Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OCPBUGS-39157,SDN-4930: Downstream Merge Sept 4th #2286

Merged
merged 46 commits into from
Sep 5, 2024

Conversation

martinkennelly
Copy link
Contributor

Please add any bugs to the title.

cc @arghosh93 , @ormergi , @ricky-rav , @tssurya

arghosh93 and others added 30 commits August 9, 2024 17:21
This is to change POD and join subnet used with couple of net-attach-def
in unit tests to satisfy newly introduced subnet overlap check with
ClusterNetwork, ServiceNetwork, join switch and masquerade CIDR.

Signed-off-by: Arnab Ghosh <[email protected]>
UDN API referance generated using the following command:
  crd-ref-docs --source-path ./go-controller/pkg/crd/userdefinednetwork --config=crd-docs-config.yaml --renderer=markdown --output-path=./docs/api-reference/userdefinednetwork-api-spec.md

Signed-off-by: Or Mergi <[email protected]>
Signed-off-by: Surya Seetharaman <[email protected]>
UDN: Add `MASQUERADE` IPTable Rules
UDN: allow multiple conditions from different fieldManagers to co-exist in the status.
…nagement-port

UDN: Add RPFilter Loose Mode for management port
Everytime a UDN was created, we were adding the all remote nodes for
every network all over again, including the default network. This makes
the checks on the annotations network aware.

Signed-off-by: Tim Rozet <[email protected]>
Services controller:
- move it to base network controller
- start one services controller per primary network
- set up filter in the informer so that only endpointslices for the given network are considered
- pass switch and router names according to the network for a given node.

Move getActiveNetworkForNamespace to CommonNetworkControllerInfo, because the services controller only has access to CommonNetworkControllerInfo at initialization and needs to run getActiveNetworkForNamespace.

Make LBs and LB groups network scoped

Add network name & role to OVN external IDs. In a few places in the code we retrieve all logical switches, routers and load balancers to initialize the services controller or to delete stale entries. With one services controller per network, the OVN lookup must only return OVN elements in the network we're interested in. This is achieved by adding the network name and network role (default, primary, secondary) to the ExternalIDs field of logical switches, routers and load balancers.

Signed-off-by: Riccardo Ravaioli <[email protected]>
The existing unit tests for services in services_controller_test are now run for UDN as well.

At the same time, a cleanup of unit tests was needed, especially since there was a lot of repetition in the surrounding code, also with respect to global and test-specific variables between services_controller_test.go and lb_config_test.go

Finally, Test_ETPCluster_NodePort_Service_WithMultipleIPAddresses follows the exact same logic found in TestSyncServices, so let's move it there

Signed-off-by: Riccardo Ravaioli <[email protected]>
Allows the execution of the network segmentation tests that are in network_segmentation_*.go (e.g. services, endpoint slice mirrorring). For instance:

make control-plane WHAT="Network Segmentation: services"

Signed-off-by: Riccardo Ravaioli <[email protected]>
The test creates a client and nodeport service in a UDN backed by one pod and similarly
a nodeport service and a client in the default network.
We verify that:
- UDN client --> UDN service, with backend pod and client running on the same node, is possible through:
  + clusterIP
  + nodeIP:nodePort, where we only target the node where the client runs (*)

- UDN client --> UDN service, with backend pod and client running on different nodes, is possible through:
  + clusterIP
  + nodeIP:nodePort, where we only target the node where the client runs (*)

- default-network client --> UDN service is NOT possible through:
  + clusterIP
  + nodeIP:nodePort, where we only target the node where the client runs (*)

-  UDN service --> default-network client is NOT possible through:
  + clusterIP
  + nodeIP:nodePort, where we only target the node where the client runs (*)

(*) TODO connect to other nodes too once ovnkube-node fully supports UDN

TODO: use the same logic as in network_segmentation.go

Signed-off-by: Riccardo Ravaioli <[email protected]>
Signed-off-by: Jaime Caamaño Ruiz <[email protected]>
Use faked iptables in UDN gateway tests
Update Dockerfile.fedora to use pre-released 24.09 ovn rpm.
Fixes remote node checks to be network aware
UDN layer 3 networks also have a join switch and gateway router.

Signed-off-by: Dumitru Ceara <[email protected]>
In the "delete" case we don't need the cookie, move the code that builds
the cookie after the section that checks and takes care of deletes.

Signed-off-by: Dumitru Ceara <[email protected]>
… namespace active network

Signed-off-by: Dumitru Ceara <[email protected]>
Signed-off-by: Surya Seetharaman <[email protected]>
@martinkennelly
Copy link
Contributor Author

/test e2e-aws-ovn-serial

@martinkennelly
Copy link
Contributor Author

/test e2e-aws-ovn-upgrade-local-gateway

event happened 22 times, something is wrong: namespace/openshift-machine-api hmsg/7dc4cc63cc machine/ci-op-fv21sb18-94c59-67gxm-master-2 - reason/FailedUpdate (combined from similar events): ci-op-fv21sb18-94c59-67gxm-master-2: reconciler failed to Update machine: failed to update load balancers: Throttling: Rate exceeded result=reject 
	status code: 400, request id: e8885fd7-f5af-491f-b605-b8dda99649aa (13:56:20Z)
event happened 30 times, something is wrong: namespace/openshift-machine-api hmsg/d96b6bd609 machine/ci-op-fv21sb18-94c59-67gxm-master-2 - reason/FailedUpdate (combined from similar events): ci-op-fv21sb18-94c59-67gxm-master-2: reconciler failed to Update machine: failed to update load balancers: Throttling: Rate exceeded result=reject 
	status code: 400, request id: 0d436caf-a539-4cc2-934c-d5d9978a11a4 (14:01:05Z)
event happened 25 times, something is wrong: namespace/openshift-machine-api hmsg/98d46844cb machine/ci-op-fv21sb18-94c59-67gxm-master-0 - reason/FailedUpdate (combined from similar events): ci-op-fv21sb18-94c59-67gxm-master-0: reconciler failed to Update machine: failed to update load balancers: Throttling: Rate exceeded result=reject 
	status code: 400, request id: 1c724031-cbd1-4641-9363-437a1c4f8451 (14:01:33Z)}

