Skip to content

Instantly share code, notes, and snippets.

@oshoval

oshoval/enable_udn_ipam_on_kcli.md

Last active September 5, 2024 10:53
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save oshoval/10b7eab5ec3ef1eab3b1b89b50f7e7c6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save oshoval/10b7eab5ec3ef1eab3b1b89b50f7e7c6 to your computer and use it in GitHub Desktop.
Download ZIP
Enable UDN / IPAM on KCLI
Raw
enable_udn_ipam_on_kcli.md
#!/bin/bash -ex
# Enabling OpenShift FeatureSet on KCLI makes the cluster unstable, hence lets enable specifically just what needed.
# Make sure you have the desired KCLI / HCO nighly deployed (this doc doesnt cover it).
# See https://access.redhat.com/articles/6070641
# This script enables only OCP features, not HCO ones.
oc patch network.operator.openshift.io cluster --type='merge' -p='{"spec":{"managementState":"Unmanaged"}}'
oc patch clusterrole openshift-ovn-kubernetes-control-plane-limited --type='json' -p='[
{"op":"add","path":"/rules/-","value":{"apiGroups":["k8s.cni.cncf.io"],"resources":["ipamclaims"],"verbs":["list","get","watch"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":["k8s.cni.cncf.io"],"resources":["ipamclaims/status"],"verbs":["patch","update"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":["discovery.k8s.io"],"resources":["endpointslices"],"verbs":["create","delete","update","get","list","watch"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":[""],"resources":["services/finalizers"],"verbs":["update"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":["k8s.ovn.org"],"resources":["userdefinednetworks"],"verbs":["get","list","watch"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":["k8s.ovn.org"],"resources":["userdefinednetworks","userdefinednetworks/status"],"verbs":["patch","update"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":["k8s.ovn.org"],"resources":["userdefinednetworks/finalizers"],"verbs":["update"]}},
{"op":"add","path":"/rules/-","value":{"apiGroups":["k8s.cni.cncf.io"],"resources":["network-attachment-definitions"],"verbs":["patch","update","create","delete"]}}
]'
oc get configmap ovnkube-config -n openshift-ovn-kubernetes -o yaml | \
sed '/\[ovnkubernetesfeature\]/a\ enable-persistent-ips=true\n enable-network-segmentation=true' | \
oc apply -f -
curl -s https://raw.githubusercontent.com/openshift/cluster-network-operator/master/bindata/network/ovn-kubernetes/common/001-crd.yaml | \
sed -n '/{{- if .OVN_NETWORK_SEGMENTATION_ENABLE }}/,/{{- end }}/{/{{- if .OVN_NETWORK_SEGMENTATION_ENABLE }}/d; /{{- end }}/d; p}' | \
oc apply -f -
oc apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/ipamclaims/v0.4.0-alpha/artifacts/k8s.cni.cncf.io_ipamclaims.yaml
oc delete pods --all -n openshift-ovn-kubernetes
# and let them stabilize
@oshoval
Copy link
Author

oshoval commented Sep 4, 2024
edited
Loading

No, we dont deploy ipam claim CRD on D/S by HCO/CNAO (deliberately)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment