Skip to content

Commit

Permalink
Merge pull request ovn-org#4615 from ormergi/udn-crd-no-localnet
Browse files Browse the repository at this point in the history
networksegmentation,UDN CRD: Remove localnet
  • Loading branch information
tssurya authored Aug 21, 2024
2 parents b6d014a + fc7d24b commit 260bfbe
Show file tree
Hide file tree
Showing 8 changed files with 9 additions and 348 deletions.
85 changes: 1 addition & 84 deletions dist/templates/k8s.ovn.org_userdefinednetworks.yaml.j2
Original file line number Diff line number Diff line change
Expand Up @@ -188,96 +188,17 @@ spec:
- message: JoinSubnets is only supported for Primary network
rule: '!has(self.joinSubnets) || has(self.role) && self.role ==
''Primary'''
localNet:
description: LocalNet is the LocalNet topology configuration.
properties:
excludeSubnets:
description: |-
ExcludeSubnets is a list of CIDRs that will be removed from the assignable IP address pool specified by the "Subnets" field.


This field is supported only when "Subnets" field is set.


In case the subject local network provides various services (e.g.: DHCP server, data-base) their addresses can be excluded
from the IP addresses pool OVN-Kubernetes will use for the subject network workloads (specified by "Subnets" field).
items:
type: string
maxItems: 25
minItems: 1
type: array
ipamLifecycle:
description: |-
IPAMLifecycle controls IP addresses management lifecycle.


The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an
`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
Only supported when "subnets" are set.
enum:
- Persistent
type: string
mtu:
description: |-
MTU is the maximum transmission unit for a network.


MTU is optional, if not provided, the globally configured value in OVN-Kubernetes (defaults to 1400) is used for the network.
format: int32
maximum: 65536
minimum: 0
type: integer
role:
description: |-
Role describes the network role in the pod.


Allowed values are "Primary" and "Secondary".
Must be set to "Secondary".
enum:
- Primary
- Secondary
type: string
subnets:
description: |-
Subnets are used for the pod network across the cluster.


Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.
The format should match standard CIDR notation <example>.
This field may be omitted.
In that case the logical switch implementing the network only provides layer 2 communication,
and users must configure IP addresses for the pods. As a consequence, Port security only prevents MAC spoofing.
items:
type: string
maxItems: 2
minItems: 1
type: array
required:
- role
type: object
x-kubernetes-validations:
- message: LocalNet topology is only supported for Secondary network
rule: self.role == 'Secondary'
- message: ExcludeSubnets is only supported when Subnets is provided
rule: '!has(self.excludeSubnets) || has(self.subnets) && size(self.subnets)
> 0'
- message: IPAMLifecycle is only supported when subnets are set
rule: '!has(self.ipamLifecycle) || has(self.subnets) && size(self.subnets)
> 0'
topology:
description: |-
Topology describes network configuration.


Allowed values are "Layer3", "Layer2", "LocalNet".
Allowed values are "Layer3", "Layer2".
Layer3 topology creates a layer 2 segment per node, each with a different subnet. Layer 3 routing is used to interconnect node subnets.
Layer2 topology creates one logical switch shared by all nodes.
LocalNet topology creates a cluster-wide logical switch connected to a physical network.
enum:
- Layer2
- Layer3
- LocalNet
type: string
required:
- topology
Expand All @@ -293,10 +214,6 @@ spec:
otherwise
rule: 'has(self.topology) && self.topology == ''Layer2'' ? has(self.layer2):
!has(self.layer2)'
- message: spec.localNet is required when topology is LocalNet and forbidden
otherwise
rule: 'has(self.topology) && self.topology == ''LocalNet'' ? has(self.localNet):
!has(self.localNet)'
status:
description: UserDefinedNetworkStatus contains the observed status of
the UserDefinedNetwork.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,8 +63,7 @@ func RenderNetAttachDefManifest(udn *userdefinednetworkv1.UserDefinedNetwork) (*

func validateTopology(udn *userdefinednetworkv1.UserDefinedNetwork) error {
if udn.Spec.Topology == userdefinednetworkv1.NetworkTopologyLayer3 && udn.Spec.Layer3 == nil ||
udn.Spec.Topology == userdefinednetworkv1.NetworkTopologyLayer2 && udn.Spec.Layer2 == nil ||
udn.Spec.Topology == userdefinednetworkv1.NetworkTopologyLocalNet && udn.Spec.LocalNet == nil {
udn.Spec.Topology == userdefinednetworkv1.NetworkTopologyLayer2 && udn.Spec.Layer2 == nil {
return fmt.Errorf("topology %[1]s is specified but %[1]s config is nil", udn.Spec.Topology)
}
return nil
Expand Down Expand Up @@ -98,13 +97,6 @@ func renderCNINetworkConfig(udn *userdefinednetworkv1.UserDefinedNetwork) (map[s
netConfSpec.AllowPersistentIPs = cfg.IPAMLifecycle == userdefinednetworkv1.IPAMLifecyclePersistent
netConfSpec.Subnets = cidrString(cfg.Subnets)
netConfSpec.JoinSubnet = cidrString(renderJoinSubnets(cfg.Role, cfg.JoinSubnets))
case userdefinednetworkv1.NetworkTopologyLocalNet:
cfg := udn.Spec.LocalNet
netConfSpec.Role = strings.ToLower(string(cfg.Role))
netConfSpec.MTU = int(cfg.MTU)
netConfSpec.AllowPersistentIPs = cfg.IPAMLifecycle == userdefinednetworkv1.IPAMLifecyclePersistent
netConfSpec.Subnets = cidrString(cfg.Subnets)
netConfSpec.ExcludeSubnets = cidrString(cfg.ExcludeSubnets)
}

