Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

How to Enable Virtualization with KubeVirt in Environments Using Kubernetes with a Contrail Cluster

 

KubeVirt is a virtualization add-on to Kubernetes that allows virtual machines (VMs) to run alongside the application containers present in a Kubernetes environment. KubeVirt provides a unified development platform where developers can build, modify, and deploy applications residing in both application containers and VMs within a common, shared environment. For additional information on KubeVirt and it’s benefits, see the KubeVirt homepage.

Starting in Contrail Networking Release 2011, you can use KubeVirt to allow VMs to run in any Kubernetes-orchestrated environments that use Contrail as the Container Networking Interface (CNI).

This document provides the instructions for installing KubeVirt in any Kubernetes environment that is using Contrail Networking. This document also includes a section specifically on using KubeVirt to enable OpenShift Virtualization in environments using Red Hat Openshift.

This document includes the following sections:

How to Enable Virtualization with KubeVirt in Environments Using Kubernetes with a Contrail Cluster

This section provides the instructions for enabling VM support in Kubernetes-orchestrated environments that are using Contrail Networking as the CNI.

It includes these sections:

When to Use This Procedure

A Kubernetes environment is containerized but might have to support VMs. Common reasons for supporting VMs include maintaining VM-based workloads that are challenging to containerize or to more gracefully migrate from a VM-based environment to Kubernetes.

The procedure in this document was validated for Contrail Networking 2011.

Prerequisites

This procedure makes the following assumptions about your environment:

  • A Kubernetes environment using Contrail Networking as the CNI is operational.

How to Install KubeVirt

To enable VMs in a Kubernetes environments with KubeVirt:

  1. Verify the pods and nodes in your Kubernetes cluster.

    In this representative example, the kubectl get nodes and kubectl get pods commands are used to view the nodes and pods in the environment.

    The Contrail containers running in the pods confirm that Contrail is running in this Kubernetes environment.

  2. Export the latest KubeVirt version.

    You can check for the latest KubeVirt version using the Release Blogs from KubeVirt.

    In this representative example, KubeVirt v0.35.0 is exported.

  3. Install the KubeVirt operator. The KubeVirt operator manages the lifecycle of all KubeVirt core components and will be used in this procedure to enable virtualization.
  4. After the KubeVirt operator is deployed, deploy the KubeVirt custom resource definitions (CRDs):
  5. Create a kubevirt-config ConfigMap.

    The ConfigMap must be updated to support software emulation.

    To create this ConfigMap:

    1. Create a KubeVirt config map:
    2. Add the following configuration to the config map and confirm the configuration.
    3. Restart the virt-handler pods:

How to Create a Virtual Machine on KubeVirt

After KubeVirt is installed, you can create VMs that are fully integrated into Kubernetes using Virtual Machine Instance (VMI) custom resources.

To configure these VMs:

  1. We will illustrate this procedure within it’s own namespace.

    To create a namespace called kubevirt-demo for this procedure:

  2. Create the VM.

    In this representative example, a VM instance running CentOS 7 is created and applied using a YAML file named kubevirt-centos.yaml.

  3. Confirm that the Virtual Machine instance was created:
  4. Create a service for the VM that allows the VM to establish SSH connections through NodePort using node IP.

    In this representative example, the service is created and applied using the kubevirt-centos-svc.yaml file. The get svc command is also entered to verify that the service is running.

  5. Connect to the VM using the service that was created in the previous step.

How to Test VM to Pod Connectivity

In these instructions, VM connectivity to a pod is tested.

To test VM to pod connectivity:

  1. Create a pod running Ubuntu.

    A small pod named ubuntuapp is created in this example.

  2. Create a service that allows the CentOS VM to use SSH through NodePort using Node IP for outside connectivity.
  3. SSH to the CentOS VM with the NodePort service using an IP address of a worker node:
  4. Confirm that the VM has access to the Internet:
  5. Ping the Ubuntu pod:

How to Create a Contrail Security Policy to Isolate a Virtual Machine Within a NameSpace

After installing OpenShift Virtualization, you may need to isolate a virtual machine within it’s namespace.

In the following procedure, a virtual machine is isolated in a namespace by only allowing SSH for ingress connections and setting all egress connections into podNetwork.

To isolate a VM within it’s namespace:

  1. Create a network security policy using the kubevirt-centos-netpol.yaml file, and apply the configuration file:
  2. Reconnect to the CentOS VM.

    Confirm connectivity to the Ubuntu pod by pinging the Ubuntu pod IP address.

    Confirm that connectivity to an internet site—in this example, www.google.com—is not possible.

How to Enable OpenShift Virtualization with KubeVirt in Environments Using OpenShift with a Contrail Cluster

KubeVirt is a virtualization add-on to Kubernetes that allows virtual machines (VMs) to run alongside the application containers present in a Kubernetes environment. KubeVirt provides a unified development platform in Red Hat Openshift—called OpenShift Virtualization—where developers can build, modify, and deploy applications residing in both application containers and VMs within a common, shared environment. For additional information on KubeVirt and it’s benefits, see the KubeVirt homepage.

