Connecting a virtual machine to an OVN-Kubernetes secondary network

You can connect a virtual machine (VM) to an Open Virtual Network (OVN)-Kubernetes secondary network. The OVN-Kubernetes Container Network Interface (CNI) plug-in uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes.

OKD Virtualization currently supports the flat layer 2 topology. This topology connects workloads by a cluster-wide logical switch. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.

To configure an OVN-Kubernetes secondary network and attach a VM to that network, perform the following steps:

  1. Create a network attachment definition (NAD) by using the web console or the CLI.

  2. Add information about the secondary network interface to the VM specification by using the web console or the CLI.

Creating an OVN-Kubernetes NAD

You can create an OVN-Kubernetes flat layer 2 network attachment definition (NAD) by using the OKD web console or the CLI.

Configuring IP address management (IPAM) in a network attachment definition for virtual machines is not supported.

Creating a NAD for flat layer 2 topology using the CLI

You can create a network attachment definition (NAD) which describes how to attach a pod to the layer 2 overlay network.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

  • You have installed the OpenShift CLI (oc).

Procedure

  1. Create a NetworkAttachmentDefinition object:

    1. apiVersion: k8s.cni.cncf.io/v1
    2. kind: NetworkAttachmentDefinition
    3. metadata:
    4. name: l2-network
    5. namespace: my-namespace
    6. spec:
    7. config: |2
    8. {
    9. "cniVersion": "0.3.1", (1)
    10. "name": "my-namespace-l2-network", (2)
    11. "type": "ovn-k8s-cni-overlay", (3)
    12. "topology":"layer2", (4)
    13. "mtu": 1300, (5)
    14. "netAttachDefName": "my-namespace/l2-network" (6)
    15. }
    1The CNI specification version. The required value is 0.3.1.
    2The name of the network. This attribute is not namespaced. For example, you can have a network named l2-network referenced from two different NetworkAttachmentDefinition objects that exist in two different namespaces. This feature is useful to connect VMs in different namespaces.
    3The name of the CNI plug-in to be configured. The required value is ovn-k8s-cni-overlay.
    4The topological configuration for the network. The required value is layer2.
    5Optional: The maximum transmission unit (MTU) value. The default value is automatically set by the kernel.
    6The value of the namespace and name fields in the metadata stanza of the NetworkAttachmentDefinition object.

    The above example configures a cluster-wide overlay without a subnet defined. This means that the logical switch implementing the network only provides layer 2 communication. You must configure an IP address when you create the virtual machine by either setting a static IP address or by deploying a DHCP server on the network for a dynamic IP address.

  2. Apply the manifest:

    1. $ oc apply -f <filename>.yaml

Attaching a virtual machine to the OVN-Kubernetes secondary network

You can attach a virtual machine (VM) to the OVN-Kubernetes secondary network interface by using the OKD web console or the CLI.

Attaching a virtual machine to an OVN-Kubernetes secondary network using the CLI

You can connect a virtual machine (VM) to the OVN-Kubernetes secondary network by including the network details in the VM configuration.

Prerequisites

  • You have access to the cluster as a user with cluster-admin privileges.

  • You have installed the OpenShift CLI (oc).

Procedure

  1. Edit the VirtualMachine manifest to add the OVN-Kubernetes secondary network interface details, as in the following example:

    1. apiVersion: kubevirt.io/v1
    2. kind: VirtualMachine
    3. metadata:
    4. name: vm-server
    5. spec:
    6. running: true
    7. template:
    8. spec:
    9. domain:
    10. devices:
    11. interfaces:
    12. - name: default
    13. masquerade: {}
    14. - name: secondary (1)
    15. bridge: {}
    16. resources:
    17. requests:
    18. memory: 1024Mi
    19. networks:
    20. - name: default
    21. pod: {}
    22. - name: secondary (2)
    23. multus:
    24. networkName: l2-network (3)
    25. # ...
    1The name of the OVN-Kubernetes secondary interface.
    2The name of the network. This must match the value of the spec.template.spec.domain.devices.interfaces.name field.
    3The name of the NetworkAttachmentDefinition object.
  2. Apply the VirtualMachine manifest:

    1. $ oc apply -f <filename>.yaml
  3. Optional: If you edited a running virtual machine, you must restart it for the changes to take effect.

Additional resources