Skip to content

Commit

Permalink
Merge remote-tracking branch 'upstream/master' into ds_merge_01222025
Browse files Browse the repository at this point in the history
  • Loading branch information
@kyrtapz
kyrtapz committed Jan 23, 2025
2 parents cd2cd1b + 14ffa61 commit 8943c1f
Show file tree
Hide file tree
Showing 61 changed files with 2,863 additions and 743 deletions.
2 changes: 1 addition & 1 deletion dist/images/Dockerfile.fedora
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ USER root

ENV PYTHONDONTWRITEBYTECODE yes

ARG ovnver=ovn-24.09.0-33.fc41
ARG ovnver=ovn-24.09.1-10.fc41
# Automatically populated when using docker buildx
ARG TARGETPLATFORM
ARG BUILDPLATFORM
Expand Down
16 changes: 16 additions & 0 deletions dist/images/ovnkube.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1906,6 +1906,14 @@ ovnkube-controller-with-node() {
fi
fi

if [[ ${ovnkube_node_mode} != "dpu-host" && ! ${ovn_gateway_opts} =~ "gateway-vlanid" ]]; then
# get the gateway vlanid
gw_vlanid=$(ovs-vsctl --if-exists get Open_vSwitch . external_ids:ovn-gw-vlanid | tr -d \")
if [[ -n ${gw_vlanid} ]]; then
ovn_gateway_opts+="--gateway-vlanid=${gw_vlanid}"
fi
fi

ovnkube_node_mgmt_port_netdev_flag=
if [[ ${ovnkube_node_mgmt_port_netdev} != "" ]]; then
ovnkube_node_mgmt_port_netdev_flag="--ovnkube-node-mgmt-port-netdev=${ovnkube_node_mgmt_port_netdev}"
Expand Down Expand Up @@ -2570,6 +2578,14 @@ ovn-node() {

fi

if [[ ${ovnkube_node_mode} != "dpu-host" && ! ${ovn_gateway_opts} =~ "gateway-vlanid" ]]; then
# get the gateway vlanid
gw_vlanid=$(ovs-vsctl --if-exists get Open_vSwitch . external_ids:ovn-gw-vlanid | tr -d \")
if [[ -n ${gw_vlanid} ]]; then
ovn_gateway_opts+="--gateway-vlanid=${gw_vlanid}"
fi
fi

local ovn_node_ssl_opts=""
if [[ ${ovnkube_node_mode} != "dpu-host" ]]; then
[[ "yes" == ${OVN_SSL_ENABLE} ]] && {
Expand Down
118 changes: 99 additions & 19 deletions dist/templates/k8s.ovn.org_clusteruserdefinednetworks.yaml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,16 +94,42 @@ spec:
layer2:
description: Layer2 is the Layer2 topology configuration.
properties:
ipamLifecycle:
description: |-
IPAMLifecycle controls IP addresses management lifecycle.
ipam:
description: IPAM section contains IPAM-related configuration
for the network.
minProperties: 1
properties:
lifecycle:
description: |-
Lifecycle controls IP addresses management lifecycle.

The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an
`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
Only supported when "subnets" are set.
enum:
- Persistent
type: string
The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an
`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
Only supported when mode is `Enabled`.
enum:
- Persistent
type: string
mode:
description: |-
Mode controls how much of the IP configuration will be managed by OVN.
`Enabled` means OVN-Kubernetes will apply IP configuration to the SDN infrastructure and it will also assign IPs
from the selected subnet to the individual pods.
`Disabled` means OVN-Kubernetes will only assign MAC addresses and provide layer 2 communication, letting users
configure IP addresses for the pods.
`Disabled` is only available for Secondary networks.
By disabling IPAM, any Kubernetes features that rely on selecting pods by IP will no longer function
(such as network policy, services, etc). Additionally, IP port security will also be disabled for interfaces attached to this network.
Defaults to `Enabled`.
enum:
- Enabled
- Disabled
type: string
type: object
x-kubernetes-validations:
- message: lifecycle Persistent is only supported when ipam.mode
is Enabled
rule: '!has(self.lifecycle) || self.lifecycle != ''Persistent''
|| !has(self.mode) || self.mode == ''Enabled'''
joinSubnets:
description: |-
JoinSubnets are used inside the OVN network topology.
Expand All @@ -113,10 +139,19 @@ spec:
It is not recommended to set this field without explicit need and understanding of the OVN network topology.
When omitted, the platform will choose a reasonable default which is subject to change over time.
items:
maxLength: 43
type: string
x-kubernetes-validations:
- message: CIDR is invalid
rule: isCIDR(self)
maxItems: 2
minItems: 1
type: array
x-kubernetes-validations:
- message: When 2 CIDRs are set, they must be from different
IP families
rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
|| cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
mtu:
description: |-
MTU is the maximum transmission unit for a network.
Expand All @@ -141,26 +176,42 @@ spec:
Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.

