apiVersion: operators.coreos.com/v1 kind: OperatorGroup metadata: name: nmstate-operator-group namespace: openshift-nmstate spec: targetNamespaces: - openshift-nmstate
apiVersion: operators.coreos.com/v1alpha1 kind: Subscription metadata: name: kubernetes-nmstate-operator namespace: openshift-nmstate spec: channel: stable name: kubernetes-nmstate-operator source: redhat-operators sourceNamespace: openshift-marketplace
apiVersion: nmstate.io/v1 kind: NMState metadata: name: nmstate namespace: openshift-nmstate
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
name: macvlan-enp7s0-vlan222
namespace: default
spec:
config: |
{
"cniVersion": "0.3.1",
"type": "macvlan",
"master": "enp7s0.222",
"mode": "bridge",
"ipam": {
"type": "static",
"routes": [
{
"dst": "0.0.0.0/0",
"gw": "10.194.22.1"
}
]
}
}
oc apply -f nmstate-og.yaml oc apply -f nmstate-sub.yaml oc apply -f nmstate.yaml
jonathan@jonathan-VirtualBox:~/ocp1$ ./oc get nncp NAME STATUS REASON vlan201 Available SuccessfullyConfigured vlan202 Available SuccessfullyConfigured vlan216 Available SuccessfullyConfigured vlan219 Available SuccessfullyConfigured vlan222 Available SuccessfullyConfigured jonathan@jonathan-VirtualBox:~/ocp1$ ./oc get nnce NAME STATUS STATUS AGE REASON ocp1-wk01.ocp1.int.example.com.vlan201 Available 52m SuccessfullyConfigured ocp1-wk01.ocp1.int.example.com.vlan202 Available 64m SuccessfullyConfigured ocp1-wk01.ocp1.int.example.com.vlan216 Available 52m SuccessfullyConfigured ocp1-wk01.ocp1.int.example.com.vlan219 Available 52m SuccessfullyConfigured ocp1-wk01.ocp1.int.example.com.vlan222 Available 52m SuccessfullyConfigured ocp1-wk02.ocp1.int.example.com.vlan201 Available 52m SuccessfullyConfigured ocp1-wk02.ocp1.int.example.com.vlan202 Available 69m SuccessfullyConfigured ocp1-wk02.ocp1.int.example.com.vlan216 Available 52m SuccessfullyConfigured ocp1-wk02.ocp1.int.example.com.vlan219 Available 52m SuccessfullyConfigured ocp1-wk02.ocp1.int.example.com.vlan222 Available 52m SuccessfullyConfigured ocp1-wk03.ocp1.int.example.com.vlan201 Available 52m SuccessfullyConfigured ocp1-wk03.ocp1.int.example.com.vlan202 Available 76m SuccessfullyConfigured ocp1-wk03.ocp1.int.example.com.vlan216 Available 52m SuccessfullyConfigured ocp1-wk03.ocp1.int.example.com.vlan219 Available 52m SuccessfullyConfigured ocp1-wk03.ocp1.int.example.com.vlan222 Available 52m SuccessfullyConfigured ocp1-wk04.ocp1.int.example.com.vlan201 Available 52m SuccessfullyConfigured ocp1-wk04.ocp1.int.example.com.vlan202 Available 72m SuccessfullyConfigured ocp1-wk04.ocp1.int.example.com.vlan216 Available 52m SuccessfullyConfigured ocp1-wk04.ocp1.int.example.com.vlan219 Available 52m SuccessfullyConfigured ocp1-wk04.ocp1.int.example.com.vlan222 Available 52m SuccessfullyConfigured
apiVersion: v1
kind: Pod
metadata:
name: pod1
annotations:
k8s.v1.cni.cncf.io/networks: |
[{
"name": "macvlan-enp7s0-vlan222",
"ips": [ "10.194.22.200/24" ]
}]
spec:
containers:
- name: test
image: nicolaka/netshoot
command: ["sleep","3600"]
securityContext:
privileged: true
oc apply -f pod1.yaml
oc create sa netshoot -n lab-infra oc get sa netshoot -n lab-infra oc adm policy add-scc-to-user privileged system:serviceaccount:lab-infra:netshoot
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
name: macvlan-enp7s0-vlan222
namespace: lab-infra
spec:
config: |
{
"cniVersion": "0.3.1",
"type": "macvlan",
"master": "enp7s0.222",
"mode": "bridge",
"ipam": {
"type": "static",
"routes": [
{
"dst": "0.0.0.0/0",
"gw": "10.194.22.1"
}
]
}
}
apiVersion: apps/v1
kind: Deployment
metadata:
name: pod1
namespace: lab-infra
spec:
replicas: 1
selector:
matchLabels:
app: pod1
template:
metadata:
labels:
app: pod1
annotations:
k8s.v1.cni.cncf.io/networks: |
[{
"name": "macvlan-enp7s0-vlan222",
"ips": [ "10.194.22.201/24" ]
}]
spec:
serviceAccountName: netshoot
containers:
- name: test
image: nicolaka/netshoot
command: ["sleep","3600"]
securityContext:
privileged: true
oc label ns lab-infra \ pod-security.kubernetes.io/enforce=privileged \ pod-security.kubernetes.io/warn=privileged \ pod-security.kubernetes.io/audit=privileged \ --overwrite