openshift-docs/modules/nw-modifying-operator-install-config.adoc

// Module included in the following assemblies:
//
// * installing/installing_aws/installing-aws-network-customizations.adoc
// * installing/installing_azure/installing-azure-network-customizations.adoc
// * installing/installing_bare_metal/upi/installing-bare-metal-network-customizations.adoc
// * installing/installing_ibm_cloud/installing-ibm-cloud-network-customizations.adoc
// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
// * installing/installing_azure_stack_hub/installing-azure-stack-hub-network-customizations.adoc

ifeval::["{context}" == "installing-bare-metal-network-customizations"]
:ignition-config:
endif::[]
ifeval::["{context}" == "installing-vsphere-network-customizations"]
:ignition-config:
:vsphere:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
:vsphere-ipi:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
:ibm-cloud:
endif::[]

:_mod-docs-content-type: PROCEDURE
[id="modifying-nwoperator-config-startup_{context}"]
= Specifying advanced network configuration

You can use advanced network configuration for your network plugin to integrate your cluster into your existing network environment.

You can specify advanced network configuration only before you install the cluster.

[IMPORTANT]
====
Customizing your network configuration by modifying the {product-title} manifest files created by the installation program is not supported. Applying a manifest file that you create, as in the following procedure, is supported.
====

.Prerequisites

* You have created the `install-config.yaml` file and completed any modifications to it.

.Procedure

. Change to the directory that contains the installation program and create the manifests:
+
[source,terminal]
----
$ ./openshift-install create manifests --dir <installation_directory> <1>
----
<1> `<installation_directory>` specifies the name of the directory that contains the `install-config.yaml` file for your cluster.

. Create a stub manifest file for the advanced network configuration that is named `cluster-network-03-config.yml` in the `<installation_directory>/manifests/` directory:
+
[source,yaml]
----
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
----

. Specify the advanced network configuration for your cluster in the `cluster-network-03-config.yml` file, such as in the following example:
+
--
.Enable IPsec for the OVN-Kubernetes network provider
[source,yaml]
----
apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
spec:
  defaultNetwork:
    ovnKubernetesConfig:
      ipsecConfig:
        mode: Full
----
--

. Optional: Back up the `manifests/cluster-network-03-config.yml` file. The
installation program consumes the `manifests/` directory when you create the
Ignition config files.

ifndef::vsphere-ipi[]
. Remove the Kubernetes manifest files that define the control plane machines and compute `MachineSets`:
+
[source,terminal]
----
$ rm -f openshift/99_openshift-cluster-api_master-machines-*.yaml openshift/99_openshift-cluster-api_worker-machineset-*.yaml
----
+
Because you create and manage these resources yourself, you do not have
to initialize them.
+
* You can preserve the `MachineSet` files to create compute machines by using the machine API, but you must update references to them to match your environment.
endif::[]

ifeval::["{context}" == "installing-bare-metal-network-customizations"]
:!ignition-config:
endif::[]
ifeval::["{context}" == "installing-vsphere-network-customizations"]
:!ignition-config:
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
:!vsphere-ipi:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
:!ibm-cloud:
endif::[]