Add joinSubnets config for UDNs
#4507
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tssurya
added
the
feature/user-defined-network-segmentation
github-actions
bot
added
area/unit-testing
tssurya
changed the title
joinSubnets for UDNs with role:PrimaryjoinSubnets config for UDNs with role:Primary
9 tasks
|
unrelated UT failure flake: #4387 https://github.com/ovn-org/ovn-kubernetes/actions/runs/9839033631/job/27160221770?pr=4507 |
tssurya
force-pushed
the
udn-join-subnet-allocator
branch
from
2571830
to
36f6b78
Compare
tssurya
changed the title
joinSubnets config for UDNs with role:PrimaryjoinSubnets config for UDNs
qinqon
suggested changes
Jul 9, 2024
This commit adds `joinSubnet` field to the NAD's config spec so that users can specify a custom v4/v6 join subnet CIDR. It is expected that for a given pod, the joinSubnet's across all the networks the pod is attached to should be unique. However given we don't support services on secondary networks today, this means the primary UDN's joinSubnet should not overlap with default network's joinSubnet. NOTE: Validation is not in scope, this will be a different PR. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
tssurya
force-pushed
the
udn-join-subnet-allocator
branch
from
36f6b78
to
241140a
Compare
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds the joinSubnet field to the netInfo internal struct that will store the custom value passed by the user if any OR pick the default values: "100.65.0.0/16" and "fd99::/64". This field shouldn't be allowed for localnet topology. This PR also adds util functions to easily fetch the subnets from other parts of the code. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
ovnClusterLRPToJoinIfAddrs field stores the GR's allocated joinsubnet IPs for that network. This was only used from DNC, but let's move this to BNC so that secondary networks can leverage this. Also make this use the new utils JoinSubnetV4() and JoinSubnetV6() that we added in the previous commit. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds routes towards UDN with role:primary for each UDN pod. This is required to steer service traffic replies correctly. NOTE: Given default routes are towards ovn-udn interface always its ok for us to not have specific services/join routes; this is being done for design completion. Sample Output L3 Network: surya@fedora:~$ oc rsh -n ns1 tinypod / # ip r default via 10.128.1.1 dev ovn-udn1 10.96.0.0/16 via 10.128.1.1 dev ovn-udn1 10.128.0.0/16 via 10.128.1.1 dev ovn-udn1 10.128.1.0/24 dev ovn-udn1 proto kernel scope link src 10.128.1.4 10.244.0.0/16 via 10.244.1.1 dev eth0 10.244.1.0/24 dev eth0 proto kernel scope link src 10.244.1.3 100.64.0.0/16 via 10.244.1.1 dev eth0 100.65.0.0/16 via 10.128.1.1 dev ovn-udn1 / # ip -6 r 2010:100:200:1::/64 dev ovn-udn1 proto kernel metric 256 pref medium 2010:100:200::/60 via 2010:100:200:1::1 dev ovn-udn1 metric 1024 pref medium fd00:10:96::/112 via 2010:100:200:1::1 dev ovn-udn1 metric 1024 pref medium fd00:10:244:2::/64 dev eth0 proto kernel metric 256 pref medium fd00:10:244::/48 via fd00:10:244:2::1 dev eth0 metric 1024 pref medium fd98::/64 via fd00:10:244:2::1 dev eth0 metric 1024 pref medium fd99::/64 via 2010:100:200:1::1 dev ovn-udn1 metric 1024 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev ovn-udn1 proto kernel metric 256 pref medium default via 2010:100:200:1::1 dev ovn-udn1 metric 1024 pref medium Sample Output L2 Network: surya@fedora:~$ oc rsh -n ns2 tinypod / # ip r default via 10.100.200.1 dev ovn-udn1 10.96.0.0/16 via 10.100.200.1 dev ovn-udn1 10.100.200.0/24 dev ovn-udn1 proto kernel scope link src 10.100.200.7 10.244.0.0/16 via 10.244.1.1 dev eth0 10.244.1.0/24 dev eth0 proto kernel scope link src 10.244.1.4 100.64.0.0/16 via 10.244.1.1 dev eth0 100.65.0.0/16 via 10.100.200.1 dev ovn-udn1 / # ip -6 r 2010:100:200::/60 dev ovn-udn1 proto kernel metric 256 pref medium fd00:10:96::/112 via 2010:100:200::1 dev ovn-udn1 metric 1024 pref medium fd00:10:244:2::/64 dev eth0 proto kernel metric 256 pref medium fd00:10:244::/48 via fd00:10:244:2::1 dev eth0 metric 1024 pref medium fd98::/64 via fd00:10:244:2::1 dev eth0 metric 1024 pref medium fd99::/64 via 2010:100:200::1 dev ovn-udn1 metric 1024 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev ovn-udn1 proto kernel metric 256 pref medium default via 2010:100:200::1 dev ovn-udn1 metric 1024 pref medium Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds a new annotation for storing GR joinIP information on a per network basis. The older annotation "node-gateway-router-lrp-ifaddr" was not saving this on a per network basis and only doing it for default network. Future commits will deprecate this annotation in favor of the new one. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Split out common functionality of converting PrimaryIfAddrAnnotation to net.IPNet into its own util. This will be useful in the next commit to avoid code duplication. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds util to parse the new k8s.ovn.org/node-gateway-router-lrp-ifaddrs annotation. Will be used in future commits. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
This commit adds UpdateNodeGatewayRouterLRPAddrsAnnotation util function that will be used from cluster-manager in future commits Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Deprecare the older annotation and its utils by starting to use the newly added utils, however for backwards compatibility during upgrades where controller upgrades before cluster-manager, we still need to keep the older annotation around for 1 more release. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Move the logic to generate join subnet IPs from zone interconnect controllers that is specific to default network over to node allocators so that it happens for both default and primary networks (as long as topology is not localnet). Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
tssurya
force-pushed
the
udn-join-subnet-allocator
branch
from
241140a
to
9ebbc18
Compare
|
unrelated flake: https://github.com/ovn-org/ovn-kubernetes/actions/runs/9973990578/job/27561795903?pr=4507 |
|
there is a slight dependency with changes in annotation names.. so have started a d/s merge; openshift/ovn-kubernetes#2228 once upgrades passes there I will merge this. Meanwhile let me rebase this on master latest |
|
So even if the upgrades failed: https://prow.ci.openshift.org/view/gs/test-platform-results/pr-logs/pull/openshift_ovn-kubernetes/2228/pull-ci-openshift-ovn-kubernetes-master-4.17-upgrade-from-stable-4.16-e2e-aws-ovn-upgrade/1813615743032365056 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
JoinSubnets are allocated only for default networks as of today.
We never needed them on UDNs since we never supported
pod2Egress there and never had a join or GR in the topologies.
Given this is changing moving forward, this PR aims to ensure
joinSubnet is configurable via NAD configs. If not provided
assumes the default values. We also change code to ensure
join subnet is calculated also for UDNs (primary only) moving
forward.
NOTE: Validation of joinSubnet for UDN against default network's
joinSubnet will be done in another PR. I don't think there is any
validation for pod subnet cidr range as well, so might as well get
both done together in the future (Being tracked separately)