Merge branch 'master' into migration

openshift · Sep 23, 2020 · 111cf18 · 111cf18
2 parents 81fcbeb + fb76143
commit 111cf18
Show file tree

Hide file tree

Showing 9 changed files with 210 additions and 50 deletions.
diff --git a/Dockerfile.rhel7 b/Dockerfile.rhel7
@@ -1,4 +1,4 @@
-FROM registry.svc.ci.openshift.org/ocp/builder:rhel-8-golang-openshift-4.6 AS builder
+FROM registry.svc.ci.openshift.org/ocp/builder:rhel-8-golang-1.15-openshift-4.6 AS builder
 WORKDIR /go/src/github.com/openshift/cluster-network-operator
 COPY . .
 RUN hack/build-go.sh; \

diff --git a/bindata/network/kuryr/005-daemon.yaml b/bindata/network/kuryr/005-daemon.yaml
@@ -26,15 +26,14 @@ spec:
       priorityClassName: system-node-critical
       initContainers:
         - name: block-mcs
-          image: {{ .CNIPluginsImage }}
           securityContext:
             privileged: true
+          image: {{ .DaemonImage }}
           command:
           - /bin/sh
           - -c
           - |
             #!/bin/sh
-
             set -x -e
 
             # Block MCS
@@ -48,6 +47,12 @@ spec:
             ip6tables -A OUTPUT -p tcp -m tcp --dport 22624 -j REJECT || true
             ip6tables -A FORWARD -p tcp -m tcp --dport 22623 -j REJECT || true
             ip6tables -A FORWARD -p tcp -m tcp --dport 22624 -j REJECT || true
+          volumeMounts:
+          # for the iptables wrapper
+          - mountPath: /host
+            name: host-slash
+            readOnly: true
+            mountPropagation: HostToContainer
       containers:
       - name: kuryr-cni
         image: {{ .DaemonImage }}
@@ -103,6 +108,9 @@ spec:
         - name: metrics-port
           containerPort: 9655
       volumes:
+      - name: host-slash
+        hostPath:
+          path: /
       - name: bin
         hostPath:
           path: {{.CNIBinDir}}

diff --git a/bindata/network/openshift-sdn/001-crd.yaml b/bindata/network/openshift-sdn/001-crd.yaml
@@ -393,7 +393,7 @@ spec:
                 - type
                 type: object
               type: array
-              maxItems: 50
+              maxItems: 1000
           required:
           - egress
           type: object

diff --git a/bindata/network/ovn-kubernetes/004-config.yaml b/bindata/network/ovn-kubernetes/004-config.yaml
@@ -16,10 +16,23 @@ data:
     service-cidrs="{{.OVN_service_cidr}}"
     ovn-config-namespace="openshift-ovn-kubernetes"
     apiserver="{{.K8S_APISERVER}}"
+{{- if .OVNHybridOverlayEnable }}
+    no-hostsubnet-nodes="kubernetes.io/os=windows"
+{{- end  }}
 
     [ovnkubernetesfeature]
     enable-egress-ip=true
 
     [gateway]
     mode=local
     nodeport=true
+{{ if .OVNHybridOverlayEnable }}
+    [hybridoverlay]
+    enabled=true
+    {{- if .OVNHybridOverlayNetCIDR }}
+    cluster-subnets="{{.OVNHybridOverlayNetCIDR}}"
+    {{- end }}
+    {{- if .OVNHybridOverlayVXLANPort}}
+    hybrid-overlay-vxlan-port="{{.OVNHybridOverlayVXLANPort}}"
+    {{- end }}
+{{- end  }}
diff --git a/bindata/network/ovn-kubernetes/ovnkube-master.yaml b/bindata/network/ovn-kubernetes/ovnkube-master.yaml
@@ -528,24 +528,13 @@ spec:
             set +o allexport
           fi
 
