You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adding Bond CNI Documentation Edge 1378 (suse-edge#747)
* First take on adding bond cni information
* Minor updates
* Minor updates and removed a pdf file that was accidentally added
* Minor updates from Alberto's review
* Added CNI info for Calico too
* Changes to address review comments
* Fixed URL reference
* Update asciidoc/product/atip-features.adoc
Co-authored-by: ranjinimn <[email protected]>
---------
Co-authored-by: Jonas Arndt <[email protected]>
Co-authored-by: ranjinimn <[email protected]>
Copy file name to clipboardExpand all lines: asciidoc/product/atip-features.adoc
+302-2Lines changed: 302 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -234,7 +234,8 @@ The script is available at https://raw.githubusercontent.com/suse-edge/atip/refs
234
234
235
235
==== Cilium
236
236
`Cilium` is the default CNI plug-in for SUSE Edge for Telco.
237
-
To enable Cilium on RKE2 cluster as the default plug-in, the following configurations are required in the `/etc/rancher/rke2/config.yaml` file:
237
+
To enable Cilium on RKE2 cluster as the default plug-in, the following
238
+
configuration is required in the `/etc/rancher/rke2/config.yaml` file:
238
239
239
240
[,yaml]
240
241
----
@@ -253,11 +254,310 @@ cni:
253
254
- cilium
254
255
----
255
256
257
+
==== Calico
258
+
`Calico` is another CNI plug-in for SUSE Edge for Telco.
259
+
To enable Calico on RKE2 cluster as the default plug-in, the following
260
+
configuration is required in the `/etc/rancher/rke2/config.yaml` file:
261
+
262
+
[,yaml]
263
+
----
264
+
cni:
265
+
- calico
266
+
----
267
+
268
+
This can also be specified with command-line arguments, that is, `--cni=calico` into the server line in `/etc/systemd/system/rke2-server` file.
269
+
270
+
To use the `SR-IOV` network operator described in the xref:option2-sriov-helm[next section], use `Multus` with another CNI plug-in, like `Cilium` or `Calico`, as a secondary plug-in.
271
+
272
+
[,yaml]
273
+
----
274
+
cni:
275
+
- multus
276
+
- calico
277
+
----
278
+
256
279
[NOTE]
257
280
====
258
-
For more information about CNI plug-ins, visit https://docs.rke2.io/install/network_options[Network Options].
281
+
For more information about CNI plug-ins, see https://docs.rke2.io/install/network_options[Network Options].
259
282
====
260
283
284
+
==== Bond CNI
285
+
In general terms, bonding provides a method for aggregating multiple network
286
+
interfaces into a single logical "bonded" interface. This is typically used to
287
+
increase service availability by introducing redundant networking paths, but can
288
+
also be used to increase bandwidth with certain bond modes.
289
+
The following CNI plug-ins are supported for the Bond CNI plugin in combination with multus:
290
+
291
+
* MACVLAN
292
+
* Host Device
293
+
* SR-IOV
294
+
295
+
===== Bond CNI with MACVLAN
296
+
To use the Bond CNI plugin with MACVLAN two free interfaces are needed in the
297
+
container. The following example uses 'enp8s0' and 'enp9s0'. Start by creating network
298
+
attachment definitions for them:
299
+
300
+
*NetworkAttachmentDefinition enp8s0*
301
+
302
+
[,shell,subs="attributes"]
303
+
----
304
+
apiVersion: "k8s.cni.cncf.io/v1"
305
+
kind: NetworkAttachmentDefinition
306
+
metadata:
307
+
name: enp8s0-conf
308
+
spec:
309
+
config: '{
310
+
"cniVersion": "0.3.1",
311
+
"plugins": [
312
+
{
313
+
"type": "macvlan",
314
+
"capabilities": { "ips": true },
315
+
"master": "enp8s0",
316
+
"mode": "bridge",
317
+
"ipam": {}
318
+
}, {
319
+
"capabilities": { "mac": true },
320
+
"type": "tuning"
321
+
}
322
+
]
323
+
}'
324
+
----
325
+
326
+
*NetworkAttachmentDefinition enp9s0*
327
+
328
+
[,shell,subs="attributes"]
329
+
----
330
+
apiVersion: "k8s.cni.cncf.io/v1"
331
+
kind: NetworkAttachmentDefinition
332
+
metadata:
333
+
name: enp9s0-conf
334
+
spec:
335
+
config: '{
336
+
"cniVersion": "0.3.1",
337
+
"plugins": [
338
+
{
339
+
"type": "macvlan",
340
+
"capabilities": { "ips": true },
341
+
"master": "enp9s0",
342
+
"mode": "bridge",
343
+
"ipam": {}
344
+
}, {
345
+
"capabilities": { "mac": true },
346
+
"type": "tuning"
347
+
}
348
+
]
349
+
}'
350
+
----
351
+
352
+
After this, add a network attachment definition for the bond itself.
