Merge pull request #14705 from jboxman/apply-updates-to-kube-proxy

Add Kubernetes network proxy configuration content

_topic_map.yml

@@ -217,8 +217,8 @@ Topics:
   Topics:
     - Name: DNS Operator in OpenShift Container Platform
       File: dns-operator
-- Name: Configuring the network
-  File: configuring-network-operator
+- Name: Configuring kube-proxy
+  File: configuring-kube-proxy
   Distros: openshift-enterprise,openshift-origin
 - Name: Configuring network policy
   File: configuring-networkpolicy

modules/nw-kube-proxy-config.adoc

@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+// * networking/configuring-kubeproxy.adoc
+
+[id="modifying-kubeproxy-config-{context}"]
+= kube-proxy configuration parameters
+
+You can modify the following `kubeProxyConfig` parameters:
+
+.Parameters
+[cols=".^2,.^3,.^3,.^2a",options="header"]
+|====
+|Parameter|Description|Values|Default
+
+|`iptablesSyncPeriod`
+|The refresh period for `iptables` rules.
+|A time interval, such as `30s` or `2m`. Valid
+suffixes include `s`, `m`, and `h` and are described in the
+link:https://golang.org/pkg/time/#ParseDuration[Go time package] documentation.
+|`30s`
+
+|`proxyArguments.iptables-min-sync-period`
+|The minimum duration before refreshing `iptables` rules. This parameter ensures
+that the refresh does not happen too frequently.
+|A time interval, such as `30s` or `2m`. Valid suffixes include `s`,
+`m`, and `h` and are described in the
+link:https://golang.org/pkg/time/#ParseDuration[Go time package]
+|`30s`
+
+|====

modules/nw-kube-proxy-configuring.adoc

@@ -0,0 +1,88 @@
+// Module included in the following assemblies:
+// * networking/configuring-kubeproxy.adoc
+
+[id="modifying-kubeproxy-configuration-{context}"]
+= Modifying the kube-proxy configuration
+
+You can modify the Kubernetes network proxy configuration for your cluster.
+
+.Prerequisites
+
+* Install the OpenShift Command-line Interface (CLI), commonly known as `oc`.
+* Log in to a running cluster with the `cluster-admin` role.
+
+.Procedure
+
+. Edit the `Network.operator.openshift.io` Custom Resource (CR) by running the
+following command:
++
+----
+$ oc edit network.operator.openshift.io cluster
+----
+
+. Modify the `kubeProxyConfig` parameter in the CR with your changes to the
+kube-proxy configuration, such as in the following example CR:
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
+  kubeProxyConfig:
+    iptablesSyncPeriod: 30s
+    proxyArguments:
+      iptables-min-sync-period: ["30s"]
+----
+
+. Save the file and exit the text editor.
++
+The syntax is validated by the `oc` command when you save the file and exit the
+editor. If your modifications contain a syntax error, the editor opens the file
+and displays an error message.
+
+. Run the following command to confirm the configuration update:
++
+----
+$ oc get networks.operator.openshift.io -o yaml
+----
++
+The command returns output similar to the following example:
++
+[source,yaml]
+----
+apiVersion: v1
+items:
+- apiVersion: operator.openshift.io/v1
+  kind: Network
+  metadata:
+    name: cluster
+  spec:
+    clusterNetwork:
+    - cidr: 10.128.0.0/14
+      hostPrefix: 23
+    defaultNetwork:
+      type: OpenShiftSDN
+    kubeProxyConfig:
+      iptablesSyncPeriod: 30s
+      proxyArguments:
+        iptables-min-sync-period:
+        - 30s
+    serviceNetwork:
+    - 172.30.0.0/16
+  status: {}
+kind: List
+----
+
+. Optionally, run the following command to confirm that the Cluster Network
+Operator accepted the configuration change:
++
+----
+$ oc get clusteroperator network
+NAME      VERSION     AVAILABLE   PROGRESSING   FAILING   SINCE
+network   4.1.0-0.9   True        False         False     1m
+----
++
+The `AVAILABLE` field is `True` when the configuration update is applied
+successfully.

modules/nw-kube-proxy-sync.adoc

@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+// * networking/configuring-kubeproxy.adoc
+
+[id="modifying-kubeproxy-sync-{context}"]
+= About iptables rules synchronization
+
+The synchronization period determines how frequently the Kubernetes network
+proxy (kube-proxy) syncs the iptables rules on a node.
+
+A sync begins when either of the following events occurs:
+
+* An event occurs, such as service or endpoint is added to or removed from the
+cluster.
+* The time since the last sync exceeds the sync period defined for kube-proxy.

modules/nw-modify-config.adoc

@@ -1,78 +0,0 @@
-// Module included in the following assemblies:
-// * networking/configuring-network-operator.adoc
-
-[id="network-modifying-config_{context}"]
-= Modifying network configuration in a running cluster
-
-The Network Operator reconciles the state of the cluster against a desired
-configuration.
-
-// "You can also create new additionalNetworks"
-You can modify only `kubeProxy` configuration parameters in a running cluster.
-
-.Prerequisites
-
-* Install the OpenShift Command-line Interface (CLI), commonly known as `oc`.
-* Log in to a running cluster with the `cluster-admin` role.
-
-.Procedure
-
-. Use the following command to edit the `Network.operator.openshift.io` Custom
-Resource (CR):
-+
-----
-$ oc edit network.operator.openshift.io cluster
-----
-+
-The following example output shows a `Network.operator.openshift.io` CR that is
-configured with default values.
-+
-[source,yaml]
-----
-# Please edit the object below. Lines beginning with a '#' will be ignored,
-# and an empty file will abort the edit. If an error occurs while saving this file will be
-# reopened with the relevant failures.
-#
-apiVersion: operator.openshift.io/v1
-kind: Network
-metadata:
-  name: cluster
-spec:
-  clusterNetwork:
-  - cidr: 10.128.0.0/14
-    hostPrefix: 23
-  defaultNetwork:
-    type: OpenShiftSDN
-  serviceNetwork:
-  - 172.30.0.0/16
-status: {}
-----
-
-. Add the following code to the `spec` field in the
-`Network.operator.openshift.io` CR:
-+
-[source,yaml]
-----
-spec:
-  deployKubeProxy: false
-  kubeProxyConfig:
-   iptablesSyncPeriod: 30s
-   bindAddress: 0.0.0.0
-   proxyArguments:
-   - "iptables-min-sync-period": ["30s"]
-----
-
-. Save the file and exit the text editor.
-+
-The syntax is validated by the `oc` command when you save the file and exit the
-editor. If your modifications contain a syntax error, the editor opens the file
-and displays an error message.
-
-. Run the following command to confirm that the Network Operator accepted the
-updated configuration:
-+
-----
-$ oc get clusteroperator network
-NAME      VERSION     AVAILABLE   PROGRESSING   FAILING   SINCE
-network   4.0.0-0.9   True        False         False     1m
-----

networking/configuring-kube-proxy.adoc

@@ -0,0 +1,14 @@
+[id="configuring-kube-proxy"]
+= Configuring kube-proxy
+include::modules/common-attributes.adoc[]
+:context: configuring-kube-proxy
+
+toc::[]
+
+The Kubernetes network proxy (kube-proxy) runs on each node and is managed by
+the Cluster Network Operator (CNO). kube-proxy maintains network rules for
+forwarding connections for endpoints associated with services.
+
+include::modules/nw-kube-proxy-sync.adoc[leveloffset=+1]
+include::modules/nw-kube-proxy-configuring.adoc[leveloffset=+1]
+include::modules/nw-kube-proxy-config.adoc[leveloffset=+1]

networking/configuring-network-operator.adoc

@@ -1,21 +0,0 @@
-[id="configuring-network-operator"]
-= Configuring networking
-include::modules/common-attributes.adoc[]
-:context: configuring-network-operator
-
-toc::[]
-
-The Network Operator installs and upgrades the networking components on an
-{product-title} cluster. If you want to customize the network configuration, you
-must modify the settings before installing the cluster.
-
-[IMPORTANT]
-====
-You cannot modify your network settings after you install the cluster.
-====
-
-//Advanced network configuration defaults in operator config
-include::modules/nw-operator-cr.adoc[leveloffset=+1]
-
-//Modifying network configuration in a running cluster
-include::modules/nw-modify-config.adoc[leveloffset=+1]