3.6. Additional Networks (Multus)

Home Prev	cOS Stream 4.00.03 CNF Series Getting Started Guide	Next

This section focuses on the parts of the example that are related to attaching additional network interfaces to the pod, besides the default pod network (eth0). In this example Multus is used to attach two additional network interfaces:

First interface using the "lan-network" network resource attachment definition, that will be called "lan", using one instance of the "example.com/lan_device" resource (the actual network device, for instance, an SR-IOV virtual function device).
Second interface using the "wan-network" network resource attachment definition, that will be called "wan", using one instance of the "example.com/wan_device" resource.

apiVersion: v1
kind: Pod
metadata:
 name: netshield
 annotations:
  k8s.v1.cni.cncf.io/networks: lan-network@lan, wan-network@wan
spec:
 containers:
 - name: netshield
 env:
   - name: NETS
     valueFrom:
      fieldRef:
       fieldPath: metadata.annotations['k8s.v1.cni.cncf.io/networks']
	 
 resources:
  requests:
   example.com/lan_device: '1'
   example.com/wan_device: '1'
  limits:
   example.com/lan_device: '1'
   example.com/wan_device: '1'
  
 volumeMounts:
  - mountPath: /etc/podinfo
    name: podinfo
volumes:
 - name: podinfo
  downwardAPI:
   items:
    - path: "network-status"
     fieldRef:
      fieldPath: metadata.annotations['k8s.v1.cni.cncf.io/network-status']

The devices allocated under resources are the ones that are needed by the extra networks. The "resource prefix" (here "example.com") and the "resource name" (here: "lan_device" and "wan_device") must match the configuration of the device plugin used, for instance, the "SR-IOV Network Device Plugin for Kubernetes" which can be found here:

https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin

The examples archive contains examples of both a device configuration map for the device plugin (sriovdp-configmap.yaml) and some example network attachment definitions (networks.yaml). These examples show where these names appear in the various objects. The resource allocations in the pod specification can be injected automatically by for instance the "Network Resources Injector", which can be found here:

https://github.com/k8snetworkplumbingwg/network-resources-injector

The injection would be based on the "networks" annotation in the pod specification and the "resourceName" annotation in the network attachment definition.

There are some additional tweaks that can be applied, also affecting the default pod network. See the full pod specification examples for documentation of those.