Merge pull request #2588 from pliurh/master

OCPBUGS-56768, OCPBUGS-56769: DownStream Merge [05-28-2025]

Author: openshift-merge-bot[bot]

.github/workflows/test.yml

@@ -282,6 +282,8 @@ jobs:
     env:
       JOB_NAME: "Upgrade-Tests-${{ matrix.gateway-mode }}"
       OVN_HA: "false"
+      PLATFORM_IPV4_SUPPORT: "true"
+      PLATFORM_IPV6_SUPPORT: "false"
       KIND_IPV4_SUPPORT: "true"
       KIND_IPV6_SUPPORT: "false"
       OVN_HYBRID_OVERLAY_ENABLE: "false"
@@ -475,11 +477,11 @@ jobs:
       KIND_INSTALL_METALLB: "${{ matrix.target == 'control-plane' || matrix.target == 'control-plane-helm' || matrix.target == 'network-segmentation' }}"
       OVN_GATEWAY_MODE: "${{ matrix.gateway-mode }}"
       OVN_SECOND_BRIDGE: "${{ matrix.second-bridge == '2br' }}"
-      KIND_IPV4_SUPPORT: "${{ matrix.ipfamily == 'IPv4' || matrix.ipfamily == 'dualstack' }}"
-      KIND_IPV6_SUPPORT: "${{ matrix.ipfamily == 'IPv6' || matrix.ipfamily == 'dualstack' }}"
       ENABLE_MULTI_NET: "${{ matrix.target == 'multi-homing' || matrix.target == 'kv-live-migration' || matrix.target == 'network-segmentation' || matrix.target == 'tools' || matrix.target == 'multi-homing-helm' || matrix.target == 'traffic-flow-test-only' || matrix.routeadvertisements != '' }}"
       ENABLE_NETWORK_SEGMENTATION: "${{ matrix.target == 'network-segmentation' || matrix.network-segmentation == 'enable-network-segmentation' }}"
       DISABLE_UDN_HOST_ISOLATION: "true"
+      PLATFORM_IPV4_SUPPORT: "${{ matrix.ipfamily == 'IPv4' || matrix.ipfamily == 'dualstack' }}"
+      PLATFORM_IPV6_SUPPORT: "${{ matrix.ipfamily == 'IPv6' || matrix.ipfamily == 'dualstack' }}"
       KIND_INSTALL_KUBEVIRT: "${{ matrix.target == 'kv-live-migration' }}"
       OVN_COMPACT_MODE: "${{ matrix.target == 'compact-mode' }}"
       OVN_DUMMY_GATEWAY_BRIDGE: "${{ matrix.target == 'compact-mode' }}"
@@ -551,7 +553,8 @@ jobs:
         echo "GOPATH=$GOPATH" >> $GITHUB_ENV
         echo "$GOPATH/bin" >> $GITHUB_PATH
         if [ $OVN_SECOND_BRIDGE == "true" ]; then
-          echo OVN_TEST_EX_GW_NETWORK=kindexgw >> $GITHUB_ENV
+          # must be "greater" lexigraphically than network "kind", therefore external gateway is named xgw
+          echo OVN_TEST_EX_GW_NETWORK=xgw >> $GITHUB_ENV
           echo OVN_ENABLE_EX_GW_NETWORK_BRIDGE=true >> $GITHUB_ENV
         fi
         if [[ "$JOB_NAME" == *"shard-conformance"* ]] && [ "$ADVERTISE_DEFAULT_NETWORK" == "true" ]; then
@@ -691,8 +694,8 @@ jobs:
     env:
       JOB_NAME: "DualStack-conversion-shared-${{ matrix.ha }}-${{ matrix.interconnect }}"
       OVN_HA: "${{ matrix.ha == 'HA' }}"
-      KIND_IPV4_SUPPORT: "true"
-      KIND_IPV6_SUPPORT: "false"
+      PLATFORM_IPV4_SUPPORT: "true"
+      PLATFORM_IPV6_SUPPORT: "false"
       OVN_HYBRID_OVERLAY_ENABLE: "false"
       OVN_GATEWAY_MODE: "shared"
       OVN_MULTICAST_ENABLE:  "false"

