OCPBUGS-44421: Added info on how to remove an NNCP config from network interface

Author: dfitzmau

modules/node-network-configuration-policy-file.adoc

@@ -0,0 +1,29 @@
+// Module included in the following assemblies:
+//
+// * networking/k8s_nmstate/k8s-observing-node-network-state.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="node-network-configuration-policy-file.adoc_{context}"]
+= The NodeNetworkConfigurationPolicy manifest file
+
+A `NodeNetworkConfigurationPolicy` (NNCP) manifest file defines policies that the Kubernetes NMState Operator uses to configure networking for nodes that exist in an {product-title} cluster. 
+
+After you apply a node network policy to a node, the Kubernetes NMState Operator creates an interface on the node. A node network policy includes your requested network configuration and the status of execution for the policy on the cluster as a whole.
+
+You can create an NNCP by using either the {oc-first} or the {product-title} web console. As a postinstallation task you can create an NNCP or edit an existing NNCP.
+
+[NOTE]
+====
+Before you create an NNCP, ensure that you read the "Example policy configurations for different interfaces" document.
+====
+
+If you want to delete an NNCP, you can use the `oc delete nncp` command to complete this action. However, this command does not delete any created objects, such as a bridge interface. 
+
+Deleting the node network policy that added an interface to a node does not change the configuration of the policy on the node. Similarly, removing an interface does not delete the policy, because the Kubernetes NMState Operator recreates the removed interface whenever a pod or a node is restarted.
+
+To effectively delete the NNCP, the node network policy, and any created interfaces would typically require the following actions:
+
+. Edit the NNCP and remove interface details from the file. Ensure that you do not remove `name`, `state`, and `type` parameters from the file.
+. Add `state: absent` under the `interfaces.state` section of the NNCP.
+. Run `oc apply -f <nncp_file_name>`. After the Kubernetes NMState Operator applies the node network policy to each node in your cluster, the interface that was previously created on each node is now marked _absent_. 
+. Run `oc delete nncp` to delete the NNCP. 

modules/virt-confirming-policy-updates-on-nodes.adoc

@@ -6,10 +6,6 @@
 [id="virt-confirming-policy-updates-on-nodes_{context}"]
 = Confirming node network policy updates on nodes
 
-A `NodeNetworkConfigurationPolicy` manifest describes your requested network configuration for nodes in the cluster.
-The node network policy includes your requested network configuration and the status of execution of the policy on the cluster as a whole.
-
-
 When you apply a node network policy, a `NodeNetworkConfigurationEnactment` object is created for every node in the cluster. The node network configuration enactment is a read-only object that represents the status of execution of the policy on that node.
 If the policy fails to be applied on the node, the enactment for that node includes a traceback for troubleshooting.
 

modules/virt-example-nmstate-IP-management.adoc

@@ -88,6 +88,7 @@ The following snippet configures an Ethernet interface that uses a dynamic IP ad
 # ...
 ----
 
+
 [id="virt-example-nmstate-IP-management-dns_{context}"]
 == DNS
 
@@ -98,7 +99,7 @@ By default, the `nmstate` API stores DNS values globally as against storing them
 Setting a DNS configuration is comparable to modifying the `/etc/resolv.conf` file.
 ====
 
-To define a DNS configuration for a network interface, you must initially specify the `dns-resolver` section in the network interface's YAML configuration file.
+To define a DNS configuration for a network interface, you must initially specify the `dns-resolver` section in the network interface's YAML configuration file. To apply an NNCP configuration to your network interface, you need to run the `oc apply -f <nncp_file_name>` command.
 
 [IMPORTANT]
 ====
@@ -132,6 +133,35 @@ spec:
         - 192.0.2.251
 # ...
 ----
++
+[IMPORTANT]
+====
+You can specify DNS options under the `dns-resolver.config` section of your NNCP file as demonstrated in the following example:
+
+[source,terminal]
+----
+# ...
+desiredState:
+    dns-resolver:
+      config:
+        search:
+         options:
+         - timeout:2
+         - attempts:3
+# ...
+----
+
+If you want to remove the DNS options from your network interface, apply the following configuration to your NNCP and then run the `oc apply -f <nncp_file_name>` command: 
+
+[source,terminal]
+----
+# ...
+    dns-resolver:
+      config: {}
+    interfaces: []
+# ...
+----
+====
 
 The following examples show situations that require configuring a network interface to store DNS values:
 

modules/virt-nmstate-example-policy-configurations.adoc

@@ -6,12 +6,12 @@
 [id="virt-nmstate-example-policy-configurations_{context}"]
 = Example policy configurations for different interfaces
 
-Before you read the different example `NodeNetworkConfigurationPolicy` (NNCP) manifest configurations, consider the following factors when you apply a policy so that your cluster runs at its best performance conditions:
+Before you read the different example `NodeNetworkConfigurationPolicy` (NNCP) manifest configurations, consider the following factors when you apply a policy to nodes so that your cluster runs under its best performance conditions:
 
-* When you need to apply a policy to more than one node, create a `NodeNetworkConfigurationPolicy` manifest for each target node. The Kubernetes NMState Operator applies the policy to each node with an NNCP in an unspecified order. Scoping a policy with this approach reduces the length of time for policy application but risks a cluster-wide outage if an error is in the cluster's configuration. To avoid this type of error, initially apply NNCP to some nodes, and after you confirm they are configured correctly, proceed with applying the policy to the remaining nodes.
+* When you need to apply a policy to more than one node, create a `NodeNetworkConfigurationPolicy` manifest for each target node. The Kubernetes NMState Operator applies the policy to each node with a defined NNCP in an unspecified order. Scoping a policy with this approach reduces the length of time for policy application but risks a cluster-wide outage if an error exists in the cluster's configuration. To avoid this type of error, initially apply an NNCP to some nodes, confirm the NNCP is configured correctly for these nodes, and then proceed with applying the policy to the remaining nodes.
 
