Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Chapter 7. Configuring a gateway

As a cluster administrator you can configure the gatewayConfig object to manage how external traffic leaves the cluster. You do so by setting the routingViaHost parameter to one of the following values:

  • true means that egress traffic routes through a specific local gateway on the node that hosts the pod. Egress traffic routes through the host and this traffic applies to the routing table of the host.
  • false means that egress traffic routes through a dedicated node but a group of nodes share the same gateway. Egress traffic does not route through the host. The Open vSwitch (OVS) outputs traffic directly to the node IP interface.

7.1. Configuring egress routing policies
Copiar enlace

As a cluster administrator you can configure egress routing policies by using the gatewayConfig specification in the Cluster Network Operator (CNO). You can use the following procedure to set the routingViaHost field to true or false.

You can follow the optional step in the procedure to enable IP forwarding alongside the routingViaHost=true configuration if you need the host network of the node to act as a router for traffic not related to OVN-Kubernetes. For example, possible use cases for combining local gateway with IP forwarding include:

  • Configuring all pod egress traffic to be forwarded via the node’s IP
  • Integrating OVN-Kubernetes CNI with external network address translation (NAT) devices
  • Configuring OVN-Kubernetes CNI to use a kernel routing table

Prerequisites

  • You are logged in as a user with admin privileges.

Procedure

  1. Back up the existing network configuration by running the following command: 

    $ oc get network.operator cluster -o yaml > network-config-backup.yaml
    Copy to Clipboard Toggle word wrap

  2. Set the routingViaHost parameter to true by entering the following command. Egress traffic then gets routed through a specific gateway according to the routes that you configured on the node. 

    $ oc patch networks.operator.openshift.io cluster --type=merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"routingViaHost": true}}}}}'
    Copy to Clipboard Toggle word wrap

  3. Verify the correct application of the routingViaHost=true configuration by running the following command: 

    $ oc get networks.operator.openshift.io cluster -o yaml | grep -A 5 "gatewayConfig"
    Copy to Clipboard Toggle word wrap

    Example output

    apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
# ...
gatewayConfig:
        ipv4: {}
        ipv6: {}
        routingViaHost: true
    1 
    
      genevePort: 6081
      ipsecConfig:
# ...
    Copy to Clipboard Toggle word wrap

    1
    A value of true means that egress traffic gets routed through a specific local gateway on the node that hosts the pod. A value of false for the parameter means that a group of nodes share a single gateway so traffic does not get routed through a single host.

  4. Optional: Enable IP forwarding globally by running the following command: 

    $ oc patch network.operator cluster --type=merge -p '{"spec":{"defaultNetwork":{"ovnKubernetesConfig":{"gatewayConfig":{"ipForwarding": "Global"}}}}}'
    Copy to Clipboard Toggle word wrap

    1. Verify that the ipForwarding spec has been set to Global by running the following command: 

      $ oc get networks.operator.openshift.io cluster -o yaml | grep -A 5 "gatewayConfig"
      Copy to Clipboard Toggle word wrap

      Example output

      apiVersion: operator.openshift.io/v1
kind: Network
metadata:
  name: cluster
# ...
gatewayConfig:
        ipForwarding: Global
        ipv4: {}
        ipv6: {}
        routingViaHost: true
      genevePort: 6081
# ...
      Copy to Clipboard Toggle word wrap

Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat