Launching Thunder in Kubernetes

Adding a Credential for Kubernetes

  1. Click Infrastructure > Orchestration > Credential.

  2. Click Add Credential.

  3. Select the environment as Kubernetes, enter the Kubernetes API server’s hostname or IP Address, API server port, bearer token of the service account.

  4. Click Save.

For additional information on bearer token, refer to the Kubernetes documentation.

Deploying Thunder Container on Kubernetes

  1. Click Infrastructure > Orchestration > Virtual Devices.

  2. Click Create Virtual Device.

  3. Select a cluster that has been previously created from the Adding a Cluster.

  4. Select the environment as Kubernetes and provide the credentials.

  5. (Optional) Provide a non-default management-port for the new Thunder device. Default management port for a Thunder device is 443.

  6. Select a valid license token and click Next.

    Selecting a license token is optional. If no license token is selected device will remain un-licensed after instantiation unless a license is explicitly applied to the device at a later point.

  7. Provide a unique container name, select a node, a namespace, and search to select a docker image that should be used to instantiate the device.

  8. Allocate the CPU and memory resources to be reserved for the Thunder device.

  9. Configure network mapping for the Thunder Container. The Thunder container is configured with Kubernetes service of type NodePort to be able to be accessed by Harmony Controller. By default ports 22, 80 and 443 are exposed in a NodePort service that is deployed and you can add more ports to this list if required.

  10. Attaching SR-IOV interfaces to Thunder container is enabled if SR-IOV interfaces are configured on a selected node and Kubernetes objects of type network-attachment-definition mapping to these interfaces are added in selected namespace.

For attaching SR-IOV interface, user can select the network-attachment-definition populated in network drop-down and provide an IP-Address to be statically configured for this interface.

Details on How to set up SR-IOV on a Kubernetes node can be found at Target Node Preparation.

  1. Attaching PCI-Passthrough interfaces is also supported. User will have to fetch the PCI-Address of the SRIOv enabled network-interface from target Host machine and provide same along with the IP Address that needs to be statically configured on that data-interface.


The PCI-Passthrough interfaces should be bound to drivers (vfio-pci/igb_uio) before thunder-container is orchestrated from Harmony Controller. If the interface is added as a PCI-Passthrough interface to thunder container, it will no more be usable on host machine. User can use commands such as ‘lspci’ or ‘lshw -c network’ to obtain PCI-address of the network-interface.

Details on How to set up SR-IOV on a Kubernetes node can be found at Target Node Preparation.

  1. If SR-IOV interfaces are attached to Thunder device, provide the amount of HugePage memory to be allocated. Leave the ‘SRIOV Driver’ field blank if the SR-IOV interfaces are host-bound. If SR-IOV interfaces are container-bound, provide driver details in this field. Possible values for ‘SR-IOV Driver’ can be bind-vfio, bind-igb-uio.

  2. Click Create Container.

  3. A new device is added in the list and its status depicts whether deployment is in progress or completed.

  4. You can delete the virtual device by selecting image_reference and click Delete.

    Power operations such as Power-on or off do not apply for Kubernetes deployments, so these operations are not available for Kubernetes devices.