Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 7. Configuring a gateway

As a cluster administrator you can configure the gatewayConfig object to manage how external traffic leaves the cluster. You do so by setting the routingViaHost parameter to one of the following values:

  • true means that egress traffic routes through a specific local gateway on the node that hosts the pod. Egress traffic routes through the host and this traffic applies to the routing table of the host.
  • false means that egress traffic routes through a dedicated node but a group of nodes share the same gateway. Egress traffic does not route through the host. The Open vSwitch (OVS) outputs traffic directly to the node IP interface.

7.1. Configuring egress routing policies
Link kopieren

As a cluster administrator you can configure egress routing policies by using the gatewayConfig specification in the Cluster Network Operator (CNO). You can use the following procedure to set the routingViaHost field to true or false.

You can follow the optional step in the procedure to enable IP forwarding alongside the routingViaHost=true configuration if you need the host network of the node to act as a router for traffic not related to OVN-Kubernetes. For example, possible use cases for combining local gateway with IP forwarding include:

  • Configuring all pod egress traffic to be forwarded via the node’s IP
  • Integrating OVN-Kubernetes CNI with external network address translation (NAT) devices
  • Configuring OVN-Kubernetes CNI to use a kernel routing table

Prerequisites

  • You are logged in as a user with admin privileges.

Procedure

  1. Back up the existing network configuration by running the following command: 

    $ oc get network.operator cluster -o yaml > network-config-backup.yaml
    Copy to Clipboard Toggle word wrap

  2. Set the routingViaHost parameter to true by entering the following command. Egress traffic then gets routed through a specific gateway according to the routes that you configured on the node. 

    $ oc patch networks.operator.openshift.io cluster --type=merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"routingViaHost": true}}}}}'
    Copy to Clipboard Toggle word wrap

  3. Verify the correct application of the routingViaHost=true configuration by running the following command: 

    $ oc get networks.operator.openshift.io cluster -o yaml | grep -A 5 "gatewayConfig"
    Copy to Clipboard Toggle word wrap

    Example output

    apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
# ...
gatewayConfig:
        ipv4: {}
        ipv6: {}
        routingViaHost: true
    1 
    
      genevePort: 6081
      ipsecConfig:
# ...
    Copy to Clipboard Toggle word wrap

    1
    A value of true means that egress traffic gets routed through a specific local gateway on the node that hosts the pod. A value of false for the parameter means that a group of nodes share a single gateway so traffic does not get routed through a single host.

  4. Optional: Enable IP forwarding globally by running the following command: 

    $ oc patch network.operator cluster --type=merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}}'
    Copy to Clipboard Toggle word wrap

    1. Verify that the ipForwarding spec has been set to Global by running the following command: 

      $ oc get networks.operator.openshift.io cluster -o yaml | grep -A 5 "gatewayConfig"
      Copy to Clipboard Toggle word wrap

      Example output

      apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
# ...
gatewayConfig:
        ipForwarding: Global
        ipv4: {}
        ipv6: {}
        routingViaHost: true
      genevePort: 6081
# ...
      Copy to Clipboard Toggle word wrap

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat