exluding IP address for physical devices in the subnet

[ooichman]

We have encountered a problem while trying to set up Keepalived operator in a disconnected environment. The operator receives a subnet of available IP addresses for load balancing from the OpenShift API in order to provide VIP addresses to services of type LoadBalancer. While we are able to set the available subnet CIDR, we can not exclude addresses from the given list at API level as it does not have an appropriate field for exclusion ( gateway for example).

[raffaelespazzoli]

@ooichman the IPs to be used for VIPs are not assigned by the keepalived operator, but instead either by humans when using external IPs services or loadbalancer services or by OCP when using load balancer services (without the load balancedr IP initialized). The cidr for allowed externalIPs and auto-assigned load balancer IPs is configured in the network/cluster object which is then managed by then network operator1. If you look at the API2, currently it's not possible to blacklist individual IPs, but you can have multiple CIDRs segments. If you need the ability to blacklist individual IPs, you need to open an RFE to OCP.