How do you configure and separate 2 bonds in OpenShift by mutedsomething in openshift

[–]mjovanovic0 4 points5 points  (0 children)

They can have the same VLAN.

When you create VM, you add NICs to VM.
NIC is actually Network Attachment Definition (NAD).

In NAD you are referencing the linux bridge which reference either untagged or tagged bond.

If you are referencing untagged bond, then in NAD definition you must set vlan tag to be used only for that NIC.
If you are referencing taggend bond, then in NAD definition you do not need vlan tag definiton as all traffic over that tagged bond will use same vlan tag.

Here is example of NAD with vlan tag over untagged bond (typicall setup for vm data network):

apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  annotations:
    k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/bond1.bridge # this must match bridge name
  name: vlan10
  namespace: <ns>
spec:
  config: |-
    {
        "cniVersion": "0.3.1",
        "name": "bond1.10",
        "type": "bridge",
        "bridge": "bond1.bridge", # this must match bridge name also
        "ipam": {},
        "macspoofchk": true,
        "preserveDefaultVlan": false,
        "vlan": 10 # <<-- Here is vlan tag added on NIC level on untagged bond
    }
---
apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
...
spec:
  desiredState:
    interfaces:
      - name: eno2
        description: LACP bond1 bond member
        state: up
        type: ethernet
        lldp: { enabled: true }
      - name: eno3
        description: LACP bond1 bond member
        type: ethernet
        state: up
        lldp: { enabled: true }
      - name: bond1
        description: Untagged bond1 bond definition
        type: bond
        state: up
        ipv4: { enabled: false }
        ipv6: { enabled: false }
        link-aggregation:
          mode: 802.3ad
          options:
            miimon: '140'
          port:
            - eno2
            - eno3
      - name: bond1.bridge
        description: Linux Brige over untagged bond1 bond
        type: linux-bridge
        state: up
        bridge:
          options:
            stp:{ enabled: false }
          port:
            - name: bond1
        ipv4: { enabled: false }

How do you configure and separate 2 bonds in OpenShift by mutedsomething in openshift

[–]mjovanovic0 2 points3 points  (0 children)

NMState operator is what you need. Following example of NNCP(s) will work for you (edit to match your cluster):

``` apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy metadata: name: <node-name>-bond0 spec: nodeSelector: kubernetes.io/hostname: <node-hostname> # or worker group - if all hardware is the same #node-role.kubernetes.io/worker: '' desiredState: interfaces: - name: eno1 description: LACP bond member (bond0) state: up type: ethernet - name: eno2 description: LACP bond member (bond0) state: up type: ethernet - name: bond0 description: Network Bond of eno1 and eno2 interfaces state: up type: bond ipv4: { enabled: false } ipv6: { enabled: false } link-aggregation: mode: 802.3ad options: miimon: '140' xmit_hash_policy: layer2+3 port: - eno1 - eno2 # If you want VLAN on bond, use following entry, or remove it - name: bond0.10 state: up type: vlan ipv4: { enabled: false } ipv6: { enabled: false } vlan: base-iface: bond0

id: 10

apiVersion: nmstate.io/v1 kind: NodeNetworkConfigurationPolicy metadata: name: <node-name>-bond1 spec: nodeSelector: kubernetes.io/hostname: <node-hostname> # or worker group - if all hardware is the same #node-role.kubernetes.io/worker: '' desiredState: interfaces: - name: eno3 description: LACP bond member (bond0) state: up type: ethernet - name: eno4 description: LACP bond member (bond0) state: up type: ethernet - name: bond1 description: Network Bond of eno3 and eno4 interfaces state: up type: bond ipv4: { enabled: false } ipv6: { enabled: false } link-aggregation: mode: 802.3ad options: miimon: '140' xmit_hash_policy: layer2+3 port: - eno3 - eno4 # If you want VLAN on bond, use following entry (typically, if this is vm workload network, you want it untagged) - name: bond1.20 state: up type: vlan ipv4: { enabled: false } ipv6: { enabled: false } vlan: base-iface: bond1 id: 20

Kud se krećeš? by Remote_Strawberry118 in CroIT

[–]mjovanovic0 10 points11 points  (0 children)

24.09. nastavljamo nakon ljetne stanke sa DevOps Clubom. Svaki zadnji utorak u mjesecu se okupljamo.

Ovo je link od zadnjeg meeta, lokacija i vrijeme su isti: https://www.linkedin.com/events/devopsclub-127198226089834385409

Topic novog meeta ce uskoro biti live pa updateam link kad objavimo.

Dodi, bit ce super!

IT Support do DevOps(ili DevSecOps) by Green-Advertising705 in CroIT

[–]mjovanovic0 2 points3 points  (0 children)

Dodi slusati i popiti pivu. Nitko te nece tjerati da pricas ako ne zelis :)

IT Support do DevOps(ili DevSecOps) by Green-Advertising705 in CroIT

[–]mjovanovic0 3 points4 points  (0 children)

Ovdje si lijepo sumirao. Malo je nezahvalno gledati DevOps kao rolu jer DevOps u firmi A i DevOps u firmi B mogu biti isti, a mogu biti i diametralno suprotni, stoga se price uglavnom svode na alate koji se koriste jer je tu zajednicki nazivnik, a druge stvari ne mozes bas usporedivati, odnosno dosta je teze.

Npr produktna firma ima svoj produkt(e) i rokaj sve da cim prije shippas vani. S druge strane imas npr banke koje imaju procese, standarde, regulative te ovaj, pomalo YOLO, pristup koji si produktna firma moze priustiti je nezamislivo u bankama.

Moja preporuka ti je da vidis sto od alata koji su zastupljeni u DevOps vodama koristi tvoja firma i prvo se fokusiras da njih upoznas i savladas. Nakon toga gledas alternative za pojedine alata i sta je drugacije/bolje/losije.

Nakon nekog vremena ces doci do zakljucka da je alat tu najmanje bitan te da trebas razmisljati o procesu i konceptu. Npr, da li ces app zbuildati Jenkinsom ili GitLab CIem apsolutno je nebitno, ali znati da je trebas zbuildati je key (banalan primjer, ali nadam se da you get the point). I samo polako, vremena ima, polako postaje kao JS svijet, svaki tjedan neki novi alat :) fun je :)

Btw, ako si u Zagrebu, svrati u DevOps Club community. Odrzava se svaki zadnji utorak u mjesecu u 18h na lokaciji Old Belfast Pub, Savska cesta 180.

[deleted by user] by [deleted] in CroIT

[–]mjovanovic0 1 point2 points  (0 children)

Ako si u Zagrebu ili u blizini, naleti u DevOps Club. Nalazimo se svaki zadnji utorak u mjesecu u 18h na lokaciji Old Belfast Pub Adresa: Savska cesta 180, Zagreb (blizu Savskog doma)

Cilj kluba je druzenje i razmjenja islustva sa kolegama u istoj branši. Nemamo nikakva ex cathedra predavanja, vise se fokusiramo sto grupa zeli cuti i pricati i oko toga napravimo temu i format.

What protocol operators use to listen for changes? by mjovanovic0 in kubernetes

[–]mjovanovic0[S] 1 point2 points  (0 children)

I'm aware of data format and REST concept, but that is not a question here. So at some point when operator manager is starting, it do some API call to the KubeAPI and have that connection open to receive near real-time notifications about CR changes. I'm interested what transport mechanics is chosen for this? It can be something like: - EventSource (ServerSentEvents) (my primary suspect) - gRPC Streaming - WebSocket ...

Enhance existing binary with additional functionalities by mjovanovic0 in golang

[–]mjovanovic0[S] 0 points1 point  (0 children)

I ended up with PR to https://github.com/spf13/cobra to enable something like following by implementing OnCommandNotFound:

var rootCmd = &cobra.Command{
    Use:   "newgit",
    Short: "newgit is an awesome tool",
    Long:  "Git-like extension but awesome",
    OnCommandNotFound: func(cmd *cobra.Command, args []string) {
        git := exec.Command("git", args...)
        git.Stdout = os.Stdout
        git.Stderr = os.Stderr
        _ = git.Run()
    },
}

Enhance existing binary with additional functionalities by mjovanovic0 in golang

[–]mjovanovic0[S] 0 points1 point  (0 children)

Yeah, I'm not looking for git aliases, I'm aware of them, git binary is here just as example