353
+
354
+
*NetworkAttachmentDefinition bond*
355
+
356
+
[,shell,subs="attributes"]
357
+
----
358
+
apiVersion: "k8s.cni.cncf.io/v1"
359
+
kind: NetworkAttachmentDefinition
360
+
metadata:
361
+
name: bond-net1
362
+
spec:
363
+
config: '{
364
+
"type": "bond",
365
+
"cniVersion": "0.3.1",
366
+
"name": "bond-net1",
367
+
"mode": "active-backup",
368
+
"failOverMac": 1,
369
+
"linksInContainer": true,
370
+
"miimon": "100",
371
+
"mtu": 1500,
372
+
"links": [
373
+
{"name": "net1"},
374
+
{"name": "net2"}
375
+
],
376
+
"ipam": {
377
+
"type": "static",
378
+
"addresses": [
379
+
{
380
+
"address": "192.168.200.100/24",
381
+
"gateway": "192.168.200.1"
382
+
}
383
+
],
384
+
"subnet": "192.168.200.0/24",
385
+
"routes": [{
386
+
"dst": "0.0.0.0/0"
387
+
}]
388
+
}
389
+
}'
390
+
----
391
+
392
+
The IP address assignment here is static and defines the address of the bond as
393
+
'192.168.200.100' on a /24 network, with a gateway residing on the network's first
394
+
available address. In the bond's network attachment we also define the type of
395
+
bond we want. In this case it is active-backup.
396
+
397
+
To use this bond, the pod needs to know about all interfaces. An example pod
398
+
definition might look like this:
399
+
400
+
[,shell,subs="attributes"]
401
+
----
402
+
apiVersion: v1
403
+
kind: Pod
404
+
metadata:
405
+
name: test-pod
406
+
annotations:
407
+
k8s.v1.cni.cncf.io/networks: '[
408
+
{"name": "enp8s0-conf",
409
+
"interface": "net1"
410
+
},
411
+
{"name": "enp9s0-conf",
412
+
"interface": "net2"
413
+
},
414
+
{"name": "bond-net1",
415
+
"interface": "bond0"
416
+
}]'
417
+
spec:
418
+
restartPolicy: Never
419
+
containers:
420
+
- name: bond-test
421
+
image: alpine:latest
422
+
command:
423
+
- /bin/sh
424
+
- "-c"
425
+
- "sleep 60m"
426
+
imagePullPolicy: IfNotPresent
427
+
----
428
+
429
+
Note how the annotation refers to all networks and how it defines the mapping
430
+
between the interfaces 'enp8s0 -> net1', and 'enp9s0->net2'.
