[release-4.19] OCPBUGS-48709: DownStream Merge Sync from 4.20 [07-28-2025]#2688
Conversation
Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
This helps to avoid confusion about defaulting the ACL tier. Update BuildACL to require the tier as an argument. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Start using new BuildACL for all functions that need non-default tier. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
…fic network Previously every update `k8s.ovn.org/node-subnets` caused a call to `nt.updateNode` on every network. Signed-off-by: Patryk Diak <pdiak@redhat.com>
Signed-off-by: PGhiorzo <p.ghiorzo@reply.it>
Signed-off-by: Geo Turcsanyi <georgiana@ik.me>
Before UDN services controller was only stopped together with the whole watchFactory, so there was no need to explicitly stop added event handlers. With UDN we create and delete this controller per UDN, so an explicit handler is required. Otherwise it will cause a memory leak. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
This commit adds a user guide doc for the OKEP-4380: Network QoS Support https://github.com/ovn-kubernetes/ovn-kubernetes/blob/master/docs/okeps/okep-4380-network-qos.md Signed-off-by: Flavio Fernandes <flavio@flaviof.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
On cluster delete operations the container runtime binary (represented by OCI_BIN) is hardcoded. Set OCI_BIN according to env. Signed-off-by: Or Mergi <ormergi@redhat.com>
Set OCI_BIN according to env. Some inspect operation that use formatting did not work in podman due to formatting differences comparing to docker. The format string is changes to a form that fits both docker and podman With the new format string, the index keyword is redundant hence removed. Signed-off-by: Or Mergi <ormergi@redhat.com>
Set OCI_BIN according to env. Some inspect operation that use formatting did not work in podman due to formatting differences comparing to docker. The format string is changes to a form that fits both docker and podman. With the new format string, the index keyword is redundant hence removed. Signed-off-by: Or Mergi <ormergi@redhat.com>
When using podman, BGP test suite fails due to checks against the env container runtime which are not compatible with podman: - Inspecting network objects is not compatible due to diffrences in how podman and docker persist network objects - List containers using JSON format To overcome the above, change network inspect operation and container list using format to a form that compatible with bot docker and podman. Signed-off-by: Or Mergi <ormergi@redhat.com>
The in_port was to match on IP traffic coming from the physical link to be dispatched to conntrack and table 1 to find out whether the packet was a reply to the host or to OVN. We are now conntracking these packets also as they go to localnet ports attached to the bridge. Therefore we need to also match on packets from those ports. We do not want traffic from OVN or from LOCAL to hit this flow, but that should be avoided by higher priority flows. Signed-off-by: Tim Rozet <trozet@redhat.com> (cherry picked from commit 8c1594ee55408ae4748d7322bd093e2acbc0ce98)
This reverts commit ebb7339. Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
This reverts commit 936e621. Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
With the high load, UDN can be re-created and node-nad-controller needs more time to update bridge config than zone-nad-controller, which re-creates the external switch and causes ofport change. Under high load node-nad-controller may miss delete+update NAD event, so it will lawfully think that the network hasn't changed, while zone-nad-controller can re-create the external switch, and that would require a network re-create on the node side. Consider assigned network ID to re-create network if the ID has changed. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Updates artwork based on cncf/artwork#574. Signed-off-by: Dave Tucker <dave@dtucker.co.uk>
The flag serves as a feature gate for the feature allowing connecting workloads with preconfigured network to user-defined networks [1]. OVN-Kuberentes flag name is "enable-preconfigured-udn-addresses". The feature doesn't support non-interconnected mode, hence no change for ovn-master manifests. The feature doesn't support DPU mode, hence no change for ovn-node-dpu and ovn-node-dpu-host manifests. The feature gate take place on ovn-control-plane (ovn-cluster-manager) and ovn-node (ovnkube-controller) containers, both single and multi zone modes. In order to create development cluster with the FG enabled use the flag "pre-conf-udn-addr-enable" or the shorter form "uae", for example: $ (./contrib/kind.sh -ep podman -lr -i6 -ds -mne -nse -ikv -uae) [1] ovn-kubernetes/ovn-kubernetes#5238 Signed-off-by: Or Mergi <ormergi@redhat.com>
Add flag for preconfigured UDN addresses feature
chore: Update artwork
Modified line 277 to let kind-helm.sh run also behind a proxy
NodeTracker: Only update the node if the subnet changed for the specific network
Add network QoS guide to docs navigation
Fix issues with localnet and openflow flows
Enable developemet around BGP using podman
scale test fixes: memory leak + changed ofport
when a step fails (e.g., e2e testing) the rest of the workflow will not run unless it's tagged with always(). and when something fails is exactly when we want to get some diags. move all references to "Runner Diagnostics" to use always() Signed-off-by: Jamo Luhrsen <jluhrsen@gmail.com>
|
/lgtm CI is looking good I'm approving |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jluhrsen, tssurya The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
@jluhrsen I'm not adding the backport-risk-assessed till I either see a comment understanding the perf/scale failures or it passing. so have re-tested it |
|
@jluhrsen: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/label backport-risk-assessed ignoring perf/scale failures based on scale team input: https://redhat-internal.slack.com/archives/GQ0CU2623/p1753733237922249?thread_ts=1753290975.676879&cid=GQ0CU2623 |
openshift-ci
bot
added
the
backport-risk-assessed
openshift-ci
bot
assigned
anuragthehatter,
asood-rh,
huiran0826,
jechen0648,
Meina-rh,
mffiedler,
qiowang721,
rbbratta and
weliang1
openshift-merge-bot
bot
merged commit e243894
into
openshift:release-4.19
|
@jluhrsen: Jira Issue OCPBUGS-48709: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-48709 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-base |
|
[ART PR BUILD NOTIFIER] Distgit: ovn-kubernetes-microshift |
|
[ART PR BUILD NOTIFIER] Distgit: ose-ovn-kubernetes |
|
Fix included in accepted release 4.19.0-0.nightly-2025-08-05-174154 |
|
Fix included in accepted release 4.19.0-0.nightly-2025-09-02-192040 |
|
Fix included in accepted release 4.19.0-0.nightly-2026-03-13-234517 |
|
Fix included in accepted release 4.19.0-0.nightly-2026-03-17-202923 |
20 participants
4.20/master->4.19 branch sync PR
the original PR was opened with local branch dated 07.23-2025 which is no longer accurate since more commits were
added on 07-28-2025. the PR title reflects that though, and didn't want to create confusion on tracking this PR