-* When you need to apply a policy to many nodes but you only want to create a single NNCP for all target nodes, the Kubernetes NMState Operator applies the policy to each node in sequence. You can set the speed and coverage of policy application for target nodes with the `maxUnavailable` parameter in the cluster configuration. By setting a lower percentage value for the parameter, you can reduce the risk of a cluster-wide outage if the outage impacts the small percentage of nodes that are receiving the policy application.
+* When you need to apply a policy to many nodes but you only want to create a single NNCP for all the nodes, the Kubernetes NMState Operator applies the policy to each node in sequence. You can set the speed and coverage of policy application for target nodes with the `maxUnavailable` parameter in the cluster's configuration file. By setting a lower percentage value for the parameter, you can reduce the risk of a cluster-wide outage if the outage impacts the small percentage of nodes that are receiving the policy application.
 
 * Consider specifying all related network configurations in a single policy.
 
-* When a node restarts, the Kubernetes NMState Operator cannot control the order that it applies policies to nodes. The Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object.
+* When a node restarts, the Kubernetes NMState Operator cannot control the order to which it applies policies to nodes. The Kubernetes NMState Operator might apply interdependent policies in a sequence that results in a degraded network object.

modules/virt-removing-interface-from-nodes.adoc

@@ -14,9 +14,7 @@ If you remove a bridge or bonding interface, any node NICs in the cluster that w
 
 [NOTE]
 ====
-Deleting the node network policy that added an interface does not change the configuration of the policy on the node.
-Although a `NodeNetworkConfigurationPolicy` is an object in the cluster, it only represents the requested configuration. +
-Similarly, removing an interface does not delete the policy.
+Deleting the node network policy that added an interface does not change the configuration of the policy on the node. Although a `NodeNetworkConfigurationPolicy` is an object in the cluster, the object only represents the requested configuration. Similarly, removing an interface does not delete the policy.
 ====
 
 .Procedure

networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc

@@ -3,7 +3,7 @@
 = Observing and updating the node network state and configuration
 include::_attributes/common-attributes.adoc[]
 :VirtProductName: OpenShift Container Platform
-:context: k8s_nmstate-updating-node-network-config
+:context: k8s-nmstate-updating-node-network-config
 
 toc::[]
 
@@ -17,6 +17,16 @@ include::modules/virt-viewing-network-state-of-node.adoc[leveloffset=+1]
 // Viewing the network state of a node from the web console
 include::modules/virt-viewing-network-state-of-node-console.adoc[leveloffset=+1]
 
+// The `NodeNetworkConfigurationPolicy` manifest file
+include::modules/node-network-configuration-policy-file.adoc[leveloffset=+1]
+
+[discrete]
+[role="_additional-resources"]
+== Additional resources
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-nmstate-example-policy-configurations_{context}[Example policy configurations for different interfaces]
+
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-removing-interface-from-nodes_{context}[Removing an interface from nodes]
+
 // Managing policy from the web console
 include::modules/virt-node-network-config-console.adoc[leveloffset=+1]
 

networking/metallb/metallb-configure-bgp-peers.adoc

@@ -31,7 +31,7 @@ include::modules/nw-metallb-configure-vrf-bgppeer.adoc[leveloffset=+1]
 
 * xref:../../networking/multiple_networks/about-virtual-routing-and-forwarding.adoc#cnf-about-virtual-routing-and-forwarding_about-virtual-routing-and-forwarding[About virtual routing and forwarding]
 
-* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s_nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s-nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
 
 * xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc#configuring-egress-traffic-loadbalancer-services[Configuring an egress service]
 

networking/metallb/metallb-configure-return-traffic.adoc

@@ -59,6 +59,6 @@ include::modules/nw-metallb-configure-return-traffic-proc.adoc[leveloffset=+1]
 
 * xref:../../networking/metallb/metallb-configure-bgp-peers.adoc#nw-metallb-bgp-peer-vrf_configure-metallb-bgp-peers[Exposing a service through a network VRF]
 
-* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s_nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s-nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
 
 * xref:../../networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc#configuring-egress-traffic-loadbalancer-services[Configuring an egress service]

networking/networking_operators/k8s-nmstate-about-the-k8s-nmstate-operator.adoc

@@ -51,7 +51,7 @@ include::modules/viewing-stats-collected-kubernetes-nmtate-op.adoc[leveloffset=+
 [id="additional-resources_k8s-nmstate-view-stats_{context}"]
 == Additional resources
 
-* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-creating-interface-on-nodes_k8s_nmstate-updating-node-network-config[Creating an interface on nodes]
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-creating-interface-on-nodes_k8s-nmstate-updating-node-network-config[Creating an interface on nodes]
 
 [id="k8s-nmstate-about-next-steps"]
 == Next steps

networking/ovn_kubernetes_network_provider/configuring-egress-traffic-for-vrf-loadbalancer-services.adoc

@@ -37,7 +37,7 @@ include::modules/nw-egress-service-ovn.adoc[leveloffset=+1]
 
 * xref:../../networking/metallb/metallb-configure-bgp-peers.adoc#nw-metallb-bgp-peer-vrf_configure-metallb-bgp-peers[Exposing a service through a network VRF]
 
-* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s_nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
+* xref:../../networking/k8s_nmstate/k8s-nmstate-updating-node-network-config.adoc#virt-example-host-vrf_k8s-nmstate-updating-node-network-config[Example: Network interface with a VRF instance node network configuration policy]
 
 * xref:../../networking/metallb/metallb-configure-return-traffic.adoc#metallb-configure-return-traffic[Managing symmetric routing with MetalLB]