×

Viewing the network state of a node by using the CLI

Node network state is the network configuration for all nodes in the cluster. A NodeNetworkState object exists on every node in the cluster. This object is periodically updated and captures the state of the network for that node.

Procedure
  1. List all the NodeNetworkState objects in the cluster:

    $ oc get nns
  2. Inspect a NodeNetworkState object to view the network on that node. The output in this example has been redacted for clarity:

    $ oc get nns node01 -o yaml
    Example output
    apiVersion: nmstate.io/v1
    kind: NodeNetworkState
    metadata:
      name: node01 (1)
    status:
      currentState: (2)
        dns-resolver:
    # ...
        interfaces:
    # ...
        route-rules:
    # ...
        routes:
    # ...
      lastSuccessfulUpdateTime: "2020-01-31T12:14:00Z" (3)
    1 The name of the NodeNetworkState object is taken from the node.
    2 The currentState contains the complete network configuration for the node, including DNS, interfaces, and routes.
    3 Timestamp of the last successful update. This is updated periodically as long as the node is reachable and can be used to evalute the freshness of the report.

Viewing the network state of a node from the web console

As an administrator, you can use the OKD web console to observe NodeNetworkState resources and network interfaces, and access network details.

Procedure
  1. Navigate to NetworkingNodeNetworkState.

    In the NodeNetworkState page, you can view the list of NodeNetworkState resources and the corresponding interfaces that are created on the nodes. You can use Filter based on Interface state, Interface type, and IP, or the search bar based on criteria Name or Label, to narrow down the displayed NodeNetworkState resources.

  2. To access the detailed information about NodeNetworkState resource, click the NodeNetworkState resource name listed in the Name column .

  3. to expand and view the Network Details section for the NodeNetworkState resource, click the > icon . Alternatively, you can click on each interface type under the Network interface column to view the network details.

Managing policy from the web console

You can update the node network configuration, such as adding or removing interfaces from nodes, by applying NodeNetworkConfigurationPolicy manifests to the cluster. Manage the policy from the web console by accessing the list of created policies in the NodeNetworkConfigurationPolicy page under the Networking menu. This page enables you to create, update, monitor, and delete the policies.

Monitoring the policy status

You can monitor the policy status from the NodeNetworkConfigurationPolicy page. This page displays all the policies created in the cluster in a tabular format, with the following columns:

Name

The name of the policy created.

Matched nodes

The count of nodes where the policies are applied. This could be either a subset of nodes based on the node selector or all the nodes on the cluster.

Node network state

The enactment state of the matched nodes. You can click on the enactment state and view detailed information on the status.

To find the desired policy, you can filter the list either based on enactment state by using the Filter option, or by using the search option.

Creating a policy

You can create a policy by using either a form or YAML in the web console.

Procedure
  1. Navigate to NetworkingNodeNetworkConfigurationPolicy.

  2. In the NodeNetworkConfigurationPolicy page, click Create, and select From Form option.

    In case there are no existing policies, you can alternatively click Create NodeNetworkConfigurationPolicy to createa policy using form.

    To create policy using YAML, click Create, and select With YAML option. The following steps are applicable to create a policy only by using form.

  3. Optional: Check the Apply this NodeNetworkConfigurationPolicy only to specific subsets of nodes using the node selector checkbox to specify the nodes where the policy must be applied.

  4. Enter the policy name in the Policy name field.

  5. Optional: Enter the description of the policy in the Description field.

  6. Optional: In the Policy Interface(s) section, a bridge interface is added by default with preset values in editable fields. Edit the values by executing the following steps:

    1. Enter the name of the interface in Interface name field.

    2. Select the network state from Network state dropdown. The default selected value is Up.

    3. Select the type of interface from Type dropdown. The available values are Bridge, Bonding, and Ethernet. The default selected value is Bridge.

      Addition of a VLAN interface by using the form is not supported. To add a VLAN interface, you must use YAML to create the policy. Once added, you cannot edit the policy by using form.

