CORENET-5666,OCPBUGS-43004,OCPBUGS-54199: Downstream Merge 2025-04-02 #2505
Conversation
Add flows at prio=102 to allow traffic from the OVN network to the host network to be handled normally by the bridge instead of forwarding it directly to the NIC (which would be done by the flow at prio=100). This allows pods in the default network to reach localnet pods (whose network is mapped to breth0) on the same node and vice versa. Add two extra flows for icmpv6 to allow neighbor solicitation and neighbor advertisement messages to pass. Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
Add e2e tests where a server pod is connected to a secondary localnet and pods in the default network try to reach the server pod on its localnet interface. The localnet is plugged to breth0 and IPs on the localnet interface are drawn from the subnets of the node primary interface addresses. Two cases to check: - client and server pods are on different nodes (works with existing code) - client and server pods are on the same node (works thanks to the previous commit with extra openflow rule at prio=102) Verify the reachability of the server through curl for TCP and ping for ICMP echo request/reply. Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
Allow default network pods to reach localnet on the same node
fix typo in networkqos okep
Signed-off-by: Enrique Llorente <ellorent@redhat.com>
The current localnet kubevirt live migration tests are implemented using persistent IPs, this change add similar version of those tests but for ipamless localnet where VMI and pod IPs are statically assigned. Signed-off-by: Enrique Llorente <ellorent@redhat.com>
Clean up duplciated network ID on internal routeimport controller structure which is already available in NetInfo Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Some tests where interleaving ACCEPT and DROP iptables rules while others where just checking if the DROP rule was there. The check would pass if the DROP was in place but not necessaily hit if it had an ACCEPT rule over it. Change all tests to latter mechanism. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
go get k8s.io/api@v0.32.3 go get k8s.io/client-go@v0.32.3 go get k8s.io/component-helpers@v0.32.3 go get k8s.io/kubernetes@v1.32.3 go get k8s.io/apiextensions-apiserver@v1.32.3 go get k8s.io/apiextensions-apiserver@v0.32.3 go get sigs.k8s.io/controller-runtime@v0.20.3 go mod tidy go mod vendor GO version was bumped to v1.23, aligned linter version. Had to move away from giantswarm since it was no longer providing useful v1.23 images and it's unknown to me why we would not be using a more official image anyway. Had to bump metallb to v0.14.8 as it would no longer build otherwise. kind was updated to v0.27 and kindest/node to v1.32.3 as well. kindest/node v1.32+ is only compatible with kind v0.27+ but metallb relies on their own incompatible build of kind so had to patch it to use our kind installation. Fixed lint issues. Updated contrib/kind.sh, CI e2e manifests and codegen. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
go get k8s.io/kubernetes@v1.32.2 go get k8s.io/api@v0.32.2 go get k8s.io/client-go@v0.32.2 go get k8s.io/pod-security-admission@v0.32.2 go get k8s.io/kubectl@v0.32.2 go get sigs.k8s.io/controller-runtime@v0.20.3 go get k8s.io/mount-utils@v0.32.2 go get k8s.io/cri-client@v0.32.2 go get k8s.io/dynamic-resource-allocation@v0.32.2 go get k8s.io/kube-scheduler@v0.32.2 go get k8s.io/csi-translation-lib@v0.32.2 go get k8s.io/cloud-provider@v0.32.2 go get k8s.io/controller-manager@v0.32.2 go get sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.32.0 go mod tidy Updated kind, kubectl and k8s test binaries. controller-manager no longer registers the kubeconfig flag so we can go back to using the test framework utility methods for it rather than working around it. Added skips for new Alpha/Beta features introduced in v1.32 Fixed a kubevirt test issue which could not activate DHCP on a UDN veth because the device was unmanaged after upgrade to kindest/node v1.32+ Worked around two metallb issues metallb/metallb#2723 metallb/metallb#2724 Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
|
/test ? |
|
@jcaamano: The following commands are available to trigger required jobs: The following commands are available to trigger optional jobs: Use DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
openshift-ci
bot
added
the
approved
|
/jira refresh |
openshift-ci-robot
added
the
jira/valid-bug
|
@ricky-rav: This pull request references Jira Issue OCPBUGS-43004, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (ysegev@redhat.com), skipping review request. This pull request references Jira Issue OCPBUGS-54199, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci-robot
removed
the
jira/invalid-bug
|
/retitle CORENET-5666,OCPBUGS-43004,OCPBUGS-54199: Downstream Merge 2025-04-02 |
openshift-ci
bot
changed the title
|
@jcaamano: This pull request references CORENET-5666 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.19.0" version, but no target version was set. This pull request references Jira Issue OCPBUGS-43004, which is valid. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Jira (ysegev@redhat.com), skipping review request. The bug has been updated to refer to the pull request using the external bug tracker. This pull request references Jira Issue OCPBUGS-54199, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/retest-required |
|
/test e2e-metal-ipi-ovn-dualstack-bgp-techpreview |
|
/test qe-perfscale-aws-ovn-small-udn-density-l2 |
|
/retest |
|
/test e2e-metal-ipi-ovn-dualstack-bgp-techpreview |
|
/override ci/prow/e2e-aws-ovn-windows |
|
@jcaamano: Overrode contexts on behalf of jcaamano: ci/prow/e2e-aws-ovn-windows DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/retest |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jcaamano, jluhrsen The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@jcaamano: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-merge-bot
bot
merged commit 253890a
into
openshift:master
|
@jcaamano: Jira Issue OCPBUGS-43004: Some pull requests linked via external trackers have merged: The following pull requests linked via external trackers have not merged:
These pull request must merge or be unlinked from the Jira bug in order for it to move to the next state. Once unlinked, request a bug refresh with Jira Issue OCPBUGS-43004 has not been moved to the MODIFIED state. Jira Issue OCPBUGS-54199: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-54199 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-base |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-microshift |
|
[ART PR BUILD NOTIFIER] Distgit: ose-ovn-kubernetes |
|
/jira refresh |
|
@ricky-rav: Jira Issue OCPBUGS-43004: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-43004 has been moved to the MODIFIED state. Jira Issue OCPBUGS-54199 is in an unrecognized state (ON_QA) and will not be moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/revert |
Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
8 participants
cc @ricky-rav