Using the Egressip Ipam Operator with a Private ARO Cluster
This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
This guide is only valid for ARO clusters created on version 4.10 or earlier.
Clusters created on version 4.11 and later use OVNKubernetes as their Container Network Interface, and egressip-ipam-operator does not support OVNKubernetes.
In addition, please refer
here
to create a private ARO cluster without using public IP address. This way, you will be using UserDefinedRouting for
egress
.
Prerequisites
- A private ARO cluster that uses OpenShift SDN as its CNI
Deploy the Egressip Ipam Operator
Via GUI
-
Log into the ARO cluster’s Console
-
Switch to the Administrator view
-
Click on Operators -> Operator Hub
-
Search for “Egressip Ipam Operator”
-
Install it with the default settings
or
Via CLI
-
Deploy the
egress-ipam-operator
Configure EgressIP
-
Create an EgressIPAM resource for your cluster. Update the CIDR to reflect the worker node subnet.
-
Create test namespaces
-
Check the namespaces have IPs assigned
The output should look like:
-
Check they’re actually set as Egress IPs
The output should look like:
-
Finally check the Host Subnets for Egress IPS
The output should look like:
Test Egress
-
Log into your jumpbox and allow http into firewall
-
Install and start apache httpd
-
Create a index.html
-
tail apache logs
-
Start an interactive pod in one of your new namespaces
The output should look the following (the IP should match the egress IP of your namespace):
