文档
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Deploying the SR-IOV-CNI Network Plugin

Before the deployment, ensure that the NIC VF function has been enabled on the host and sufficient VFs have been created. The deployment of the SR-IOV-CNI network plugin depends on Multus and the SR-IOV device plugin. Ensure both components are deployed and configured beforehand.

Deploying Multus

Multus is the manager of Kubernetes network plugins. It calls different network plugins (such as the SR-IOV-CNI network plugin and Flannel) to configure network interfaces based on Pod configurations. It includes two types of plugins: Thin plugin (used in this section) and Thick plugin. For details, see the configuration file multus-daemonset.yml.

  1. Deploy Multus on the master node of the cluster.
    kubectl apply -f multus-daemonset.yml
  2. Check the deployment status.
    1
    		 
    kubectl -n kube-system get pod

    multus-ds must be in the Running status, as shown below.

    NAME                             READY   STATUS    RESTARTS      AGE
kube-multus-ds-ds26q             1/1     Running   0             20d
kube-multus-ds-pp6mh             1/1     Running   0             20d

Deploying the SR-IOV Device Plugin

Before deploying the SR-IOV device plugin, you need to modify its configuration file.

configMap.yaml describes the devices to be managed by the SR-IOV plugin, that is, the devices that are expected to be passed through. 
apiVersion: v1
kind: ConfigMap
metadata:
  name: sriovdp-config
  namespace: kube-system
data:
  config.json: |
    {
        "resourceList": [
            {
               "resourceName": "huawei_1822_netdevice",
               "resourcePrefix": "huawei.com",
               "selectors": {
                    "vendors": ["19e5"],
                    "devices": ["375e"],
                    "drivers": ["hinic"],
                    "pfNames" : [ensp133s0]
                },
            },
            {
               "resourceName": "huawei_1823_netdevice",
               "resourcePrefix": "huawei.com",
               "selectors": {
                    "vendors": ["19e5"],
                    "devices": ["375f"],
                    "drivers": ["hisdk3"]
                }
            },
...
Table 1 Parameters in the configMap.yaml file

Parameter

Description

Constraints

resourceName

Resource name, which can be customized.

The value must be unique and cannot contain special characters.

resourcePrefix

Prefix of the resource name, which can be customized.

The value cannot contain special characters. It can be xx.com, for example, huawei.com.

deviceType

Device type.

The value can be accelerator, netDevice (default), or auxNetDevice.

selectors

Resource selector.

Only the devices that meet the filter criteria specified by selectors can be managed.

vendors

Vendor ID of a device. For example, the vendor ID of Huawei is 19e5. For details about how to query the vendor ID, see 2.

-

devices

Device ID. For details, see 2.

-

drivers

Name of the driver used by the device. For details, see 3.

-

pfNames

PF name on the NIC.

If there are network ports, add all of them to prevent VFs from different network ports from being used together.
  1. Check the PCI address of the NIC VF to be used on the node.
    1
    		 
    lspci | grep Ethernet

    In actual use, there may be more than one NIC VF. You can select the PCI address of one VF because the vendors, devices, and drivers of all VFs are the same.

  2. Based on the command output in the previous step, check whether the PCI address of the VF device to be used is 85:00.1. Then, check the vendors and devices of the device.
    The value of vendors is 19e5, and the value of devices is 375e. 
    lspci -n | grep 85

  3. Check drivers of the driver corresponding to the device.
    In the command output, find the driver name corresponding to the device whose PCI address is 85:00.1. 
    lspci -k

  4. After obtaining the information about vendors, devices, and drivers, fill the information in the configMap.yaml file. Each SR-IOV device corresponds to an item in resourceList.
  5. Deploy the SR-IOV device plugin in DaemonSet mode in the cluster based on the sriovdp-daemonset.yaml file.
    1
2
3
4
    		 
    git clone https://gitee.com/kunpeng_compute/sriov-network-device-plugin.git
cd sriov-network-device-plugin
kubectl apply -f deployments/configMap.yaml
kubectl apply -f deployments/sriovdp-daemonset.yaml
  6. Check the deployment status.
    1
    		 
    kubectl -n kube-system get pod

    If the deployment is successful, the following information is displayed. The number of kube-sriov-device-plugins must be the same as the number of nodes in the cluster.

