Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

4.3. Attaching a pod to a secondary network

To enable a pod to use additional network interfaces beyond the primary cluster network in OpenShift Container Platform, you can attach the pod to a secondary network. Secondary networks provide additional connectivity options for your workloads.

4.3.1. Adding a pod to a secondary network
링크 복사

To enable a pod to use additional network interfaces in OpenShift Container Platform, you can attach the pod to a secondary network. The pod continues to send normal cluster-related network traffic over the default network.

When a pod is created, a secondary network is attached to the pod. However, if a pod already exists, you cannot attach a secondary network to it.

The pod must be in the same namespace as the secondary network.

Prerequisites

  • Install the OpenShift CLI (oc).
  • Log in to the cluster.

Procedure

  1. Add an annotation to the Pod object. Only one of the following annotation formats can be used:

    1. To attach a secondary network without any customization, add an annotation with the following format: 

      metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks: <network>[,<network>,...]

      where:

      k8s.v1.cni.cncf.io/networks
      Specifies the name of the secondary network to associate with the pod. To specify more than one secondary network, separate each network with a comma. Do not include whitespace between the comma. If you specify the same secondary network multiple times, that pod will have multiple network interfaces attached to that network.

    2. To attach a secondary network with customizations, add an annotation with the following format: 

      metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks: |-
      [
        {
          "name": "<network>",
          "namespace": "<namespace>",
          "default-route": ["<default_route>"]
        }
      ]

      where:

      <network>
      Specifies the name of the secondary network defined by a NetworkAttachmentDefinition object.
      <namespace>
      Specifies the namespace where the NetworkAttachmentDefinition object is defined.
      <default-route>
      Optional parameter. Specifies an override for the default route, such as 192.168.17.1.

  2. Create the pod by entering the following command. 

    $ oc create -f <name>.yaml

    Replace <name> with the name of the pod.

  3. Optional: Confirm that the annotation exists in the pod CR by entering the following command. Replace <name> with the name of the pod. 

    $ oc get pod <name> -o yaml

    In the following example, the example-pod pod is attached to the net1 secondary network: 

    $ oc get pod example-pod -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks: macvlan-bridge
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "ovn-kubernetes",
          "interface": "eth0",
          "ips": [
              "10.128.2.14"
          ],
          "default": true,
          "dns": {}
      },{
          "name": "macvlan-bridge",
          "interface": "net1",
          "ips": [
              "20.2.2.100"
          ],
          "mac": "22:2f:60:a5:f8:00",
          "dns": {}
      }]
  name: example-pod
  namespace: default
spec:
  ...
status:
  ...

    where:

    k8s.v1.cni.cncf.io/network-status
    Specifies a JSON array of objects. Each object describes the status of a secondary network attached to the pod. The annotation value is stored as a plain text value.

4.3.1.1. Specifying pod-specific addressing and routing options
링크 복사

To set static IP addresses, MAC addresses, and default routes for a pod in OpenShift Container Platform, you can configure pod-specific addressing and routing options using JSON-formatted annotations. With these annotations, you can customize network behavior for individual pods on secondary networks.

Prerequisites

  • The pod must be in the same namespace as the secondary network.
  • Install the OpenShift CLI (oc).
  • You must log in to the cluster.

Procedure

  1. Edit the Pod resource definition. If you are editing an existing Pod resource, run the following command to edit its definition in the default editor. Replace <name> with the name of the Pod resource to edit. 

    $ oc edit pod <name>

  2. In the Pod resource definition, add the k8s.v1.cni.cncf.io/networks parameter to the pod metadata mapping. The k8s.v1.cni.cncf.io/networks accepts a JSON string of a list of objects that reference the name of NetworkAttachmentDefinition custom resource (CR) names in addition to specifying additional properties. 

    metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks: '[<network>[,<network>,...]]'
# ...

    where:

    <network>
    Replace with a JSON object as shown in the following examples. The single quotes are required.

