From 45dd3ba78f061b92773b434fbef25bb6587a9a41 Mon Sep 17 00:00:00 2001 From: Patryk Diak Date: Tue, 15 Jul 2025 13:36:26 +0200 Subject: [PATCH] Layer2 (Cluster) UDN API update Add the new API fields to both CUDN and UDN CRDs behind the PreconfiguredUDNAddresses featuregate.t Signed-off-by: Patryk Diak --- .../ovn-kubernetes/common/001-crd.yaml | 200 ++++++++++++++++++ 1 file changed, 200 insertions(+) diff --git a/bindata/network/ovn-kubernetes/common/001-crd.yaml b/bindata/network/ovn-kubernetes/common/001-crd.yaml index 731602551f..616f3a1d03 100644 --- a/bindata/network/ovn-kubernetes/common/001-crd.yaml +++ b/bindata/network/ovn-kubernetes/common/001-crd.yaml @@ -3209,6 +3209,50 @@ spec: layer2: description: Layer2 is the Layer2 topology configuration. properties: +{{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }} + defaultGatewayIPs: + description: |- + defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology. + + Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed. + This field is only allowed for "Primary" network. + It is not recommended to set this field without explicit need and understanding of the OVN network topology. + When omitted, an IP from network subnet is used. + items: + type: string + x-kubernetes-validations: + - message: IP is invalid + rule: isIP(self) + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-validations: + - message: When 2 IPs are set, they must be from different IP + families + rule: size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) || + ip(self[0]).family() != ip(self[1]).family() + infrastructureSubnets: + description: |- + infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure. + Any IP addresses within these ranges cannot be assigned to workloads. + When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs. + When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs. + When `reservedSubnets` is also specified the CIDRs cannot overlap. + When `defaultGatewayIPs` is also specified the default gateway IPs must belong to one of the CIDRs. + Each item should be in range of the specified CIDR(s) in `subnets`. + The maximum number of entries allowed is 10. + The format should match standard CIDR notation (for example, "10.128.0.0/16"). + This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + items: + maxLength: 43 + type: string + x-kubernetes-validations: + - message: CIDR is invalid + rule: isCIDR(self) + maxItems: 10 + minItems: 1 + type: array +{{- end }} ipam: description: IPAM section contains IPAM-related configuration for the network. @@ -3275,6 +3319,26 @@ spec: maximum: 65536 minimum: 576 type: integer +{{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }} + reservedSubnets: + description: |- + reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation. + reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment. + IPs from these ranges can still be requested through static IP assignment in pod annotations. + Each item should be in range of the specified CIDR(s) in `subnets`. + The maximum number of entries allowed is 25. + The format should match standard CIDR notation (for example, "10.128.0.0/16"). + This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + items: + maxLength: 43 + type: string + x-kubernetes-validations: + - message: CIDR is invalid + rule: isCIDR(self) + maxItems: 25 + minItems: 1 + type: array +{{- end }} role: description: |- Role describes the network role in the pod. @@ -3326,6 +3390,42 @@ spec: is used rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280' +{{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }} + - message: defaultGatewayIPs is only supported for Primary network + rule: '!has(self.defaultGatewayIPs) || has(self.role) && self.role + == ''Primary''' + - message: defaultGatewayIPs must belong to one of the subnets specified + in the subnets field + rule: '!has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, + self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))' + - message: defaultGatewayIPs must be specified for all IP families + rule: '!has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs) + == size(self.subnets)' + - message: reservedSubnets must be unset when subnets is unset + rule: '!has(self.reservedSubnets) || has(self.reservedSubnets) && + has(self.subnets)' + - message: infrastructureSubnets must be unset when subnets is unset + rule: '!has(self.infrastructureSubnets) || has(self.infrastructureSubnets) + && has(self.subnets)' + - message: defaultGatewayIPs have to belong to infrastructureSubnets + rule: '!has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs) + || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet, + cidr(subnet).containsIP(ip)))' + - fieldPath: .reservedSubnets + message: reservedSubnets must be subnetworks of the networks specified + in the subnets field + rule: '!has(self.reservedSubnets) || self.reservedSubnets.all(e, + self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' + - fieldPath: .infrastructureSubnets + message: infrastructureSubnets must be subnetworks of the networks + specified in the subnets field + rule: '!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e, + self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' + - message: infrastructureSubnets and reservedSubnets must not overlap + rule: '!has(self.infrastructureSubnets) || !has(self.reservedSubnets) + || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved, + cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))' +{{- end }} layer3: description: Layer3 is the Layer3 topology configuration. properties: @@ -3619,6 +3719,50 @@ spec: layer2: description: Layer2 is the Layer2 topology configuration. properties: +{{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }} + defaultGatewayIPs: + description: |- + defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology. + + Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed. + This field is only allowed for "Primary" network. + It is not recommended to set this field without explicit need and understanding of the OVN network topology. + When omitted, an IP from network subnet is used. + items: + type: string + x-kubernetes-validations: + - message: IP is invalid + rule: isIP(self) + maxItems: 2 + minItems: 1 + type: array + x-kubernetes-validations: + - message: When 2 IPs are set, they must be from different + IP families + rule: size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) + || ip(self[0]).family() != ip(self[1]).family() + infrastructureSubnets: + description: |- + infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure. + Any IP addresses within these ranges cannot be assigned to workloads. + When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs. + When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs. + When `reservedSubnets` is also specified the CIDRs cannot overlap. + When `defaultGatewayIPs` is also specified the default gateway IPs must belong to one of the CIDRs. + Each item should be in range of the specified CIDR(s) in `subnets`. + The maximum number of entries allowed is 10. + The format should match standard CIDR notation (for example, "10.128.0.0/16"). + This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + items: + maxLength: 43 + type: string + x-kubernetes-validations: + - message: CIDR is invalid + rule: isCIDR(self) + maxItems: 10 + minItems: 1 + type: array +{{- end }} ipam: description: IPAM section contains IPAM-related configuration for the network. @@ -3685,6 +3829,26 @@ spec: maximum: 65536 minimum: 576 type: integer +{{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }} + reservedSubnets: + description: |- + reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation. + reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment. + IPs from these ranges can still be requested through static IP assignment in pod annotations. + Each item should be in range of the specified CIDR(s) in `subnets`. + The maximum number of entries allowed is 25. + The format should match standard CIDR notation (for example, "10.128.0.0/16"). + This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`. + items: + maxLength: 43 + type: string + x-kubernetes-validations: + - message: CIDR is invalid + rule: isCIDR(self) + maxItems: 25 + minItems: 1 + type: array +{{- end }} role: description: |- Role describes the network role in the pod. @@ -3737,6 +3901,42 @@ spec: subnet is used rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i, isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280' +{{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }} + - message: defaultGatewayIPs is only supported for Primary network + rule: '!has(self.defaultGatewayIPs) || has(self.role) && self.role + == ''Primary''' + - message: defaultGatewayIPs must belong to one of the subnets specified + in the subnets field + rule: '!has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip, + self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))' + - message: defaultGatewayIPs must be specified for all IP families + rule: '!has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs) + == size(self.subnets)' + - message: reservedSubnets must be unset when subnets is unset + rule: '!has(self.reservedSubnets) || has(self.reservedSubnets) && + has(self.subnets)' + - message: infrastructureSubnets must be unset when subnets is unset + rule: '!has(self.infrastructureSubnets) || has(self.infrastructureSubnets) + && has(self.subnets)' + - message: defaultGatewayIPs have to belong to infrastructureSubnets + rule: '!has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs) + || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet, + cidr(subnet).containsIP(ip)))' + - fieldPath: .reservedSubnets + message: reservedSubnets must be subnetworks of the networks specified + in the subnets field + rule: '!has(self.reservedSubnets) || self.reservedSubnets.all(e, + self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' + - fieldPath: .infrastructureSubnets + message: infrastructureSubnets must be subnetworks of the networks + specified in the subnets field + rule: '!has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e, + self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))' + - message: infrastructureSubnets and reservedSubnets must not overlap + rule: '!has(self.infrastructureSubnets) || !has(self.reservedSubnets) + || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved, + cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))' +{{- end }} layer3: description: Layer3 is the Layer3 topology configuration. properties: