openshift · jboxman · Nov 8, 2019 · Oct 29, 2019
diff --git a/modules/nw-multus-add-pod.adoc b/modules/nw-multus-add-pod.adoc
@@ -2,17 +2,31 @@
 //
 // * networking/multiple-networks/attaching-pod.adoc
 
+ifeval::["{context}" == "configuring-sr-iov"]
+:sriov:
+endif::[]
+
 [id="nw-multus-add-pod_{context}"]
 = Adding a Pod to an additional network
 
 You can add a Pod to an additional network. The Pod continues to send normal
 cluster related network traffic over the default network.
 
+ifdef::sriov[]
+[NOTE]
+=====
+The Network Resources Injector will inject the `resource` parameter into the Pod CR automatically if a NetworkAttachmentDefinition CR associated with the SR-IOV CNI plug-in is specified.
+=====
+endif::sriov[]
+
 .Prerequisites
 
 * The Pod must be in the same namespace as the additional network.
 * Install the OpenShift Command-line Interface (CLI), commonly known as `oc`.
 * You must log in to the cluster.
+ifdef::sriov[]
+* You must have the SR-IOV Operator installed and a SriovNetwork CR defined.
+endif::sriov[]
 
 .Procedure
 
@@ -63,7 +77,7 @@ spec:
 following command. Replace `<name>` with the name of the Pod.
 +
 ----
-$ oc describe pod <name>
+$ oc get pod <name> -o yaml
 ----
 +
 In the following example, the `example-pod` Pod is attached to the `net1`
@@ -104,3 +118,7 @@ status:
 <1> The `k8s.v1.cni.cncf.io/networks-status` parameter is a JSON array of
 objects. Each object describes the status of an additional network attached
 to the Pod. The annotation value is stored as a plain text value.
+
+ifeval::["{context}" == "configuring-sr-iov"]
+:!sriov:
+endif::[]
diff --git a/modules/nw-sriov-configuring-device.adoc b/modules/nw-sriov-configuring-device.adoc
@@ -0,0 +1,82 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple-networks/configuring-sr-iov.adoc
+
+[id="configuring-sr-iov-devices_{context}"]
+= Configuring SR-IOV network devices
+
+The SR-IOV Network Operator adds the `SriovNetworkNodePolicy.sriovnetwork.openshift.io` Custom Resource Definition (CRD) to {product-title}.
+You can configure the SR-IOV network device by creating a SriovNetworkNodePolicy Custom Resource (CR).
+
+[NOTE]
+=====
+When applying the configuration specified in a SriovNetworkNodePolicy CR, the SR-IOV Operator may drain the nodes, and in some cases, reboot nodes.
+It may take several minutes for a configuration change to apply.
+Ensure that there are enough available nodes in your cluster to handle the evicted workload beforehand.
+
+After the configuration update is applied, all the Pods in `sriov-network-operator` namespace will change to a `Running` status.
+=====
+
+.Prerequisites
+
+* Install the OpenShift Command-line Interface (CLI), commonly known as `oc`.
+* Log in as a user with `cluster-admin` privileges.
+* You must have installed the SR-IOV Operator.
+
+.Procedure
+
+. Create the following SriovNetworkNodePolicy CR, and then save the YAML in the `<name>-sriov-node-network.yaml` file. Replace `<name>` with the name for this configuration.
++
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodePolicy
+metadata:
+  name: <name> <1>
+  namespace: sriov-network-operator <2>
+spec:
+  resourceName: <sriov_resource_name> <3>
+  nodeSelector:
+    feature.node.kubernetes.io/network-sriov.capable: "true" <4>
+  priority: <priority> <5>
+  mtu: <mtu> <6>
+  numVfs: <num> <7>
+  nicSelector: <8>
+    vendor: "<vendor_code>" <9>
+    deviceID: "<device_id>" <10>
+    pfName: ["<pf_name>", ...] <11>
+    rootDevices: ["<pci_bus_id>", "..."] <12>
+  deviceType: <device_type> <13>
+  isRdma: false <14>
+----
+<1> Specify a name for the CR.
+<2> Specify the namespace where the SR-IOV Operator is installed.
+<3> Specify the resource name of the SR-IOV device plug-in. The prefix `openshift.io/` will be added when it's referred in Pod spec. You can create multiple SriovNetworkNodePolicy CRs for a resource name.
+<4> Specify the node selector to select which node to be configured. User can choose to label the nodes manually or with tools like Kubernetes Node Feature Discovery.
+Only SR-IOV network devices on selected nodes will be configured. The SR-IOV
+CNI plug-in and device plug-in will be only deployed on selected nodes.
+<5> Specify an integer value between `0` and `99`. A larger number gets lower priority, so a priority of `99` is lower than a priority of `10`.
+<6> Specify a value for the maximum transmission unit (MTU) of the virtual function. The value for MTU must be in the range from `1` to `9000`. If you do not need to specify the MTU, specify a value of `''`. 
