diff --git a/modules/nw-pod-network-connectivity-check-object.adoc b/modules/nw-pod-network-connectivity-check-object.adoc index 429832253b..8d7ccb0f00 100644 --- a/modules/nw-pod-network-connectivity-check-object.adoc +++ b/modules/nw-pod-network-connectivity-check-object.adoc @@ -2,6 +2,7 @@ // // * networking/verifying-connectivity-endpoint.adoc +:_mod-docs-content-type: REFERENCE [id="nw-pod-network-connectivity-check-object_{context}"] = PodNetworkConnectivityCheck object fields @@ -125,7 +126,6 @@ The following table describes the fields for objects in the `status.conditions` |=== -[discrete] == Connection log fields The fields for a connection log entry are described in the following table. The object is used in the following fields: diff --git a/modules/nw-pod-network-connectivity-checks.adoc b/modules/nw-pod-network-connectivity-checks.adoc index 26909fffd0..8ec7d49de6 100644 --- a/modules/nw-pod-network-connectivity-checks.adoc +++ b/modules/nw-pod-network-connectivity-checks.adoc @@ -2,8 +2,9 @@ // // * networking/verifying-connectivity-endpoint.adoc +:_mod-docs-content-type: REFERENCE [id="nw-pod-network-connectivity-checks_{context}"] -= Connection health checks performed += Connection health checks that are performed To verify that cluster resources are reachable, a TCP connection is made to each of the following cluster API services: diff --git a/modules/nw-pod-network-connectivity-configuration.adoc b/modules/nw-pod-network-connectivity-configuration.adoc new file mode 100644 index 0000000000..db8af9db2d --- /dev/null +++ b/modules/nw-pod-network-connectivity-configuration.adoc @@ -0,0 +1,48 @@ +// Module included in the following assemblies: +// +// * networking/verifying-connectivity-endpoint.adoc + +:_mod-docs-content-type: PROCEDURE +[id="nw-pod-network-connectivity-configuration_{context}"] += Configuring pod connectivity check placement + +As a cluster administrator, you can configure which nodes the connectivity check source and target pods run by modifying the `network.config.openshift.io` object named `cluster`. + +.Prerequisites + +* Install the {oc-first}. + +.Procedure + +. Edit the connectivity check configuration by entering the following command: ++ +[source,terminal] +---- +$ oc edit network.config.openshift.io cluster +---- + +. In the text editor, update the `networkDiagnostics` stanza to specify the node selectors that you want for the source and target pods. + +. Save your changes and exit the text editor. + +.Verification + +* Verify that the source and target pods are running on the intended nodes by entering the following command: + +[source,terminal] +---- +$ oc get pods -n openshift-network-diagnostics -o wide +---- + +.Example output +[source,text] +---- +NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES +network-check-source-84c69dbd6b-p8f7n 1/1 Running 0 9h 10.131.0.8 ip-10-0-40-197.us-east-2.compute.internal +network-check-target-46pct 1/1 Running 0 9h 10.131.0.6 ip-10-0-40-197.us-east-2.compute.internal +network-check-target-8kwgf 1/1 Running 0 9h 10.128.2.4 ip-10-0-95-74.us-east-2.compute.internal +network-check-target-jc6n7 1/1 Running 0 9h 10.129.2.4 ip-10-0-21-151.us-east-2.compute.internal +network-check-target-lvwnn 1/1 Running 0 9h 10.128.0.7 ip-10-0-17-129.us-east-2.compute.internal +network-check-target-nslvj 1/1 Running 0 9h 10.130.0.7 ip-10-0-89-148.us-east-2.compute.internal +network-check-target-z2sfx 1/1 Running 0 9h 10.129.0.4 ip-10-0-60-253.us-east-2.compute.internal +---- diff --git a/modules/nw-pod-network-connectivity-implementation.adoc b/modules/nw-pod-network-connectivity-implementation.adoc index 66c86af6a9..eecbae0b2e 100644 --- a/modules/nw-pod-network-connectivity-implementation.adoc +++ b/modules/nw-pod-network-connectivity-implementation.adoc @@ -2,6 +2,7 @@ // // * networking/verifying-connectivity-endpoint.adoc +:_mod-docs-content-type: CONCEPT [id="nw-pod-network-connectivity-implementation_{context}"] = Implementation of connection health checks @@ -12,3 +13,41 @@ The Cluster Network Operator (CNO) deploys several resources to the cluster to s Health