Loading
close

rune容器和InfiniBand卡IB模式场景

time 更新时间:2023-06-28 15:07:34

基于rune(安全运行时)容器和InfiniBand卡(IB模式)的组合场景,主要原理是将容器运行时环境与高性能的InfiniBand网络卡相结合。通过利用rune容器的安全性和隔离性优势,与InfiniBand卡(IB模式)相结合,适用于对安全性和隔离性有一定需求的轻量级传输应用场景。本文将通过Yaml配置信息和参数,演示如何定义SR-IOV网络节点的策略。

操作步骤

配置SriovNetworkNodePolicy对象:

指定切分kubernetes.io/hostname=node-10节点上,rootDevices: 0000:71:00.0的PF设备

警告:

创建SR-IOV SriovNetworkNodePolicy对象时,节点应用修改会重启。

apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetworkNodePolicy
metadata:
  name: node-policy-5
  namespace: eks-managed
spec:
  resourceName: mlxnics
  nodeSelector:
    kubernetes.io/hostname: node-5
  nicSelector:
    vendor: "15b3"
    deviceID: "1017"
    rootDevices:
      - 0000:71:00.0
  deviceType: vfio-pci
  numVfs: 3
  priority: 50
  isRdma: false
  linkType: IB

配置SriovIBNetwork对象:

apiVersion: sriovnetwork.openshift.io/v1
kind: SriovIBNetwork
metadata:
  name: ibnics
  namespace: eks-managed
spec:
  ipam: |-
    {
    "type": "whereabouts",
    "range": "192.168.100.0/24",
    "gateway": "192.168.100.1",
    "exclude": [
      "192.168.100.0/26"
    ]
    }
  resourceName: mlxnics
  linkState: auto

配置 rune(安全运行时) 环境中的业务 Pod:

如果需要对容器(Pod)进行资源限制(limit)的设置,您可以在Pod的request字段中设置limit值。为了实现这个需求,您需要为Pod添加以下的annotation配置:
io.katacontainers.config.runtime.sandbox_cgroup_only: "false"

apiVersion: v1
kind: Pod
metadata:
  name: sriov-rune-pod-demo
  annotations:
    k8s.v1.cni.cncf.io/networks: eks-managed/ibnics
    io.katacontainers.config.runtime.enable_sriov: "true"
spec:
  runtimeClassName: rune
  containers:
  - name: app-demo
    image: hub.ecns.io/test/nginx:latest
    imagePullPolicy: Always
    command: [ "/bin/bash", "-c", "--" ]
    args: [ "while true; do sleep 300000; done;" ]
    resources:
      requests:
        ecnf.io/mlxnics: "1"
      limits:
        ecnf.io/mlxnics: "1"
  nodeName: node-10
此篇文章对你是否有帮助?
没帮助
locked-file

您暂无权限访问该产品