|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | + |
| 4 | +:_mod-docs-content-type: PROCEDURE |
| 5 | +[id="nwt-gateway-mode_{context}"] |
| 6 | += Setting local and shared gateway modes |
| 7 | + |
| 8 | +As a cluster administrator you can configure the gateway mode using the `gatewayConfig` spec in the Cluster Network Operator. The following procedure can be used to set the `routingViaHost` field to `true` for local mode or `false` for shared mode. |
| 9 | + |
| 10 | +You can follow the optional step 4 to enable IP forwarding alongside local gateway mode if you need the host network of the node to act as a router for traffic not related to OVN-Kubernetes. For example, possible use cases for combining local gateway mode with IP forwarding include: |
| 11 | + |
| 12 | +* Configuring all pod egress traffic to be forwarded via the node's IP |
| 13 | +
|
| 14 | +* Integrating OVN-Kubernetes CNI with external network address translation (NAT) devices |
| 15 | +
|
| 16 | +* Configuring OVN-Kubernetes CNI to use a kernel routing table |
| 17 | +
|
| 18 | +
|
| 19 | +.Prerequisites |
| 20 | +* You are logged in as a user with admin privileges. |
| 21 | +
|
| 22 | +.Procedure |
| 23 | + |
| 24 | +. Back up the existing network configuration by running the following command: |
| 25 | ++ |
| 26 | +[source,terminal] |
| 27 | +---- |
| 28 | +$ oc get network.operator cluster -o yaml > network-config-backup.yaml |
| 29 | +---- |
| 30 | + |
| 31 | +. Set the `routingViaHost` paramemter to `true` for local gateway mode by running the following command: |
| 32 | ++ |
| 33 | +[source,terminal] |
| 34 | +---- |
| 35 | +$ oc patch networks.operator.openshift.io cluster --type=merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"routingViaHost": true}}}}}' |
| 36 | +---- |
| 37 | + |
| 38 | +. Verify that local gateway mode has been set by running the following command: |
| 39 | ++ |
| 40 | +[source,terminal] |
| 41 | +---- |
| 42 | +$ oc get networks.operator.openshift.io cluster -o yaml | grep -A 5 "gatewayConfig" |
| 43 | +---- |
| 44 | ++ |
| 45 | +.Example output |
| 46 | +[source,terminal] |
| 47 | +---- |
| 48 | +apiVersion: operator.openshift.io/v1 |
| 49 | +kind: Network |
| 50 | +metadata: |
| 51 | + name: cluster |
| 52 | +# ... |
| 53 | +gatewayConfig: |
| 54 | + ipv4: {} |
| 55 | + ipv6: {} |
| 56 | + routingViaHost: true <1> |
| 57 | + genevePort: 6081 |
| 58 | + ipsecConfig: |
| 59 | +# ... |
| 60 | +---- |
| 61 | +<1> A value of `true` sets local gateway mode and a value of `false` sets shared gateway mode. In local gateway mode, traffic is routed through the host. In shared gateway mode, traffic is not routed through the host. |
| 62 | + |
| 63 | +. Optional: Enable IP forwarding globally by running the following command: |
| 64 | ++ |
| 65 | +[source,terminal] |
| 66 | +---- |
| 67 | +$ oc patch network.operator cluster --type=merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}}' |
| 68 | +---- |
| 69 | +.. Verify that the `ipForwarding` spec has been set to `Global` by running the following command: |
| 70 | ++ |
| 71 | +[source,terminal] |
| 72 | +---- |
| 73 | +$ oc get networks.operator.openshift.io cluster -o yaml | grep -A 5 "gatewayConfig" |
| 74 | +---- |
| 75 | ++ |
| 76 | +.Example output |
| 77 | +[source,terminal] |
| 78 | +---- |
| 79 | +apiVersion: operator.openshift.io/v1 |
| 80 | +kind: Network |
| 81 | +metadata: |
| 82 | + name: cluster |
| 83 | +# ... |
| 84 | +gatewayConfig: |
| 85 | + ipForwarding: Global |
| 86 | + ipv4: {} |
| 87 | + ipv6: {} |
| 88 | + routingViaHost: true |
| 89 | + genevePort: 6081 |
| 90 | +# ... |
| 91 | +---- |
0 commit comments