OpenShift OVN (Open Virtual Network) is an open-source project that allows for creating and managing software-defined networks using container technology. It's a cloud-native networking solution that provides network isolation, security, high availability, and other features to containerized applications.
Now the question is, what is the actual problem and why this blog exists in the first place? The main problem is:
Kubernetes CNI using OVN by default does not rely on the kernel routing table, which differs from Openshift SDN CNI.
We can apply the following solution to configure Openshift OVN to use the kernel routing table. Create gateway-mode-config ConfigMap in the openshift-network-operator namespace as follows,
For OCP 4.8 and 4.9
cat <<EOF > configmap-gateway-mode-config.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: gateway-mode-config
data:
mode: "local"
immutable: true
EOF
oc apply -f ./configmap-gateway-mode-config.yaml -n openshift-network-operator
For OCP 4.10 and onwards you can make changes using network.operator resource.
As per the doc:
routingViaHostIf set to true, pod egress traffic will touch host networking stack before being sent out.
Make changes using the following patch command,
oc patch network.operator.openshift.io/cluster -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig": {"routingViaHost": true} }}}}' --type=merge
Or edit resource network resource as follows.
oc edit network.operator.openshift.io/cluster
And make changes to resources as follows,
spec:
defaultNetwork:
type: OVNKubernetes
ovnKubernetesConfig:
gatewayConfig:
routingViaHost: true
Validate:
To confirm the configuration is applied or not, check following,
oc get pods -o yaml ovnkube-master-xxxxx | grep gateway-mode
You should see output something similar to this; check --gateway-mode local is configured.
gateway_mode_flags="--gateway-mode shared --gateway-interface br-ex"
gateway_mode_flags="--gateway-mode local --gateway-interface br-ex"
Top comments (0)