[release-4.19] OCPBUGS-48709: DownStream Merge Sync from 4.20 [07-09-2025]#2660
Conversation
Signed-off-by: Jitse Klomp <jitse.klomp@conclusionxforce.nl>
Signed-off-by: Jitse Klomp <jitse.klomp@conclusionxforce.nl>
Signed-off-by: Yun Zhou <yunz@nvidia.com>
Do not try to delete the logical route static route from the specified logical router if the route does not belong to the router. Signed-off-by: Yun Zhou <yunz@nvidia.com>
ovnkube-controller is trying to delete logical static route from the router it does not belong, which ends with the error: "referential integrity violation: cannot delete Logical_Router_Static_Route row ... because of 1 remaining references" Signed-off-by: Yun Zhou <yunz@nvidia.com>
Bumps the go_modules group with 1 update in the /test/e2e directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.24.0 to 0.31.0 - [Commits](golang/crypto@v0.24.0...v0.31.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
If NADs like bridge,macvlan or others exist we should not record an error event for it Also in case the NAD is not ovn-k for example multus we support chain plugins. Signed-off-by: Sebastian Sch <sebassch@gmail.com>
Prune volumes Delete swap file Signed-off-by: Martin Kennelly <mkennell@redhat.com>
When an UDN is advertised to a non default VRF, we shall not add the ip rule to the default VRF. Otherwise if another UDN is advertised to the default VRF with the same subnet. The ingress traffic intended for the second UDN cannot be correctly routed to its respective VRF. Signed-off-by: Peng Liu <pliu@redhat.com>
stop adding events to NAD if the network type is not ovn-k
When collecting the logs after a failed test run, test name is used as a part of the file path, and double quotes are not allowed: ``` The following characters are not allowed in files that are uploaded due to limitations with certain file systems such as NTFS. To maintain file system agnostic behavior, these characters are intentionally not allowed to prevent potential problems with downloads on different file systems. ``` Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
…s-get-premium GH VM: remove volumes and swap file
…st/e2e/go_modules-5a9c29dde4 Bump golang.org/x/crypto from 0.24.0 to 0.31.0 in /test/e2e in the go_modules group across 1 directory
[e2e] kubevirt: generate test name that is compatible with file path.
Signed-off-by: Martin Kennelly <mkennell@redhat.com>
Convert `.` path separators to `/` when enabling forwarding for bridgeName, interfaceName and mgmtPortName to avoid errors when those names contain `.` characters e.g. `foo.200` Fixes: #5283 Signed-off-by: Artyom Babiy <artyom.babiy@gmail.com>
When we did the NFT rules to block traffic going from host to advertised UDN pod subnets, we did not mean to also block replies from host to advertised UDN pod subnets for traffic initiated by UDN pods. Given the rules lie in OUTPUT table this would match on replies as well, so traffic like pod to kube-apiserver host-networked pod backend is broken because of this. Let's change the rule to only match on NEW state which is what we wanted to do in the original change. The current rules unintentionally block traffic in reverse direction. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
[UDN,BGP] Fix the host drop rules to match on new state
Add mermaid mkdocs plugin
Bumps the go_modules group with 2 updates in the /go-controller directory: [golang.org/x/net](https://github.com/golang/net) and [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes). Bumps the go_modules group with 1 update in the /test/conformance directory: [golang.org/x/net](https://github.com/golang/net). Bumps the go_modules group with 3 updates in the /test/e2e directory: [golang.org/x/net](https://github.com/golang/net), [k8s.io/kubernetes](https://github.com/kubernetes/kubernetes) and [github.com/docker/docker](https://github.com/docker/docker). Updates `golang.org/x/net` from 0.30.0 to 0.38.0 - [Commits](golang/net@v0.30.0...v0.38.0) Updates `k8s.io/kubernetes` from 1.32.3 to 1.32.6 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](kubernetes/kubernetes@v1.32.3...v1.32.6) Updates `golang.org/x/crypto` from 0.28.0 to 0.36.0 - [Commits](golang/crypto@v0.28.0...v0.36.0) Updates `golang.org/x/net` from 0.23.0 to 0.38.0 - [Commits](golang/net@v0.30.0...v0.38.0) Updates `golang.org/x/net` from 0.30.0 to 0.38.0 - [Commits](golang/net@v0.30.0...v0.38.0) Updates `k8s.io/kubernetes` from 1.32.3 to 1.32.6 - [Release notes](https://github.com/kubernetes/kubernetes/releases) - [Commits](kubernetes/kubernetes@v1.32.3...v1.32.6) Updates `golang.org/x/crypto` from 0.35.0 to 0.36.0 - [Commits](golang/crypto@v0.28.0...v0.36.0) Updates `github.com/docker/docker` from 26.1.4+incompatible to 26.1.5+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](moby/moby@v26.1.4...v26.1.5) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: direct:production dependency-group: go_modules - dependency-name: k8s.io/kubernetes dependency-version: 1.32.6 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: indirect dependency-group: go_modules - dependency-name: golang.org/x/net dependency-version: 0.38.0 dependency-type: indirect dependency-group: go_modules - dependency-name: k8s.io/kubernetes dependency-version: 1.32.6 dependency-type: direct:production dependency-group: go_modules - dependency-name: golang.org/x/crypto dependency-version: 0.36.0 dependency-type: indirect dependency-group: go_modules - dependency-name: github.com/docker/docker dependency-version: 26.1.5+incompatible dependency-type: direct:production dependency-group: go_modules ... Signed-off-by: dependabot[bot] <support@github.com>
…ubernetes node name
This commit adds:
a) options to change ovn_gateway_opts and ovn_gateway_router_subnet by a container inside the same POD.
