ovn custom geneve port number

SDN-494 - ovn custom geneve port number. https://jira.coreos.com/browse/SDN-494 Signed-off-by: Phil Cameron <pcameron@redhat.com>
openshift · Oct 8, 2019 · 088c93c · 088c93c
1 parent 9e05530
commit 088c93c
Show file tree

Hide file tree

Showing 6 changed files with 91 additions and 13 deletions.
diff --git a/HACKING.md b/HACKING.md
@@ -46,7 +46,7 @@ _output/linux/amd64/cluster-network-renderer --config sample-config.yaml --out o
 ```
 
 ### Building images
-By default, podman is used to build images. 
+By default, podman is used to build images.
 
 ```
 ./hack/build-image.sh
@@ -171,3 +171,27 @@ podman push ${REGISTRY}/origin-node:latest
 ```
 echo "NODE_IMAGE=${REGISTRY}/origin-node:latest" >> ${CLUSTER_DIR}/env.sh
 ```
+
+# OVN - Change Geneve Port
+The default geneve port is UDP 6081. OpenShift moves it to UDP 9081. If you want to
+move it to a different port, add the following file to the manifests generated by
+```
+openshift-install create manifests
+```
+
+```
+${CLUSTER_DIR}/manifests/cluster-network-03-config.yml
+apiVersion: operator.openshift.io/v1
+kind: Network
+metadata:
+  name: cluster
+spec:
+  defaultNetwork:
+    type: OVNKubernetes
+    ovnKubernetesConfig:
+      genevePort: 9081
+```
+
+editing genevePort as needed.
+
+
diff --git a/README.md b/README.md
@@ -132,8 +132,9 @@ spec:
 ```
 
 ### Configuring OVNKubernetes
-OVNKubernetes supports the following configuration options, all of which are optional:
+OVNKubernetes supports the following configuration options, all of which are optional and once set at cluster creation, they can't be changed:
 * `MTU`: The MTU to use for the geneve overlay. The default is the MTU of the node that the cluster-network-operator is first run on, minus 100 bytes for geneve overhead. If the nodes in your cluster don't all have the same MTU then you may need to set this explicitly.
+* `genevePort`: The UDP port to use for the Geneve overlay. The default is 6081, on OpenShift the default is 9081.
 
 These configuration flags are only in the Operator configuration object.
 
@@ -144,6 +145,7 @@ spec:
     type: OVNKubernetes
     ovnKubernetesConfig:
       mtu: 1400
+      genevePort: 9081
 ```
 
 Additionally, you can configure per-node verbosity for ovn-kubernetes. This is useful
@@ -366,7 +368,7 @@ spec:
 The operator is expected to run as a pod (via a Deployment) inside a kubernetes cluster. It will retrieve the configuration above and reconcile the desired configuration. A suitable manifest for running the operator is located in `manifests/`.
 
 ## Unsafe changes
-Most network changes are unsafe to roll out to a production cluster. Therefore, the network operator will stop reconciling if it detects that an unsafe change has been requested. 
+Most network changes are unsafe to roll out to a production cluster. Therefore, the network operator will stop reconciling if it detects that an unsafe change has been requested.
 
 ### Safe changes to apply:
 It is safe to edit the following fields in the Operator configuration:

diff --git a/manifests/0000_70_cluster-network-operator_01_crd.yaml b/manifests/0000_70_cluster-network-operator_01_crd.yaml
@@ -61,6 +61,9 @@ spec:
                 ovnKubernetesConfig:
                   type: object
                   properties:
+                    genevePort:
+                      type: integer
+                      minimum: 0
                     mtu:
                       type: integer
                       minimum: 0

diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go
@@ -38,6 +38,7 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, manifestDir string) ([]*uns.U
 	data.Data["KUBERNETES_SERVICE_PORT"] = os.Getenv("KUBERNETES_SERVICE_PORT")
 	data.Data["K8S_APISERVER"] = fmt.Sprintf("https://%s:%s", os.Getenv("KUBERNETES_SERVICE_HOST"), os.Getenv("KUBERNETES_SERVICE_PORT"))
 	data.Data["MTU"] = c.MTU
+	data.Data["GenevePort"] = c.GenevePort
 	data.Data["CNIConfDir"] = pluginCNIConfDir(conf)
 	data.Data["CNIBinDir"] = CNIBinDir
 	data.Data["OVN_NB_PORT"] = OVN_NB_PORT
@@ -87,6 +88,9 @@ func validateOVNKubernetes(conf *operv1.NetworkSpec) []error {
 		if oc.MTU != nil && (*oc.MTU < 576 || *oc.MTU > 65536) {
 			out = append(out, errors.Errorf("invalid MTU %d", *oc.MTU))
 		}
+		if oc.GenevePort != nil && (*oc.GenevePort < 1 || *oc.GenevePort > 65535) {
+			out = append(out, errors.Errorf("invalid GenevePort %d", *oc.GenevePort))
+		}
 	}
 
 	return out
@@ -97,11 +101,22 @@ func validateOVNKubernetes(conf *operv1.NetworkSpec) []error {
 func isOVNKubernetesChangeSafe(prev, next *operv1.NetworkSpec) []error {
 	pn := prev.DefaultNetwork.OVNKubernetesConfig
 	nn := next.DefaultNetwork.OVNKubernetesConfig
+	errs := []error{}
 
