$ oc get featuregate -oyaml | grep -i routeadvertisement- Documentation
- OKD
- Networking
- Advanced networking
- Route advertisements
- Example route advertisements setup
- Overview
- What's new?
- Architecture
- Disconnected environments
- About disconnected environments
- Converting a connected cluster to a disconnected cluster
- Mirroring in disconnected environments
- About disconnected installation mirroring
- Creating a mirror registry with mirror registry for Red Hat OpenShift
- Mirroring images for a disconnected installation using oc-mirror plugin v2
- Migrating from oc-mirror plugin v1 to v2
- Mirroring images for a disconnected installation using the oc-mirror plugin v1
- Mirroring images for a disconnected installation by using the oc adm command
- Installing a cluster in a disconnected environment
- Using OLM in disconnected environments
- Updating a cluster in a disconnected environment
- Installing
- Installation overview
- Installing on Alibaba Cloud
- Installing on AWS
- Installation methods
- Configuring an AWS account
- Installer-provisioned infrastructure
- Preparing to install a cluster
- Installing a cluster
- Installing a cluster with customizations
- Installing a cluster with network customizations
- Installing a cluster in a disconnected environment
- Installing a cluster into an existing VPC
- Installing a private cluster
- Installing a cluster in a specialized region
- Installing a cluster with compute nodes on Local Zones
- Installing a cluster with compute nodes on Wavelength Zones
- Extending an AWS VPC cluster into an AWS Outpost
- Installing an AWS cluster with the support for configuring multi-architecture compute machines
- User-provisioned infrastructure
- Installing a three-node cluster
- Uninstalling a cluster
- Installation configuration parameters
- Installing on Azure
- Installation methods
- Configuring an Azure account
- Installer-provisioned infrastructure
- Preparing to install a cluster
- Installing a cluster
- Installing a cluster with customizations
- Installing a cluster with network customizations
- Installing a cluster in a disconnected environment
- Installing a cluster into an existing VNet
- Installing a private cluster
- Installing a cluster into a government region
- User-provisioned infrastructure
- Installing a three-node cluster
- Uninstalling a cluster
- Installation configuration parameters for Azure
- Installing on Azure Stack Hub
- Installing on GCP
- Preparing to install on GCP
- Configuring a GCP project
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP in a disconnected environment
- Installing a cluster on GCP into an existing VPC
- Installing a cluster on GCP into a shared VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Installing a cluster into a shared VPC on GCP using Deployment Manager templates
- Installing a cluster on GCP in a disconnected environment with user-provisioned infrastructure
- Installing a three-node cluster on GCP
- Installation configuration parameters for GCP
- Uninstalling a cluster on GCP
- Installing a GCP cluster with the support for configuring multi-architecture compute machines
- Installing on IBM Cloud
- Preparing to install on IBM Cloud
- Configuring an IBM Cloud account
- Configuring IAM for IBM Cloud
- User-managed encryption
- Installing a cluster on IBM Cloud with customizations
- Installing a cluster on IBM Cloud with network customizations
- Installing a cluster on IBM Cloud into an existing VPC
- Installing a private cluster on IBM Cloud
- Installing a cluster on IBM Cloud in a disconnected environment
- Installation configuration parameters for IBM Cloud
- Uninstalling a cluster on IBM Cloud
- Installing on Nutanix
- Installing on a single node
- Installing on bare metal
- Preparing to install on bare metal
- User-provisioned infrastructure
- Installing a user-provisioned cluster on bare metal
- Installing a user-provisioned bare metal cluster with network customizations
- Installing a user-provisioned bare metal cluster on a disconnected environment
- Scaling a user-provisioned installation with the bare metal operator
- Installation configuration parameters for bare metal
- Installer-provisioned infrastructure
- Postinstallation configuration
- Expanding the cluster
- Using bare metal as a service
- Installing IBM Cloud Bare Metal (Classic)
- Installing on OpenStack
- Preparing to install on OpenStack
- Preparing to install a cluster that uses SR-IOV or OVS-DPDK on OpenStack
- Installing a cluster on OpenStack with customizations
- Installing a cluster on OpenStack on your own infrastructure
- Installing a cluster on OpenStack in a disconnected environment
- Installing a three-node cluster on OpenStack
- Configuring network settings after installing OpenStack
- OpenStack Cloud Controller Manager reference guide
- Deploying on OpenStack with rootVolume and etcd on local disk
- Uninstalling a cluster on OpenStack
- Uninstalling a cluster on OpenStack from your own infrastructure
- Installation configuration parameters for OpenStack
- Installing on OCI
- Installing a cluster on Oracle Cloud Infrastructure by using the Assisted Installer
- Installing a cluster on Oracle Cloud Infrastructure by using the Agent-based Installer
- Installing a cluster on Oracle Compute Cloud@Customer by using the Agent-based Installer
- Installing a cluster on Oracle Private Cloud Appliance by using the Agent-based Installer
- Installing a cluster on Oracle Compute Cloud@Customer by using the Assisted Installer
- Installing on VMware vSphere
- Installation methods
- Installer-provisioned infrastructure
- User-provisioned infrastructure
- Installing a three-node cluster
- Uninstalling a cluster
- Using the vSphere Problem Detector Operator
- Installation configuration parameters
- Regions and zones for a VMware vCenter
- Enabling encryption on a vSphere cluster
- Configuring the vSphere connection settings after an installation
- Installing on any platform
- Installation configuration
- Validation and troubleshooting
- Postinstallation configuration
- Configuring a private cluster
- Cluster tasks
- Node tasks
- Postinstallation network configuration
- Configuring image streams and image registries
- Storage configuration
- Preparing for users
- Changing the cloud provider credentials configuration
- Configuring alert notifications
- Converting a connected cluster to a disconnected cluster
- Updating clusters
- Updating clusters overview
- Understanding OpenShift updates
- Preparing to update a cluster
- Performing a cluster update
- Updating a cluster using the CLI
- Updating a cluster using the web console
- Performing a canary rollout update
- Updating a cluster in a disconnected environment
- Updating hardware on nodes running on vSphere
- Migrating to a cluster with multi-architecture compute machines
- Updating the boot loader on Fedora CoreOS nodes using bootupd
- Troubleshooting a cluster update
- Support
- Support overview
- Managing your cluster resources
- Remote health monitoring with connected clusters
- About remote health monitoring
- Showing data collected by remote health monitoring
- Opting out of remote health reporting
- Enabling remote health reporting
- Using Insights to identify issues with your cluster
- Using the Insights Operator
- Using remote health reporting in a disconnected environment
- Importing simple content access entitlements with Insights Operator
- Gathering data about your cluster
- Summarizing cluster specifications
- Troubleshooting