+<7> Specify the number of the virtual functions (VF) to create for the SR-IOV physical network device. For an Intel Network Interface Card (NIC), the number of VFs cannot be larger than the total VFs supported by the device. For a Mellanox NIC, the number of VFs cannot be larger than `128`.
+<8> The `nicSelector` mapping selects the Ethernet device for the Operator to configure. You do not need to specify values for all the parameters. It is recommended to identify the Ethernet adapter with enough precision to minimize the possibility of selecting an Ethernet device unintentionally.
+If you specify `rootDevices`, you must also specify a value for `vendor`, `deviceID`, or `pfName`.
+If you specify both `pfName` and `rootDevices` at the same time, ensure that they point to an identical device.
+<9> Specify the vendor hex code of the SR-IOV network device. The only allowed values are either `8086` or `15b3`.
+<10> Specify the device hex code of SR-IOV network device. The only allowed values are `158b`, `1015`, `1017`.
+<11> The parameter accepts an array of one or more physical function (PF) names for the Ethernet device.
+<12> The parameter accepts an array of one or more PCI bus addresses for the physical function of the Ethernet device. Provide the address in the following format: `0000:02:00.1`.
+<13> Specify the driver type for the virtual functions. You can specify one of the following values: `netdevice` or `vfio-pci`. The default value is `netdevice`.
+<14> Specify whether to enable RDMA mode. The default value is `false`. Only RDMA over Converged Ethernet (RoCE) mode is supported on Mellanox Ethernet adapters.
++
+[NOTE]
+=====
+If `RDMA` flag is set to `true`, you can continue to use the RDMA enabled VF as a normal network device.
+A device can be used in either mode.
+=====
+
+. Create the CR by running the following command:
++
+----
+$ oc create -f <filename> <1>
+----
+<1>  Replace `<filename>` with the name of the file you created in the previous step.
diff --git a/modules/nw-sriov-device-discovery.adoc b/modules/nw-sriov-device-discovery.adoc
@@ -0,0 +1,77 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple-networks/configuring-sr-iov.adoc
+
+[id="discover-sr-iov-devices_{context}"]
+= Automated discovery of SR-IOV network devices
+
+The SR-IOV Network Operator will search your cluster for SR-IOV capable network devices on worker nodes.
+The Operator creates and updates a SriovNetworkNodeState Custom Resource (CR) for each worker node that provides a compatible SR-IOV network device.
+
+One CR is created for each worker node, and shares the same name as the node.
+The `.spec.interfaces` list provides information about the network devices on a node.
+
+[IMPORTANT]
+====
+Do not modify a SriovNetworkNodeState CR.
+The Operator creates and manages these resources automatically.
+====
+
+The following is an example of a SriovNetworkNodeState CR created by the SR-IOV Network Operator:
+
+[source,yaml]
+----
+apiVersion: sriovnetwork.openshift.io/v1
+kind: SriovNetworkNodeState
+metadata:
+  name: node-25 <1>
+  namespace: sriov-network-operator
+  ownerReferences:
+  - apiVersion: sriovnetwork.openshift.io/v1
+    blockOwnerDeletion: true
+    controller: true
+    kind: SriovNetworkNodePolicy
+    name: default
+spec:
+  dpConfigVersion: d41d8cd98f00b204e9800998ecf8427e
+status:
+  interfaces: <2>
+  - deviceID: "1017"
+    driver: mlx5_core
+    mtu: 1500
+    name: ens785f0
+    pciAddress: "0000:18:00.0"
+    totalvfs: 8
+    vendor: 15b3
+  - deviceID: "1017"
+    driver: mlx5_core
+    mtu: 1500
+    name: ens785f1
+    pciAddress: "0000:18:00.1"
+    totalvfs: 8
+    vendor: 15b3
+  - deviceID: 158b
+    driver: i40e
+    mtu: 1500
+    name: ens817f0
+    pciAddress: 0000:81:00.0
+    totalvfs: 64
+    vendor: "8086"
+  - deviceID: 158b
+    driver: i40e
+    mtu: 1500
+    name: ens817f1
+    pciAddress: 0000:81:00.1
+    totalvfs: 64
+    vendor: "8086"
+  - deviceID: 158b
+    driver: i40e
+    mtu: 1500
+    name: ens803f0
+    pciAddress: 0000:86:00.0
+    totalvfs: 64
+    vendor: "8086"
+  syncStatus: Succeeded
+----
+<1> The value for the `name` parameter is the same as the name of the worker node.
+<2> The `interfaces` collection includes a list of all of the SR-IOV devices discovered by the Operator on the worker node.
diff --git a/modules/nw-sriov-installing-operator.adoc b/modules/nw-sriov-installing-operator.adoc