    4. Optional: In the IP configuration section, check IPv4 checkbox to assign an IPv4 address to the interface, and configure the IP address assignment details:

      1. Click IP address to configure the interface with a static IP address, or DHCP to auto-assign an IP address.

      2. If you have selected IP address option, enter the IPv4 address in IPV4 address field, and enter the prefix length in Prefix length field.

        If you have selected DHCP option, uncheck the options that you want to disable. The available options are Auto-DNS, Auto-routes, and Auto-gateway. All the options are selected by default.

    5. Optional: Enter the port number in Port field.

    6. Optional: Check the checkbox Enable STP to enable STP.

    7. Optional: To add an interface to the policy, click Add another interface to the policy.

    8. Optional: To remove an interface from the policy, click minus icon next to the interface.

    Alternatively, you can click Edit YAML on the top of the page to continue editing the form using YAML.

  7. Click Create to complete policy creation.

Updating the policy

Updating the policy by using form

Procedure
  1. Navigate to NetworkingNodeNetworkConfigurationPolicy.

  2. In the NodeNetworkConfigurationPolicy page, click the kebab icon placed next to the policy you want to edit, and click Edit.

  3. Edit the fields that you want to update.

  4. Click Save.

Addition of a VLAN interface using the form is not supported. To add a VLAN interface, you must use YAML to create the policy. Once added, you cannot edit the policy using form.

Updating the policy by using YAML

Procedure
  1. Navigate to NetworkingNodeNetworkConfigurationPolicy.

  2. In the NodeNetworkConfigurationPolicy page, click the policy name under the Name column for the policy you want to edit.

  3. Click the YAML tab, and edit the YAML.

  4. Click Save.

Deleting the policy

Procedure
  1. Navigate to NetworkingNodeNetworkConfigurationPolicy.

  2. In the NodeNetworkConfigurationPolicy page, click the kebab icon placed next to the policy you want to delete, and click Delete.

  3. In the pop-up window, enter the policy name to confirm deletion, and click Delete.

Managing policy by using the CLI

Creating an interface on nodes

Create an interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster. The manifest details the requested configuration for the interface.

By default, the manifest applies to all nodes in the cluster. To add the interface to specific nodes, add the spec: nodeSelector parameter and the appropriate <key>:<value> for your node selector.

You can configure multiple nmstate-enabled nodes concurrently. The configuration applies to 50% of the nodes in parallel. This strategy prevents the entire cluster from being unavailable if the network connection fails. To apply the policy configuration in parallel to a specific portion of the cluster, use the maxUnavailable field.

Procedure
  1. Create the NodeNetworkConfigurationPolicy manifest. The following example configures a Linux bridge on all worker nodes and configures the DNS resolver:

    apiVersion: nmstate.io/v1
    kind: NodeNetworkConfigurationPolicy
    metadata:
      name: br1-eth1-policy (1)
    spec:
      nodeSelector: (2)
        node-role.kubernetes.io/worker: "" (3)
      maxUnavailable: 3 (4)
      desiredState:
        interfaces:
          - name: br1
            description: Linux bridge with eth1 as a port (5)
            type: linux-bridge
            state: up
            ipv4:
              dhcp: true
              enabled: true
              auto-dns: false
            bridge:
              options:
                stp:
                  enabled: false
              port:
                - name: eth1
        dns-resolver: (6)
          config:
            search:
            - example.com
            - example.org
            server:
            - 8.8.8.8
    1 Name of the policy.
    2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
    3 This example uses the node-role.kubernetes.io/worker: "" node selector to select all worker nodes in the cluster.
    4 Optional: Specifies the maximum number of nmstate-enabled nodes that the policy configuration can be applied to concurrently. This parameter can be set to either a percentage value (string), for example, "10%", or an absolute value (number), such as 3.
    5 Optional: Human-readable description for the interface.
    6 Optional: Specifies the search and server settings for the DNS server.
  2. Create the node network policy:

    $ oc apply -f br1-eth1-policy.yaml (1)
    1 File name of the node network configuration policy manifest.

Additional resources

Confirming node network policy updates on nodes

A NodeNetworkConfigurationPolicy manifest describes your requested network configuration for nodes in the cluster. The node network policy includes your requested network configuration and the status of execution of the policy on the cluster as a whole.

