From d1a1bfd40c423befb68f10e1fd2e232e84bb713d Mon Sep 17 00:00:00 2001 From: dfitzmau Date: Wed, 11 Jun 2025 15:08:23 +0100 Subject: [PATCH] OSDOCS-13634-im-18: Enhancements to creating-manifest-file-customize 4.18 --- .../scenario-2-restoring-cluster-state.adoc | 2 +- ...-cluster-with-the-bare-metal-operator.adoc | 2 +- .../ipi-install-installation-workflow.adoc | 7 ++++ ...stall-post-installation-configuration.adoc | 7 ++++ ...manifest-file-customized-br-ex-bridge.adoc | 34 ++++++++++++++----- ...mstate-about-the-k8s-nmstate-operator.adoc | 11 ++++++ .../cluster-tasks.adoc | 4 +-- 7 files changed, 55 insertions(+), 12 deletions(-) diff --git a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc index 3767ad2d33..d561b6832f 100644 --- a/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc +++ b/backup_and_restore/control_plane_backup_and_restore/disaster_recovery/scenario-2-restoring-cluster-state.adoc @@ -27,7 +27,7 @@ include::modules/manually-restoring-cluster-etcd-backup.adoc[leveloffset=+1] * xref:../../../networking/accessing-hosts.adoc#accessing-hosts[Creating a bastion host to access {product-title} instances and the control plane nodes with SSH] -* xref:../../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#replacing-a-bare-metal-control-plane-node_ipi-install-expanding[Replacing a bare-metal control plane node] +* xref:../../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#replacing-a-bare-metal-control-plane-node_ipi-install-expanding-the-cluster[Replacing a bare-metal control plane node] include::modules/dr-scenario-cluster-state-issues.adoc[leveloffset=+1] diff --git a/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc b/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc index 401e486261..81979d68aa 100644 --- a/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc +++ b/installing/installing_bare_metal/scaling-a-user-provisioned-cluster-with-the-bare-metal-operator.adoc @@ -17,7 +17,7 @@ include::modules/upi-provisioning-new-hosts-in-a-upi-cluster.adoc[leveloffset=+1 [role="_additional-resources"] .Additional resources -* xref:../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#preparing-the-bare-metal-node_ipi-install-expanding[Preparing the bare-metal node] +* xref:../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#preparing-the-bare-metal-node_ipi-install-expanding-the-cluster-the-cluster[Preparing the bare-metal node] * xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#root-device-hints_ipi-install-installation-workflow[Root device hints] diff --git a/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc b/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc index 3fd846fe1c..9c13798575 100644 --- a/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc +++ b/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc @@ -28,6 +28,13 @@ include::modules/ipi-install-configuring-networking.adoc[leveloffset=+1] // Creating a manifest object that includes a customized `br-ex` bridge include::modules/creating-manifest-file-customized-br-ex-bridge.adoc[leveloffset=+1] +[role="_additional-resources"] +.Additional resources + +* xref:../../networking/ovn_kubernetes_network_provider/converting-to-dual-stack.adoc#nw-dual-stack-convert_converting-to-dual-stack[Converting to a dual-stack cluster network] + +* xref:../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#ipi-install-expanding-the-cluster[Expanding the cluster] + // Scale each machine set to compute nodes include::modules/creating-scaling-machine-sets-compute-nodes-networking.adoc[leveloffset=+2] diff --git a/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc b/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc index 18d51da9c3..e0c7cacdb0 100644 --- a/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc +++ b/installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc @@ -17,6 +17,13 @@ include::modules/nw-enabling-a-provisioning-network-after-installation.adoc[leve // Creating a manifest object that includes a customized `br-ex` bridge include::modules/creating-manifest-file-customized-br-ex-bridge.adoc[leveloffset=+1] +[role="_additional-resources"] +.Additional resources + +* xref:../../networking/ovn_kubernetes_network_provider/converting-to-dual-stack.adoc#nw-dual-stack-convert_converting-to-dual-stack[Converting to a dual-stack cluster network] + +* xref:../../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#ipi-install-expanding-the-cluster[Expanding the cluster] + // Services for a user-managed load balancer include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1] diff --git a/modules/creating-manifest-file-customized-br-ex-bridge.adoc b/modules/creating-manifest-file-customized-br-ex-bridge.adoc index 5f00faddbe..5c8a2a5c8d 100644 --- a/modules/creating-manifest-file-customized-br-ex-bridge.adoc +++ b/modules/creating-manifest-file-customized-br-ex-bridge.adoc @@ -20,11 +20,16 @@ endif::[] = Creating a manifest object that includes a customized `br-ex` bridge ifndef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] -As an alternative to using the `configure-ovs.sh` shell script to set a `br-ex` bridge on a bare-metal platform, you can create a `MachineConfig` object that includes an NMState configuration file. The NMState configuration file creates a customized `br-ex` bridge network configuration on each node in your cluster. +As an alternative to using the `configure-ovs.sh` shell script to set a `br-ex` bridge on a bare-metal platform, you can create a `MachineConfig` object that includes an NMState configuration file. The host `nmstate-configuration.service` and `nmstate.service` apply the NMState configuration file to each node that runs in your cluster. endif::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] ifdef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] -As an alternative to using the `configure-ovs.sh` shell script to set a `br-ex` bridge on a bare-metal platform, you can create a `NodeNetworkConfigurationPolicy` custom resource (CR) that includes an NMState configuration file. The NMState configuration file creates a customized `br-ex` bridge network configuration on each node in your cluster. +As an alternative to using the `configure-ovs.sh` shell script to set a `br-ex` bridge on a bare-metal platform, you can create a `NodeNetworkConfigurationPolicy` (NNCP) custom resource (CR) that includes an NMState configuration file. The Kubernetes NMState Operator uses the NMState configuration file to create a customized `br-ex` bridge network configuration on each node in your cluster. + +[IMPORTANT] +==== +After creating the `NodeNetworkConfigurationPolicy` CR, copy content from the NMState configuration file that was created during cluster installation into the NNCP CR. An incomplete NNCP CR file means that the the network policy described in the file cannot get applied to nodes in the cluster. +==== This feature supports the following tasks: @@ -96,9 +101,11 @@ interfaces: ipv4: enabled: true dhcp: true + auto-route-metric: 48 <6> ipv6: - enabled: false - dhcp: false + enabled: true + dhcp: true + auto-route-metric: 48 # ... ---- <1> Name of the interface. @@ -106,6 +113,7 @@ interfaces: <3> The requested state for the interface after creation. <4> Disables IPv4 and IPv6 in this example. <5> The node NIC to which the bridge attaches. +<6> Set the parameter to `48` to ensure the `br-ex` default route always has the highest precedence (lowest metric). This configuration prevents routing conflicts with any other interfaces that are automatically configured by the `NetworkManager` service. . Use the `cat` command to base64-encode the contents of the NMState configuration: + @@ -144,11 +152,13 @@ spec: endif::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] ifdef::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] -* Create a `NodeNetworkConfigurationPolicy` (NNCP) CR and define a customized `br-ex` bridge network configuration. Depending on your needs, ensure that you set a masquerade IP for either the `ipv4.address.ip`, `ipv6.address.ip`, or both parameters. A masquerade IP address must match an in-use IP address block. +* Create a `NodeNetworkConfigurationPolicy` (NNCP) CR and define a customized `br-ex` bridge network configuration. Depending on your needs, ensure that you set a masquerade IP for either the `ipv4.address.ip`, `ipv6.address.ip`, or both parameters. Always include a masquerade IP address in the NNCP CR and this address must match an in-use IP address block. + [IMPORTANT] ==== -As a post-installation task, you can configure most parameters for a customized `br-ex` bridge that you defined in an existing NNCP CR, except for the IP address. +As a post-installation task, you can configure most parameters for a customized `br-ex` bridge that you defined in an existing NNCP CR, except for the primary IP address of the customized `br-ex` bridge. + +If you want to convert your single-stack cluster network to a dual-stack cluster network, you can add or change a secondary IPv6 address in the NNCP CR, but the existing primary IP address cannot be changed. ==== + .Example of an NNCP CR that sets IPv6 and IPv4 masquerade IP addresses @@ -192,15 +202,18 @@ spec: ipv4: enabled: true dhcp: true + auto-route-metric: 48 <7> address: - ip: "169.254.169.2" prefix-length: 29 ipv6: - enabled: false - dhcp: false + enabled: true + dhcp: true + auto-route-metric: 48 address: - ip: "fd69::2" prefix-length: 125 +# ... ---- <1> Name of the policy. <2> Name