Merge pull request #63996 from ShaunaDiaz/OSDOCS-6154

OSDOCS-6154: update networking gateways MicroShift 4.14

Author: mburke5678

modules/microshift-blocking-nodeport-access.adoc

@@ -20,18 +20,21 @@ OVN-Kubernetes does not restrict the host interface where a NodePort service can
 ----
 # export NODEPORT=30700
 ----
+
 . Change the `INTERFACE_IP` value to the IP address from the host interface that you want to block. For example:
 +
 [source,terminal]
 ----
 # export INTERFACE_IP=192.168.150.33
 ----
+
 . Insert a new rule in the `nat` table PREROUTING chain to drop all packets that match the destination port and IP address. For example:
 +
 [source,terminal]
 ----
 $ sudo nft -a insert rule ip nat PREROUTING tcp dport $NODEPORT ip daddr $INTERFACE_IP drop
 ----
+
 . List the new rule by running the following command:
 +
 [source,terminal]
@@ -52,6 +55,7 @@ table ip nat {
 ====
 Note the `handle` number of the newly added rule. You need to remove the `handle` number in the following step.
 ====
+
 . Remove the custom rule with the following sample command:
 +
 [source,terminal]

modules/microshift-cni.adoc

@@ -38,7 +38,7 @@ A virtual switch named `ext_<node-name>.`
 
 [id="microshift-description-connections-network-topology_{context}"]
 === Description of the connections in the network topology figure
-* The north-south traffic between the network service device `enp1s0` and the OVN external switch `ext_microshift-dev`, is provided through the OVS patch port by the gateway bridge `br-ex`.
+* The north-south traffic between the network service and the OVN external switch `ext_microshift-dev`, is provided through the host kernel by the gateway bridge `br-ex`.
 * The OVN gateway router `GR_microshift-dev` is connected to the external network switch `ext_microshift-dev` through the logical router port 4. Port 4 is attached with the node IP address 192.168.122.14.
 * The join switch `join` connects the OVN gateway router `GR_microshift-dev` to the OVN cluster router `ovn_cluster_router`. The IP address range is 100.62.0.0/16.
 ** The OVN gateway router `GR_microshift-dev` connects to the OVN join switch `join` through the logical router port 3. Port 3 attaches with the internal IP address 100.64.0.2.
@@ -112,7 +112,3 @@ OVN-Kubernetes manifests and startup logic are built into {product-title}. The s
 [id="microshift-bridge-mapping_{context}"]
 == Bridge mappings
 Bridge mappings allow provider network traffic to reach the physical network. Traffic leaves the provider network and arrives at the `br-int` bridge. A patch port between `br-int` and `br-ex` then allows the traffic to traverse to and from the provider network and the edge network. Kubernetes pods are connected to the `br-int` bridge through virtual ethernet pair: one end of the virtual ethernet pair is attached to the pod namespace, and the other end is attached to the `br-int` bridge.
-
-[id="microshift-primary-gateway-interface_{context}"]
-=== Primary gateway interface
-You can specify the desired host interface name in the `ovn.yaml` config file as `gatewayInterface`. The specified interface is added in OVS bridge br-ex which acts as gateway bridge for the CNI network.

modules/microshift-configuring-ovn.adoc

@@ -24,18 +24,14 @@ $ sudo cp /etc/microshift/ovn.yaml.default /etc/microshift/ovn.yaml
 $ cat /etc/microshift/ovn.yaml.default
 ----
 +
-.Example 'yaml' configuration file with default values
-
+.Example 'yaml' configuration file with default maximum transmission unit (MTU) value
++
 [source,yaml]
 ----
-ovsInit:
-  disableOVSInit: false
-  gatewayInterface: "" <1>
 mtu: 1400
 ----
-<1> The default value is an empty string that means "not-specified." The CNI network plugin auto-detects to interface with the default route.
 
-. To customize your configuration, use the following table that lists the valid values you can use:
+. To customize your configuration, you can change the MTU value. The table that follows provides details:
 +
 .Supported optional OVN-Kubernetes configurations for {product-title}
 
@@ -47,46 +43,21 @@ mtu: 1400
 |Description
 |Example
 
-|`ovsInit.disableOVSInit`
-|bool
-|false
-|Skip configuring OVS bridge `br-ex` in `microshift-ovs-init.service`
-|true ^[1]^
-
-|`ovsInit.gatewayInterface`
-|Alpha
-|eth0
-|Ingress that is the API gateway
-|eth0
-
 |mtu
 |uint32
 |auto
 |MTU value used for the pods
 |1300
 |===
 +
-[.small]
---
-1. The OVS bridge is required. When `disableOVSInit` is true, OVS bridge `br-ex` must be configured manually.
-+
 [IMPORTANT]
 ====
 If you change the `mtu` configuration value in the `ovn.yaml` file, you must restart the host that {product-title} is running on to apply the updated setting.
 ====
---
-
++
 .Example custom `ovn.yaml` configuration file
-
++
 [source, yaml]
 ----
-ovsInit:
-  disableOVSInit: true
-  gatewayInterface: eth0
 mtu: 1300
 ----
-
-[IMPORTANT]
-====
-When `disableOVSInit` is set to true in the `ovn.yaml` config file, the `br-ex` OVS bridge must be manually configured.
-====

modules/microshift-cri-o-container-runtime.adoc

@@ -12,7 +12,7 @@ To use an HTTP(S) proxy in `CRI-O`, you need to set the `HTTP_PROXY` and `HTTPS_
 
