Customize JCNR Helm Chart
You can deploy and operate Juniper Cloud-Native Router in the L2, L3, or L2-L3* mode. You
configure the deployment mode by editing the appropriate attributes in the
values.yaml file prior to deployment.
-
The L2-L3 deployment mode is a Juniper Technology Previews (Tech Previews) feature in the Juniper Cloud-Native Router Release 23.2.
-
In the
fabricInterfacekey of thevalues.yamlfile:-
When all the interfaces have an
interface_modekey configured, then the mode of deployment would be L2. -
When one or more interfaces have an
interface_modekey configured along with the rest of the interfaces not having theinterface_modekey, then the mode of deployment would be L2-L3. -
When none of the interfaces have the
interface_modekey configured, then the mode of deployment would be L3.
-
Customize the helm charts using the
Juniper_Cloud_Native_Router_version-number/helmchart/values.yaml
file. The configuration keys of the heml chart are shown in the table below.
| Key | Additional Key Configuration | Description |
|---|---|---|
| registry | Defines the docker registry where the vRouter, cRPD and jcnr-cni container images
are hosted. The default value is enterprise-hub.juniper.net. |
|
| repository | (Optional) Defines the repository path for the vRouter, cRPD and jcnr-cni container images. This is a global key and takes precedence over "repository" paths under "common" section. | |
| imagePullSecret | (Optional) Defines the registry authentication credentials. You can configure credentials to either the Juniper repository or your private registry. | |
| registryCredentials | Base64 representation of your Docker registry credentials. View the Configure Repository Credentials topic for more information. | |
| secretName | Name of the Secret object that will be created. | |
| common | Defines repsitory paths and tags for the vRouter, cRPD and jcnr-cni container images. | |
| repository | Defines the repository path. The default value is
atom-docker/cn2/bazel-build/dev/. The global repository key takes
precedence if defined. |
|
| tag | Defines the image tag. The default value is configured to the appropriate tag number for the JCNR release version. | |
| replicas | (Optional) Indicates the number of replicas for cRPD. If the value is not specified, then the default value 1 is considered. The value for this key must be specified for multi-node clusters. | |
| storageClass |
(Optional) Indicates the name of the storage class for cRPD. This key must be specified for cloud deployments such as AWS where gp2 can be used. |
|
| noLocalSwitching | (Optional) Prevents interfaces in a bridge domain from transmitting and receiving ethernet frame copies. Enter one or more comma separated VLAN IDs to ensure that the interfaces belonging to the VLAN IDs do not transmit frames to one another. This key is specific for L2 and L2-L3 deployments. Enabling this key provides the functionality on all access interfaces. For enabling the functionality on trunk interfaces, configure the no-local-switching key in the fabricInterface key. | |
| fabricInterface |
Provide a list of interfaces to be bound to the DPDK. You can also provide subnets instead of interface names. If both the interface name and the subnet are specified, then the interface name takes precedence over subnet/gateway combination. The subnet/gateway combination is useful when the interface names vary in a multi-node cluster. Note:
For example: # L2 only
- eth1:
ddp: "auto"
interface_mode: trunk
vlan-id-list: [100, 200, 300, 700-705]
storm-control-profile: rate_limit_pf1
native-vlan-id: 100
no-local-switching: true
- bond0:
ddp: "auto" # auto/on/off
interface_mode: trunk
vlan-id-list: [100, 200, 300, 700-705]
storm-control-profile: rate_limit_pf1
#native-vlan-id: 100
#no-local-switching: true
# L3 only
- eth1:
ddp: "off"
- eth2:
ddp: "off"
# L2L3
- eth1:
ddp: "auto"
- eth2:
ddp: "auto"
interface_mode: trunk
vlan-id-list: [100, 200, 300, 700-705]
storm-control-profile: rate_limit_pf1
native-vlan-id: 100
no-local-switching: true
|
|
| subnet | An alternative mode of input for interface names. For example:
- subnet: 10.40.1.0/24 gateway: 10.40.1.1 ddp: "off" The
|
|
| ddp |
(Optional) Indicates the interface-level Dynamic Device Personalization (DDP) configuration. DDP provides datapath optimization at NIC for traffic like GTPU, SCTP, etc. For a bond interface, all slave interface NICs must support DDP for the DDP configuration to be enabled. Setting options include auto, on, or off. The default setting is off. Note:
The subnet/interface level |
|
| interface_mode |
Set to interface_mode: trunk |
|
| vlan-id-list |
Provide a list of VLAN IDs associated with the interface. |
|
| storm-control-profile |
Use |
|
| native-vlan-id |
Configure fabricInterface:
- bond0:
interface_mode: trunk
vlan-id-list: [100, 200, 300]
storm-control-profile: rate_limit_pf1
native-vlan-id: 100
|
|
| no-local-switching | Prevents interfaces from communicating directly with each other if the no-local-switching statement is configured. Allowed values are true or false. | |