When you apply a node network policy, a NodeNetworkConfigurationEnactment object is created for every node in the cluster. The node network configuration enactment is a read-only object that represents the status of execution of the policy on that node. If the policy fails to be applied on the node, the enactment for that node includes a traceback for troubleshooting.

Procedure
  1. To confirm that a policy has been applied to the cluster, list the policies and their status:

    $ oc get nncp
  2. Optional: If a policy is taking longer than expected to successfully configure, you can inspect the requested state and status conditions of a particular policy:

    $ oc get nncp <policy> -o yaml
  3. Optional: If a policy is taking longer than expected to successfully configure on all nodes, you can list the status of the enactments on the cluster:

    $ oc get nnce
  4. Optional: To view the configuration of a particular enactment, including any error reporting for a failed configuration:

    $ oc get nnce <node>.<policy> -o yaml

Removing an interface from nodes

You can remove an interface from one or more nodes in the cluster by editing the NodeNetworkConfigurationPolicy object and setting the state of the interface to absent.

Removing an interface from a node does not automatically restore the node network configuration to a previous state. If you want to restore the previous state, you will need to define that node network configuration in the policy.

If you remove a bridge or bonding interface, any node NICs in the cluster that were previously attached or subordinate to that bridge or bonding interface are placed in a down state and become unreachable. To avoid losing connectivity, configure the node NIC in the same policy so that it has a status of up and either DHCP or a static IP address.

Deleting the node network policy that added an interface does not change the configuration of the policy on the node. Although a NodeNetworkConfigurationPolicy is an object in the cluster, it only represents the requested configuration.
Similarly, removing an interface does not delete the policy.

Procedure
  1. Update the NodeNetworkConfigurationPolicy manifest used to create the interface. The following example removes a Linux bridge and configures the eth1 NIC with DHCP to avoid losing connectivity:

    apiVersion: nmstate.io/v1
    kind: NodeNetworkConfigurationPolicy
    metadata:
      name: <br1-eth1-policy> (1)
    spec:
      nodeSelector: (2)
        node-role.kubernetes.io/worker: "" (3)
      desiredState:
        interfaces:
        - name: br1
          type: linux-bridge
          state: absent (4)
        - name: eth1 (5)
          type: ethernet (6)
          state: up (7)
          ipv4:
            dhcp: true (8)
            enabled: true (9)
    1 Name of the policy.
    2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
    3 This example uses the node-role.kubernetes.io/worker: "" node selector to select all worker nodes in the cluster.
    4 Changing the state to absent removes the interface.
    5 The name of the interface that is to be unattached from the bridge interface.
    6 The type of interface. This example creates an Ethernet networking interface.
    7 The requested state for the interface.
    8 Optional: If you do not use dhcp, you can either set a static IP or leave the interface without an IP address.
    9 Enables ipv4 in this example.
  2. Update the policy on the node and remove the interface:

    $ oc apply -f <br1-eth1-policy.yaml> (1)
    1 File name of the policy manifest.

Example policy configurations for different interfaces

The following examples show different NodeNetworkConfigurationPolicy manifest configurations.

For best performance, consider the following factors when applying a policy:

  • When you need to apply a policy to more than one node, create a NodeNetworkConfigurationPolicy manifest for each target node. Scoping a policy to a single node reduces the overall length of time for the Kubernetes NMState Operator to apply the policies.

    In contrast, if a single policy includes configurations for several nodes, the Kubernetes NMState Operator applies the policy to each node in sequence, which increases the overall length of time for policy application.

  • All related network configurations should be specified in a single policy.

    When a node restarts, the Kubernetes NMState Operator cannot control the order in which policies are applied. Therefore, the Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object.

Example: Linux bridge interface node network configuration policy

Create a Linux bridge interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

The following YAML file is an example of a manifest for a Linux bridge interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: br1-eth1-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
      - name: br1 (4)
        description: Linux bridge with eth1 as a port (5)
        type: linux-bridge (6)
        state: up (7)
        ipv4:
          dhcp: true (8)
          enabled: true (9)
        bridge:
          options:
            stp:
              enabled: false (10)
          port:
            - name: eth1 (11)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example uses a hostname node selector.
4 Name of the interface.
5 Optional: Human-readable description of the interface.
6 The type of interface. This example creates a bridge.
7 The requested state for the interface after creation.
8 Optional: If you do not use dhcp, you can either set a static IP or leave the interface without an IP address.
9 Enables ipv4 in this example.
10 Disables stp in this example.
11 The node NIC to which the bridge attaches.