contrib/kind-common

@@ -161,10 +161,10 @@ EOF
   pip install -r dev-env/requirements.txt
 
   local ip_family ipv6_network
-  if [ "$KIND_IPV4_SUPPORT" == true ] && [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV4_SUPPORT" == true ] && [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     ip_family="dual"
     ipv6_network="--ipv6 --subnet=${METALLB_CLIENT_NET_SUBNET_IPV6}"
-  elif  [ "$KIND_IPV6_SUPPORT" == true ]; then
+  elif  [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     ip_family="ipv6"
     ipv6_network="--ipv6 --subnet=${METALLB_CLIENT_NET_SUBNET_IPV6}"
   else
@@ -177,7 +177,7 @@ EOF
   docker network rm -f clientnet
   docker network create --subnet="${METALLB_CLIENT_NET_SUBNET_IPV4}" ${ipv6_network} --driver bridge clientnet
   docker network connect clientnet frr
-  if  [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if  [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Enable IPv6 forwarding in FRR
     docker exec frr sysctl -w net.ipv6.conf.all.forwarding=1
   fi
@@ -218,21 +218,21 @@ EOF
 
   KIND_NODES=$(kind_get_nodes)
   for n in ${KIND_NODES}; do
-    if [ "$KIND_IPV4_SUPPORT" == true ]; then
+    if [ "$PLATFORM_IPV4_SUPPORT" == true ]; then
         docker exec "${n}" ip route add "${client_subnets_v4}" via "${kind_network_v4}"
     fi
-    if [ "$KIND_IPV6_SUPPORT" == true ]; then
+    if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
         docker exec "${n}" ip -6 route add "${client_subnets_v6}" via "${kind_network_v6}"
     fi
   done
 
   # for now, we only run one test with metalLB load balancer for which this
   # one svcVIP (192.168.10.0/fc00:f853:ccd:e799::) is more than enough since at a time we will only
   # have one load balancer service
-  if [ "$KIND_IPV4_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV4_SUPPORT" == true ]; then
     docker exec lbclient ip route add 192.168.10.0 via "${client_network_v4}" dev eth0
   fi
-  if [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     docker exec lbclient ip -6 route add fc00:f853:ccd:e799:: via "${client_network_v6}" dev eth0
   fi
   sleep 30
@@ -284,7 +284,7 @@ delete_metallb_dir() {
 kubectl_wait_pods() {
   # IPv6 cluster seems to take a little longer to come up, so extend the wait time.
   OVN_TIMEOUT=300
-  if [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     OVN_TIMEOUT=480
   fi
 
@@ -450,7 +450,7 @@ install_ipamclaim_crd() {
 
 docker_create_second_disconnected_interface() {
   echo "adding second interfaces to nodes"
-  local bridge_name="${1:-kindexgw}"
+  local bridge_name="${1:-xgw}"
   echo "bridge: $bridge_name"
 
   if [ "${OCI_BIN}" = "podman" ]; then
@@ -688,7 +688,7 @@ deploy_frr_external_container() {
   # Add route reflector client config
   sed -i '/remote-as 64512/a \ neighbor {{ . }} route-reflector-client' frr/frr.conf.tmpl
 