the idea is that a init container can do an IP allocation write the output to a file and we will
consume those values from the file.
b) in case of ovnkube in DPU mode, we are running ovnkube on behalf of a different host, however the
way we identify that is using the DPU hostname. to bypass the latter we will use the OVS metadata
external_ids:host-k8s-nodename. This is already used by the ovn-node (OVN central where we have a single
global zone).
c) extend stateless network policies for ovnkube running in different mode types: ovn-master, ovnkube-controller
and ovnkube-controller-with-node. this is useful for offloading RDMA traffic.
Signed-off-by: Alin Gabriel Serdean <aserdean@nvidia.com>
Signed-off-by: Alin Gabriel Serdean <aserdean@nvidia.com>
ovnkube.sh: Add new overwriting options for the gateway options and kubernetes node name
…-controller/go_modules-f3402933cd Bump the go_modules group across 3 directories with 4 updates
…rator Use forward slash as path separator for some sysctl commands
SDN-5676: Add component + feature name to e2e tests
On podman push, it defaults to secure connection. In our case the local registry uses an insecure connection result in podman push failures making it impossible to work with the local registry when podman is installed. Set podman to skip secure connection check when pushing OVN-K images to the local registry. Signed-off-by: Or Mergi <ormergi@redhat.com>
When working with local registry, the automation inspect the built ovnkube-image digest (SHA) and pass it to the daemonset manifest, in order to ensure the latest built image is deployed. Some container runtime may not retain the same digest, result in having one image digest in the local runtime image and different one on the local registry. To avoid that and get the actual image digest that exist in the local registry, use skopeo to inspect the image and get the actual digest. This change introduce new dependency for the project. Signed-off-by: Or Mergi <ormergi@redhat.com>
func was refactored erroneously when network comparisson was refactored. The if comparisson went from: !cachedNetwork.Equals(ni) to: util.AreNetworksCompatible(cachedNetwork, ni) Disruption can be seen for brief periods of time. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
For layer 2 support for EIP we always add a LRP to the GW router to provide load balancing (EIP HA) and pkt marking to support SNAT. For layer 2 connected pods selected by an EIP, and on the egress node, the controller may not delete GW LRP if the pod is remote. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
|
/jira refresh |
|
@jluhrsen: This pull request explicitly references no jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test e2e-aws-ovn-fdp-qe |
|
/label qe-approved |
openshift-ci
bot
added
qe-approved
|
/retitle [release-4.19] OCPBUGS-48709: DownStream Merge Sync from 4.20 [07-09-2025] |
openshift-ci
bot
changed the title
openshift-ci-robot
added
the
jira/invalid-bug
|
@jluhrsen: This pull request references Jira Issue OCPBUGS-48709, which is invalid:
Comment The bug has been updated to refer to the pull request using the external bug tracker. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
|
@jluhrsen: This pull request references Jira Issue OCPBUGS-48709, which is invalid:
Comment DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/jira refresh |
openshift-ci-robot
added
jira/valid-bug
|
@jluhrsen: This pull request references Jira Issue OCPBUGS-48709, which is valid. The bug has been moved to the POST state. 7 validation(s) were run on this bug
Requesting review from QA contact: DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-merge-bot
bot
merged commit 0ea52bf
into
openshift:release-4.19
|
@jluhrsen: Jira Issue OCPBUGS-48709: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-48709 has been moved to the MODIFIED state. DetailsIn response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-base |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-microshift |
|
[ART PR BUILD NOTIFIER] Distgit: ose-ovn-kubernetes |
|
Fix included in accepted release 4.19.0-0.nightly-2025-07-16-073100 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-08-05-174154 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-09-02-192040 |
|
Fix included in accepted release 4.19.0-0.nightly-2026-03-13-234517 |
20 participants
No description provided.