Skip to content

Commit 71481d1

Browse files
flavio-fernandesflavio-fernandes
committed
Network Segmentation: Add flag to enable the feature in helm
Use helm install \ --set global.enableNetworkSegmentation=true \ --set global.enableMultiNetwork=true in order to enble network segmentation, also known as user defined networks (UDN). Fixes: #5147 Signed-off-by: Flavio Fernandes <[email protected]>
1 parent 760a49c commit 71481d1

File tree

8 files changed

+113
-83
lines changed

8 files changed

+113
-83
lines changed

contrib/kind-helm.sh

Lines changed: 95 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,7 @@ set_default_params() {
2525
export OVN_EMPTY_LB_EVENTS=${OVN_EMPTY_LB_EVENTS:-false}
2626
export KIND_REMOVE_TAINT=${KIND_REMOVE_TAINT:-true}
2727
export ENABLE_MULTI_NET=${ENABLE_MULTI_NET:-false}
28+
export ENABLE_NETWORK_SEGMENTATION=${ENABLE_NETWORK_SEGMENTATION:-false}
2829
export KIND_NUM_WORKER=${KIND_NUM_WORKER:-2}
2930
export KIND_CLUSTER_NAME=${KIND_CLUSTER_NAME:-ovn}
3031
export OVN_IMAGE=${OVN_IMAGE:-'ghcr.io/ovn-kubernetes/ovn-kubernetes/ovn-kube-ubuntu:helm'}
@@ -95,100 +96,104 @@ usage() {
9596
echo " [ -pl | --install-cni-plugins ]"
9697
echo " [ -ikv | --install-kubevirt ]"
9798
echo " [ -mne | --multi-network-enable ]"
99+
echo " [ -nse | --network-segmentation-enable ]"
98100
echo " [ -wk | --num-workers <num> ]"
99101
echo " [ -ic | --enable-interconnect]"
100102
echo " [ -npz | --node-per-zone ]"
101103
echo " [ -cn | --cluster-name ]"
102104
echo " [ -h ]"
103105
echo ""
104-
echo "--delete Delete current cluster"
105-
echo "-cf | --config-file Name of the KIND configuration file"
106-
echo "-kt | --keep-taint Do not remove taint components"
107-
echo " DEFAULT: Remove taint components"
108-
echo "-me | --multicast-enabled Enable multicast. DEFAULT: Disabled"
109-
echo "-ho | --hybrid-enabled Enable hybrid overlay. DEFAULT: Disabled"
110-
echo "-obs | --observability Enable observability. DEFAULT: Disabled"
111-
echo "-el | --ovn-empty-lb-events Enable empty-lb-events generation for LB without backends. DEFAULT: Disabled"
112-
echo "-ii | --install-ingress Flag to install Ingress Components."
113-
echo " DEFAULT: Don't install ingress components."
114-
echo "-mlb | --install-metallb Install metallb to test service type LoadBalancer deployments"
115-
echo "-pl | --install-cni-plugins Install CNI plugins"
116-
echo "-ikv | --install-kubevirt Install kubevirt"
117-
echo "-mne | --multi-network-enable Enable multi networks. DEFAULT: Disabled"
118-
echo "-ha | --ha-enabled Enable high availability. DEFAULT: HA Disabled"
119-
echo "-wk | --num-workers Number of worker nodes. DEFAULT: 2 workers"
120-
echo "-cn | --cluster-name Configure the kind cluster's name"
121-
echo "-dns | --enable-dnsnameresolver Enable DNSNameResolver for resolving the DNS names used in the DNS rules of EgressFirewall."
122-
echo "-ic | --enable-interconnect Enable interconnect with each node as a zone (only valid if OVN_HA is false)"
123-
echo "-npz | --nodes-per-zone Specify number of nodes per zone (Default 0, which means global zone; >0 means interconnect zone, where 1 for single-node zone, >1 for multi-node zone). If this value > 1, then (total k8s nodes (workers + 1) / num of nodes per zone) should be zero."
106+
echo "--delete Delete current cluster"
107+
echo "-cf | --config-file Name of the KIND configuration file"
108+
echo "-kt | --keep-taint Do not remove taint components"
109+
echo " DEFAULT: Remove taint components"
110+
echo "-me | --multicast-enabled Enable multicast. DEFAULT: Disabled"
111+
echo "-ho | --hybrid-enabled Enable hybrid overlay. DEFAULT: Disabled"
112+
echo "-obs | --observability Enable observability. DEFAULT: Disabled"
113+
echo "-el | --ovn-empty-lb-events Enable empty-lb-events generation for LB without backends. DEFAULT: Disabled"
114+
echo "-ii | --install-ingress Flag to install Ingress Components."
115+
echo " DEFAULT: Don't install ingress components."
116+
echo "-mlb | --install-metallb Install metallb to test service type LoadBalancer deployments"
117+
echo "-pl | --install-cni-plugins Install CNI plugins"
118+
echo "-ikv | --install-kubevirt Install kubevirt"
119+
echo "-mne | --multi-network-enable Enable multi networks. DEFAULT: Disabled"
120+
echo "-nse | --network-segmentation-enable Enable network segmentation. DEFAULT: Disabled"
121+
echo "-ha | --ha-enabled Enable high availability. DEFAULT: HA Disabled"
122+
echo "-wk | --num-workers Number of worker nodes. DEFAULT: 2 workers"
123+
echo "-cn | --cluster-name Configure the kind cluster's name"
124+
echo "-dns | --enable-dnsnameresolver Enable DNSNameResolver for resolving the DNS names used in the DNS rules of EgressFirewall."
125+
echo "-ic | --enable-interconnect Enable interconnect with each node as a zone (only valid if OVN_HA is false)"
126+
echo "-npz | --nodes-per-zone Specify number of nodes per zone (Default 0, which means global zone; >0 means interconnect zone, where 1 for single-node zone, >1 for multi-node zone). If this value > 1, then (total k8s nodes (workers + 1) / num of nodes per zone) should be zero."
124127
echo ""
125128

