Configure an external NTP relay
Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to configure an external NTP replay for
Google Distributed Cloud (GDC) air-gapped appliance.
These steps are only required if you want to synchronize the appliance
with external time after being disconnected.
Before you begin
To sync the appliance with external NTP, complete the following steps:
Before you begin, make sure that there is only one NTP relay. To verify, run
the following command on the bootstrapper machine:
kubectl get ntprelay -A
The output looks like the following example:
NAMESPACE NAME AGE
gpc-system bi-ntp-relay 4d21h
Connect the bootstrapper to the appliance device and determine the IP
address of the connected interface:
ifconfig
mgmt: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 198.18.0.30 netmask 255.255.255.224 broadcast 198.18.0.31
inet6 fe80::20c:29ff:fea8:fc35 prefixlen 64 scopeid 0x20<link>
...
Edit the ntprelay CR by including the bootstrapper mgmt IP as the upstream IP.
kubectl edit ntprelay bi-ntp-relay -n gpc-system
ntprelay.system.private.gdc.goog/bi-ntp-relay edited
kubectl get ntprelay bi-ntp-relay -n gpc-system -oyaml
The output looks like the following example. In this example the IP address
for upstreamServers is changed:
apiVersion: system.private.gdc.goog/v1alpha1
kind: NTPRelay
metadata:
creationTimestamp: "2025-05-16T08:44:21Z"
generation: 2
name: bi-ntp-relay
namespace: gpc-system
resourceVersion: "10871409"
uid: 6cde8e65-791c-4bc6-9a8b-d5c9bf103f8b
spec:
upstreamServers:
- 192.0.2.030
Verify the NTP synchronization:
kubectl get pods -l app.kubernetes.io/name=ntp -n ntp-system -o name | xargs -I {} kubectl exec {} -n ntp-system -- chronyc sources -v; echo
The output looks like the following:
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.0.2.026 1 6 17 43 +286ns[ +36us] +/- 1160us
=? 192.0.2.029 0 6 0 - +0ns[ +0ns] +/- 0ns
=? 192.0.2.051 0 6 0 - +0ns[ +0ns] +/- 0ns
=? 192.0.2.059 0 6 0 - +0ns[ +0ns] +/- 0ns
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.0.2.026 1 6 37 2 +2ns[ +90us] +/- 84us
=? 192.0.2.029 2 6 1 8 +368us[ +449us] +/- 3761us
=? 192.0.2.051 0 6 1 - +0ns[ +0ns] +/- 0ns
=? 192.0.2.059 2 6 1 8 +663us[ +744us] +/- 11ms
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current best, '+' = combined, '-' = not combined,
| / 'x' = may be in error, '~' = too variable, '?' = unusable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 192.0.2.026 1 6 37 29 -6ns[ -759us] +/- 92us
=? 192.0.2.029 2 6 1 36 +334us[ -346us] +/- 3775us
=? 192.0.2.051 2 6 1 35 -125us[ -813us] +/- 5839us
=? 192.0.2.059 0 6 1 - +0ns[ +0ns] +/- 0ns
Verify if the chronyc in the NTP pods refers to the newly added IP.
kubectl exec -it -n ntp-system ntp2-84ddf7cd99-96vqn -- sh
The output looks like the following example:
Defaulted container "ntp-image" out of: ntp-image, ntp-node-exporter
# chronyc tracking
Reference ID : C612001E (198.18.0.30)
Stratum : 2
Ref time (UTC) : Wed May 21 07:28:38 2025
System time : 0.000000005 seconds slow of NTP time
Last offset : +0.000025645 seconds
RMS offset : 0.000082131 seconds
Frequency : 15.671 ppm slow
Residual freq : +0.024 ppm
Skew : 0.628 ppm
Root delay : 0.000164273 seconds
Root dispersion : 0.000180630 seconds
Update interval : 64.8 seconds
Leap status : Normal
# exit
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-04 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Configure an external NTP relay\n\nThis page describes how to configure an external NTP replay for\nGoogle Distributed Cloud (GDC) air-gapped appliance.\n\nThese steps are only required if you want to synchronize the appliance\nwith external time after being disconnected.\n\n### Before you begin\n\nTo sync the appliance with external NTP, complete the following steps:\n\n1. Before you begin, make sure that there is only one NTP relay. To verify, run\n the following command on the bootstrapper machine:\n\n kubectl get ntprelay -A\n\n The output looks like the following example: \n\n NAMESPACE NAME AGE\n gpc-system bi-ntp-relay 4d21h\n\nConfigure the NTP relay\n-----------------------\n\n1. Connect the bootstrapper to the appliance device and determine the IP\n address of the connected interface:\n\n ifconfig\n mgmt: flags=4163\u003cUP,BROADCAST,RUNNING,MULTICAST\u003e mtu 1500\n inet 198.18.0.30 netmask 255.255.255.224 broadcast 198.18.0.31\n inet6 fe80::20c:29ff:fea8:fc35 prefixlen 64 scopeid 0x20<link>\n ...