Merge pull request #2676 from openshift/d/s-merge-07-17-2025

OCPBUGS-59248: DownStream Merge [07-17-2025]

Author: openshift-merge-bot[bot]

.github/workflows/test.yml

@@ -38,7 +38,7 @@ jobs:
   # separate job for parallelism
   lint:
     name: Lint
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Check out code
       uses: actions/checkout@v4
@@ -63,7 +63,7 @@ jobs:
 
   build-master:
     name: Build-master
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     # Create a cache for the built master image
     - name: Restore master image cache
@@ -156,7 +156,7 @@ jobs:
 
   build-pr:
     name: Build-PR
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     # Create a cache for the build PR image
     - name: Restore PR image cache
@@ -271,7 +271,7 @@ jobs:
   ovn-upgrade-e2e:
     name: Upgrade OVN from Master to PR branch based image
     if: github.event_name != 'schedule'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 120
     needs:
       - build-master
@@ -319,10 +319,9 @@ jobs:
         sudo rm -rf /usr/local/lib/android/sdk
         sudo apt-get update
         sudo eatmydata apt-get purge --auto-remove -y \
-          azure-cli aspnetcore-* dotnet-* ghc-* firefox \
+          azure-cli firefox \
           google-chrome-stable \
-          llvm-* microsoft-edge-stable mono-* \
-          msbuild mysql-server-core-* php-* php7* \
+          llvm-* microsoft-edge-stable \
           powershell temurin-* zulu-*
         # clean unused packages
         sudo apt-get autoclean
@@ -387,6 +386,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: ovn upgrade
@@ -395,13 +395,15 @@ jobs:
         make -C test upgrade-ovn
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Run E2E shard-conformance
       run: |
         make -C test shard-conformance
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Export kind logs
@@ -419,7 +421,7 @@ jobs:
 
   e2e:
     name: e2e
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     # 30 mins for kind, 180 mins for control-plane tests, 10 minutes for all other steps
     timeout-minutes: 220
     strategy:
@@ -492,7 +494,6 @@ jobs:
       OVN_SECOND_BRIDGE: "${{ matrix.second-bridge == '2br' }}"
       ENABLE_MULTI_NET: "${{ matrix.target == 'multi-homing' || matrix.target == 'kv-live-migration' || matrix.target == 'network-segmentation' || matrix.target == 'tools' || matrix.target == 'multi-homing-helm' || matrix.target == 'traffic-flow-test-only' || matrix.routeadvertisements != '' }}"
       ENABLE_NETWORK_SEGMENTATION: "${{ matrix.target == 'network-segmentation' || matrix.network-segmentation == 'enable-network-segmentation' }}"
-      DISABLE_UDN_HOST_ISOLATION: "true"
       PLATFORM_IPV4_SUPPORT: "${{ matrix.ipfamily == 'IPv4' || matrix.ipfamily == 'dualstack' }}"
       PLATFORM_IPV6_SUPPORT: "${{ matrix.ipfamily == 'IPv6' || matrix.ipfamily == 'dualstack' }}"
       KIND_INSTALL_KUBEVIRT: "${{ matrix.target == 'kv-live-migration' }}"
@@ -523,10 +524,9 @@ jobs:
         sudo rm -rf /usr/local/lib/android/sdk
         sudo apt-get update
         sudo eatmydata apt-get purge --auto-remove -y \
-          azure-cli aspnetcore-* dotnet-* ghc-* firefox \
+          azure-cli firefox \
           google-chrome-stable \
-          llvm-* microsoft-edge-stable mono-* \
-          msbuild mysql-server-core-* php-* php7* \
+          llvm-* microsoft-edge-stable \
           powershell temurin-* zulu-*
         # clean unused packages
         sudo apt-get autoclean
@@ -634,6 +634,7 @@ jobs:
       run: make -C test traffic-flow-tests WHAT="setup"
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Run Tests
@@ -687,6 +688,7 @@ jobs:
         fi
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Export kind logs
@@ -708,7 +710,7 @@ jobs:
   e2e-dual-conversion:
     name: e2e-dual-conversion
     if: github.event_name != 'schedule'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     timeout-minutes: 60
     strategy:
       fail-fast: false
@@ -757,10 +759,9 @@ jobs:
         sudo rm -rf /usr/local/lib/android/sdk
         sudo apt-get update
         sudo eatmydata apt-get purge --auto-remove -y \
-          azure-cli aspnetcore-* dotnet-* ghc-* firefox \
+          azure-cli firefox \
           google-chrome-stable \
-          llvm-* microsoft-edge-stable mono-* \
-          msbuild mysql-server-core-* php-* php7* \
+          llvm-* microsoft-edge-stable \
           powershell temurin-* zulu-*
         # clean unused packages
         sudo apt-get autoclean
@@ -799,20 +800,23 @@ jobs:
         ./contrib/kind-dual-stack-conversion.sh
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Run Dual-Stack Tests
       run: |
         make -C test shard-test WHAT="Networking Granular Checks\|DualStack"
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Run Dual-Stack Control-Plane Tests
       run: |
         make -C test control-plane WHAT="DualStack"
 
