[release-4.17] SDN-4919,OCPBUGS-39200: 4.18 merge - 5th Sept

.github/workflows/test.yml

@@ -433,8 +433,8 @@ jobs:
           - {"target": "kv-live-migration", "ha": "noHA", "gateway-mode": "local",  "ipfamily": "ipv4",      "disable-snat-multiple-gws": "SnatGW",   "second-bridge": "1br", "ic": "ic-disabled", "num-workers": "3"}
           - {"target": "kv-live-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW",   "second-bridge": "1br", "ic": "ic-single-node-zones", "num-workers": "3"}
           - {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW",   "second-bridge": "1br", "ic": "ic-single-node-zones", "forwarding": "disable-forwarding"}
-          - {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
-          - {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
+          - {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
+          - {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
           - {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"}
           - {"target": "tools", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
     needs: [ build-pr ]

Dockerfile.base

@@ -12,10 +12,10 @@ RUN dnf install -y --nodocs \
 	selinux-policy procps-ng && \
 	dnf clean all
 
-ARG ovsver=3.3.0-2.el9fdp
+ARG ovsver=3.4.0-1.el9fdp
 ARG ovnver=24.03.2-19.el9fdp
 # NOTE: Ensure that the versions of OVS and OVN are overriden for OKD in each of the subsequent layers.
-ARG ovsver_okd=3.3.0-2.el9s
+ARG ovsver_okd=3.4.0-0.8.el9s
 ARG ovnver_okd=24.03.1-5.el9s
 
 RUN INSTALL_PKGS="iptables nftables" && \

dist/images/Dockerfile.fedora

@@ -9,13 +9,13 @@
 # are built locally and included in the image (instead of the rpm)
 #
 
-FROM fedora:39
+FROM fedora:rawhide
 
 USER root
 
 ENV PYTHONDONTWRITEBYTECODE yes
 
-ARG ovnver=ovn-24.03.2-19.fc39
+ARG ovnver=ovn-24.03.90-6.fc42
 # Automatically populated when using docker buildx
 ARG TARGETPLATFORM
 ARG BUILDPLATFORM
@@ -24,14 +24,14 @@ RUN echo "Running on $BUILDPLATFORM, building for $TARGETPLATFORM"
 
 # install needed rpms - openvswitch must be 2.10.4 or higher
 RUN INSTALL_PKGS=" \
-	python3-pip python3-pyyaml bind-utils procps-ng openssl numactl-libs firewalld-filesystem \
-	libpcap hostname kubernetes-client util-linux \
-        ovn ovn-central ovn-host python3-openvswitch tcpdump openvswitch-test python3-pyOpenSSL \
-	iptables iproute iputils strace socat koji \
-        libreswan openvswitch-ipsec \
-        " && \
-	dnf install --best --refresh -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
-	dnf clean all && rm -rf /var/cache/dnf/*
+    python3-pip python3-pyyaml bind-utils procps-ng openssl numactl-libs firewalld-filesystem \
+    libpcap hostname kubernetes-client util-linux \
+    ovn ovn-central ovn-host python3-openvswitch tcpdump openvswitch-test python3-pyOpenSSL \
+    iptables iproute iputils strace socat koji \
+    libreswan openvswitch-ipsec \
+    " && \
+    dnf install --best --refresh -y --setopt=tsflags=nodocs $INSTALL_PKGS && \
+    dnf clean all && rm -rf /var/cache/dnf/*
 RUN ln -s /usr/bin/python3 /usr/libexec/platform-python
 
