基于runc运行时容器和InfiniBand卡(IB模式)的组合场景,主要原理是将容器运行时环境与高性能的InfiniBand网络卡相结合。通过利用runc容器的轻量级和可移植性优势,与InfiniBand卡(IB模式)相结合,适用于安全隔离的需求较低,对网络性能要求较高的应用场景。本文将通过Yaml配置信息和参数,演示如何定义SR-IOV网络节点的策略。
操作步骤
配置SriovNetworkNodePolicy对象
指定切分kubernetes.io/hostname=node-10节点上,rootDevices: 0000:71:00.0的PF设备
警告:
创建SR-IOV SriovNetworkNodePolicy对象时,节点应用修改会重启。
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetworkNodePolicy
metadata:
name: node-policy-10
namespace: eks-managed
spec:
resourceName: mlxnics
nodeSelector:
kubernetes.io/hostname: node-10
nicSelector:
vendor: "15b3"
deviceID: "1017"
rootDevices:
- 0000:71:00.0
deviceType: netdevice
numVfs: 3
priority: 50
isRdma: true
linkType: IB配置SriovIBNetwork对象
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovIBNetwork
metadata:
name: ibnics
namespace: eks-managed
spec:
ipam: |-
{
"type": "whereabouts",
"range": "192.168.100.0/24",
"gateway": "192.168.100.1",
"exclude": [
"192.168.100.0/26"
]
}
resourceName: mlxnics
linkState: auto配置runc运行时环境中的业务Pod
apiVersion: v1
kind: Pod
metadata:
name: sriov-runc-pod-demo
annotations:
k8s.v1.cni.cncf.io/networks: eks-managed/ibnics
spec:
containers:
- name: app-demo
image: hub.ecns.io/test/nginx:latest
imagePullPolicy: Always
command: [ "/bin/bash", "-c", "--" ]
args: [ "while true; do sleep 300000; done;" ]
resources:
requests:
ecnf.io/mlxnics: "1"
limits:
ecnf.io/mlxnics: "1"
nodeName: node-10