126129
}
127130

128131
parse_args() {
129132
while [ "$1" != "" ]; do
130133
case $1 in
131-
--delete ) delete
132-
exit
133-
;;
134-
-cf | --config-file ) shift
135-
if test ! -f "$1"; then
136-
echo "$1 does not exist"
137-
usage
138-
exit 1
139-
fi
140-
KIND_CONFIG=$1
141-
;;
142-
-kt | --keep-taint ) KIND_REMOVE_TAINT=false
143-
;;
144-
-me | --multicast-enabled) OVN_MULTICAST_ENABLE=true
145-
;;
146-
-ho | --hybrid-enabled ) OVN_HYBRID_OVERLAY_ENABLE=true
147-
;;
148-
-obs | --observability ) OVN_OBSERV_ENABLE=true
149-
;;
150-
-el | --ovn-empty-lb-events ) OVN_EMPTY_LB_EVENTS=true
151-
;;
152-
-ii | --install-ingress ) KIND_INSTALL_INGRESS=true
153-
;;
154-
-mlb | --install-metallb ) KIND_INSTALL_METALLB=true
155-
;;
156-
-pl | --install-cni-plugins ) KIND_INSTALL_PLUGINS=true
157-
;;
158-
-ikv | --install-kubevirt) KIND_INSTALL_KUBEVIRT=true
159-
;;
160-
-mne | --multi-network-enable ) ENABLE_MULTI_NET=true
161-
;;
162-
-ha | --ha-enabled ) OVN_HA=true
163-
KIND_NUM_MASTER=3
164-
;;
165-
-wk | --num-workers ) shift
166-
if ! [[ "$1" =~ ^[0-9]+$ ]]; then
167-
echo "Invalid num-workers: $1"
168-
usage
169-
exit 1
170-
fi
171-
KIND_NUM_WORKER=$1
172-
;;
173-
-cn | --cluster-name ) shift
174-
KIND_CLUSTER_NAME=$1
175-
# Setup KUBECONFIG
176-
set_default_params
177-
;;
178-
-dns | --enable-dnsnameresolver ) OVN_ENABLE_DNSNAMERESOLVER=true
179-
;;
180-
-ic | --enable-interconnect ) OVN_ENABLE_INTERCONNECT=true
181-
;;
182-
-npz | --nodes-per-zone ) shift
183-
if ! [[ "$1" =~ ^[0-9]+$ ]]; then
184-
echo "Invalid num-nodes-per-zone: $1"
185-
usage
186-
exit 1
187-
fi
188-
KIND_NUM_NODES_PER_ZONE=$1
189-
;;
190-
* ) usage
191-
exit 1
134+
--delete ) delete
135+
exit
136+
;;
137+
-cf | --config-file ) shift
138+
if test ! -f "$1"; then
139+
echo "$1 does not exist"
140+
usage
141+
exit 1
142+
fi
143+
KIND_CONFIG=$1
144+
;;
145+
-kt | --keep-taint ) KIND_REMOVE_TAINT=false
146+
;;
147+
-me | --multicast-enabled) OVN_MULTICAST_ENABLE=true
148+
;;
149+
-ho | --hybrid-enabled ) OVN_HYBRID_OVERLAY_ENABLE=true
150+
;;
151+
-obs | --observability ) OVN_OBSERV_ENABLE=true
152+
;;
153+
-el | --ovn-empty-lb-events ) OVN_EMPTY_LB_EVENTS=true
154+
;;
155+
-ii | --install-ingress ) KIND_INSTALL_INGRESS=true
156+
;;
157+
-mlb | --install-metallb ) KIND_INSTALL_METALLB=true
158+
;;
159+
-pl | --install-cni-plugins ) KIND_INSTALL_PLUGINS=true
160+
;;
161+
-ikv | --install-kubevirt) KIND_INSTALL_KUBEVIRT=true
162+
;;
163+
-mne | --multi-network-enable ) ENABLE_MULTI_NET=true
164+
;;
165+
-nse | --network-segmentation-enable) ENABLE_NETWORK_SEGMENTATION=true
166+
;;
167+
-ha | --ha-enabled ) OVN_HA=true
168+
KIND_NUM_MASTER=3
169+
;;
170+
-wk | --num-workers ) shift
171+
if ! [[ "$1" =~ ^[0-9]+$ ]]; then
