我的书签
添加书签
移除书签Cluster Network Operator in OKD
- Cluster Network Operator
- Viewing the cluster network configuration
- Viewing Cluster Network Operator status
- Viewing Cluster Network Operator logs
- Cluster Network Operator configuration
- Additional resources
The Cluster Network Operator (CNO) deploys and manages the cluster network components on an OKD cluster, including the Container Network Interface (CNI) default network provider plug-in selected for the cluster during installation.
Cluster Network Operator
The Cluster Network Operator implements the network API from the operator.openshift.io API group. The Operator deploys the OpenShift SDN default Container Network Interface (CNI) network provider plug-in, or the default network provider plug-in that you selected during cluster installation, by using a daemon set.
Procedure
The Cluster Network Operator is deployed during installation as a Kubernetes Deployment.
Run the following command to view the Deployment status:
$ oc get -n openshift-network-operator deployment/network-operator
Example output
NAME READY UP-TO-DATE AVAILABLE AGEnetwork-operator 1/1 1 1 56m
Run the following command to view the state of the Cluster Network Operator:
$ oc get clusteroperator/network
Example output
NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCEnetwork 4.5.4 True False False 50m
The following fields provide information about the status of the operator:
AVAILABLE,PROGRESSING, andDEGRADED. TheAVAILABLEfield isTruewhen the Cluster Network Operator reports an available status condition.
Viewing the cluster network configuration
Every new OKD installation has a network.config object named cluster.
Procedure
Use the
oc describecommand to view the cluster network configuration:$ oc describe network.config/cluster
Example output
Name: clusterNamespace:Labels: <none>Annotations: <none>API Version: config.openshift.io/v1Kind: NetworkMetadata:Self Link: /apis/config.openshift.io/v1/networks/clusterSpec: (1)Cluster Network:Cidr: 10.128.0.0/14Host Prefix: 23Network Type: OpenShiftSDNService Network:172.30.0.0/16Status: (2)Cluster Network:Cidr: 10.128.0.0/14Host Prefix: 23Cluster Network MTU: 8951Network Type: OpenShiftSDNService Network:172.30.0.0/16Events: <none>
1 The Specfield displays the configured state of the cluster network.2 The Statusfield displays the current state of the cluster network configuration.
Viewing Cluster Network Operator status
You can inspect the status and view the details of the Cluster Network Operator using the oc describe command.
Procedure
Run the following command to view the status of the Cluster Network Operator:
$ oc describe clusteroperators/network
Viewing Cluster Network Operator logs
You can view Cluster Network Operator logs by using the oc logs command.
Procedure
Run the following command to view the logs of the Cluster Network Operator:
$ oc logs --namespace=openshift-network-operator deployment/network-operator
Cluster Network Operator configuration
The configuration for the cluster network is specified as part of the Cluster Network Operator (CNO) configuration and stored in a custom resource (CR) object that is named cluster. The CR specifies the fields for the Network API in the operator.openshift.io API group.
The CNO configuration inherits the following fields during cluster installation from the Network API in the Network.config.openshift.io API group and these fields cannot be changed:
clusterNetwork
IP address pools from which pod IP addresses are allocated.
serviceNetwork
IP address pool for services.
defaultNetwork.type
Cluster network provider, such as OpenShift SDN or OVN-Kubernetes.
After cluster installation, you cannot modify the fields listed in the previous section. |
You can specify the cluster network provider configuration for your cluster by setting the fields for the defaultNetwork object in the CNO object named cluster.
Cluster Network Operator configuration object
The fields for the Cluster Network Operator (CNO) are described in the following table:
| Field | Type | Description |
|---|---|---|
|
| The name of the CNO object. This name is always |
|
| A list specifying the blocks of IP addresses from which pod IP addresses are allocated and the subnet prefix length assigned to each individual node in the cluster. For example:
This value is ready-only and inherited from the |
|
| A block of IP addresses for services. The OpenShift SDN and OVN-Kubernetes Container Network Interface (CNI) network providers support only a single IP address block for the service network. For example:
This value is ready-only and inherited from the |
|
| Configures the Container Network Interface (CNI) cluster network provider for the cluster network. |
|
| The fields for this object specify the kube-proxy configuration. If you are using the OVN-Kubernetes cluster network provider, the kube-proxy configuration has no effect. |
defaultNetwork object configuration
The values for the defaultNetwork object are defined in the following table:
| Field | Type | Description | ||
|---|---|---|---|---|
|
| Either
| ||
|
| This object is only valid for the OpenShift SDN cluster network provider. | ||
|
| This object is only valid for the OVN-Kubernetes cluster network provider. |
Configuration for the OpenShift SDN CNI cluster network provider
The following table describes the configuration fields for the OpenShift SDN Container Network Interface (CNI) cluster network provider.
| Field | Type | Description |
|---|---|---|
|
| The network isolation mode for OpenShift SDN. |
|
| The maximum transmission unit (MTU) for the VXLAN overlay network. This value is normally configured automatically. |
|
| The port to use for all VXLAN packets. The default value is |
| You can only change the configuration for your cluster network provider during cluster installation. |
Example OpenShift SDN configuration
defaultNetwork:type: OpenShiftSDNopenshiftSDNConfig:mode: NetworkPolicymtu: 1450vxlanPort: 4789
Configuration for the OVN-Kubernetes CNI cluster network provider
The following table describes the configuration fields for the OVN-Kubernetes CNI cluster network provider.
| Field | Type | Description |
|---|---|---|
|
| The maximum transmission unit (MTU) for the Geneve (Generic Network Virtualization Encapsulation) overlay network. This value is normally configured automatically. |
|
| The UDP port for the Geneve overlay network. |
|
| If the field is present, IPsec is enabled for the cluster. |
|
| Specify a configuration object for customizing network policy audit logging. If unset, the defaults audit log settings are used. |
| Field | Type | Description |
|---|---|---|
| integer | The maximum number of messages to generate every second per node. The default value is |
| integer | The maximum size for the audit log in bytes. The default value is |
| string | One of the following additional audit log targets:
|
| string | The syslog facility, such as |
| You can only change the configuration for your cluster network provider during cluster installation. |
Example OVN-Kubernetes configuration
defaultNetwork:type: OVNKubernetesovnKubernetesConfig:mtu: 1400genevePort: 6081ipsecConfig: {}
kubeProxyConfig object configuration
The values for the kubeProxyConfig object are defined in the following table:
| Field | Type | Description | ||
|---|---|---|---|---|
|
| The refresh period for
| ||
|
| The minimum duration before refreshing
|
Cluster Network Operator example configuration
A complete CNO configuration is specified in the following example:
Example Cluster Network Operator object
apiVersion: operator.openshift.io/v1kind: Networkmetadata:name: clusterspec:clusterNetwork: (1)- cidr: 10.128.0.0/14hostPrefix: 23serviceNetwork: (1)- 172.30.0.0/16defaultNetwork: (1)type: OpenShiftSDNopenshiftSDNConfig:mode: NetworkPolicymtu: 1450vxlanPort: 4789kubeProxyConfig:iptablesSyncPeriod: 30sproxyArguments:iptables-min-sync-period:- 0s
| 1 | Configured only during cluster installation. |
