Skip to content

OCPBUGS-55962: Inter advertised UDN isolation configurable #2569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

OCPBUGS-55962: Inter advertised UDN isolation configurable #2569

wants to merge 1 commit into from
+23 −1

Conversation

pperiyasamy
Copy link
Member

No description provided.

@openshift-ci openshift-ci bot requested review from jcaamano and tssurya May 12, 2025 14:49
@pperiyasamy pperiyasamy force-pushed the inter_udn_isolation-configurable branch from b8124a9 to 2f9dcd9 Compare May 12, 2025 14:52
@pperiyasamy
Copy link
Member Author

/assign @kyrtapz @tssurya @jcaamano @trozet

@pperiyasamy pperiyasamy force-pushed the inter_udn_isolation-configurable branch from 2f9dcd9 to cbf902e Compare May 15, 2025 12:05
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 15, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: pperiyasamy
Once this PR has been reviewed and has the lgtm label, please ask for approval from jcaamano. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pperiyasamy pperiyasamy force-pushed the inter_udn_isolation-configurable branch 2 times, most recently from b8fad75 to b09dee2 Compare May 22, 2025 08:43
@pperiyasamy pperiyasamy changed the title [DNM] Inter advertised UDN isolation configurable OCPBUGS-55962: Inter advertised UDN isolation configurable May 22, 2025
@openshift-ci-robot openshift-ci-robot added the jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. label May 22, 2025
@openshift-ci-robot
Copy link
Contributor

@pperiyasamy: This pull request references Jira Issue OCPBUGS-55962, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.20.0) matches configured target version for branch (4.20.0)
  • bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @zhaozhanqi

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot openshift-ci-robot added the jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. label May 22, 2025
@openshift-ci openshift-ci bot requested a review from zhaozhanqi May 22, 2025 08:46
kyrtapz
kyrtapz reviewed May 22, 2025
View reviewed changes
Copy link
Contributor

@kyrtapz kyrtapz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good overall.
I think you are missing a check in configureAdvertisedNetworkIsolation as well.

go-controller/pkg/util/multi_network.go Outdated
// UDNLooseIsolation allows communication between two advertised UDN networks.
UDNLooseIsolation string = "loose"
// UDNLooseIsolation drops communication between two advertised UDN networks.
UDNSecureIsolation string = "secure"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NIT: I would remove this variable since it is not used anywhere.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

go-controller/pkg/util/multi_network.go Outdated
@@ -1554,3 +1562,10 @@ func ParseNetworkName(networkName string) (udnNamespace, udnName string) {
}
return "", ""
}

// IsLooseUDNIsolation returns true if two UDN networks are not configured to be
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would mention that this regards pod to pod on advertised networks isolation. The host->udn isolation is still in place with this pr.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated the comment.

@pperiyasamy
CARRY: Advertised UDN networks isolation configurable
45d72b1 
The ovnk by default isolates advertised UDN networks isolated from each other,
but there is a requirement to disable isolation so that BGP routing functionality
can be tested between different UDN networks. Hence this commit consumes the
UDN_ISOLATION_MODE env variable and isolation can be determined accordingly.
By default it uses secure mode to isolate the networks and it can be overridden
by CNO via config map.

Signed-off-by: Periyasamy Palanisamy <[email protected]>
@pperiyasamy pperiyasamy force-pushed the inter_udn_isolation-configurable branch from b09dee2 to 45d72b1 Compare May 22, 2025 14:46
@pperiyasamy
Copy link
Member Author

I think you are missing a check in configureAdvertisedNetworkIsolation as well.

ok @kyrtapz, thought it would be no harm having those address sets lying there. but anyway added check now for configureAdvertisedNetworkIsolation and CleanupStaleNetworks.

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 22, 2025

@pperiyasamy: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/okd-scos-e2e-aws-ovn 45d72b1 link false /test okd-scos-e2e-aws-ovn
ci/prow/e2e-aws-ovn-single-node-techpreview 45d72b1 link false /test e2e-aws-ovn-single-node-techpreview
ci/prow/e2e-metal-ipi-ovn-dualstack-bgp-techpreview 45d72b1 link false /test e2e-metal-ipi-ovn-dualstack-bgp-techpreview
ci/prow/e2e-aws-ovn-hypershift-conformance-techpreview 45d72b1 link false /test e2e-aws-ovn-hypershift-conformance-techpreview
ci/prow/4.20-upgrade-from-stable-4.19-e2e-aws-ovn-upgrade 45d72b1 link true /test 4.20-upgrade-from-stable-4.19-e2e-aws-ovn-upgrade
ci/prow/e2e-openstack-ovn 45d72b1 link false /test e2e-openstack-ovn
ci/prow/e2e-aws-ovn-serial 45d72b1 link true /test e2e-aws-ovn-serial
ci/prow/security 45d72b1 link false /test security
ci/prow/e2e-aws-ovn-hypershift-kubevirt 45d72b1 link false /test e2e-aws-ovn-hypershift-kubevirt

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kyrtapz kyrtapz kyrtapz left review comments

@jcaamano jcaamano Awaiting requested review from jcaamano

@tssurya tssurya Awaiting requested review from tssurya

@zhaozhanqi zhaozhanqi Awaiting requested review from zhaozhanqi

Assignees

@tssurya tssurya

@trozet trozet

@jcaamano jcaamano

@kyrtapz kyrtapz

Labels
jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@pperiyasamy @openshift-ci-robot @kyrtapz @tssurya @trozet @jcaamano