Red Hat Summit1.2. MicroShift networking configuration matrix
The following table summarizes the status of networking features and capabilities that are either present as defaults, supported for configuration, or not available with the MicroShift service:
| Network capability | Availability | Configuration supported |
|---|---|---|
| Advertise address | Yes | Yes |
| Kubernetes network policy | Yes | Yes |
| Kubernetes network policy logs | Not available | N/A |
| Load balancing | Yes | Yes |
| Multicast DNS | Yes | Yes |
| Network proxies | Yes | CRI-O |
| Network performance | Yes | MTU configuration |
| Egress IPs | Not available | N/A |
| Egress firewall | Not available | N/A |
| Egress router | Not available | N/A |
| Firewall | No | Yes |
| Hardware offloading | Not available | N/A |
| Hybrid networking | Not available | N/A |
| IPsec encryption for intra-cluster communication | Not available | N/A |
| IPv6 | Not available | N/A |
| Ingress router | Yes | Yes |
| Multiple networks plugin | Yes | Yes |
- Additional details about networking capabilities
-
Advertise address: If unset, the default value is set to the next immediate subnet after the service network. For example, when the service network is10.43.0.0/16, theadvertiseAddressis set to10.44.0.0/32. -
Multicast DNS: You can use the multicast DNS protocol (mDNS) to allow name resolution and service discovery within a Local Area Network (LAN) using multicast exposed on the5353/UDPport. -
Network proxies: There is no built-in transparent proxying of egress traffic in MicroShift. Egress must be manually configured. -
Firewall: Setting up the firewalld service is supported by RHEL for Edge. -
Ingress router: Configure by using the MicroShiftconfig.yamlfile.
-
1.2.1. Default settings
If you do not create a config.yaml file, default values are used. The following example shows the default configuration settings.
To see the default values, run the following command:
$ microshift show-configDefault values example output in YAML form
apiServer: advertiseAddress: 10.44.0.0/321 auditLog: maxFileAge: 02 maxFileSize: 2003 maxFiles: 104 profile: Default5 namedCertificates: - certPath: "" keyPath: "" names: - "" subjectAltNames: []6 debugging: logLevel: "Normal"7 dns: baseDomain: microshift.example.com8 etcd: memoryLimitMB: 09 ingress: listenAddress: - ""10 ports:11 http: 80 https: 443 routeAdmissionPolicy: namespaceOwnership: InterNamespaceAllowed12 status: Managed13 manifests:14 kustomizePaths: - /usr/lib/microshift/manifests - /usr/lib/microshift/manifests.d/* - /etc/microshift/manifests - /etc/microshift/manifests.d/* network: clusterNetwork: - 10.42.0.0/1615 serviceNetwork: - 10.43.0.0/1616 serviceNodePortRange: 30000-3276717 node: hostnameOverride: ""18 nodeIP: ""19 - 1
- A string that specifies the IP address from which the API server is advertised to members of the cluster. The default value is calculated based on the address of the service network.
- 2
- How long log files are kept before automatic deletion. The default value of
0in themaxFileAgeparameter means a log file is never deleted based on age. This value can be configured. - 3
- By default, when the
audit.logfile reaches themaxFileSizelimit, theaudit.logfile is rotated and MicroShift begins writing to a newaudit.logfile. This value can be configured. - 4
- The total number of log files kept. By default, MicroShift retains 10 log files. The oldest is deleted when an excess file is created. This value can be configured.
- 5
- Logs only metadata for read and write requests; does not log request bodies except for OAuth access token requests. If you do not specify this field, the
Defaultprofile is used. - 6
- Subject Alternative Names for API server certificates.
- 7
- Log verbosity. Valid values for this field are
Normal,Debug,Trace, orTraceAll. - 8
- By default,
etcduses as much memory as needed to handle the load on the system. However, in memory constrained systems, it might be preferred or necessary to limit the amount of memoryetcdcan to use at a given time. - 9
- Base domain of the cluster. All managed DNS records are subdomains of this base.
- 10
- The
ingress.listenAddressvalue defaults to the entire network of the host. The valid configurable value is a list that can be either a single IP address or NIC name or multiple IP addresses and NIC names. - 11
- Default ports shown. Configurable. Valid values for both port entries are a single, unique port in the 1-65535 range. The values of the
ports.httpandports.httpsfields cannot be the same. - 12
- Describes how hostname claims across namespaces are handled. By default, allows routes to claim different paths of the same hostname across namespaces. Valid values are
StrictandInterNamespaceAllowed. SpecifyingStrictprevents routes in different namespaces from claiming the same hostname. If the value is deleted in a customized MicroShiftconfig.yaml, theInterNamespaceAllowedvalue is automatically set. - 13
- Default router status, can be
ManagedorRemoved. - 14
- The locations on the file system to scan for
kustomizationfiles to use to load manifests. Set to a list of paths to scan only those paths. Set to an empty list to disable loading manifests. The entries in the list can be glob patterns to match multiple subdirectories. - 15
- A block of IP addresses from which pod IP addresses are allocated. This field is immutable after installation.
- 16
- A block of virtual IP addresses for Kubernetes services. IP address pool for services. A single entry is supported. This field is immutable after installation.
- 17
- The port range allowed for Kubernetes services of type
NodePort. If not specified, the default range of 30000-32767 is used. Services without aNodePortspecified are automatically allocated one from this range. This parameter can be updated after the cluster is installed. - 18
- The name of the node. The default value is the hostname. If non-empty, this string is used to identify the node instead of the hostname. You cannot change this immutable setting after MicroShift starts for the first time.
- 19
- The IP address of the node. The default value is the IP address of the default route.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}