Skip to content

Commit

Permalink
Merge pull request #87398 from dfitzmau/OCPBUGS-44421-12
Browse files Browse the repository at this point in the history
[enterprise-4.12] OCPBUGS-44421: Added info on how to remove an NNCP config from networ…
  • Loading branch information
dfitzmau authored Jan 22, 2025
2 parents 4525a69 + 72b8d9f commit e25a1a8
Show file tree
Hide file tree
Showing 6 changed files with 46 additions and 12 deletions.
29 changes: 29 additions & 0 deletions modules/node-network-configuration-policy-file.adoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
// Module included in the following assemblies:
//
// * networking/k8s_nmstate/k8s-observing-node-network-state.adoc

:_mod-docs-content-type: CONCEPT
[id="node-network-configuration-policy-file_{context}"]
= The NodeNetworkConfigurationPolicy manifest file

A `NodeNetworkConfigurationPolicy` (NNCP) manifest file defines policies that the Kubernetes NMState Operator uses to configure networking for nodes that exist in an {product-title} cluster.

After you apply a node network policy to a node, the Kubernetes NMState Operator creates an interface on the node. A node network policy includes your requested network configuration and the status of execution for the policy on the cluster as a whole.

You can create an NNCP by using either the {oc-first} or the {product-title} web console. As a postinstallation task you can create an NNCP or edit an existing NNCP.

[NOTE]
====
Before you create an NNCP, ensure that you read the "Example policy configurations for different interfaces" document.
====

If you want to delete an NNCP, you can use the `oc delete nncp` command to complete this action. However, this command does not delete any created objects, such as a bridge interface.

Deleting the node network policy that added an interface to a node does not change the configuration of the policy on the node. Similarly, removing an interface does not delete the policy, because the Kubernetes NMState Operator recreates the removed interface whenever a pod or a node is restarted.

To effectively delete the NNCP, the node network policy, and any created interfaces would typically require the following actions:

. Edit the NNCP and remove interface details from the file. Ensure that you do not remove `name`, `state`, and `type` parameters from the file.
. Add `state: absent` under the `interfaces.state` section of the NNCP.
. Run `oc apply -f <nncp_file_name>`. After the Kubernetes NMState Operator applies the node network policy to each node in your cluster, the interface that was previously created on each node is now marked _absent_.
. Run `oc delete nncp` to delete the NNCP.
4 changes: 0 additions & 4 deletions modules/virt-confirming-policy-updates-on-nodes.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,6 @@
[id="virt-confirming-policy-updates-on-nodes_{context}"]
= Confirming node network policy updates on nodes

A `NodeNetworkConfigurationPolicy` manifest describes your requested network configuration for nodes in the cluster.
The node network policy includes your requested network configuration and the status of execution of the policy on the cluster as a whole.


When you apply a node network policy, a `NodeNetworkConfigurationEnactment` object is created for every node in the cluster. The node network configuration enactment is a read-only object that represents the status of execution of the policy on that node.
If the policy fails to be applied on the node, the enactment for that node includes a traceback for troubleshooting.

Expand Down
1 change: 1 addition & 0 deletions modules/virt-example-nmstate-IP-management.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ The following snippet configures an Ethernet interface that uses a dynamic IP ad
...
----


[id="virt-example-nmstate-IP-management-dns_{context}"]
== DNS

Expand Down
8 changes: 4 additions & 4 deletions modules/virt-nmstate-example-policy-configurations.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@
[id="virt-nmstate-example-policy-configurations_{context}"]
= Example policy configurations for different interfaces

Before you read the different example `NodeNetworkConfigurationPolicy` (NNCP) manifest configurations, consider the following factors when you apply a policy so that your cluster runs at its best performance conditions:
Before you read the different example `NodeNetworkConfigurationPolicy` (NNCP) manifest configurations, consider the following factors when you apply a policy to nodes so that your cluster runs under its best performance conditions:

* When you need to apply a policy to more than one node, create a `NodeNetworkConfigurationPolicy` manifest for each target node. The Kubernetes NMState Operator applies the policy to each node with an NNCP in an unspecified order. Scoping a policy with this approach reduces the length of time for policy application but risks a cluster-wide outage if an error is in the cluster's configuration. To avoid this type of error, initially apply NNCP to some nodes, and after you confirm they are configured correctly, proceed with applying the policy to the remaining nodes.
* When you need to apply a policy to more than one node, create a `NodeNetworkConfigurationPolicy` manifest for each target node. The Kubernetes NMState Operator applies the policy to each node with a defined NNCP in an unspecified order. Scoping a policy with this approach reduces the length of time for policy application but risks a cluster-wide outage if an error exists in the cluster's configuration. To avoid this type of error, initially apply an NNCP to some nodes, confirm the NNCP is configured correctly for these nodes, and then proceed with applying the policy to the remaining nodes.
* When you need to apply a policy to many nodes but you only want to create a single NNCP for all target nodes, the Kubernetes NMState Operator applies the policy to each node in sequence. You can set the speed and coverage of policy application for target nodes with the `maxUnavailable` parameter in the cluster configuration. By setting a lower percentage value for the parameter, you can reduce the risk of a cluster-wide outage if the outage impacts the small percentage of nodes that are receiving the policy application.
* When you need to apply a policy to many nodes but you only want to create a single NNCP for all the nodes, the Kubernetes NMState Operator applies the policy to each node in sequence. You can set the speed and coverage of policy application for target nodes with the `maxUnavailable` parameter in the cluster's configuration file. By setting a lower percentage value for the parameter, you can reduce the risk of a cluster-wide outage if the outage impacts the small percentage of nodes that are receiving the policy application.
* Consider specifying all related network configurations in a single policy.
* When a node restarts, the Kubernetes NMState Operator cannot control the order that it applies policies to nodes. The Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object.
* When a node restarts, the Kubernetes NMState Operator cannot control the order to which it applies policies to nodes. The Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object.
4 changes: 1 addition & 3 deletions modules/virt-removing-interface-from-nodes.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,7 @@ If you remove a bridge or bonding interface, any node NICs in the cluster that w

[NOTE]
====
Deleting the node network policy that added an interface does not change the configuration of the policy on the node.
Although a `NodeNetworkConfigurationPolicy` is an object in the cluster, it only represents the requested configuration. +
Similarly, removing an interface does not delete the policy.
Deleting the node network policy that added an interface does not change the configuration of the policy on the node. Although a `NodeNetworkConfigurationPolicy` is an object in the cluster, the object only represents the requested configuration. Similarly, removing an interface does not delete the policy.
====

.Procedure
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,23 @@
= Observing and updating the node network state and configuration
include::_attributes/common-attributes.adoc[]
:VirtProductName: OpenShift Container Platform
:context: k8s_nmstate-updating-node-network-config
:context: k8s-nmstate-updating-node-network-config

toc::[]


include::modules/virt-viewing-network-state-of-node.adoc[leveloffset=+1]

// The `NodeNetworkConfigurationPolicy` manifest file
include::modules/node-network-configuration-policy-file.adoc[leveloffset=+1]

[discrete]
[role="_additional-resources"]
== Additional resources
* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-nmstate-example-policy-configurations_{context}[Example policy configurations for different interfaces]

* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-removing-interface-from-nodes_{context}[Removing an interface from nodes]

// Hiding these modules to prevent CP errors. Awaiting kquinn1204 approval.

// modules/virt-viewing-network-state-of-node-console.adoc[leveloffset=+1]
Expand Down

0 comments on commit e25a1a8

Please sign in to comment.