openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/nw-egress-ips-object.adoc

126 lines
3.8 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * networking/ovn_kubernetes_network_provider/configuring-egress-ips-ovn.adoc
:_mod-docs-content-type: REFERENCE
[id="nw-egress-ips-object_{context}"]
= EgressIP object
[role="_abstract"]
View the following YAML files to better understand how you can effectively configure an `EgressIP` object to better meet your needs.
When the `EgressIP` namespace selector matches the label on multiple namespaces, consider the following behaviors:
* All traffic for selected pods must pass through a single node. During times of high traffic, the network interface of the node might experience performance issues.
* An error in a label selector might change the outbound IP address for many cluster namespaces.
* Only a cluster administrator can create or change cluster-scoped objects.
* Packets must move from a pod that exists in a node to the named host node that is referenced in the `EgressIP` object. This approach adds a network hop.
[IMPORTANT]
====
Do not create egress rules, such as a single label selector, that forces all namespaces that exist in a cluster to use the same outbound IP address. This configuration can cause the node that hosts the IP address to crash during times of high network traffic.
====
The following YAML describes the API for the `EgressIP` object. The scope of the object is cluster-wide and is not created in a namespace.
[source,yaml]
----
apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
name: <name>
spec:
egressIPs:
- <ip_address>
namespaceSelector:
...
podSelector:
...
----
--
where:
`<name>`:: The name for the `EgressIPs` object.
`<egressIPs>`:: An array of one or more IP addresses.
`<namespaceSelector>`:: One or more selectors for the namespaces to associate the egress IP addresses with.
`<podSelector>`:: Optional parameter. One or more selectors for pods in the specified namespaces to associate egress IP addresses with. Applying these selectors allows for the selection of a subset of pods within a namespace.
--
The following YAML describes the stanza for the namespace selector:
.Namespace selector stanza
[source,yaml]
----
namespaceSelector:
matchLabels:
<label_name>: <label_value>
----
--
where:
`<namespaceSelector>`:: One or more matching rules for namespaces. If more than one match rule is provided, all matching namespaces are selected.
--
The following YAML describes the optional stanza for the pod selector:
.Pod selector stanza
[source,yaml]
----
podSelector:
matchLabels:
<label_name>: <label_value>
----
--
where:
`<podSelector>`:: Optional parameter. One or more matching rules for pods in the namespaces that match the specified `namespaceSelector` rules. If specified, only pods that match are selected. Others pods in the namespace are not selected.
--
In the following example, the `EgressIP` object associates the `192.168.126.11` and `192.168.126.102` egress IP addresses with pods that have the `app` label set to `web` and are in the namespaces that have the `env` label set to `prod`:
.Example `EgressIP` object
[source,yaml]
----
apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
name: egress-group1
spec:
egressIPs:
- 192.168.126.11
- 192.168.126.102
podSelector:
matchLabels:
app: web
namespaceSelector:
matchLabels:
env: prod
----
In the following example, the `EgressIP` object associates the `192.168.127.30` and `192.168.127.40` egress IP addresses with any pods that do not have the `environment` label set to `development`:
.Example `EgressIP` object
[source,yaml]
----
apiVersion: k8s.ovn.org/v1
kind: EgressIP
metadata:
name: egress-group2
spec:
egressIPs:
- 192.168.127.30
- 192.168.127.40
namespaceSelector:
matchExpressions:
- key: environment
operator: NotIn
values:
- development
----
View Git Blame Copy Permalink