The format should match standard CIDR notation (for example, "10.128.0.0/16").
This field may be omitted. In that case the logical switch implementing the network only provides layer 2 communication,
and users must configure IP addresses for the pods. As a consequence, Port security only prevents MAC spoofing.
This field must be omitted if `ipam.mode` is `Disabled`.
items:
maxLength: 43
type: string
x-kubernetes-validations:
- message: CIDR is invalid
rule: isCIDR(self)
maxItems: 2
minItems: 1
type: array
x-kubernetes-validations:
- message: When 2 CIDRs are set, they must be from different
IP families
rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
|| cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
required:
- role
type: object
x-kubernetes-validations:
- message: Subnets is required for Primary Layer2 topology
rule: self.role != 'Primary' || has(self.subnets) && size(self.subnets)
> 0
- message: Subnets is required with ipam.mode is Enabled or unset
rule: has(self.ipam) && has(self.ipam.mode) && self.ipam.mode
!= 'Enabled' || has(self.subnets)
- message: Subnets must be unset when ipam.mode is Disabled
rule: '!has(self.ipam) || !has(self.ipam.mode) || self.ipam.mode
!= ''Disabled'' || !has(self.subnets)'
- message: Disabled ipam.mode is only supported for Secondary
network
rule: '!has(self.ipam) || !has(self.ipam.mode) || self.ipam.mode
!= ''Disabled'' || self.role == ''Secondary'''
- message: JoinSubnets is only supported for Primary network
rule: '!has(self.joinSubnets) || has(self.role) && self.role
== ''Primary'''
- message: IPAMLifecycle is only supported when subnets are set
rule: '!has(self.ipamLifecycle) || has(self.subnets) && size(self.subnets)
> 0'
- message: MTU should be greater than or equal to 1280 when IPv6
subent is used
rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
layer3:
description: Layer3 is the Layer3 topology configuration.
properties:
Expand All @@ -173,10 +224,19 @@ spec:
It is not recommended to set this field without explicit need and understanding of the OVN network topology.
When omitted, the platform will choose a reasonable default which is subject to change over time.
items:
maxLength: 43
type: string
x-kubernetes-validations:
- message: CIDR is invalid
rule: isCIDR(self)
maxItems: 2
minItems: 1
type: array
x-kubernetes-validations:
- message: When 2 CIDRs are set, they must be from different
IP families
rule: size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
|| cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
mtu:
description: |-
MTU is the maximum transmission unit for a network.
Expand Down Expand Up @@ -208,7 +268,11 @@ spec:
cidr:
description: CIDR specifies L3Subnet, which is split
into smaller subnets for every node.
maxLength: 43
type: string
x-kubernetes-validations:
- message: CIDR is invalid
rule: isCIDR(self)
hostSubnet:
description: |-
HostSubnet specifies the subnet size for every node.
Expand All @@ -221,19 +285,35 @@ spec:
required:
- cidr
type: object
x-kubernetes-validations:
- message: HostSubnet must be smaller than CIDR subnet
rule: '!has(self.hostSubnet) || !isCIDR(self.cidr) ||
self.hostSubnet > cidr(self.cidr).prefixLength()'
- message: HostSubnet must < 32 for ipv4 CIDR
rule: '!has(self.hostSubnet) || !isCIDR(self.cidr) ||
(cidr(self.cidr).ip().family() == 4 && self.hostSubnet
< 32)'
maxItems: 2
minItems: 1
type: array
x-kubernetes-validations:
- message: When 2 CIDRs are set, they must be from different
IP families
rule: size(self) != 2 || !isCIDR(self[0].cidr) || !isCIDR(self[1].cidr)
|| cidr(self[0].cidr).ip().family() != cidr(self[1].cidr).ip().family()
required:
- role
- subnets
type: object
x-kubernetes-validations:
- message: Subnets is required for Layer3 topology
rule: has(self.subnets) && size(self.subnets) > 0
- message: JoinSubnets is only supported for Primary network
rule: '!has(self.joinSubnets) || has(self.role) && self.role
== ''Primary'''
- message: MTU should be greater than or equal to 1280 when IPv6
subent is used
rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
isCIDR(i.cidr) && cidr(i.cidr).ip().family() == 6) || self.mtu
>= 1280'
topology:
description: |-
Topology describes network configuration.
Expand Down
Loading

0 comments on commit 8943c1f

Please sign in to comment.