Merge pull request #84261 from sjhala-ccs/cnv-46289

sjhala-ccs · web-flow · commit ea63d53333b6 · 2024-11-26T09:31:33.000-05:00
CNV-46289: Added network configuration recommendations
diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml
@@ -1912,8 +1912,8 @@ Topics:
 #    File: virt-using-dpdk-with-sriov
   - Name: Connecting a VM to an OVN-Kubernetes secondary network
     File: virt-connecting-vm-to-ovn-secondary-network
-#  - Name: Hot plugging secondary network interfaces
-#    File: virt-hot-plugging-network-interfaces
+  - Name: Hot plugging secondary network interfaces
+    File: virt-hot-plugging-network-interfaces
   - Name: Connecting a VM to a service mesh
     File: virt-connecting-vm-to-service-mesh
   - Name: Configuring a dedicated network for live migration
diff --git a/modules/virt-attaching-vm-to-ovn-secondary-nw-cli.adoc b/modules/virt-attaching-vm-to-ovn-secondary-nw-cli.adoc
@@ -28,20 +28,23 @@ spec:
       domain:
         devices:
           interfaces:
-          - name: secondary <1>
+          - name: secondary # <1>
             bridge: {}
         resources:
           requests:
             memory: 1024Mi
       networks:
-      - name: secondary  <2>
+      - name: secondary  # <2>
         multus:
-          networkName: <nad_name> <3>
+          networkName: <nad_name> # <3>
+      nodeSelector:
+        node-role.kubernetes.io/worker: '' # <4>
 # ...
 ----
 <1> The name of the OVN-Kubernetes secondary interface.
 <2> The name of the network. This must match the value of the `spec.template.spec.domain.devices.interfaces.name` field.
 <3> The name of the `NetworkAttachmentDefinition` object.
+<4> Specifies the nodes on which the VM can be scheduled. The recommended node selector value is `node-role.kubernetes.io/worker: ''`.
 
 . Apply the `VirtualMachine` manifest:
 +
diff --git a/modules/virt-creating-localnet-nad-cli.adoc b/modules/virt-creating-localnet-nad-cli.adoc
@@ -12,10 +12,33 @@ You can create a network attachment definition (NAD) which describes how to atta
 * You have access to the cluster as a user with `cluster-admin` privileges.
 * You have installed the OpenShift CLI (`oc`).
 * You have installed the Kubernetes NMState Operator.
-* You have created a `NodeNetworkConfigurationPolicy` object to map the OVN-Kubernetes secondary network to an Open vSwitch (OVS) bridge.
 
 .Procedure
 
+. Create a `NodeNetworkConfigurationPolicy` object to map the OVN-Kubernetes secondary network to an Open vSwitch (OVS) bridge:
++
+[source,yaml]
+----
+apiVersion: nmstate.io/v1
+kind: NodeNetworkConfigurationPolicy
+metadata:
+  name: mapping # <1>
+spec:
+  nodeSelector:
+    node-role.kubernetes.io/worker: '' # <2>
+  desiredState:
+    ovn:
+      bridge-mappings:
+      - localnet: localnet-network # <3>
+        bridge: br-ex # <4>
+        state: present # <5>
+----
+<1> The name of the configuration object.
+<2> Specifies the nodes to which the node network configuration policy is to be applied. The recommended node selector value is `node-role.kubernetes.io/worker: ''`.
+<3> The name of the additional network from which traffic is forwarded to the OVS bridge. This attribute must match the value of the `spec.config.name` field of the `NetworkAttachmentDefinition` object that defines the OVN-Kubernetes additional network.
+<4> The name of the OVS bridge on the node. This value is required if the `state` attribute is `present`.
+<5> The state of the mapping. Must be either `present` to add the mapping or `absent` to remove the mapping. The default value is `present`.
+
 . Create a `NetworkAttachmentDefinition` object:
 +
 [source,yaml]
diff --git a/modules/virt-networking-glossary.adoc b/modules/virt-networking-glossary.adoc
@@ -20,5 +20,7 @@ API resource that allows you to define custom resources, or an object defined by
 
 Network attachment definition (NAD):: A CRD introduced by the Multus project that allows you to attach pods, virtual machines, and virtual machine instances to one or more networks.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 Node network configuration policy (NNCP):: A CRD introduced by the nmstate project, describing the requested network configuration on nodes.
 You update the node network configuration, including adding and removing interfaces, by applying a `NodeNetworkConfigurationPolicy` manifest to the cluster.
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc b/virt/vm_networking/virt-connecting-vm-to-ovn-secondary-network.adoc
@@ -6,13 +6,19 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can connect a virtual machine (VM) to an Open Virtual Network (OVN)-Kubernetes secondary network. {VirtProductName} supports the layer 2 and localnet topologies for OVN-Kubernetes.
+ifdef::openshift-rosa,openshift-dedicated[]
+You can connect a VM to an Open Virtual Network (OVN)-Kubernetes secondary network. {VirtProductName} supports the `layer2` topology for OVN-Kubernetes.
 
