Skip to content

OCPBUGS-58501,OCPBUGS-59657,OCPBUGS-42303,OCPBUGS-61566: DownStream Merge [09-09-2025] #2750

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-bot merged 75 commits into from
Sep 23, 2025
Merged

OCPBUGS-58501,OCPBUGS-59657,OCPBUGS-42303,OCPBUGS-61566: DownStream Merge [09-09-2025] #2750

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
75 commits
Select commit Hold shift + click to select a range
45765c5
fix intermittent disk space issue
jluhrsen Jul 16, 2025
bbca874
Fix naming of "Secondary" to be "User-Defined"
trozet Aug 21, 2025
a393d95
A couple of minor fixes
trozet Aug 25, 2025
db5f3e4
Merge pull request #5392 from jluhrsen/need-more-diags
npinaeva Aug 27, 2025
a44f6c1
Updates UDN Isolation DBIDs
trozet Aug 25, 2025
46fa330
Update docs for UDN
trozet Aug 25, 2025
8b29419
Fix ovnkube-controller-with-node shutdown sequence
martinkennelly Jul 15, 2025
82fc3bf
ovn-controller: block GARP during startup
martinkennelly Jul 15, 2025
56d14a3
Merge pull request #5512 from trozet/stop_secondary_madness
trozet Aug 27, 2025
bc4f9b8
chore: bump sriovnet lib
adrianchiris Aug 21, 2025
320b2fa
fix: routemanager unit tests
adrianchiris Aug 21, 2025
9633bdf
fix: run go mod tidy e2e tests
adrianchiris Aug 26, 2025
c0c1b26
multi-homing, tests: do not use OVN provided IPAM in L3 nets
maiqueb Dec 10, 2024
6d12ab9
Merge pull request #5508 from adrianchiris/bump-sriovnet
npinaeva Sep 2, 2025
380c234
Merge pull request #4885 from maiqueb/remove-secondary-l3-ovn-ipam
trozet Sep 2, 2025
d70e444
fix: Skip node-encap-ips annotation in DPU host mode
aserdean Sep 1, 2025
318f8ce
Openflow: lookup conntrack & table=1 only when breth0 is next hop
trozet Aug 27, 2025
66d8f14
Openflow: drop in_port from IPv6 dispatch OF rule at prio=50
Aug 28, 2025
ef1aa99
Openflow: lookup conntrack & table=1 when breth0 is next hop (IPv6)
Aug 28, 2025
4ce92a9
E2E localnet: remove double import of ginkgo
Aug 14, 2025
a5029f8
E2E: add test host -> localnet with IP in host subnet
Aug 7, 2025
bf6f9c1
Configure existing multihoming CI lane as IC-enabled and shared gw
Sep 2, 2025
6de44ef
E2E localnet: remove references to downstream bugs and stories
Sep 1, 2025
c4cc25a
E2E localnet: specify that the localnet uses IPs from host subnet
Aug 19, 2025
eb5f3c1
E2E localnet: make IP request for localnet pod extensible
Aug 14, 2025
f82e101
E2E localnet: Fix requirement on number of schedulable nodes
Aug 19, 2025
69ec569
E2E localnet: default network->localnet on VLAN with external router
Aug 18, 2025
51eae7a
E2E localnet: host network -> localnet on VLAN with external router
Aug 20, 2025
dea42b4
E2E localnet: localnet -> host network on VLAN with external router
Aug 25, 2025
b004ed0
E2E localnet: send three pings instead of just one
Aug 14, 2025
6653d55
fix: swap quay.io golang image provider
killianmuldoon Sep 3, 2025
395f794
Merge pull request #5480 from ricky-rav/CORENET-59657_upstream
tssurya Sep 3, 2025
7b08f55
Merge pull request #5373 from martinkennelly/block-arp-rpl-ovnk-down
trozet Sep 3, 2025
66298cf
pod_annotations: Block duplicate IP on new pods
RamLavi Jul 23, 2025
9b16a7f
test/e2e/kubevirt: Add duplicate IP Validation test
RamLavi Aug 17, 2025
980819a
Merge pull request #5556 from killianmuldoon/pr-use-projectquay-golang
tssurya Sep 3, 2025
f9d4612
Merge pull request #5543 from aserdean/fix_encap_ip
trozet Sep 3, 2025
481e954
test/e2e/preconfigured_layer2: Add duplicate IP Validation pod tests
RamLavi Sep 2, 2025
53e6851
E2Es: pass kconfig to detect deployment conf
martinkennelly Sep 3, 2025
ad905ea
[kind] Bump kubevirt/ipam-extensions version to v0.3.1
RamLavi Sep 4, 2025
4f5fcc8
Change UDN networks to relatively rare CIDR
martinkennelly Mar 7, 2025
afe4ca5
E2Es: use 'app' instead of 'name' when selecting ovn-k node pods
martinkennelly Mar 22, 2025
2670efe
E2E: fixup e2es without a feature label
martinkennelly Sep 3, 2025
35659eb
E2E: remove node selector from new e2e tests
martinkennelly Sep 3, 2025
fb90a31
Merge pull request #5411 from RamLavi/ip_conflict_check
tssurya Sep 4, 2025
4ffa27b
Update maintainers affiliation
npinaeva Sep 5, 2025
ff3001b
Merge pull request #5564 from npinaeva/maintainer-upd
tssurya Sep 5, 2025
221205d
Add UDN subnet overlap check with transit switch subnet
arghosh93 Sep 1, 2025
7eed13b
E2Es: dont panic when unable to find a deployment config
martinkennelly Sep 5, 2025
8fd6113
Merge pull request #5560 from RamLavi/bump_ipam_ext_v0.3.1
tssurya Sep 8, 2025
fdb1f44
Merge pull request #5542 from arghosh93/add_transit_subnet_overlap_ch…
npinaeva Sep 8, 2025
38935ee
Fix UDN service CIDR flows that had protocol prefix pinned to `ip`
tssurya Aug 1, 2025
1f6964c
Consider more than 1 family serviceCIDR range for UDN service flows
tssurya Aug 1, 2025
e2625f4
Make ip and ipv6 constants in flow code
tssurya Sep 5, 2025
1bbb7f3
Add e2e test towards kapi ipv6 address from udn pods
tssurya Aug 13, 2025
8000cfd
Add singlestack ipv6 bgp lane
tssurya Aug 17, 2025
b9ecb33
Fix bgp tests to work on single stack ipv6
tssurya Sep 4, 2025
d268c01
Skip Multi Homing tests on ipv6 singlestack BGP lane
tssurya Sep 5, 2025
e717e42
Replace 0/1 index var to utilnet ipFamily
tssurya Sep 8, 2025
c655cbf
enhancement: Improve layer2 topology for VMs
qinqon Mar 7, 2025
27b1f31
layer2 router topology: describe upgrade
npinaeva Aug 15, 2025
d45ffcc
Rename ovn_cluster_router to transit_router
npinaeva Sep 9, 2025
46bcb45
expand EgressIP limitations and solution
kyrtapz Sep 5, 2025
db8b2ae
Fetch agnhost image from k8s upstream
martinkennelly Sep 8, 2025
e60220a
Node controller shutdown: do not ref gateway if not set
martinkennelly Sep 9, 2025
9978970
Merge pull request #5438 from tssurya/fix-bgp-ipv6-service-cidr-flow-…
tssurya Sep 9, 2025
8b088f9
Merge pull request #5558 from martinkennelly/additional-e2e-enhancements
tssurya Sep 9, 2025
c86a004
Merge pull request #5490 from martinkennelly/e2e-use-rare-ip
trozet Sep 10, 2025
fea3444
Fix EgressIP controller deadlock by sorting node locks lexicographically
pperiyasamy Sep 2, 2025
06545bb
Merge pull request #5573 from martinkennelly/fix-gateway-not-set-panic
trozet Sep 10, 2025
95d74c1
Merge remote-tracking branch 'origin/master' into d/s-merge-09-09-25-2
martinkennelly Sep 11, 2025
0a11e5c
Merge pull request #5485 from npinaeva/layer2-router-okep
trozet Sep 15, 2025
6dced5e
Revert "multi-homing, tests: do not use OVN provided IPAM in L3 nets"
tssurya Sep 19, 2025
203e502
Merge pull request #5582 from ovn-kubernetes/revert-4885-remove-secon…
tssurya Sep 19, 2025
7d0868e
Merge remote-tracking branch 'ovnk-upstream/master' into d/s-merge-09…
pperiyasamy Sep 22, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .github/actions/free-disk-space/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
name: Free Disk Space
description: Reclaims disk space on GitHub-hosted runners

runs:
using: "composite"
steps:
- shell: bash
run: |
echo "=== Disk usage before cleanup ==="
df -h

