From 88a1b3594708f9ea1a1346267699f75492c48b37 Mon Sep 17 00:00:00 2001 From: Shikha Jhala Date: Mon, 21 Oct 2024 11:28:16 -0400 Subject: [PATCH] CNV-49892: 4.14-specific changes to NetworkAttachmentDefinition YAML --- .../virt-creating-linux-bridge-nad-cli.adoc | 19 +++++---- .../virt-pxe-booting-with-mac-address.adoc | 42 +++++++++---------- 2 files changed, 29 insertions(+), 32 deletions(-) diff --git a/modules/virt-creating-linux-bridge-nad-cli.adoc b/modules/virt-creating-linux-bridge-nad-cli.adoc index bdffb0017a72..37fdf13f1fd0 100644 --- a/modules/virt-creating-linux-bridge-nad-cli.adoc +++ b/modules/virt-creating-linux-bridge-nad-cli.adoc @@ -32,15 +32,16 @@ metadata: annotations: k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/bridge-interface <2> spec: - config: '{ - "cniVersion": "0.3.1", - "name": "bridge-network", <3> - "type": "bridge", <4> - "bridge": "bridge-interface", <5> - "macspoofchk": false, <6> - "vlan": 100, <7> - "preserveDefaultVlan": false <8> - }' + config: | + { + "cniVersion": "0.3.1", + "name": "bridge-network", <3> + "type": "bridge", <4> + "bridge": "bridge-interface", <5> + "macspoofchk": false, <6> + "vlan": 100, <7> + "preserveDefaultVlan": false <8> + } ---- <1> The name for the `NetworkAttachmentDefinition` object. <2> Optional: Annotation key-value pair for node selection, where `bridge-interface` must match the name of a bridge configured on some nodes. If you add this annotation to your network attachment definition, your virtual machine instances will only run on the nodes that have the `bridge-interface` bridge connected. diff --git a/modules/virt-pxe-booting-with-mac-address.adoc b/modules/virt-pxe-booting-with-mac-address.adoc index e57b0e518457..6314bee9965b 100644 --- a/modules/virt-pxe-booting-with-mac-address.adoc +++ b/modules/virt-pxe-booting-with-mac-address.adoc @@ -28,30 +28,26 @@ endif::openshift-rosa,openshift-dedicated[] apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: - name: pxe-net-conf + name: pxe-net-conf # <1> spec: - config: '{ - "cniVersion": "0.3.1", - "name": "pxe-net-conf", - "plugins": [ - { - "type": "bridge", - "bridge": "br1", - "vlan": 1 <1> - }, - { - "type": "cnv-tuning" <2> - } - ] - }' ----- -<1> Optional: The VLAN tag. -<2> The `cnv-tuning` plugin provides support for custom MAC addresses. -+ -[NOTE] -==== -The virtual machine instance will be attached to the bridge `br1` through an access port with the requested VLAN. -==== + config: | + { + "cniVersion": "0.3.1", + "name": "pxe-net-conf", <2> + "type": "bridge", <3> + "bridge": "bridge-interface", <4> + "macspoofchk": false, <5> + "vlan": 100, <6> + "preserveDefaultVlan": false <7> + } +---- +<1> The name for the `NetworkAttachmentDefinition` object. +<2> The name for the configuration. It is recommended to match the configuration name to the `name` value of the network attachment definition. +<3> The actual name of the Container Network Interface (CNI) plugin that provides the network for this network attachment definition. This example uses a Linux bridge CNI plugin. You can also use an OVN-Kubernetes localnet or an SR-IOV CNI plugin. +<4> The name of the Linux bridge configured on the node. +<5> Optional: A flag to enable the MAC spoof check. When set to `true`, you cannot change the MAC address of the pod or guest interface. This attribute allows only a single MAC address to exit the pod, which provides security against a MAC spoofing attack. +<6> Optional: The VLAN tag. No additional VLAN configuration is required on the node network configuration policy. +<7> Optional: Indicates whether the VM connects to the bridge through the default VLAN. The default value is `true`. . Create the network attachment definition by using the file you created in the previous step: +