Configuring the network for worker and proxy nodes

Use this procedure to configure the network for the worker and proxy nodes. You will use the network information in the ssc4icp-config.yaml file when creating the cluster resources. The cluster nodes can communicate among each other in a layer 2 or layer 3 network architecture. You also need to configure external IP addresses for the proxy nodes so that external requests to the services inside the IBM Cloud Private cluster can access the cluster.

This procedure is intended for users with role cloud administrator.

Before your begin

• Refer to the checklist that you prepared on this topic Planning for Secure Service Container for IBM Cloud Private.
• Ensure that the subnet range 172.31.0.1/16 is not used in your network because the IP addresses within this range are reserved for the appliance.

Procedure

Complete the following steps according to your network topology.

1. Configure a Layer 2 network for the cluster nodes as identified in the worker or proxy node checklist in the Planning for Secure Service Container for IBM Cloud Private topic, which means all the cluster nodes are available in the same subnet.

   a. Decide the private subnet that you want to use. For example, 192.168.0.0/24 is the subnet value and 192.168.0.1 is the gateway value. Then the available IP addresses in this subnet are from 192.168.0.2 to 192.168.0.254. Use the subnet and gateway values for the subnet and gateway parameters under the internal_network section in the ssc4icp-config.yaml file.

   b. Choose IP addresses from the available values for your worker and proxy nodes. You can use any IP addresses within this private network because this private network is defined by yourself. For example, 192.168.0.252, 192.168.0.253, and so on.

   c. Choose one IP address from the range as the IP address for the master node. For example, 192.168.0.251. Use the subnet value and this IP address for the internal_ips and subnet parameters under the masterconfig section in the ssc4icp-config.yaml file.

   d. Use those IP values for the internal_ips parameter in the ssc4icp-config.yaml file when Configuring the cluster resources. See the following code snippet as an example.

      ...
      cluster:
        masterconfig:
          internal_ips: ['192.168.0.251']
          subnet: "192.168.0.0/24"
      LPAR
      -ipaddress: '10.152.151.105'
         containers:
            -template: "template1"
            count: 2
            internal_ips: ['192.168.0.252','192.168.0.253']
      -ipaddress: '10.152.151.105'
         containers:
            -template: "template2"
            count: 1
            internal_ips: ['192.168.0.254']
      ...
      template1:
         type: "WORKER"
         internal_network:
           subnet: "192.168.0.0/24"
           gateway: "192.168.0.1
           parent: "encf700"
      ...
      template2:
         type: "PROXY"
         internal_network:
           subnet: "192.168.0.0/24"
           gateway: "192.168.0.1"
           parent: "encf700"
      ...
   

2. If you want to configure the network for the cluster nodes by using your existing Layer 3 network, which means the cluster nodes are in two different subnets. For example, the worker and proxy nodes are available in the 10.152.151.0/24 subnet and the master node is in the 10.162.161.0/24 subnet.

   a. Check with your network administrator to get the subnet and gateway information. For example, 10.152.151.0/24 is the subnet value and 10.152.151.1 is the gateway value. Then the available IP addresses in this subnet are from 10.152.151.2 to 10.152.151.254. Use the subnet and gateway values for the subnet and gateway parameters under the internal_network section in the ssc4icp-config.yaml file.

   b. Choose IP addresses from the available values for your worker and proxy nodes. Note that the IP address must not be used by any host in the subnet. For example, 10.152.151.110, 10.152.151.111, and so on.

   c. Use the master node IP address, for example, 10.162.161.107, for the internal_ips and subnet parameters under the masterconfig section in the ssc4icp-config.yaml file.

   d. Use those IP values for the internal_ips parameter in the ssc4icp-config.yaml file when Configuring the cluster resources. See the following code snippet as an example.

         ...
         cluster:
           masterconfig:
             internal_ips: ['10.162.161.107']
             subnet: "10.162.161.0/24"
         LPAR
          -ipaddress: '10.152.151.105'
             containers:
                -template: "template1"
                count: 2
                internal_ips: ['10.152.151.110','10.152.151.111']
         -ipaddress: '10.152.151.105'
             containers:
                -template: "template2"
                count: 1
                internal_ips: ['10.152.151.112']
         template1:
            type: "WORKER"
            internal_network:
               subnet: "10.152.151.0/24"
               gateway: "10.152.151.1"
               parent: "encf700"
         template2:
            type: "PROXY"
            internal_network:
              subnet: "10.152.151.0/24"
              gateway: "10.152.151.1"
              parent: "encf700"
        ...
   

3. Configure the external network for the proxy node.

   a. Check with your network administrator to get the subnet and gateway information of the external OSA device. For example, 172.16.0.0/24 is the subnet value and 172.16.0.1 is the gateway value. Then the available IP addresses in this subnet are from 172.16.0.2 to 172.16.0.254. Use the subnet and gateway values for the subnet and gateway parameters under the proxy_external_network section in the ssc4icp-config.yaml file.

   b. Choose an appropriate IP address within the range for the proxy node on the Secure Service Container partition. The proxy node transmits external request to the services created inside your cluster. If you have multiple proxy nodes on different Secure Service Container partitions, assign one IP address for each of proxy node. For example, 172.16.0.4, 172.16.0.5, and so on.

   c. Use the external IP values for the proxy_external_ips parameter in the ssc4icp-config.yaml file. See the following code snippet as an example.

   ...
   LPARS:
    -ipaddress: '10.152.151.105'
        containers:
          -template: "template2"
           ...
           proxy_external_ips: ['172.16.0.4']
   template2:
        type: "PROXY"
        ...
        proxy_external_network:
           subnet: "172.16.0.0/24"
           gateway: "172.16.0.1"
           parent: "encf900"
    ...
   

For the complete ssc4icp-config.yaml example files, see Worker and proxy nodes in a random private Layer 2 network on two Secure Service Container partitions and Worker and proxy nodes in an existing Layer 3 network on two Secure Service Container partitions.

Next

You can now follow the instructions in the Configuring the cluster resources topic to set up the resource specifications for cluster nodes.