$ oc get pod example-pod -o yaml apiVersion: v1 kind: Pod metadata: annotations: k8s.v1.cni.cncf.io/networks: macvlan-bridge k8s.v1.cni.cncf.io/networks-status: |- (1) [{ "name": "openshift-sdn", "interface": "eth0", "ips": [ "10.128.2.14" ], "default": true, "dns": {} },{ "name": "macvlan-bridge", "interface": "net1", "ips": [ "20.2.2.100" ], "mac": "22:2f:60:a5:f8:00", "dns": {} }] name: example-pod namespace: default spec: ... status: ...1 The k8s.v1.cni.cncf.io/networks-statusparameter is a JSON array of objects. Each object describes the status of an additional network attached to the Pod. The annotation value is stored as a plain text value.
Creating a non-uniform memory access (NUMA) aligned SR-IOV pod
You can create a NUMA aligned SR-IOV pod by restricting SR-IOV and the CPU resources allocated from the same NUMA node with restricted or single-numa-node Topology Manager polices.
Prerequisites
-
Install the OpenShift CLI (
oc). -
Enable a LatencySensitive profile and configure the CPU Manager policy to
static.
Procedure
-
Create the following SR-IOV pod spec, and then save the YAML in the
<name>-sriov-pod.yamlfile. Replace<name>with a name for this pod.The following example shows an SR-IOV pod spec:
apiVersion: v1 kind: Pod metadata: name: sample-pod annotations: k8s.v1.cni.cncf.io/networks: <name> (1) spec: containers: - name: sample-container image: <image> (2) command: ["sleep", "infinity"] resources: limits: memory: "1Gi" (3) cpu: "2" (4) requests: memory: "1Gi" cpu: "2"1 Replace <name>with the name of the SR-IOV network attachment definition CR.2 Replace <image>with the name of thesample-podimage.3 To create the SR-IOV pod with guaranteed QoS, set memory limitsequal tomemory requests.4 To create the SR-IOV pod with guaranteed QoS, set cpu limitsequals tocpu requests. -
Create the sample SR-IOV pod by running the following command:
$ oc create -f <filename> (1)1 Replace <filename>with the name of the file you created in the previous step. -
Confirm that the
sample-podis configured with guaranteed QoS.$ oc describe pod sample-pod -
Confirm that the
sample-podis allocated with exclusive CPUs.$ oc exec sample-pod -- cat /sys/fs/cgroup/cpuset/cpuset.cpus -
Confirm that the SR-IOV device and CPUs that are allocated for the
sample-podare on the same NUMA node.$ oc exec sample-pod -- cat /sys/fs/cgroup/cpuset/cpuset.cpus