- Troubleshooting installations
- Verifying node health
- Troubleshooting CRI-O container runtime issues
- Troubleshooting operating system issues
- Troubleshooting network issues
- Troubleshooting Operator issues
- Investigating pod issues
- Troubleshooting the Source-to-Image process
- Troubleshooting storage issues
- Troubleshooting Windows container workload issues
- Investigating monitoring issues
- Diagnosing OpenShift CLI (oc) issues
- Web console
- Web console overview
- Accessing the web console
- Using the OpenShift Container Platform dashboard to get cluster information
- Adding user preferences
- Configuring the web console
- Customizing the web console
- Dynamic plugins
- Disabling the web console
- Creating quick start tutorials
- Optional capabilities and products
- CLI tools
- Security and compliance
- Security and compliance overview
- Container security
- Understanding container security
- Understanding host and VM security
- Container image signatures
- Hardening Fedora CoreOS
- Understanding compliance
- Securing container content
- Using container registries securely
- Securing the build process
- Deploying containers
- Securing the container platform
- Securing networks
- Securing attached storage
- Monitoring cluster events and logs
- Configuring certificates
- Certificate types and descriptions
- User-provided certificates for the API server
- Proxy certificates
- Service CA certificates
- Node certificates
- Bootstrap certificates
- etcd certificates
- OLM certificates
- Aggregated API client certificates
- Machine Config Operator certificates
- User-provided certificates for default ingress
- Ingress certificates
- Monitoring and cluster logging Operator component certificates
- Control plane certificates
- Compliance Operator
- File Integrity Operator
- File Integrity Operator Overview
- File Integrity Operator release notes
- File Integrity Operator support
- Installing the File Integrity Operator
- Updating the File Integrity Operator
- Understanding the File Integrity Operator
- Configuring the File Integrity Operator
- Performing advanced File Integrity Operator tasks
- Troubleshooting the File Integrity Operator
- Uninstalling the File Integrity Operator
- Security Profiles Operator
- Security Profiles Operator overview
- Security Profiles Operator release notes
- Security Profiles Operator support
- Understanding the Security Profiles Operator
- Enabling the Security Profiles Operator
- Managing seccomp profiles
- Managing SELinux profiles
- Advanced Security Profiles Operator tasks
- Troubleshooting the Security Profiles Operator
- Uninstalling the Security Profiles Operator
- Viewing audit logs
- Configuring the audit log policy
- Configuring TLS security profiles
- Configuring seccomp profiles
- Allowing JavaScript-based access to the API server from additional hosts
- Scanning pods for vulnerabilities
- Network-Bound Disk Encryption (NBDE)
- Authentication and authorization
- Authentication and authorization overview
- Understanding authentication
- Configuring the internal OAuth server
- Configuring OAuth clients
- Managing user-owned OAuth access tokens
- Understanding identity provider configuration
- Configuring identity providers
- Configuring an htpasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Enabling direct authentication with an OIDC identity provider
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Understanding and managing pod security admission
- Impersonating the system:admin user
- Syncing LDAP groups
- Managing cloud provider credentials
- Networking
- Networking overview
- Networking Operators
- Kubernetes NMState Operator
- AWS Load Balancer Operator
- eBPF manager Operator
- External DNS Operator
- External DNS Operator release notes
- Understanding the External DNS Operator
- Installing the External DNS Operator
- External DNS Operator configuration parameters
- Creating DNS records on AWS
- Creating DNS records on Azure
- Creating DNS records on GCP
- Creating DNS records on Infoblox
- Configuring the cluster-wide proxy on the External DNS Operator
- MetalLB Operator
- Cluster Network Operator in OpenShift Container Platform
- DNS Operator in OpenShift Container Platform
- Ingress Operator in OpenShift Container Platform
- Ingress Node Firewall Operator in OpenShift Container Platform
- SR-IOV Operator
- DPU Operator
- Network security
- Multiple networks
- Understanding multiple networks
- Primary networks
- Secondary networks
- Creating secondary networks on OVN-Kubernetes
- Creating secondary networks with other CNI plugins
- Attaching a pod to an additional network
- Configuring multi-network policies
- Removing a pod from an additional network
- Editing an additional network
- Configuring IP address assignment for secondary networks
- Configuring the master interface in the container network namespace
- Removing an additional network
- About virtual routing and forwarding
- Assigning a secondary network to a VRF
- Hardware networks
- About Single Root I/O Virtualization (SR-IOV) hardware networks
- Configuring an SR-IOV network device
- Configuring an SR-IOV Ethernet network attachment
- Configuring an SR-IOV InfiniBand network attachment
- Configuring an RDMA subsystem for SR-IOV
- Configuring interface-level network sysctl settings and all-multicast mode for SR-IOV networks
- Configuring QinQ support for SR-IOV networks
- Using high performance multicast
- Using DPDK and RDMA
- Using pod-level bonding for secondary networks
- Configuring hardware offloading
- Switching Bluefield-2 from NIC to DPU mode
- OVN-Kubernetes network plugin
- About the OVN-Kubernetes network plugin
- OVN-Kubernetes architecture
- OVN-Kubernetes troubleshooting
- OVN-Kubernetes traffic tracing
- Converting to IPv4/IPv6 dual stack networking
- Configuring internal subnets
- Configuring gateway mode
- Configure an external gateway on the default network
- Configuring an egress IP address
- Assigning an egress IP address
- Configuring an egress service
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Enabling multicast for a project
- Disabling multicast for a project
- Tracking network flows
- Configuring hybrid networking
- Ingress and load balancing
- Configuring Routes
- Configuring ingress cluster traffic
- Overview
- Configuring ExternalIPs for services
- Configuring ingress cluster traffic using an Ingress Controller
- Configuring the Ingress Controller endpoint publishing strategy
- Configuring ingress cluster traffic using a load balancer
- Configuring ingress cluster traffic on AWS
- Configuring ingress cluster traffic using a service external IP
- Configuring ingress cluster traffic using a NodePort
- Configuring ingress cluster traffic using load balancer allowed source ranges
- Patching existing ingress objects
- Allocating load balancers to specific subnets
- Configuring the Ingress Controller for manual DNS management
- Gateway API with OpenShift Container Platform networking
- Load balancing on OpenStack
- Load balancing with MetalLB
- Configuring MetalLB address pools
- Advertising the IP address pools
- Configuring MetalLB BGP peers
- Advertising an IP address pool using the community alias
- Configuring MetalLB BFD profiles
- Configuring services to use MetalLB
- Managing symmetric routing with MetalLB
- Configuring the integration of MetalLB and FRR-K8s
- MetalLB logging, troubleshooting, and support
- Configuring network settings
- Advanced networking
- Kubernetes NMState
- Storage
- Storage overview
- Understanding ephemeral storage
- Understanding persistent storage
- Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent Storage using iSCSI
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Data Foundation
- Persistent storage using VMware vSphere
- Persistent storage using local storage
- Using Container Storage Interface (CSI)
- Configuring CSI volumes
- CSI inline ephemeral volumes
- CSI volume snapshots
- CSI volume group snapshots
- CSI volume cloning
- Managing the default storage class
- CSI automatic migration
- AWS Elastic Block Store CSI Driver Operator
- AWS Elastic File Service CSI Driver Operator
- Azure Disk CSI Driver Operator
- Azure File CSI Driver Operator
- Azure Stack Hub CSI Driver Operator
- GCP PD CSI Driver Operator
- GCP Filestore CSI Driver Operator
- IBM Cloud Block Storage (VPC) CSI Driver Operator
- IBM Power Virtual Server Block Storage CSI Driver Operator
- OpenStack Cinder CSI Driver Operator
- OpenStack Manila CSI Driver Operator
- Secrets Store CSI Driver Operator
- CIFS/SMB CSI Driver Operator
- VMware vSphere CSI Driver Operator
- Generic ephemeral volumes
- Expanding persistent volumes
- Dynamic provisioning
- Detach volumes after non-graceful node shutdown
- Registry
- Registry overview
- Image Registry Operator in OKD
- Setting up and configuring the registry
- Configuring the registry for AWS user-provisioned infrastructure
- Configuring the registry for GCP user-provisioned infrastructure
- Configuring the registry for OpenStack user-provisioned infrastructure
- Configuring the registry for Azure user-provisioned infrastructure
- Configuring the registry for OpenStack
- Configuring the registry for bare metal
- Configuring the registry for vSphere
- Configuring the registry for OpenShift Data Foundation
- Configuring the registry for Nutanix
- Accessing the registry
- Exposing the registry
- Operators
- Operators overview
- Understanding Operators
- User tasks
- Administrator tasks
- Adding Operators to a cluster
- Updating installed Operators
- Deleting Operators from a cluster
- Configuring OLM features
- Configuring proxy support
- Viewing Operator status
- Managing Operator conditions
- Allowing non-cluster administrators to install Operators
- Managing custom catalogs
- Using OLM in disconnected environments
- Catalog source pod scheduling
- Troubleshooting Operator issues
- Developing Operators
- Cluster Operators reference
- OLM v1
- Extensions
- CI/CD
- CI/CD overview
- Builds using BuildConfig
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing and configuring basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
- Images
- Overview of images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using images
- Building applications
- Building applications overview
- Projects
- Creating applications
- Viewing application composition by using the Topology view
- Exporting applications
- Working with Helm charts
- Deployments
- Quotas
- Using config maps with applications
- Monitoring project and application metrics using the Developer perspective
- Monitoring application health
- Editing applications
- Pruning objects to reclaim resources
- Idling applications
- Deleting applications
- Using the Red Hat Marketplace
- Machine configuration
- Machine configuration overview
- Using machine config objects to configure nodes
- Using node disruption policies to minimize disruption from machine config changes
- Configuring MCO-related custom resources
- Pinning images to nodes
- Boot image management
- Managing unused rendered machine configs
- Image mode for OpenShift
- Machine Config Daemon metrics
- Machine management
- Overview of machine management
- Managing compute machines with the Machine API
- Creating a compute machine set on AWS
- Creating a compute machine set on Azure
- Creating a compute machine set on Azure Stack Hub
- Creating a compute machine set on GCP
- Creating a compute machine set on IBM Cloud
- Creating a compute machine set on IBM Power Virtual Server
- Creating a compute machine set on Nutanix
- Creating a compute machine set on OpenStack
- Creating a compute machine set on vSphere
- Creating a compute machine set on bare metal
- Manually scaling a compute machine set
- Modifying a compute machine set
- Machine phases and lifecycle
- Deleting a machine
- Applying autoscaling to a cluster
- Creating infrastructure machine sets
- Managing user-provisioned infrastructure manually
- Managing control plane machines
- About control plane machine sets
- Getting started with control plane machine sets
- Managing control plane machines with control plane machine sets
- Control plane machine set configuration
- Configuration options for control plane machines
- Control plane configuration options for Amazon Web Services
- Control plane configuration options for Microsoft Azure
- Control plane configuration options for Google Cloud Platform
- Control plane configuration options for Nutanix
- Control plane configuration options for Red Hat OpenStack Platform
- Control plane configuration options for VMware vSphere
- Control plane resiliency and recovery
- Troubleshooting the control plane machine set
- Disabling the control plane machine set
- Managing machines with the Cluster API
- About the Cluster API
- Getting started with the Cluster API
- Managing machines with the Cluster API
- Configuration options for Cluster API machines
- Cluster API configuration options for Amazon Web Services
- Cluster API configuration options for Google Cloud Platform
- Cluster API configuration options for Microsoft Azure
- Cluster API configuration options for Red Hat OpenStack Platform
- Cluster API configuration options for VMware vSphere
- Cluster API configuration options for bare metal
- Troubleshooting Cluster API clusters
- Disabling the Cluster API
- Deploying machine health checks
- etcd
- Hosted control planes
- Hosted control planes release notes
- Hosted control planes overview
- Preparing to deploy hosted control planes
- Deploying hosted control planes
- Deploying hosted control planes on AWS
- Deploying hosted control planes on bare metal
- Deploying hosted control planes on OpenShift Virtualization
- Deploying hosted control planes on non-bare-metal agent machines
- Deploying hosted control planes on IBM Z
- Deploying hosted control planes on IBM Power
- Deploying hosted control planes on OpenStack
- Managing hosted control planes
- Deploying hosted control planes in a disconnected environment
- Introduction to hosted control planes in a disconnected environment
- Deploying hosted control planes on OpenShift Virtualization in a disconnected environment
- Deploying hosted control planes on bare metal in a disconnected environment
- Deploying hosted control planes on IBM Z in a disconnected environment
- Monitoring user workload in a disconnected environment
- Configuring certificates for hosted control planes
- Updating hosted control planes
- High availability for hosted control planes
- About high availability for hosted control planes
- Recovering a failing etcd cluster
- Backing up and restoring etcd in an on-premise environment
- Backing up and restoring etcd on AWS
- Backing up and restoring a hosted cluster on OpenShift Virtualization
- Disaster recovery for a hosted cluster in AWS
- Disaster recovery for a hosted cluster by using OADP
- Automated disaster recovery for a hosted cluster by using OADP
- Authentication and authorization for hosted control planes