     - name: Runner Diagnostics
+      if: always()
       uses: ./.github/actions/diagnostics
 
     - name: Export kind logs

contrib/kind-common

@@ -174,16 +174,16 @@ EOF
   # Override GOBIN until https://github.com/metallb/metallb/issues/2218 is fixed.
   GOBIN="" inv dev-env -n ovn -b frr -p bgp -i "${ip_family}"
 
-  docker network rm -f clientnet
-  docker network create --subnet="${METALLB_CLIENT_NET_SUBNET_IPV4}" ${ipv6_network} --driver bridge clientnet
-  docker network connect clientnet frr
+  $OCI_BIN network rm -f clientnet
+  $OCI_BIN network create --subnet="${METALLB_CLIENT_NET_SUBNET_IPV4}" ${ipv6_network} --driver bridge clientnet
+  $OCI_BIN network connect clientnet frr
   if  [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Enable IPv6 forwarding in FRR
-    docker exec frr sysctl -w net.ipv6.conf.all.forwarding=1
+    $OCI_BIN exec frr sysctl -w net.ipv6.conf.all.forwarding=1
   fi
   # Note: this image let's us use it also for creating load balancer backends that can send big packets
-  docker rm -f lbclient
-  docker run  --cap-add NET_ADMIN --user 0  -d --network clientnet  --rm  --name lbclient  quay.io/itssurya/dev-images:metallb-lbservice
+  $OCI_BIN rm -f lbclient
+  $OCI_BIN run  --cap-add NET_ADMIN --user 0  -d --network clientnet  --rm  --name lbclient  quay.io/itssurya/dev-images:metallb-lbservice
   popd
   delete_metallb_dir
 
@@ -197,18 +197,18 @@ EOF
     kubectl label node "$n" node.kubernetes.io/exclude-from-external-load-balancers-
   done
 
-  kind_network_v4=$(docker inspect -f '{{index .NetworkSettings.Networks "kind" "IPAddress"}}' frr)
+  kind_network_v4=$($OCI_BIN inspect -f '{{.NetworkSettings.Networks.kind.IPAddress}}' frr)
   echo "FRR kind network IPv4: ${kind_network_v4}"
-  kind_network_v6=$(docker inspect -f '{{index .NetworkSettings.Networks "kind" "GlobalIPv6Address"}}' frr)
+  kind_network_v6=$($OCI_BIN inspect -f '{{.NetworkSettings.Networks.kind.GlobalIPv6Address}}' frr)
   echo "FRR kind network IPv6: ${kind_network_v6}"
   local client_network_v4 client_network_v6
-  client_network_v4=$(docker inspect -f '{{index .NetworkSettings.Networks "clientnet" "IPAddress"}}' frr)
+  client_network_v4=$($OCI_BIN inspect -f '{{.NetworkSettings.Networks.clientnet.IPAddress}}' frr)
   echo "FRR client network IPv4: ${client_network_v4}"
-  client_network_v6=$(docker inspect -f '{{index .NetworkSettings.Networks "clientnet" "GlobalIPv6Address"}}' frr)
+  client_network_v6=$($OCI_BIN inspect -f '{{.NetworkSettings.Networks.clientnet.GlobalIPv6Address}}' frr)
   echo "FRR client network IPv6: ${client_network_v6}"
 