-* A layer 2 topology connects workloads by a cluster-wide logical switch. The OVN-Kubernetes Container Network Interface (CNI) plug-in uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.
-
-* A localnet topology connects the secondary network to the physical underlay. This enables both east-west cluster traffic and access to services running outside the cluster, but it requires additional configuration of the underlying Open vSwitch (OVS) system on cluster nodes.
+A `layer2` topology connects workloads by a cluster-wide logical switch. The OVN-Kubernetes Container Network Interface (CNI) plugin uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.
+endif::openshift-rosa,openshift-dedicated[]
 
 ifndef::openshift-rosa,openshift-dedicated[]
+You can connect a virtual machine (VM) to an OVN-Kubernetes secondary network. {VirtProductName} supports the `layer2` and `localnet` topologies for OVN-Kubernetes.
+
+* A `layer2` topology connects workloads by a cluster-wide logical switch. The OVN-Kubernetes Container Network Interface (CNI) plugin uses the Geneve (Generic Network Virtualization Encapsulation) protocol to create an overlay network between nodes. You can use this overlay network to connect VMs on different nodes, without having to configure any additional physical networking infrastructure.
+
+* A `localnet` topology connects the secondary network to the physical underlay. This enables both east-west cluster traffic and access to services running outside the cluster, but it requires additional configuration of the underlying Open vSwitch (OVS) system on cluster nodes.
+
 [NOTE]
 ====
 An OVN-Kubernetes secondary network is compatible with the xref:../../networking/multiple_networks/configuring-additional-network.adoc#compatibility-with-multi-network-policy_configuring-additional-network[multi-network policy API] which provides the `MultiNetworkPolicy` custom resource definition (CRD) to control traffic flow to and from VMs. You can use the `ipBlock` attribute to define network policy ingress and egress rules for specific CIDR blocks.
@@ -26,7 +32,7 @@ ifndef::openshift-rosa,openshift-dedicated[]
 +
 [NOTE]
 ====
-For localnet topology, you must xref:../../networking/multiple_networks/configuring-additional-network.adoc#configuring-additional-network_ovn-kubernetes-configuration-for-a-localnet-topology[configure an OVS bridge] by creating a `NodeNetworkConfigurationPolicy` object before creating the NAD.
+For `localnet` topology, you must xref:../../networking/multiple_networks/configuring-additional-network.adoc#configuring-additional-network_ovn-kubernetes-configuration-for-a-localnet-topology[configure an OVS bridge] by creating a `NodeNetworkConfigurationPolicy` object before creating the NAD.
 ====
 endif::openshift-rosa,openshift-dedicated[]
 
@@ -35,7 +41,7 @@ endif::openshift-rosa,openshift-dedicated[]
 [id="creating-ovn-nad_{context}"]
 == Creating an OVN-Kubernetes NAD
 
-You can create an OVN-Kubernetes layer 2 or localnet network attachment definition (NAD) by using the {product-title} web console or the CLI.
+You can create an OVN-Kubernetes network attachment definition (NAD) by using the {product-title} web console or the CLI.
 
 [NOTE]
 ====
@@ -44,11 +50,15 @@ Configuring IP address management (IPAM) in a network attachment definition for
 
 include::modules/virt-creating-layer2-nad-cli.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/virt-creating-localnet-nad-cli.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/virt-creating-nad-l2-overlay-console.adoc[leveloffset=+2]
 
+ifndef::openshift-rosa,openshift-dedicated[]
 include::modules/virt-creating-nad-localnet-console.adoc[leveloffset=+2]
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="attaching-vm-to-ovn-secondary-nw"]
 == Attaching a virtual machine to the OVN-Kubernetes secondary network
diff --git a/virt/vm_networking/virt-hot-plugging-network-interfaces.adoc b/virt/vm_networking/virt-hot-plugging-network-interfaces.adoc
@@ -6,12 +6,19 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-You can add or remove secondary network interfaces without stopping your virtual machine (VM). {VirtProductName} supports hot plugging for secondary interfaces that use the VirtIO device driver. 
+ifdef::openshift-rosa,openshift-dedicated[]
+You can add or remove secondary network interfaces without stopping your virtual machine (VM). {VirtProductName} supports hot plugging and hot unplugging for secondary interfaces that use bridge binding and the VirtIO device driver.
+endif::openshift-rosa,openshift-dedicated[]
+
+
+ifndef::openshift-rosa,openshift-dedicated[]
+You can add or remove secondary network interfaces without stopping your virtual machine (VM). {VirtProductName} supports hot plugging and hot unplugging for secondary interfaces that use bridge binding and the VirtIO device driver. {VirtProductName} also supports hot plugging secondary interfaces that use SR-IOV binding.
 
 [NOTE]
 ====
 Hot unplugging is not supported for Single Root I/O Virtualization (SR-IOV) interfaces.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [id="virtio-limitations_virt-hot-plugging-network-interfaces"]
 == VirtIO limitations
@@ -33,7 +40,9 @@ include::modules/virt-hot-unplugging-bridge-network-interface-cli.adoc[leveloffs
 == Additional resources
 
 * xref:../../virt/getting_started/virt-using-the-cli-tools.adoc#installing-virtctl_virt-using-the-cli-tools[Installing virtctl]
+ifndef::openshift-rosa,openshift-dedicated[]
 * xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#creating-linux-bridge-nad[Creating a Linux bridge network attachment definition]
 * xref:../../virt/vm_networking/virt-connecting-vm-to-linux-bridge.adoc#configuring-vm-network-interface[Connecting a virtual machine to a Linux bridge network]
 * xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#nw-sriov-network-attachment_virt-connecting-vm-to-sriov[Creating an SR-IOV network attachment definition]
-* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-attaching-vm-to-sriov-network_virt-connecting-vm-to-sriov[Connecting a virtual machine to an SR-IOV network]
+* xref:../../virt/vm_networking/virt-connecting-vm-to-sriov.adoc#virt-attaching-vm-to-sriov-network_virt-connecting-vm-to-sriov[Connecting a virtual machine to an SR-IOV network]
+endif::openshift-rosa,openshift-dedicated[]
diff --git a/virt/vm_networking/virt-networking-overview.adoc b/virt/vm_networking/virt-networking-overview.adoc
