udn: set persistentIPs for UDN ifaces #4651
Conversation
tssurya
added
the
feature/user-defined-network-segmentation
maiqueb
force-pushed
the
udn-persistentips
branch
from
37a6bae
to
cbb1a8b
Compare
github-actions
bot
added
area/e2e-testing
feature/kubevirt-live-migration
maiqueb
force-pushed
the
udn-persistentips
branch
from
cbb1a8b
to
4c01618
Compare
maiqueb
force-pushed
the
udn-persistentips
branch
2 times, most recently
from
18b8b0f
to
6fb32d4
Compare
github-actions
bot
added
the
area/unit-testing
Yes. But since we have no documentation about primary UDN, it feels very weird to add it. Once that exists, I will explain the annotation. |
maiqueb
force-pushed
the
udn-persistentips
branch
from
a55e77e
to
b2d0757
Compare
|
One other question: Would it have been theoretically possible to use the ipam claim reference in a network selection element for the default network (instead of this new annotation) leveraging |
Not sure ... how would that play along for the rest of the synthetic network selection element we are using to attach to UDN ? For UDN pods, we'd use the synthetic network-selection-element, for UDN VMs we'd use this explicitly defined network-selection-element ?... We'd merge the synthetic NSE w/ the existing one ?... Maybe it's me, but it sounds more complex. |
maiqueb
force-pushed
the
udn-persistentips
branch
from
b2d0757
to
a524394
Compare
I am not sure what's the synthetic network selection element used for, but that looks like an implementation detail. I would value more having a consistent API for our users. |
It's how we're requesting the UDN interface attachment without persistent IPs. Meaning, the API is not consistent now. I don't think that can converge in this PR. |
But you mean completely internal to OVN-K, we are not using it as an API to interface with any other external component. Or what does synthetic refer to in this context?
The IPAM claim reference API could be consistent because it would be the same for secondary and primary networks. Not for this PR, but maybe worth exploring before the final integration. |
Yes, but, I think that by making that API consistent, you are then making the UDN API inconsistent - if persistent IPs are used, we require a network selection element; if not, we'd just annotate the namespace.
This would |
maiqueb
force-pushed
the
udn-persistentips
branch
from
a524394
to
ea1dbc2
Compare
The network selection element would not replace the namespace annotation, that is just a shortcut to default a different network in your namespace (so more akin to a shortcut for |
Right now, it is impossible to refer to a primary UDN via network-selection-element. We disallow that explicitly in the code. This will need to be discussed, but, I agree it could be a more generic way to extend the primary UDN in a per pod way. SR-IOV and persistent IPs would not be that different - I agree with you. I think I start to see your point. I will consider this option in the enhancement. Thanks for raising it. |
maiqueb
force-pushed
the
udn-persistentips
branch
from
ea1dbc2
to
541ca21
Compare
|
|
The upgrade test is flaking on #4481; updated that issue. |
maiqueb
force-pushed
the
udn-persistentips
branch
from
d5dc60c
to
a42123a
Compare
maiqueb
force-pushed
the
udn-persistentips
branch
2 times, most recently
from
cf318ce
to
46dc6a0
Compare
|
/lgtm The kubevirt issues were related to #4625 |
|
Fixed the errors in the kubevirt lane, introduced after rebasing #4625 (since we were testing a dual stack UDN in an IPv4 cluster) in this forced push. |
Thanks for the help !!! 🚀 |
maiqueb
force-pushed
the
udn-persistentips
branch
2 times, most recently
from
77e40be
to
c3f1e7e
Compare
When deploying the kind cluster, in order to allow running VMs with primary-UDN, the kubevirt CR is patched with: - NetworkBindingPlugins feature gate. - the passt network binding Signed-off-by: Ram Lavi <[email protected]>
Co-authored-by: Miguel Duarte Barroso <[email protected]> Signed-off-by: Ram Lavi <[email protected]>
Signed-off-by: Ram Lavi <[email protected]>
Separating two different installations into different functions. In future commit this will allow deploying kubevirt-ipam separately when needed. Signed-off-by: Ram Lavi <[email protected]>
Although they usually deployed together, ipam may sometimes need to be deployed out of band for dev purposes. For this purpose, introducing an opt-out flag that will prevent installing the latest ipam-controller while still installing cert-manager. Signed-off-by: Ram Lavi <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
As a bonus add some coverage to the function that generates the syntetic network selection element we use to request the primary UDN attachment. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Enrique Llorente <[email protected]>
Co-authored-by: Miguel Duarte Barroso <[email protected]> Signed-off-by: Enrique Llorente <[email protected]>
Signed-off-by: Enrique Llorente <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
maiqueb
force-pushed
the
udn-persistentips
branch
from
c3f1e7e
to
2bc5b2c
Compare
|
lane e2e (external-gateway, noHA, shared, ipv4, noSnatGW, 2br, ic-single-node-zones) failed on a known flake: #4432 lane e2e (control-plane, noHA, shared, ipv6, noSnatGW, 2br, ic-single-node-zones, enable-dns-name-reso failed on known flake #4144 |
What this PR does and why is it needed
This PR looks for a special annotation on pods, where KubeVirt (or an agent on behalf of KubeVirt) will indicate what is the name of the
IPAMClaimused for the primary UDN interface.An alternative would be to use an hard-coded value, but then we wouldn't be able to distinguish between a pod and a VM, and we do not want to abuse reading the KubeVirt label.
Which issue(s) this PR fixes
Fixes #
Special notes for reviewers
Pending adding the CI requirements, ensuring kubevirt e2e tests are run.
How to verify it
Details to documentation updates
Description for the changelog
Configure persistent IPs on UDN networks when requested
Does this PR introduce a user-facing change?