diff --git a/bindata/network/frr-k8s/001-crd.yaml b/bindata/network/frr-k8s/001-crd.yaml index 264d43a5d6..676d22e4ae 100644 --- a/bindata/network/frr-k8s/001-crd.yaml +++ b/bindata/network/frr-k8s/001-crd.yaml @@ -184,9 +184,15 @@ spec: 0 disableMP: default: false - description: To set if we want to disable MP BGP that - will separate IPv4 and IPv6 route exchanges into - distinct BGP sessions. + description: |- + To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions. + Deprecated: DisableMP is deprecated in favor of dualStackAddressFamily. + type: boolean + dualStackAddressFamily: + default: false + description: |- + To set if we want to enable the neighbor not only for the ipfamily related to its session, + but also the other one. This allows to advertise/receive IPv4 prefixes over IPv6 sessions and vice versa. type: boolean dynamicASN: description: |- @@ -222,6 +228,8 @@ spec: represents an interface name on the host and if user provides an invalid value, only the actual BGP session will not be established. Address and Interface are mutually exclusive and one of them must be specified. + Note: when enabling unnumbered, the neighbor will be enabled for both + IPv4 and IPv6 address families. type: string keepaliveTime: description: |- diff --git a/bindata/network/frr-k8s/config.yaml b/bindata/network/frr-k8s/config.yaml index 5f39c32ef3..1b559f70de 100644 --- a/bindata/network/frr-k8s/config.yaml +++ b/bindata/network/frr-k8s/config.yaml @@ -46,7 +46,7 @@ data: # vtysh_enable=yes zebra_options=" -A 127.0.0.1 -s 90000000 --limit-fds 100000" - bgpd_options=" -A 127.0.0.1 --limit-fds 100000" + bgpd_options=" -A 127.0.0.1 -p 0 --limit-fds 100000" ospfd_options=" -A 127.0.0.1" ospf6d_options=" -A ::1" ripd_options=" -A 127.0.0.1" diff --git a/bindata/network/frr-k8s/webhook.yaml b/bindata/network/frr-k8s/webhook.yaml index cb0414ff15..b7562400cf 100644 --- a/bindata/network/frr-k8s/webhook.yaml +++ b/bindata/network/frr-k8s/webhook.yaml @@ -61,7 +61,7 @@ spec: component: frr-k8s-webhook-server annotations: target.workload.openshift.io/management: '{"effect": "PreferredDuringScheduling"}' - openshift.io/required-scc: restricted-v2 + openshift.io/required-scc: privileged spec: containers: - command: @@ -71,19 +71,13 @@ spec: - --webhook-mode=onlywebhook - --disable-cert-rotation=true - --namespace=$(NAMESPACE) - - --metrics-bind-address=:7572 env: - name: NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: {{.FRRK8sImage}} - name: frr-k8s-webhook-server - ports: - - containerPort: 7572 - name: monitoring - securityContext: - runAsNonRoot: true + name: frr-k8s-webhook-server resources: requests: cpu: 10m @@ -122,3 +116,4 @@ spec: serviceAccountName: frr-k8s-daemon priorityClassName: system-cluster-critical terminationGracePeriodSeconds: 10 + hostNetwork: true diff --git a/bindata/network/multus-admission-controller/003-webhook.yaml b/bindata/network/multus-admission-controller/003-webhook.yaml index aca1cf39e5..533001a069 100644 --- a/bindata/network/multus-admission-controller/003-webhook.yaml +++ b/bindata/network/multus-admission-controller/003-webhook.yaml @@ -27,6 +27,10 @@ webhooks: apiGroups: ["k8s.cni.cncf.io"] apiVersions: ["v1"] resources: ["network-attachment-definitions"] + matchConditions: + # On updates, only validate if the Spec changes + - name: CreateDeleteOrUpdatedSpec + expression: oldObject == null || object == null || object.spec != oldObject.spec sideEffects: NoneOnDryRun admissionReviewVersions: - v1 diff --git a/bindata/network/ovn-kubernetes/self-hosted/ovnkube-control-plane.yaml b/bindata/network/ovn-kubernetes/self-hosted/ovnkube-control-plane.yaml index 75a2ddff25..fbdf37107e 100644 --- a/bindata/network/ovn-kubernetes/self-hosted/ovnkube-control-plane.yaml +++ b/bindata/network/ovn-kubernetes/self-hosted/ovnkube-control-plane.yaml @@ -148,6 +148,15 @@ spec: route_advertisements_enable_flag="--enable-route-advertisements" fi + if [ "{{.OVN_GATEWAY_MODE}}" == "shared" ]; then + gateway_mode_flags="--gateway-mode shared" + elif [ "{{.OVN_GATEWAY_MODE}}" == "local" ]; then + gateway_mode_flags="--gateway-mode local" + else + echo "Invalid OVN_GATEWAY_MODE: \"{{.OVN_GATEWAY_MODE}}\". Must be \"local\" or \"shared\"." + exit 1 + fi + echo "I$(date "+%m%d %H:%M:%S.%N") - ovnkube-control-plane - start ovnkube --init-cluster-manager ${K8S_NODE}" exec /usr/bin/ovnkube \ --enable-interconnect \ @@ -165,6 +174,7 @@ spec: ${persistent_ips_enabled_flag} \ ${multi_network_enabled_flag} \ ${network_segmentation_enabled_flag} \ + ${gateway_mode_flags} \ ${route_advertisements_enable_flag} volumeMounts: - mountPath: /run/ovnkube-config/