echo "=== Remove Android SDK ==="
sudo rm -rf /usr/local/lib/android/sdk

echo "=== Apt cleanup ==="
sudo apt-get update
if command -v eatmydata >/dev/null 2>&1; then
SUDO_EAT="sudo eatmydata"
else
echo "eatmydata not found – falling back to plain apt-get"
SUDO_EAT="sudo"
fi
$SUDO_EAT apt-get purge --auto-remove -y \
azure-cli firefox google-chrome-stable 'llvm-*' microsoft-edge-stable powershell 'temurin-*' 'zulu-*' || true

sudo apt-get autoclean
sudo apt-get autoremove -y
sudo apt-get clean

echo "=== Docker cleanup ==="
sudo docker system prune -af --volumes

echo "=== Disable and remove swap ==="
sudo swapon --show
sudo swapoff -a || true # ignore error when no swap is present
sudo rm -f /mnt/swapfile

echo "=== Remove potential leftover PV setup image ==="
sudo rm -f /mnt/tmp-pv.img

echo "=== Disk usage after cleanup ==="
df -h

87 changes: 20 additions & 67 deletions .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -295,6 +295,7 @@ jobs:
OVN_GATEWAY_MODE: "${{ matrix.gateway-mode }}"
OVN_MULTICAST_ENABLE: "false"
steps:

- name: Check out code into the Go module directory - from Master branch
uses: actions/checkout@v4
with:
Expand All @@ -317,27 +318,11 @@ jobs:
echo "GOPATH=$GOPATH" >> $GITHUB_ENV
echo "$GOPATH/bin" >> $GITHUB_PATH

- name: Check out code into the Go module directory - from PR branch
uses: actions/checkout@v4

- name: Free up disk space
run: |
df -h
sudo rm -rf /usr/local/lib/android/sdk
sudo apt-get update
sudo eatmydata apt-get purge --auto-remove -y \
azure-cli firefox \
google-chrome-stable \
llvm-* microsoft-edge-stable \
powershell temurin-* zulu-*
# clean unused packages
sudo apt-get autoclean
sudo apt-get autoremove -y
# clean apt cache
sudo apt-get clean
sudo docker system prune -af --volumes
df -h
sudo swapon --show
sudo swapoff -a
sudo rm -f /mnt/swapfile
df -h
uses: ./.github/actions/free-disk-space

- name: Download test-image-master
uses: actions/download-artifact@v4
Expand Down Expand Up @@ -386,9 +371,6 @@ jobs:
run: |
docker load --input ${CI_IMAGE_PR_TAR} && rm -rf ${CI_IMAGE_PR_TAR}

- name: Check out code into the Go module directory - from PR branch
uses: actions/checkout@v4

- name: Runner Diagnostics
if: always()
uses: ./.github/actions/diagnostics
Expand Down Expand Up @@ -462,7 +444,7 @@ jobs:
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "2br", "ic": "ic-single-node-zones"}
- {"target": "control-plane", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "2br", "ic": "ic-single-node-zones", "cni-mode": "unprivileged"}
- {"target": "multi-homing", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "multi-homing", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "multi-homing-helm", "ha": "HA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-disabled", "network-segmentation": "enable-network-segmentation"}
- {"target": "node-ip-mac-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-disabled"}
- {"target": "node-ip-mac-migration", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
Expand All @@ -483,6 +465,7 @@ jobs:
- {"target": "network-segmentation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv6", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones"}
- {"target": "bgp", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "routeadvertisements": "advertise-default", "network-segmentation": "enable-network-segmentation", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "bgp", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "routeadvertisements": "advertise-default", "network-segmentation": "enable-network-segmentation", "dns-name-resolver": "enable-dns-name-resolver"}
- {"target": "bgp", "ha": "noHA", "gateway-mode": "local", "ipfamily": "ipv6", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "routeadvertisements": "advertise-default", "network-segmentation": "enable-network-segmentation"}
- {"target": "bgp-loose-isolation", "ha": "noHA", "gateway-mode": "shared", "ipfamily": "dualstack", "disable-snat-multiple-gws": "snatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "routeadvertisements": "advertise-default", "network-segmentation": "enable-network-segmentation", "advertised-udn-isolation-mode": "loose"}
- {"target": "traffic-flow-test-only","ha": "noHA", "gateway-mode": "shared", "ipfamily": "ipv4", "disable-snat-multiple-gws": "noSnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "traffic-flow-tests": "1-24", "network-segmentation": "enable-network-segmentation"}
- {"target": "tools", "ha": "noHA", "gateway-mode": "local", "ipfamily": "dualstack", "disable-snat-multiple-gws": "SnatGW", "second-bridge": "1br", "ic": "ic-single-node-zones", "network-segmentation": "enable-network-segmentation"}
Expand Down Expand Up @@ -518,6 +501,12 @@ jobs:
ADVERTISED_UDN_ISOLATION_MODE: "${{ matrix.advertised-udn-isolation-mode }}"
OVN_UNPRIVILEGED_MODE: "${{ matrix.cni-mode == 'unprivileged' }}"
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4