 RUN mkdir -p /var/run/openvswitch

dist/templates/k8s.ovn.org_userdefinednetworks.yaml.j2

@@ -287,6 +287,9 @@ spec:
                   - type
                   type: object
                 type: array
+                x-kubernetes-list-map-keys:
+                - type
+                x-kubernetes-list-type: map
             type: object
         required:
         - spec

docs/api-reference/introduction.md

@@ -37,3 +37,4 @@ designed and implemented by OVN-Kubernetes
 * [EgressQoS](https://ovn-kubernetes.io/api-reference/egress-qos-api-spec/)
 * [EgressFirewall](https://ovn-kubernetes.io/api-reference/egress-firewall-api-spec/)
 * [AdminPolicyBasedExternalRoutes](https://ovn-kubernetes.io/api-reference/admin-epbr-api-spec/)
+* [UserDefinedNetwork](https://ovn-kubernetes.io/api-reference/userdefinednetwork-api-spec/)

docs/api-reference/userdefinednetwork-api-spec.md

@@ -0,0 +1,254 @@
+# API Reference
+
+## Packages
+- [k8s.ovn.org/v1](#k8sovnorgv1)
+
+
+## k8s.ovn.org/v1
+
+Package v1 contains API Schema definitions for the network v1 API group
+
+### Resource Types
+- [UserDefinedNetwork](#userdefinednetwork)
+- [UserDefinedNetworkList](#userdefinednetworklist)
+
+
+
+#### CIDR
+
+_Underlying type:_ _string_
+
+
+
+
+
+_Appears in:_
+- [DualStackCIDRs](#dualstackcidrs)
+- [Layer3Subnet](#layer3subnet)
+- [LocalNetConfig](#localnetconfig)
+
+
+
+#### DualStackCIDRs
+
+_Underlying type:_ _[CIDR](#cidr)_
+
+
+
+_Validation:_
+- MaxItems: 2
+- MinItems: 1
+
+_Appears in:_
+- [Layer2Config](#layer2config)
+- [Layer3Config](#layer3config)
+- [LocalNetConfig](#localnetconfig)
+
+
+
+#### Layer2Config
+
+
+
+
+
+
+
+_Appears in:_
+- [UserDefinedNetworkSpec](#userdefinednetworkspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `role` _[NetworkRole](#networkrole)_ | Role describes the network role in the pod.<br /><br />Allowed value is "Secondary".<br />Secondary network is only assigned to pods that use `k8s.v1.cni.cncf.io/networks` annotation to select given network. |  | Enum: [Primary Secondary] <br />Required: \{\} <br /> |
+| `mtu` _integer_ | MTU is the maximum transmission unit for a network.<br />MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. |  | Maximum: 65536 <br />Minimum: 0 <br /> |
+| `subnets` _[DualStackCIDRs](#dualstackcidrs)_ | Subnets are used for the pod network across the cluster.<br />Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.<br /><br />The format should match standard CIDR notation (for example, "10.128.0.0/16").<br />This field may be omitted. In that case the logical switch implementing the network only provides layer 2 communication,<br />and users must configure IP addresses for the pods. As a consequence, Port security only prevents MAC spoofing. |  | MaxItems: 2 <br />MinItems: 1 <br /> |
+| `joinSubnets` _[DualStackCIDRs](#dualstackcidrs)_ | JoinSubnets are used inside the OVN network topology.<br /><br />Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.<br />This field is only allowed for "Primary" network.<br />It is not recommended to set this field without explicit need and understanding of the OVN network topology.<br />When omitted, the platform will choose a reasonable default which is subject to change over time. |  | MaxItems: 2 <br />MinItems: 1 <br /> |
+| `ipamLifecycle` _[NetworkIPAMLifecycle](#networkipamlifecycle)_ | IPAMLifecycle controls IP addresses management lifecycle.<br /><br />The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an<br />`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.<br />Only supported when "subnets" are set. |  | Enum: [Persistent] <br /> |
+
+
+#### Layer3Config
+
+
+
+
+
+
+
+_Appears in:_