-          hybrid_overlay_flags=
-          if [[ -n "{{.OVNHybridOverlayEnable }}" ]]; then
-            hybrid_overlay_flags="--enable-hybrid-overlay --no-hostsubnet-nodes=kubernetes.io/os=windows"
-            if [[ -n "{{.OVNHybridOverlayNetCIDR}}" ]]; then
-              hybrid_overlay_flags="${hybrid_overlay_flags} --hybrid-overlay-cluster-subnets={{.OVNHybridOverlayNetCIDR}}"
-            fi
-            if [[ -n "{{.OVNHybridOverlayVXLANPort}}" ]]; then
-              hybrid_overlay_flags="${hybrid_overlay_flags} --hybrid-overlay-vxlan-port={{.OVNHybridOverlayVXLANPort}}"
-            fi
-          fi
-
           gateway_mode_flags=
           # Check to see if ovs is provided by the node. This is only for upgrade from 4.5->4.6 or
           # openshift-sdn to ovn-kube conversion
           if grep -q OVNKubernetes /etc/systemd/system/ovs-configuration.service ; then
-            gateway_mode_flags="--gateway-mode shared --gateway-interface br-ex"
+            gateway_mode_flags="--gateway-mode local --gateway-interface br-ex"
           else
-            gateway_mode_flags="--gateway-mode local"
+            gateway_mode_flags="--gateway-mode local --gateway-interface none"
           fi
 
           # start nbctl daemon for caching
@@ -564,7 +553,6 @@ spec:
             --config-file=/run/ovnkube-config/ovnkube.conf \
             --ovn-empty-lb-events \
             --loglevel "${OVN_KUBE_LOG_LEVEL}" \
-            ${hybrid_overlay_flags} \
             --metrics-bind-address "127.0.0.1:29102" \
             ${gateway_mode_flags} \
             --sb-address "{{.OVN_SB_DB_LIST}}" \

diff --git a/bindata/network/ovn-kubernetes/ovnkube-node.yaml b/bindata/network/ovn-kubernetes/ovnkube-node.yaml
@@ -119,24 +119,14 @@ spec:
           done
 
           echo "I$(date "+%m%d %H:%M:%S.%N") - starting ovnkube-node db_ip ${db_ip}"
-          hybrid_overlay_flags=
-          if [[ -n "{{.OVNHybridOverlayEnable}}" ]]; then
-            hybrid_overlay_flags="--enable-hybrid-overlay --no-hostsubnet-nodes=kubernetes.io/os=windows"
-            if [[ -n "{{.OVNHybridOverlayNetCIDR}}" ]]; then
-              hybrid_overlay_flags="${hybrid_overlay_flags} --hybrid-overlay-cluster-subnets={{.OVNHybridOverlayNetCIDR}}"
-            fi
-            if [[ -n "{{.OVNHybridOverlayVXLANPort}}" ]]; then
-              hybrid_overlay_flags="${hybrid_overlay_flags} --hybrid-overlay-vxlan-port={{.OVNHybridOverlayVXLANPort}}"
-            fi
-          fi
 
           gateway_mode_flags=
           # Check to see if ovs is provided by the node. This is only for upgrade from 4.5->4.6 or
           # openshift-sdn to ovn-kube conversion
           if grep -q OVNKubernetes /etc/systemd/system/ovs-configuration.service ; then
-            gateway_mode_flags="--gateway-mode shared --gateway-interface br-ex"
+            gateway_mode_flags="--gateway-mode local --gateway-interface br-ex"
           else
-            gateway_mode_flags="--gateway-mode local"
+            gateway_mode_flags="--gateway-mode local --gateway-interface none"
           fi
 
           exec /usr/bin/ovnkube --init-node "${K8S_NODE}" \
@@ -153,7 +143,6 @@ spec:
             --config-file=/run/ovnkube-config/ovnkube.conf \
             --loglevel "${OVN_KUBE_LOG_LEVEL}" \
             --inactivity-probe="${OVN_CONTROLLER_INACTIVITY_PROBE}" \
-            ${hybrid_overlay_flags} \
             ${gateway_mode_flags} \
             --metrics-bind-address "127.0.0.1:29103"
         env:

diff --git a/manifests/0000_70_cluster-network-operator_01_pki_crd.yaml b/manifests/0000_70_cluster-network-operator_01_pki_crd.yaml
@@ -13,6 +13,7 @@ spec:
     plural: operatorpkis
     singular: operatorpki
   scope: Namespaced
+  preserveUnknownFields: false
   validation:
     openAPIV3Schema:
       description: "OperatorPKI is a simple certificate authority. It is not intended

diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go
@@ -101,10 +101,10 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo
 		} else {
 			data.Data["OVNHybridOverlayVXLANPort"] = ""
 		}
-		data.Data["OVNHybridOverlayEnable"] = "true"
+		data.Data["OVNHybridOverlayEnable"] = true
 	} else {
 		data.Data["OVNHybridOverlayNetCIDR"] = ""
-		data.Data["OVNHybridOverlayEnable"] = ""
+		data.Data["OVNHybridOverlayEnable"] = false
 		data.Data["OVNHybridOverlayVXLANPort"] = ""
 	}