Example: VLAN interface node network configuration policy

Create a VLAN interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

Define all related configurations for the VLAN interface of a node in a single NodeNetworkConfigurationPolicy manifest. For example, define the VLAN interface for a node and the related routes for the VLAN interface in the same NodeNetworkConfigurationPolicy manifest.

When a node restarts, the Kubernetes NMState Operator cannot control the order in which policies are applied. Therefore, if you use separate policies for related network configurations, the Kubernetes NMState Operator might apply these policies in a sequence that results in a degraded network object.

The following YAML file is an example of a manifest for a VLAN interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: vlan-eth1-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: eth1.102 (4)
      description: VLAN using eth1 (5)
      type: vlan (6)
      state: up (7)
      vlan:
        base-iface: eth1 (8)
        id: 102 (9)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example uses a hostname node selector.
4 Name of the interface. When deploying on bare metal, only the <interface_name>.<vlan_number> VLAN format is supported.
5 Optional: Human-readable description of the interface.
6 The type of interface. This example creates a VLAN.
7 The requested state for the interface after creation.
8 The node NIC to which the VLAN is attached.
9 The VLAN tag.

Example: Node network configuration policy for virtual functions (Technology Preview)

Update host network settings for Single Root I/O Virtualization (SR-IOV) network virtual functions (VF) in an existing cluster by applying a NodeNetworkConfigurationPolicy manifest.

Updating host network settings for SR-IOV network VFs is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

You can apply a NodeNetworkConfigurationPolicy manifest to an existing cluster to complete the following tasks:

  • Configure QoS or MTU host network settings for VFs to optimize performance.

  • Add, remove, or update VFs for a network interface.

  • Manage VF bonding configurations.

To update host network settings for SR-IOV VFs by using NMState on physical functions that are also managed through the SR-IOV Network Operator, you must set the externallyManaged parameter in the relevant SriovNetworkNodePolicy resource to true. For more information, see the Additional resources section.

The following YAML file is an example of a manifest that defines QoS policies for a VF. This file includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: qos (1)
spec:
  nodeSelector: (2)
    node-role.kubernetes.io/worker: "" (3)
  desiredState:
    interfaces:
      - name: ens1f0 (4)
        description: Change QOS on VF0 (5)
        type: ethernet (6)
        state: up (7)
        ethernet:
         sr-iov:
           total-vfs: 3 (8)
           vfs:
           - id: 0 (9)
             max-tx-rate: 200 (10)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example applies to all nodes with the worker role.
4 Name of the physical function (PF) network interface.
5 Optional: Human-readable description of the interface.
6 The type of interface.
7 The requested state for the interface after configuration.
8 The total number of VFs.
9 Identifies the VF with an ID of 0.
10 Sets a maximum transmission rate, in Mbps, for the VF. This sample value sets a rate of 200 Mbps.

The following YAML file is an example of a manifest that creates a VLAN interface on top of a VF and adds it to a bonded network interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: addvf (1)
spec:
  nodeSelector: (2)
    node-role.kubernetes.io/worker: "" (3)
  maxUnavailable: 3
  desiredState:
    interfaces:
      - name: ens1f0v1 (4)
        type: ethernet
        state: up
      - name: ens1f0v1.477 (5)
        type: vlan
        state: up
        vlan:
          base-iface: ens1f0v1 (6)
          id: 477
      - name: bond0 (7)
        description: Add vf (8)
        type: bond (9)
        state: up (10)
        link-aggregation:
          mode: active-backup (11)
          options:
            primary: ens1f1v0.477 (12)
          port: (13)
            - ens1f1v0.477
            - ens1f0v0.477
            - ens1f0v1.477 (14)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example applies to all nodes with the worker role.
4 Name of the VF network interface.
5 Name of the VLAN network interface.
6 The VF network interface to which the VLAN interface is attached.
7 Name of the bonding network interface.
8 Optional: Human-readable description of the interface.
9 The type of interface.
10 The requested state for the interface after configuration.
11 The bonding policy for the bond.
12 The primary attached bonding port.
13 The ports for the bonded network interface.
14 In this example, this VLAN network interface is added as an additional interface to the bonded network interface.

Example: Bond interface node network configuration policy

Create a bond interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

OpenShift Container Platform only supports the following bond modes:

  • mode=1 active-backup

  • mode=2 balance-xor

  • mode=4 802.3ad

  • mode=5 balance-tlb

  • mode=6 balance-alb

The following YAML file is an example of a manifest for a bond interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: bond0-eth1-eth2-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: bond0 (4)
      description: Bond with ports eth1 and eth2 (5)
      type: bond (6)
      state: up (7)
      ipv4:
        dhcp: true (8)
        enabled: true (9)
      link-aggregation:
        mode: active-backup (10)
        options:
          miimon: '140' (11)
        port: (12)
        - eth1
        - eth2
      mtu: 1450 (13)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example uses a hostname node selector.
4 Name of the interface.
5 Optional: Human-readable description of the interface.
6 The type of interface. This example creates a bond.
7 The requested state for the interface after creation.
8 Optional: If you do not use dhcp, you can either set a static IP or leave the interface without an IP address.
9 Enables ipv4 in this example.
10 The driver mode for the bond. This example uses an active backup mode.
11 Optional: This example uses miimon to inspect the bond link every 140ms.
12 The subordinate node NICs in the bond.
13 Optional: The maximum transmission unit (MTU) for the bond. If not specified, this value is set to 1500 by default.

Example: Ethernet interface node network configuration policy

Configure an Ethernet interface on nodes in the cluster by applying a NodeNetworkConfigurationPolicy manifest to the cluster.

The following YAML file is an example of a manifest for an Ethernet interface. It includes sample values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: eth1-policy (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: eth1 (4)
      description: Configuring eth1 on node01 (5)
      type: ethernet (6)
      state: up (7)
      ipv4:
        dhcp: true (8)
        enabled: true (9)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example uses a hostname node selector.
4 Name of the interface.
5 Optional: Human-readable description of the interface.
6 The type of interface. This example creates an Ethernet networking interface.
7 The requested state for the interface after creation.
8 Optional: If you do not use dhcp, you can either set a static IP or leave the interface without an IP address.
9 Enables ipv4 in this example.

Example: Multiple interfaces in the same node network configuration policy

You can create multiple interfaces in the same node network configuration policy. These interfaces can reference each other, allowing you to build and deploy a network configuration by using a single policy manifest.

The following example YAML file creates a bond that is named bond10 across two NICs and VLAN that is named bond10.103 that connects to the bond.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: bond-vlan (1)
spec:
  nodeSelector: (2)
    kubernetes.io/hostname: <node01> (3)
  desiredState:
    interfaces:
    - name: bond10 (4)
      description: Bonding eth2 and eth3 (5)
      type: bond (6)
      state: up (7)
      link-aggregation:
        mode: balance-rr (8)
        options:
          miimon: '140' (9)
        port: (10)
        - eth2
        - eth3
    - name: bond10.103 (4)
      description: vlan using bond10 (5)
      type: vlan (6)
      state: up (7)
      vlan:
         base-iface: bond10 (11)
         id: 103 (12)
      ipv4:
        dhcp: true (13)
        enabled: true (14)
1 Name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster.
3 This example uses hostname node selector.
4 Name of the interface.
5 Optional: Human-readable description of the interface.
6 The type of interface.
7 The requested state for the interface after creation.
8 The driver mode for the bond.
9 Optional: This example uses miimon to inspect the bond link every 140ms.
10 The subordinate node NICs in the bond.
11 The node NIC to which the VLAN is attached.
12 The VLAN tag.
13 Optional: If you do not use dhcp, you can either set a static IP or leave the interface without an IP address.
14 Enables ipv4 in this example.

