OCPBUGS-48330,OCPBUGS-42609,OCPBUGS-46585,SDN-4930,OCPBUGS-48412: Downstream Merge [01-23-2025] #2420
Conversation
- remove subnets filed validation from Layer3 config, as it is required for Layer3 (not for Layer2 though) and length validation is already built into subnets field. - fix mtu validation when mtu field is not present - add `isCIDR() &&` or `!isCIDR ||` checks in front of all cidr() usages that makes sure given expressions will not fire an error in case of the wrong cidr. We have separate isCIDR() validations on every cidr field. - simplify `hostSubnet < 32` check for v4 networks - add MaxLenght limitation for CIDR to improve CEL cost estimation Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
When making a call to netlink to retrieve a links addresses, netlink will return the addresses and group them by at least the addresses scope. It will return addresses grouped by scope - host, link and global scope. Therefore if the EIP address assigned to the ext bridge to support EIP for UDN is scope host, and OVN Kube restarts, it may select the EIP address as the primary IP address. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
Signed-off-by: nithyar <nithyar@nvidia.com>
k8s.ovn.org/user-defined-network is now required to be labeled on a namespace at namespace creation time in order to use a primary UDN. The following conditions are true: 1. If namespace is missing the label, and a pod is created, it attaches to default network. 2. If the namespace is missing the label, and a primary UDN or CUDN is created that matches that namespace, the UDN/CUDN will report error status and the NAD will not be generated. 3. If the namespace is missing the label, and a primary UDN/CUDN exists, a pod in the namespace will be created and attached to default network. 4. If the namespace has the label, and a primary UDN/CUDN does not exist a pod in the namespace will fail creation until the UDN/CUDN is created. Also includes some fixes to unit tests that were brought to light by this PR. For example, the layer 2 multi-network tests were adding invalid annotations for node-subnets, etc. Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Patryk Diak <pdiak@redhat.com>
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Tim Rozet <trozet@redhat.com>
Was using ipv6 on ipv4 cluster. Signed-off-by: Tim Rozet <trozet@redhat.com>
EgressIP was depending on getActiveNetworkFromNamespace to work, or would fail to remove egressIP status. Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Tim Rozet <trozet@redhat.com>
Test ensures that a pod will still come up when a UDN exists, but the UDN required label is missing on the namespace. The pod will be wired to the default cluster network. Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Tim Rozet <trozet@redhat.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Fixes test "should be able to send multicast UDP traffic between nodes" which was failing in IPv6 lane due to bugs with an older iperf version. Updates the test case to bind iperf to the right interface (eth0 or ovn-udn1) depending on the test. Test "should be able to receive multicast IGMP query" is skipped on IPv6. I tried to fix it, but it doesn't seem to work. I left some notes there so someone can follow up later to fix the test and unskip it. Signed-off-by: Tim Rozet <trozet@redhat.com>
Update OVS bridge flows for supporting gateway VLANs
IPAM options are only available for Layer2 network for now. IPAM.Lifecycle is only supported when IPAM.Mode is Enabled (previously expressed with non-empty subnets). IPAM.Mode=Disabled is only supported for secondary network. Update CEL: require or omit subnets based on the IPAM.Mode instead of network role. The only controller change needed is the location of IPAMLifecycle. Empty subnets means turn off IPAM in NAD config, and CEL ensures that subnets will be empty if and only if IPAM.Mode is Disabled. We do have a duplicate check for some CEL validations in the code, they are covered by unit tests. Fix "should fail to render NAD" test, as it used to always return error because of the empty target namespace instead of expected one. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
e2e,udn crd: Use the right IP family according to env
Add GetInterfaceUDNs to convert interface name to (C)UDN ns+name.
netConfig pointer was being modified in a loop so pods were removed from only one namespace. Signed-off-by: Patryk Diak <pdiak@redhat.com>
Fix pods cleanup in ClusterUserDefinedNetwork test
Enforce udn ns label
(C)UDN CRD: update CEL and add IPAM section
Signed-off-by: nithyar <nithyar@nvidia.com>
Add missing host-cidrs annotation for DPU Host
… for data Within some funcs for EIP, we depend on OVN constructs (address sets usually) that are created async. We are cluttering up the logs with spam when its not really an error that said constructs haven't been (yet) created. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
For layer 2 UDNs it is expected that ovnkube-controller will process the pod with the annotation missing while waiting for cluster manager to allocate it. Suppress the error in that case. Signed-off-by: Tim Rozet <trozet@redhat.com>
Without this the error for missing annotations will not be suppressed and then false positive errors will be reported. Signed-off-by: Tim Rozet <trozet@redhat.com>
…nntrack entries. With the OVN bump to 24.09.1-10 a bug is fixed in OVN due to which ecmp-symmetric-reply wasn't honored for "single path ECMP" routes. The "Should validate TCP/UDP connectivity even after MAC change (gateway migration) for egress" e2e test happened to use a "single path ECMP" route and the OVN bug fix made it fail (because now conntrack entries correctly get created even if the route has a single path). The purpose of the test wasn't related to ECMP symmetric reply behavior necessarily but more related to ARP/ND updates on gateway migration. Therefore it's safe to change the test so that the packet that's sent after gateway migration uses a different TCP/UDP source port. Like that it won't match any existing conntrack entries. Signed-off-by: Dumitru Ceara <dceara@redhat.com>
Set network ID on netInfo even when already annotated
Signed-off-by: Patryk Diak <pdiak@redhat.com>
Signed-off-by: Patryk Diak <pdiak@redhat.com>
Accept no active network during pod deletion in the IP allocator
This reverts commit 1243011.
kyrtapz
force-pushed
the
ds_merge_01222025
branch
from
8943c1f to
d108b05
Compare
|
@kyrtapz: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
results look very good /retest |
|
@trozet: trigger 14 job(s) of type blocking for the nightly release of OCP 4.19
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/8d3a7f70-dabd-11ef-8286-e913d5d42c70-0 trigger 4 job(s) of type blocking for the ci release of OCP 4.19
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/8d3a7f70-dabd-11ef-8286-e913d5d42c70-1 |
|
payload is good /lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kyrtapz, trozet The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
/label acknowledge-critical-fixes-only |
openshift-ci
bot
added
the
acknowledge-critical-fixes-only
openshift-merge-bot
bot
merged commit 44f5d08
into
openshift:master
|
@kyrtapz: Jira Issue OCPBUGS-48330: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-48330 has been moved to the MODIFIED state. Jira Issue OCPBUGS-42609: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-42609 has been moved to the MODIFIED state. Jira Issue OCPBUGS-46585: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-46585 has been moved to the MODIFIED state. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-base |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-microshift |
|
[ART PR BUILD NOTIFIER] Distgit: ose-ovn-kubernetes |
|
/retitle OCPBUGS-48330,OCPBUGS-42609,OCPBUGS-46585,SDN-4930,OCPBUGS-48412: Downstream Merge [01-23-2025] |
openshift-ci
bot
changed the title
|
@kyrtapz: Jira Issue OCPBUGS-48330 is in an unrecognized state (MODIFIED) and will not be moved to the MODIFIED state. Jira Issue OCPBUGS-42609 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state. Jira Issue OCPBUGS-46585 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state. Jira Issue OCPBUGS-48412: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-48412 has been moved to the MODIFIED state. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
…g workloads This was a workaround until we could ensure the UDN was already processed by the ovnkube-controllers running in the nodes; since the namespace labels were introduced in PR [0] this is no longer required, because attaching a pod to a namespace that requests a UDN attachment will fail until the UDN is provisioned, and available in the controllers. [0] - openshift/ovn-kubernetes#2420 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
|
Fix included in accepted release 4.19.0-0.nightly-2025-04-02-065200 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-04-02-170034 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-04-04-023411 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-04-04-170728 |
18 participants
No description provided.