TELCODOCS-328 - Adding new VIP install params for IPv4 and IPv6 #51135
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openshift-ci
bot
added
do-not-merge/work-in-progress
|
🤖 Updated build preview is available at: Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/4140 |
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
3 times, most recently
from
11456c1
to
1a4e04a
Compare
openshift-ci
bot
added
size/M
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
5 times, most recently
from
7a62177
to
9dd093d
Compare
cybertron
reviewed
Oct 14, 2022
|
|
||
| [NOTE] | ||
| ==== | ||
| Before {product-title} 4.12, the cluster installation program accepted only an IPv4 address for the `apiVIP` configuration setting. From {product-title} 4.12 or later, the `apiVIP` configuration setting is deprecated. Instead, use a list format for the `apiVIPs` configuration setting to specify an IPv4 addresses, an IPv6 addresses or both IP address formats. |
There was a problem hiding this comment.
apiVIP accepted both ipv4 and ipv6 addresses. ipv6 was only for single-stack ipv6 deployments though.
| | `apiVIP` | | (Optional) The virtual IP address for Kubernetes API communication. | ||
| | `apiVIPs` | a| (Optional) The virtual IP address for Kubernetes API communication. | ||
|
|
||
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `apiVIPs` configuration setting in the `install-config.yaml` file. The IP address must be from the primary IPv4 or IPv6 network when using dual-stack networking. If not set, the installation program uses `api.<cluster_name>.<base_domain>` to derive the IP address from the DNS. |
There was a problem hiding this comment.
"The IP address must be from the primary IPv4 or IPv6 network when using dual-stack networking."
In dual stack, the primary network must be ipv4. The requirements for ip version in the new config are:
ipv4 single stack: one ipv4 address
ipv6 single stack: one ipv6 address
dual stack: one ipv4 and optionally one ipv6 address, in that order
|
|
||
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIP` configuration setting in the `install-config.yaml` file. The IP address must be from the primary IPv4 network when using dual stack networking. If not set, the installer uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS. | ||
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIP` configuration setting in the `install-config.yaml` file. The IP address must be from the primary IPv4 or IPv6 network when using dual-stack networking. If not set, the installation program uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS. |
There was a problem hiding this comment.
The same IP requirements apply here too.
|
|
||
| [NOTE] | ||
| ==== | ||
| Before {product-title} 4.12, the cluster installation program accepted only an IPv4 address for the `ingressVIP` configuration setting. From {product-title} 4.12 or later, the `ingressVIP` configuration setting is deprecated. Instead, use a list format for the `ingressVIPs` configuration setting to specify an IPv4 addresses, an IPv6 addresses or both IP address formats. |
|
|
||
| You can also configure IPv4 or IPv6 virtual IP (VIP) address endpoints for the Ingress VIP and API VIP. This provides an interface to the cluster for applications that use IPv4 or IPv6 addresses. |
There was a problem hiding this comment.
This should probably be "IPv4 and IPv6". In dual stack you can't have just an IPv6 VIP.
|
|
||
| .Procedure | ||
|
|
||
| . Edit the `machineNetwork`, `clusterNetwork`, and `serviceNetwork` configuration settings in the `install-config.yaml` file to configure IPv4 or IPv6 address endpoints for nodes in the cluster. Each setting must have two CIDR entries each. Ensure the first CIDR entry is the IPv4 setting and the second CIDR entry is the IPv6 setting. |
There was a problem hiding this comment.
This should also be an "and".
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
2 times, most recently
from
25fbba2
to
f3d3af4
Compare
rohennes
commented
Oct 17, 2022
| ingressVIPs: | ||
| - <wildcard_ipv4> | ||
| - <wildcard_ipv6> | ||
| ---- |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
1 task
|
/lgtm All of the ip version requirements look good now, thanks! |
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
from
f3d3af4
to
ef607ed
Compare
|
New changes are detected. LGTM label has been removed. |
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
5 times, most recently
from
54d0ba6
to
ef018a9
Compare
openshift-ci
bot
removed
the
size/M
creydr
reviewed
Nov 2, 2022
| @@ -1233,12 +1233,24 @@ Additional {rh-virtualization} configuration parameters are described in the fol | |||
| |Required. The vNIC profile ID of the VM network interfaces. This can be inferred if the cluster network has a single profile. | |||
| |String. For example: `3fa86930-0be5-4052-b667-b79f0a729692` | |||
|
|
|||
| |`platform.ovirt.api_vip` | |||
| |`platform.ovirt.api_vips` | |||
| |Required. An IP address on the machine network that will be assigned to the API virtual IP (VIP). You can access the OpenShift API at this endpoint. | |||
There was a problem hiding this comment.
Actually it is possible to specify up to two IP addresses (in dual-stack case). Same applies for the other apiVips and ingressVips fields.
There was a problem hiding this comment.
Thanks @creydr - I have implemented your feedback. Please let me know if this is accurate or if any other issues. Thanks!
| api_vips: | ||
| - 10.46.8.230 | ||
| ingress_vips: | ||
| - 192.168.1.5 |
There was a problem hiding this comment.
IIRC the ovirt people wanted to check their config first and remove the validation, if the validation is wrong: https://coreos.slack.com/archives/C68TNFWA2/p1663242301646269?thread_ts=1662377646.622669&cid=C68TNFWA2 - anyhow I haven't seen an exception for ovirt in the installer for the validation.
@mburman5 how did you proceed on the IP expected to be in one of the machine networks issue on ovirt?
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
2 times, most recently
from
afc1c72
to
5815095
Compare
eldar101
reviewed
Nov 2, 2022
|
Other than a small comment above, |
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
from
5815095
to
58b85c9
Compare
|
/label telco |
openshift-ci
bot
added
telco
|
/label peer-review-in-progress |
openshift-ci
bot
added
the
peer-review-in-progress
abhatt-rh
reviewed
Nov 11, 2022
|
|
||
| [NOTE] | ||
| ==== | ||
| From {product-title} 4.12 or later, the `api_vip` configuration setting is deprecated. Instead, use a list format to enter a value in the `api_vips` configuration setting. The order of the list indicates the primary and secondary VIP address for each service. |
There was a problem hiding this comment.
Global comment based on the general usage across OpenShift docs:
Suggested change
| From {product-title} 4.12 or later, the `api_vip` configuration setting is deprecated. Instead, use a list format to enter a value in the `api_vips` configuration setting. The order of the list indicates the primary and secondary VIP address for each service. | |
| In {product-title} 4.12 and later, the `api_vip` configuration setting is deprecated. Instead, use a list format to enter a value in the `api_vips` configuration setting. The order of the list indicates the primary and secondary VIP address for each service. |
| @@ -148,6 +150,11 @@ specify the base64-encoded user name and password for your mirror registry. | |||
| <12> Provide the `imageContentSources` section from the output of the command to mirror the repository. | |||
| endif::restricted[] | |||
|
|
|||
| [NOTE] | |||
| ==== | |||
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |||
There was a problem hiding this comment.
Suggested change
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |
| From {product-title} 4.12 or later, the `apiVIP` and `ingressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `ingressVIPs` configuration settings. |
| + | ||
| [NOTE] | ||
| ==== | ||
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. |
There was a problem hiding this comment.
For RHV, should these be as suggested?
Suggested change
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |
| From {product-title} 4.12 or later, the `api_vip` and `ingress_vip` configuration settings are deprecated. Instead, use a list format to enter values in the `api_vips` and `ingress_vips` configuration settings. |
| @@ -111,6 +120,10 @@ pullSecret: '{"auths": ...}' | |||
| sshKey: ssh-ed12345 AAAA... | |||
| ---- | |||
|
|
|||
| [NOTE] | |||
| ==== | |||
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |||
There was a problem hiding this comment.
For RHV, should these be as suggested?
Suggested change
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |
| From {product-title} 4.12 or later, the `api_vip` and `ingress_vip` configuration settings are deprecated. Instead, use a list format to enter values in the `api_vips` and `ingress_vips` configuration settings. |
|
|
||
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIP` configuration setting in the `install-config.yaml` file. The IP address must be from the primary IPv4 network when using dual stack networking. If not set, the installer uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS. | ||
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIP` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS. |
There was a problem hiding this comment.
Suggested change
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIP` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS. | |
| This setting must either be provided in the `install-config.yaml` file as a reserved IP from the MachineNetwork or pre-configured in the DNS so that the default name resolves correctly. Use the virtual IP address and not the FQDN when adding a value to the `ingressVIPs` configuration setting in the `install-config.yaml` file. The primary IP address must be from the IPv4 network when using dual stack networking. If not set, the installation program uses `test.apps.<cluster_name>.<base_domain>` to derive the IP address from the DNS. |
| @@ -157,6 +172,11 @@ pullSecret: '{"auths": ...}' | |||
| sshKey: ssh-ed25519 AAAA... | |||
| ---- | |||
|
|
|||
| [NOTE] | |||
| ==== | |||
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |||
There was a problem hiding this comment.
