Skip to content

[enterprise-4.13] OSDOCS-3467-13: Updated configuration-externalip.adoc for private cluster #97005

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Aug 1, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions modules/cluster-cloud-controller-manager-operator.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ This Operator is General Availability for Microsoft Azure Stack Hub, IBM Cloud,
It is available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] for Alibaba Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP), IBM Cloud Power VS, and Microsoft Azure.
====

The Cluster Cloud Controller Manager Operator manages and updates the cloud controller managers deployed on top of {product-title}. The Operator is based on the Kubebuilder framework and `controller-runtime` libraries. It is installed via the Cluster Version Operator (CVO).
The Cluster Cloud Controller Manager Operator manages and updates the cloud controller managers deployed on top of {product-title}. The Operator is based on the Kubebuilder framework and `controller-runtime` libraries. You can install the Cloud Controller Manager Operator by using the Cluster Version Operator (CVO).

It contains the following components:
The Cloud Controller Manager Operator includes the following components:

* Operator
* Cloud configuration observer
Expand Down
15 changes: 12 additions & 3 deletions modules/configuration-externalip.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@
[id="configuration-externalip_{context}"]
= Configuration for ExternalIP

Use of an external IP address in {product-title} is governed by the following parameters in the `Network.config.openshift.io` custom resource (CR) that is named `cluster`:
The following parameters in the `Network.config.openshift.io` custom resource (CR) govern the use of an external IP address in {product-title}:

* `spec.externalIP.autoAssignCIDRs` defines an IP address block used by the load balancer when choosing an external IP address for the service. {product-title} supports only a single IP address block for automatic assignment. This configuration requires less steps than manually assigning ExternalIPs to services, which requires managing the port space of a limited number of shared IP addresses. If you enable automatic assignment, a `Service` object with `spec.type=LoadBalancer` is allocated an external IP address.
* `spec.externalIP.autoAssignCIDRs` defines an IP address block used by the load balancer when choosing an external IP address for the service. {product-title} supports only a single IP address block for automatic assignment. This configuration requires less steps than manually assigning ExternalIPs to services, which requires managing the port space of a limited number of shared IP addresses. If you enable automatic assignment, the Cloud Controller Manager Operator allocates an external IP address to a `Service` object with `spec.type=LoadBalancer` defind in its configuration.

* `spec.externalIP.policy` defines the permissible IP address blocks when manually specifying an IP address. {product-title} does not apply policy rules to IP address blocks that you defined in the `spec.externalIP.autoAssignCIDRs` parameter.

Expand All @@ -19,7 +19,7 @@ If routed correctly, external traffic from the configured external IP address bl
As a cluster administrator, you must configure routing to externalIPs. You must also ensure that the IP address block you assign terminates at one or more nodes in your cluster. For more information, see link:https://kubernetes.io/docs/concepts/services-networking/service/#external-ips[Kubernetes External IPs].
====

{product-title} supports both the automatic and manual assignment of IP addresses, where each address is guaranteed to be assigned to a maximum of one service. This configuration ensures that each service can expose its chosen ports regardless of the ports exposed by other services.
{product-title} supports both automatic and manual IP address assignment. This support guarantees that each address gets assigned to a maximum of one service and that each service can expose its chosen ports regardless of the ports exposed by other services.

[NOTE]
====
Expand Down Expand Up @@ -56,3 +56,12 @@ status:
- ip: 192.168.132.253
# ...
----

If you run a private cluster on a cloud-provider platform, you can change the publishing scope to `internal` for the load balancer of the Ingress Controller by running the following `patch` command:

[source,terminal]
----
$ oc -n openshift-ingress-operator patch ingresscontrollers/ingress-controller-with-nlb --type=merge --patch='{"spec":{"endpointPublishingStrategy":{"loadBalancer":{"scope":"Internal"}}}}'
----

After you run this command, the Ingress Controller restricts access to routes for {product-title} applications to internal networks only.
18 changes: 5 additions & 13 deletions modules/installation-initializing-manual.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ endif::vsphere-upi,restricted-upi[]
ifdef::aws-china,aws-secret[]
* You have uploaded a custom RHCOS AMI.
endif::aws-china,aws-secret[]
* You have an SSH public key on your local machine to provide to the installation program. The key will be used for SSH authentication onto your cluster nodes for debugging and disaster recovery.
* You have an SSH public key on your local machine for use with the installation program. You can use the key for SSH authentication onto your cluster nodes for debugging and disaster recovery.
* You have obtained the {product-title} installation program and the pull secret for your
cluster.
ifdef::restricted,restricted-upi[]
Expand All @@ -124,16 +124,10 @@ $ mkdir <installation_directory>
+
[IMPORTANT]
====
You must create a directory. Some installation assets, like bootstrap X.509
certificates have short expiration intervals, so you must not reuse an
installation directory. If you want to reuse individual files from another
cluster installation, you can copy them into your directory. However, the file
names for the installation assets might change between releases. Use caution
when copying installation files from an earlier {product-title} version.
You must create a directory. Some installation assets, such as bootstrap X.509 certificates have short expiration intervals, so you must not reuse an installation directory. If you want to reuse individual files from another cluster installation, you can copy them into your directory. However, the file names for the installation assets might change between releases. Use caution when copying installation files from an earlier {product-title} version.
====

. Customize the sample `install-config.yaml` file template that is provided and save
it in the `<installation_directory>`.
. Customize the provided sample `install-config.yaml` file template and save the file in the `<installation_directory>`.
+
[NOTE]
====
Expand Down Expand Up @@ -200,13 +194,11 @@ ifdef::vsphere-upi-vsphere[]
. If you are installing a three-node cluster, modify the `install-config.yaml` file by setting the `compute.replicas` parameter to `0`. This ensures that the cluster's control planes are schedulable. For more information, see "Installing a three-node cluster on {platform}".
endif::vsphere-upi-vsphere[]

. Back up the `install-config.yaml` file so that you can use it to install
multiple clusters.
. Back up the `install-config.yaml` file so that you can use it to install many clusters.
+
[IMPORTANT]
====
The `install-config.yaml` file is consumed during the next step of the
installation process. You must back it up now.
Back up the `install-config.yaml` file now, because the installation process consumes the file in the next step.
====

ifeval::["{context}" == "installing-azure-government-region"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ include::_attributes/common-attributes.adoc[]

toc::[]

As a cluster administrator, you can designate an IP address block that is external to the cluster that can send traffic to services in the cluster.
As a cluster administrator, you can select an IP address block that is external to the cluster that can send traffic to services in the cluster.

This functionality is generally most useful for clusters installed on bare-metal hardware.

Expand Down Expand Up @@ -39,6 +39,12 @@ include::modules/nw-externalip-object.adoc[leveloffset=+1]
// Configure external IP address blocks for your cluster
include::modules/nw-externalip-configuring.adoc[leveloffset=+1]

[role="_additional-resources"]
== Additional resources

* xref:../../networking/configuring-ipfailover.adoc#configuring-ipfailover[Configuring IP failover]
* xref:../../networking/metallb/about-metallb.adoc#about-metallb[About MetalLB and the MetalLB Operator]

[id="configuring-externalip-next-steps"]
== Next steps

Expand Down