mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-06 06:46:26 +01:00
241 lines
8.8 KiB
Plaintext
241 lines
8.8 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * networking/cluster-network-operator.adoc
|
|
// * installing/installing_aws/installing-aws-network-customizations.adoc
|
|
// * installing/installing_azure/installing-azure-network-customizations.adoc
|
|
// * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
|
|
// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
|
|
// * installing/installing_gcp/installing-gcp-network-customizations.adoc
|
|
// * post_installation_configuration/network-configuration.adoc
|
|
|
|
// Installation assemblies need different details than the CNO operator does
|
|
ifeval::["{context}" == "cluster-network-operator"]
|
|
:operator:
|
|
endif::[]
|
|
|
|
[id="nw-operator-cr_{context}"]
|
|
= Cluster Network Operator configuration
|
|
|
|
The configuration for the cluster network is specified as part of the Cluster Network Operator (CNO) configuration and stored in a CR object that is named `cluster`. The CR specifies the parameters for the `Network` API in the `operator.openshift.io` API group.
|
|
|
|
You can specify the cluster network configuration for your {product-title} cluster by setting the parameter values for the `defaultNetwork` parameter in the CNO CR. The following CR displays the default configuration for the CNO and explains both the parameters you can configure and the valid parameter values:
|
|
|
|
.Cluster Network Operator CR
|
|
[source,yaml]
|
|
ifndef::operator[]
|
|
----
|
|
apiVersion: operator.openshift.io/v1
|
|
kind: Network
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
clusterNetwork: <1>
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
serviceNetwork: <1>
|
|
- 172.30.0.0/16
|
|
defaultNetwork: <2>
|
|
...
|
|
kubeProxyConfig: <3>
|
|
iptablesSyncPeriod: 30s <4>
|
|
proxyArguments:
|
|
iptables-min-sync-period: <5>
|
|
- 0s
|
|
----
|
|
<1> Specified in the `install-config.yaml` file.
|
|
|
|
<2> Configures the default Container Network Interface (CNI) network provider for the cluster network.
|
|
|
|
<3> The parameters for this object specify the `kube-proxy` configuration. If you do not specify the parameter values, the Cluster Network Operator applies the displayed default parameter values. If you are using the OVN-Kubernetes default CNI network provider, the kube-proxy configuration has no effect.
|
|
|
|
<4> The refresh period for `iptables` rules. The default value is `30s`. Valid suffixes include `s`, `m`, and `h` and are described in the link:https://golang.org/pkg/time/#ParseDuration[Go time package] documentation.
|
|
+
|
|
NOTE: Because of performance improvements introduced in {product-title} 4.3 and greater, adjusting the `iptablesSyncPeriod` parameter is no longer necessary.
|
|
|
|
<5> The minimum duration before refreshing `iptables` rules. This parameter ensures that the refresh does not happen too frequently. Valid suffixes include `s`, `m`, and `h` and are described in the link:https://golang.org/pkg/time/#ParseDuration[Go time package].
|
|
endif::operator[]
|
|
|
|
ifdef::operator[]
|
|
----
|
|
apiVersion: operator.openshift.io/v1
|
|
kind: Network
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
clusterNetwork: <1>
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
serviceNetwork: <2>
|
|
- 172.30.0.0/16
|
|
defaultNetwork: <3>
|
|
...
|
|
kubeProxyConfig: <4>
|
|
iptablesSyncPeriod: 30s <5>
|
|
proxyArguments:
|
|
iptables-min-sync-period: <6>
|
|
- 0s
|
|
----
|
|
<1> A list specifying the blocks of IP addresses from which Pod IPs are
|
|
allocated and the subnet prefix length assigned to each individual node.
|
|
|
|
<2> A block of IP addresses for services. The OpenShift SDN Container Network Interface (CNI) network provider supports only a single IP address block for the service network.
|
|
|
|
<3> Configures the default CNI network provider for the cluster network.
|
|
|
|
<4> The parameters for this object specify the Kubernetes network proxy (kube-proxy) configuration. If you are using the OVN-Kubernetes default CNI network provider, the kube-proxy configuration has no effect.
|
|
|
|
<5> The refresh period for `iptables` rules. The default value is `30s`. Valid suffixes include `s`, `m`, and `h` and are described in the link:https://golang.org/pkg/time/#ParseDuration[Go time package] documentation.
|
|
+
|
|
NOTE: Because of performance improvements introduced in {product-title} 4.3 and greater, adjusting the `iptablesSyncPeriod` parameter is no longer necessary.
|
|
|
|
<6> The minimum duration before refreshing `iptables` rules. This parameter ensures that the refresh does not happen too frequently. Valid suffixes include `s`, `m`, and `h` and are described in the link:https://golang.org/pkg/time/#ParseDuration[Go time package].
|
|
endif::operator[]
|
|
|
|
[id="nw-operator-configuration-parameters-for-openshift-sdn_{context}"]
|
|
== Configuration parameters for the OpenShift SDN default CNI network provider
|
|
|
|
The following YAML object describes the configuration parameters for
|
|
the OpenShift SDN default Container Network Interface (CNI) network provider.
|
|
|
|
ifdef::operator[]
|
|
NOTE: You can only change the configuration for your default CNI network provider during cluster installation.
|
|
endif::operator[]
|
|
|
|
[source,yaml]
|
|
ifndef::operator[]
|
|
----
|
|
defaultNetwork:
|
|
type: OpenShiftSDN <1>
|
|
openshiftSDNConfig: <2>
|
|
mode: NetworkPolicy <3>
|
|
mtu: 1450 <4>
|
|
vxlanPort: 4789 <5>
|
|
----
|
|
<1> Specified in the `install-config.yaml` file.
|
|
|
|
<2> Specify only if you want to override part of the OpenShift SDN
|
|
configuration.
|
|
|
|
<3> Configures the network isolation mode for OpenShift SDN. The allowed values
|
|
are `Multitenant`, `Subnet`, or `NetworkPolicy`. The default value is
|
|
`NetworkPolicy`.
|
|
|
|
<4> The maximum transmission unit (MTU) for the VXLAN overlay network. This
|
|
value is normally configured automatically, but if the nodes in your cluster do
|
|
not all use the same MTU, then you must set this explicitly to 50 less than the
|
|
smallest node MTU value.
|
|
|
|
<5> The port to use for all VXLAN packets. The default value is `4789`. If you
|
|
are running in a virtualized environment with existing nodes that are part of
|
|
another VXLAN network, then you might be required to change this. For example,
|
|
when running an OpenShift SDN overlay on top of VMware NSX-T, you must select an
|
|
alternate port for VXLAN, since both SDNs use the same default VXLAN port
|
|
number.
|
|
+
|
|
On Amazon Web Services (AWS), you can select an alternate port for the VXLAN
|
|
between port `9000` and port `9999`.
|
|
endif::operator[]
|
|
|
|
ifdef::operator[]
|
|
----
|
|
defaultNetwork:
|
|
type: OpenShiftSDN <1>
|
|
openshiftSDNConfig: <2>
|
|
mode: NetworkPolicy <3>
|
|
mtu: 1450 <4>
|
|
vxlanPort: 4789 <5>
|
|
----
|
|
<1> The default CNI network provider plug-in that is used.
|
|
|
|
<2> OpenShift SDN specific configuration parameters.
|
|
|
|
<3> The network isolation mode for OpenShift SDN.
|
|
|
|
<4> The maximum transmission unit (MTU) for the VXLAN overlay network. This
|
|
value is normally configured automatically.
|
|
|
|
<5> The port to use for all VXLAN packets. The default value is `4789`.
|
|
endif::operator[]
|
|
|
|
[id="nw-operator-configuration-parameters-for-ovn-sdn_{context}"]
|
|
== Configuration parameters for the OVN-Kubernetes default CNI network provider
|
|
|
|
The following YAML object describes the configuration parameters for the OVN-Kubernetes default CNI network provider.
|
|
|
|
ifdef::operator[]
|
|
NOTE: You can only change the configuration for your default CNI network provider during cluster installation.
|
|
endif::operator[]
|
|
|
|
[source,yaml]
|
|
----
|
|
defaultNetwork:
|
|
type: OVNKubernetes <1>
|
|
ovnKubernetesConfig: <2>
|
|
mtu: 1400 <3>
|
|
genevePort: 6081 <4>
|
|
----
|
|
ifndef::operator[]
|
|
<1> Specified in the `install-config.yaml` file.
|
|
endif::operator[]
|
|
|
|
ifdef::operator[]
|
|
<1> The default CNI network provider plug-in that is used.
|
|
endif::operator[]
|
|
|
|
ifndef::operator[]
|
|
<2> Specify only if you want to override part of the OVN-Kubernetes configuration.
|
|
endif::operator[]
|
|
|
|
ifdef::operator[]
|
|
<2> OVN-Kubernetes specific configuration parameters.
|
|
endif::operator[]
|
|
|
|
ifndef::operator[]
|
|
<3> The MTU for the Geneve (Generic Network Virtualization Encapsulation)
|
|
overlay network. This value is normally configured automatically, but if the
|
|
nodes in your cluster do not all use the same MTU, then you must set this
|
|
explicitly to 100 less than the smallest node MTU value.
|
|
endif::operator[]
|
|
|
|
ifdef::operator[]
|
|
<3> The MTU for the Geneve (Generic Network Virtualization Encapsulation)
|
|
overlay network. This value is normally configured automatically.
|
|
endif::operator[]
|
|
|
|
<4> The UDP port for the Geneve overlay network.
|
|
|
|
[id="nw-operator-example-cr_{context}"]
|
|
== Cluster Network Operator example configuration
|
|
|
|
A complete CR object for the CNO is displayed in the following example:
|
|
|
|
.Cluster Network Operator example CR
|
|
[source,yaml]
|
|
----
|
|
apiVersion: operator.openshift.io/v1
|
|
kind: Network
|
|
metadata:
|
|
name: cluster
|
|
spec:
|
|
clusterNetwork:
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
serviceNetwork:
|
|
- 172.30.0.0/16
|
|
defaultNetwork:
|
|
type: OpenShiftSDN
|
|
openshiftSDNConfig:
|
|
mode: NetworkPolicy
|
|
mtu: 1450
|
|
vxlanPort: 4789
|
|
kubeProxyConfig:
|
|
iptablesSyncPeriod: 30s
|
|
proxyArguments:
|
|
iptables-min-sync-period:
|
|
- 0s
|
|
----
|
|
|
|
ifeval::["{context}" == "cluster-network-operator"]
|
|
:!operator:
|
|
endif::[]
|