Available in editions:  EE

The module lifecycle stageGeneral Availability

The module is not enabled by default in any bundles.

How to explicitly enable the module…

You may explicitly enable or disable the module in one of the following ways:

  • Via Deckhouse web UI. In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the network-gateway module and enable (or disable) the “Module enabled” toggle. Save changes.

    Example:

    Module enable/disable interface

  • Via Deckhouse CLI (d8).

    Use the d8 system module enable command for enabling, or d8 system module disable command for disabling the module (you need Deckhouse CLI (d8), configured to work with the cluster).

    Example of enabling the module:

    d8 system module enable network-gateway

  • Using ModuleConfig network-gateway.

    Set spec.enabled to true or false in ModuleConfig network-gateway (create it if necessary);

    Example of a manifest to enable module network-gateway:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: network-gateway
spec:
  enabled: true

How to configure the module…

You can configure the module in one of the following ways:

  • Via Deckhouse web UI.

    In the “System” → “System Management” → “Deckhouse” → “Modules” section, open the network-gateway module and enable the “Advanced Settings” switch. Fill in the required fields in the “Configuration” tab or specify the module settings in YAML format on the “YAML” tab, excluding the settings section. Save the changes.

    Example:

    Module Setup Interface

    You can also edit the ModuleConfig object network-gateway on the “YAML” tab in the module settings window (“System” → “System Management” → “Deckhouse” → “Modules”, open the module network-gateway) by specifying the schema version in the spec.version parameter and the necessary module parameters in the spec.settings section.

  • Via Deckhouse CLI (d8) (requires Deckhouse CLI (d8) configured to work with the cluster).

    Edit the existing ModuleConfig network-gateway (for more details on configuring Deckhouse, see the documentation) by executing the following command:

    d8 k edit mc network-gateway

    Make the necessary changes in the spec.settings section. If necessary, specify the schema version in the spec.version parameter. Save the changes.

    You can also create a file with manifest for ModuleConfig network-gateway using the example below. Fill in the spec.settings section with the required module parameters. If necessary, specify the schema version in the spec.version parameter.

    Apply the manifest using the following command (indicate the manifest file name):

    d8 k apply -f <FILENAME>

    Example of a manifest for ModuleConfig network-gateway:

    apiVersion: deckhouse.io/v1alpha1
kind: ModuleConfig
metadata:
  name: network-gateway
spec:
  version: 1
  enabled: true
  settings: # Module parameters from the "Parameters" section below.

Parameters

Schema version: 1

  • settings
    object
    • settings.disableDHCP
      boolean

      Disables the DHCP server.

      Default: false

    • settings.dns
      object

      Settings to pass to clients via DHCP.

      • settings.dns.search
        array of strings

        List of search domains.

        Example:

        search:
- office.example.com
- srv.example.com
      • settings.dns.servers
        array of strings

        List of DNS servers.

        Example:

        servers:
- 4.2.2.2
- 8.8.8.8
    • settings.nodeSelector
      object

      Required value

      Selects nodes that will be used to configure iptables rules and to run the DHCP server.

      The same as in the Pods’ spec.nodeSelector parameter in Kubernetes. Instance Pods inherit this field as is.

      Example:

      nodeSelector:
  type: network-gateway
    • settings.publicAddress
      string

      Required value

      Replaces the src of the packets outgoing from the LAN.

      Pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}$

      Example:

      publicAddress: 10.220.203.240
    • settings.storageClass
      string

      The name of the StorageClass to use for storing the DHCP lease.

      If omitted, the StorageClass of the existing PVC is used. If there is no PVC yet, the StorageClass will be used according to the global storageClass parameter setting.

      The global storageClass parameter is only considered when the module is enabled. Changing the global storageClass parameter while the module is enabled will not trigger disk re-provisioning.

      *Warning.** Specifying a value different from the one currently used (in the existing PVC) will result in disk re-provisioning and all data will be deleted.

      If false is specified, emptyDir will be forced to be used.

      Dnsmasq (underlies our DHCP server) has its own mechanisms for protecting against the duplication of IP addresses if the lease database is lost (but it is better not to lose it).

    • settings.subnet
      string

      Required value

      The address of a local subnet that gateway serves.

      The DHCP options to pass to clients are generated based on this address:

      • Address pool — numbers starting with 50 and up to the last one.
      • Router — the subnet’s first address.

      Pattern: ^([0-9]{1,3}\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))$

      Example:

      subnet: 192.168.42.0/24
    • settings.tolerations
      array of objects

      Tolerations for DHCP Pods and iptables managers.

      The same as in the Pods’ spec.tolerations parameter in Kubernetes. The instance’s Pods inherit this field as is.

      • settings.tolerations.effect
        string
      • settings.tolerations.key
        string
      • settings.tolerations.operator
        string
      • settings.tolerations.tolerationSeconds
        integer
      • settings.tolerations.value
        string