From 6d198ca0982f14617ddb1508f61304dede79fcd7 Mon Sep 17 00:00:00 2001 From: Lars Kellogg-Stedman Date: Mon, 27 Jun 2022 17:02:28 -0400 Subject: [PATCH 1/2] Switch nmstate from "stable" to "4.10" channel The "stable" channel is resulting in errors: > no channel heads (entries not replaced by another entry) found in > channel "stable" of package "kubernetes-nmstate-operator"", --- .../kubernetes-nmstate-operator/subscriptions.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-scope/base/operators.coreos.com/subscriptions/kubernetes-nmstate-operator/subscriptions.yaml b/cluster-scope/base/operators.coreos.com/subscriptions/kubernetes-nmstate-operator/subscriptions.yaml index 80e85e67..7b6c934e 100644 --- a/cluster-scope/base/operators.coreos.com/subscriptions/kubernetes-nmstate-operator/subscriptions.yaml +++ b/cluster-scope/base/operators.coreos.com/subscriptions/kubernetes-nmstate-operator/subscriptions.yaml @@ -3,7 +3,7 @@ kind: Subscription metadata: name: kubernetes-nmstate-operator spec: - channel: stable + channel: "4.10" installPlanApproval: Automatic name: kubernetes-nmstate-operator source: redhat-operators From 37c4dc731604a08ed777ebdc8db7897c6b62d5af Mon Sep 17 00:00:00 2001 From: Lars Kellogg-Stedman Date: Mon, 27 Jun 2022 17:33:51 -0400 Subject: [PATCH 2/2] Set routingViaHost in OVN configuration Set the `gatewayConfig.routingViaHost` option in the OVNKubernetes configuration. This is necessary for connections initiated from pods to use the host routing tables. From the docs [1]: > Set this field to true to send egress traffic from pods to the host > networking stack. For highly-specialized installations and > applications that rely on manually configured routes in the kernel > routing table, you might want to route egress traffic to the host > networking stack. By default, egress traffic is processed in OVN to > exit the cluster and is not affected by specialized routes in the > kernel routing table. The default value is false. > > This field has an interaction with the Open vSwitch hardware > offloading feature. If you set this field to true, you do not > receive the performance benefits of the offloading because egress > traffic is processed by the host networking stack. [1]: https://docs.openshift.com/container-platform/4.10/networking/cluster-network-operator.html --- .../networks/cluster/kustomization.yaml | 4 ++++ .../operator.openshift.io/networks/cluster/network.yaml | 9 +++++++++ cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml | 1 + 3 files changed, 14 insertions(+) create mode 100644 cluster-scope/base/operator.openshift.io/networks/cluster/kustomization.yaml create mode 100644 cluster-scope/base/operator.openshift.io/networks/cluster/network.yaml diff --git a/cluster-scope/base/operator.openshift.io/networks/cluster/kustomization.yaml b/cluster-scope/base/operator.openshift.io/networks/cluster/kustomization.yaml new file mode 100644 index 00000000..b807ccc6 --- /dev/null +++ b/cluster-scope/base/operator.openshift.io/networks/cluster/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - network.yaml diff --git a/cluster-scope/base/operator.openshift.io/networks/cluster/network.yaml b/cluster-scope/base/operator.openshift.io/networks/cluster/network.yaml new file mode 100644 index 00000000..b3af309f --- /dev/null +++ b/cluster-scope/base/operator.openshift.io/networks/cluster/network.yaml @@ -0,0 +1,9 @@ +apiVersion: operator.openshift.io/v1 +kind: Network +metadata: + name: cluster +spec: + defaultNetwork: + ovnKubernetesConfig: + gatewayConfig: + routingViaHost: true diff --git a/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml b/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml index 4368e80f..7a6c7e73 100644 --- a/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml +++ b/cluster-scope/overlays/nerc-ocp-infra/kustomization.yaml @@ -7,6 +7,7 @@ resources: - ../../bundles/openshift-gitops - ../../bundles/acm - ../../bundles/odf +- ../../base/operator.openshift.io/networks/cluster - clusterversion.yaml - machineconfigs/disable-net-ifnames.yaml - machineconfigs/mellanox-udev-rules