- Handling machine configuration for hosted control planes
- Using feature gates in a hosted cluster
- Observability for hosted control planes
- Networking for hosted control planes
- Troubleshooting hosted control planes
- Destroying a hosted cluster
- Destroying a hosted cluster on AWS
- Destroying a hosted cluster on bare metal
- Destroying a hosted cluster on OpenShift Virtualization
- Destroying a hosted cluster on IBM Z
- Destroying a hosted cluster on IBM Power
- Destroying a hosted cluster on OpenStack
- Destroying a hosted cluster on non-bare-metal agent machines
- Manually importing a hosted cluster
- Nodes
- Overview of nodes
- Working with pods
- About pods
- Viewing pods
- Configuring a cluster for pods
- Automatically scaling pods with the horizontal pod autoscaler
- Automatically adjust pod resource levels with the vertical pod autoscaler
- Providing sensitive data to pods by using secrets
- Providing sensitive data to pods by using an external secrets store
- Authenticating pods with short-term credentials
- Creating and using config maps
- Using Device Manager to make devices available to nodes
- Including pod priority in pod scheduling decisions
- Placing pods on specific nodes using node selectors
- Running pods in Linux user namespaces
- Automatically scaling pods with the Custom Metrics Autoscaler Operator
- Release notes
- Custom Metrics Autoscaler Operator overview
- Installing the custom metrics autoscaler
- Understanding the custom metrics autoscaler triggers
- Understanding custom metrics autoscaler trigger authentications
- Pausing the custom metrics autoscaler
- Gathering audit logs
- Gathering debugging data
- Viewing Operator metrics
- Understanding how to add custom metrics autoscalers
- Removing the Custom Metrics Autoscaler Operator
- Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Scheduling pods using a scheduler profile
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Controlling pod placement using pod topology spread constraints
- Using jobs and daemon sets
- Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing nodes
- Adding worker nodes to an on-premise cluster
- Managing the maximum number of pods per node
- Using the Node Tuning Operator
- Remediating, fencing, and maintaining nodes
- Understanding node rebooting
- Boot image management
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Allocating specific CPUs for nodes in a cluster
- Enabling TLS security profiles for the kubelet
- Creating infrastructure nodes
- Working with containers
- Understanding containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
- Accessing faster builds with /dev/fuse
- Working with clusters
- Node metrics dashboard
- Manage secure signatures with sigstore
- Windows Container Support for OpenShift
- Red Hat OpenShift support for Windows Containers overview
- Release notes
- Understanding Windows container workloads
- Enabling Windows container workloads
- Creating Windows machine sets
- Scheduling Windows container workloads
- Windows node updates
- Using Bring-Your-Own-Host Windows instances as nodes
- Removing Windows nodes
- Disabling Windows container workloads
- Observability
- Observability overview
- Cluster Observability Operator
- Monitoring
- Logging
- Network Observability
- Network observability release notes 1.9.2
- Network observability release notes
- Network observability overview
- Installing the Network Observability Operator
- Understanding Network Observability Operator
- Configuring the Network Observability Operator
- Network Policy
- Observing the network traffic
- Using metrics with dashboards and alerts
- Monitoring the Network Observability Operator
- Scheduling resources
- Secondary networks
- Network Observability CLI
- FlowCollector API reference
- FlowMetric API reference
- Flows format reference
- Troubleshooting network observability
- Power Monitoring
- Scalability and performance
- Scalability and performance overview
- Recommended performance and scalability practices
- Telco core reference design specifications
- Telco RAN DU reference design specifications
- Telco hub reference design specifications
- Comparing cluster configurations
- Planning your environment according to object maximums
- Compute Resource Quotas
- Using the Node Tuning Operator
- Using CPU Manager and Topology Manager
- Scheduling NUMA-aware workloads
- Scalability and performance optimization
- Managing bare metal hosts
- What huge pages do and how they are consumed by apps
- Understanding low latency
- Tuning nodes for low latency with the performance profile
- Tuning hosted control planes for low latency with the performance profile
- Provisioning real-time and low latency workloads
- Debugging low latency tuning
- Performing latency tests for platform verification
- Improving cluster stability in high latency environments using worker latency profiles
- Workload partitioning
- Using the Node Observability Operator
- Edge computing
- Challenges of the network far edge
- Preparing the hub cluster for ZTP
- Updating GitOps ZTP
- Installing managed clusters with RHACM and SiteConfig resources
- Manually installing a single-node OpenShift cluster with GitOps ZTP
- Recommended single-node OpenShift cluster configuration for vDU application workloads
- Validating cluster tuning for vDU application workloads
- Advanced managed cluster configuration with SiteConfig resources
- Managing cluster policies with PolicyGenerator resources
- Managing cluster policies with PolicyGenTemplate resources
- Using hub templates in PolicyGenerator or PolicyGenTemplate CRs
- Updating managed clusters with the Topology Aware Lifecycle Manager
- Expanding single-node OpenShift clusters with GitOps ZTP
- Pre-caching images for single-node OpenShift deployments
- Image-based upgrade for single-node OpenShift clusters
- Understanding the image-based upgrade for single-node OpenShift clusters
- Preparing for an image-based upgrade for single-node OpenShift clusters
- Configuring a shared container partition for the image-based upgrade
- Installing Operators for the image-based upgrade
- Generating a seed image for the image-based upgrade with the Lifecycle Agent
- Creating ConfigMap objects for the image-based upgrade with the Lifecycle Agent
- Creating ConfigMap objects for the image-based upgrade with Lifecycle Agent using GitOps ZTP
- Configuring the automatic image cleanup of the container storage disk
- Performing an image-based upgrade for single-node OpenShift clusters with the Lifecycle Agent
- Performing an image-based upgrade for single-node OpenShift clusters using GitOps ZTP
- Image-based installation for single-node OpenShift
- Day 2 operations for telco core CNF clusters
- Specialized hardware and driver enablement
- Hardware accelerators
- Backup and restore
- Overview of backup and restore operations
- Shutting down a cluster gracefully
- Restarting a cluster gracefully
- Hibernating a cluster
- OADP Application backup and restore
- Introduction to OpenShift API for Data Protection
- OADP release notes
- OADP performance
- OADP features and plugins
- OADP use cases
- Installing OADP
- Configuring OADP with AWS S3 compatible storage
- Configuring OADP with IBM Cloud
- Configuring OADP with Azure
- Configuring OADP with GCP
- Configuring OADP with MCG
- Configuring OADP with ODF
- Configuring OADP with OpenShift Virtualization
- Configuring OADP with multiple backup storage locations
- Configuring OADP with multiple Volume Snapshot Locations
