Connecting a virtual machine to an OVN-Kubernetes secondary network
You can connect a virtual machine (VM) to an Open Virtual Network (OVN)-Kubernetes secondary network. The OVN-Kubernetes Container Network Interface (CNI) plug-in uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes.
OKD Virtualization currently supports the flat layer 2 topology. This topology connects workloads by a cluster-wide logical switch. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.
To configure an OVN-Kubernetes secondary network and attach a VM to that network, perform the following steps:
Create a network attachment definition (NAD) by using the web console or the CLI.
Add information about the secondary network interface to the VM specification by using the web console or the CLI.
Creating an OVN-Kubernetes NAD
You can create an OVN-Kubernetes flat layer 2 network attachment definition (NAD) by using the OKD web console or the CLI.
Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported. |
Creating a NAD for flat layer 2 topology using the CLI
You can create a network attachment definition (NAD) which describes how to attach a pod to the layer 2 overlay network.
Prerequisites
You have access to the cluster as a user with
cluster-admin
privileges.You have installed the OpenShift CLI (
oc
).
Procedure
Create a
NetworkAttachmentDefinition
object:apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
name: l2-network
namespace: my-namespace
spec:
config: |2
{
"cniVersion": "0.3.1", (1)
"name": "my-namespace-l2-network", (2)
"type": "ovn-k8s-cni-overlay", (3)
"topology":"layer2", (4)
"mtu": 1300, (5)
"netAttachDefName": "my-namespace/l2-network" (6)
}
1 The CNI specification version. The required value is 0.3.1
.2 The name of the network. This attribute is not namespaced. For example, you can have a network named l2-network
referenced from two differentNetworkAttachmentDefinition
objects that exist in two different namespaces. This feature is useful to connect VMs in different namespaces.3 The name of the CNI plug-in to be configured. The required value is ovn-k8s-cni-overlay
.4 The topological configuration for the network. The required value is layer2
.5 Optional: The maximum transmission unit (MTU) value. The default value is automatically set by the kernel. 6 The value of the namespace
andname
fields in themetadata
stanza of theNetworkAttachmentDefinition
object.The above example configures a cluster-wide overlay without a subnet defined. This means that the logical switch implementing the network only provides layer 2 communication. You must configure an IP address when you create the virtual machine by either setting a static IP address or by deploying a DHCP server on the network for a dynamic IP address.
Apply the manifest:
$ oc apply -f <filename>.yaml
Attaching a virtual machine to the OVN-Kubernetes secondary network
You can attach a virtual machine (VM) to the OVN-Kubernetes secondary network interface by using the OKD web console or the CLI.
Attaching a virtual machine to an OVN-Kubernetes secondary network using the CLI
You can connect a virtual machine (VM) to the OVN-Kubernetes secondary network by including the network details in the VM configuration.
Prerequisites
You have access to the cluster as a user with
cluster-admin
privileges.You have installed the OpenShift CLI (
oc
).
Procedure
Edit the
VirtualMachine
manifest to add the OVN-Kubernetes secondary network interface details, as in the following example:apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: vm-server
spec:
running: true
template:
spec:
domain:
devices:
interfaces:
- name: default
masquerade: {}
- name: secondary (1)
bridge: {}
resources:
requests:
memory: 1024Mi
networks:
- name: default
pod: {}
- name: secondary (2)
multus:
networkName: l2-network (3)
# ...
1 The name of the OVN-Kubernetes secondary interface. 2 The name of the network. This must match the value of the spec.template.spec.domain.devices.interfaces.name
field.3 The name of the NetworkAttachmentDefinition
object.Apply the
VirtualMachine
manifest:$ oc apply -f <filename>.yaml
Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.