check source:: This program deploys in a single pod replica set managed by a `Deployment` object. The program consumes `PodNetworkConnectivity` objects and connects to the `spec.targetEndpoint` specified in each object. Health check target:: A pod deployed as part of a daemon set on every node in the cluster. The pod listens for inbound health checks. The presence of this pod on every node allows for the testing of connectivity to each node. + +You can configure the nodes which network connectivity sources and targets run on with a node selector. Additionally, you can specify permissible _tolerations_ for source and target pods. The configuration is defined in the singleton `cluster` custom resource of the `Network` API in the `config.openshift.io/v1` API group. + +Pod scheduling occurs after you have updated the configuration. Therefore, you must apply node labels that you intend to use in your selectors before updating the configuration. Labels applied after updating your network connectivity check pod placement are ignored. + +Refer to the default configuration in the following YAML: + +.Default configuration for connectivity source and target pods +[source,yaml] +---- +apiVersion: config.openshift.io/v1 +kind: Network +metadata: + name: cluster +spec: + # ... + networkDiagnostics: <1> + mode: "All" <2> + sourcePlacement: <3> + nodeSelector: + checkNodes: groupA + tolerations: + - key: myTaint + effect: NoSchedule + operator: Exists + targetPlacement: <4> + nodeSelector: + checkNodes: groupB + tolerations: + - key: myOtherTaint + effect: NoExecute + operator: Exists +---- +<1> Specifies the network diagnostics configuration. If a value is not specified or an empty object is specified, and `spec.disableNetworkDiagnostics=true` is set in the `network.operator.openshift.io` custom resource named `cluster`, network diagnostics are disabled. If set, this value overrides `spec.disableNetworkDiagnostics=true`. +<2> Specifies the diagnostics mode. The value can be the empty string, `All`, or `Disabled`. The empty string is equivalent to specifying `All`. +<3> Optional: Specifies a selector for connectivity check source pods. You can use the `nodeSelector` and `tolerations` fields to further specify the `sourceNode` pods. These are optional for both source and target pods. You can omit them, use both, or use only one of them. +<4> Optional: Specifies a selector for connectivity check target pods. +You can use the `nodeSelector` and `tolerations` fields to further specify the `targetNode` pods. These are optional for both source and target pods. You can omit them, use both, or use only one of them. diff --git a/modules/nw-pod-network-connectivity-verify.adoc b/modules/nw-pod-network-connectivity-verify.adoc index ed47b4432c..3c6c292758 100644 --- a/modules/nw-pod-network-connectivity-verify.adoc +++ b/modules/nw-pod-network-connectivity-verify.adoc @@ -48,7 +48,7 @@ network-check-source-ci-ln-x5sv9rb-f76d1-4rzrp-worker-b-6xdmh-to-openshift-apise . View the connection test logs: .. From the output of the previous command, identify the endpoint that you want to review the connectivity logs for. -.. To view the object, enter the following command: +.. View the object by entering the following command: + [source,terminal] ---- diff --git a/networking/verifying-connectivity-endpoint.adoc b/networking/verifying-connectivity-endpoint.adoc index 57e75e4e89..d52c5637f9 100644 --- a/networking/verifying-connectivity-endpoint.adoc +++ b/networking/verifying-connectivity-endpoint.adoc @@ -10,6 +10,9 @@ The Cluster Network Operator (CNO) runs a controller, the connectivity check con By reviewing the results of the health checks, you can diagnose connection problems or eliminate network connectivity as the cause of an issue that you are investigating. include::modules/nw-pod-network-connectivity-checks.adoc[leveloffset=+1] + include::modules/nw-pod-network-connectivity-implementation.adoc[leveloffset=+1] + include::modules/nw-pod-network-connectivity-check-object.adoc[leveloffset=+1] + include::modules/nw-pod-network-connectivity-verify.adoc[leveloffset=+1]