 . Add the following settings to the `/etc/systemd/system/crio.service.d/00-proxy.conf` file:
 +
-[source, config]
+[source,config]
 ----
 Environment=NO_PROXY="localhost,127.0.0.1"
 Environment=HTTP_PROXY="http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_PORT/"
@@ -21,14 +21,14 @@ Environment=HTTPS_PROXY="http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY
 
 . Reload the configuration settings:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl daemon-reload
 ----
 
 . Restart the CRI-O service to apply the settings:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl restart crio
 ----

modules/microshift-ovs-snapshot.adoc

@@ -11,27 +11,25 @@ A snapshot represents the state and data of OVS interfaces at a specific point i
 .Procedure
 
 * To see a snapshot of OVS interfaces from a running {product-title} cluster, use the following command:
-
-[source, terminal]
++
+[source,terminal]
 ----
 $ sudo ovs-vsctl show
 ----
-
++
 .Example OVS interfaces in a running cluster
-[source, terminal]
+
+[source,terminal]
 ----
 9d9f5ea2-9d9d-4e34-bbd2-dbac154fdc93
     Bridge br-ex
-        Port enp1s0
-            Interface enp1s0
-                type: system
         Port br-ex
             Interface br-ex
                 type: internal
         Port patch-br-ex_localhost.localdomain-to-br-int <1>
             Interface patch-br-ex_localhost.localdomain-to-br-int
                 type: patch
-                options: {peer=patch-br-int-to-br-ex_localhost.localdomain} <1>
+                options: {peer=patch-br-int-to-br-ex_localhost.localdomain} <2>
     Bridge br-int
         fail_mode: secure
         datapath_type: system
@@ -40,19 +38,22 @@ $ sudo ovs-vsctl show
                 type: patch
                 options: {peer=patch-br-ex_localhost.localdomain-to-br-int}
         Port eebee1ce5568761
-            Interface eebee1ce5568761 <2>
+            Interface eebee1ce5568761 <3>
         Port b47b1995ada84f4
-            Interface b47b1995ada84f4 <2>
+            Interface b47b1995ada84f4 <4>
         Port "3031f43d67c167f"
-            Interface "3031f43d67c167f" <2>
+            Interface "3031f43d67c167f" <5>
         Port br-int
             Interface br-int
                 type: internal
-        Port ovn-k8s-mp0 <3>
+        Port ovn-k8s-mp0 <6>
             Interface ovn-k8s-mp0
                 type: internal
     ovs_version: "2.17.3"
 ----
 <1> The `patch-br-ex_localhost.localdomain-to-br-int` and `patch-br-int-to-br-ex_localhost.localdomain` are OVS patch ports that connect `br-ex` and `br-int`.
-<2> The pod interfaces `eebee1ce5568761`, `b47b1995ada84f4` and `3031f43d67c167f` are named with the first 15 bits of pod sandbox ID and are plugged in the `br-int` bridge.
-<3> The OVS internal port for hairpin traffic,`ovn-k8s-mp0` is created by the `ovnkube-master` container.
+<2> The `patch-br-ex_localhost.localdomain-to-br-int` and `patch-br-int-to-br-ex_localhost.localdomain` are OVS patch ports that connect `br-ex` and `br-int`.
+<3> The pod interface `eebee1ce5568761` is named with the first 15 bits of the pod sandbox ID and is plugged into the `br-int` bridge.
+<4> The pod interface `b47b1995ada84f4` is named with the first 15 bits of the pod sandbox ID and is plugged into the `br-int` bridge.
+<5> The pod interface `3031f43d67c167f` is named with the first 15 bits of the pod sandbox ID and is plugged into the `br-int` bridge.
+<6> The OVS internal port for hairpin traffic,`ovn-k8s-mp0` is created by the `ovnkube-master` container.

modules/microshift-restart-ovnkube-master.adoc

@@ -21,28 +21,28 @@ Use the following steps to restart the `ovnkube-master` pod.
 
 . Access the remote cluster by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ export KUBECONFIG=$PWD/kubeconfig
 ----
 
 . Find the name of the `ovnkube-master` pod that you want to restart by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ pod=$(oc get pods -n openshift-ovn-kubernetes | awk -F " " '/ovnkube-master/{print $1}')
 ----
 
 . Delete the `ovnkube-master` pod by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc -n openshift-ovn-kubernetes delete pod $pod
 ----
 
 . Confirm that a new `ovnkube-master` pod is running by using the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ oc get pods -n openshift-ovn-kubernetes
 ----

modules/microshift-rpm-ostree-https.adoc

@@ -12,7 +12,7 @@ To use the HTTP(S) proxy in RPM-OStree, set the `http_proxy environment` variabl
 
 . Add this setting to the `/etc/systemd/system/rpm-ostreed.service.d/00-proxy.conf` file by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 Environment="http_proxy=http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_PORT/"
 ----
@@ -21,13 +21,13 @@ Environment="http_proxy=http://$PROXY_USER:$PROXY_PASSWORD@$PROXY_SERVER:$PROXY_
 
 .. Reload the configuration settings by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl daemon-reload
 ----
 .. Restart the rpm-ostree service by running the following command:
 +
-[source, terminal]
+[source,terminal]
 ----
 $ sudo systemctl restart rpm-ostreed.service
 ----