of the interface. @@ -208,8 +221,13 @@ spec: <4> The requested state for the interface after creation. <5> Disables IPv4 and IPv6 in this example. <6> The node NIC to which the bridge is attached. +<7> Set the parameter to `48` to ensure the `br-ex` default route always has the highest precedence (lowest metric). This configuration prevents routing conflicts with any other interfaces that are automatically configured by the `NetworkManager` service. endif::postinstall-bare-metal-ipi,postinstall-bare-metal-upi[] +.Next steps + +* Scaling compute nodes to apply the manifest object that includes a customized `br-ex` bridge to each compute node that exists in your cluster. For more information, see "Expanding the cluster" in the _Additional resources_ section. + ifeval::["{context}" == "ipi-install-post-installation-configuration"] :!postinstall-bare-metal: endif::[] diff --git a/networking/networking_operators/k8s-nmstate-about-the-k8s-nmstate-operator.adoc b/networking/networking_operators/k8s-nmstate-about-the-k8s-nmstate-operator.adoc index 5474dd4b2a..2261d609cf 100644 --- a/networking/networking_operators/k8s-nmstate-about-the-k8s-nmstate-operator.adoc +++ b/networking/networking_operators/k8s-nmstate-about-the-k8s-nmstate-operator.adoc @@ -16,6 +16,12 @@ Red{nbsp}Hat supports the Kubernetes NMState Operator in production environments Red{nbsp}Hat support exists for using the Kubernetes NMState Operator on {azure-first} but in a limited capacity. Support is limited to configuring DNS servers on your system as a postinstallation task. ==== +Before you can use NMState with {product-title}, you must install the Kubernetes NMState Operator. After you install the Kubernetes NMState Operator, you can complete the following tasks: + +* Observing and updating the node network state and configuration +* Creating a manifest object that includes a customized `br-ex` bridge +For more information on these tasks, see the _Additional resources_ section + Before you can use NMState with {product-title}, you must install the Kubernetes NMState Operator. [NOTE] @@ -56,6 +62,11 @@ include::modules/k8s-nmstate-uninstall-operator.adoc[leveloffset=+1] * xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-creating-interface-on-nodes_k8s-nmstate-updating-node-network-config[Creating an interface on nodes] + +* xref:../../installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc#creating-manifest-file-customized-br-ex-bridge_ipi-install-installation-workflow[Creating a manifest object that includes a customized br-ex bridge (Installer-provisioned infrastructure)] + +* xref:../../installing/installing_bare_metal/installing-bare-metal.adoc#creating-manifest-file-customized-br-ex-bridge_installing-bare-metal[Creating a manifest object that includes a customized br-ex bridge (User-provisioned infrastructure)] + [id="k8s-nmstate-about-next-steps"] == Next steps diff --git a/post_installation_configuration/cluster-tasks.adoc b/post_installation_configuration/cluster-tasks.adoc index 3250fefd2c..2aef9f4c90 100644 --- a/post_installation_configuration/cluster-tasks.adoc +++ b/post_installation_configuration/cluster-tasks.adoc @@ -188,7 +188,7 @@ To add a bare-metal host, you must configure all network prerequisites, configur * xref:../scalability_and_performance/managing-bare-metal-hosts.adoc#adding-bare-metal-host-to-cluster-using-yaml_managing-bare-metal-hosts[Adding worker nodes using YAML in the web console] -* xref:../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#preparing-the-bare-metal-node_ipi-install-expanding[Manually adding a worker node to an installer-provisioned infrastructure cluster] +* xref:../installing/installing_bare_metal_ipi/ipi-install-expanding-the-cluster.adoc#preparing-the-bare-metal-node_ipi-install-expanding-the-cluster[Manually adding a worker node to an installer-provisioned infrastructure cluster] === Adding worker nodes to user-provisioned infrastructure clusters @@ -339,7 +339,7 @@ include::modules/dr-restoring-cluster-state.adoc[leveloffset=+2] .Additional resources * xref:../scalability_and_performance/recommended-performance-scale-practices/recommended-etcd-practices.adoc#recommended-etcd-practices[Recommended etcd practices] * xref:../installing/installing_bare_metal/installing-bare-metal.adoc#installing-bare-metal[Installing a user-provisioned cluster on bare metal] -* xref:../installing/overview/index.adoc#replacing-a-bare-metal-control-plane-node_ipi-install-expanding[Replacing a bare-metal control plane node] +* xref:../installing/overview/index.adoc#replacing-a-bare-metal-control-plane-node_ipi-install-expanding-the-cluster[Replacing a bare-metal control plane node] include::modules/dr-scenario-cluster-state-issues.adoc[leveloffset=+2]