Differences

This shows you the differences between two versions of the page.

--- docker:okd_macvlan [2026/03/27 15:52] – created jonathan
+++ docker:okd_macvlan [2026/03/27 18:15] (current) – jonathan
@@ Line 122: / Line 122: @@
 <code>
 oc apply -f pod1.yaml
+</code>
+===== MAC VLAN within project/namespace =====
+<code - >
+oc create sa netshoot -n lab-infra
+oc get sa netshoot -n lab-infra
+oc adm policy add-scc-to-user privileged system:serviceaccount:lab-infra:netshoot
+</code>
+<code - macvlan-enp7s0-vlan222-lab_infra.yaml>
+apiVersion: k8s.cni.cncf.io/v1
+kind: NetworkAttachmentDefinition
+metadata:
+  name: macvlan-enp7s0-vlan222
+  namespace: lab-infra
+spec:
+  config: |
+    {
+      "cniVersion": "0.3.1",
+      "type": "macvlan",
+      "master": "enp7s0.222",
+      "mode": "bridge",
+      "ipam": {
+        "type": "static",
+        "routes": [
+          {
+            "dst": "0.0.0.0/0",
+            "gw": "10.194.22.1"
+          }
+        ]
+      }
+    }
+</code>
+<code - deployment-lab10e-pod1.yaml>
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pod1
+  namespace: lab-infra
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pod1
+  template:
+    metadata:
+      labels:
+        app: pod1
+      annotations:
+        k8s.v1.cni.cncf.io/networks: |
+          [{
+            "name": "macvlan-enp7s0-vlan222",
+            "ips": [ "10.194.22.201/24" ]
+          }]
+    spec:
+      serviceAccountName: netshoot
+      containers:
+      - name: test
+        image: nicolaka/netshoot
+        command: ["sleep","3600"]
+        securityContext:
+          privileged: true
+</code>
+<code>
+oc label ns lab-infra \
+  pod-security.kubernetes.io/enforce=privileged \
+  pod-security.kubernetes.io/warn=privileged \
+  pod-security.kubernetes.io/audit=privileged \
+  --overwrite
 </code>