-  if [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Check if IPv6 address-family section exists
     if ! grep -q 'address-family ipv6 unicast' frr/frr.conf.tmpl; then
       # Add IPv6 address-family section if it doesn't exist
@@ -706,7 +706,7 @@ deploy_frr_external_container() {
   fi
   ./demo.sh
   popd || exit 1
-  if  [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if  [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Enable IPv6 forwarding in FRR
     docker exec frr sysctl -w net.ipv6.conf.all.forwarding=1
   fi
@@ -725,10 +725,10 @@ deploy_bgp_external_server() {
   #                                                                            |    ovn-worker2    |    from default pod network)
   #                                                                            ---------------------
   local ip_family ipv6_network
-  if [ "$KIND_IPV4_SUPPORT" == true ] && [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV4_SUPPORT" == true ] && [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     ip_family="dual"
     ipv6_network="--ipv6 --subnet=${BGP_SERVER_NET_SUBNET_IPV6}"
-  elif  [ "$KIND_IPV6_SUPPORT" == true ]; then
+  elif  [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     ip_family="ipv6"
     ipv6_network="--ipv6 --subnet=${BGP_SERVER_NET_SUBNET_IPV6}"
   else
@@ -746,7 +746,7 @@ deploy_bgp_external_server() {
   bgp_network_frr_v4=$($OCI_BIN inspect -f '{{index .NetworkSettings.Networks "bgpnet" "IPAddress"}}' frr)
   echo "FRR kind network IPv4: ${bgp_network_frr_v4}"
   $OCI_BIN exec bgpserver ip route replace default via "$bgp_network_frr_v4"
-  if  [ "$KIND_IPV6_SUPPORT" == true ] ; then
+  if  [ "$PLATFORM_IPV6_SUPPORT" == true ] ; then
     bgp_network_frr_v6=$($OCI_BIN inspect -f '{{index .NetworkSettings.Networks "bgpnet" "GlobalIPv6Address"}}' frr)
     echo "FRR kind network IPv6: ${bgp_network_frr_v6}"
     $OCI_BIN exec bgpserver ip -6 route replace default via "$bgp_network_frr_v6"
@@ -781,7 +781,7 @@ install_ffr_k8s() {
   # Allow receiving the bgp external server's prefix
   sed -i '/mode: filtered/a\            prefixes:\n            - prefix: '"${BGP_SERVER_NET_SUBNET_IPV4}"'' receive_filtered.yaml
   # If IPv6 is enabled, add the IPv6 prefix as well
-  if [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Find all line numbers where the IPv4 prefix is defined
     IPv6_LINE="            - prefix: ${BGP_SERVER_NET_SUBNET_IPV6}"
     # Process each occurrence of the IPv4 prefix
@@ -827,7 +827,7 @@ EOF
       # Get subnet information
       subnet_json=$(kubectl get node $node -o jsonpath='{.metadata.annotations.k8s\.ovn\.org/node-subnets}')
 
-      if [ "$KIND_IPV4_SUPPORT" == true ]; then
+      if [ "$PLATFORM_IPV4_SUPPORT" == true ]; then
         # Extract IPv4 address (first address)
         node_ipv4=$(echo "$node_ips" | awk '{print $1}')
         ipv4_subnet=$(echo "$subnet_json" | jq -r '.default[0]')
@@ -840,7 +840,7 @@ EOF
       fi
 
       # Add IPv6 route if enabled
-      if [ "$KIND_IPV6_SUPPORT" == true ]; then
+      if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
         # Extract IPv6 address (second address, if present)
         node_ipv6=$(echo "$node_ips" | awk '{print $2}')
         ipv6_subnet=$(echo "$subnet_json" | jq -r '.default[1] // empty')

contrib/kind-helm.sh

@@ -80,7 +80,7 @@ set_default_params() {
   fi
 
   # Hard code ipv4 support until IPv6 is implemented
-  export KIND_IPV4_SUPPORT=true
+  export PLATFORM_IPV4_SUPPORT=true
 
   export OVN_ENABLE_DNSNAMERESOLVER=${OVN_ENABLE_DNSNAMERESOLVER:-false}
 }
@@ -248,7 +248,7 @@ check_dependencies() {
     done
 
     # check for currently unsupported features
-    [ "${KIND_IPV6_SUPPORT}" == "true" ] && { &>1 echo "Fatal: KIND_IPV6_SUPPORT support not implemented yet"; exit 1; } ||:
+    [ "${PLATFORM_IPV6_SUPPORT}" == "true" ] && { &>1 echo "Fatal: PLATFORM_IPV6_SUPPORT support not implemented yet"; exit 1; } ||:
 }
 