- Uninstalling OADP
- OADP backing up
- OADP restoring
- OADP Self-Service
- OADP and ROSA
- OADP and AWS STS
- OADP and 3scale
- OADP Data Mover
- OADP API
- Advanced OADP features and functionalities
- OADP troubleshooting
- Troubleshooting OADP
- Velero CLI tool
- Pods crash or restart due to lack of memory or CPU
- Restoring workarounds for Velero backups that use admission webhooks
- OADP installation issues
- OADP Operator issues
- OADP timeouts
- Backup and Restore CR issues
- Restic issues
- Using the must-gather tool
- OADP monitoring
- Control plane backup and restore
- Migrating from version 3 to 4
- Migrating from version 3 to 4 overview
- About migrating from OKD 3 to 4
- Differences between OKD 3 and 4
- Network considerations
- About MTC
- Installing MTC
- Installing MTC in a disconnected environment
- Upgrading MTC
- Premigration checklists
- Migrating your applications
- Advanced migration options
- Troubleshooting
- Migration Toolkit for Containers
- API reference
- API overview
- Common object reference
- Authorization APIs
- About Authorization APIs
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- SelfSubjectReview [authentication.k8s.io/v1]
- TokenRequest [authentication.k8s.io/v1]
- TokenReview [authentication.k8s.io/v1]
- LocalSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectRulesReview [authorization.k8s.io/v1]
- SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
- Cluster APIs
- Config APIs
- About Config APIs
- APIServer [config.openshift.io/v1]
- Authentication [config.openshift.io/v1]
- Build [config.openshift.io/v1]
- ClusterOperator [config.openshift.io/v1]
- ClusterVersion [config.openshift.io/v1]
- Console [config.openshift.io/v1]
- DNS [config.openshift.io/v1]
- FeatureGate [config.openshift.io/v1]
- HelmChartRepository [helm.openshift.io/v1beta1]
- Image [config.openshift.io/v1]
- ImageDigestMirrorSet [config.openshift.io/v1]
- ImageContentPolicy [config.openshift.io/v1]
- ImageTagMirrorSet [config.openshift.io/v1]
- Infrastructure [config.openshift.io/v1]
- Ingress [config.openshift.io/v1]
- Network [config.openshift.io/v1]
- Node [config.openshift.io/v1]
- OAuth [config.openshift.io/v1]
- OperatorHub [config.openshift.io/v1]
- Project [config.openshift.io/v1]
- ProjectHelmChartRepository [helm.openshift.io/v1beta1]
- Proxy [config.openshift.io/v1]
- Scheduler [config.openshift.io/v1]
- Console APIs
- About Console APIs
- ConsoleCLIDownload [console.openshift.io/v1]
- ConsoleExternalLogLink [console.openshift.io/v1]
- ConsoleLink [console.openshift.io/v1]
- ConsoleNotification [console.openshift.io/v1]
- ConsolePlugin [console.openshift.io/v1]
- ConsoleQuickStart [console.openshift.io/v1]
- ConsoleSample [console.openshift.io/v1]
- ConsoleYAMLSample [console.openshift.io/v1]
- Extension APIs
- About Extension APIs
- APIService [apiregistration.k8s.io/v1]
- CustomResourceDefinition [apiextensions.k8s.io/v1]
- MutatingWebhookConfiguration [admissionregistration.k8s.io/v1]
- ValidatingAdmissionPolicy [admissionregistration.k8s.io/v1]
- ValidatingAdmissionPolicyBinding [admissionregistration.k8s.io/v1]
- ValidatingWebhookConfiguration [admissionregistration.k8s.io/v1]
- Image APIs
- About Image APIs
- Image [image.openshift.io/v1]
- ImageSignature [image.openshift.io/v1]
- ImageStreamImage [image.openshift.io/v1]
- ImageStreamImport [image.openshift.io/v1]
- ImageStreamLayers [image.openshift.io/v1]
- ImageStreamMapping [image.openshift.io/v1]
- ImageStream [image.openshift.io/v1]
- ImageStreamTag [image.openshift.io/v1]
- ImageTag [image.openshift.io/v1]
- SecretList [image.openshift.io/v1]
- Machine APIs
- About Machine APIs
- ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
- ControllerConfig [machineconfiguration.openshift.io/v1]
- ControlPlaneMachineSet [machine.openshift.io/v1]
- KubeletConfig [machineconfiguration.openshift.io/v1]
- MachineConfig [machineconfiguration.openshift.io/v1]
- MachineConfigPool [machineconfiguration.openshift.io/v1]
- MachineHealthCheck [machine.openshift.io/v1beta1]
- Machine [machine.openshift.io/v1beta1]
- MachineSet [machine.openshift.io/v1beta1]
- MachineConfigNode [machineconfiguration.openshift.io/v1]
- MachineOSBuild [machineconfiguration.openshift.io/v1]
- MachineOSConfig [machineconfiguration.openshift.io/v1]
- PinnedImageSet [machineconfiguration.openshift.io/v1]
- Metadata APIs
- Monitoring APIs
- About Monitoring APIs
- Alertmanager [monitoring.coreos.com/v1]
- AlertmanagerConfig [monitoring.coreos.com/v1beta1]
- AlertRelabelConfig [monitoring.openshift.io/v1]
- AlertingRule [monitoring.openshift.io/v1]
- PodMonitor [monitoring.coreos.com/v1]
- Probe [monitoring.coreos.com/v1]
- Prometheus [monitoring.coreos.com/v1]
- PrometheusRule [monitoring.coreos.com/v1]
- ServiceMonitor [monitoring.coreos.com/v1]
- ThanosRuler [monitoring.coreos.com/v1]
- NodeMetrics [metrics.k8s.io/v1beta1]
- PodMetrics [metrics.k8s.io/v1beta1]
- Network APIs
- About Network APIs
- ClusterUserDefinedNetwork [k8s.ovn.org/v1]
- AdminNetworkPolicy [policy.networking.k8s.io/v1alpha1]
- AdminPolicyBasedExternalRoute [k8s.ovn.org/v1]
- BaselineAdminNetworkPolicy [policy.networking.k8s.io/v1alpha1]
- CloudPrivateIPConfig [cloud.network.openshift.io/v1]
- EgressFirewall [k8s.ovn.org/v1]
- EgressIP [k8s.ovn.org/v1]
- EgressQoS [k8s.ovn.org/v1]
- EgressService [k8s.ovn.org/v1]
- Endpoints [undefined/v1]
- EndpointSlice [discovery.k8s.io/v1]
- EgressRouter [network.operator.openshift.io/v1]
- GRPCRoute [gateway.networking.k8s.io/v1]
- Gateway [gateway.networking.k8s.io/v1]
- GatewayClass [gateway.networking.k8s.io/v1]
- HTTPRoute [gateway.networking.k8s.io/v1]
- Ingress [networking.k8s.io/v1]
- IngressClass [networking.k8s.io/v1]
- IPAddress [networking.k8s.io/v1]
- IPAMClaim [k8s.cni.cncf.io/v1alpha1]
- IPPool [whereabouts.cni.cncf.io/v1alpha1]
- MultiNetworkPolicy [k8s.cni.cncf.io/v1beta1]
- NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- NetworkPolicy [networking.k8s.io/v1]
- NodeSlicePool [whereabouts.cni.cncf.io/v1alpha1]
- OverlappingRangeIPReservation [whereabouts.cni.cncf.io/v1alpha1]
- PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
- ReferenceGrant [gateway.networking.k8s.io/v1beta1]
- Route [route.openshift.io/v1]
- Service [undefined/v1]
- ServiceCIDR [networking.k8s.io/v1]
- IPAddressClaim [ipam.cluster.x-k8s.io/v1beta1]
- UserDefinedNetwork [k8s.ovn.org/v1]
- Node APIs
- OAuth APIs
- Operator APIs
- About Operator APIs
- Authentication [operator.openshift.io/v1]
- CloudCredential [operator.openshift.io/v1]
- ClusterCSIDriver [operator.openshift.io/v1]
- Console [operator.openshift.io/v1]
- Config [operator.openshift.io/v1]
- Config [imageregistry.operator.openshift.io/v1]
- Config [samples.operator.openshift.io/v1]
- CSISnapshotController [operator.openshift.io/v1]
- DNS [operator.openshift.io/v1]
- DNSRecord [ingress.operator.openshift.io/v1]
- Etcd [operator.openshift.io/v1]
- ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- ImagePruner [imageregistry.operator.openshift.io/v1]
- IngressController [operator.openshift.io/v1]
- InsightsOperator [operator.openshift.io/v1]
- KubeAPIServer [operator.openshift.io/v1]
- KubeControllerManager [operator.openshift.io/v1]
- KubeScheduler [operator.openshift.io/v1]
- KubeStorageVersionMigrator [operator.openshift.io/v1]
- MachineConfiguration [operator.openshift.io/v1]
- Network [operator.openshift.io/v1]
- OpenShiftAPIServer [operator.openshift.io/v1]
- OpenShiftControllerManager [operator.openshift.io/v1]
