You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/nw-udn-benefits.adoc
+6-1
Original file line number
Diff line number
Diff line change
@@ -29,4 +29,9 @@ User-defined networks provide the following benefits:
29
29
+
30
30
* **Network parity**: With user-defined networking, the migration of applications from OpenStack to {product-title} is simplified by providing similar network isolation and configuration options.
31
31
32
-
Developers and administrators can create a user-defined network that is namespace scoped using the custom resource. An overview of the process is: create a namespace, create and configure the custom resource, create pods in the namespace.
32
+
Developers and administrators can create a user-defined network that is namespace scoped using the custom resource. An overview of the process is as follows:
33
+
+
34
+
. An administrator creates a namespace for a user-defined network with the `k8s.ovn.org/primary-user-defined-network` label.
35
+
. Optional: An administrator grants a non-administrator user `admin` privileges on the user-defined network namespace.
36
+
. The `UserDefinedNetwork` CR is created
37
+
. The administrator or user with `admin` privileges creates pods in the namespace.
Copy file name to clipboardExpand all lines: modules/nw-udn-best-practices.adoc
+21-14
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@
6
6
[id="considerations-for-udn_{context}"]
7
7
= Best practices for UserDefinedNetwork
8
8
9
-
Before setting up a `UserDefinedNetwork` (UDN) resource, users should consider the following information:
9
+
Before setting up a `UserDefinedNetwork` (UDN) resource, you should consider the following information:
10
10
11
11
//These will not go live till 4.18 GA
12
12
//* To eliminate errors and ensure connectivity, you should create a namespace scoped UDN CR before creating any workload in the namespace.
@@ -15,6 +15,25 @@ Before setting up a `UserDefinedNetwork` (UDN) resource, users should consider t
15
15
16
16
* `openshift-*` namespaces should not be used to set up a UDN.
17
17
18
+
* {product-title} administrators should be aware that empty `matchLabel` selectors results in selecting all namespaces of the cluster.
19
+
20
+
* For primary networks, the namespace used for the `UserDefinedNetwork` CR must include the `k8s.ovn.org/primary-user-defined-network` label. This label cannot be updated, and can only be added when the namespace is created. The following conditions apply with the `k8s.ovn.org/primary-user-defined-network` namespace label:
21
+
22
+
** If the namespace is missing the `k8s.ovn.org/primary-user-defined-network` label and a pod is created, the pod attaches itself to the default network.
23
+
24
+
** If the namespace is missing the `k8s.ovn.org/primary-user-defined-network` label and a primary UDN CR is created that matches the namespace, the UDN reports an error status and the network will not be created.
25
+
26
+
** If the namespace is missing the `k8s.ovn.org/primary-user-defined-network` label and a primary UDN already exists, a pod in the namespace will be created and attached to the default network.
27
+
28
+
** If the namespace _has_ the label, and a primary UDN does not exist, a pod in the namespace will not be created until the UDN is created.
29
+
30
+
* If the user-defined network is intended to be used by a non-administrator user, you must grant the `admin` role to the non-administrator user on the user-defined namespace. For example:
* 2 masquerade IP addresses are required for user defined networks. You must reconfigure your masquerade subnet to be large enough to hold the required number of networks.
19
38
+
20
39
[IMPORTANT]
@@ -29,16 +48,4 @@ Before setting up a `UserDefinedNetwork` (UDN) resource, users should consider t
29
48
30
49
* When creating network segmentation, you should only use the NAD resource if user-defined network segmentation cannot be completed using the UDN resource.
31
50
32
-
* The cluster subnet and services CIDR for a UDN cannot overlap with the default cluster subnet CIDR. OVN-Kubernetes network plugin uses `100.64.0.0/16` as the default network's join subnet, you must not use that value to configure a UDN `joinSubnets` field. If the default address values are used anywhere in the cluster's network you must override it by setting the `joinSubnets` field. For more information, see "Additional configuration details for a UserDefinedNetworks CR".
33
-
34
-
* {product-title} administrators should be aware that empty `matchLabel` selectors results in selecting all namespaces of the cluster.
35
-
36
-
* For primary networks, the namespace used for the `UserDefinedNetwork` CR must include the `k8s.ovn.org/primary-user-defined-network` label. This label cannot be updated, and can only be added when the namespace is created. The following conditions apply with the `k8s.ovn.org/primary-user-defined-network` namespace label:
37
-
38
-
** If the namespace is missing the `k8s.ovn.org/primary-user-defined-network` label and a pod is created, the pod attaches itself to the default network.
39
-
40
-
** If the namespace is missing the `k8s.ovn.org/primary-user-defined-network` label and a primary UDN CR is created that matches the namespace, the UDN reports an error status and the network will not be created.
41
-
42
-
** If the namespace is missing the `k8s.ovn.org/primary-user-defined-network` label and a primary UDN already exists, a pod in the namespace will be created and attached to the default network.
43
-
44
-
** If the namespace _has_ the label, and a primary UDN does not exist, a pod in the namespace will not be created until the UDN is created.
51
+
* The cluster subnet and services CIDR for a UDN cannot overlap with the default cluster subnet CIDR. OVN-Kubernetes network plugin uses `100.64.0.0/16` as the default network's join subnet, you must not use that value to configure a UDN `joinSubnets` field. If the default address values are used anywhere in the cluster's network you must override it by setting the `joinSubnets` field. For more information, see "Additional configuration details for a UserDefinedNetworks CR".
Copy file name to clipboardExpand all lines: modules/nw-udn-cr.adoc
+20-3
Original file line number
Diff line number
Diff line change
@@ -14,11 +14,28 @@ The following procedure creates a user-defined network that is namespace scoped.
14
14
//If any cluster default networked pods exist before the user-defined network is created, any further pods created in this namespace will return an error message: `What_is_this`.
15
15
//====
16
16
17
-
.Prerequisites
17
+
.Procedure
18
18
19
-
* You have created a namespace with the `k8s.ovn.org/primary-user-defined-network` label.
19
+
. Optional: For a `UserDefinedNetwork` CR that uses a primary network, create a namespace with the `k8s.ovn.org/primary-user-defined-network` label by entering the following command:
20
+
+
21
+
[source,yaml]
22
+
----
23
+
$ cat << EOF | oc apply -f -
24
+
apiVersion: v1
25
+
kind: Namespace
26
+
metadata:
27
+
name: <udn_namespace_name>
28
+
labels:
29
+
k8s.ovn.org/primary-user-defined-network: ""
30
+
EOF
31
+
----
20
32
21
-
.Procedure
33
+
. Optional: If the user-defined network is intended to be used by a non-administrator user, grant the non-administrator user `admin` permissions on the namespace by entering the following command:
0 commit comments