172+
echo "Invalid num-workers: $1"
173+
usage
174+
exit 1
175+
fi
176+
KIND_NUM_WORKER=$1
177+
;;
178+
-cn | --cluster-name ) shift
179+
KIND_CLUSTER_NAME=$1
180+
# Setup KUBECONFIG
181+
set_default_params
182+
;;
183+
-dns | --enable-dnsnameresolver ) OVN_ENABLE_DNSNAMERESOLVER=true
184+
;;
185+
-ic | --enable-interconnect ) OVN_ENABLE_INTERCONNECT=true
186+
;;
187+
-npz | --nodes-per-zone ) shift
188+
if ! [[ "$1" =~ ^[0-9]+$ ]]; then
189+
echo "Invalid num-nodes-per-zone: $1"
190+
usage
191+
exit 1
192+
fi
193+
KIND_NUM_NODES_PER_ZONE=$1
194+
;;
195+
* ) usage
196+
exit 1
192197
esac
193198
shift
194199
done
@@ -211,6 +216,7 @@ print_params() {
211216
echo "KIND_CLUSTER_NAME = $KIND_CLUSTER_NAME"
212217
echo "KIND_REMOVE_TAINT = $KIND_REMOVE_TAINT"
213218
echo "ENABLE_MULTI_NET = $ENABLE_MULTI_NET"
219+
echo "ENABLE_NETWORK_SEGMENTATION = $ENABLE_NETWORK_SEGMENTATION"
214220
echo "OVN_IMAGE = $OVN_IMAGE"
215221
echo "KIND_NUM_MASTER = $KIND_NUM_MASTER"
216222
echo "KIND_NUM_WORKER = $KIND_NUM_WORKER"
@@ -391,7 +397,8 @@ create_ovn_kubernetes() {
391397
--set tags.ovnkube-db=$(if [ "${OVN_HA}" == "false" ]; then echo "true"; else echo "false"; fi)"
392398
fi
393399
echo "value_file=${value_file}"
394-
helm install ovn-kubernetes . -f ${value_file} \
400+
cmd=$(cat <<EOF
401+
helm install ovn-kubernetes . -f "${value_file}" \
395402
--set k8sAPIServer=${API_URL} \
396403
--set podNetwork="${NET_CIDR_IPV4}/24" \
397404
--set serviceNetwork=${SVC_CIDR_IPV4} \
@@ -402,11 +409,16 @@ create_ovn_kubernetes() {
402409
--set global.enableAdminNetworkPolicy=true \
403410
--set global.enableMulticast=$(if [ "${OVN_MULTICAST_ENABLE}" == "true" ]; then echo "true"; else echo "false"; fi) \
404411
--set global.enableMultiNetwork=$(if [ "${ENABLE_MULTI_NET}" == "true" ]; then echo "true"; else echo "false"; fi) \
412+
--set global.enableNetworkSegmentation=$(if [ "${ENABLE_NETWORK_SEGMENTATION}" == "true" ]; then echo "true"; else echo "false"; fi) \
405413
--set global.enableHybridOverlay=$(if [ "${OVN_HYBRID_OVERLAY_ENABLE}" == "true" ]; then echo "true"; else echo "false"; fi) \
406414
--set global.enableObservability=$(if [ "${OVN_OBSERV_ENABLE}" == "true" ]; then echo "true"; else echo "false"; fi) \
407-
--set global.emptyLbEvents=$(if [ "${OVN_EMPTY_LB_EVENTS}" == "true" ]; then echo "true"; else echo "false"; fi) \
415+
--set global.emptyLbEvents=$(if [ "${OVN_EMPTY_LB_EVENTS}" == "true" ]; then echo "true"; else echo "false"; fi) \
408416
--set global.enableDNSNameResolver=$(if [ "${OVN_ENABLE_DNSNAMERESOLVER}" == "true" ]; then echo "true"; else echo "false"; fi) \
409417
${ovnkube_db_options}
418+
EOF
419+
)
420+
echo "${cmd}"
421+
eval "${cmd}"
410422
}
411423

412424
delete() {

helm/ovn-kubernetes/README.md

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -333,6 +333,15 @@ false
333333
</td>
334334
<td>Configure to use multiple NetworkAttachmentDefinition CRD feature with ovn-kubernetes</td>
335335
</tr>
336+
<tr>
337+
<td>global.enableNetworkSegmentation</td>
338+
<td>bool</td>
339+
<td><pre lang="json">
340+
false
341+
</pre>
342+
</td>
343+
<td>Configure to use user defined networks (UDN) feature with ovn-kubernetes</td>
344+
</tr>
336345
<tr>
337346
<td>global.enableMulticast</td>
338347
<td>string</td>

helm/ovn-kubernetes/crds/k8s.ovn.org_clusteruserdefinednetworks.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
../../../dist/templates/k8s.ovn.org_clusteruserdefinednetworks.yaml.j2

helm/ovn-kubernetes/crds/k8s.ovn.org_routeadvertisements.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
../../../dist/templates/k8s.ovn.org_routeadvertisements.yaml.j2

helm/ovn-kubernetes/crds/k8s.ovn.org_userdefinednetworks.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
../../../dist/templates/k8s.ovn.org_userdefinednetworks.yaml.j2

helm/ovn-kubernetes/values-multi-node-zone.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,8 @@ global:
7272
enableMulticast: ""
7373
# -- Configure to use multiple NetworkAttachmentDefinition CRD feature with ovn-kubernetes
7474
enableMultiNetwork: false
75+
# -- Configure to use user defined networks (UDN) feature with ovn-kubernetes
76+
enableNetworkSegmentation: false
7577
# -- Configure to enable IPsec
7678
enableIpsec: false
7779
# -- Use SSL transport to NB/SB db and northd

helm/ovn-kubernetes/values-no-ic.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -66,6 +66,8 @@ global:
6666
enableMulticast: ""
6767
# -- Configure to use multiple NetworkAttachmentDefinition CRD feature with ovn-kubernetes
6868
enableMultiNetwork: false
69+
# -- Configure to use user defined networks (UDN) feature with ovn-kubernetes
70+
enableNetworkSegmentation: false
6971
# -- Configure to enable IPsec
7072
enableIpsec: false
7173
# -- Use SSL transport to NB/SB db and northd

helm/ovn-kubernetes/values-single-node-zone.yaml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -72,6 +72,8 @@ global:
7272
enableMulticast: ""
7373
# -- Configure to use multiple NetworkAttachmentDefinition CRD feature with ovn-kubernetes
7474
enableMultiNetwork: false
75+
# -- Configure to use user defined networks (UDN) feature with ovn-kubernetes
76+
enableNetworkSegmentation: false
7577
# -- Configure to enable IPsec
7678
enableIpsec: false
7779
# -- Use SSL transport to NB/SB db and northd

0 commit comments

Comments
 (0)