forked from ovn-org/ovn-kubernetes
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bgp e2e #21
Open
jcaamano
wants to merge
65
commits into
master
Choose a base branch
from
bgp-e2e
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In our e2e tests, a strange behaviour for ipv6 was seen: newly created pod can't reach ipv6 destination. But if the same pod is re-created, everything works. We don't know what causes that behaviour, so given function is a workaround for this issue. It also only historically fails for the first ef test "Should validate the egress firewall policy functionality for allowed IP", so only used there for now. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Martin Kennelly <mkennell@redhat.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
It allows using `*string` as a client index. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Use freshly-baked libovsdb functionality to index ACLs by sample_new and sample_est. This allows to avoid expensive predicate search. Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Signed-off-by: Nadia Pinaeva <n.m.pinaeva@gmail.com>
Prior to this PR, we may try to insert a rule to jump to a chain that doesn't exist. Signed-off-by: Martin Kennelly <mkennell@redhat.com>
Emit Event if NAD cannot be parsed
ensure that user defined networks are using ipfamilies that the cluster supports Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
currently the udn/nad primary network e2e testing does nothing to check to state of the cluster before creating the network. This makes it possible to test primary networks with ip families that the underlying cluster does not support which is not possible. This commit ensures that e2e testing will only create primary networks that conform to the cluster being tested Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
UDN LGW: ensure masq chain exists before adding rules
Signed-off-by: Enrique Llorente <ellorent@redhat.com>
adding testing using User Defined Network objects to pod2Egress testing and "isolates overlapping CIDRs" tests Signed-off-by: Jacob Tanenbaum <jtanenba@redhat.com>
This commit is to add some unit tests to make sure proper NAT entries are being created i NBDB while DisableSNATMultipleGWs is set to true. Signed-off-by: Arnab Ghosh <arnabghosh89@gmail.com>
corrections to user defined networking
Add unit tests for UDN while DS is true
We were setting the hostSubnet as the clusterSubnet for UDN L3 which was creating wrong routes in ovn cluster router for UDN Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
Since hostSubnets was getting feeded as clusterSubnet when I fixed the hostSubnet in the previous commit we started to break GR routes Let's also fix that back up. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
UTs were silently translating /16 to /24 which was not correct. Let's make the L3 tests pass the nodesubnet in as well to atleast make it more transparent which is what. Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
OVN-Observability: enable sampling-based observability
UDN: L3: Use nodesubnet annotations for L3; not clustersubnet from NAD
* gateway manager not accounting for different join subnets of UDNs * tests not expecting the join subnet SNAT when pods snats were disabled * tests misleadingly naming join ip to the ovn masquerade ip Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
* L3 tests with duplicated names * L2 duplicated tests of which some were intended to test something else * L2 secondary tests annotating the wrong IP under the assumption that mgmt and gw IPs would be allocated Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
To avoid being affected by potential dev breakage. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
UDN gateway & test fixes
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Adds to NetInfo the concept of reconcilable network information. This is network information that can change dynamically and network controllers should be able to reconcile. This includes NADs which is information that network controllers should have already been capable of reconciling although they currently don't (for example, for multinetwork policies). Also includes VRFs the network is leaking/advertising to, per node, that network controllers need to be aware of and rec0oncile as it changes. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Add the ability for network controllers to reconcile some network information changes. Currently just changes of the VRFs the network is leaking/advertising to. Support for reconciling NAD changes is not included in this commit. Currently reconciles if the network is advertised or not: - for OVN network controller to configure or not the pod IP to node IP SNAT on the GR for a node of its zone - for node network controller to configure or not br-ex flows to redirect pod IP ingress traffic to the OVN network This should be enough to provide direct ingress capabilities for the default network in SGW mode. Note that secondary network controllers don't reconcile anything as route advertising is not supported on them. Also cluster manager network controllers don't reconcile much as they don't have the need. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
The plan is for the NAD controller to fetch route advertising information on behalf of network controllers. It will have to do so for the default network as well and will need access to its network controller to reconcile that information. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
As node controllers will need to be informed of related events in new level driven controllers to come. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
This annotation will be set by a future cluster manager controller on the NADs and will list the names of route advertisements that apply to the given NAD. This will ease processing time of other zone/node controllers that need to track which route advertisements apply to a network avoiding them from processing all route advertisements on each of their reconciliation loops. Note that this will happen for the default network as well. For that probably a dummy NAD on ovn-kubernetes namespace is the best option. Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
The network manager running within the NAD controller will, upon ensuring a network, fetch the VRFs per node a pod network is being leaked/advertised to from the applicable route advertisements configuration, and include it in the network information used when creating a network controller, or triggering a reconciliation if it was already running. This relies on annotations set by cluster manager on NADs pointing to the route advertising configuration that applies to the network which will come in a future PR/commit. This includes the default network for which the ever existing default network controller is used (instead of creating a new network controller). If necessary, it is assumed that cluster manager will create a dummy NAD for the default network in ovn-k namespace to set annotations on. If no NADs for the default network exist or if they have no annotations, network manager will reconcile the default network to a default configuration (instead of destroying the network controller). Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
For go-controller: go get k8s.io/api v0.31.0 go get k8s.io/apimachinery v0.31.0 go get k8s.io/client-go v0.31.0 go get k8s.io/component-helpers v0.31.0 go get k8s.io/kubernetes v1.31.0 go get k8s.io/apiextensions-apiserver v0.31.0 // indirect go get k8s.io/component-base v0.31.0 // indirect go get sigs.k8s.io/controller-runtime v0.19.0 go mod vendor && go mod tidy Fixed API changes and updated codegen For e2e tests: go get k8s.io/api v0.31.0 go get k8s.io/apimachinery v0.31.0 go get k8s.io/client-go v0.31.0 go get k8s.io/klog v1.0.0 go get k8s.io/kubernetes v1.31.0 go get k8s.io/pod-security-admission v0.31.0 go get k8s.io/apiextensions-apiserver v0.31.0 go get k8s.io/apiserver v0.31.0 go get k8s.io/cloud-provider v0.31.0 go get k8s.io/component-base v0.31.0 go get k8s.io/component-helpers v0.31.0 go get k8s.io/controller-manager v0.31.0 go get k8s.io/kms v0.31.0 go get k8s.io/kubelet v0.31.0 go get k8s.io/kubectl v0.31.0 (konnectivity-client is not at 0.31 yet) Fixed API changes Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does and why is it needed
Which issue(s) this PR fixes
Fixes #
Special notes for reviewers
How to verify it
Details to documentation updates
Description for the changelog
Does this PR introduce a user-facing change?