Red Hat OpenShift clusters on vSphere require multiple networks. This section discusses networking design not covered in the NSX-T Data Center detailed design.

You deploy all Red Hat OpenShift cluster workloads to NSX-T overlay networks. NSX-T Edge appliances in the shared edge and workload cluster are deployed to VLAN-backed networks.

Figure 1. Network Design for Red Hat OpenShift in a Workload Domain
Table 1. Networks Used by Red Hat OpenShift

Network

Routable / NAT

Usage

Management Network

Routable

Used by the control plane, worker, and bootsrap nodes.

Pod Networks

NAT

Used by Kubernetes pods that run in the cluster.

Service IP Pool Network

NAT

Used by Kubernetes applications that need a service IP address.

Ingress IP Pool Network

Routable

Used by NSX-T Data Center to create an IP pool for load balancing.

Egress IP Pool Network

Routable

Used by NSX-T Data Center to create an IP pool for NAT endpoint use.

Namespace Networks

NAT

When you create a namespace, an NSX-T Data Center overlay segment and corresponding IP pool is instantiated to service pods in that namespace. If that IP space runs out, an additional NSX-T overlay segment and IP pool are instantiated.

Decision ID

Design Decision

Design Justification

Design Implication

SDDC-RHOSWLD-VI-OCP-009

Deploy a /28 (minimum) segment for use by the control plane, worker, and bootstrap nodes.

Supports the control plane, worker, and bootstrap nodes.

The NSX-T overlay segment must be manually created.

SDDC-RHOSWLD-VI-OCP-010

Dedicate a /16 subnet for pod networking.

A single /16 subnet is sufficient for most deployments. If you anticipate deploying a large number of projects, you might need to dedicate a larger subnet.

Private IP space, behind a NAT, that you can use across multiple clusters.

SDDC-RHOSWLD-VI-OCP-011

Dedicate a /16 subnet for services.

A single /16 subnet is sufficient for most deployments.

Private IP space, behind a NAT, that you can use across multiple clusters.

SDDC-RHOSWLD-VI-OCP-012

Dedicate a /24 or larger subnet on your corporate network for ingress endpoints.

A single /24 subnet is sufficient for most deployments,but you must evaluate your own ingress needs prior to deployment.

This subnet must be routable to the rest of the corporate network.

SDDC-RHOSWLD-VI-OCP-013

Dedicate a /24 or larger subnet on your corporate network for egress endpoints.

A single /24 subnet is sufficient for most deployments,

but you must evaluate your own egress needs prior to deployment.

This subnet must be routable to the rest of the corporate network.

SDDC-RHOSWLD-VI-OCP-014

Deploy a medium-size load balancer for cluster use.

Small-size load balancers only support 20 virtual servers, which is insufficient for most clusters.

None.