Example: Network interface with a VRF instance node network configuration policy

Associate a Virtual Routing and Forwarding (VRF) instance with a network interface by applying a NodeNetworkConfigurationPolicy custom resource (CR).

Associating a VRF instance with a network interface is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

By associating a VRF instance with a network interface, you can support traffic isolation, independent routing decisions, and the logical separation of network resources.

In a bare-metal environment, you can announce load balancer services through interfaces belonging to a VRF instance by using MetalLB. For more information, see the Additional resources section.

The following YAML file is an example of associating a VRF instance to a network interface. It includes samples values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: vrfpolicy (1)
spec:
  nodeSelector:
    vrf: "true" (2)
  maxUnavailable: 3
  desiredState:
    interfaces:
      - name: ens4vrf (3)
        type: vrf (4)
        state: up
        vrf:
          port:
            - ens4 (5)
          route-table-id: 2 (6)
1 The name of the policy.
2 This example applies the policy to all nodes with the label vrf:true.
3 The name of the interface.
4 The type of interface. This example creates a VRF instance.
5 The node interface to which the VRF attaches.
6 The name of the route table ID for the VRF.

Capturing the static IP of a NIC attached to a bridge

Example: Linux bridge interface node network configuration policy to inherit static IP address from the NIC attached to the bridge

Create a Linux bridge interface on nodes in the cluster and transfer the static IP configuration of the NIC to the bridge by applying a single NodeNetworkConfigurationPolicy manifest to the cluster.

The following YAML file is an example of a manifest for a Linux bridge interface. It includes sample values that you must replace with your own information.

apiVersion: nmstate.io/v1
kind: NodeNetworkConfigurationPolicy
metadata:
  name: br1-eth1-copy-ipv4-policy (1)
spec:
  nodeSelector: (2)
    node-role.kubernetes.io/worker: ""
  capture:
    eth1-nic: interfaces.name=="eth1" (3)
    eth1-routes: routes.running.next-hop-interface=="eth1"
    br1-routes: capture.eth1-routes | routes.running.next-hop-interface := "br1"
  desiredState:
    interfaces:
      - name: br1
        description: Linux bridge with eth1 as a port
        type: linux-bridge (4)
        state: up
        ipv4: "{{ capture.eth1-nic.interfaces.0.ipv4 }}" (5)
        bridge:
          options:
            stp:
              enabled: false
          port:
            - name: eth1 (6)
     routes:
        config: "{{ capture.br1-routes.routes.running }}"
1 The name of the policy.
2 Optional: If you do not include the nodeSelector parameter, the policy applies to all nodes in the cluster. This example uses the node-role.kubernetes.io/worker: "" node selector to select all worker nodes in the cluster.
3 The reference to the node NIC to which the bridge attaches.
4 The type of interface. This example creates a bridge.
5 The IP address of the bridge interface. This value matches the IP address of the NIC which is referenced by the spec.capture.eth1-nic entry.
6 The node NIC to which the bridge attaches.

Examples: IP management

The following example configuration snippets demonstrate different methods of IP management.

These examples use the ethernet interface type to simplify the example while showing the related context in the policy configuration. These IP management examples can be used with the other interface types.

Static

The following snippet statically configures an IP address on the Ethernet interface:

# ...
    interfaces:
    - name: eth1
      description: static IP on eth1
      type: ethernet
      state: up
      ipv4:
        dhcp: false
        address:
        - ip: 192.168.122.250 (1)
          prefix-length: 24
        enabled: true
# ...
1 Replace this value with the static IP address for the interface.

No IP address

The following snippet ensures that the interface has no IP address:

# ...
    interfaces:
    - name: eth1
      description: No IP on eth1
      type: ethernet
      state: up
      ipv4:
        enabled: false
# ...

Dynamic host configuration

The following snippet configures an Ethernet interface that uses a dynamic IP address, gateway address, and DNS:

# ...
    interfaces:
    - name: eth1
      description: DHCP on eth1
      type: ethernet
      state: up
      ipv4:
        dhcp: true
        enabled: true
# ...