\n\n2. Edit the `ntprelay` CR by including the bootstrapper mgmt IP as the upstream IP.\n\n kubectl edit ntprelay bi-ntp-relay -n gpc-system\n ntprelay.system.private.gdc.goog/bi-ntp-relay edited\n kubectl get ntprelay bi-ntp-relay -n gpc-system -oyaml\n\n The output looks like the following example. In this example the IP address\n for `upstreamServers` is changed: \n\n apiVersion: system.private.gdc.goog/v1alpha1\n kind: NTPRelay\n metadata:\n creationTimestamp: \"2025-05-16T08:44:21Z\"\n generation: 2\n name: bi-ntp-relay\n namespace: gpc-system\n resourceVersion: \"10871409\"\n uid: 6cde8e65-791c-4bc6-9a8b-d5c9bf103f8b\n spec:\n upstreamServers:\n - 192.0.2.030\n\n3. Verify the NTP synchronization:\n\n **Note:** Wait about three minutes before running the following command as chrony takes some time for the first sync and adjust. Check that the IP address added in the previous step starts with \\^\\*. Verify that the adjusted offset (+286ns in the first output) is the amount of difference between the time of the appliance and the external time source. \n\n kubectl get pods -l app.kubernetes.io/name=ntp -n ntp-system -o name | xargs -I {} kubectl exec {} -n ntp-system -- chronyc sources -v; echo\n\n The output looks like the following: \n\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n / .- Source state '*' = current best, '+' = combined, '-' = not combined,\n | / 'x' = may be in error, '~' = too variable, '?' = unusable.\n || .- xxxx [ yyyy ] +/- zzzz\n || Reachability register (octal) -. | xxxx = adjusted offset,\n || Log2(Polling interval) --. | | yyyy = measured offset,\n || \\ | | zzzz = estimated error.\n || | | \\\n MS Name/IP address Stratum Poll Reach LastRx Last sample\n ===============================================================================\n \\^\\* 192.0.2.026 1 6 17 43 +286ns\\[ +36us\\] +/- 1160us\n =? 192.0.2.029 0 6 0 - +0ns[ +0ns] +/- 0ns\n =? 192.0.2.051 0 6 0 - +0ns[ +0ns] +/- 0ns\n =? 192.0.2.059 0 6 0 - +0ns[ +0ns] +/- 0ns\n\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n / .- Source state '*' = current best, '+' = combined, '-' = not combined,\n | / 'x' = may be in error, '~' = too variable, '?' = unusable.\n || .- xxxx [ yyyy ] +/- zzzz\n || Reachability register (octal) -. | xxxx = adjusted offset,\n || Log2(Polling interval) --. | | yyyy = measured offset,\n || \\ | | zzzz = estimated error.\n || | | \\\n MS Name/IP address Stratum Poll Reach LastRx Last sample\n ===============================================================================\n \\^\\* 192.0.2.026 1 6 37 2 +2ns\\[ +90us\\] +/- 84us\n =? 192.0.2.029 2 6 1 8 +368us[ +449us] +/- 3761us\n =? 192.0.2.051 0 6 1 - +0ns[ +0ns] +/- 0ns\n =? 192.0.2.059 2 6 1 8 +663us[ +744us] +/- 11ms\n\n .-- Source mode '^' = server, '=' = peer, '#' = local clock.\n / .- Source state '*' = current best, '+' = combined, '-' = not combined,\n | / 'x' = may be in error, '~' = too variable, '?' = unusable.\n || .- xxxx [ yyyy ] +/- zzzz\n || Reachability register (octal) -. | xxxx = adjusted offset,\n || Log2(Polling interval) --. | | yyyy = measured offset,\n || \\ | | zzzz = estimated error.\n || | | \\\n MS Name/IP address Stratum Poll Reach LastRx Last sample\n ===============================================================================\n \\^\\* 192.0.2.026 1 6 37 29 -6ns\\[ -759us\\] +/- 92us\n =? 192.0.2.029 2 6 1 36 +334us[ -346us] +/- 3775us\n =? 192.0.2.051 2 6 1 35 -125us[ -813us] +/- 5839us\n =? 192.0.2.059 0 6 1 - +0ns[ +0ns] +/- 0ns\n\n4. Verify if the `chronyc` in the NTP pods refers to the newly added IP.\n\n kubectl exec -it -n ntp-system ntp2-84ddf7cd99-96vqn -- sh\n\n The output looks like the following example: \n\n Defaulted container \"ntp-image\" out of: ntp-image, ntp-node-exporter\n # chronyc tracking\n Reference ID : C612001E (198.18.0.30)\n Stratum : 2\n Ref time (UTC) : Wed May 21 07:28:38 2025\n System time : 0.000000005 seconds slow of NTP time\n Last offset : +0.000025645 seconds\n RMS offset : 0.000082131 seconds\n Frequency : 15.671 ppm slow\n Residual freq : +0.024 ppm\n Skew : 0.628 ppm\n Root delay : 0.000164273 seconds\n Root dispersion : 0.000180630 seconds\n Update interval : 64.8 seconds\n Leap status : Normal\n # exit"]]
