Skip to content

CNV-52860: Passt binding for primary UDNs #100075

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+74 −6
Open

CNV-52860: Passt binding for primary UDNs #100075

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions modules/virt-attaching-vm-to-primary-udn-web.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
// Module included in the following assemblies:
//
// * virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc

:_mod-docs-content-type: PROCEDURE
[id="virt-attaching-vm-to-primary-udn-web_{context}"]
= Attaching a virtual machine to the primary user-defined network by using the web console

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should make it clear at the top that by default it just works. That VMs created in a namespace where primary UDN is configured will automatically attach to it using the l2bridge network binding. Maybe that should be the first info in the procedure. And only then the optional switch to passt should follow

You can connect a virtual machine (VM) to the primary user-defined network (UDN) by using the {product-title} web console.

.Prerequisites
* You are logged into the {product-title} web console.
.Procedure
. Optional: If you want to use the Plug a Simple Socket Transport (passt) network binding plugin, follow these steps to enable the Technology Preview feature:

.. From the *Virtualization* perspective, click *Overview*.

.. On the *Virtualization* page, click the *Settings* tab.

.. Click *Preview features* and set *Enable Passt binding for primary user-defined networks* to on.

. From the *Virtualization* perspective, click *VirtualMachines*.

. Select a VM to open the *VirtualMachine details* page.

. Click the *Configuration* tab.

. Click *Network*.

. Click the Options menu {kebab} on the *Network interfaces* page and select *Edit*.

. In the *Edit network interface* dialog, select the default pod network attachment from the *Network* list.

. Expand *Advanced* and then select the *Passt* binding.

. Click *Save*.

. If your VM is running, restart it for the changes to take effect.
14 changes: 11 additions & 3 deletions modules/virt-attaching-vm-to-primary-udn.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,23 @@
[id="virt-attaching-vm-to-primary-udn_{context}"]
= Attaching a virtual machine to the primary user-defined network by using the CLI

You can connect a virtual machine (VM) to the primary user-defined network (UDN) by requesting the pod network attachment, and configuring the interface binding.
You can connect a virtual machine (VM) to the primary user-defined network (UDN) by using the CLI.

.Prerequisites
* You have installed the OpenShift CLI (`oc`).

.Procedure
. Optional: If you want to use the Plug a Simple Socket Transport (passt) network binding plugin, set the `hco.kubevirt.io/deployPasstNetworkBinding` annotation to `true` in the `HyperConverged` custom resource (CR) by running the following command:
+
[source,terminal]
----
$ oc annotate hco kubevirt-hyperconverged -n kubevirt-hyperconverged hco.kubevirt.io/deployPasstNetworkBinding=true --overwrite
----

. Edit the `VirtualMachine` manifest to add the UDN interface details, as in the following example:
+
.Example `VirtualMachine` manifest
*Example `VirtualMachine` manifest*
+
[source,yaml]
----
apiVersion: kubevirt.io/v1
Expand All @@ -39,7 +47,7 @@ spec:
----
<1> The namespace in which the VM is located. This value must match the namespace in which the UDN is defined.
<2> The name of the user-defined network interface.
<3> The name of the binding plugin that is used to connect the interface to the VM. The required value is `l2bridge`.
<3> The name of the binding plugin that is used to connect the interface to the VM. The possible values are `l2bridge` and `passt`. The default value is `l2bridge`.
<4> The name of the network. This must match the value of the `spec.template.spec.domain.devices.interfaces.name` field.

. Apply the `VirtualMachine` manifest by running the following command:
Expand Down
27 changes: 24 additions & 3 deletions virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
:_mod-docs-content-type: ASSEMBLY
[id="virt-connecting-vm-to-primary-udn"]
= Connecting a virtual machine to a primary user-defined network
= Connecting a virtual machine to a primary user-defined network

include::_attributes/common-attributes.adoc[]
:context: virt-connecting-vm-to-primary-udn

Expand All @@ -26,7 +27,6 @@ You must consider the following limitations before implementing a primary UDN:
* You cannot use the `virtctl ssh` command to configure SSH access to a VM.
* You cannot use the `oc port-forward` command to forward ports to a VM.
* You cannot use headless services to access a VM.
* You cannot define readiness and liveness probes to configure VM health checks.


[id="creating-primary-udn-web_{context}"]
Expand Down Expand Up @@ -59,7 +59,28 @@ include::modules/virt-creating-a-primary-cluster-udn.adoc[leveloffset=+2]
.Next steps
* xref:../../virt/vm_networking/virt-connecting-vm-to-primary-udn.adoc#virt-creating-udn-namespace-cli_virt-connecting-vm-to-primary-udn[Create namespaces that are associated with the cluster-scoped UDN]

include::modules/virt-attaching-vm-to-primary-udn.adoc[leveloffset=+1]
[id="attaching-vm-to-primary-udn_{context}"]
== Attaching a virtual machine to the primary user-defined network

You can connect a virtual machine (VM) to the primary user-defined network (UDN) by requesting the pod network attachment, and configuring the interface binding.

{VirtProductName} supports the following network binding plugins to connect the network interface to the VM:

`l2bridge`:: The Layer 2 bridge binding creates a direct Layer 2 connection between the VM's virtual network and the host's virtual switch, which is then attached to a physical interface or a VLAN. This binding places the VM on the same network as the host, allowing it to obtain an IP address from the same DHCP server and share the host's physical network connection.

`passt`:: The Plug a Simple Socket Transport (passt) binding translates Layer 2 network frames from a VM into Layer 4 sockets on the host machine. It provides a user-space networking solution that avoids needing special privileges for VMs that need network access but should not be directly exposed to the host network's Layer 2.
+
Passt binding has the following benefits:

* You can define readiness and liveness probes to configure VM health checks.
* You can use Red Hat Advanced Cluster Security to monitor TCP traffic within the cluster.

:FeatureName: Using the passt binding plugin to attach a VM to the primary UDN
include::snippets/technology-preview.adoc[]

include::modules/virt-attaching-vm-to-primary-udn-web.adoc[leveloffset=+2]

include::modules/virt-attaching-vm-to-primary-udn.adoc[leveloffset=+2]

//Excluding from ROSA because the Networking -> Multiple networks -> Primary networks section is not part of ROSA docs
ifndef::openshift-rosa,openshift-dedicated,openshift-rosa-hcp[]
Expand Down