@@ -0,0 +1,148 @@
+// Module included in the following assemblies:
+//
+// * networking/multiple-networks/configuring-sr-iov.adoc
+
+[id="installing-sr-iov-operator_{context}"]
+= Installing SR-IOV Network Operator
+
+As a cluster administrator, you can install the SR-IOV Network Operator using the {product-title} CLI or the web console.
+
+[id="install-operator-cli"]
+== Installing the Operator using the CLI
+
+As a cluster administrator, you can install the Operator using the CLI.
+
+.Prerequisites
+
+* A cluster installed on bare-metal hardware with nodes that have hardware that supports SR-IOV.
+* The {product-title} Command-line Interface (CLI), commonly known as `oc`.
+* Log in as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Create a namespace for the SR-IOV Network Operator by completing the following actions:
+
+.. Create the following Namespace Custom Resource (CR) that defines the `sriov-network-operator` namespace, and then save the YAML in the `sriov-namespace.yaml` file:
++
+----
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: sriov-network-operator
+  labels:
+    openshift.io/run-level: "1"
+----
+
+.. Create the namespace by running the following command:
++
+----
+$ oc create -f sriov-namespace.yaml
+----
+
+. Install the SR-IOV Network Operator in the namespace you created in the previous step by creating the following objects:
+
+.. Create the following OperatorGroup CR and save the YAML in the
+`sriov-operatorgroup.yaml` file:
++
+----
+apiVersion: operators.coreos.com/v1
+kind: OperatorGroup
+metadata:
+  name: sriov-network-operators
+  namespace: sriov-network-operator
+spec:
+  targetNamespaces:
+  - sriov-network-operator
+----
+
+.. Create the OperatorGroup CR by running the following command:
++
+----
+$ oc create -f sriov-operatorgroup.yaml
+----
+
+.. Run the following command to get the `channel` value required for the next
+step.
++
+----
+$ oc get packagemanifest sriov-network-operator -n openshift-marketplace -o jsonpath='{.status.channels[].name}'
+
+alpha
+----
+
+.. Create the following Subscription CR and save the YAML in the `sriov-sub.yaml` file:
++
+.Example Subscription
+[source,yaml]
+----
+apiVersion: operators.coreos.com/v1alpha1
+kind: Subscription
+metadata:
+  name: sriov-network-operator-subsription
+  namespace: sriov-network-operator
+spec:
+  channel: <channel> <1>
+  name: sriov-network-operator
+  source: redhat-operators <2>
+  sourceNamespace: openshift-marketplace
+----
+<1> Specify the value from you obtained in the previous step for the `.status.channels[].name` parameter.
+<2> You must specify the `redhat-operators` value.
+
+.. Create the Subscription object by running the following command:
++
+----
+$ oc create -f sriov-sub.yaml
+----
+
+.. Change to the `sriov-network-operator` project:
++
+----
+$ oc project sriov-network-operator
+
+Now using project "sriov-network-operator"
+----
+
+[id="install-operator-web-console"]
+== Installing the Operator using the web console
+
+As a cluster administrator, you can install the Operator using the web console.
+
+[NOTE]
+====
+You have to create the Namespace CR and OperatorGroup CR as mentioned
+in the previous section.
+====
+
+.Procedure
+
+. Install the SR-IOV Network Operator using the {product-title} web console:
+
+.. In the {product-title} web console, click *Operators* -> *OperatorHub*.
+
+.. Choose  *SR-IOV Network Operator* from the list of available Operators, and then click *Install*.
+
+.. On the *Create Operator Subscription* page, under *A specific namespace on the cluster* select *sriov-network-operator*. Then, click *Subscribe*.
+
+. Optional: Verify that the SR-IOV Network Operator installed successfully:
+
+.. Switch to the *Operators* -> *Installed Operators* page.
+
+.. Ensure that *SR-IOV Network Operator* is listed in the *sriov-network-operator* project with a *Status* of *InstallSucceeded*.
++
+[NOTE]
+====
+During installation an Operator might display a *Failed* status.
+If the installation later succeeds with an *InstallSucceeded* message, you can ignore the *Failed* message.
+====
+
++
+If the operator does not appear as installed, to troubleshoot further:
+
++
+* Go to the *Operators* -> *Installed Operators* page and inspect
+the *Operator Subscriptions* and *Install Plans* tabs for any failure or errors
+under *Status*.
+* Go to the *Workloads* -> *Pods* page and check the logs for Pods in the
+`sriov-network-operator` project.
+