This feature is available in Enterprise Edition only.

The module is not enabled by default in any bundles.

How to explicitly enable the module…

Set the spec.enabled module parameter to true or false in the ModuleConfig/network-gateway resource (create it, if necessary) to explicitly enable or disable the module, or use the deckhouse-controller module command in the d8-system/deckhouse pod.

Example of enabling the module:

  • by using the ModuleConfig resource:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: network-gateway
spec:
  enabled: true

  • by using the deckhouse-controller command (you need a kubectl, configured to work with the cluster):

    kubectl -ti -n d8-system exec deploy/deckhouse -c deckhouse -- deckhouse-controller module enable network-gateway

Example of disabling the module:

  • by using the ModuleConfig resource:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: network-gateway
spec:
  enabled: false

  • by using the deckhouse-controller command (you need a kubectl, configured to work with the cluster):

    kubectl -ti -n d8-system exec deploy/deckhouse -c deckhouse -- deckhouse-controller module disable network-gateway

The module is configured using the ModuleConfig custom resource named network-gateway (learn more about setting up Deckhouse…).

Example of the ModuleConfig/network-gateway resource for configuring the module:

apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: network-gateway
spec:
  version: 1
  enabled: true
  settings: # <-- Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • disableDHCPboolean

    Disables the DHCP server.

    Default: false

  • dnsobject

    Settings to pass to clients via DHCP.

    • dns.searcharray of strings

      List of search domains.

      Example:

      search:
- office.example.com
- srv.example.com
    • dns.serversarray of strings

      List of DNS servers.

      Example:

      servers:
- 4.2.2.2
- 8.8.8.8
  • nodeSelectorobject

    Required value

    Selects nodes that will be used to configure iptables rules and to run the DHCP server.

    The same as in the Pods’ spec.nodeSelector parameter in Kubernetes. Instance Pods inherit this field as is.

    Example:

    nodeSelector:
  type: network-gateway
  • publicAddressstring

    Required value

    Replaces the src of the packets outgoing from the LAN.

    Pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}$

    Example:

    publicAddress: 10.220.203.240
  • storageClassstring

    The name of the StorageClass to use for storing the DHCP lease.

    If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, either the global StorageClass or global.discovery.defaultStorageClass is used, and if those are undefined, the emptyDir volume is used to store the data.

    Dnsmasq (underlies our DHCP server) has its own mechanisms for protecting against the duplication of IP addresses if the lease database is lost (but it is better not to lose it).

  • subnetstring

    Required value

    The address of a local subnet that gateway serves.

    The DHCP options to pass to clients are generated based on this address:

    • Address pool — numbers starting with 50 and up to the last one.
    • Router — the subnet’s first address.

    Pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$

    Example:

    subnet: 192.168.42.0/24
  • tolerationsarray of objects

    Tolerations for DHCP Pods and iptables managers.

    The same as in the Pods’ spec.tolerations parameter in Kubernetes. The instance’s Pods inherit this field as is.

    • tolerations.effectstring
    • tolerations.keystring
    • tolerations.operatorstring
    • tolerations.tolerationSecondsinteger
    • tolerations.valuestring