   local client_subnets
-  client_subnets=$(docker network inspect clientnet -f '{{range .IPAM.Config}}{{.Subnet}}#{{end}}')
+  client_subnets=$($OCI_BIN network inspect clientnet -f '{{range .IPAM.Config}}{{.Subnet}}#{{end}}')
   echo "${client_subnets}"
   local client_subnets_v4 client_subnets_v6
   client_subnets_v4=$(echo "${client_subnets}" | cut -d '#' -f 1)
@@ -219,21 +219,21 @@ EOF
   KIND_NODES=$(kind_get_nodes)
   for n in ${KIND_NODES}; do
     if [ "$PLATFORM_IPV4_SUPPORT" == true ]; then
-        docker exec "${n}" ip route add "${client_subnets_v4}" via "${kind_network_v4}"
+        $OCI_BIN exec "${n}" ip route add "${client_subnets_v4}" via "${kind_network_v4}"
     fi
     if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
-        docker exec "${n}" ip -6 route add "${client_subnets_v6}" via "${kind_network_v6}"
+        $OCI_BIN exec "${n}" ip -6 route add "${client_subnets_v6}" via "${kind_network_v6}"
     fi
   done
 
   # for now, we only run one test with metalLB load balancer for which this
   # one svcVIP (192.168.10.0/fc00:f853:ccd:e799::) is more than enough since at a time we will only
   # have one load balancer service
   if [ "$PLATFORM_IPV4_SUPPORT" == true ]; then
-    docker exec lbclient ip route add 192.168.10.0 via "${client_network_v4}" dev eth0
+    $OCI_BIN exec lbclient ip route add 192.168.10.0 via "${client_network_v4}" dev eth0
   fi
   if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
-    docker exec lbclient ip -6 route add fc00:f853:ccd:e799:: via "${client_network_v6}" dev eth0
+    $OCI_BIN exec lbclient ip -6 route add fc00:f853:ccd:e799:: via "${client_network_v6}" dev eth0
   fi
   sleep 30
 }
@@ -254,14 +254,14 @@ install_plugins() {
 }
 
 destroy_metallb() {
-  if docker ps --format '{{.Names}}' | grep -Eq '^lbclient$'; then
-      docker stop lbclient
+  if $OCI_BIN ps --format '{{.Names}}' | grep -Eq '^lbclient$'; then
+      $OCI_BIN stop lbclient
   fi
-  if docker ps --format '{{.Names}}' | grep -Eq '^frr$'; then
-      docker stop frr
+  if $OCI_BIN ps --format '{{.Names}}' | grep -Eq '^frr$'; then
+      $OCI_BIN stop frr
   fi
-  if docker network ls --format '{{.Name}}' | grep -q '^clientnet$'; then
-      docker network rm clientnet
+  if $OCI_BIN network ls --format '{{.Name}}' | grep -q '^clientnet$'; then
+      $OCI_BIN network rm clientnet
   fi
   delete_metallb_dir
 }
@@ -708,7 +708,7 @@ deploy_frr_external_container() {
   popd || exit 1
   if  [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Enable IPv6 forwarding in FRR
-    docker exec frr sysctl -w net.ipv6.conf.all.forwarding=1
+    $OCI_BIN exec frr sysctl -w net.ipv6.conf.all.forwarding=1
   fi
 }
 