| fabricWorkloadInterface | (Optional) Defines the interfaces to which different workloads are connected. They can be software-based or hardware-based interfaces. | |
| log_level | Defines the log severity. Available value options are: DEBUG, INFO, WARN, and ERR. Note:
Leave the log_level set to INFO unless instructed to change it by Juniper support. |
|
| log_path |
The defined directory stores various JCNR related descriptive logs such as contrail-vrouter-agent.log, contrail-vrouter-dpdk.log, etc. |
|
| syslog_notifications |
Indicates the absolute path to the file that stores syslog-ng generated notifications in JSON format. |
|
| nodeAffinity |
(Optional) Defines labels on nodes to determine where to place the cRPD, vRouter and syslog-ng pods. For example: nodeAffinity:
- key: node-role.kubernetes.io/worker
operator: Exists
Note:
This key is a global setting. On an OCP setup node affinity must be configured to bring up JCNR on worker only. |
|
| key | Key-value pair that represents a node label that must be matched to apply the node affinity. | |
| operator | Defines the relationship between the node label and the set of values in the matchExpression parameters in the pod specification. This value can be In, NotIn, Exists, DoesNotExist, Lt, or Gt. | |
| cni_bin_dir | (Optional) The default path is /opt/cni/bin. You can override the default cni path with a path of your choice e.g. /var/opt/cni/bin. In some deployments like Red Hat OpenShift the default CNI path may need to be changed. Leaving the path variable (cni_bin_dir) empty, isn't a viable option in OCP. | |
| grpcTelemetryPort |
(Optional) Enter a value for this parameter to override cRPD telemetry gRPC server default port of 50051. |
|
| grpcVrouterPort | (Optional) Enter a value for this parameter to override vRouter gRPC server default port of 50052. | |
| restoreInterfaces | Set the value of this key to true to restore the interfaces back to their original state in case the vRouter pod crashes or restarts. | |
| bondInterfaceConfigs | (Optional) Enable bond interface configurations only for L2 or L2-L3 deployments. | |
| name | (Optional) Name of the bond interface. | |
| mode | (Optional) Default value is 1 (Active_Backup) | |
| slaveInterfaces | (Optional) | |
| mtu | Maximum Transmission Unit (MTU) value for all physical interfaces (VFs and PFs). | |
| cpu_core_mask |
Indicates the vRouter forward core mask. If qos is enabled, you will need to allocate 4 CPU cores (primary and siblings). |
|
| stormControlProfiles | Configure the rate limit profiles for BUM traffic on fabric interfaces in bytes per second. | |
| rate_limit_pf1 | ||
| bandwidth | ||
| level | ||
| ddp |
(Optional) Indicates the global Dynamic Device Personalization (DDP) configuration. DDP provides datapath optimization at NIC for traffic like GTPU, SCTP, etc. For a bond interface, all slave interface NICs must support DDP for the DDP configuration to be enabled. Setting options include auto, on, or off. The default setting is off. Note:
The subnet/interface level |
|
| qosEnable |
Set to true or false to enable or disable QoS. Note:
QoS is not supported on Intel X710 NIC. |
|
| corePattern |
Indicates the core pattern to denote how the core file is generated. If this configuration is left blank, then JCNR pods will not overwrite the default pattern. Note:
Set the corePattern value on host before deploying JCNR. You may change the
value in |
|
| coreFilePath | Indicates the path for the core file. If the value is left blank, then vRouter considers /var/crashes as the default value. | |
| vrouter_dpdk_uio_driver | The uio driver can either be vfio-pci or
uio_pci_generic. |
The default helm chart is shown below:
####################################################################
# Common Configuration (global vars) #
####################################################################
global:
registry: enterprise-hub.juniper.net/
# uncomment below if all images are available in the same path; it will
# take precedence over "repository" paths under "common" section below
repository: jcnr-container-prod/
# uncomment below if you are using a private registry that needs authentication
# registryCredentials - Base64 representation of your Docker registry credentials
# secretName - Name of the Secret object that will be created
#imagePullSecret:
# registryCredentials: <base64-encoded-credential>
# secretName: regcred
common:
vrouter:
repository: atom-docker/cn2/bazel-build/dev/
tag: R23.2-156
crpd:
repository: junos-docker-local/warthog/
tag: 23.2R1.14
jcnrcni:
repository: junos-docker-local/warthog/
tag: 23.2-20230628-8cf4350
# Number of replicas for cRPD; this option must be used for multinode clusters
# JCNR will take 1 as default if replicas is not specified
#replicas: "3"
# storageClass: Name of the storage class for cRPD. This option is must for
# cloud deployments such as AWS where gp2 can be used
#storageClass: gp2
#noLocalSwitching: [700]
