SDN-5297: DownStream Merge Sync from 4.18 [10-31-2024] #2335
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is to change POD and join subnet used with couple of net-attach-def in unit tests to satisfy newly introduced subnet overlap check with ClusterNetwork, ServiceNetwork, join switch and masquerade CIDR. Signed-off-by: Arnab Ghosh <[email protected]>
UDN API referance generated using the following command: crd-ref-docs --source-path ./go-controller/pkg/crd/userdefinednetwork --config=crd-docs-config.yaml --renderer=markdown --output-path=./docs/api-reference/userdefinednetwork-api-spec.md Signed-off-by: Or Mergi <[email protected]>
The new OVS version is used by the OVN observability. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
In our e2e tests, a strange behaviour for ipv6 was seen: newly created pod can't reach ipv6 destination. But if the same pod is re-created, everything works. We don't know what causes that behaviour, so given function is a workaround for this issue. It also only historically fails for the first ef test "Should validate the egress firewall policy functionality for allowed IP", so only used there for now. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Surya Seetharaman <[email protected]>
UDN: Add `MASQUERADE` IPTable Rules
status. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Surya Seetharaman <[email protected]>
OCPBUGS-38270: Dockerfile: Bump OVS to 3.4.0-1
UDN: allow multiple conditions from different fieldManagers to co-exist in the status.
…nagement-port UDN: Add RPFilter Loose Mode for management port
Signed-off-by: Riccardo Ravaioli <[email protected]>
Everytime a UDN was created, we were adding the all remote nodes for every network all over again, including the default network. This makes the checks on the annotations network aware. Signed-off-by: Tim Rozet <[email protected]>
Services controller: - move it to base network controller - start one services controller per primary network - set up filter in the informer so that only endpointslices for the given network are considered - pass switch and router names according to the network for a given node. Move getActiveNetworkForNamespace to CommonNetworkControllerInfo, because the services controller only has access to CommonNetworkControllerInfo at initialization and needs to run getActiveNetworkForNamespace. Make LBs and LB groups network scoped Add network name & role to OVN external IDs. In a few places in the code we retrieve all logical switches, routers and load balancers to initialize the services controller or to delete stale entries. With one services controller per network, the OVN lookup must only return OVN elements in the network we're interested in. This is achieved by adding the network name and network role (default, primary, secondary) to the ExternalIDs field of logical switches, routers and load balancers. Signed-off-by: Riccardo Ravaioli <[email protected]>
Signed-off-by: Riccardo Ravaioli <[email protected]>
Signed-off-by: Riccardo Ravaioli <[email protected]>
The existing unit tests for services in services_controller_test are now run for UDN as well. At the same time, a cleanup of unit tests was needed, especially since there was a lot of repetition in the surrounding code, also with respect to global and test-specific variables between services_controller_test.go and lb_config_test.go Finally, Test_ETPCluster_NodePort_Service_WithMultipleIPAddresses follows the exact same logic found in TestSyncServices, so let's move it there Signed-off-by: Riccardo Ravaioli <[email protected]>
Allows the execution of the network segmentation tests that are in network_segmentation_*.go (e.g. services, endpoint slice mirrorring). For instance: make control-plane WHAT="Network Segmentation: services" Signed-off-by: Riccardo Ravaioli <[email protected]>
The test creates a client and nodeport service in a UDN backed by one pod and similarly a nodeport service and a client in the default network. We verify that: - UDN client --> UDN service, with backend pod and client running on the same node, is possible through: + clusterIP + nodeIP:nodePort, where we only target the node where the client runs (*) - UDN client --> UDN service, with backend pod and client running on different nodes, is possible through: + clusterIP + nodeIP:nodePort, where we only target the node where the client runs (*) - default-network client --> UDN service is NOT possible through: + clusterIP + nodeIP:nodePort, where we only target the node where the client runs (*) - UDN service --> default-network client is NOT possible through: + clusterIP + nodeIP:nodePort, where we only target the node where the client runs (*) (*) TODO connect to other nodes too once ovnkube-node fully supports UDN TODO: use the same logic as in network_segmentation.go Signed-off-by: Riccardo Ravaioli <[email protected]>
Signed-off-by: Jaime Caamaño Ruiz <[email protected]>
Remove tabs. Signed-off-by: Nadia Pinaeva <[email protected]>
UDN L3 support for services
Use faked iptables in UDN gateway tests
Update Dockerfile.fedora to use pre-released 24.09 ovn rpm.
Fixes remote node checks to be network aware
Signed-off-by: Martin Kennelly <[email protected]>
Signed-off-by: Dumitru Ceara <[email protected]>
UDN layer 3 networks also have a join switch and gateway router. Signed-off-by: Dumitru Ceara <[email protected]>
In the "delete" case we don't need the cookie, move the code that builds the cookie after the section that checks and takes care of deletes. Signed-off-by: Dumitru Ceara <[email protected]>
Signed-off-by: Jaime Caamaño Ruiz <[email protected]>
For go-controller: go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get sigs.k8s.io/[email protected] go mod vendor && go mod tidy Fixed API changes Fixed linting Updated codegen For e2e tests: go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get k8s.io/[email protected] go get github.com/ovn-org/ovn-kubernetes/go-controller go mod edit -replace github.com/coreos/go-iptables=github.com/trozet/[email protected] go mod tidy (konnectivity-client is not at 0.31 yet) Fixed API changes Fixed skip for some upstream e2e tests that were added and we don't support Signed-off-by: Jaime Caamaño Ruiz <[email protected]>
It seems that v1.31.1 introduced a bug in kube manager's service-lb-controller. Since we don't use a cloud provider, the controller is not fully initialized and started. However, its handlers are added to the informer and they do run. And when they do, it crashes because it is not fully initialized. Probably introduced through: kubernetes/kubernetes@50c1243 Disable service-lb-controller since it is not used anyway. bootstrap-signer-controller and token-cleaner-controller need to be added since they are not default and would otherwise be added by kind but not if we are overriding. Signed-off-by: Jaime Caamaño Ruiz <[email protected]>
…arsing node_annotations: Make GetNodeHostAddrs() return stable results.
Signed-off-by: Tim Rozet <[email protected]>
https://github.com/k8snetworkplumbingwg/multus-cni/releases/tag/v4.1.3 Signed-off-by: Surya Seetharaman <[email protected]>
Invert CNI result order for UDN
SDN-4930,OCPBUGS-42616,SDN-5031,OCPBUGS-38753: [DownstreamMerge] 10-8-24
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: jluhrsen The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/hold |
openshift-ci
bot
added
the
do-not-merge/hold
|
/retitle SDN-5297: DownStream Merge Sync from 4.18 [10-31-2024] |
openshift-ci
bot
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@jluhrsen: This pull request references SDN-5297 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target either version "4.17." or "openshift-4.17.", but it targets "openshift-4.18" instead. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest |
|
/test images |
|
@jluhrsen: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/test e2e-metal-ipi-ovn-ipv6-techpreview |
openshift-merge-robot
added
the
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
closing in favor of #2349 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is based off of the currently unmerged [release-4.17] SDN-4919,OCPBUGS-39200: 4.18 merge - 5th Sept PR