SDN-3733: [DownstreamMerge] 6-18-2023#1714
Merged
openshift-merge-robot merged 111 commits intoopenshift:masterfrom Jun 20, 2023
Merged
SDN-3733: [DownstreamMerge] 6-18-2023#1714openshift-merge-robot merged 111 commits intoopenshift:masterfrom
openshift-merge-robot merged 111 commits intoopenshift:masterfrom
Conversation
This commit passes the egressip_enabled_flag to cluster manager pod on control plane so that we can configure the feature from CM for IC Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit does three things: 1) It adds eipFactory to CMWatchFactory which is required for EIP 2) It adds EIPClient and CloudNetworkClient to CMClientset CM = cluster manager This plubming is the foundation to be able to move egressIP bits into CM. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds DeleteLogicalRouterStaticRoutesWithPredicateOps to libovsdbops package. Note that we already had DeleteLogicalRouterStaticRoutesWithPredicate and now we want to just have a util that returns the ops so that we can batch this when doing a deletion for EIP. NOTE: This commit only introduces the utility, its use comes down in future commit. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit does the following: Cluster Manager side: 1) We create a new egressIPController and call that from CM if the feature is enabled 2) We do only WatchEgressNodes, WatchEgressIP and WatchCloudPrivateIPConfig from CM (namespaces, pods will be taken care of by master) 3) We move all the eip healthcheck bits and node allocator bits to CM 4) Any updates to EIP CRD will always be done by CM; master side will only read the CRD 5) All bits for cloud private IP config was moved to CM from master. Master side: 1) We rename egressIPController to egressIPZoneController - this is responsible for doing NBDB configurations for everything happening in its zone and sometimes for pods in remote zones when necessary 2) We add a localZoneNodes similar to what we have in base which holds the list of local zone nodes 3) master will be responsible for adding snats, reroute policies and static routes for eip pods High level logic: - Do SNATs towards egressIP only if egressNode is local to the zone irrespective of whether the pod is local or remote - Do reroute policies towards transit switch only if pod is local to the zone. NOTE: In IC, nexthop is transit switchIP NOT joinIP - Do static routes towards joinIP only if pod is non-local to the zone but egressnode is local to the zone. NOTE: This is NEW, we never used static routes for EIP before. It is an IC only thing. - Do SNATs towards nodeIP only if pod is local to the zone - Duplicate the code for `IsReachableLegacy` and `IsReachableViaGRPC` functions which will now be in both CM and master - but this is temporary to ensure ESVC works in non-IC setup and until we do ESVC refactor for IC. Tests: The commit also fixes unit tests to run in non-ic and ic modes and splits the tests for global controller logic into cluster-manager while keeping the tests to check libovsdb objects in master itself. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Support Egress IP on OVN-IC
This is the metrics refactor for interconnect following the work done in ovn-kubernetes/ovn-kubernetes#3386. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Ensuring the work done here: martinkennelly/ovn-kubernetes-1@c47ed89 sees light. Co-Authored-by: Martin Kennelly <mkennell@redhat.com> Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
…(informer,lister,api) Signed-off-by: jordigilh <jgil@redhat.com>
* Implements controllers for Admin Policy Based External Route to handle changes to namespaces, pods and admin policy based external route CRs. * Initialize in master node to handle interactions with the north bound DB. Initialize in worker nodes to handle changes to the conntrack (delete ECMP entries when a gateway IP is no longer a valid external gateway IP) * Implements repair() function for the master node. * Integrates with the annotation logic to avoid duplications in cache by sharing the externalGWCache and EXGWCacheMutex objects between the annotation and controller logic. * Updates the annotation logic to ensure the namespace anontation k8s.ovn.org/external-gw-pod-ips is updated when changes occur in a CR instance that coexists in the same namespace and that can impact the list of dynamic gateway IPs. * The implementation no longer relies on namespace annotations, including "k8s.ovn.org/external-gw-pod-ips", instead it uses its own cache structure to identify the valid pod IPs for a given namespace. * Implement E2E tests for admin policy based external route. The tests are a duplication of the existing annotated based logic for external gateways using the CR instead. Signed-off-by: jordigilh <jgil@redhat.com>
…rnal_gateway [SDN-2482] API enhancement to add support for Admin Policy Based External Route CRs
Without it Stop() will always fail with `close of nil channel`. Additionally removed unused fields from FakeClusterManager. Signed-off-by: Patryk Diak <pdiak@redhat.com>
- go 19 in go.mod - use go v1.19.6 in Makefile for building - upgrade golangci linter to latest version - one whitespace error fixed as part of the lint upgrade Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
