openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-15649: modularizes CNI assembly MicroShift

Browse Source
This commit is contained in:
“Shauna Diaz”
2025-11-04 10:38:17 -05:00
committed by openshift-cherrypick-robot
parent 803ba72269
commit 079aa56e96
10 changed files with 141 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
microshift_networking/microshift-cni.adoc
View File

@@ -6,62 +6,24 @@ include::_attributes/attributes-microshift.adoc[]
toc::[]
The OVN-Kubernetes Container Network Interface (CNI) plugin is the default networking solution for a {microshift-short} node. OVN-Kubernetes is a virtualized network for pods and services that is based on Open Virtual Network (OVN).
[role="_abstract"]
You can use the OVN-Kubernetes Network Interface to create and manage network connections for internet-connected nodes.
* Default network configuration and connections are applied automatically in {microshift-short} with the `microshift-networking` RPM during installation.
* A node that uses the OVN-Kubernetes network plugin also runs Open vSwitch (OVS) on the node.
* OVN-K configures OVS on the node to implement the declared network configuration.
* Host physical interfaces are not bound by default to the OVN-K gateway bridge, `br-ex`. You can use standard tools on the host for managing the default gateway, such as the Network Manager CLI (`nmcli`).
* Changing the CNI is not supported on {microshift-short}.
Using configuration files or custom scripts, you can configure the following networking settings:
* You can use subnet CIDR ranges to allocate IP addresses to pods.
* You can change the maximum transmission unit (MTU) value.
* You can configure firewall ingress and egress.
* You can define network policies in the {microshift-short}, including ingress and egress rules.
* You can use the {microshift-short} Multus plugin to chain other CNI plugins.
* You can configure or remove the ingress router.
include::modules/microshift-default-networking-plugin.adoc[leveloffset=+1]
include::modules/microshift-cni-customization-matrix.adoc[leveloffset=+1]
include::modules/microshift-default-settings.adoc[leveloffset=+2]
[id="microshift-network-features_{context}"]
== Network features
Networking features available with {microshift-short} {product-version} include:
include::modules/microshift-network-features.adoc[leveloffset=+1]
* Kubernetes network policy
* Dynamic node IP
* Custom gateway interface
* Second gateway interface
* Node network on specified host interface
* Blocking external access to NodePort service on specific host interfaces
include::modules/microshift-ip-forward.adoc[leveloffset=+2]
Networking features not available with {microshift-short} {product-version}:
* Egress IP/firewall/QoS: disabled
* Hybrid networking: not supported
* IPsec: not supported
* Hardware offload: not supported
[id="microshift-ip-forward_{context}"]
== IP forward
The host network `sysctl net.ipv4.ip_forward` kernel parameter is automatically enabled by the `ovnkube-master` container when started. This is required to forward incoming traffic to the CNI. For example, accessing the NodePort service from outside of a node fails if `ip_forward` is disabled.
[id="microshift-network-performance_{context}"]
== Network performance optimizations
By default, three performance optimizations are applied to OVS services to minimize resource consumption:
* CPU affinity to `ovs-vswitchd.service` and `ovsdb-server.service`
* `no-mlockall` to `openvswitch.service`
* Limit handler and `revalidator` threads to `ovs-vswitchd.service`
include::modules/microshift-network-performance.adoc[leveloffset=+1]
include::modules/microshift-nw-components-svcs.adoc[leveloffset=+1]
[id="microshift-bridge-mapping_{context}"]
== Bridge mappings
Bridge mappings allow provider network traffic to reach the physical network. Traffic leaves the provider network and arrives at the `br-int` bridge. A patch port between `br-int` and `br-ex` then allows the traffic to traverse to and from the provider network and the edge network. Kubernetes pods are connected to the `br-int` bridge through virtual ethernet pair: one end of the virtual ethernet pair is attached to the pod namespace, and the other end is attached to the `br-int` bridge.
include::modules/microshift-bridge-mappings.adoc[leveloffset=+1]
include::modules/microshift-nw-topology.adoc[leveloffset=+1]