    In the following example the annotation specifies which network attachment will have the default route, using the default-route parameter. 

    apiVersion: v1
kind: Pod
metadata:
  name: example-pod
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
    {
      "name": "net1"
    },
    {
      "name": "net2",
      "default-route": ["192.0.2.1"]
    }]'
spec:
  containers:
  - name: example-pod
    command: ["/bin/bash", "-c", "sleep 2000000000000"]
    image: centos/tools

    where:

    net1, net2
    Specifies the name of the NetworkAttachmentDefinition resource that defines the secondary network to associate with the pod.
    192.0.2.1
    Specifies a value of a gateway for traffic to be routed over if no other routing entry is present in the routing table. If more than one default-route key is specified, this will cause the pod to fail to become active.

    The default route will cause any traffic that is not specified in other routes to be routed to the gateway.

    중요

    Setting the default route to an interface other than the default network interface for OpenShift Container Platform may cause traffic that is anticipated for pod-to-pod traffic to be routed over another interface.

    To verify the routing properties of a pod, the oc command may be used to execute the ip command within a pod. 

    $ oc exec -it <pod_name> -- ip route
    참고

    You may also reference the pod’s k8s.v1.cni.cncf.io/network-status to see which secondary network has been assigned the default route, by the presence of the default-route key in the JSON-formatted list of objects.

    To set a static IP address or MAC address for a pod you can use the JSON formatted annotations. This requires you create networks that specifically allow for this functionality. This can be specified in a rawCNIConfig for the CNO.

  3. Edit the CNO CR by running the following command: 

    $ oc edit networks.operator.openshift.io cluster

    The following YAML describes the configuration parameters for the CNO:

    Cluster Network Operator YAML configuration

    name: <name>
namespace: <namespace>
rawCNIConfig: '{
  ...
}'
type: Raw

    where:

    name
    Specifies a name for the secondary network attachment that you are creating. The name must be unique within the specified namespace.
    namespace
    Specifies the namespace to create the network attachment in. If you do not specify a value, then the default namespace is used.
    rawCNIConfig
    Specifies the CNI plugin configuration in JSON format, which is based on the following template.

    The following object describes the configuration parameters for utilizing static MAC address and IP address using the macvlan CNI plugin:

    macvlan CNI plugin JSON configuration object using static IP and MAC address

    {
  "cniVersion": "0.3.1",
  "name": "<name>",
  "plugins": [{
      "type": "macvlan",
      "capabilities": { "ips": true },
      "master": "eth0",
      "mode": "bridge",
      "ipam": {
        "type": "static"
      }
    }, {
      "capabilities": { "mac": true },
      "type": "tuning"
    }]
}

    where:

    name
    Specifies the name for the secondary network attachment to create. The name must be unique within the specified namespace.
    plugins
    Specifies an array of CNI plugin configurations. The first object specifies a macvlan plugin configuration and the second object specifies a tuning plugin configuration.
    ips
    Specifies that a request is made to enable the static IP address functionality of the CNI plugin runtime configuration capabilities.
    master
    Specifies the interface that the macvlan plugin uses.
    mac
    Specifies that a request is made to enable the static MAC address functionality of a CNI plugin.

    The above network attachment can be referenced in a JSON formatted annotation, along with keys to specify which static IP and MAC address will be assigned to a given pod.

  4. Edit the pod by entering the following command: 

    $ oc edit pod <name>

    macvlan CNI plugin JSON configuration object using static IP and MAC address

    apiVersion: v1
kind: Pod
metadata:
  name: example-pod
  annotations:
    k8s.v1.cni.cncf.io/networks: '[
      {
        "name": "<name>",
        "ips": [ "192.0.2.205/24" ],
        "mac": "CA:FE:C0:FF:EE:00"
      }
    ]'

    where:

    metadata.name
    Specifies the name for the secondary network attachment to create. The name must be unique within the specified namespace.
    metadata.annotations.k8s.v1.cni.cncf.io/ips
    Specifies an IP address including the subnet mask.
    metadata.annotations.k8s.v1.cni.cncf.io/mac
    Specifies the MAC address.
    참고

    Static IP addresses and MAC addresses do not have to be used at the same time. You can use them individually, or together.

Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

Legal Notice

Theme

© 2026 Red Hat맨 위로 이동