Starting in Contrail Networking Release 2011, Red Hat OpenShift environments—which foundationally use Kubernetes orchestration—that include Contrail clusters can support OpenShift Virtualization by installing the KubeVirt add-on.

This document provides the instructions for installing KubeVirt in a Red Hat OpenShift environment that is using Contrail Networking. It includes the following sections:

When to Use This Procedure

A Kubernetes environment is containerized but might have to support VMs. Common reasons for supporting VMs include maintaining VM-based workloads that are challenging to containerize or to more gracefully migrate from a VM-based environment to Kubernetes. Any environment that needs to support VMs alongside Kubernetes containers can create an OpenShift Virtualization environment using KubeVirt.

The procedure in this document was validated for Contrail Networking 2011.

Prerequisites

This procedure makes the following assumptions about your environment:

  • A Red Hat OpenShift 4.5 or later environment using Contrail Networking is operational.

  • Your installing a version of OpenShift Virtualization that is supported with your version of Red Hat OpenShift. For information on the OpenShift Virtualization versions supported with Red Hat OpenShift 4.5, see About OpenShift Virtualization from OpenShift.

How to Install OpenShift Virtualization using KubeVirt

To enable OpenShift Virtualization using KubeVirt in a Red Hat OpenShift environment that is using Contrail Networking:

  1. Install the OpenShift Virtualization operator:Note

    This procedure is based on the official OpenShift Virtualization documentation. If you need to reference the official procedure, see Installing OpenShift Virtualization using the CLI from OpenShift.

    1. Login as a user with cluster-admin privileges.
    2. Create a YAML file containing the following configuration:
    3. Apply the YAML file.

      A Namespace, OperatorGroup, and Subscription—which are required elements for OpenShift Virtualization—are created when this YAML file is applied.

    4. Deploy the OpenShift Virtualization operator:
      1. Create the following YAML file:
      2. Apply the YAML file to deploy the operator:
      3. Confirm that the pods are running in the openshift-cnv namespace:
      4. Confirm that the operator has succeeded.
      5. Add the ConfigMap to kubevirt-config:

        Restart the virt-handler pods to complete the configuration update.

How to Create a Virtual Machine Using OpenShift Virtualization

OpenShift Virtualization was installed because your environment needed to support virtual machines. You can use the Virtual Machine Instance (VMI) custom resource to create virtual machines that are fully integrated into Red Hat OpenShift.

To create a virtual machine after installing OpenShift Virtualization:

  1. Create a new project with it’s own namespace for the virtual machine:
  2. Create a virtual machine apply the configuration:

    In this sample configuration, a virtual machine running CentOS 7 is created using the kubevirt-centos.yaml file.

  3. Confirm that the pod and the VM instance were created:

How to Test VM to Pod Connectivity

In these instructions, VM connectivity to a pod is tested.

To test VM to pod connectivity:

  1. Create a pod running Ubuntu.

    A small pod named ubuntuapp is created in this example.

  2. Create a service that allows the CentOS VM to use SSH through NodePort using Node IP for outside connectivity.
  3. SSH to the CentOS VM with the NodePort service using an IP address of a worker node:
  4. Confirm that the VM has access to the Internet:
  5. Ping the Ubuntu pod:

How to Create a Contrail Security Policy to Isolate a Virtual Machine Within a NameSpace

After installing OpenShift Virtualization, you may need to isolate a virtual machine within it’s namespace.

In the following procedure, a virtual machine is isolated in a namespace by only allowing SSH for ingress connections and setting all egress connections into podNetwork.

To isolate a VM within it’s namespace:

  1. Create a network security policy using the kubevirt-centos-netpol.yaml file, and apply the configuration file:
  2. Reconnect to the CentOS VM.

    Confirm connectivity to the Ubuntu pod by pinging the Ubuntu pod IP address.

    Confirm that connectivity to an internet site—in this example, www.google.com—is not possible.

How to Create a Virtual Machine with Multiple Interfaces

You can configure a virtual machine with multiple interfaces into multiple virtual networks when using Contrail Networking as the CNI in a Kubernetes environment.

In the following procedure, a virtual machine uses different interfaces to connect into two virtual networks, neta and netb.

To configure a virtual machine with multiple interfaces:

  1. Create the virtual networks.

    In this example, two virtual networks—neta and netb—are created using the netab.yaml file.

  2. Create a virtual machine with interfaces in multiple virtual networks.

    In this example, a virtual machine named vmi-fedora is created with interfaces in both of the virtual networks—neta and netb— that were created earlier in this procedure.

  3. Confirm that the pod and the VM instances were created.
  4. Create a service to connect the VM with SSH using Nodeport. Confirm that the service was created and is being used by the VM.
  5. Connect to the Fedora VM with SSH using a worker node IP address, then manually enable the network interfaces in the custom neta and netb virtual networks.