- OperatorPKI [network.operator.openshift.io/v1]
- ServiceCA [operator.openshift.io/v1]
- Storage [operator.openshift.io/v1]
- OperatorHub APIs
- About OperatorHub APIs
- CatalogSource [operators.coreos.com/v1alpha1]
- ClusterCatalog [olm.operatorframework.io/v1]
- ClusterExtension [olm.operatorframework.io/v1]
- ClusterServiceVersion [operators.coreos.com/v1alpha1]
- InstallPlan [operators.coreos.com/v1alpha1]
- OLMConfig [operators.coreos.com/v1]
- Operator [operators.coreos.com/v1]
- OperatorCondition [operators.coreos.com/v2]
- OperatorGroup [operators.coreos.com/v1]
- PackageManifest [packages.operators.coreos.com/v1]
- Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
- Project APIs
- Provisioning APIs
- About Provisioning APIs
- BMCEventSubscription [metal3.io/v1alpha1]
- BareMetalHost [metal3.io/v1alpha1]
- DataImage [metal3.io/v1alpha1]
- FirmwareSchema [metal3.io/v1alpha1]
- HardwareData [metal3.io/v1alpha1]
- HostFirmwareComponents [metal3.io/v1alpha1]
- HostFirmwareSettings [metal3.io/v1alpha1]
- HostUpdatePolicy [metal3.io/v1alpha1]
- Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1]
- Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1]
- PreprovisioningImage [metal3.io/v1alpha1]
- Provisioning [metal3.io/v1alpha1]
- RBAC APIs
- Role APIs
- Schedule and quota APIs
- About Schedule and quota APIs
- AppliedClusterResourceQuota [quota.openshift.io/v1]
- ClusterResourceQuota [quota.openshift.io/v1]
- FlowSchema [flowcontrol.apiserver.k8s.io/v1]
- LimitRange [undefined/v1]
- PriorityClass [scheduling.k8s.io/v1]
- PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1]
- ResourceQuota [undefined/v1]
- Security APIs
- About Security APIs
- CertificateSigningRequest [certificates.k8s.io/v1]
- CredentialsRequest [cloudcredential.openshift.io/v1]
- PodSecurityPolicyReview [security.openshift.io/v1]
- PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- PodSecurityPolicySubjectReview [security.openshift.io/v1]
- RangeAllocation [security.openshift.io/v1]
- Secret [undefined/v1]
- SecurityContextConstraints [security.openshift.io/v1]
- ServiceAccount [undefined/v1]
- Storage APIs
- About Storage APIs
- CSIDriver [storage.k8s.io/v1]
- CSINode [storage.k8s.io/v1]
- CSIStorageCapacity [storage.k8s.io/v1]
- PersistentVolume [undefined/v1]
- PersistentVolumeClaim [undefined/v1]
- StorageClass [storage.k8s.io/v1]
- StorageState [migration.k8s.io/v1alpha1]
- StorageVersionMigration [migration.k8s.io/v1alpha1]
- VolumeAttachment [storage.k8s.io/v1]
- VolumeSnapshot [snapshot.storage.k8s.io/v1]
- VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
- VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
- Template APIs
- User and group APIs
- Workloads APIs
- About Workloads APIs
- BuildConfig [build.openshift.io/v1]
- Build [build.openshift.io/v1]
- BuildLog [build.openshift.io/v1]
- BuildRequest [build.openshift.io/v1]
- CronJob [batch/v1]
- DaemonSet [apps/v1]
- Deployment [apps/v1]
- DeploymentConfig [apps.openshift.io/v1]
- DeploymentConfigRollback [apps.openshift.io/v1]
- DeploymentLog [apps.openshift.io/v1]
- DeploymentRequest [apps.openshift.io/v1]
- Job [batch/v1]
- Pod [undefined/v1]
- ReplicationController [undefined/v1]
- ReplicaSet [apps/v1]
- StatefulSet [apps/v1]
- Virtualization
- About
- Getting started
- Installing
- Postinstallation configuration
- Virtualization with IBM Fusion Access for SAN
- Updating
- Creating a virtual machine
- Advanced VM creation
- Managing VMs
- Listing virtual machines
- Installing the QEMU guest agent and VirtIO drivers
- Connecting to VM consoles
- Configuring SSH access to VMs
- Editing virtual machines
- Editing boot order
- Deleting virtual machines
- Enabling or disabling virtual machine delete protection
- Exporting virtual machines
- Managing virtual machine instances
- Controlling virtual machine states
- Using virtual Trusted Platform Module devices
- Managing virtual machines with OpenShift Pipelines
- Migrating VMs in a single cluster to a different storage class
- Advanced virtual machine management
- Working with resource quotas for virtual machines
- Configuring the Application-Aware Quota Operator
- Specifying nodes for virtual machines
- Configuring the default CPU model
- UEFI mode for virtual machines
- Configuring PXE booting for virtual machines
- Using huge pages with virtual machines
- Enabling dedicated resources for a virtual machine
- Scheduling virtual machines
- Configuring PCI passthrough
- Configuring virtual GPUs
- Configuring USB host passthrough
- Enabling descheduler evictions on virtual machines
- About high availability for virtual machines
- Control plane tuning
- Assigning compute resources
- About multi-queue functionality
- Managing virtual machines by using OpenShift GitOps
- VM disks
- Networking
- Networking configuration overview
- Connecting a VM to the default pod network
- Connecting a VM to a primary user-defined network
- Connecting a VM to a secondary localnet user-defined network
- Exposing a VM by using a service
- Accessing a VM by using its internal FQDN
- Connecting a VM to a Linux bridge network
- Connecting a VM to an SR-IOV network
- Using DPDK with SR-IOV
- Connecting a VM to an OVN-Kubernetes layer 2 secondary network
- Hot plugging secondary network interfaces
- Setting VM interface link state
- Connecting a VM to a service mesh
- Configuring a dedicated network for live migration
- Configuring and viewing IP addresses
- Accessing a VM by using its external FQDN
- Managing MAC address pools for network interfaces
- Storage
- Storage configuration overview
- Configuring storage profiles
- Managing automatic boot source updates
- Reserving PVC space for file system overhead
- Configuring local storage by using HPP
- Enabling user permissions to clone data volumes across namespaces
- Configuring CDI to override CPU and memory quotas
- Preparing CDI scratch space
- Using preallocation for data volumes
- Managing data volume annotations
- Understanding virtual machine storage with the CSI paradigm
- Live migration
- Nodes
- Monitoring
- Support
- Backup and restore
×
Example route advertisements setup
As a cluster administrator, you can configure the following example route advertisements setup for your cluster. This configuration is intended as a sample that demonstrates how to configure route advertisements.
Sample route advertisements setup
As a cluster administrator, you can enable Border Gateway Protocol (BGP) routing support for your cluster. This configuration is intended as a sample that demonstrates how to configure route advertisements. The configuration uses route reflection rather than a full mesh setup.
|
BGP routing is supported only on bare-metal infrastructure. |
Prerequisites
-
You installed the OpenShift CLI (
oc). -
You are logged in to the cluster as a user with
cluster-adminprivileges. -
The cluster is installed on bare-metal infrastructure.
-
You have a bare-metal system with access to the cluster where you plan to run the FRR daemon container.
Procedure
-
Confirm that the
RouteAdvertisementsfeature gate is enabled by running the following command:Example output- name: RouteAdvertisements -
Configure the Cluster Network Operator (CNO) by running the following command:
$ oc patch Network.operator.openshift.io cluster --type=merge \ -p=' {"spec":{ "additionalRoutingCapabilities": { "providers": ["FRR"]}, "defaultNetwork":{"ovnKubernetesConfig"{ "routeAdvertisements":"Enabled" }}}}'It might take a few minutes for the CNO to restart all nodes.
-
Get the IP addresses of the nodes by running the following command:
$ oc get node -owideExample outputNAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME master-0 Ready control-plane,master 27h v1.31.3 192.168.111.20 <none> Red Hat Enterprise Linux CoreOS 418.94.202501062026-0 5.14.0-427.50.1.el9_4.x86_64 cri-o://1.31.4-2.rhaos4.18.git33d7598.el9 master-1 Ready control-plane,master 27h v1.31.3 192.168.111.21 <none> Red Hat Enterprise Linux CoreOS 418.94.202501062026-0 5.14.0-427.50.1.el9_4.x86_64 cri-o://1.31.4-2.rhaos4.18.git33d7598.el9 master-2 Ready control-plane,master 27h v1.31.3 192.168.111.22 <none> Red Hat Enterprise Linux CoreOS 418.94.202501062026-0 5.14.0-427.50.1.el9_4.x86_64 cri-o://1.31.4-2.rhaos4.18.git33d7598.el9 worker-0 Ready worker 27h v1.31.3 192.168.111.23 <none> Red Hat Enterprise Linux CoreOS 418.94.202501062026-0 5.14.0-427.50.1.el9_4.x86_64 cri-o://1.31.4-2.rhaos4.18.git33d7598.el9 worker-1 Ready worker 27h v1.31.3 192.168.111.24 <none> Red Hat Enterprise Linux CoreOS 418.94.202501062026-0 5.14.0-427.50.1.el9_4.x86_64 cri-o://1.31.4-2.rhaos4.18.git33d7598.el9 worker-2 Ready worker 27h v1.31.3 192.168.111.25 <none> Red Hat Enterprise Linux CoreOS 418.94.202501062026-0 5.14.0-427.50.1.el9_4.x86_64 cri-o://1.31.4-2.rhaos4.18.git33d7598.el9 -
Get the default pod network of each node by running the following command:
$ oc get node <node_name> -o=jsonpath={.metadata.annotations.k8s\\.ovn\\.org/node-subnets}Example output{"default":["10.129.0.0/23"],"ns1.udn-network-primary-layer3":["10.150.6.0/24"]} -
On the bare-metal hypervisor, get the IP address for the external FRR container to use by running the following command:
$ ip -j -d route get <a cluster node's IP> | jq -r '.[] | .dev' | xargs ip -d -j address show | jq -r '.[] | .addr_info[0].local' -
Create a
frr.conffile for FRR that includes each node’s IP address, as shown in the following example:Examplefrr.confconfiguration filerouter bgp 64512 no bgp default ipv4-unicast no bgp default ipv6-unicast no bgp network import-check neighbor 192.168.111.20 remote-as 64512 neighbor 192.168.111.20 route-reflector-client neighbor 192.168.111.21 remote-as 64512 neighbor 192.168.111.21 route-reflector-client neighbor 192.168.111.22 remote-as 64512 neighbor 192.168.111.22 route-reflector-client neighbor 192.168.111.40 remote-as 64512 neighbor 192.168.111.40 route-reflector-client neighbor 192.168.111.47 remote-as 64512 neighbor 192.168.111.47 route-reflector-client neighbor 192.168.111.23 remote-as 64512 neighbor 192.168.111.23 route-reflector-client neighbor 192.168.111.24 remote-as 64512 neighbor 192.168.111.24 route-reflector-client neighbor 192.168.111.25 remote-as 64512 neighbor 192.168.111.25 route-reflector-client address-family ipv4 unicast network 192.168.1.0/24 network 192.169.1.1/32 exit-address-family address-family ipv4 unicast neighbor 192.168.111.20 activate neighbor 192.168.111.20 next-hop-self neighbor 192.168.111.21 activate neighbor 192.168.111.21 next-hop-self neighbor 192.168.111.22 activate neighbor 192.168.111.22 next-hop-self neighbor 192.168.111.40 activate neighbor 192.168.111.40 next-hop-self neighbor 192.168.111.47 activate neighbor 192.168.111.47 next-hop-self neighbor 192.168.111.23 activate neighbor 192.168.111.23 next-hop-self neighbor 192.168.111.24 activate neighbor 192.168.111.24 next-hop-self neighbor 192.168.111.25 activate neighbor 192.168.111.25 next-hop-self exit-address-family neighbor remote-as 64512 neighbor route-reflector-client address-family ipv6 unicast network 2001:db8::/128 exit-address-family address-family ipv6 unicast neighbor activate neighbor next-hop-self exit-address-family -
Create a file named
daemonsthat includes the following content:Exampledaemonsconfiguration file# This file tells the frr package which daemons to start. # # Sample configurations for these daemons can be found in # /usr/share/doc/frr/examples/. # # ATTENTION: # # When activating a daemon for the first time, a config file, even if it is # empty, has to be present *and* be owned by the user and group "frr", else # the daemon will not be started by /etc/init.d/frr. The permissions should # be u=rw,g=r,o=. # When using "vtysh" such a config file is also needed. It should be owned by # group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too. # # The watchfrr and zebra daemons are always started. # bgpd=yes ospfd=no ospf6d=no ripd=no ripngd=no isisd=no pimd=no ldpd=no nhrpd=no eigrpd=no babeld=no sharpd=no pbrd=no bfdd=yes fabricd=no vrrpd=no # # If this option is set the /etc/init.d/frr script automatically loads # the config via "vtysh -b" when the servers are started. # Check /etc/pam.d/frr if you intend to use "vtysh"! # vtysh_enable=yes zebra_options=" -A 127.0.0.1 -s 90000000" bgpd_options=" -A 127.0.0.1" ospfd_options=" -A 127.0.0.1" ospf6d_options=" -A ::1" ripd_options=" -A 127.0.0.1" ripngd_options=" -A ::1" isisd_options=" -A 127.0.0.1" pimd_options=" -A 127.0.0.1" ldpd_options=" -A 127.0.0.1" nhrpd_options=" -A 127.0.0.1" eigrpd_options=" -A 127.0.0.1" babeld_options=" -A 127.0.0.1" sharpd_options=" -A 127.0.0.1" pbrd_options=" -A 127.0.0.1" staticd_options="-A 127.0.0.1" bfdd_options=" -A 127.0.0.1" fabricd_options="-A 127.0.0.1" vrrpd_options=" -A 127.0.0.1" # configuration profile # #frr_profile="traditional" #frr_profile="datacenter" # # This is the maximum number of FD's that will be available. # Upon startup this is read by the control files and ulimit # is called. Uncomment and use a reasonable value for your # setup if you are expecting a large number of peers in # say BGP. #MAX_FDS=1024 # The list of daemons to watch is automatically generated by the init script. #watchfrr_options="" # for debugging purposes, you can specify a "wrap" command to start instead # of starting the daemon directly, e.g. to use valgrind on ospfd: # ospfd_wrap="/usr/bin/valgrind" # or you can use "all_wrap" for all daemons, e.g. to use perf record: # all_wrap="/usr/bin/perf record --call-graph -" # the normal daemon command is added to this at the end. -