The following snippet configures an Ethernet interface that uses a dynamic IP address but does not use a dynamic gateway address or DNS:

# ...
    interfaces:
    - name: eth1
      description: DHCP without gateway or DNS on eth1
      type: ethernet
      state: up
      ipv4:
        dhcp: true
        auto-gateway: false
        auto-dns: false
        enabled: true
# ...

DNS

By default, the nmstate API stores DNS values globally as against storing them in a network interface. For certain situations, you must configure a network interface to store DNS values. To define a DNS configuration for a network interface, you must initially specify the dns-resolver section in the network interface’s YAML configuration file.

Setting a DNS configuration is comparable to modifying the /etc/resolv.conf file.

You cannot use br-ex bridge, an OVNKubernetes-managed Open vSwitch bridge, as the interface when configuring DNS resolvers.

The following example shows a default situation that stores DNS values globally:

  • Configure a static DNS without a network interface. Note that when updating the /etc/resolv.conf file on a host node, you do not need to specify an interface (IPv4 or IPv6) in the NodeNetworkConfigurationPolicy (NNCP) manifest.

    apiVersion: nmstate.io/v1
    kind: NodeNetworkConfigurationPolicy
    metadata:
     name: worker-0-dns-testing
    spec:
      nodeSelector:
        kubernetes.io/hostname: <target_node>
      desiredState:
        dns-resolver:
          config:
            search:
            - example.com
            - example.org
            server:
            - 2001:db8:f::1
            - 192.0.2.251
    # ...

The following examples show situations that require configuring a network interface to store DNS values:

  • Configure a static DNS for a network interface with an automatic IP configuration. Note that for this configuration, you must set the auto-dns parameter to false, so that the Kubernetes NMState Operator can store custom DNS settings for the network interface.

    dns-resolver:
      config:
        search:
        - example.com
        - example.org
        server:
        - 2001:db8:f::1
        - 192.0.2.251
    interfaces:
      - name: eth1
        type: ethernet
        state: up
        ipv4:
          enabled: true
          dhcp: true
          auto-dns: false
        ipv6:
          enabled: true
          dhcp: true
          autoconf: true
          auto-dns: false
    # ...
  • Configure a static DNS for a network interface with a static IP configuration. Note that for this configuration, you must set the dhcp parameter to false and the autoconf parameter to false.

    dns-resolver:
      config:
    # ...
        server:
        - 2001:4860:4860::8844
        - 192.0.2.251
    interfaces:
      - name: eth1
        type: ethernet
        state: up
        ipv4:
          enabled: true
          dhcp: false
          address:
          - ip: 192.0.2.251
            prefix-length: 24
        ipv6:
          enabled: true
          dhcp: false
          autoconf: false
          address:
          - ip: 2001:db8:1::1
            prefix-length: 64
    routes:
      config:
      - destination: 0.0.0.0/0
        next-hop-address: 192.0.2.1
        next-hop-interface: eth1
      - destination: ::/0
        next-hop-address: 2001:db8:1::3
        next-hop-interface: eth1
    # ...
  • Configure a static DNS name server to append to Dynamic Host Configuration Protocol (DHCP) and IPv6 Stateless Address AutoConfiguration (SLAAC) servers.

    dns-resolver:
      config:
    # ...
        server:
        - 192.0.2.251
    interfaces:
      - name: eth1
        type: ethernet
        state: up
        ipv4:
          enabled: true
          dhcp: true
          auto-dns: true
        ipv6:
          enabled: true
          dhcp: true
          autoconf: true
          auto-dns: true
    # ...

Static routing

The following snippet configures a static route and a static IP on interface eth1.

dns-resolver:
  config:
# ...
interfaces:
  - name: eth1
    description: Static routing on eth1
    type: ethernet
    state: up
    ipv4:
      dhcp: false
      enabled: true
      address:
      - ip: 192.0.2.251 (1)
        prefix-length: 24
routes:
  config:
  - destination: 198.51.100.0/24
    metric: 150
    next-hop-address: 192.0.2.1 (2)
    next-hop-interface: eth1
    table-id: 254
# ...
1 The static IP address for the Ethernet interface.
2 Next hop address for the node traffic. This must be in the same subnet as the IP address set for the Ethernet interface.