- name: Runner Diagnostics
if: always()
uses: ./.github/actions/diagnostics

- name: Install VRF kernel module
run: |
Expand All @@ -527,26 +516,7 @@ jobs:
sudo modprobe vrf

- name: Free up disk space
run: |
df -h
sudo rm -rf /usr/local/lib/android/sdk
sudo apt-get update
sudo eatmydata apt-get purge --auto-remove -y \
azure-cli firefox \
google-chrome-stable \
llvm-* microsoft-edge-stable \
powershell temurin-* zulu-*
# clean unused packages
sudo apt-get autoclean
sudo apt-get autoremove -y
# clean apt cache
sudo apt-get clean
sudo docker system prune -af --volumes
df -h
sudo swapon --show
sudo swapoff -a
sudo rm -f /mnt/swapfile
df -h
uses: ./.github/actions/free-disk-space

- name: Setup /mnt/runner directory
run: |
Expand All @@ -566,9 +536,6 @@ jobs:
sudo systemctl start docker docker.socket
docker system info

- name: Check out code into the Go module directory
uses: actions/checkout@v4

- name: Set up Go
uses: actions/setup-go@v5
with:
Expand Down Expand Up @@ -741,9 +708,14 @@ jobs:
KIND_NUM_ZONES: "${{ matrix.num-zones }}"
KIND_NUM_NODES_PER_ZONE: "${{ matrix.num-nodes-per-zone }}"
steps:

- name: Check out code into the Go module directory
uses: actions/checkout@v4

- name: Runner Diagnostics
if: always()
uses: ./.github/actions/diagnostics

- name: Set up Go
uses: actions/setup-go@v5
with:
Expand All @@ -762,26 +734,7 @@ jobs:
echo "$GOPATH/bin" >> $GITHUB_PATH

- name: Free up disk space
run: |
df -h
sudo rm -rf /usr/local/lib/android/sdk
sudo apt-get update
sudo eatmydata apt-get purge --auto-remove -y \
azure-cli firefox \
google-chrome-stable \
llvm-* microsoft-edge-stable \
powershell temurin-* zulu-*
# clean unused packages
sudo apt-get autoclean
sudo apt-get autoremove -y
# clean apt cache
sudo apt-get clean
sudo docker system prune -af --volumes
df -h
sudo swapon --show
sudo swapoff -a
sudo rm -f /mnt/swapfile
df -h
uses: ./.github/actions/free-disk-space

- name: Disable ufw
# For IPv6 and Dualstack, ufw (Uncomplicated Firewall) should be disabled.
Expand Down
4 changes: 2 additions & 2 deletions MAINTAINERS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@ The current Maintainers Group for the ovn-kubernetes Project consists of:
| ---- | -------- | ---------------- |
| [Girish Moodalbail](https://github.com/girishmg) | NVIDIA | All things ovnkube |
| [Jaime Caamaño Ruiz](https://github.com/jcaamano) | Red Hat | All things ovnkube |
| [Nadia Pinaeva](https://github.com/npinaeva) | Red Hat | All things ovnkube |
| [Nadia Pinaeva](https://github.com/npinaeva) | NVIDIA | All things ovnkube |
| [Surya Seetharaman](https://github.com/tssurya) | Red Hat | All things ovnkube |
| [Tim Rozet](https://github.com/trozet) | Red Hat | All things ovnkube |
| [Tim Rozet](https://github.com/trozet) | NVIDIA | All things ovnkube |

See [CONTRIBUTING.md](./CONTRIBUTING.md) for general contribution guidelines.
See [GOVERNANCE.md](./GOVERNANCE.md) for governance guidelines and maintainer responsibilities.
Expand Down
2 changes: 1 addition & 1 deletion contrib/kind-common
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -440,7 +440,7 @@ install_cert_manager() {

install_kubevirt_ipam_controller() {
echo "Installing KubeVirt IPAM controller manager ..."
manifest="https://github.com/kubevirt/ipam-extensions/releases/download/v0.3.0/install.yaml"
manifest="https://github.com/kubevirt/ipam-extensions/releases/download/v0.3.1/install.yaml"
run_kubectl apply -f "$manifest"
kubectl wait -n kubevirt-ipam-controller-system deployment kubevirt-ipam-controller-manager --for condition=Available --timeout 2m
}
Expand Down
65 changes: 64 additions & 1 deletion dist/images/ovnkube.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -418,6 +418,19 @@ wait_for_event() {
done
}

# wait_ovnkube_controller_with_node_done - Wait for ovnkube-controller-with-node process to complete
# Checks if the ovnkube-controller-with-node process is running by looking for its PID file.
# If the PID file exists, waits for that process to finish before continuing.
# If the PID file doesnt exist, it means the process has already exited.
wait_ovnkube_controller_with_node_done() {
local pid_file=${OVN_RUNDIR}/ovnkube-controller-with-node.pid
if [[ -f ${pid_file} ]]; then
echo "info: waiting on ovnkube-controller-with-node process to end"
wait $(cat $pid_file)
echo "info: done waiting for ovn-controller-with-node to end"
fi
}

# The ovnkube-db kubernetes service must be populated with OVN DB service endpoints
# before various OVN K8s containers can come up. This functions checks for that.
# If OVN dbs are configured to listen only on unix sockets, then there will not be
Expand Down Expand Up @@ -492,6 +505,36 @@ ovs_ready() {
return 0
}

# get_bridge_name_for_physnet - Extract OVS bridge name for a given OVN physical network
# Takes an OVN network name for physical networks (physnet) and returns the corresponding
# OVS bridge name from the ovn-bridge-mappings configuration.
# Return empty string if not found.
get_bridge_name_for_physnet() {
local physnet="$1"
local mappings
mappings=$(ovs-vsctl --if-exists get open_vswitch . external_ids:ovn-bridge-mappings)
# Extract bridge name after physnet: and before next comma (or end)
# regex matches zero or more non-comma characters
# cut on colon and return field number 2
echo "$mappings" | tr -d "\"" | grep -o "$physnet:[^,]*" | cut -d: -f2
}

# Adds drop flows for GARPs on patch port to br-int for specified bridge.
add_garp_drop_flow() {
local bridge="$1"
local cookie="0x0305"
local priority="498"
# if bridge exists, and the patch port is created, we expect to add at least one flow to a patch port ending in to-br-int.
# FIXME: can we generate the exact name. Its possible we add these flows to the incorrect port when selecting on substring
for port_name in $(ovs-vsctl list-ports $bridge); do
if [[ "$port_name" == *to-br-int ]]; then
local of_port=$(ovs-vsctl get interface $port_name ofport)
ovs-ofctl add-flow $bridge "cookie=$cookie,table=0,priority=$priority,in_port=$of_port,arp,arp_op=1,actions=drop" > /dev/null
break
fi
done
}

# Verify that the process is running either by checking for the PID in `ps` output
# or by using `ovs-appctl` utility for the processes that support it.
# $1 is the name of the process
Expand Down Expand Up @@ -1732,7 +1775,10 @@ ovnkube-controller() {
}

ovnkube-controller-with-node() {
trap 'kill $(jobs -p) ; rm -f /etc/cni/net.d/10-ovn-kubernetes.conf ; exit 0' TERM
# send sig term to background job (ovnkube-node process), remove CNI conf and resume background job until it ends.
# currently we the process to background, therefore wait until that process removes its pid file on exit.
# if the pid file doesnt exist, we exit immediately.
trap 'kill $(jobs -p) ; rm -f /etc/cni/net.d/10-ovn-kubernetes.conf ; wait_ovnkube_controller_with_node_done; exit 0' TERM
check_ovn_daemonset_version "1.1.0"
rm -f ${OVN_RUNDIR}/ovnkube-controller-with-node.pid

Expand All @@ -1757,6 +1803,23 @@ ovnkube-controller-with-node() {
wait_for_event process_ready ovn-controller
fi