 helm_prereqs() {

contrib/kind.sh

@@ -220,9 +220,9 @@ parse_args() {
                                                 ;;
             -kt | --keep-taint )                KIND_REMOVE_TAINT=false
                                                 ;;
-            -n4 | --no-ipv4 )                   KIND_IPV4_SUPPORT=false
+            -n4 | --no-ipv4 )                   PLATFORM_IPV4_SUPPORT=false
                                                 ;;
-            -i6 | --ipv6 )                      KIND_IPV6_SUPPORT=true
+            -i6 | --ipv6 )                      PLATFORM_IPV6_SUPPORT=true
                                                 ;;
             -is | --ipsec )                     ENABLE_IPSEC=true
                                                 ;;
@@ -390,8 +390,8 @@ print_params() {
      echo "KIND_DNS_DOMAIN = $KIND_DNS_DOMAIN"
      echo "KIND_CONFIG_FILE = $KIND_CONFIG"
      echo "KIND_REMOVE_TAINT = $KIND_REMOVE_TAINT"
-     echo "KIND_IPV4_SUPPORT = $KIND_IPV4_SUPPORT"
-     echo "KIND_IPV6_SUPPORT = $KIND_IPV6_SUPPORT"
+     echo "PLATFORM_IPV4_SUPPORT = $PLATFORM_IPV4_SUPPORT"
+     echo "PLATFORM_IPV6_SUPPORT = $PLATFORM_IPV6_SUPPORT"
      echo "ENABLE_IPSEC = $ENABLE_IPSEC"
      echo "KIND_ALLOW_SYSTEM_WRITES = $KIND_ALLOW_SYSTEM_WRITES"
      echo "KIND_EXPERIMENTAL_PROVIDER = $KIND_EXPERIMENTAL_PROVIDER"
@@ -556,8 +556,8 @@ set_default_params() {
   KIND_DNS_DOMAIN=${KIND_DNS_DOMAIN:-"cluster.local"}
   KIND_CONFIG=${KIND_CONFIG:-${DIR}/kind.yaml.j2}
   KIND_REMOVE_TAINT=${KIND_REMOVE_TAINT:-true}
-  KIND_IPV4_SUPPORT=${KIND_IPV4_SUPPORT:-true}
-  KIND_IPV6_SUPPORT=${KIND_IPV6_SUPPORT:-false}
+  PLATFORM_IPV4_SUPPORT=${PLATFORM_IPV4_SUPPORT:-true}
+  PLATFORM_IPV6_SUPPORT=${PLATFORM_IPV6_SUPPORT:-false}
   ENABLE_IPSEC=${ENABLE_IPSEC:-false}
   OVN_HYBRID_OVERLAY_ENABLE=${OVN_HYBRID_OVERLAY_ENABLE:-false}
   OVN_DISABLE_SNAT_MULTIPLE_GWS=${OVN_DISABLE_SNAT_MULTIPLE_GWS:-false}
@@ -669,7 +669,7 @@ set_default_params() {
 }
 
 check_ipv6() {
-  if [ "$KIND_IPV6_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     # Collect additional IPv6 data on test environment
     ERROR_FOUND=false
     TMPVAR=$(sysctl net.ipv6.conf.all.forwarding | awk '{print $3}')
@@ -705,23 +705,23 @@ check_ipv6() {
 }
 
 set_cluster_cidr_ip_families() {
-  if [ "$KIND_IPV4_SUPPORT" == true ] && [ "$KIND_IPV6_SUPPORT" == false ]; then
+  if [ "$PLATFORM_IPV4_SUPPORT" == true ] && [ "$PLATFORM_IPV6_SUPPORT" == false ]; then
     IP_FAMILY=""
     NET_CIDR=$NET_CIDR_IPV4
     SVC_CIDR=$SVC_CIDR_IPV4
     echo "IPv4 Only Support: --net-cidr=$NET_CIDR --svc-cidr=$SVC_CIDR"
-  elif [ "$KIND_IPV4_SUPPORT" == false ] && [ "$KIND_IPV6_SUPPORT" == true ]; then
+  elif [ "$PLATFORM_IPV4_SUPPORT" == false ] && [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     IP_FAMILY="ipv6"
     NET_CIDR=$NET_CIDR_IPV6
     SVC_CIDR=$SVC_CIDR_IPV6
     echo "IPv6 Only Support: --net-cidr=$NET_CIDR --svc-cidr=$SVC_CIDR"
-  elif [ "$KIND_IPV4_SUPPORT" == true ] && [ "$KIND_IPV6_SUPPORT" == true ]; then
+  elif [ "$PLATFORM_IPV4_SUPPORT" == true ] && [ "$PLATFORM_IPV6_SUPPORT" == true ]; then
     IP_FAMILY="dual"
     NET_CIDR=$NET_CIDR_IPV4,$NET_CIDR_IPV6
     SVC_CIDR=$SVC_CIDR_IPV4,$SVC_CIDR_IPV6
     echo "Dual Stack Support: --net-cidr=$NET_CIDR --svc-cidr=$SVC_CIDR"
   else
-    echo "Invalid setup. KIND_IPV4_SUPPORT and/or KIND_IPV6_SUPPORT must be true."
+    echo "Invalid setup. PLATFORM_IPV4_SUPPORT and/or PLATFORM_IPV6_SUPPORT must be true."
     exit 1
   fi
 }
@@ -1096,19 +1096,19 @@ docker_create_second_interface() {
   echo "adding second interfaces to nodes"
 
