CNI Installation

OVN Kubernetes is used as the primary CNI for the cluster. On worker nodes, the primary CNI will be accelerated by offloading work to the DPU. On control plane nodes, OVN Kubernetes will run without offloading.

1. Create the NS for the CNI:

   Jump Node Console

   Collapse Source

   Copy

   Copied!

               
   
               
   $ kubectl create ns ovn-kubernetes
           

2. Install the OVN Kubernetes CNI components from the helm chart substituting the environment variables with the ones we defined before.

   Note

   Note that MTU field with value of 8940 has been added to the yaml to override the default value and to be able to achieve better performance results.

   manifests/01-cni-installation/helm-values/ovn-kubernetes.yml

   Collapse Source

   Copy

   Copied!

               
   
               
   commonManifests:
     enabled: true
   nodeWithoutDPUManifests:
     enabled: true
   controlPlaneManifests:
     enabled: true
   nodeWithDPUManifests:
     enabled: true
     nodeMgmtPortNetdev: $DPU_P0_VF1
     dpuServiceAccountNamespace: dpf-operator-system
   gatewayOpts: --gateway-interface=$DPU_P0
   ## Note this CIDR is followed by a trailing /24 which informs OVN Kubernetes on how to split the CIDR per node.
   podNetwork: $POD_CIDR/24
   serviceNetwork: $SERVICE_CIDR
   k8sAPIServer: https://$TARGETCLUSTER_API_SERVER_HOST:$TARGETCLUSTER_API_SERVER_PORT
   mtu: 8940
           

3. Run the following command:

   Jump Node Console

   Collapse Source

   Copy

   Copied!

               
   
               
   $ envsubst < manifests/01-cni-installation/helm-values/ovn-kubernetes.yml | helm upgrade --install -n ovn-kubernetes ovn-kubernetes ${OVN_KUBERNETES_REPO_URL}/ovn-kubernetes-chart --version $TAG --values -
    
   Release "ovn-kubernetes" does not exist. Installing it now.
   Pulled: ghcr.io/nvidia/ovn-kubernetes-chart:v25.4.0
   Digest: sha256:bce61b35ab485f06924681c5c906bfc0ab0065ac94830c6c036418e1edf995b3
   NAME: ovn-kubernetes
   LAST DEPLOYED: Tue May 20 08:51:29 2025
   NAMESPACE: ovn-kubernetes
   STATUS: deployed
   REVISION: 1
   TEST SUITE: None
           

4. Verify the CNI installation:

   Note

   The following verification commands may need to be run multiple times to ensure the condition is met.

   Jump Node Console

   Collapse Source

   Copy

   Copied!

               
   
               
   $ kubectl wait --for=condition=ready --namespace ovn-kubernetes pods --all --timeout=300s
   pod/ovn-kubernetes-cluster-manager-595dbf85c4-lpnd6 condition met
   pod/ovn-kubernetes-node-7x66w condition met
   pod/ovn-kubernetes-node-dmgs7 condition met
   pod/ovn-kubernetes-node-mrwzk condition met
    
   $ kubectl wait --for=condition=ready nodes --all
   node/master1 condition met
   node/master2 condition met
   node/master3 condition met
    
   $ kubectl wait --for=condition=ready --namespace kube-system pods --all
   pod/coredns-776bb9db5d-9bjhd condition met
   pod/coredns-776bb9db5d-rqvlw condition met
   pod/dns-autoscaler-6ffb84bd6-8jnjj condition met
   pod/kube-apiserver-master1 condition met
   pod/kube-apiserver-master2 condition met
   pod/kube-apiserver-master3 condition met
   pod/kube-controller-manager-master1 condition met
   pod/kube-controller-manager-master2 condition met
   pod/kube-controller-manager-master3 condition met
   pod/kube-scheduler-master1 condition met
   pod/kube-scheduler-master2 condition met
   pod/kube-scheduler-master3 condition met
   pod/kube-vip-master1 condition met
   pod/kube-vip-master2 condition met
   pod/kube-vip-master3 condition met