This article demonstrates how to configure user-managed networking via SiteConfig using the zero-touch provisioning (ZTP) deployment model. ZTP automates the steps required to configure new network devices and perform upgrades using a network switch feature.
This tutorial uses Red Hat Advanced Cluster Management for Kubernetes with the Red Hat OpenShift Assisted Installer and Git-stored SiteConfig.
Configure the cluster network
Before installing Red Hat OpenShift Container Platform on-premise with Assisted Installer, we must configure the cluster network.
There are two options for configuring cluster networks: One is using cluster-managed networking, and the other is user-managed networking.
We select user-managed networking when we want to use a third-party vendor for configuring external load balancers. Therefore, it is crucial that we configure the SiteConfig to use user-managed networking instead of cluster-managed networking for the Assisted Installer.
Enable userManagedNetworking using SiteConfigs
However, it might not be so clear how user-managed networking is enabled via the SiteConfig (ZTP), and this article aims to clear that confusion.
The SiteConfig custom resource (CR) generates the other cluster configurations' custom resources during the managed cluster installation. One of the custom resources is the AgentClusterInstall CR, which is the installation CR and the trigger for any deployment, like the install-config.yaml. User-managed networking is a flag that can be toggled inside this AgentClusterInstall CR.
apiVersion: extensions.hive.openshift.io/v1beta1
kind: AgentClusterInstall
metadata:
name: "{{ .Cluster.ClusterName }}"
namespace: "{{ .Cluster.ClusterName }}"
annotations:
agent-install.openshift.io/install-config-overrides: "{{ .Cluster.NetworkType }}"
argocd.argoproj.io/sync-wave: "1"
spec:
clusterDeploymentRef:
name: "{{ .Cluster.ClusterName }}"
holdInstallation: "{{ .Cluster.HoldInstallation }}"
imageSetRef:
name: "{{ .Cluster.ClusterImageSetNameRef }}"
apiVIP: "{{ .Cluster.ApiVIP }}"
ingressVIP: "{{ .Cluster.IngressVIP }}"
apiVIPs: "{{ .Cluster.ApiVIPs }}"
ingressVIPs: "{{ .Cluster.IngressVIPs }}"
networking:
userManagedNetworking: true
clusterNetwork: "{{ .Cluster.ClusterNetwork }}"
machineNetwork: "{{ .Cluster.MachineNetwork }}"
serviceNetwork: "{{ .Cluster.ServiceNetwork }}"
provisionRequirements:
controlPlaneAgents: "{{ .Cluster.NumMasters }}"
workerAgents: "{{ .Cluster.NumWorkers }}"
proxy: "{{ .Cluster.ProxySettings }}"
sshPublicKey: "{{ .Site.SshPublicKey }}"
manifestsConfigMapRef:
name: "{{ .Cluster.ClusterName }}"
In the AgentClusterInstall CR, we can set the userManagedNetworking flag to true to configure user-managed networking. Once the flag is set, we can put this override template in the SiteConfig using the key AgentClusterInstall under crTemplates.
apiVersion: ran.openshift.io/v1
kind: SiteConfig
...
...
crTemplates:
AgentClusterInstall: "AgentClusterInstallOverride.yaml"
...
...
This way, we can redefine AgentClusterInstall to add the key/value userManagedNetworking: true for networking.
Alternatively, we can directly set the userManagedNetworking flag to true by using the key installConfigOverrides inside the SiteConfig.
apiVersion: ran.openshift.io/v1
kind: SiteConfig
metadata:
name: "test-site"
namespace: "test-site"
spec:
...
...
clusters:
- clusterName: "cluster1"
clusterType: sno
numMasters: 1
networkType: "OVNKubernetes"
installConfigOverrides: "{\"networking\":{\"UserManagedNetworking\":\"true\"}}
...
...
Conclusion
This article explains how to enable user-managed networking via the SiteConfig custom resource using the AgentClusterInstall key under crTemplates, which overrides all the generated CRs. Alternatively, you can set userManagedNetworking: true in the SiteConfig using installConfigOverrides.