Users can create the external gateway bridge without attaching a host physical interface as the uplink port in local gateway mode. The gateway router will use 169.254.169.4 as the default gateway. Add a new gateway config flag 'allow-no-uplink' to controll if this setup is allowed or not. It's disabled by default. With this setup, egressIP and egressGW can not work. Signed-off-by: Peng Liu <pliu@redhat.com>
Signed-off-by: Peng Liu <pliu@redhat.com>
Initialize EgressIP stopChan in cluster-manager
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Network policies targeting IPAM less networks can only have `ipBlock` peers; while this behavior already existed, it now fails a lot earlier, when translating the multi-net policies into regular `NetworkPolicy`, thus making the flow more explicit, efficient, and readable. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
…icies Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Multi policies ipamless ipblock
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Allow external gateway bridge without uplink port In local gateway mode
when we create a hybrid overlay Node we pass LocalPodInformer which only knows about Pods local to the node they are running on. The hybrid overlay was assuming it was listening to all pods and manually filtering out those that are not on the local node. This commit fixes that assumption and renames the variables to reflect that they are localPodInformers and localPodListers Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
this code in AddPod() is not required and is duplicate effort for the hybrid overlay. code was added to AddNode() that once the drIP and drMAC are set will loop through all pods and initialize them. This check is not requried. Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
…e-ipamless docs, multi-homing, policy: document IPAM-less policies restrictions
Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
When on a multi-homing lane create a secondary network **without** external access (the ovnkube-node gateway init code would pick an interface with a default route as the interface to create `br-ex` on top of). Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This commit adds code to configure the cluster underlay to provide east/west connectivity between pods using a localnet secondary network, something which will allows us to test the underlay topology - since up to now we weren't actually testing anything meaningful: since all pods using a secondary network were scheduled in the same node, the underlay was not being used. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
Contributor
Author
|
for unit tests I think we need a CI image bump openshift/release#40428 |
Contributor
|
@trozet: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Contributor
Author
|
/retest-required |
Contributor
Author
|
/payload 4.14 ci blocking |
Contributor
|
@trozet: trigger 4 job(s) of type blocking for the ci release of OCP 4.14
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/9b099ad0-0e29-11ee-80e5-dbab93242630-0 |
Contributor
Author
|
/payload 4.14 nightly blocking |
Contributor
|
@trozet: trigger 7 job(s) of type blocking for the nightly release of OCP 4.14
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a3803340-0e29-11ee-8233-3b67edbc6b7b-0 |
Contributor
|
/retest-required |
Contributor
|
all payloads looking good except the rt upgrade one, re-triggering that.. |
Contributor
|
/payload-aggregate periodic-ci-openshift-release-master-ci-4.14-upgrade-from-stable-4.13-e2e-gcp-ovn-rt-upgrade 10 |
Contributor
|
@tssurya: trigger 1 job(s) for the /payload-(job|aggregate) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/c478af20-0e9a-11ee-98f4-9bd2d056787c-0 |
Closed
maiqueb
approved these changes
Jun 20, 2023
Contributor
maiqueb
left a comment
maiqueb
left a comment
There was a problem hiding this comment.
The IPAM-less policy code looks good.
Thanks for this PR.
Contributor
|
/payload-aggregate periodic-ci-openshift-release-master-ci-4.14-upgrade-from-stable-4.13-e2e-gcp-ovn-rt-upgrade 10 |
Contributor
|
@tssurya: trigger 1 job(s) for the /payload-(job|aggregate) command
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/effa8920-0f53-11ee-9286-50055da1ac6a-0 |
Contributor
|
Unit tests will work after #1657 merges |
Contributor
Author
|
/test ci/prow/unit |
Contributor
|
@trozet: The specified target(s) for
The following commands are available to trigger optional jobs:
Use
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Contributor
Author
|
/test unit |
Contributor
Author
|
/override ci/prow/e2e-aws-ovn-upgrade-local-gateway |
Contributor
Author
|
rt-upgrade is green. I think we are good to merge this PR. |
Contributor
|
@trozet: Overrode contexts on behalf of trozet: ci/prow/e2e-aws-ovn-upgrade-local-gateway DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Contributor
|
/lgtm |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jcaamano, maiqueb, trozet The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Contributor
|
/retitle SDN-3733: [DownstreamMerge] 6-18-2023 |
openshift-ci
bot
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Final large merge to bring us up to date with upstream.
@tssurya @pliurh @kyrtapz @maiqueb @dcbw @pperiyasamy @jordigilh FYI
only 1 trivial conflict in github actions test.yaml which has no effect on downstream