Same as above
Suggested change
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |
| From {product-title} 4.12 or later, the `api_vip` and `ingress_vip` configuration settings are deprecated. Instead, use a list format to enter values in the `api_vips` and `ingress_vips` configuration settings. |
| @@ -6,7 +6,7 @@ | |||
| [id='modifying-install-config-for-dual-stack-network_{context}'] | |||
| = Optional: Deploying with dual-stack networking | |||
|
|
|||
| To deploy an {product-title} cluster with dual-stack networking, edit the `machineNetwork`, `clusterNetwork`, and `serviceNetwork` configuration settings in the `install-config.yaml` file. Each setting must have two CIDR entries each. Ensure the first CIDR entry is the IPv4 setting and the second CIDR entry is the IPv6 setting. | |||
| For dual-stack networking in {product-title} clusters, you can configure IPv4 and IPv6 address endpoints for nodes in the cluster. Edit the `machineNetwork`, `clusterNetwork`, and `serviceNetwork` configuration settings in the `install-config.yaml` file to configure IPv4 and IPv6 address endpoints for nodes in the cluster. Each setting must have two CIDR entries each. Ensure the first CIDR entry is the IPv4 setting and the second CIDR entry is the IPv6 setting. | |||
There was a problem hiding this comment.
It’s usually best to put the action first. Consider the suggested change:
Suggested change
| For dual-stack networking in {product-title} clusters, you can configure IPv4 and IPv6 address endpoints for nodes in the cluster. Edit the `machineNetwork`, `clusterNetwork`, and `serviceNetwork` configuration settings in the `install-config.yaml` file to configure IPv4 and IPv6 address endpoints for nodes in the cluster. Each setting must have two CIDR entries each. Ensure the first CIDR entry is the IPv4 setting and the second CIDR entry is the IPv6 setting. | |
| For dual-stack networking in {product-title} clusters, you can configure IPv4 and IPv6 address endpoints for nodes in the cluster. To configure IPv4 and IPv6 address endpoints for nodes in the cluster, edit the `machineNetwork`, `clusterNetwork`, and `serviceNetwork` configuration settings in the `install-config.yaml` file. Each setting must have two CIDR entries each. Ensure the first CIDR entry is the IPv4 setting and the second CIDR entry is the IPv6 setting. |
openshift-ci
bot
added
peer-review-done
cybertron
reviewed
Nov 11, 2022
| @@ -111,6 +120,10 @@ pullSecret: '{"auths": ...}' | |||
| sshKey: ssh-ed12345 AAAA... | |||
| ---- | |||
|
|
|||
| [NOTE] | |||
| ==== | |||
| From {product-title} 4.12 or later, the `apiVIP` and `IngressVIP` configuration settings are deprecated. Instead, use a list format to enter values in the `apiVIPs` and `IngressVIPs` configuration settings. | |||
rohennes
force-pushed
the
TELCODOCS-328-dual-vips
branch
from
58b85c9
to
e5e73fc
Compare
|
/label merge-review-needed |
openshift-ci
bot
added
the
merge-review-needed
EricPonvelle
added
merge-review-in-progress
|
/cherrypick enterprise-4.12 |
|
@EricPonvelle: new pull request created: #53215 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
EricPonvelle
removed
the
merge-review-in-progress
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TELCODOCS-328: Ingress VIP and API VIP currently support IPv4 address only. With this update, IPv6 addresses are also supported.
Version(s):
4.12+
Issue:
https://issues.redhat.com/browse/TELCODOCS-328
Link to docs preview:
IPI updates
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.html#configuring-the-install-config-file_ipi-install-installation-workflow
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.html#additional-install-config-parameters_ipi-install-installation-workflow
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.html#modifying-install-config-for-dual-stack-network_ipi-install-installation-workflow
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_bare_metal_ipi/ipi-install-installation-workflow.html#modifying-install-config-for-no-provisioning-network_ipi-install-installation-workflow
OpenStack updates
apiVIPtoapiVIPshttp://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_openstack/installing-openstack-installer-custom.html#installation-osp-custom-subnet_installing-openstack-installer-custom
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_openstack/installing-openstack-installer-custom.html#installation-osp-custom-subnet_installing-openstack-installer-custom
vSphere updates
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_vmc/installing-vmc-customizations.html#installation-installer-provisioned-vsphere-config-yaml_installing-vmc-customizations
RHV updates:
http://file.emea.redhat.com/rohennes/TELCODOCS-328-dual-vips/installing/installing_rhv/installing-rhv-customizations.html#installing-rhv-example-install-config-yaml_installing-rhv-customizations
QE review: