Add OVN-Kubernetes egress IP support [4.6] #25126
Conversation
openshift-ci-robot
added
the
size/S
|
The preview will be available shortly at: |
jboxman
changed the title
jboxman
force-pushed
the
OSDOCS-1246
branch
from
38d8902 to
c7f01af
Compare
openshift-ci-robot
added
size/L
jboxman
force-pushed
the
OSDOCS-1246
branch
3 times, most recently
from
d66a903 to
821010d
Compare
alexanderConstantinescu
left a comment
alexanderConstantinescu
left a comment
There was a problem hiding this comment.
@jboxman : I left these comments on the docs, in general it looks good though.
modules/nw-egress-ips-about.adoc
Outdated
There was a problem hiding this comment.
This is not quite true, due to bug: https://bugzilla.redhat.com/show_bug.cgi?id=1877273 (which will not be fixed in the 4.6 release and will have to be Z-streamed). The impact of that bug is: the egress IP will not fail over if it simply stops functioning for whatever reason. It must be deleted by the user by doing a oc delete node $NODE for that to happen. I would thus re-phrase for the moment and say: If a node is deleted by the cluster admin, any egress IP addresses...
There was a problem hiding this comment.
And possibly add a note for this corner case of having a "silent network failure" for a node, which is not supported today.
There was a problem hiding this comment.
@alexanderConstantinescu, what might constitute the class of silent network failures? Is there a class of noisy network failures that OCP does detect? I can say:
NOTE: An egress IP address is not reassigned if a connectivity interruption is undetected.
But I'm not sure how to elaborate on that.
There was a problem hiding this comment.
You bring up a good point. "Silently" to me is if a node can't be reached anymore networking wise, but Kubernetes/OpenShift seems to think everything is running fine and indicates such. But actually, if a node X's networking is down (even silently), the kubelet will stop reporting the node's status and thus a cluster admin of Kubernetes / OpenShift will know. We will still not be able to handle that today for egress IP, so I would say: If a node is deleted by the cluster admin, any egress IP addresses... because even if it's unavailable (silently or not) we still don't handle that case. But this will need to be fixed in the docs once that bug is solved, but I will contact you then
There was a problem hiding this comment.
@alexanderConstantinescu, so I've updated this to:
- If a node is deleted by a cluster administrator, any egress IP addresses assigned to it are automatically reassigned, subject to the previously described conditions.
NOTE: An egress IP address is not reassigned if a connectivity interruption is undetected.
But maybe I don't need the note?
Thanks!
There was a problem hiding this comment.
Yeah, I would say the NOTE adds confusion. The text is already explicit IMO
jboxman
added
the
peer-review-needed
kalexand-rh
left a comment
kalexand-rh
left a comment
There was a problem hiding this comment.
I have some questions and suggestions, but this is looking good.
modules/nw-egress-ips-about.adoc
Outdated
There was a problem hiding this comment.
Is there anything else that a user might want to know about how that IP address is reserved? (I've seen enough about conflicting IP addresses and ranges that it might be worth saying more.)
There was a problem hiding this comment.
Later in this module, it sounds like you need an IP address range, but here it sounds like there's just one egress IP address.
There was a problem hiding this comment.
@alexanderConstantinescu, does it make sense to elaborate on this?
There was a problem hiding this comment.
Yes, I would maybe add that An egress IP address is implemented as an additional IP address on the primary network interface of a node and must be in the same subnet as the primary IP address of the node, but it cannot be the IP address of any cluster node.. It needs to be clear to the user that if they do that, bad things will happen. Normally none would ever do such a thing...but you never know how courageous some people are ?
They never configure IP address ranges either, for OVN-Kubernetes it will only accept one or multiple IP address defined in the .spec.egressIPs section of the EgressIP object stanza.
Hope that's clear.
networking/ovn_kubernetes_network_provider/assigning-egress-ips.adoc
Outdated
Show resolved
Hide resolved
kalexand-rh
added
peer-review-done
|
@kalexand-rh thanks! |
|
I don't know if this ever came up, but for OpenShift SDN questions regarding whether and how it works on cloud providers come up frequently; Is there anything of note with EgressIP under OVN-Kubernetes related to cloud vs non-cloud deployments? Thanks! |
jboxman
force-pushed
the
OSDOCS-1246
branch
3 times, most recently
from
64bd90b to
c833eaa
Compare
GCP, AWS, Azure, etc all require manual assignment of additional IPs to VM NICs through the cloud provider's console. This is something we on OpenShift's side cannot do (or at least don't do currently). So yes, we should mention that this will work "as is" for bare metal. For vSphere and Openstack the user will need to configure their deployment to allow automatic assignment by OpenShift, so it is possible with this additional step. I don't know exactly what that step is though, but the customer's who do this, will probably know. |
|
Hi @huiran0826, Can you confirm this PR for OVN-Kubernetes egress IP support? Thanks! |
|
@alexanderConstantinescu, added the following to the diagram discussion, which I think is correct?
|
|
lgtm |
|
@danielmellado, do you know whether automatic assignment of additional IP addresses is possible on RHOSP? Thanks! |
That's correct |
jboxman
force-pushed
the
OSDOCS-1246
branch
2 times, most recently
from
dc0e420 to
f8be6e0
Compare
- https://issues.redhat.com/browse/OSDOCS-1246 Co-authored-by: Kathryn Alexander <37149781+kalexand-rh@users.noreply.github.com>
|
/cherry-pick enterprise-4.6 |
|
@jboxman: new pull request created: #26423 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
8 participants
Previews: