Updating node network configuration

OpenShift Container Platform uses nmstate to report on and configure the state of the node network. This makes it possible to modify network policy configuration, such as by creating a Linux bridge on all nodes, by applying a single configuration manifest to the cluster.

Node networking is monitored and updated by the following objects:

NodeNetworkState

Reports the state of the network on that node.

NodeNetworkConfigurationPolicy

Describes the requested network configuration on nodes. You update the node network configuration, including adding and removing interfaces, by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

NodeNetworkConfigurationEnactment

Reports the network policies enacted upon each node.

OpenShift Container Platform supports the use of the following nmstate interface types:

Linux Bridge
VLAN
Bond
Ethernet

Creating an interface on nodes

Create an interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster. The manifest details the requested configuration for the interface.

By default, the manifest applies to all nodes in the cluster. To add the interface to specific nodes, add the spec: nodeSelector parameter and the appropriate <key>:<value> for your node selector.

Procedure

Create the NodeNetworkConfigurationPolicy manifest. The following example configures a Linux bridge on all worker nodes:

1	Name of the policy.
2	Optional: If you do not include the `nodeSelector` parameter, the policy applies to all nodes in the cluster.
3	This example uses the `node-role.kubernetes.io/worker: “”` node selector to select all worker nodes in the cluster.
4	Optional: Human-readable description for the interface.

Create the node network policy:
```
$ oc apply -f <br1-eth1-policy.yaml> (1)
```
1 File name of the node network configuration policy manifest.

Examples of different IP management methods in policies

Confirming node network policy updates on nodes

A NodeNetworkConfigurationPolicy manifest describes your requested network configuration for nodes in the cluster. The node network policy includes your requested network configuration and the status of execution of the policy on the cluster as a whole.

When you apply a node network policy, a NodeNetworkConfigurationEnactment object is created for every node in the cluster. The node network configuration enactment is a read-only object that represents the status of execution of the policy on that node. If the policy fails to be applied on the node, the enactment for that node includes a traceback for troubleshooting.

Procedure

To confirm that a policy has been applied to the cluster, list the policies and their status:
```
$ oc get nncp
```
Optional: If a policy is taking longer than expected to successfully configure, you can inspect the requested state and status conditions of a particular policy:
```
$ oc get nncp <policy> -o yaml
```
Optional: If a policy is taking longer than expected to successfully configure on all nodes, you can list the status of the enactments on the cluster:
```
$ oc get nnce
```
Optional: To view the configuration of a particular enactment, including any error reporting for a failed configuration:
```
$ oc get nnce <node>.<policy> -o yaml
```

You can remove an interface from one or more nodes in the cluster by editing the NodeNetworkConfigurationPolicy object and setting the state of the interface to absent.

Removing an interface from a node does not automatically restore the node network configuration to a previous state. If you want to restore the previous state, you will need to define that node network configuration in the policy.

If you remove a bridge or bonding interface, any node NICs in the cluster that were previously attached or subordinate to that bridge or bonding interface are placed in a down state and become unreachable. To avoid losing connectivity, configure the node NIC in the same policy so that it has a status of up and either DHCP or a static IP address.

Deleting the node network policy that added an interface does not change the configuration of the policy on the node. Although a NodeNetworkConfigurationPolicy is an object in the cluster, it only represents the requested configuration.
Similarly, removing an interface does not delete the policy.

Procedure

Update the NodeNetworkConfigurationPolicy manifest used to create the interface. The following example removes a Linux bridge and configures the eth1 NIC with DHCP to avoid losing connectivity:
Update the policy on the node and remove the interface:
```
$ oc apply -f <br1-eth1-policy.yaml> (1)
```
1 File name of the policy manifest.

Example policy configurations for different interfaces

Create a Linux bridge interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

The following YAML file is an example of a manifest for a Linux bridge interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1beta1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: br1-eth1-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
      - name: br1 (4)
        description: Linux bridge with eth1 as a port (5)
        type: linux-bridge (6)
        state: up (7)
        ipv4:
          dhcp: true (8)
          enabled: true (9)
        bridge:
          options:
            stp:
              enabled: false (10)
            - name: eth1 (11)

1	Name of the policy.
2	Optional: If you do not include the `nodeSelector` parameter, the policy applies to all nodes in the cluster.
3	This example uses a `hostname` node selector.
4	Name of the interface.
5	Optional: Human-readable description of the interface.
6	The type of interface. This example creates a bridge.
7	The requested state for the interface after creation.
8	Optional: If you do not use `dhcp`, you can either set a static IP or leave the interface without an IP address.
9	Enables `ipv4` in this example.
10	Disables `stp` in this example.
11	The node NIC to which the bridge attaches.

Example: VLAN interface node network configuration policy

Create a VLAN interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

The following YAML file is an example of a manifest for a VLAN interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1beta1
metadata:
  name: vlan-eth1-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: eth1.102 (4)
      description: VLAN using eth1 (5)
      type: vlan (6)
      state: up (7)
      vlan:
        base-iface: eth1 (8)
        id: 102 (9)

1	Name of the policy.
2	Optional: If you do not include the `nodeSelector` parameter, the policy applies to all nodes in the cluster.
3	This example uses a `hostname` node selector.
4	Name of the interface.
5	Optional: Human-readable description of the interface.
6	The type of interface. This example creates a VLAN.
7	The requested state for the interface after creation.
8	The node NIC to which the VLAN is attached.
9	The VLAN tag.

Example: Bond interface node network configuration policy

The following YAML file is an example of a manifest for a bond interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1beta1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: bond0-eth1-eth2-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: bond0 (4)
      description: Bond enslaving eth1 and eth2 (5)
      type: bond (6)
      state: up (7)
      ipv4:
        dhcp: true (8)
        enabled: true (9)
      link-aggregation:
        mode: active-backup (10)
        options:
          miimon: '140' (11)
        slaves: (12)
        - eth1
        - eth2
      mtu: 1450 (13)

1	Name of the policy.
2	Optional: If you do not include the `nodeSelector` parameter, the policy applies to all nodes in the cluster.
3	This example uses a `hostname` node selector.
4	Name of the interface.
5	Optional: Human-readable description of the interface.
6	The type of interface. This example creates a bond.
7	The requested state for the interface after creation.
8	Optional: If you do not use `dhcp`, you can either set a static IP or leave the interface without an IP address.
9	Enables `ipv4` in this example.
10	The driver mode for the bond. This example uses an active backup mode.
11	Optional: This example uses miimon to inspect the bond link every 140ms.
12	The subordinate node NICs in the bond.
13	Optional: The maximum transmission unit (MTU) for the bond. If not specified, this value is set to `1500` by default.

Configure an Ethernet interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

The following YAML file is an example of a manifest for an Ethernet interface. It includes sample values that you must replace with your own information.

apiVersion: nmstate.io/v1beta1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: eth1-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: eth1 (4)
      description: Configuring eth1 on node01 (5)
      state: up (7)
      ipv4:
        dhcp: true (8)

1	Name of the policy.
2	Optional: If you do not include the `nodeSelector` parameter, the policy applies to all nodes in the cluster.
3	This example uses a `hostname` node selector.
4	Name of the interface.
5	Optional: Human-readable description of the interface.
6	The type of interface. This example creates an Ethernet networking interface.
7	The requested state for the interface after creation.
8	Optional: If you do not use `dhcp`, you can either set a static IP or leave the interface without an IP address.
9	Enables `ipv4` in this example.

Example: Multiple interfaces in the same node network configuration policy

You can create multiple interfaces in the same node network configuration policy. These interfaces can reference each other, allowing you to build and deploy a network configuration by using a single policy manifest.

The following example snippet creates a bond that is named bond10 across two NICs and a Linux bridge that is named br1 that connects to the bond.

The following example configuration snippets demonstrate different methods of IP management.

These examples use the ethernet interface type to simplify the example while showing the related context in the policy configuration. These IP management examples can be used with the other interface types.

Static

The following snippet statically configures an IP address on the Ethernet interface:

...
    interfaces:
    - name: eth1
      description: static IP on eth1
      type: ethernet
      state: up
      ipv4:
        address:
        - ip: 192.168.122.250 (1)
          prefix-length: 24
        enabled: true
...

1	Replace this value with the static IP address for the interface.

The following snippet ensures that the interface has no IP address:

...
    interfaces:
    - name: eth1
      description: No IP on eth1
      type: ethernet
      state: up
      ipv4:
        enabled: false
...

Dynamic host configuration

The following snippet configures an Ethernet interface that uses a dynamic IP address, gateway address, and DNS:

...
    interfaces:
    - name: eth1
      description: DHCP on eth1
      type: ethernet
      state: up
      ipv4:
        dhcp: true
        enabled: true
...

The following snippet configures an Ethernet interface that uses a dynamic IP address but does not use a dynamic gateway address or DNS:

...
    interfaces:
    - name: eth1
      description: DHCP without gateway or DNS on eth1
      type: ethernet
      state: up
      ipv4:
        dhcp: true
        auto-gateway: false
        auto-dns: false
        enabled: true
...

DNS

The following snippet sets DNS configuration on the host.

...
    interfaces:
       ...
    dns-resolver:
      config:
        search:
        - example.com
        - example.org
        server:
        - 8.8.8.8

The following snippet configures a static route and a static IP on interface eth1.