+- [UserDefinedNetworkSpec](#userdefinednetworkspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `role` _[NetworkRole](#networkrole)_ | Role describes the network role in the pod.<br /><br />Allowed values are "Primary" and "Secondary".<br />Primary network is automatically assigned to every pod created in the same namespace.<br />Secondary network is only assigned to pods that use `k8s.v1.cni.cncf.io/networks` annotation to select given network. |  | Enum: [Primary Secondary] <br />Required: \{\} <br /> |
+| `mtu` _integer_ | MTU is the maximum transmission unit for a network.<br /><br />MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. |  | Maximum: 65536 <br />Minimum: 0 <br /> |
+| `subnets` _[Layer3Subnet](#layer3subnet) array_ | Subnets are used for the pod network across the cluster.<br /><br />Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.<br />Given subnet is split into smaller subnets for every node. |  | MaxItems: 2 <br />MinItems: 1 <br /> |
+| `joinSubnets` _[DualStackCIDRs](#dualstackcidrs)_ | JoinSubnets are used inside the OVN network topology.<br /><br />Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.<br />This field is only allowed for "Primary" network.<br />It is not recommended to set this field without explicit need and understanding of the OVN network topology.<br />When omitted, the platform will choose a reasonable default which is subject to change over time. |  | MaxItems: 2 <br />MinItems: 1 <br /> |
+
+
+#### Layer3Subnet
+
+
+
+
+
+
+
+_Appears in:_
+- [Layer3Config](#layer3config)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `cidr` _[CIDR](#cidr)_ | CIDR specifies L3Subnet, which is split into smaller subnets for every node. |  |  |
+| `hostSubnet` _integer_ | HostSubnet specifies the subnet size for every node.<br /><br />When not set, it will be assigned automatically. |  | Maximum: 127 <br />Minimum: 1 <br /> |
+
+
+#### LocalNetConfig
+
+
+
+
+
+
+
+_Appears in:_
+- [UserDefinedNetworkSpec](#userdefinednetworkspec)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `role` _[NetworkRole](#networkrole)_ | Role describes the network role in the pod.<br /><br />Allowed values are "Primary" and "Secondary".<br />Must be set to "Secondary". |  | Enum: [Primary Secondary] <br />Required: \{\} <br /> |
+| `mtu` _integer_ | MTU is the maximum transmission unit for a network.<br /><br />MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network. |  | Maximum: 65536 <br />Minimum: 0 <br /> |
+| `subnets` _[DualStackCIDRs](#dualstackcidrs)_ | Subnets are used for the pod network across the cluster.<br /><br />Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.<br />The format should match standard CIDR notation <example>.<br />This field may be omitted.<br />In that case the logical switch implementing the network only provides layer 2 communication,<br />and users must configure IP addresses for the pods. As a consequence, Port security only prevents MAC spoofing. |  | MaxItems: 2 <br />MinItems: 1 <br /> |
+| `excludeSubnets` _[CIDR](#cidr) array_ | ExcludeSubnets is a list of CIDRs that will be removed from the assignable IP address pool specified by the "Subnets" field.<br /><br />This field is supported only when "Subnets" field is set.<br /><br />In case the subject local network provides various services (e.g.: DHCP server, data-base) their addresses can be excluded<br />from the IP addresses pool OVN-Kubernetes will use for the subject network workloads (specified by "Subnets" field). |  | MaxItems: 25 <br />MinItems: 1 <br /> |
+| `ipamLifecycle` _[NetworkIPAMLifecycle](#networkipamlifecycle)_ | IPAMLifecycle controls IP addresses management lifecycle.<br /><br />The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an<br />`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.<br />Only supported when "subnets" are set. |  | Enum: [Persistent] <br /> |
+
+
+#### NetworkIPAMLifecycle
+
+_Underlying type:_ _string_
+
+
+
+_Validation:_
+- Enum: [Persistent]
+
+_Appears in:_
+- [Layer2Config](#layer2config)
+- [LocalNetConfig](#localnetconfig)
+
+| Field | Description |
+| --- | --- |
+| `Persistent` |  |
+
+
+#### NetworkRole
+
+_Underlying type:_ _string_
+
+
+
+_Validation:_
+- Enum: [Primary Secondary]
+
+_Appears in:_
+- [Layer2Config](#layer2config)
+- [Layer3Config](#layer3config)
+- [LocalNetConfig](#localnetconfig)
+
+| Field | Description |
+| --- | --- |
+| `Primary` |  |
+| `Secondary` |  |
+
+
+#### NetworkTopology
+
+_Underlying type:_ _string_
+
+
+
+_Validation:_
+- Enum: [Layer2 Layer3 LocalNet]
+
+_Appears in:_
+- [UserDefinedNetworkSpec](#userdefinednetworkspec)
+
+| Field | Description |
+| --- | --- |
+| `Layer2` |  |
+| `Layer3` |  |
+| `LocalNet` |  |
+
+
+#### UserDefinedNetwork
+
+
+
+UserDefinedNetwork describe network request for a Namespace.
+
+
+
+_Appears in:_
+- [UserDefinedNetworkList](#userdefinednetworklist)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `k8s.ovn.org/v1` | | |
+| `kind` _string_ | `UserDefinedNetwork` | | |
+| `metadata` _[ObjectMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#objectmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `spec` _[UserDefinedNetworkSpec](#userdefinednetworkspec)_ |  |  | Required: \{\} <br /> |
+| `status` _[UserDefinedNetworkStatus](#userdefinednetworkstatus)_ |  |  |  |
+
+
+#### UserDefinedNetworkList
+
+
+
+UserDefinedNetworkList contains a list of UserDefinedNetwork.
+
+
+
+
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `apiVersion` _string_ | `k8s.ovn.org/v1` | | |
+| `kind` _string_ | `UserDefinedNetworkList` | | |
+| `metadata` _[ListMeta](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#listmeta-v1-meta)_ | Refer to Kubernetes API documentation for fields of `metadata`. |  |  |
+| `items` _[UserDefinedNetwork](#userdefinednetwork) array_ |  |  |  |
+
+
+#### UserDefinedNetworkSpec
+
+
+
+UserDefinedNetworkSpec defines the desired state of UserDefinedNetworkSpec.
+
+
+
+_Appears in:_
+- [UserDefinedNetwork](#userdefinednetwork)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `topology` _[NetworkTopology](#networktopology)_ | Topology describes network configuration.<br /><br />Allowed values are "Layer3", "Layer2", "LocalNet".<br />Layer3 topology creates a layer 2 segment per node, each with a different subnet. Layer 3 routing is used to interconnect node subnets.<br />Layer2 topology creates one logical switch shared by all nodes.<br />LocalNet topology creates a cluster-wide logical switch connected to a physical network. |  | Enum: [Layer2 Layer3 LocalNet] <br />Required: \{\} <br /> |
+| `layer3` _[Layer3Config](#layer3config)_ | Layer3 is the Layer3 topology configuration. |  |  |
+| `layer2` _[Layer2Config](#layer2config)_ | Layer2 is the Layer2 topology configuration. |  |  |
+| `localNet` _[LocalNetConfig](#localnetconfig)_ | LocalNet is the LocalNet topology configuration. |  |  |
+
+
+#### UserDefinedNetworkStatus
+
+
+
+UserDefinedNetworkStatus contains the observed status of the UserDefinedNetwork.
+
+
+
+_Appears in:_
+- [UserDefinedNetwork](#userdefinednetwork)
+
+| Field | Description | Default | Validation |
+| --- | --- | --- | --- |
+| `conditions` _[Condition](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#condition-v1-meta) array_ |  |  |  |
+
+

go-controller/pkg/clustermanager/egressservice/egressservice_cluster_endpointslices.go

@@ -61,7 +61,7 @@ func (c *Controller) onEndpointSliceDelete(obj interface{}) {
 }
 
 func (c *Controller) queueServiceForEndpointSlice(endpointSlice *discovery.EndpointSlice) {
-	key, err := services.ServiceControllerKey(endpointSlice)
+	key, err := services.GetServiceKeyFromEndpointSliceForDefaultNetwork(endpointSlice)
 	if err != nil {
 		// Do not log endpointsSlices missing service labels as errors.
 		// Once the service label is eventually added, we will get this event