diff --git a/doc/source/_includes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rest b/doc/source/_includes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rest new file mode 100644 index 000000000..e69de29bb diff --git a/doc/source/shared/abbrevs.txt b/doc/source/shared/abbrevs.txt index 40e553395..f677e1e96 100755 --- a/doc/source/shared/abbrevs.txt +++ b/doc/source/shared/abbrevs.txt @@ -20,6 +20,7 @@ .. |CAs| replace:: :abbr:`CAs (Certificate Authorities)` .. |CLI| replace:: :abbr:`CLI (Command Line Interface)` .. |CMK| replace:: :abbr:`CMK (CPU Manager for Kubernetes)` +.. |CLIs| replace:: :abbr:`CLIs (Command Line Interfaces)` .. |CNI| replace:: :abbr:`CNI (Container Networking Interface)` .. |CoW| replace:: :abbr:`CoW (Copy on Write)` .. |CSK| replace:: :abbr:`CSK (Code Signing Key)` diff --git a/doc/source/usertasks/index.rs1 b/doc/source/usertasks/index.rs1 index b0deef3ff..93db90f4d 100644 --- a/doc/source/usertasks/index.rs1 +++ b/doc/source/usertasks/index.rs1 @@ -9,6 +9,7 @@ - :ref:`Remote CLI Access ` - :ref:`Configuring Container-backed Remote CLIs and Clients ` + - :ref:`Using Container-backed Remote CLIs and Clients ` - :ref:`Installing Kubectl and Helm Clients Directly on a Host ` - :ref:`Configuring Remote Helm Client ` diff --git a/doc/source/usertasks/kubernetes/configuring-remote-helm-client.rst b/doc/source/usertasks/kubernetes/configuring-remote-helm-client.rst index 02f16f8d8..fcab43f9d 100644 --- a/doc/source/usertasks/kubernetes/configuring-remote-helm-client.rst +++ b/doc/source/usertasks/kubernetes/configuring-remote-helm-client.rst @@ -88,7 +88,7 @@ commands can be run by the non-admin user, locally or remotely. ~(keystone_admin)]$ helm init --service-account=tiller --tiller-namespace=$NAMESPACE --output yaml | sed 's@apiVersion: extensions/v1beta1@apiVersion: apps/v1@' | sed 's@ replicas: 1@ replicas: 1\n \ selector: {"matchLabels": {"app": "helm", "name": "tiller"}}@' > helm-init.yaml ~(keystone_admin)]$ kubectl apply -f helm-init.yaml - ~(keystone_admin)]$ helm init –client-only + ~(keystone_admin)]$ helm init --client-only --home "./.helm" .. note:: Ensure that each of the patterns between single quotes in the above diff --git a/doc/source/usertasks/kubernetes/creating-network-attachment-definitions.rst b/doc/source/usertasks/kubernetes/creating-network-attachment-definitions.rst index 60c69d194..2053716bb 100644 --- a/doc/source/usertasks/kubernetes/creating-network-attachment-definitions.rst +++ b/doc/source/usertasks/kubernetes/creating-network-attachment-definitions.rst @@ -39,7 +39,7 @@ this data network. .. code-block:: yaml - ~(keystone_admin)$ cat < net1.yaml + ~(keystone_admin)]$ cat < net1.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: @@ -65,7 +65,7 @@ this data network. .. code-block:: none - ~(keystone_admin)$ cat < net2.yaml + ~(keystone_admin)]$ cat < net2.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: @@ -85,7 +85,7 @@ this data network. .. code-block:: none - ~(keystone_admin)$ cat < net3.yaml + ~(keystone_admin)]$ cat < net3.yaml apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: diff --git a/doc/source/usertasks/kubernetes/index.rst b/doc/source/usertasks/kubernetes/index.rst index 3f7893764..0a039a1ca 100644 --- a/doc/source/usertasks/kubernetes/index.rst +++ b/doc/source/usertasks/kubernetes/index.rst @@ -22,6 +22,7 @@ Remote CLI access usertask-using-container-backed-remote-clis-and-clients kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host configuring-remote-helm-client + using-container-based-remote-clis-and-clients GUI access ********** diff --git a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-authentication-and-authorization.rst b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-authentication-and-authorization.rst index a094d234d..15101398c 100644 --- a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-authentication-and-authorization.rst +++ b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-authentication-and-authorization.rst @@ -15,16 +15,29 @@ For example: $ docker login registry.local:9001 -u -p -An authorized administrator can perform any docker action, while regular users -can only interact with their own repositories \(i.e. -``registry.local:9001//``\). For example, only **admin** and -**testuser** accounts can push to or pull from: +An authorized administrator \('admin' and 'sysinv'\) can perform any docker +action. Regular users can only interact with their own repositories \(i.e. +``registry.local:9001//``\). Any authenticated user can pull +from the following list of public images: + +.. _kubernetes-user-tutorials-authentication-and-authorization-d315e50: + +- registry.local:9001:/public/\* + +- registry.local:9001:/k8s.gcr.io/pause + +- registry.local:9001:/quay.io/jetstack/cert-manager-acmesolver + + +The **mtce** user can only pull public images, but cannot push any images. + +For example, only **admin** and **testuser** accounts can push to or pull from: .. code-block:: none registry.local:9001/testuser/busybox:latest -.. _kubernetes-user-tutorials-authentication-and-authorization-d315e59: +.. _kubernetes-user-tutorials-authentication-and-authorization-d315e87: --------------------------------- Username and Docker Compatibility @@ -39,6 +52,14 @@ example, the user **testuser** is correct in the following URL, while registry.local:9001/testuser/busybox:latest +.. note:: + Use of the auto-generated self-signed certificate for the registry + certificate is not recommended. If you must do so, then from the central + cloud/systemController, access to the local registry can only be done using + registry.local:9001. registry.central:9001 will be inaccessible. Installing + a CA-signed certificate for the registry and the certificate of the CA as + an 'ssl\_ca' certificate will remove this restriction. + .. seealso:: `https://docs.docker.com/engine/reference/commandline/docker/ `__ for more diff --git a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst index 0e07dc0b2..32cee678c 100644 --- a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst +++ b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst @@ -12,9 +12,8 @@ Linux, MacOS, and Windows. .. rubric:: |context| This functionality is made available using a docker container with -pre-installed :abbr:`CLIs (Command Line Interfaces)` and clients. The -container's image is pulled as required by the remote CLI/client configuration -scripts. +pre-installed |CLIs| and clients. The container's image is pulled as required +by the remote CLI/client configuration scripts. .. rubric:: |prereq| @@ -51,7 +50,7 @@ scripts. - You will need a kubectl config file containing your user account and login credentials from your |prod| administrator. -The following procedure helps you configure the Container-backed remote CLIs +The following procedure helps you configure the Container-backed remote |CLIs| and clients for a non-admin user. .. rubric:: |proc| @@ -106,7 +105,7 @@ and clients for a non-admin user. $ cd $HOME/|prefix|-remote-clients-/ #. Create a working directory that will be mounted by the container - implementing the remote CLIs. + implementing the remote |CLIs|. See the description of the :command:`configure\_client.sh` ``-w`` option :ref:`below ` for more details. @@ -117,28 +116,38 @@ and clients for a non-admin user. #. Run the :command:`configure\_client.sh` script. - .. code-block:: none + .. only:: starlingx - $ ./configure_client.sh -t platform -r my_openrc.sh -k user-kubeconfig -w $HOME/remote_cli_wd + .. code-block:: none - where the options for configure\_client.sh are: + $ ./configure_client.sh -t platform -r my_openrc.sh -k user-kubeconfig -w $HOME/remote_cli_wd + + .. only:: partner + + .. include:: ../../_includes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rest + + If you specify repositories that require authentication, as shown + above, you must remember to perform a :command:`docker login` to + that repository before using remote |CLIs| for the first time. + + The options for configure\_client.sh are: **-t** The type of client configuration. The options are platform \(for - |prod-long| CLI and clients\) and openstack \(for |prod-os| - application CLI and clients\). + |prod-long| |CLI| and clients\) and openstack \(for |prod-os| + application |CLI| and clients\). The default value is platform. **-r** - The user/tenant RC file to use for :command:`openstack` CLI + The user/tenant RC file to use for :command:`openstack` |CLI| commands. The default value is admin-openrc.sh. **-k** The kubernetes configuration file to use for :command:`kubectl` and - :command:`helm` CLI commands. + :command:`helm` |CLI| commands. The default value is temp-kubeconfig. @@ -146,7 +155,7 @@ and clients for a non-admin user. The remote CLI/client RC file generated by this script. This RC file needs to be sourced in the shell to set up required - environment variables and aliases before running any remote CLI + environment variables and aliases before running any remote |CLI| commands. For the platform client setup, the default is @@ -157,17 +166,17 @@ and clients for a non-admin user. **-w** The working directory that will be mounted by the container - implementing the remote CLIs. When using the remote CLIs, any files - passed as arguments to the remote CLI commands need to be in this + implementing the remote |CLIs|. When using the remote |CLIs|, any files + passed as arguments to the remote |CLI| commands