-
Notifications
You must be signed in to change notification settings - Fork 338
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
udn: set persistentIPs for UDN ifaces #4651
Conversation
37a6bae
to
cbb1a8b
Compare
cbb1a8b
to
4c01618
Compare
18b8b0f
to
6fb32d4
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will we have integration docs for this new annotation?
Yes. But since we have no documentation about primary UDN, it feels very weird to add it. Once that exists, I will explain the annotation. |
a55e77e
to
b2d0757
Compare
One other question: Would it have been theoretically possible to use the ipam claim reference in a network selection element for the default network (instead of this new annotation) leveraging |
Not sure ... how would that play along for the rest of the synthetic network selection element we are using to attach to UDN ? For UDN pods, we'd use the synthetic network-selection-element, for UDN VMs we'd use this explicitly defined network-selection-element ?... We'd merge the synthetic NSE w/ the existing one ?... Maybe it's me, but it sounds more complex. |
b2d0757
to
a524394
Compare
I am not sure what's the synthetic network selection element used for, but that looks like an implementation detail. I would value more having a consistent API for our users. |
It's how we're requesting the UDN interface attachment without persistent IPs. Meaning, the API is not consistent now. I don't think that can converge in this PR. |
But you mean completely internal to OVN-K, we are not using it as an API to interface with any other external component. Or what does synthetic refer to in this context?
The IPAM claim reference API could be consistent because it would be the same for secondary and primary networks. Not for this PR, but maybe worth exploring before the final integration. |
Yes, but, I think that by making that API consistent, you are then making the UDN API inconsistent - if persistent IPs are used, we require a network selection element; if not, we'd just annotate the namespace.
This would |
a524394
to
ea1dbc2
Compare
The network selection element would not replace the namespace annotation, that is just a shortcut to default a different network in your namespace (so more akin to a shortcut for |
Right now, it is impossible to refer to a primary UDN via network-selection-element. We disallow that explicitly in the code. This will need to be discussed, but, I agree it could be a more generic way to extend the primary UDN in a per pod way. SR-IOV and persistent IPs would not be that different - I agree with you. I think I start to see your point. I will consider this option in the enhancement. Thanks for raising it. |
ea1dbc2
to
541ca21
Compare
|
The upgrade test is flaking on #4481; updated that issue. |
d5dc60c
to
a42123a
Compare
cf318ce
to
46dc6a0
Compare
/lgtm The kubevirt issues were related to #4625 |
Fixed the errors in the kubevirt lane, introduced after rebasing #4625 (since we were testing a dual stack UDN in an IPv4 cluster) in this forced push. |
Thanks for the help !!! 🚀 |
77e40be
to
c3f1e7e
Compare
When deploying the kind cluster, in order to allow running VMs with primary-UDN, the kubevirt CR is patched with: - NetworkBindingPlugins feature gate. - the passt network binding Signed-off-by: Ram Lavi <[email protected]>
Co-authored-by: Miguel Duarte Barroso <[email protected]> Signed-off-by: Ram Lavi <[email protected]>
Signed-off-by: Ram Lavi <[email protected]>
Separating two different installations into different functions. In future commit this will allow deploying kubevirt-ipam separately when needed. Signed-off-by: Ram Lavi <[email protected]>
Although they usually deployed together, ipam may sometimes need to be deployed out of band for dev purposes. For this purpose, introducing an opt-out flag that will prevent installing the latest ipam-controller while still installing cert-manager. Signed-off-by: Ram Lavi <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
As a bonus add some coverage to the function that generates the syntetic network selection element we use to request the primary UDN attachment. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Enrique Llorente <[email protected]>
Co-authored-by: Miguel Duarte Barroso <[email protected]> Signed-off-by: Enrique Llorente <[email protected]>
Signed-off-by: Enrique Llorente <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
c3f1e7e
to
2bc5b2c
Compare
lane e2e (external-gateway, noHA, shared, ipv4, noSnatGW, 2br, ic-single-node-zones) failed on a known flake: #4432 lane e2e (control-plane, noHA, shared, ipv6, noSnatGW, 2br, ic-single-node-zones, enable-dns-name-reso failed on known flake #4144 |
What this PR does and why is it needed
This PR looks for a special annotation on pods, where KubeVirt (or an agent on behalf of KubeVirt) will indicate what is the name of the
IPAMClaim
used for the primary UDN interface.An alternative would be to use an hard-coded value, but then we wouldn't be able to distinguish between a pod and a VM, and we do not want to abuse reading the KubeVirt label.
Which issue(s) this PR fixes
Fixes #
Special notes for reviewers
Pending adding the CI requirements, ensuring kubevirt e2e tests are run.
How to verify it
Details to documentation updates
Description for the changelog
Configure persistent IPs on UDN networks when requested
Does this PR introduce a user-facing change?