    1
2
3
4
    		 
    NAME                             READY   STATUS              RESTARTS          AGE
kube-sriov-device-plugin-wkmrd   1/1     Running             0                 14d
kube-sriov-device-plugin-xvcs3   1/1     Running             0                 14d
kube-sriov-device-plugin-fgsa2   1/1     Running             0                 14d

Deploying the SR-IOV-CNI Network Plugin

  1. Create a deployment file sriov-cni-daemonset.yaml as follows and deploy the plugin in DaemonSet mode in the cluster based on the file.
    ---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: kube-sriov-cni-ds
  namespace: kube-system
  labels:
    tier: node
    app: sriov-cni
spec:
  selector:
    matchLabels:
      name: sriov-cni
  template:
    metadata:
      labels:
        name: sriov-cni
        tier: node
        app: sriov-cni
    spec:
      tolerations:
      - key: node-role.kubernetes.io/master
        operator: Exists
        effect: NoSchedule
      - key: node-role.kubernetes.io/control-plane
        operator: Exists
        effect: NoSchedule
      containers:
      - name: kube-sriov-cni
        image: ghcr.io/k8snetworkplumbingwg/sriov-cni:latest
        imagePullPolicy: IfNotPresent
        securityContext:
          allowPrivilegeEscalation: true
          privileged: true
          readOnlyRootFilesystem: true
          capabilities:
            drop:
              - ALL
        resources:
          requests:
            cpu: "100m"
            memory: "50Mi"
          limits:
            cpu: "100m"
            memory: "50Mi"
        volumeMounts:
        - name: cnibin
          mountPath: /host/opt/cni/bin
      volumes:
        - name: cnibin
          hostPath:
            path: /opt/cni/bin

    Run the following command to deploy the plugin:

    kubectl apply -f deployments/sriov-cni-daemonset.yaml
  2. Create an SR-IOV passthrough network in Multus and create the sriov-crd.yaml configuration file to specify SR-IOV network information.
    apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: sriov-net1
  annotations:
    k8s.v1.cni.cncf.io/resourceName: huawei.com/huawei_1822_netdevice # Modify the value according to the resourceName in the configMap.yaml file.
spec:
  config: '{
  "type": "sriov",
  "cniVersion": "0.3.1",
  "name": "sriov-network",
  "ipam": {
    "type": "host-local",
    "subnet": "10.56.217.0/24",
    "routes": [{
      "dst": "0.0.0.0/0"
    }],
    "gateway": "10.56.217.1"
  }
}'

    Run the following command to deploy the plugin:

    kubectl apply -f deployments/sriov-crd.yaml
  3. After the deployment, check whether all network plugins are running properly.
    kubectl get pods -owide -n kube-system

    As shown below, all deployed containers are in the Running status. Otherwise, check the error information.

    kube-multus-ds-qhqp4             1/1     Running   0             22h    10.175.119.147   compute01   <none>           <none>
kube-sriov-cni-ds-4kks2          1/1     Running   0             168m   10.244.1.20      compute01   <none>           <none>
kube-sriov-device-plugin-bnvg9   1/1     Running   0             20h    10.175.119.147   compute01   <none>           <none>

    Check whether the network configuration is successful by running the following command to view the custom resources in the cluster.

    kubectl get crds

    The command output must contain network-attachment-definitions.k8s.cni.cncf.io, as shown below:

    network-attachment-definitions.k8s.cni.cncf.io    2025-03-05T08:21:27Z

(Optional) Deploying the Whereabouts Plugin

In the SR-IOV-CNI network plugin example, IP address management is handled using the host-local CNI plugin. However, since host-local only supports IP allocation on a single node, it may lead to conflicts across multiple nodes. To enable dynamic IP assignment cluster-wide, the whereabouts plugin can be configured.

  1. Download the whereabouts plugin by referring to Deployment Environment Requirements and go to the directory.
    1
    		 
    git clone https://github.com/k8snetworkplumbingwg/whereabouts && cd whereabouts
  2. Deploy the plugin.
    1
2
3
    		 
    kubectl apply -f doc/crds/daemonset-install.yaml \
      -f doc/crds/whereabouts.cni.cncf.io_ippools.yaml \
      -f doc/crds/whereabouts.cni.cncf.io_overlappingrangeipreservations.yaml
  3. Remove the sriov-crd.yaml file that has been deployed, set ipam.type to whereabouts, change subnet to range, and modify other parameters as required. After the file is modified, deploy the file again. The following is an example:
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
    		 
    apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
  name: sriov-net1
  annotations:
    k8s.v1.cni.cncf.io/resourceName: huawei.com/huawei_1822_netdevice # Modify the value according to the resourceName in the configMap.yaml file.
spec:
  config: '{
  "type": "sriov",
  "cniVersion": "0.3.1",
  "name": "sriov-network",
  "ipam": {
    "type": "whereabouts",
    "range": "10.56.217.0/24",
    "exclude": [],
    "routes": [{
       "dst": "0.0.0.0/0"
    }],
    "range_start": "172.21.217.2",
    "range_end": "172.21.217.255",
    "gateway": "10.56.217.1"
  }
}'
Parent topic: Plugin Deployment