$ oc get pods -n openshift-sriov-network-operator
The Single Root I/O Virtualization (SR-IOV) Network Operator manages the SR-IOV network devices and network attachments in your cluster.
Modifying the SR-IOV Network Operator configuration is not normally necessary. The default configuration is recommended for most use cases. Complete the steps to modify the relevant configuration only if the default behavior of the Operator is not compatible with your use case. |
The SR-IOV Network Operator adds the SriovOperatorConfig.sriovnetwork.openshift.io
CustomResourceDefinition resource.
The operator automatically creates a SriovOperatorConfig custom resource (CR) named default
in the openshift-sriov-network-operator
namespace.
The |
The SriovOperatorConfig CR provides several fields for configuring the operator:
enableInjector
allows project administrators to enable or disable the Network Resources Injector DaemonSet.
enableOperatorWebhook
allows project administrators to enable or disable the Operator Admission Controller webook DaemonSet.
configDaemonNodeSelector
allows project administrators to schedule the SR-IOV Network Config Daemon on selected nodes.
The Network Resources Injector is a Kubernetes Dynamic Admission Controller application. It provides the following capabilities:
Mutation of resource requests and limits in Pod specification to add an SR-IOV resource name according to an SR-IOV network attachment definition annotation.
Mutation of Pod specifications with downward API volume to expose pod annotations and labels to the running container as files under the /etc/podnetinfo
path.
By default the Network Resources Injector is enabled by the SR-IOV operator and runs as a DaemonSet on all master nodes. The following is an example of Network Resources Injector Pods running in a cluster with three master nodes:
$ oc get pods -n openshift-sriov-network-operator
NAME READY STATUS RESTARTS AGE
network-resources-injector-5cz5p 1/1 Running 0 10m
network-resources-injector-dwqpx 1/1 Running 0 10m
network-resources-injector-lktz5 1/1 Running 0 10m
The SR-IOV Operator Admission Controller webook is a Kubernetes Dynamic Admission Controller application. It provides the following capabilities:
Validation of the SriovNetworkNodePolicy
CR when it is created or updated.
Mutation of the SriovNetworkNodePolicy
CR by setting the default value for the priority
and deviceType
fields when the CR is created or updated.
By default the SR-IOV Operator Admission Controller webook is enabled by the operator and runs as a DaemonSet on all master nodes. The following is an example of the Operator Admission Controller webook Pods running in a cluster with three master nodes:
$ oc get pods -n openshift-sriov-network-operator
NAME READY STATUS RESTARTS AGE
operator-webhook-9jkw6 1/1 Running 0 16m
operator-webhook-kbr5p 1/1 Running 0 16m
operator-webhook-rpfrl 1/1 Running 0 16m
The SR-IOV Network Config daemon discovers and configures the SR-IOV network devices on cluster nodes.
By default, it is deployed to all the worker
nodes in the cluster.
You can use node labels to specify on which nodes the SR-IOV Network Config daemon runs.
To disable or enable the Network Resources Injector, which is enabled by default, complete the following procedure.
Install the OpenShift CLI (oc
).
Log in as a user with cluster-admin
privileges.
You must have installed the SR-IOV Operator.
Set the enableInjector
field. Replace <value>
with false
to disable the feature or true
to enable the feature.
$ oc patch sriovoperatorconfig default \
--type=merge -n openshift-sriov-network-operator \
--patch '{ "spec": { "enableInjector": <value> } }'
To disable or enable the admission controller webhook, which is enabled by default, complete the following procedure.
Install the OpenShift CLI (oc
).
Log in as a user with cluster-admin
privileges.
You must have installed the SR-IOV Operator.
Set the enableOperatorWebhook
field. Replace <value>
with false
to disable the feature or true
to enable it:
$ oc patch sriovoperatorconfig default --type=merge \
-n openshift-sriov-network-operator \
--patch '{ "spec": { "enableOperatorWebhook": <value> } }'
The SR-IOV Network Config daemon discovers and configures the SR-IOV network devices on cluster nodes. By default, it is deployed to all the worker
nodes in the cluster. You can use node labels to specify on which nodes the SR-IOV Network Config daemon runs.
To specify the nodes where the SR-IOV Network Config daemon is deployed, complete the following procedure.
When you update the |
To update the node selector for the operator, enter the following command:
$ oc patch sriovoperatorconfig default --type=json \
-n openshift-sriov-network-operator \
--patch '[{
"op": "replace",
"path": "/spec/configDaemonNodeSelector",
"value": {<node-label>}
}]'
Replace <node-label>
with a label to apply as in the following example:
"node-role.kubernetes.io/worker": ""
.