@martinkennelly
Copy link
Contributor Author

/test e2e-aws-ovn-upgrade

{"component":"entrypoint","file":"sigs.k8s.io/prow/pkg/entrypoint/run.go:169","func":"sigs.k8s.io/prow/pkg/entrypoint.Options.ExecuteProcess","level":"error","msg":"Process did not finish before 4h0m0s timeout","severity":"error","time":"2024-09-04T14:22:11Z"}
INFO[2024-09-04T14:22:11Z] Received signal.                              signal=interrupt
INFO[2024-09-04T14:22:13Z] error: Process interrupted with signal interrupt, cancelling execution... 

Looks like test exceeded deadline.

@martinkennelly
Copy link
Contributor Author

/test e2e-azure-ovn-upgrade

watchdog log collection failure

@martinkennelly
Copy link
Contributor Author

/test e2e-metal-ipi-ovn-ipv6-techpreview

@martinkennelly
Copy link
Contributor Author

martinkennelly commented Sep 5, 2024

/retitle OCPBUGS-39157,SDN-4930: Downstream Merge Sept 4th

@openshift-ci openshift-ci bot changed the title SDN-4930: Downstream Merge Sept 4th OCPBUGS-39157,SDN-4930: Downstream Merge Sept 4th Sep 5, 2024
@openshift-ci-robot
Copy link
Contributor

openshift-ci-robot commented Sep 5, 2024

@martinkennelly: This pull request references Jira Issue OCPBUGS-39157, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.18.0) matches configured target version for branch (4.18.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @anuragthehatter

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references SDN-4930 which is a valid jira issue.

In response to this:

Please add any bugs to the title.

cc @arghosh93 , @ormergi , @ricky-rav , @tssurya

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label Sep 5, 2024
Copy link
Contributor

openshift-ci bot commented Sep 5, 2024

@martinkennelly: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-azure-ovn 49ddde7 link false /test e2e-azure-ovn
ci/prow/security 49ddde7 link false /test security
ci/prow/e2e-aws-ovn-kubevirt 49ddde7 link false /test e2e-aws-ovn-kubevirt
ci/prow/e2e-azure-ovn-techpreview 49ddde7 link false /test e2e-azure-ovn-techpreview
ci/prow/e2e-metal-ipi-ovn-techpreview 49ddde7 link false /test e2e-metal-ipi-ovn-techpreview

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@martinkennelly
Copy link
Contributor Author

/assign @tssurya PTAL

Copy link
Contributor

openshift-ci bot commented Sep 5, 2024

@martinkennelly: GitHub didn't allow me to assign the following users: PTAL.

Note that only openshift members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

/assign @tssurya PTAL

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@martinkennelly
Copy link
Contributor Author

CI is looking good including payload tests.

@martinkennelly
Copy link
Contributor Author

There was also a green nightly for 4.18 that including the last merge.

@martinkennelly
Copy link
Contributor Author

cc @tssurya

@tssurya
Copy link
Contributor

tssurya commented Sep 5, 2024

/lgtm
/approve

great job here @martinkennelly

@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label Sep 5, 2024
Copy link
Contributor

openshift-ci bot commented Sep 5, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: martinkennelly, tssurya

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Sep 5, 2024
@tssurya
Copy link
Contributor

tssurya commented Sep 5, 2024

/tide refresh

@openshift-merge-bot openshift-merge-bot bot merged commit 14fb7c4 into openshift:master Sep 5, 2024
34 of 39 checks passed
@openshift-ci-robot
Copy link
Contributor

@martinkennelly: Jira Issue OCPBUGS-39157: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-39157 has been moved to the MODIFIED state.

In response to this:

Please add any bugs to the title.

cc @arghosh93 , @ormergi , @ricky-rav , @tssurya

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

Distgit: ovn-kubernetes-base
This PR has been included in build ose-ovn-kubernetes-base-container-v4.18.0-202409051704.p0.g14fb7c4.assembly.stream.el9.
All builds following this will include this PR.

@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

Distgit: ovn-kubernetes-microshift
This PR has been included in build ovn-kubernetes-microshift-container-v4.18.0-202409051704.p0.g14fb7c4.assembly.stream.el9.
All builds following this will include this PR.

@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

Distgit: ose-ovn-kubernetes
This PR has been included in build ose-ovn-kubernetes-container-v4.18.0-202409051704.p0.g14fb7c4.assembly.stream.el9.
All builds following this will include this PR.

@martinkennelly
Copy link
Contributor Author

/payload ?

Copy link
Contributor

openshift-ci bot commented Sep 20, 2024

@martinkennelly: it appears that you have attempted to use some version of the payload command, but your comment was incorrectly formatted and cannot be acted upon. See the docs for usage info.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged.
Projects
None yet
Development

Successfully merging this pull request may close these issues.