nw-udn-cr.adoc

Creating a UserDefinedNetwork CR by using the CLI

The following procedure creates a UserDefinedNetwork CR that is namespace scoped. Based upon your use case, create your request by using either the my-layer-two-udn.yaml example for a Layer2 topology type or the my-layer-three-udn.yaml example for a Layer3 topology type.

Perquisites

• You have logged in with cluster-admin privileges, or you have view and edit role-based access control (RBAC).

Procedure

1. Optional: For a UserDefinedNetwork CR that uses a primary network, create a namespace with the k8s.ovn.org/primary-user-defined-network label by entering the following command:

   $ cat << EOF | oc apply -f -
   apiVersion: v1
   kind: Namespace
   metadata:
     name: <udn_namespace_name>
     labels:
       k8s.ovn.org/primary-user-defined-network: ""
   EOF

2. Create a request for either a Layer2 or Layer3 topology type user-defined network:

   1. Create a YAML file, such as my-layer-two-udn.yaml, to define your request for a Layer2 topology as in the following example:

      apiVersion: k8s.ovn.org/v1
      kind: UserDefinedNetwork
      metadata:
        name: udn-1 # (1)
        namespace: <some_custom_namespace>
      spec:
        topology: Layer2 # (2)
        layer2: (3)
          role: Primary # (4)
          subnets:
            - "10.0.0.0/24"
            - "2001:db8::/60" # (5)

      1. Name of your UserDefinedNetwork resource. This should not be default or duplicate any global namespaces created by the Cluster Network Operator (CNO).

      2. The topology field describes the network configuration; accepted values are Layer2 and Layer3. Specifying a Layer2 topology type creates one logical switch that is shared by all nodes.

      3. This field specifies the topology configuration. It can be layer2 or layer3.

      4. Specifies a Primary or Secondary role.

      5. For Layer2 topology types the following specifies config details for the subnet field:

         • The subnets field is optional.

         • The subnets field is of type string and accepts standard CIDR formats for both IPv4 and IPv6.

         • The subnets field accepts one or two items. For two items, they must be of a different family. For example, subnets values of 10.100.0.0/16 and 2001:db8::/64.

         • Layer2 subnets can be omitted. If omitted, users must configure IP addresses for the pods. As a consequence, port security only prevents MAC spoofing.

         • The Layer2 subnets field is mandatory when the ipamLifecycle field is specified.

   2. Create a YAML file, such as my-layer-three-udn.yaml, to define your request for a Layer3 topology as in the following example:

      apiVersion: k8s.ovn.org/v1
      kind: UserDefinedNetwork
      metadata:
        name: udn-2-primary # (1)
        namespace: <some_custom_namespace>
      spec:
        topology: Layer3 # (2)
        layer3: # (3)
          role: Primary # (4)
          subnets: # (5)
            - cidr: 10.150.0.0/16
              hostSubnet: 24
            - cidr: 2001:db8::/60
              hostSubnet: 64
      # ...

      1. Name of your UserDefinedNetwork resource. This should not be default or duplicate any global namespaces created by the Cluster Network Operator (CNO).

      2. The topology field describes the network configuration; accepted values are Layer2 and Layer3. Specifying a Layer3 topology type creates a layer 2 segment per node, each with a different subnet. Layer 3 routing is used to interconnect node subnets.

      3. This field specifies the topology configuration. Valid values are layer2 or layer3.

      4. Specifies a Primary or Secondary role.

      5. For Layer3 topology types the following specifies config details for the subnet field:

         • The subnets field is mandatory.

         • The type for the subnets field is cidr and hostSubnet:

           • cidr is equivalent to the clusterNetwork configuration settings of a cluster. The IP addresses in the CIDR are distributed to pods in the user defined network. This parameter accepts a string value.

           • hostSubnet defines the per-node subnet prefix.

           • For IPv6, only a /64 length is supported for hostSubnet.

3. Apply your request by running the following command:

   $ oc apply -f <my_layer_two_udn>.yaml

   Where <my_layer_two_udn>.yaml is the name of your Layer2 or Layer3 configuration file.

4. Verify that your request is successful by running the following command:

   $ oc get userdefinednetworks udn-1 -n <some_custom_namespace> -o yaml

   Where some_custom_namespace is the namespace you created for your user-defined network.

   Example output

   apiVersion: k8s.ovn.org/v1
   kind: UserDefinedNetwork
   metadata:
     creationTimestamp: "2024-08-28T17:18:47Z"
     finalizers:
     - k8s.ovn.org/user-defined-network-protection
     generation: 1
     name: udn-1
     namespace: some-custom-namespace
     resourceVersion: "53313"
     uid: f483626d-6846-48a1-b88e-6bbeb8bcde8c
   spec:
     layer2:
       role: Primary
       subnets:
       - 10.0.0.0/24
       - 2001:db8::/60
     topology: Layer2
   status:
     conditions:
     - lastTransitionTime: "2024-08-28T17:18:47Z"
       message: NetworkAttachmentDefinition has been created
       reason: NetworkAttachmentDefinitionReady
       status: "True"
       type: NetworkCreated