===== MAC VLAN =====

<code - nmstate-og.yaml>
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: nmstate-operator-group
  namespace: openshift-nmstate
spec:
  targetNamespaces:
  - openshift-nmstate
</code>

<code - nmstate-sub.yaml>
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: kubernetes-nmstate-operator
  namespace: openshift-nmstate
spec:
  channel: stable
  name: kubernetes-nmstate-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
</code>



<code - nmstate.yaml>
apiVersion: nmstate.io/v1
kind: NMState
metadata:
  name: nmstate
  namespace: openshift-nmstate
</code>


<code - macvlan-enp7s0-vlan222.yaml>
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-enp7s0-vlan222
  namespace: default
spec:
  config: |
    {
      "cniVersion": "0.3.1",
      "type": "macvlan",
      "master": "enp7s0.222",
      "mode": "bridge",
      "ipam": {
        "type": "static",
        "routes": [
          {
            "dst": "0.0.0.0/0",
            "gw": "10.194.22.1"
          }
        ]
      }
    }
</code>


<code>
oc apply -f nmstate-og.yaml
oc apply -f nmstate-sub.yaml
oc apply -f nmstate.yaml
</code>

<code - validation>
jonathan@jonathan-VirtualBox:~/ocp1$ ./oc get nncp
NAME      STATUS      REASON
vlan201   Available   SuccessfullyConfigured
vlan202   Available   SuccessfullyConfigured
vlan216   Available   SuccessfullyConfigured
vlan219   Available   SuccessfullyConfigured
vlan222   Available   SuccessfullyConfigured
jonathan@jonathan-VirtualBox:~/ocp1$ ./oc get nnce
NAME                                   STATUS      STATUS AGE   REASON
ocp1-wk01.ocp1.int.example.com.vlan201   Available   52m          SuccessfullyConfigured
ocp1-wk01.ocp1.int.example.com.vlan202   Available   64m          SuccessfullyConfigured
ocp1-wk01.ocp1.int.example.com.vlan216   Available   52m          SuccessfullyConfigured
ocp1-wk01.ocp1.int.example.com.vlan219   Available   52m          SuccessfullyConfigured
ocp1-wk01.ocp1.int.example.com.vlan222   Available   52m          SuccessfullyConfigured
ocp1-wk02.ocp1.int.example.com.vlan201   Available   52m          SuccessfullyConfigured
ocp1-wk02.ocp1.int.example.com.vlan202   Available   69m          SuccessfullyConfigured
ocp1-wk02.ocp1.int.example.com.vlan216   Available   52m          SuccessfullyConfigured
ocp1-wk02.ocp1.int.example.com.vlan219   Available   52m          SuccessfullyConfigured
ocp1-wk02.ocp1.int.example.com.vlan222   Available   52m          SuccessfullyConfigured
ocp1-wk03.ocp1.int.example.com.vlan201   Available   52m          SuccessfullyConfigured
ocp1-wk03.ocp1.int.example.com.vlan202   Available   76m          SuccessfullyConfigured
ocp1-wk03.ocp1.int.example.com.vlan216   Available   52m          SuccessfullyConfigured
ocp1-wk03.ocp1.int.example.com.vlan219   Available   52m          SuccessfullyConfigured
ocp1-wk03.ocp1.int.example.com.vlan222   Available   52m          SuccessfullyConfigured
ocp1-wk04.ocp1.int.example.com.vlan201   Available   52m          SuccessfullyConfigured
ocp1-wk04.ocp1.int.example.com.vlan202   Available   72m          SuccessfullyConfigured
ocp1-wk04.ocp1.int.example.com.vlan216   Available   52m          SuccessfullyConfigured
ocp1-wk04.ocp1.int.example.com.vlan219   Available   52m          SuccessfullyConfigured
ocp1-wk04.ocp1.int.example.com.vlan222   Available   52m          SuccessfullyConfigured
</code>

<code - pod1.yaml>
apiVersion: v1
kind: Pod
metadata:
  name: pod1
  annotations:
    k8s.v1.cni.cncf.io/networks: |
      [{
        "name": "macvlan-enp7s0-vlan222",
        "ips": [ "10.194.22.200/24" ]
      }]
spec:
  containers:
  - name: test
    image: nicolaka/netshoot
    command: ["sleep","3600"]
    securityContext:
      privileged: true
</code>

<code>
oc apply -f pod1.yaml
</code>


===== MAC VLAN within project/namespace =====

<code - >
oc create sa netshoot -n lab-infra
oc get sa netshoot -n lab-infra
oc adm policy add-scc-to-user privileged system:serviceaccount:lab-infra:netshoot
</code>

<code - macvlan-enp7s0-vlan222-lab_infra.yaml>
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: macvlan-enp7s0-vlan222
  namespace: lab-infra
spec:
  config: |
    {
      "cniVersion": "0.3.1",
      "type": "macvlan",
      "master": "enp7s0.222",
      "mode": "bridge",
      "ipam": {
        "type": "static",
        "routes": [
          {
            "dst": "0.0.0.0/0",
            "gw": "10.194.22.1"
          }
        ]
      }
    }
</code>

<code - deployment-lab10e-pod1.yaml>
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pod1
  namespace: lab-infra
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pod1
  template:
    metadata:
      labels:
        app: pod1
      annotations:
        k8s.v1.cni.cncf.io/networks: |
          [{
            "name": "macvlan-enp7s0-vlan222",
            "ips": [ "10.194.22.201/24" ]
          }]
    spec:
      serviceAccountName: netshoot
      containers:
      - name: test
        image: nicolaka/netshoot
        command: ["sleep","3600"]
        securityContext:
          privileged: true
</code>

<code>
oc label ns lab-infra \
  pod-security.kubernetes.io/enforce=privileged \
  pod-security.kubernetes.io/warn=privileged \
  pod-security.kubernetes.io/audit=privileged \
  --overwrite
</code>