From 932e7edf235dbfe5af75445191384efb4886cbcb Mon Sep 17 00:00:00 2001 From: dfitzmau Date: Tue, 3 Dec 2024 09:50:17 +0000 Subject: [PATCH] OCPBUGS-44421: Added info on how to remove an NNCP config from network interface --- ...ode-network-configuration-policy-file.adoc | 29 +++++++++++++++++++ ...rt-confirming-policy-updates-on-nodes.adoc | 4 --- .../virt-example-nmstate-IP-management.adoc | 1 + ...nmstate-example-policy-configurations.adoc | 8 ++--- .../virt-removing-interface-from-nodes.adoc | 4 +-- ...-nmstate-updating-node-network-config.adoc | 2 +- 6 files changed, 36 insertions(+), 12 deletions(-) create mode 100644 modules/node-network-configuration-policy-file.adoc diff --git a/modules/node-network-configuration-policy-file.adoc b/modules/node-network-configuration-policy-file.adoc new file mode 100644 index 000000000000..47f0fd3240a6 --- /dev/null +++ b/modules/node-network-configuration-policy-file.adoc @@ -0,0 +1,29 @@ +// Module included in the following assemblies: +// +// * networking/k8s_nmstate/k8s-observing-node-network-state.adoc + +:_mod-docs-content-type: PROCEDURE +[id="node-network-configuration-policy-file.adoc_{context}"] += The NodeNetworkConfigurationPolicy manifest file + +A `NodeNetworkConfigurationPolicy` (NNCP) manifest file defines policies that the Kubernetes NMState Operator uses to configure networking for nodes that exist in an {product-title} cluster. + +After you apply a node network policy to a node, the Kubernetes NMState Operator creates an interface on the node. A node network policy includes your requested network configuration and the status of execution for the policy on the cluster as a whole. + +You can create an NNCP by using either the {oc-first} or the {product-title} web console. As a postinstallation task you can create an NNCP or edit an existing NNCP. + +[NOTE] +==== +Before you create an NNCP, ensure that you read the "Example policy configurations for different interfaces" document. +==== + +If you want to delete an NNCP, you can use the `oc delete nncp` command to complete this action. However, this command does not delete any created objects, such as a bridge interface. + +Deleting the node network policy that added an interface to a node does not change the configuration of the policy on the node. Similarly, removing an interface does not delete the policy, because the Kubernetes NMState Operator recreates the removed interface whenever a pod or a node is restarted. + +To effectively delete the NNCP, the node network policy, and any created interfaces would typically require the following actions: + +. Edit the NNCP and remove interface details from the file. Ensure that you do not remove `name`, `state`, and `type` parameters from the file. +. Add `state: absent` under the `interfaces.state` section of the NNCP. +. Run `oc apply -f `. After the Kubernetes NMState Operator applies the node network policy to each node in your cluster, the interface that was previously created on each node is now marked _absent_. +. Run `oc delete nncp` to delete the NNCP. diff --git a/modules/virt-confirming-policy-updates-on-nodes.adoc b/modules/virt-confirming-policy-updates-on-nodes.adoc index d3fc745b1877..0c4f26b10c7b 100644 --- a/modules/virt-confirming-policy-updates-on-nodes.adoc +++ b/modules/virt-confirming-policy-updates-on-nodes.adoc @@ -6,10 +6,6 @@ [id="virt-confirming-policy-updates-on-nodes_{context}"] = Confirming node network policy updates on nodes -A `NodeNetworkConfigurationPolicy` manifest describes your requested network configuration for nodes in the cluster. -The node network policy includes your requested network configuration and the status of execution of the policy on the cluster as a whole. - - When you apply a node network policy, a `NodeNetworkConfigurationEnactment` object is created for every node in the cluster. The node network configuration enactment is a read-only object that represents the status of execution of the policy on that node. If the policy fails to be applied on the node, the enactment for that node includes a traceback for troubleshooting. diff --git a/modules/virt-example-nmstate-IP-management.adoc b/modules/virt-example-nmstate-IP-management.adoc index b460327db046..d7010777ad29 100644 --- a/modules/virt-example-nmstate-IP-management.adoc +++ b/modules/virt-example-nmstate-IP-management.adoc @@ -88,6 +88,7 @@ The following snippet configures an Ethernet interface that uses a dynamic IP ad ... ---- + [id="virt-example-nmstate-IP-management-dns_{context}"] == DNS diff --git a/modules/virt-nmstate-example-policy-configurations.adoc b/modules/virt-nmstate-example-policy-configurations.adoc index 3574d478334a..8556d8bbcf73 100644 --- a/modules/virt-nmstate-example-policy-configurations.adoc +++ b/modules/virt-nmstate-example-policy-configurations.adoc @@ -6,12 +6,12 @@ [id="virt-nmstate-example-policy-configurations_{context}"] = Example policy configurations for different interfaces -Before you read the different example `NodeNetworkConfigurationPolicy` (NNCP) manifest configurations, consider the following factors when you apply a policy so that your cluster runs at its best performance conditions: +Before you read the different example `NodeNetworkConfigurationPolicy` (NNCP) manifest configurations, consider the following factors when you apply a policy to nodes so that your cluster runs under its best performance conditions: -* When you need to apply a policy to more than one node, create a `NodeNetworkConfigurationPolicy` manifest for each target node. The Kubernetes NMState Operator applies the policy to each node with an NNCP in an unspecified order. Scoping a policy with this approach reduces the length of time for policy application but risks a cluster-wide outage if an error is in the cluster's configuration. To avoid this type of error, initially apply NNCP to some nodes, and after you confirm they are configured correctly, proceed with applying the policy to the remaining nodes. +* When you need to apply a policy to more than one node, create a `NodeNetworkConfigurationPolicy` manifest for each target node. The Kubernetes NMState Operator applies the policy to each node with a defined NNCP in an unspecified order. Scoping a policy with this approach reduces the length of time for policy application but risks a cluster-wide outage if an error exists in the cluster's configuration. To avoid this type of error, initially apply an NNCP to some nodes, confirm the NNCP is configured correctly for these nodes, and then proceed with applying the policy to the remaining nodes. -* When you need to apply a policy to many nodes but you only want to create a single NNCP for all target nodes, the Kubernetes NMState Operator applies the policy to each node in sequence. You can set the speed and coverage of policy application for target nodes with the `maxUnavailable` parameter in the cluster configuration. By setting a lower percentage value for the parameter, you can reduce the risk of a cluster-wide outage if the outage impacts the small percentage of nodes that are receiving the policy application. +* When you need to apply a policy to many nodes but you only want to create a single NNCP for all the nodes, the Kubernetes NMState Operator applies the policy to each node in sequence. You can set the speed and coverage of policy application for target nodes with the `maxUnavailable` parameter in the cluster's configuration file. By setting a lower percentage value for the parameter, you can reduce the risk of a cluster-wide outage if the outage impacts the small percentage of nodes that are receiving the policy application. * Consider specifying all related network configurations in a single policy. -* When a node restarts, the Kubernetes NMState Operator cannot control the order that it applies policies to nodes. The Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object. +* When a node restarts, the Kubernetes NMState Operator cannot control the order to which it applies policies to nodes. The Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object. diff --git a/modules/virt-removing-interface-from-nodes.adoc b/modules/virt-removing-interface-from-nodes.adoc index 34f506e01488..06a117491162 100644 --- a/modules/virt-removing-interface-from-nodes.adoc +++ b/modules/virt-removing-interface-from-nodes.adoc @@ -14,9 +14,7 @@ If you remove a bridge or bonding interface, any node NICs in the cluster that w [NOTE] ==== -Deleting the node network policy that added an interface does not change the configuration of the policy on the node. -Although a `NodeNetworkConfigurationPolicy` is an object in the cluster, it only represents the requested configuration. + -Similarly, removing an interface does not delete the policy. +Deleting the node network policy that added an interface does not change the configuration of the policy on the node. Although a `NodeNetworkConfigurationPolicy` is an object in the cluster, the object only represents the requested configuration. Similarly, removing an interface does not delete the policy. ==== .Procedure diff --git a/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc b/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc index 931a36190752..0ff4adb6f30c 100644 --- a/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc +++ b/networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc @@ -3,7 +3,7 @@ = Observing and updating the node network state and configuration include::_attributes/common-attributes.adoc[] :VirtProductName: OpenShift Container Platform -:context: k8s_nmstate-updating-node-network-config +:context: k8s-nmstate-updating-node-network-config toc::[]