From ea9ff59f0331149792e099b551916f3c28378c50 Mon Sep 17 00:00:00 2001 From: JoeAldinger Date: Wed, 19 Feb 2025 14:37:31 -0500 Subject: [PATCH] OCPBUGS-49933:UDN rhel worker nodes update --- .../primary_networks/about-user-defined-networks.adoc | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/networking/multiple_networks/primary_networks/about-user-defined-networks.adoc b/networking/multiple_networks/primary_networks/about-user-defined-networks.adoc index 3069e16625..7105e5b5de 100644 --- a/networking/multiple_networks/primary_networks/about-user-defined-networks.adoc +++ b/networking/multiple_networks/primary_networks/about-user-defined-networks.adoc @@ -15,6 +15,11 @@ The following diagram shows four cluster namespaces, where each namespace has a image::527-OpenShift-UDN-isolation-012025.png[The namespace isolation concept in a user-defined network (UDN)] +[NOTE] +==== +Nodes that use `cgroupv1` Linux Control Groups (cgroup) must be reconfigured from `cgroupv1` to `cgroupv2` before creating a user-defined network. For more information, see xref:../../../nodes/clusters/nodes-cluster-cgroups-2.adoc#nodes-cluster-cgroups-2[Configuring Linux cgroup]. +==== + A cluster administrator can use a user-defined network to create and define additional networks that span multiple namespaces at the cluster level by leveraging the `ClusterUserDefinedNetwork` custom resource (CR). Additionally, a cluster administrator or a cluster user can use a user-defined network to define additional networks at the namespace level with the `UserDefinedNetwork` CR. The following diagram shows tenant isolation that a cluster administrator created by defining a `ClusterUserDefinedNetwork` CR for each tenant. This network configuration allows a network to span across many namespaces. In the diagram, the `udn-1` disconnected network selects `namespace-1` and `namespace-2`, while the `udn-2` disconnected network selects `namespace-3` and `namespace-4`. A tenant acts as a disconnected network that is isolated from other tenants' networks. Pods from a namespace can communicate with pods in another namespace only if those namespaces exist in the same tenant network.