OSDOCS-17805 GA for Azure outboundType NAT Gateways #104652
Conversation
openshift-ci
bot
added
the
size/S
|
🤖 Fri Jan 23 16:07:04 - Prow CI generated the docs preview: |
| azure: | ||
| outboundType: | ||
| |The outbound routing strategy used to connect your cluster to the internet. If you are using user-defined routing, you must have pre-existing networking available. The outbound routing must be configured before installing a cluster. The installation program does not configure user-defined routing. If you specify the `NatGateway` routing strategy, the installation program only creates one NAT gateway. If you specify the `NatGateway` routing strategy, your account must have the `Microsoft.Network/natGateways/read` and `Microsoft.Network/natGateways/write` permissions. | ||
| |The outbound routing strategy used to connect your cluster to the internet. If you are using user-defined routing, you must have pre-existing networking available. The outbound routing must be configured before installing a cluster. The installation program does not configure user-defined routing. If you specify the `NATGatewaySingleZone` routing strategy, the installation program only creates one NAT gateway. If you specify the `NatGateway` routing strategy, your account must have the `Microsoft.Network/natGateways/read` and `Microsoft.Network/natGateways/write` permissions. If you specify the `NATGatewayMultiZone` routing strategy, the installation program will create one NAT Gateway for each subnet that you provide using the `platform.azure.subnets` parameter. NAT Gateways can only be used for compute machines. |
There was a problem hiding this comment.
When configuring outboundType: NATGatewaySingleZone or outboundType: NATGatewayMultiZone, the field platform.azure.subnet is optional.
Scenario: outboundType: NATGatewaySingleZone, installer only create one NATGateway
- If user provide the subnets, then installer attaches created NATGateway to all subnets.
- If user does not provide the subnets, installer create two subnets ( one is for master and one is for worker), and attaches created NATGateway to each subnets.
Scenario: outboundType: NATGatewayMultiZone,
- If user provide the subnets for node role, installer checks the zone number of specified region, and installer create NATGateways and the number is minimum value between the number of user provided subnets and zone number of specified region, then attach each NATGateways to each subnet with node role
- If user doesn't provide the subnets, installer creates the same number of subnets and NATGateways, the number is matched with zone number of specified region, then attach each NATGateways to each worker subnet
@rna-afk do you have any comments?
There was a problem hiding this comment.
Thanks for this clear explanation Jinyun. I have incorporated this feedback into the parameter - I also re-arranged it into a short list so that the explanations can be separate for each outbound options.
There was a problem hiding this comment.
A single NAT gateway can only be associated with one subnet. So, it's the first compute subnet that gets the NAT gateway and the rest do not have any. Also, NATGateway is only for compute subnet so this should be something like
Scenario: outboundType: NATGatewaySingleZone, installer only create one NATGateway
If user provide the subnets, then installer attaches created NATGateway to the first compute subnet.
If user does not provide the subnets, installer create two subnets ( one is for control-plane and one is for compute), and attaches created NATGateway to the compute subnet.
Scenario: outboundType: NATGatewayMultiZone,
If user provide the subnets for node role, installer assigns a zone to each of the subnet depending on the region specified, then attaches a new NATGateway to each subnet with node role in their corresponding zone.
If user doesn't provide the subnets, installer checks for the number of zones in the region specified and creates a compute subnet and NATGateway for each zone in the region, then attaches them to each other.
nit: Might want to use the new control-plane/compute terminology instead of the old ones but could also affect consistency with the rest of the docs. Your call.
There was a problem hiding this comment.
Thanks Aditya, I've incorporated your feedback. What do you mean by the new terminology instead of the old ones?
There was a problem hiding this comment.
Just the master -> control-plane, worker -> compute
There was a problem hiding this comment.
Yup, we need to use "control plane" and "compute" wherever possible because of conscious language guidelines.
There was a problem hiding this comment.
- For NATGatewaySingleZone scenario, If user provides subnets, only one subnet with "control-plane" role and one subnet with "node" role can be specified, and installer attaches created NATGateway to the subent with "node" role.
Because installer does not support to specify multi subnets with "node" role in install-config when outboundType is NATGatewaySingleZone
install-config.yaml example:
----------------
platform:
azure:
baseDomainResourceGroupName: os4-common
cloudName: AzurePublicCloud
region: westus2
outboundType: NATGatewaySingleZone
virtualNetwork: jima-test-vnet
networkResourceGroupName: jima-test-rg
subnets:
- name: subnet-1
role: node
- name: subnet-2
role: node
- name: subnet-3
role: control-plane
$ ./openshift-install create manifests --dir ipi
ERROR failed to fetch Master Machines: failed to load asset "Install Config": failed to create install config: invalid "install-config.yaml" file: platform.azure.outboundType: Invalid value: "NATGatewaySingleZone": cannot have multiple compute subnets and outbound type single zone
- For Scenario: outboundType: NATGatewayMultiZone,
If user provide the subnets for node role, installer assigns a zone to each of the subnet depending on the region specified, then attaches a new NATGateway to each subnet with node role in their corresponding zone.
What's the meaning for "installer assigns a zone to each of the subnet depending on the region specified"?
I guess it something likes that "Installer creates NATGateway in each zone depending on the region specified, then attaches NATGateway to each subnet with node role, compute node and attached NATGatway on this node's subnet are in the same zone"?
There was a problem hiding this comment.
@bscott-rh The update looks good to me now except the item2 mentioned above. @rna-afk any comment for the item2 ?
There was a problem hiding this comment.
How about If user provides the subnets for node role, installer picks up the number of zones available in the given region, creates a NAT gateway for each subnet, assigns one zone to each of the gateways in a cyclic round robin fashion and then associates the NAT gateways to the subnets.
There was a problem hiding this comment.
Thanks Aditya, I've reworded to match this feedback.
bscott-rh
force-pushed
the
OSDOCS-17805
branch
from
673b88d to
dedb91f
Compare
|
@jinyunma Hi Jinyun, any additional comments on this PR before I move forward with merge review? Thank you |
bscott-rh
force-pushed
the
OSDOCS-17805
branch
from
dedb91f to
beb548d
Compare
bscott-rh
force-pushed
the
OSDOCS-17805
branch
from
beb548d to
1b3a338
Compare
bscott-rh
force-pushed
the
OSDOCS-17805
branch
from
1b3a338 to
bf23e83
Compare
|
@bscott-rh: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
5 participants
Version(s):
4.21
Issue:
https://issues.redhat.com/browse/OSDOCS-17805
Link to docs preview:
https://104652--ocpdocs-pr.netlify.app/openshift-enterprise/latest/installing/installing_azure/installation-config-parameters-azure.html#installation-configuration-parameters-additional-azure_installation-config-parameters-azure
QE review: