OpenShift Virtualization Networking
Tue, 10 Oct 2023 09:55:24 -0000
|Read Time: 0 minutes
OpenShift Virtualization Networking
Introduction
Red Hat OpenShift Virtualization enables users to run virtual machines (VMs) alongside containers on the same platform, simplifying management and reducing the complexity of maintaining separate infrastructures and management tools. OpenShift Virtualization unifies the operations and management of VMs and containers on the same platform, helping organizations to benefit from their existing investments in virtualization.
The integration of VMs and containers on the same platform reduces the operational overhead and maximizes the hardware usage. The seamless deployment of OpenShift Virtualization makes configuration quick and easy for administrators. An enhanced web console provides a graphical portal to manage these virtualized resources. The feature enables multiple virtualization tasks, including:
- Creating and managing Linux and Windows VMs
- Connecting to VMs through various consoles and CLI tools
- Importing and cloning existing VMs
- Managing network interface controllers and storage disks that are attached to VMs
- Live-migrating VMs between nodes
OpenShift Virtualization is available as an operator in the OpenShift Operator Hub. The operator is installed from the CLI or the OpenShift web console, The Operator Lifecycle Manager (OLM) deploys operator pods for OpenShift Virtualization components such as compute, storage, networking, scaling, and templating.OLM also deploys the hyperconverged-cluster-operator pod, which is responsible for the deployment, configuration, and life cycle of other components, and the helper pods hco-webhook and hyperconverged-cluster-cli-download. For more information, see OpenShift Virtualization architecture | Virtualization | OpenShift Container Platform 4.12.
This blog describes a Dell-validated environment overview, the advantages of having a dedicated network for the VMs, how to configure the network on the cluster by using the NMState operator, and how to enable virtualization on the Red Hat Container platform.
Environment overview
The Dell OpenShift team used Dell PowerEdge R760 servers to host the Red Hat OpenShift 4.12 Container Platform and to validate OpenShift Virtualization with a dedicated network for VMs. For more information about deploying an OpenShift cluster on Dell powered bare metal servers, see the Red Hat OpenShift Container Platform 4.12 on Dell Infrastructure Implementation Guide.
The OpenShift MachineNetwork uses the 192.168.32.0/24 network. A dedicated VLAN with the IP address range 192.168.4.0/24 is created for the VMs. A dedicated physical interface on OpenShift nodes is configured for the VM network using NMState.
We installed the OpenShift Virtualization operator and created a hyper-converged custom resource on the cluster.
Lastly, we installed CSI PowerStore drivers on the cluster for NFS storage to load the ISOs for the VMs.
Why a dedicated network for virtual machines?
OpenShift VMs can use a dedicated network with a VLAN that is different from the one used by the OpenShift cluster. A network for VMs is created on a dedicated network interface on OpenShift nodes, with an IP address range that does not overlap with the cluster’s MachineNetwork.
Configuring a dedicated network for VMs allows for isolation between the VM network and the cluster or external network, helping administrators to manage VMs easily. A dedicated network also helps enhance security and increase performance.
Configuring a dedicated network using NMState
The Kubernetes NMState operator provides a Kubernetes API for performing state-driven network configuration across the OpenShift cluster’s nodes. For more information, see About the Kubernetes NMState Operator - Kubernetes NMState | Networking | OpenShift Container Platform 4.12 .
OpenShift Virtualization uses NMstate to report on and configure the state of the node network, making it possible to modify network policy configuration. For example, you can create a Linux bridge on all nodes by applying a single configuration manifest to the cluster.
You can install the NMState operator from the Operator hub on the OpenShift web console., and then create an NMstate custom resource. NodeNetworkConfigurationPolicy describes the requested network configuration on nodes. Update the node network configuration, including adding and removing interfaces, by applying a NodeNetworkConfigurationPolicy manifest to the cluster.
To atttach a VM to an additional network, we performed the following steps:
- Create a Linux bridge node network configuration policy.
- Create a Linux bridge network attachment definition to provide Layer-2 networking to pods and VMs.
- Configure the VM, enabling the VM to recognize the network attachment definition.
After installing the NMState operator on the cluster, we applied the following NodeNetworkConfigurationPolicy to create a Linux bridge that attaches to the second Ethernet:
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
name: br1-eno12409-policy
spec:
nodeSelector:
kubernetes.io/hostname: cnv-21
desiredState:
interfaces:
- name: br1
description: Linux bridge with eno12409 as a port
type: linux-bridge
state: up
ipv4:
address:
- prefix-length: 24
ip: 192.168.4.21
dhcp: false
enabled: true
bridge:
options:
stp:
enabled: false
port:
- name: eno12409
We created a VM by booting Red Hat Enterprise Linux 8.6 ISO. A network attachment definition is created in the same namespace as the pod or VM. We added a network interface to the VM, and assigned the new VM an IP address from the dedicated network.
We also performed a live migration on the VM without interrupting the virtual workload or access, and then verified that the VM IP address remained the same.
References
- About OpenShift Virtualization | Virtualization | OpenShift Container Platform 4.12
- About the Kubernetes NMState Operator - Kubernetes NMState | Networking | OpenShift Container Platform 4.12
- Updating node network configuration - Kubernetes NMState | Networking | OpenShift Container Platform 4.12
- Connecting a virtual machine to a Linux bridge network - Virtual machines | Virtualization | OpenShift Container Platform 4.12