if err := util.ValidateNetConf(nadName, netConfSpec); err != nil {
Expand Down Expand Up @@ -137,9 +129,6 @@ func renderCNINetworkConfig(udn *userdefinednetworkv1.UserDefinedNetwork) (map[s
if len(netConfSpec.Subnets) > 0 {
cniNetConf["subnets"] = netConfSpec.Subnets
}
if len(netConfSpec.ExcludeSubnets) > 0 {
cniNetConf["excludeSubnets"] = netConfSpec.ExcludeSubnets
}
if netConfSpec.AllowPersistentIPs {
cniNetConf["allowPersistentIPs"] = netConfSpec.AllowPersistentIPs
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,29 +30,9 @@ var _ = Describe("NetAttachDefTemplate", func() {
Entry("invalid topology: topology layer2 & layer3 config",
&udnv1.UserDefinedNetworkSpec{Topology: udnv1.NetworkTopologyLayer2, Layer3: &udnv1.Layer3Config{}},
),
Entry("invalid topology: topology layer2 & localnet config",
&udnv1.UserDefinedNetworkSpec{Topology: udnv1.NetworkTopologyLayer2, LocalNet: &udnv1.LocalNetConfig{}},
),
Entry("invalid topology: topology layer3 & layer2 config",
&udnv1.UserDefinedNetworkSpec{Topology: udnv1.NetworkTopologyLayer3, Layer2: &udnv1.Layer2Config{}},
),
Entry("invalid topology: topology layer3 & localnet config",
&udnv1.UserDefinedNetworkSpec{Topology: udnv1.NetworkTopologyLayer3, LocalNet: &udnv1.LocalNetConfig{}},
),
Entry("invalid topology: topology localnet & layer2 config",
&udnv1.UserDefinedNetworkSpec{Topology: udnv1.NetworkTopologyLocalNet, Layer2: &udnv1.Layer2Config{}},
),
Entry("invalid topology: topology localnet & layer3 config",
&udnv1.UserDefinedNetworkSpec{Topology: udnv1.NetworkTopologyLocalNet, Layer3: &udnv1.Layer3Config{}},
),
Entry("topology=localnet & role=primary",
&udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLocalNet,
LocalNet: &udnv1.LocalNetConfig{
Role: udnv1.NetworkRolePrimary,
},
},
),
Entry("invalid layer2 subnets",
&udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLayer2,
Expand All @@ -61,14 +41,6 @@ var _ = Describe("NetAttachDefTemplate", func() {
},
},
),
Entry("invalid localnet subnets",
&udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLayer2,
LocalNet: &udnv1.LocalNetConfig{
Subnets: udnv1.DualStackCIDRs{"abc"},
},
},
),
Entry("invalid layer3 cluster-subnet",
&udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLayer3,
Expand Down Expand Up @@ -127,15 +99,6 @@ var _ = Describe("NetAttachDefTemplate", func() {
},
},
),
Entry("invalid exclude subnets",
&udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLocalNet,
LocalNet: &udnv1.LocalNetConfig{
Role: udnv1.NetworkRolePrimary,
ExcludeSubnets: []udnv1.CIDR{"abc"},
},
},
),
Entry("invalid join subnets",
&udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLayer2,
Expand Down Expand Up @@ -347,29 +310,5 @@ var _ = Describe("NetAttachDefTemplate", func() {
"allowPersistentIPs": true
}`,
),
Entry("localnet topology, should set exclude-subnets",
udnv1.UserDefinedNetworkSpec{
Topology: udnv1.NetworkTopologyLocalNet,
LocalNet: &udnv1.LocalNetConfig{
Role: udnv1.NetworkRoleSecondary,
Subnets: []udnv1.CIDR{"192.168.100.0/24"},
ExcludeSubnets: []udnv1.CIDR{"192.168.100.0/31"},
MTU: 1500,
IPAMLifecycle: udnv1.IPAMLifecyclePersistent,
},
},
`{
"cniVersion": "1.0.0",
"type": "ovn-k8s-cni-overlay",
"name": "mynamespace.test-net",
"netAttachDefName": "mynamespace/test-net",
"role": "secondary",
"topology": "localnet",
"subnets": "192.168.100.0/24",
"excludeSubnets": "192.168.100.0/31",
"mtu": 1500,
"allowPersistentIPs": true
}`,
),
)
})

This file was deleted.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 260bfbe

Please sign in to comment.