Preparing RHOCP for RHOSP Network Isolation
Networking IP ranges table:
| VLAN | CIDR | NetConfig allocationRange | MetalLB IPAddressPool range | net-attach-def ipam range | OCP worker nncp range | |
|---|---|---|---|---|---|---|
| ctlplane | n/a | 172.22.0.0/24 | 172.22.0.100 - 172.22.0-120 172.22.0.150 - 172.22.0.200 | 172.22.0.80 - 172.22.0.90 | 172.22.0.30 - 172.22.0.70 | 172.22.0.10 - 172.22.0.12 | 
| external | n/a | 172.21.0.0/24 | 172.21.0.61 - 172.21.0.90 | n/a | n/a | n/a | 
| internalapi | n/a | 172.17.0.0/24 | 172.17.0.100 - 172.17.0.250 | 172.17.0.80 - 172.17.0.90 | 172.17.0.30 - 172.17.0.70 | 172.17.0.10 - 172.17.0.12 | 
| storage | n/a | 172.18.0.0/24 | 172.18.0.100 - 172.18.0.250 | 172.18.0.80 - 172.18.0.90 | 172.18.0.30 - 172.18.0.70 | 172.18.0.10 - 172.18.0.12 | 
| tenant | n/a | 172.19.0.0/24 | 172.19.0.100 - 172.19.0.250 | 172.18.0.80 - 172.18.0.90 | 172.19.0.30 - 172.19.0.70 | 172.19.0.10 - 172.19.0.12 | 
We will be using a preconfigured set of yaml files in the files directory which start with osp-ng-nncp-.
There are 3 files for worker nodes.
Change to the files directory:
cd ~/labrepo/content/filesReplace the UUID to the GUID of your environment in the repo files:
find . -type f -exec sed -i 's/UUID/my-guid/g' {} +Replace the IPs of the worker nodes by the variables from the lab:
sed -i 's/EXTERNAL_IP_WORKER_1/{rhoso_external_ip_worker_1}/' osp-ng-nncp-w1.yaml
sed -i 's/EXTERNAL_IP_WORKER_2/{rhoso_external_ip_worker_2}/' osp-ng-nncp-w2.yaml
sed -i 's/EXTERNAL_IP_WORKER_3/{rhoso_external_ip_worker_3}/' osp-ng-nncp-w3.yamlApply preconfigured yamls indivdually:
oc apply -f osp-ng-nncp-w1.yaml
oc apply -f osp-ng-nncp-w2.yaml
oc apply -f osp-ng-nncp-w3.yamlWait until they are in an available state before proceeding:
oc get nncp -wType Control + C when you see that the nncp has moved to SuccessfullyConfigured state
NAME                                STATUS      REASON
osp-multi-nic-worker-ocp4-worker1   Available   SuccessfullyConfigured
osp-multi-nic-worker-ocp4-worker2   Available   SuccessfullyConfigured
osp-multi-nic-worker-ocp4-worker3   Available   SuccessfullyConfiguredBefore proceeding configure a nad resource for each isolated network to attach a service pod to the network:
oc apply -f osp-ng-netattach.yamlOnce the nodes are available and attached configure the MetalLB IP address range using a preconfigured yaml file:
oc apply -f osp-ng-metal-lb-ip-address-pools.yamlConfigure a L2Advertisement resource which will define which node advertises a service to the local network which has been preconfigured for your demo environment:
oc apply -f osp-ng-metal-lb-l2-advertisements.yamlRun the following command to enable global IP forwarding:
oc patch network.operator cluster -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}}' --type=merge