Merge pull request #55763 from ShaunaDiaz/OSDOCS-5274

OSDOCS-5274: Restart node when changing mtu value

Author: jab-rh

_topic_maps/_topic_map_ms.yml

@@ -104,8 +104,10 @@ Name: Networking
 Dir: microshift_networking
 Distros: microshift
 Topics:
-- Name: Understanding networking
+- Name: Applying networking settings
   File: microshift-networking
+- Name: Using a firewall
+  File: microshift-firewall
 ---
 Name: Storage
 Dir: microshift_storage

microshift_install/microshift-embed-in-rpm-ostree.adoc

@@ -50,12 +50,12 @@ include::modules/microshift-provisioning-ostree.adoc[leveloffset=+1]
 [role="_additional-resources_microshift-embed-in-rpm-ostree"]
 .Additional resources
 
-. https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/composing_installing_and_managing_rhel_for_edge_images/index[{op-system-ostree} documentation].
-. xref:../microshift_install/microshift-install-rpm.adoc#system-requirements-installing-microshift[System requirements for installing {product-title}].
-. Red Hat Hybrid Cloud Console link:https://console.redhat.com/openshift/install/pull-secret[pull secret].
-. xref:../microshift_networking/microshift-networking.adoc#microshift-firewall-req-settings_microshift-networking[Required firewall settings].
-. link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/creating-kickstart-files_installing-rhel-as-an-experienced-user[Creating a Kickstart file].
-. link:https://access.redhat.com/solutions/60959[How to embed a Kickstart file into an ISO image].
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/composing_installing_and_managing_rhel_for_edge_images/index[{op-system-ostree} documentation].
+* xref:../microshift_install/microshift-install-rpm.adoc#system-requirements-installing-microshift[System requirements for installing {product-title}].
+* Red Hat Hybrid Cloud Console link:https://console.redhat.com/openshift/install/pull-secret[pull secret].
+* xref:../microshift_networking/microshift-firewall.adoc#microshift-firewall-req-settings_microshift-networking[Required firewall settings].
+* link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/performing_an_advanced_rhel_8_installation/creating-kickstart-files_installing-rhel-as-an-experienced-user[Creating a Kickstart file].
+* link:https://access.redhat.com/solutions/60959[How to embed a Kickstart file into an ISO image].
 
 include::modules/microshift-accessing.adoc[leveloffset=+1]
 include::modules/microshift-accessing-cluster-locally.adoc[leveloffset=+2]

microshift_networking/ingress-operator-microshift.adoc

@@ -0,0 +1,23 @@
+:_content-type: ASSEMBLY
+[id="microshift-using-a-firewall"]
+= Using a firewall
+include::_attributes/attributes-microshift.adoc[]
+:context: microshift-firewall
+
+toc::[]
+
+Firewalls are not required in {product-title}, but using a firewall can prevent undesired access to the {product-title} API.
+
+include::modules/microshift-firewall-config.adoc[leveloffset=+1]
+include::modules/microshift-firewalld-install.adoc[leveloffset=+1]
+include::modules/microshift-firewall-req-settings.adoc[leveloffset=+1]
+include::modules/microshift-firewall-opt-settings.adoc[leveloffset=+1]
+include::modules/microshift-firewall-allow-traffic.adoc[leveloffset=+1]
+include::modules/microshift-firewall-apply-settings.adoc[leveloffset=+1]
+include::modules/microshift-firewall-verify-settings.adoc[leveloffset=+1]
+include::modules/microshift-firewall-known-issue.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_microshift-using-a-firewall"]
+.Additional resources
+* xref:../microshift_troubleshooting/microshift-troubleshooting.adoc#microshift-ki-cni-iptables-deleted[Troubleshooting iptables deleted].

microshift_networking/microshift-firewall.adoc

@@ -1,6 +1,6 @@
 :_content-type: ASSEMBLY
-[id="microshift-understanding-networking"]
-= Understanding networking
+[id="microshift-applying-networking-settings"]
+= Understanding networking settings
 include::_attributes/attributes-microshift.adoc[]
 :context: microshift-networking
 
@@ -18,21 +18,17 @@ By default, Kubernetes allocates each pod an internal IP address for application
 
 include::modules/microshift-cni.adoc[leveloffset=+1]
 include::modules/microshift-configuring-ovn.adoc[leveloffset=+1]
+include::modules/microshift-restart-ovnkube-master.adoc[leveloffset=+1]
 //include::modules/microshift-man-config-ovs-bridge.adoc[leveloffset=+1]
 include::modules/microshift-http-proxy.adoc[leveloffset=+1]
 include::modules/microshift-cri-o-container-runtime.adoc[leveloffset=+1]
 include::modules/microshift-ovs-snapshot.adoc[leveloffset=+1]
 include::modules/microshift-mDNS.adoc[leveloffset=+1]
 
-include::modules/microshift-firewall-config.adoc[leveloffset=+1]
-include::modules/microshift-firewalld-install.adoc[leveloffset=+1]
-include::modules/microshift-firewall-req-settings.adoc[leveloffset=+1]
-include::modules/microshift-firewall-opt-settings.adoc[leveloffset=+1]
-include::modules/microshift-firewall-allow-traffic.adoc[leveloffset=+1]
-include::modules/microshift-firewall-apply-settings.adoc[leveloffset=+1]
-include::modules/microshift-firewall-verify-settings.adoc[leveloffset=+1]
-include::modules/microshift-firewall-known-issue.adoc[leveloffset=+1]
-
 [role="_additional-resources"]
+[id="additional-resources_microshift-applying-networking-settings"]
 .Additional resources
-* xref:../microshift_troubleshooting/microshift-troubleshooting.adoc#microshift-version[Troubleshooting].
+
+. xref:../microshift_troubleshooting/microshift-troubleshooting.adoc#microshift-version[Troubleshooting]
+. xref:../microshift_troubleshooting/microshift-troubleshooting.adoc#microshift-troubleshooting-nodeport[Troubleshooting the NodePort service].
+. xref:../microshift_troubleshooting/microshift-troubleshooting.adoc#microshift-nodeport-unreachable-workaround[NodePort unreachable workround].

microshift_networking/microshift-networking.adoc

@@ -2,9 +2,9 @@
 //
 // * microshift_networking/microshift-networking.adoc
 
-:_content-type: PROCEDURE
+:_content-type: CONCEPT
 [id="microshift-config-OVN-K_{context}"]
-= Configuring OVN-Kubernetes
+= OVN-Kubernetes configuration options
 
 An OVN-Kubernetes config file can be written to `/etc/microshift/ovn.yaml`. {product-title} will use default OVN-Kubernetes configuration values if an OVN-Kubernetes config file is not customized.
 
@@ -20,7 +20,7 @@ mtu: 1400
 <1> Default value is an empty string, which means "not-specified." The CNI network plugin auto-detects to interface with the default route.
 <2> Default value is an empty string, which means disabled.
 
-To customize your configuration, use the following table to find valid values that you can use in your `ovn.yaml` config file.
+To customize your configuration, use the following table to find valid values that you can use in your `ovn.yaml` config file:
 
 .Supported optional OVN-Kubernetes configurations for {product-title}.
 
@@ -36,7 +36,7 @@ To customize your configuration, use the following table to find valid values th
 |bool
 |false
 |Skip configuring OVS bridge `br-ex` in `microshift-ovs-init.service`
-|true <1>
+|true ^1^
 
 |`ovsInit.gatewayInterface`
 |Alpha
@@ -56,8 +56,7 @@ To customize your configuration, use the following table to find valid values th
 |MTU value used for the pods
 |1300
 |===
-
-<1> The OVS bridge is required. When `disableOVSInit` is true, OVS bridge `br-ex` must be configured manually.
+^1^ The OVS bridge is required. When `disableOVSInit` is true, OVS bridge `br-ex` must be configured manually.
 
 .Example `ovn.yaml` config file:
 
@@ -71,4 +70,11 @@ mtu: 1300
 ----
 
 [IMPORTANT]
+====
 When `disableOVSInit` is set to true in the `ovn.yaml` config file, the OVS bridge br-ex must be manually configured.
+====
+
+[IMPORTANT]
+====
+If you change the `mtu` configuration value in the `ovn.yaml` file, you must restart the host that {product-title} is running on for the updated setting to apply.
+====

modules/microshift-configuring-ovn.adoc

@@ -4,11 +4,12 @@
 
 :_content-type: PROCEDURE
 [id="microshift-CRI-O-container-engine_{context}"]
-= CRI-O container runtime
+= Using a proxy in the CRI-O container runtime
 
 To use an HTTP(S) proxy in `CRI-O`, you need to set the `HTTP_PROXY` and `HTTPS_PROXY` environment variables. You can also set the `NO_PROXY` variable to exclude a list of hosts from being proxied.
 
 .Procedure
+
 . Add the following settings to the `/etc/systemd/system/crio.service.d/00-proxy.conf` file:
 +
 [source, config]

modules/microshift-cri-o-container-runtime.adoc

@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * microshift_networking/microshift-networking.adoc
+// * microshift_networking/microshift-firewall.adoc
 
 :_content-type: PROCEDURE
 [id="microshift-firewall-network-traffic_{context}"]
@@ -9,6 +9,7 @@
 You can allow network traffic through the firewall by first configuring the IP address range with either default or custom values, and then allow internal traffic from pods through the network gateway by inserting the DNS server.
 
 .Procedure
+
 Set the default values or a custom IP address range. After setting the IP address range, allow internal traffic from the pods through the network gateway.
 
 . To set the IP address range:

modules/microshift-firewall-allow-traffic.adoc

@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * microshift_networking/microshift-networking.adoc
+// * microshift_networking/microshift-firewall.adoc
 
 :_content-type: PROCEDURE
 [id="microshift-firewall-applying-settings_{context}"]

modules/microshift-firewall-apply-settings.adoc

@@ -1,12 +1,12 @@
 // Module included in the following assemblies:
 //
-// * microshift_networking/microshift-networking.adoc
+// * microshift_networking/microshift-firewall.adoc
 
 :_content-type: CONCEPT
 [id="microshift-firewall-config_{context}"]
-= Using a firewall
+= About network traffic through the firewall
 
-Firewalls are not required in {product-title}, but using a firewall can prevent undesired access to the {product-title} API. When using a firewall, you must explicitly allow the following OVN-Kubernetes traffic when the `firewalld` service is running:
+When using a firewall, you must explicitly allow the following OVN-Kubernetes traffic when the `firewalld` service is running:
 
 CNI pod to CNI pod::
 CNI pod to Host-Network pod