mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
OSDOCS-4100: IPv6 in secondary network interfaces (ShiftStack)
This commit is contained in:
Max Bridges
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
84c2c631c2
commit
438778eae9
@@ -942,6 +942,8 @@ If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is
|
||||
|
||||
|`controlPlane.platform.openstack.additionalNetworkIDs`
|
||||
|Additional networks that are associated with control plane machines. Allowed address pairs are not created for additional networks.
|
||||
|
||||
Additional networks that are attached to a control plane machine are also attached to the bootstrap node.
|
||||
|A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
|
||||
|
||||
|`controlPlane.platform.openstack.additionalSecurityGroupIDs`
|
||||
|
||||
60
modules/nw-osp-pod-adding-connections-ipv6.adoc
Normal file
60
modules/nw-osp-pod-adding-connections-ipv6.adoc
Normal file
@@ -0,0 +1,60 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * post_installation_configuration/network-configuration.adoc
|
||||
|
||||
:_content-type: PROCEDURE
|
||||
[id="nw-osp-pod-adding-connections-ipv6_{context}"]
|
||||
= Adding IPv6 connectivity to pods on {rh-openstack}
|
||||
|
||||
After you enable IPv6 connectivity in pods, add connectivity to them by using a Container Network Interface (CNI) configuration.
|
||||
|
||||
.Procedure
|
||||
|
||||
. To edit the Cluster Network Operator (CNO), enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc edit networks.operator.openshift.io cluster
|
||||
----
|
||||
|
||||
. Specify your CNI configuration under the `spec` field. For example, the following configuration uses a SLAAC address mode with MACVLAN:
|
||||
+
|
||||
[source,yaml]
|
||||
----
|
||||
...
|
||||
spec:
|
||||
additionalNetworks:
|
||||
- name: ipv6
|
||||
namespace: ipv6 <1>
|
||||
rawCNIConfig: '{ "cniVersion": "0.3.1", "name": "ipv6", "type": "macvlan", "master": "ens4"}' <2>
|
||||
type: Raw
|
||||
----
|
||||
<1> Be sure to create pods in the same namespace.
|
||||
<2> The interface in the network attachment `"master"` field can differ from `"ens4"` when more networks are configured or when a different kernel driver is used.
|
||||
+
|
||||
[NOTE]
|
||||
====
|
||||
If you are using stateful address mode, include the IP Address Management (IPAM) in the CNI configuration.
|
||||
|
||||
DHCPv6 is not supported by Multus.
|
||||
====
|
||||
|
||||
. Save your changes and quit the text editor to commit your changes.
|
||||
|
||||
.Verification
|
||||
|
||||
* On a command line, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc get network-attachment-definitions -A
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
[source,terminal]
|
||||
----
|
||||
NAMESPACE NAME AGE
|
||||
ipv6 ipv6 21h
|
||||
----
|
||||
|
||||
You can now create pods that have secondary IPv6 connections.
|
||||
34
modules/nw-osp-pod-connections-ipv6.adoc
Normal file
34
modules/nw-osp-pod-connections-ipv6.adoc
Normal file
@@ -0,0 +1,34 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * post_installation_configuration/network-configuration.adoc
|
||||
|
||||
:_content-type: PROCEDURE
|
||||
[id="nw-osp-pod-connections-ipv6_{context}"]
|
||||
= Enabling IPv6 connectivity to pods on {rh-openstack}
|
||||
|
||||
To enable IPv6 connectivity between pods that have additional networks that are on different nodes, disable port security for the IPv6 port of the server. Disabling port security obviates the need to create allowed address pairs for each IPv6 address that is assigned to pods and enables traffic on the security group.
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
Only the following IPv6 additional network configurations are supported:
|
||||
|
||||
* SLAAC and host-device
|
||||
* SLAAC and MACVLAN
|
||||
* DHCP stateless and host-device
|
||||
* DHCP stateless and MACVLAN
|
||||
====
|
||||
|
||||
.Procedure
|
||||
|
||||
* On a command line, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ openstack port set --no-security-group --disable-port-security <compute_ipv6_port>
|
||||
----
|
||||
+
|
||||
IMPORTANT: This command removes security groups from the port and disables port security. Traffic restrictions are removed entirely from the port.
|
||||
|
||||
where:
|
||||
|
||||
<compute_ipv6_port>:: Specifies the IPv6 port of the compute server.
|
||||
68
modules/nw-osp-pod-creating-ipv6.adoc
Normal file
68
modules/nw-osp-pod-creating-ipv6.adoc
Normal file
@@ -0,0 +1,68 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * post_installation_configuration/network-configuration.adoc
|
||||
|
||||
:_content-type: PROCEDURE
|
||||
[id="nw-osp-pod-creating-ipv6_{context}"]
|
||||
= Create pods that have IPv6 connectivity on {rh-openstack}
|
||||
|
||||
After you enable IPv6 connectivty for pods and add it to them, create pods that have secondary IPv6 connections.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Define pods that use your IPv6 namespace and the annotation `k8s.v1.cni.cncf.io/networks: <additional_network_name>`, where `<additional_network_name` is the name of the additional network. For example, as part of a `Deployment` object:
|
||||
+
|
||||
[source,yaml]
|
||||
----
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: hello-openshift
|
||||
namespace: ipv6
|
||||
spec:
|
||||
affinity:
|
||||
podAntiAffinity:
|
||||
requiredDuringSchedulingIgnoredDuringExecution:
|
||||
- labelSelector:
|
||||
matchExpressions:
|
||||
- key: app
|
||||
operator: In
|
||||
values:
|
||||
- hello-openshift
|
||||
replicas: 2
|
||||
selector:
|
||||
matchLabels:
|
||||
app: hello-openshift
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: hello-openshift
|
||||
annotations:
|
||||
k8s.v1.cni.cncf.io/networks: ipv6
|
||||
spec:
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
containers:
|
||||
- name: hello-openshift
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
image: quay.io/openshift/origin-hello-openshift
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
----
|
||||
|
||||
. Create the pod. For example, on a command line, enter the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create -f <ipv6_enabled_resource>
|
||||
----
|
||||
|
||||
where:
|
||||
|
||||
<ipv6_enabled_resource>:: Specifies the file that contains your resource definition.
|
||||
@@ -126,3 +126,12 @@ include::modules/installation-osp-kuryr-port-pools.adoc[leveloffset=+2]
|
||||
include::modules/installation-osp-kuryr-settings-active.adoc[leveloffset=+2]
|
||||
include::modules/nw-osp-enabling-ovs-offload.adoc[leveloffset=+2]
|
||||
include::modules/nw-osp-hardware-offload-attaching-network.adoc[leveloffset=+2]
|
||||
include::modules/nw-osp-pod-connections-ipv6.adoc[leveloffset=+2]
|
||||
include::modules/nw-osp-pod-adding-connections-ipv6.adoc[leveloffset=+2]
|
||||
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
|
||||
* xref:../networking/multiple_networks/configuring-additional-network.adoc#configuring-additional-network_configuration-additional-network-attachment[Configuration for an additional network attachment]
|
||||
|
||||
include::modules/nw-osp-pod-creating-ipv6.adoc[leveloffset=+2]
|
||||
|
||||
Reference in New Issue
Block a user