# start temp work around
# remove when https://issues.redhat.com/browse/FDP-1537 is avilable
if [[ ${ovnkube_node_mode} == "full" && ${ovn_enable_interconnect} == "true" && ${ovn_egressip_enable} == "true" ]]; then
echo "=============== ovnkube-controller-with-node - (add GARP drop flows if external bridge exists)"
# bridge may not yet exist
local bridge_name="$(get_bridge_name_for_physnet 'physnet')"
if [[ "$bridge_name" != "" ]]; then
echo "=============== ovnkube-controller-with-node - found bridge mapping for physnet: $bridge_name"
# nothing to do if the external bridge isn't created.
if ovs-vsctl br-exists $bridge_name; then
echo "=============== ovnkube-controller-with-node - found bridge $bridge_name"
add_garp_drop_flow "$bridge_name"
echo "=============== ovnkube-controller-with-node - (finished adding GARP drop flows)"
fi
fi
fi

ovn_routable_mtu_flag=
if [[ -n "${routable_mtu}" ]]; then
routable_mtu_flag="--routable-mtu ${routable_mtu}"
Expand Down
12 changes: 6 additions & 6 deletions docs/features/user-defined-networks/user-defined-networks.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,11 @@ This feature is enabled by default on all OVN-Kubernetes clusters.
You don't need to do anything extra to start using this feature.
There is a Feature Config option `--enable-network-segmentation` under
`OVNKubernetesFeatureConfig` config that can be used to disable this
feature. However note that disabling the feature will not remove
feature. However, note that disabling the feature will not remove
existing CRs in the cluster. This feature has to be enabled along with
the flag for multiple-networks `--enable-multi-network` since UDNs
use Network Attachment Definitions as underlying implementation detail
construct and reuse the secondary network controllers.
construct and reuse the user-defined network controllers.

## Workflow Description

Expand Down Expand Up @@ -339,7 +339,7 @@ default `eth0` interface of the pods:
_uuid : 1278b0f4-0a14-4637-9d05-83ba9df6ec03
action : allow
direction : from-lport
external_ids : {direction=Egress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:AllowHostARPSecondary:Egress", "k8s.ovn.org/name"=AllowHostARPSecondary, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
external_ids : {direction=Egress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:AllowHostARPPrimaryUDN:Egress", "k8s.ovn.org/name"=AllowHostARPPrimaryUDN, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
label : 0
log : false
match : "inport == @a8747502060113802905 && (( arp && arp.tpa == 10.244.2.2 ) || ( nd && nd.target == fd00:10:244:3::2 ))"
Expand All @@ -355,7 +355,7 @@ tier : 0
_uuid : 489ae95b-ae9d-47d0-bf1d-b2477a9ed6a2
action : allow
direction : to-lport
external_ids : {direction=Ingress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:AllowHostARPSecondary:Ingress", "k8s.ovn.org/name"=AllowHostARPSecondary, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
external_ids : {direction=Ingress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:AllowHostARPPrimaryUDN:Ingress", "k8s.ovn.org/name"=AllowHostARPPrimaryUDN, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
label : 0
log : false
match : "outport == @a8747502060113802905 && (( arp && arp.spa == 10.244.2.2 ) || ( nd && nd.target == fd00:10:244:3::2 ))"
Expand All @@ -372,7 +372,7 @@ tier : 0
_uuid : 980be3e4-75af-45f7-bce3-3bb08ecd8b3a
action : drop
direction : to-lport
external_ids : {direction=Ingress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:DenySecondary:Ingress", "k8s.ovn.org/name"=DenySecondary, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
external_ids : {direction=Ingress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:DenyPrimaryUDN:Ingress", "k8s.ovn.org/name"=DenyPrimaryUDN, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
label : 0
log : false
match : "outport == @a8747502060113802905"
Expand All @@ -388,7 +388,7 @@ tier : 0
_uuid : cca19dca-1fde-4a14-841d-7e2cce804de4
action : drop
direction : from-lport
external_ids : {direction=Egress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:DenySecondary:Egress", "k8s.ovn.org/name"=DenySecondary, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
external_ids : {direction=Egress, "k8s.ovn.org/id"="default-network-controller:UDNIsolation:DenyPrimaryUDN:Egress", "k8s.ovn.org/name"=DenyPrimaryUDN, "k8s.ovn.org/owner-controller"=default-network-controller, "k8s.ovn.org/owner-type"=UDNIsolation}
label : 0
log : false
match : "inport == @a8747502060113802905"
Expand Down
Loading