# fabricInterface: provide a list of interfaces to be bound to dpdk
# You can also provide subnets instead of interface names. Interfaces name take precedence over
# Subnet/Gateway combination if both specified (although there is no reason to specify both)
# Subnet/Gateway combination comes handy when the interface names vary in a multi-node cluster
fabricInterface:
#########################
# L2 only
#- eth1:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
#- eth2:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [700]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
#- bond0:
# ddp: "auto" # auto/on/off # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# #native-vlan-id: 100
# #no-local-switching: true
#########################
# L3 only
#- eth1:
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
#- eth2:
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
########################
# L2L3
#- eth1:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
#- eth2:
# ddp: "auto" # ddp parameter is optional; options include auto or on or off; default: off
# interface_mode: trunk
# vlan-id-list: [100, 200, 300, 700-705]
# storm-control-profile: rate_limit_pf1
# native-vlan-id: 100
# no-local-switching: true
##################################
# Provide subnets instead of interface names
# Interfaces will be auto-detected in each subnet
# Only one of the interfaces or subnet range must
# be configured. This form of input is particularly
# helpful when the interface names vary in a multi-node
# K8s cluster
#- subnet: 10.40.1.0/24
# gateway: 10.40.1.1
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
#- subnet: 192.168.1.0/24
# gateway: 192.168.1.1
# ddp: "off" # ddp parameter is optional; options include auto or on or off; default: off
##################################
# fabricWorkloadInterface is applicable only for Pure L2 deployments
#
#fabricWorkloadInterface:
#- enp59s0f1v0:
# interface_mode: access
# vlan-id-list: [700]
#- enp59s0f1v1:
# interface_mode: trunk
# vlan-id-list: [800, 900]
#########################
# defines the log severity. Possible options: DEBUG, INFO, WARN, ERR
log_level: "INFO"
# "log_path": this directory will contain various jcnr related descriptive logs
# such as contrail-vrouter-agent.log, contrail-vrouter-dpdk.log etc.
log_path: "/var/log/jcnr/"
# "syslog_notifications": absolute path to the file that will contain syslog-ng
# generated notifications in json format
syslog_notifications: "/var/log/jcnr/jcnr_notifications.json"
# nodeAffinity: Can be used to inject nodeAffinity for vRouter, cRPD and syslog-ng pods
# You may label the nodes where we wish to deploy JCNR and inject affinity accodingly
#nodeAffinity:
#- key: node-role.kubernetes.io/worker
# operator: Exists
#- key: node-role.kubernetes.io/master
# operator: DoesNotExist
#- key: kubernetes.io/hostname
# operator: In
# values:
# - example-host-1
# cni_bin_dir: Path where the CNI binary will be put; default: /opt/cni/bin
# this may be overriden in distributions other than vanilla K8s
# e.g. OpenShift - you may use /var/lib/cni/bin or /etc/kubernetes/cni/net.d
#cni_bin_dir: /var/lib/cni/bin
# grpcTelemetryPort: use this parameter to override cRPD telemetry gRPC server default port of 50051
#grpcTelemetryPort: 50055
# grpcVrouterPort: use this parameter to override vRouter gRPC server default port of 50052
#grpcVrouterPort: 50060
jcnr-vrouter:
# restoreInterfaces: setting this to true will restore the interfaces
# back to their original state in case vrouter pod crashes or restarts
restoreInterfaces: false
# Enable bond interface configurations L2 only or L2 L3 deployment
#bondInterfaceConfigs:
# - name: "bond0"
# mode: 1 # ACTIVE_BACKUP MODE
# slaveInterfaces:
# - "enp59s0f0v0"
# - "enp59s0f0v1"
# MTU for all physical interfaces( all VF’s and PF’s)
mtu: "9000"
# vrouter fwd core mask
# if qos is enabled, you will need to allocate 4 CPU cores (primary and siblings)
cpu_core_mask: "2,3,22,23"
# rate limit profiles for bum traffic on fabric interfaces in bytes per second
stormControlProfiles:
rate_limit_pf1:
bandwidth:
level: 0
#rate_limit_pf2:
# bandwidth:
# level: 0
# Set ddp to enable Dynamic Device Personalization (DDP)
# Provides datapath optimization at NIC for traffic like GTPU, SCTP etc.
# Options include auto or on or off; default: off
ddp: "auto"
# Set true/false to Enable or Disable QOS, note: QOS is not supported on X710 NIC.
qosEnable: false
# core pattern to denote how the core file will be generated
# if left empty, JCNR pods will not overwrite the default pattern
corePattern: ""
# path for the core file; vrouter considers /var/crashes as default value if not specified
coreFilePath: /var/crash
# uio driver will be vfio-pci or uio_pci_generic
vrouter_dpdk_uio_driver: "vfio-pci"If you are installing JCNR on Amazon EKS, then update the
dpdkCommandAdditionalArgs key in the
helmchart/charts/jcnr-vrouter/values.yaml file and set
tx and rx descriptors to 256. For example:
dpdkCommandAdditionalArgs: "--yield_option 0 --dpdk_txd_sz 256 --dpdk_rxd_sz 256"
Additional working samples for various deployment modes have been provided in the Working Samples for JCNR Helm Chart topic.