Bug 1894268: Add v4 and v6 join subnets to ovn-kubernetes config #824
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: abhat The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/assign @danwinship |
abhat
changed the title
openshift-ci-robot
added
bugzilla/severity-medium
|
@abhat: This pull request references Bugzilla bug 1894268, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
| type: integer | ||
| format: int32 | ||
| minimum: 0 | ||
| v4JoinSubnet: |
There was a problem hiding this comment.
Did you consider putting them in a sub-struct? e.g. Could there be other configuration needed for this?
i.e.
ovnKubernetesConfig:
joinSubnets:
v4: 100.65.0.0/16
There was a problem hiding this comment.
I don't anticipate any other configuration which can fall under joinSubnets to make this as a sub-struct property.
| // cluster. | ||
| // +optional | ||
| IPsecConfig *IPsecConfig `json:"ipsecConfig,omitempty"` | ||
| // v4JoinSubnet is the v4 join subnet to be used by ovn-kubernetes in case the |
There was a problem hiding this comment.
I don't know what a "join subnet" is? Maybe it will be obvious to an administrator but you could add more description about that?
There was a problem hiding this comment.
Good point. I will add more description about what a join subnet is.
|
/hold This is post-feature-freeze API change, might require approval from @openshift/openshift-architects |
openshift-ci-robot
added
the
do-not-merge/hold
|
We'll hold this fix for the next release. The join network is used inside ovn-kubernetes for the ip addresses for the logical join switches on each node. But if those addresses are not reachable outside the cluster we have effectively imposed another requirement on the operator of the cluster. If that's the case, then I think we need to expose this, and indicate what it means (it can overlap with another cluster, the traffic will never be seen outside, but it can't be something that overlaps with a range the cluster is using, or with something the cluster will want to reach. But I don't want to race this in to 4.7, we need to think about this. |
Some users need to be able to specify the v4 and v6 join subnets to use for ovn-k. In particular, they may be already using the ones that ovn-k uses as default, and they need a way to be able to specify a different set of subnets as join subnets. This commit creates the config option for the same. Eventually this will be consumed by the CNO using rendered bootstrap data and passed to the ovn-k daemonsets. Signed-off-by: Aniket Bhat <anbhat@redhat.com>
|
This is really an ugly implementation detail that no user should ever have to think about. It would be better if we could find some way to not need a separate CIDR for this. Like, maybe ovn-kubernetes could just use the highest-numbered subnet from the cluster network CIDR or something like that? |
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
@danwinship agreed it's an implementation detail that customer should not have to think about and ideally the knob should not be there. But we do allow for adding cluster CIDR and there is a potential for user-configured CIDR to step on the one we choose, unless CNO can validate addition of extra cluster CIDRs against the one we have allocated for the join subnet. Maybe all the logic can stay in CNO. wdyt? /hold |
openshift-ci-robot
added
the
do-not-merge/hold
no, I mean, if you say then we assign |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
@abhat: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
needs-rebase
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci
bot
removed
the
lifecycle/stale
openshift-ci
bot
added
the
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@abhat: This pull request references Bugzilla bug 1894268. The bug has been updated to no longer refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
7 participants
Some users need to be able to specify the v4 and v6 join subnets
to use for ovn-k. In particular, they may be already using the
ones that ovn-k uses as default, and they need a way to be able to
specify a different set of subnets as join subnets. This PR
creates the config option for the same. Eventually this will be
consumed by the CNO using rendered bootstrap data and passed
to the ovn-k daemonsets.
Signed-off-by: Aniket Bhat anbhat@redhat.com