Useful networking Information in Openshift for Maximo developers

As more and more MAS 8.0 deployments are happening, some useful concepts for Maximo developers on Openshift

Sep 13, 2024

Basics of Red Hat OpenShift IP Requirements

Red Hat OpenShift requires specific IP ranges for different network functions to ensure smooth operation, communication, and scalability. Here's an overview of the key IP requirements:

1. Cluster Network CIDR

Purpose: Defines the range of IP addresses used for pod-to-pod communication within the OpenShift cluster.
Default Range: 10.128.0.0/14
Customization: This range can be customized based on your network requirements and should not overlap with other network ranges in your environment.

2. Service Network CIDR

Purpose: Defines the range of IP addresses used for internal cluster services, allowing pods to communicate with services.
Default Range: 172.30.0.0/16
Customization: Similar to the cluster network CIDR, this can be adjusted to fit your specific network layout.

3. Node IP Addresses

Purpose: Each node in the OpenShift cluster requires an IP address to communicate with the control plane and other nodes.
Considerations: These IP addresses are typically assigned from your underlying network infrastructure (e.g., your cloud provider or on-premises network).

4. External Access

Ingress IP Addresses: Used for exposing services to the external network.
Egress IP Addresses: Used for outbound traffic from the cluster to external services.

Configuring IP Ranges

When installing OpenShift, you configure these IP ranges in the install-config.yaml file.

Best Practices

Avoid Overlapping Ranges: Ensure that the IP ranges for the cluster network and service network do not overlap with each other or with any other network ranges in use.
Plan for Scalability: Allocate IP ranges that can accommodate future growth in terms of nodes, pods, and services.
Network Policies: Implement network policies to control traffic flow between pods and services for better security and performance.

Using a /16 subnet for Red Hat OpenShift networking is recommended for several reasons related to scalability, performance, and simplicity in managing IP addresses within the cluster.

Reasons for /16 Subnet

Large IP Address Pool:
- A /16 subnet provides 65,536 IP addresses, which allows for a large number of pods and services within the cluster. This is particularly important for large-scale deployments where many applications, microservices, and containers might be running simultaneously.
Avoiding IP Exhaustion:
- Ensuring there are enough IP addresses available helps avoid IP exhaustion, which can cause deployment issues and downtime if the cluster runs out of IP addresses for new pods or services.
Simplified Network Management:
- Having a large, contiguous IP address range simplifies network management and reduces the complexity of configuring and managing multiple smaller subnets. It helps in maintaining consistency and ease of administration.
Flexibility in Network Design:
- A larger subnet provides greater flexibility in network design and segmentation, allowing for better isolation and security practices. It enables the creation of multiple subnets or segments within the larger /16 range without running into address space limitations.

Example Configuration

In the OpenShift install-config.yaml, the service network is defined as follows:

yaml

Copy code

networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 serviceNetwork: - 172.30.0.0/16

In this configuration:

10.128.0.0/14 is used for the cluster network, providing a very large range for pod IPs.
172.30.0.0/16 is used for the service network, offering a substantial range for service IPs.References:

Reference:

Redhat Openshift Networking

Note: I am also learning on networking aspects of MAS 8.0, if there is any information that is inaccurate, kindly advise will get it corrected.