need to be in this directory in order for the container to access the files. The default value is the directory from which the :command:`configure\_client.sh` command was run. **-p** - Override the container image for the platform CLI and clients. + Override the container image for the platform |CLI| and clients. - By default, the platform CLIs and clients container image is pulled - from docker.io/starlingx/stx-platformclients. + By default, the platform |CLIs| and clients container image is + pulled from docker.io/starlingx/stx-platformclients. For example, to use the container images from the WRS AWS ECR: @@ -177,28 +186,40 @@ and clients for a non-admin user. If you specify repositories that require authentication, you must perform a :command:`docker login` to that repository before using - remote CLIs. + remote |CLIs|. **-a** Override the OpenStack application image. - By default, the OpenStack CLIs and clients container image is + By default, the OpenStack |CLIs| and clients container image is pulled from docker.io/starlingx/stx-openstackclients. The :command:`configure-client.sh` command will generate a remote\_client\_platform.sh RC file. This RC file needs to be sourced in the shell to set up required environment variables and aliases - before any remote CLI commands can be run. + before any remote |CLI| commands can be run. .. rubric:: |postreq| After configuring the platform's container-backed remote CLIs/clients, the -remote platform CLIs can be used in any shell after sourcing the generated +remote platform |CLIs| can be used in any shell after sourcing the generated remote CLI/client RC file. This RC file sets up the required environment -variables and aliases for the remote CLI commands. +variables and aliases for the remote |CLI| commands. .. note:: Consider adding this command to your .login or shell rc file, such that your shells will automatically be initialized with the environment - variables and aliases for the remote CLI commands. + variables and aliases for the remote |CLI| commands. +See :ref:`Using Container-backed Remote CLIs and Clients ` for details. + +**Related information** + +.. seealso:: + :ref:`Using Container-backed Remote CLIs and Clients + ` + + :ref:`Installing Kubectl and Helm Clients Directly on a Host + ` + + :ref:`Configuring Remote Helm Client ` \ No newline at end of file diff --git a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-creating-persistent-volume-claims.rst b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-creating-persistent-volume-claims.rst index 07d61c373..c4142b789 100644 --- a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-creating-persistent-volume-claims.rst +++ b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-creating-persistent-volume-claims.rst @@ -17,7 +17,7 @@ The following steps create two 1Gb persistent volume claims. .. rubric:: |proc| -.. _kubernetes-user-tutorials-creating-persistent-volume-claims-d385e32: +.. _kubernetes-user-tutorials-creating-persistent-volume-claims-d395e32: #. Create the **test-claim1** persistent volume claim. @@ -28,7 +28,7 @@ The following steps create two 1Gb persistent volume claims. .. code-block:: yaml - ~(keystone_admin)$ cat < claim1.yaml + ~(keystone_admin)]$ cat < claim1.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -46,7 +46,7 @@ The following steps create two 1Gb persistent volume claims. .. code-block:: none - ~(keystone_admin)$ kubectl apply -f claim1.yaml + ~(keystone_admin)]$ kubectl apply -f claim1.yaml persistentvolumeclaim/test-claim1 created #. Create the **test-claim2** persistent volume claim. @@ -57,7 +57,7 @@ The following steps create two 1Gb persistent volume claims. .. code-block:: yaml - ~(keystone_admin)$ cat < claim2.yaml + ~(keystone_admin)]$ cat < claim2.yaml kind: PersistentVolumeClaim apiVersion: v1 metadata: @@ -75,7 +75,7 @@ The following steps create two 1Gb persistent volume claims. .. code-block:: none - ~(keystone_admin)$ kubectl apply -f claim2.yaml + ~(keystone_admin)]$ kubectl apply -f claim2.yaml persistentvolumeclaim/test-claim2 created .. rubric:: |result| @@ -85,7 +85,7 @@ following command. .. code-block:: none - ~(keystone_admin)$ kubectl get persistentvolumeclaims + ~(keystone_admin)]$ kubectl get persistentvolumeclaims NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE test-claim1 Bound pvc-aaca.. 1Gi RWO general 2m56s test-claim2 Bound pvc-e93f.. 1Gi RWO general 68s diff --git a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-helm-package-manager.rst b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-helm-package-manager.rst index 39ec8e6f5..bc6ca8de8 100644 --- a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-helm-package-manager.rst +++ b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-helm-package-manager.rst @@ -27,7 +27,7 @@ Use the following command to list the helm repositories: .. code-block:: none - ~(keystone_admin)$ helm repo list + ~(keystone_admin)]$ helm repo list NAME URL stable https://kubernetes-charts.storage.googleapis.com local http://127.0.0.1:8879/charts diff --git a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host.rst b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host.rst index a7d64ffb4..a2b2836cc 100644 --- a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host.rst +++ b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-installing-kubectl-and-helm-clients-directly-on-a-host.rst @@ -108,3 +108,14 @@ You will need the following information from your |prod| administrator: In order to use :command:`helm`, additional configuration is required. For more information, see :ref:`Configuring Remote Helm Client `. + +**Related information** + +.. seealso:: + :ref:`Configuring Container-backed Remote CLIs and Clients + ` + + :ref:`Using Container-backed Remote CLIs and Clients + ` + + :ref:`Configuring Remote Helm Client ` \ No newline at end of file diff --git a/doc/source/usertasks/kubernetes/remote-cli-access.rst b/doc/source/usertasks/kubernetes/remote-cli-access.rst index 0563dd4a2..a5ae38867 100644 --- a/doc/source/usertasks/kubernetes/remote-cli-access.rst +++ b/doc/source/usertasks/kubernetes/remote-cli-access.rst @@ -29,3 +29,13 @@ remote workstation using one of the two methods. :command:`helm` clients directly on the remote host. This method only provides the kubernetes-related CLIs and requires OS-specific installation instructions. + +.. seealso:: + :ref:`Configuring Container-backed Remote CLIs and Clients + ` + + :ref:`Using Container-backed Remote CLIs and Clients ` + + :ref:`Installing Kubectl and Helm Clients Directly on a Host ` + + :ref:`Configuring Remote Helm Client ` \ No newline at end of file diff --git a/doc/source/usertasks/kubernetes/using-an-image-from-the-local-docker-registry-in-a-container-spec.rst b/doc/source/usertasks/kubernetes/using-an-image-from-the-local-docker-registry-in-a-container-spec.rst index 22161535c..e81b3eba1 100644 --- a/doc/source/usertasks/kubernetes/using-an-image-from-the-local-docker-registry-in-a-container-spec.rst +++ b/doc/source/usertasks/kubernetes/using-an-image-from-the-local-docker-registry-in-a-container-spec.rst @@ -12,6 +12,13 @@ specify an **imagePullSecret** with your keystone credentials. .. rubric:: |context| +.. note:: + If the credentials of a Keystone user is changed, you must change the + credentials stored in your **imagePullSecret** for the same user. Failure + to do so will cause docker to authenticate with Keystone using the old + credentials, and locking the Keystone user account due to too many + incorrect login attempts. + This example procedure assumes that testuser/busybox:latest container image has been pushed to the local docker registry. diff --git a/doc/source/usertasks/kubernetes/using-container-based-remote-clis-and-clients.rst b/doc/source/usertasks/kubernetes/using-container-based-remote-clis-and-clients.rst new file mode 100644 index 000000000..2d280d32b --- /dev/null +++ b/doc/source/usertasks/kubernetes/using-container-based-remote-clis-and-clients.rst @@ -0,0 +1,147 @@ + +.. vja1605798752774 +.. _using-container-based-remote-clis-and-clients: + +============================================== +Use Container-backed Remote |CLIs| and Clients +============================================== + +Remote platform |CLIs| can be used in any shell after sourcing the generated +remote CLI/client RC file. This RC file sets up the required environment +variables and aliases for the remote |CLI| commands. + +.. rubric:: |prereq| + +.. note:: + Consider adding this command to your .login or shell rc file, such that + your shells will automatically be initialized with the environment + variables and aliases for the remote CLI commands. + + Otherwise, execute the following before proceeding: + + .. code-block:: none + + root@myclient:/home/user/remote_cli_wd# source remote_client_platform.sh + + If you specified repositories that require authentication when configuring + the container-backed remote |CLIs|, you must perform a :command:`docker + login` to that repository before using remote |CLIs| for the first time + +You must have completed the configuration steps described in :ref:`Configuring +Container-backed Remote CLIs and Clients +` +before proceeding. + +.. rubric:: |proc| + +- For Kubernetes :command:`kubectl` |CLI| commands: + + .. note:: + The first usage of a remote |CLI| command will be slow as it requires + that the docker image supporting the remote CLIs/clients be pulled from + the remote registry. + + .. code-block:: none + + Please enter your OpenStack Password for project tenant1 as user user1: + + root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system get pods + NAME READY STATUS RESTARTS AGE + calico-kube-controllers-767467f9cf-wtvmr 1/1 Running 1 3d2h + calico-node-j544l 1/1 Running 1 3d + calico-node-ngmxt 1/1 Running 1 3d1h + calico-node-qtc99 1/1 Running 1 3d + calico-node-x7btl 1/1 Running 4 3d2h + ceph-pools-audit-1569848400-rrpjq 0/1 Completed 0 12m + ceph-pools-audit-1569848700-jhv5n 0/1 Completed 0 7m26s + ceph-pools-audit-1569849000-cb988 0/1 Completed 0 2m25s + coredns-7cf476b5c8-5x724 1/1 Running 1 3d2h + ... + root@myclient:/home/user/remote_cli_wd# + + .. note:: + Some |CLI| commands are designed to leave you in a shell prompt, for + example: + + .. code-block:: none + + root@myclient:/home/user/remote_cli_wd# openstack + + or + + .. code-block:: none + + root@myclient:/home/user/remote_cli_wd# kubectl exec -ti -- /bin/bash + + In most cases, the remote CLI will detect and handle these commands + correctly. If you encounter cases that are not handled correctly, you + can force-enable or disable the shell options using the + or variables before the command. + + For example: + + .. code-block:: none + + root@myclient:/home/user/remote_cli_wd# FORCE_SHELL=true kubectl exec -ti -- /bin/bash + root@myclient:/home/user/remote_cli_wd# FORCE_NO_SHELL=true kubectl exec -- ls + + You cannot use both variables at the same time. + +- If you need to run a remote |CLI| command that references a local file, + then that file must be copied to or created in the working directory specified + in the -w option on the ./config\_client.sh command. + + For example: + + .. code-block:: none + + root@myclient:/home/user# cp //test.yml $HOME/remote_cli_wd/test.yml + root@myclient:/home/user# cd $HOME/remote_cli_wd + root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system create -f test.yml + pod/test-pod created + root@myclient:/home/user/remote_cli_wd# kubectl -n kube-system delete -f test.yml + pod/test-pod deleted + +- Do the following to use helm. + +.. xreflink + .. note:: + For non-admin users, additional configuration is required first as + discussed in |sec-doc|: :ref:`Configuring Remote Helm Client for + Non-Admin Users `. + + .. note:: + When using helm, any command that requires access to a helm repository + \(managed locally\) will require that you be in the + $HOME/remote\_cli\_wd directory and use the --home ./.helm option. + + + #. Do the initial setup of the helm client. + + .. note:: + This command assumes you are using Helm v2. + + .. code-block:: none + + % cd $HOME/remote_cli_wd + % helm init --client-only --home "./.helm" + + #. Run a helm command. + + .. code-block:: none + + % cd $HOME/remote_cli_wd + % helm list + % helm install --name wordpress stable/wordpress --home "./.helm" + + + +**Related information** + +.. seealso:: + :ref:`Configuring Container-backed Remote CLIs and Clients ` + + :ref:`Installing Kubectl and Helm Clients Directly on a Host ` + + :ref:`Configuring Remote Helm Client ` + diff --git a/doc/source/usertasks/kubernetes/using-kubernetes-cpu-manager-static-policy.rst b/doc/source/usertasks/kubernetes/using-kubernetes-cpu-manager-static-policy.rst index c58fc0a2d..60555b734 100644 --- a/doc/source/usertasks/kubernetes/using-kubernetes-cpu-manager-static-policy.rst +++ b/doc/source/usertasks/kubernetes/using-kubernetes-cpu-manager-static-policy.rst @@ -14,8 +14,7 @@ Kubernetes CPU manager static policy. You will need to enable this CPU management mechanism before applying a policy. -.. See |admintasks-doc|: :ref:`Optimizing Application Performance - ` for details. +See |admintasks-doc|: :ref:`Optimizing Application Performance ` for details on how to enable this CPU management mechanism. .. rubric:: |proc| diff --git a/doc/source/usertasks/kubernetes/using-network-attachment-definitions-in-a-container.rst b/doc/source/usertasks/kubernetes/using-network-attachment-definitions-in-a-container.rst index 1d2aae2c9..5301c1da5 100644 --- a/doc/source/usertasks/kubernetes/using-network-attachment-definitions-in-a-container.rst +++ b/doc/source/usertasks/kubernetes/using-network-attachment-definitions-in-a-container.rst @@ -39,6 +39,7 @@ devices as you have network annotations. name: pod1 annotations: k8s.v1.cni.cncf.io/networks: '[ + { "name": "net2" }, { "name": "net2" } ]' spec: @@ -58,7 +59,7 @@ devices as you have network annotations. .. code-block:: none - ~(keystone_admin)$ kubectl create -f pod1.yaml + ~(keystone_admin)]$ kubectl create -f pod1.yaml pod/pod1 created After creating the container, an extra network device interface, **net2**,