This is a demonstration of the Bridge CNI plugin, plus the static IPAM CNI plugin.
- A recently installed OpenShift (4.2/4.3) installed cluster.
Firstly, we'll label a node so that we have two pods going to the same node.
oc get nodes | grep worker | awk '{print $1}'
oc label node ip-10-0-140-29.us-west-2.compute.internal bridgedemo=true
oc get nodes --show-labels | grep bridgedemo
Next, we're going to create two net-attach-defs
"Bridge A"
cat <<EOF | oc create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: static-bridge-a
spec:
config: '{
"name": "static-bridge-a",
"cniVersion": "0.3.1",
"type": "bridge",
"bridge": "demo0",
"vlan": 200,
"ipam": {
"type": "static",
"addresses": [
{
"address": "10.200.0.2/24"
}
]
}
}'
EOF
"Bridge B"
cat <<EOF | oc create -f -
apiVersion: "k8s.cni.cncf.io/v1"
kind: NetworkAttachmentDefinition
metadata:
name: static-bridge-b
spec:
config: '{
"name": "static-bridge-b",
"cniVersion": "0.3.1",
"type": "bridge",
"bridge": "demo0",
"vlan": 200,
"ipam": {
"type": "static",
"addresses": [
{
"address": "10.200.0.3/24"
}
]
}
}'
EOF
cat <<EOF | oc create -f -
apiVersion: v1
kind: Pod
metadata:
name: demo-bridge-a
annotations:
k8s.v1.cni.cncf.io/networks: static-bridge-a
spec:
containers:
- name: demo-bridge-a
command: ["/bin/bash", "-c", "trap : TERM INT; sleep infinity & wait"]
image: centos/tools
nodeSelector:
bridgedemo: "true"
EOF
cat <<EOF | oc create -f -
apiVersion: v1
kind: Pod
metadata:
name: demo-bridge-b
annotations:
k8s.v1.cni.cncf.io/networks: static-bridge-b
spec:
containers:
- name: demo-bridge-b
command: ["/bin/bash", "-c", "trap : TERM INT; sleep infinity & wait"]
image: centos/tools
nodeSelector:
bridgedemo: "true"
EOF
Let's list the interfaces
oc exec -it demo-bridge-a -- ip a
oc exec -it demo-bridge-b -- ip a
Note that we have a statically assigned IP address for each of those.
Now we can make a ping from one to the other...
oc exec -it demo-bridge-b -- ping -c5 10.200.0.2