@@ -735,40 +735,40 @@ deploy_bgp_external_server() {
     ip_family="ipv4"
     ipv6_network=""
   fi
-  docker rm -f bgpserver
-  docker network rm -f bgpnet
-  docker network create --subnet="${BGP_SERVER_NET_SUBNET_IPV4}" ${ipv6_network} --driver bridge bgpnet
-  docker network connect bgpnet frr
-  docker run  --cap-add NET_ADMIN --user 0  -d --network bgpnet  --rm  --name bgpserver -p 8080:8080  registry.k8s.io/e2e-test-images/agnhost:2.45 netexec
+  $OCI_BIN rm -f bgpserver
+  $OCI_BIN network rm -f bgpnet
+  $OCI_BIN network create --subnet="${BGP_SERVER_NET_SUBNET_IPV4}" ${ipv6_network} --driver bridge bgpnet
+  $OCI_BIN network connect bgpnet frr
+  $OCI_BIN run  --cap-add NET_ADMIN --user 0  -d --network bgpnet  --rm  --name bgpserver -p 8080:8080  registry.k8s.io/e2e-test-images/agnhost:2.45 netexec
   # let's make the bgp external server have its default route towards FRR router so that we don't need to add routes during tests back to the pods in the
   # cluster for return traffic
   local bgp_network_frr_v4 bgp_network_frr_v6
-  bgp_network_frr_v4=$($OCI_BIN inspect -f '{{index .NetworkSettings.Networks "bgpnet" "IPAddress"}}' frr)
+  bgp_network_frr_v4=$($OCI_BIN inspect -f '{{.NetworkSettings.Networks.bgpnet.IPAddress}}' frr)
   echo "FRR kind network IPv4: ${bgp_network_frr_v4}"
   $OCI_BIN exec bgpserver ip route replace default via "$bgp_network_frr_v4"
   if  [ "$PLATFORM_IPV6_SUPPORT" == true ] ; then
-    bgp_network_frr_v6=$($OCI_BIN inspect -f '{{index .NetworkSettings.Networks "bgpnet" "GlobalIPv6Address"}}' frr)
+    bgp_network_frr_v6=$($OCI_BIN inspect -f '{{.NetworkSettings.Networks.bgpnet.GlobalIPv6Address}}' frr)
     echo "FRR kind network IPv6: ${bgp_network_frr_v6}"
     $OCI_BIN exec bgpserver ip -6 route replace default via "$bgp_network_frr_v6"
   fi
   # disable the default route to make sure the container only routes accross
   # directly connected or learnt networks (doing this at the very end since
   # docker changes the routing table when a new network is connected)
-  docker exec frr ip route delete default
-  docker exec frr ip route
-  docker exec frr ip -6 route delete default
-  docker exec frr ip -6 route
+  $OCI_BIN exec frr ip route delete default
+  $OCI_BIN exec frr ip route
+  $OCI_BIN exec frr ip -6 route delete default
+  $OCI_BIN exec frr ip -6 route
 }
 
 destroy_bgp() {
-  if docker ps --format '{{.Names}}' | grep -Eq '^bgpserver$'; then
-      docker stop bgpserver
+  if $OCI_BIN ps --format '{{.Names}}' | grep -Eq '^bgpserver$'; then
+      $OCI_BIN stop bgpserver
   fi
-  if docker ps --format '{{.Names}}' | grep -Eq '^frr$'; then
-      docker stop frr
+  if $OCI_BIN ps --format '{{.Names}}' | grep -Eq '^frr$'; then
+      $OCI_BIN stop frr
   fi
-  if docker network ls --format '{{.Name}}' | grep -q '^bgpnet$'; then
-      docker network rm bgpnet
+  if $OCI_BIN network ls --format '{{.Name}}' | grep -q '^bgpnet$'; then
+      $OCI_BIN network rm bgpnet
   fi
 }
 
@@ -807,7 +807,7 @@ install_ffr_k8s() {
 echo "Attempting to reach frr-k8s webhook"
 kind export kubeconfig --name ovn
 while true; do
-docker exec ovn-control-plane curl -ksS --connect-timeout 0.1 https://$(kubectl get svc -n frr-k8s-system frr-k8s-webhook-service -o jsonpath='{.spec.clusterIP}')
+$OCI_BIN exec ovn-control-plane curl -ksS --connect-timeout 0.1 https://$(kubectl get svc -n frr-k8s-system frr-k8s-webhook-service -o jsonpath='{.spec.clusterIP}')
 [ \$? -eq 0 ] && exit 0
 echo "Couldn't reach frr-k8s webhook, trying in 1s..."
 sleep 1s