 	if reflect.DeepEqual(pn, nn) {
 		return []error{}
 	}
-	return []error{errors.Errorf("cannot change ovn-kubernetes configuration")}
+
+	// deepequal is nil-safe
+	if !reflect.DeepEqual(pn.GenevePort, nn.GenevePort) {
+		errs = append(errs, errors.Errorf("cannot change ovn-kubernetes genevePort"))
+	}
+
+	if !reflect.DeepEqual(pn.MTU, nn.MTU) {
+		errs = append(errs, errors.Errorf("cannot change ovn-kubernetes mtu"))
+	}
+
+	return errs
 }
 
 func fillOVNKubernetesDefaults(conf, previous *operv1.NetworkSpec, hostMTU int) {
@@ -110,16 +125,21 @@ func fillOVNKubernetesDefaults(conf, previous *operv1.NetworkSpec, hostMTU int)
 	}
 
 	sc := conf.DefaultNetwork.OVNKubernetesConfig
-	// MTU is currently the only field we pull from previous.
-	// If it's not supplied, we infer it from  the node on which we're running.
+	// MTU  and GenevePort are currently the only fields we pull from previous.
+	// If MTU is not supplied, we infer it from  the node on which we're running.
 	// However, this can never change, so we always prefer previous.
 	if sc.MTU == nil {
 		var mtu uint32 = uint32(hostMTU) - 100 // 100 byte geneve header
-		if previous != nil && previous.DefaultNetwork.OVNKubernetesConfig != nil {
+		if previous != nil && previous.DefaultNetwork.OVNKubernetesConfig != nil &&
+			previous.DefaultNetwork.OVNKubernetesConfig.MTU != nil {
 			mtu = *previous.DefaultNetwork.OVNKubernetesConfig.MTU
 		}
 		sc.MTU = &mtu
 	}
+	if sc.GenevePort == nil {
+		var geneve uint32 = uint32(9081)
+		sc.GenevePort = &geneve
+	}
 }
 
 func networkPluginName() string {

diff --git a/pkg/network/ovn_kubernetes_test.go b/pkg/network/ovn_kubernetes_test.go
@@ -11,6 +11,8 @@ import (
 	. "github.com/onsi/gomega"
 )
 
+// vars
+var g = uint32(8061)
 var OVNKubernetesConfig = operv1.Network{
 	Spec: operv1.NetworkSpec{
 		ServiceNetwork: []string{"172.30.0.0/16"},
@@ -25,8 +27,10 @@ var OVNKubernetesConfig = operv1.Network{
 			},
 		},
 		DefaultNetwork: operv1.DefaultNetworkDefinition{
-			Type:                operv1.NetworkTypeOVNKubernetes,
-			OVNKubernetesConfig: &operv1.OVNKubernetesConfig{},
+			Type: operv1.NetworkTypeOVNKubernetes,
+			OVNKubernetesConfig: &operv1.OVNKubernetesConfig{
+				GenevePort: &g,
+			},
 		},
 	},
 }
@@ -99,6 +103,7 @@ func TestFillOVNKubernetesDefaults(t *testing.T) {
 
 	// vars
 	m := uint32(8900)
+	p := uint32(9081)
 
 	expected := operv1.NetworkSpec{
 		ServiceNetwork: []string{"172.30.0.0/16"},
@@ -115,7 +120,8 @@ func TestFillOVNKubernetesDefaults(t *testing.T) {
 		DefaultNetwork: operv1.DefaultNetworkDefinition{
 			Type: operv1.NetworkTypeOVNKubernetes,
 			OVNKubernetesConfig: &operv1.OVNKubernetesConfig{
-				MTU: &m,
+				MTU:        &m,
+				GenevePort: &p,
 			},
 		},
 	}
@@ -149,6 +155,11 @@ func TestValidateOVNKubernetes(t *testing.T) {
 	ovnConfig.MTU = &mtu
 	errExpect("invalid MTU 70000")
 
+	// set geneve port to insanity
+	geneve := uint32(70001)
+	ovnConfig.GenevePort = &geneve
+	errExpect("invalid GenevePort 70001")
+
 	config.ClusterNetwork = nil
 	errExpect("ClusterNetworks cannot be empty")
 }
@@ -167,8 +178,12 @@ func TestOVNKubernetesIsSafe(t *testing.T) {
 	// change the mtu
 	mtu := uint32(70000)
 	next.DefaultNetwork.OVNKubernetesConfig.MTU = &mtu
-	errs = isOVNKubernetesChangeSafe(prev, next)
-	g.Expect(errs).To(HaveLen(1))
 
-	g.Expect(errs[0]).To(MatchError("cannot change ovn-kubernetes configuration"))
+	// change the geneve port
+	geneve := uint32(70001)
+	next.DefaultNetwork.OVNKubernetesConfig.GenevePort = &geneve
+	errs = isOVNKubernetesChangeSafe(prev, next)
+	g.Expect(errs).To(HaveLen(2))
+	g.Expect(errs[0]).To(MatchError("cannot change ovn-kubernetes genevePort"))
+	g.Expect(errs[1]).To(MatchError("cannot change ovn-kubernetes mtu"))
 }
diff --git a/sample-ovn-config.yaml b/sample-ovn-config.yaml
@@ -0,0 +1,14 @@
+apiVersion: "operator.openshift.io/v1"
+kind: "Network"
+metadata:
+  name: "cluster"
+spec:
+  serviceNetwork:
+    - "172.30.0.0/16"
+  clusterNetwork:
+    - cidr: "10.128.0.0/14"
+      hostPrefix: 23
+  defaultNetwork:
+    type: OVNKubernetes
+    ovnKubernetesConfig:
+      genevePort: 9081