431
+
432
+
===== Bond CNI with Host Device
433
+
To use the Bond CNI plugin with host device, two free interfaces are needed on
434
+
the host. These interfaces are then mapped through to the container. The
435
+
following example uses 'enp8s0' and 'enp9s0'. Start by creating network
436
+
attachment definitions for them:
437
+
438
+
*NetworkAttachmentDefinition enp8s0*
439
+
440
+
[,shell,subs="attributes"]
441
+
----
442
+
apiVersion: "k8s.cni.cncf.io/v1"
443
+
kind: NetworkAttachmentDefinition
444
+
metadata:
445
+
name: enp8s0-hostdev
446
+
spec:
447
+
config: '{
448
+
"cniVersion": "0.3.1",
449
+
"plugins": [
450
+
{
451
+
"type": "host-device",
452
+
"name": "host0",
453
+
"device": "enp8s0",
454
+
"ipam": {}
455
+
}]
456
+
}'
457
+
----
458
+
459
+
*NetworkAttachmentDefinition enp9s0*
460
+
461
+
[,shell,subs="attributes"]
462
+
----
463
+
apiVersion: "k8s.cni.cncf.io/v1"
464
+
kind: NetworkAttachmentDefinition
465
+
metadata:
466
+
name: enp9s0-hostdev
467
+
spec:
468
+
config: '{
469
+
"cniVersion": "0.3.1",
470
+
"plugins": [
471
+
{
472
+
"type": "host-device",
473
+
"name": "host0",
474
+
"device": "enp9s0",
475
+
"ipam": {}
476
+
}]
477
+
}'
478
+
----
479
+
480
+
After this, add network attachment definition for the bond itself. This is
481
+
similar to the MACVLAN use case.
482
+
483
+
*NetworkAttachmentDefinition bond*
484
+
485
+
[,shell,subs="attributes"]
486
+
----
487
+
apiVersion: "k8s.cni.cncf.io/v1"
488
+
kind: NetworkAttachmentDefinition
489
+
metadata:
490
+
name: bond-net1
491
+
spec:
492
+
config: '{
493
+
"type": "bond",
494
+
"cniVersion": "0.3.1",
495
+
"name": "bond-net1",
496
+
"mode": "active-backup",
497
+
"failOverMac": 1,
498
+
"linksInContainer": true,
499
+
"miimon": "100",
500
+
"mtu": 1500,
501
+
"links": [
502
+
{"name": "net1"},
503
+
{"name": "net2"}
504
+
],
505
+
"ipam": {
506
+
"type": "static",
507
+
"addresses": [
508
+
{
509
+
"address": "192.168.200.100/24",
510
+
"gateway": "192.168.200.1"
511
+
}
512
+
],
513
+
"subnet": "192.168.200.0/24",
514
+
"routes": [{
515
+
"dst": "0.0.0.0/0"
516
+
}]
517
+
}
518
+
}'
519
+
----
520
+
521
+
The IP address assignment here is static and defines the address of the bond as
522
+
'192.168.200.100' on a /24 network, with a gateway residing on the network's
523
+
first available address. In the bond's network attachment, define the type of
524
+
bond. In this case it is active-backup.
525
+
526
+
To use this bond, the pod needs to know about all interfaces. An example pod
527
+
definition for bond with host devices might look like this:
528
+
529
+
[,shell,subs="attributes"]
530
+
----
531
+
apiVersion: v1
532
+
kind: Pod
533
+
metadata:
534
+
name: test-pod
535
+
annotations:
536
+
k8s.v1.cni.cncf.io/networks: '[
537
+
{"name": "enp8s0-hostdev",
538
+
"interface": "net1"
539
+
},
540
+
{"name": "enp9s0-hostdev",
541
+
"interface": "net2"
542
+
},
543
+
{"name": "bond-net1",
544
+
"interface": "bond0"
545
+
}]'
546
+
spec:
547
+
restartPolicy: Never
548
+
containers:
549
+
- name: bond-test
550
+
image: alpine:latest
551
+
command:
552
+
- /bin/sh
553
+
- "-c"
554
+
- "sleep 60m"
555
+
imagePullPolicy: IfNotPresent
556
+
----
557
+
558
+
===== Bond CNI with SR-IOV
559
+
Using the Bond CNI with SR-IOV is fairly straight forward. For more details on how to set up SR-IOV, see <<sriov>>. As described there, you have to create `SriovNetworkNodePolicies` that defines `resourceNames`, as well as number of virtual functions and such. The `resourceNames` are being used by the `SriovNetwork` which is used as interfaces in the pod definition. The bond definition is exactly the same as for the MACVLAN and host device cases.
0 commit comments