   # Create the network as dual stack, regardless of the type of the deployment. Ignore if already exists.
-  "$OCI_BIN" network create --ipv6 --driver=bridge kindexgw --subnet=172.19.0.0/16 --subnet=fc00:f853:ccd:e798::/64 || true
+  "$OCI_BIN" network create --ipv6 --driver=bridge xgw --subnet=172.19.0.0/16 --subnet=fc00:f853:ccd:e798::/64 || true
 
   KIND_NODES=$(kind get nodes --name "${KIND_CLUSTER_NAME}")
   for n in $KIND_NODES; do
-    "$OCI_BIN" network connect kindexgw "$n"
+    "$OCI_BIN" network connect xgw "$n"
   done
 }
 
 # run_script_in_container should be used when kind.sh is run nested in a container
 # and makes sure the control-plane node is reachable by substituting 127.0.0.1
 # with the control-plane container's IP
 run_script_in_container() {
-  if [ "$KIND_IPV4_SUPPORT" == true ]; then
+  if [ "$PLATFORM_IPV4_SUPPORT" == true ]; then
     local master_ip=$(docker inspect -f '{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' ${KIND_CLUSTER_NAME}-control-plane | head -n 1)
     sed -i -- "s/server: .*/server: https:\/\/$master_ip:6443/g" $KUBECONFIG
   else

docs/ci/ci.md

@@ -160,8 +160,8 @@ export OVN_EMPTY_LB_EVENTS=[true|false]
 export OVN_HA=[true|false]
 export OVN_DISABLE_SNAT_MULTIPLE_GWS=[true|false]
 export OVN_GATEWAY_MODE=["local"|"shared"]
-export KIND_IPV4_SUPPORT=[true|false]
-export KIND_IPV6_SUPPORT=[true|false]
+export PLATFORM_IPV4_SUPPORT=[true|false]
+export PLATFORM_IPV6_SUPPORT=[true|false]
 # not required for the OVN Kind installation script, but export this already for later
 OVN_SECOND_BRIDGE=[true|false]
 ```
@@ -181,8 +181,8 @@ export OVN_EMPTY_LB_EVENTS=true
 export OVN_HA=false
 export OVN_DISABLE_SNAT_MULTIPLE_GWS=false
 export OVN_GATEWAY_MODE="local"
-export KIND_IPV4_SUPPORT=true
-export KIND_IPV6_SUPPORT=false
+export PLATFORM_IPV4_SUPPORT=true
+export PLATFORM_IPV6_SUPPORT=false
 # not required for the OVN Kind installation script, but export this already for later
 export OVN_SECOND_BRIDGE=false
 ```
@@ -353,13 +353,13 @@ ok  	github.com/ovn-org/ovn-kubernetes/test/e2e	12.371s
 ### IPv6 tests
 
 To skip the IPv4 only tests (in a IPv6 only deployment), pass the
-`KIND_IPV6_SUPPORT=true` environmental variable to `make`:
+`PLATFORM_IPV6_SUPPORT=true` environmental variable to `make`:
 
 ```
 $ cd $GOPATH/src/github.com/ovn-org/ovn-kubernetes
 
 $ pushd test
-$ KIND_IPV6_SUPPORT=true make shard-conformance
+$ PLATFORM_IPV6_SUPPORT=true make shard-conformance
 $ popd
 ```
 

docs/installation/launching-ovn-kubernetes-on-kind.md

@@ -324,7 +324,7 @@ $ cd ../dist/images/
 $ make fedora-image
 
 $ cd ../../contrib/
-$ KIND_IPV4_SUPPORT=false KIND_IPV6_SUPPORT=true ./kind.sh
+$ PLATFORM_IPV4_SUPPORT=false PLATFORM_IPV6_SUPPORT=true ./kind.sh
 ```
 
 Once `kind.sh` completes, setup kube config file:
@@ -428,7 +428,7 @@ $ cd ../dist/images/
 $ make fedora-image
 
 $ cd ../../contrib/
-$ KIND_IPV4_SUPPORT=true KIND_IPV6_SUPPORT=true K8S_VERSION=v1.32.3 ./kind.sh
+$ PLATFORM_IPV4_SUPPORT=true PLATFORM_IPV6_SUPPORT=true K8S_VERSION=v1.32.3 ./kind.sh
 ```
 
 Once `kind.sh` completes, setup kube config file: