Merge pull request #2516 from maiqueb/merge-20250416

CORENET-5389,OCPBUGS-51040,OCPBUGS-54577: [DownstreamMerge] 2025-04-16

Author: openshift-merge-bot[bot]

contrib/kind-helm.sh

@@ -403,7 +403,6 @@ helm install ovn-kubernetes . -f "${value_file}" \
           --set k8sAPIServer=${API_URL} \
           --set podNetwork="${NET_CIDR_IPV4}/24" \
           --set serviceNetwork=${SVC_CIDR_IPV4} \
-          --set ovnkube-identity.replicas=${MASTER_REPLICAS} \
           --set ovnkube-master.replicas=${MASTER_REPLICAS} \
           --set global.image.repository=$(get_image) \
           --set global.image.tag=$(get_tag) \

dist/templates/k8s.ovn.org_clusteruserdefinednetworks.yaml.j2

@@ -51,7 +51,7 @@ spec:
                         description: |-
                           Lifecycle controls IP addresses management lifecycle.
 
-                          The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an
+                          The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
                           `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
                           Only supported when mode is `Enabled`.
                         enum:
@@ -155,7 +155,7 @@ spec:
                 - message: JoinSubnets is only supported for Primary network
                   rule: '!has(self.joinSubnets) || has(self.role) && self.role ==
                     ''Primary'''
-                - message: MTU should be greater than or equal to 1280 when IPv6 subent
+                - message: MTU should be greater than or equal to 1280 when IPv6 subnet
                     is used
                   rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
                     isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
@@ -255,7 +255,7 @@ spec:
                 - message: JoinSubnets is only supported for Primary network
                   rule: '!has(self.joinSubnets) || has(self.role) && self.role ==
                     ''Primary'''
-                - message: MTU should be greater than or equal to 1280 when IPv6 subent
+                - message: MTU should be greater than or equal to 1280 when IPv6 subnet
                     is used
                   rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
                     isCIDR(i.cidr) && cidr(i.cidr).ip().family() == 6) || self.mtu

dist/templates/k8s.ovn.org_userdefinednetworks.yaml.j2

@@ -1,26 +1,24 @@
 # ovnkube-identity
 # starts ovnkube-identity
 # it is run on the master(s).
-kind: Deployment
+kind: DaemonSet
 apiVersion: apps/v1
 metadata:
   name: ovnkube-identity
   # namespace set up by install
   namespace: ovn-kubernetes
   annotations:
     kubernetes.io/description: |
-      This Deployment launches the ovnkube-identity networking component.
+      This DaemonSet launches the ovnkube-identity networking component on control-plane nodes.
 spec:
-  progressDeadlineSeconds: 600
-  replicas: {{ ovn_master_count | default(1|int) }}
   revisionHistoryLimit: 10
   selector:
     matchLabels:
       name: ovnkube-identity
-  strategy:
+  updateStrategy:
     rollingUpdate:
-      maxSurge: 0
-      maxUnavailable: 1
+      maxSurge: 100%
+      maxUnavailable: 0
     type: RollingUpdate
   template:
     metadata:
@@ -35,20 +33,9 @@ spec:
       serviceAccountName: ovnkube-identity
       hostNetwork: true
       dnsPolicy: Default
-
-      # required to be scheduled on a linux node with node-role.kubernetes.io/control-plane label and
-      # only one instance of ovnkube-control-plane pod per node
-      affinity:
-        nodeAffinity:
-          requiredDuringSchedulingIgnoredDuringExecution:
-            nodeSelectorTerms:
-              - matchExpressions:
-                  - key: node-role.kubernetes.io/control-plane
-                    operator: Exists
-                  - key: kubernetes.io/os
-                    operator: In
-                    values:
-                      - "linux"
+      nodeSelector:
+        node-role.kubernetes.io/control-plane: ""
+        kubernetes.io/os: "linux"
       containers:
       - name: ovnkube-identity
         image: "{{ ovn_image | default('docker.io/ovnkube/ovn-daemonset:latest') }}"

dist/templates/ovnkube-identity.yaml.j2

@@ -66,6 +66,14 @@ a GitHub Action workflow that will automatically publish the changes to the webs
 
 ## How to test your documentation changes?
 
+### Option 1) Build and view docs with a PR
+
+Pushing docs changes to the ovn-kubernetes/ovn-kubernetes project as a pull request will
+run the job name "[Test and Deploy static content to Pages](https://github.com/ovn-kubernetes/ovn-kubernetes/blob/master/.github/workflows/docs.yml)" which has a step to save the
+docs artifacts. You can download those as a .zip file, extract and view them locally.
+
+### Option 2) Build and serve docs locally
+
 In order to test changes locally to either mkdocs.yml or to files under docs/ folder,
 please follow the instructions below.
 

docs/api-reference/userdefinednetwork-api-spec.md

@@ -65,7 +65,7 @@ Some of the allowed annotations have additional checks; for instance, the IP add
 must match the node's [k8s.ovn.org/node-subnets](https://github.com/ovn-org/ovn-kubernetes/blob/5d56a53df520a085e629cdc71be092afed9c3f0f/go-controller/pkg/util/subnet_annotations.go#L15-L39) networks.
 
 
-## Deployment
+## DaemonSet
 
 In Kind,
 the feature is enabled by default and can be disabled with `--disable-ovnkube-identity` when creating the cluster.\

docs/developer-guide/documentation.md

@@ -0,0 +1 @@
+../../CODE_OF_CONDUCT.md