Save both the
frr.confanddaemonsfiles in the same directory, such as/tmp/frr. -
Create an external FRR container by running the following command:
$ sudo podman run -d --privileged --network host --rm --ulimit core=-1 --name frr --volume /tmp/frr:/etc/frr quay.io/frrouting/frr:9.1.0 -
Create the following
FRRConfigurationandRouteAdvertisementsconfigurations:-
Create a
receive_all.yamlfile that includes the following content:Examplereceive_all.yamlconfiguration fileapiVersion: frrk8s.metallb.io/v1beta1 kind: FRRConfiguration metadata: name: receive-all namespace: openshift-frr-k8s spec: bgp: routers: - asn: 64512 neighbors: - address: 192.168.111.1 asn: 64512 toReceive: allowed: mode: all -
Create a
ra.yamlfile that includes the following content:Examplera.yamlconfiguration fileapiVersion: k8s.ovn.org/v1 kind: RouteAdvertisements metadata: name: default spec: nodeSelector: {} frrConfigurationSelector: {} networkSelectors: - networkSelectionType: DefaultNetwork advertisements: - "PodNetwork" - "EgressIP"
-
-
Apply the
receive_all.yamlandra.yamlfiles by running the following command:$ for f in receive_all.yaml ra.yaml; do oc apply -f $f; done
Verification
-
Verify that the configurations were applied:
-
Verify that the
FRRConfigurationconfigurations were created by running the following command:$ oc get frrconfiguration -AExample outputNAMESPACE NAME AGE openshift-frr-k8s ovnk-generated-6lmfb 4h47m openshift-frr-k8s ovnk-generated-bhmnm 4h47m openshift-frr-k8s ovnk-generated-d2rf5 4h47m openshift-frr-k8s ovnk-generated-f958l 4h47m openshift-frr-k8s ovnk-generated-gmsmw 4h47m openshift-frr-k8s ovnk-generated-kmnqg 4h47m openshift-frr-k8s ovnk-generated-wpvgb 4h47m openshift-frr-k8s ovnk-generated-xq7v6 4h47m openshift-frr-k8s receive-all 4h47m -
Verify that the
RouteAdvertisementsconfigurations were created by running the following command:$ oc get ra -AExample outputNAME STATUS default Accepted
-
-
Get the external FRR container ID by running the following command:
$ sudo podman ps | grep frrExample output22cfc713890e quay.io/frrouting/frr:9.1.0 /usr/lib/frr/dock... 5 hours ago Up 5 hours ago frr -
Use the container ID that you obtained in the previous step to check the BGP neighbor and routes in the external FRR container’s
vtyshsession. Run the following command:$ sudo podman exec -it <container_id> vtysh -c "show ip bgp"Example outputBGP table version is 10, local router ID is 192.168.111.1, vrf id 0 Default local pref 100, local AS 64512 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i10.128.0.0/23 192.168.111.22 0 100 0 i *>i10.128.2.0/23 192.168.111.23 0 100 0 i *>i10.129.0.0/23 192.168.111.20 0 100 0 i *>i10.129.2.0/23 192.168.111.24 0 100 0 i *>i10.130.0.0/23 192.168.111.21 0 100 0 i *>i10.130.2.0/23 192.168.111.40 0 100 0 i *>i10.131.0.0/23 192.168.111.25 0 100 0 i *>i10.131.2.0/23 192.168.111.47 0 100 0 i *> 192.168.1.0/24 0.0.0.0 0 32768 i *> 192.169.1.1/32 0.0.0.0 0 32768 i -
Find the
frr-k8spod for each cluster node by running the following command:$ oc -n openshift-frr-k8s get pod -owideExample outputNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES frr-k8s-86wmq 6/6 Running 0 25h 192.168.111.20 master-0 <none> <none> frr-k8s-h2wl6 6/6 Running 0 25h 192.168.111.21 master-1 <none> <none> frr-k8s-jlbgs 6/6 Running 0 25h 192.168.111.40 node1.example.com <none> <none> frr-k8s-qc6l5 6/6 Running 0 25h 192.168.111.25 worker-2 <none> <none> frr-k8s-qtxdc 6/6 Running 0 25h 192.168.111.47 node2.example.com <none> <none> frr-k8s-s5bxh 6/6 Running 0 25h 192.168.111.24 worker-1 <none> <none> frr-k8s-szgj9 6/6 Running 0 25h 192.168.111.22 master-2 <none> <none> frr-k8s-webhook-server-6cd8b8d769-kmctw 1/1 Running 0 25h 10.131.2.9 node3.example.com <none> <none> frr-k8s-zwmgh 6/6 Running 0 25h 192.168.111.23 worker-0 <none> <none> -
From the OKD cluster, check BGP routes on the cluster node’s
frr-k8spod in the FRR container by running the following command:$ oc -n openshift-frr-k8s -c frr rsh frr-k8s-86wmq -
Check the IP routes from the cluster node by running the following command:
sh-5.1# vtyshExample outputHello, this is FRRouting (version 8.5.3). Copyright 1996-2005 Kunihiro Ishiguro, et al. -
Check the IP routes by running the following command:
worker-2# show ip bgpExample outputBGP table version is 10, local router ID is 192.168.111.25, vrf id 0 Default local pref 100, local AS 64512 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *>i10.128.0.0/23 192.168.111.22 0 100 0 i *>i10.128.2.0/23 192.168.111.23 0 100 0 i *>i10.129.0.0/23 192.168.111.20 0 100 0 i *>i10.129.2.0/23 192.168.111.24 0 100 0 i *>i10.130.0.0/23 192.168.111.21 0 100 0 i *>i10.130.2.0/23 192.168.111.40 0 100 0 i *> 10.131.0.0/23 0.0.0.0 0 32768 i *>i10.131.2.0/23 192.168.111.47 0 100 0 i *>i192.168.1.0/24 192.168.111.1 0 100 0 i *>i192.169.1.1/32 192.168.111.1 0 100 0 i Displayed 10 routes and 10 total paths -
From the OKD cluster, debug the node by running the following command:
$ oc debug node/<node_name>Example outputTemporary namespace openshift-debug-lbtgh is created for debugging node... Starting pod/worker-2-debug-zrg4v ... To use host binaries, run `chroot /host` Pod IP: 192.168.111.25 If you don't see a command prompt, try pressing enter. -
Confirm that the BGP routes are being advertised by running the following command:
sh-5.1# ip route show | grep bgpExample output10.128.0.0/23 nhid 268 via 192.168.111.22 dev br-ex proto bgp metric 20 10.128.2.0/23 nhid 259 via 192.168.111.23 dev br-ex proto bgp metric 20 10.129.0.0/23 nhid 260 via 192.168.111.20 dev br-ex proto bgp metric 20 10.129.2.0/23 nhid 261 via 192.168.111.24 dev br-ex proto bgp metric 20 10.130.0.0/23 nhid 266 via 192.168.111.21 dev br-ex proto bgp metric 20 10.130.2.0/23 nhid 262 via 192.168.111.40 dev br-ex proto bgp metric 20 10.131.2.0/23 nhid 263 via 192.168.111.47 dev br-ex proto bgp metric 20 192.168.1.0/24 nhid 264 via 192.168.111.1 dev br-ex proto bgp metric 20 192.169.1.1 nhid 264 via 192.168.111.1 dev br-ex proto bgp metric 20