BZ-1990953: Only the first container can use SR-IOV network attachment #37170
Conversation
openshift-ci
bot
added
the
size/XS
|
✔️ Deploy Preview for osdocs ready! 🔨 Explore the source changes: afd3277 🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/6179c579f617460007354596 😎 Browse the preview: https://deploy-preview-37170--osdocs.netlify.app |
modules/nw-multus-add-pod.adoc
Outdated
| @@ -30,6 +30,8 @@ ifdef::sriov[] | |||
| [NOTE] | |||
| ===== | |||
| If a network attachment is managed by the SR-IOV Network Operator, the SR-IOV Network Resource Injector adds the `resource` field to the `Pod` object automatically. | |||
|
|
|||
| Only the first container in your pod is configured for access to your SR-IOV additional network. If you have multiple containers defined in your `Pod` object, you must ensure that the container that requires access to your SR-IOV additional network is defined first. For more information, see link:https://bugzilla.redhat.com/show_bug.cgi?id=1990953[BZ#1990953]. | |||
There was a problem hiding this comment.
@jboxman thanks for adding the note!
One minor notice, this behavior only applies to Intel NIC in DPDK mode (vfio-pci deviceType).
The SR-IOV Network Resource Injector adds the resource field to the first container in your Pod object automatically. This behavior may cause issue when using SR-IOV in DPDK mode for Intel NICs that only the first container will have access to the resource or the first container gets the resource unexpectedly without defining it manually. To workaround this issue, it is recommended to disable the Network Resource Injector or ensure the container that requires access to your SR-IOV additional network be defined as first container in the Pod object.
|
@zshi-redhat, I've updated this for your review. Thanks! |
| @@ -29,7 +29,11 @@ The pod must be in the same namespace as the additional network. | |||
| ifdef::sriov[] | |||
| [NOTE] | |||
| ===== | |||
| If a network attachment is managed by the SR-IOV Network Operator, the SR-IOV Network Resource Injector adds the `resource` field to the `Pod` object automatically. | |||
| If a network attachment is managed by the SR-IOV Network Operator, the SR-IOV Network Resource Injector adds the `resource` field to the first container in a pod automatically. | |||
There was a problem hiding this comment.
The resource injector adds the resource field based on the metadata.annotations k8s.v1.cni.cncf.io/resourceName of net-attach-def, regardless of who (sriov operator/ manually) creates or manages it.
cc @zshi-redhat