Merge pull request #5010 from ormergi/cudn-localnet

crds,cudn: Support localnet topology

Author: trozet

dist/templates/k8s.ovn.org_clusteruserdefinednetworks.yaml.j2

@@ -51,7 +51,7 @@ spec:
                         description: |-
                           Lifecycle controls IP addresses management lifecycle.
 
-                          The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an
+                          The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
                           `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
                           Only supported when mode is `Enabled`.
                         enum:
@@ -155,7 +155,7 @@ spec:
                 - message: JoinSubnets is only supported for Primary network
                   rule: '!has(self.joinSubnets) || has(self.role) && self.role ==
                     ''Primary'''
-                - message: MTU should be greater than or equal to 1280 when IPv6 subent
+                - message: MTU should be greater than or equal to 1280 when IPv6 subnet
                     is used
                   rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
                     isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
@@ -255,7 +255,7 @@ spec:
                 - message: JoinSubnets is only supported for Primary network
                   rule: '!has(self.joinSubnets) || has(self.role) && self.role ==
                     ''Primary'''
-                - message: MTU should be greater than or equal to 1280 when IPv6 subent
+                - message: MTU should be greater than or equal to 1280 when IPv6 subnet
                     is used
                   rule: '!has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
                     isCIDR(i.cidr) && cidr(i.cidr).ip().family() == 6) || self.mtu

dist/templates/k8s.ovn.org_userdefinednetworks.yaml.j2

@@ -13,6 +13,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	ovncnitypes "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/cni/types"
+	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config"
 	userdefinednetworkv1 "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/userdefinednetwork/v1"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/util"
@@ -31,6 +32,7 @@ type SpecGetter interface {
 	GetTopology() userdefinednetworkv1.NetworkTopology
 	GetLayer3() *userdefinednetworkv1.Layer3Config
 	GetLayer2() *userdefinednetworkv1.Layer2Config
+	GetLocalnet() *userdefinednetworkv1.LocalnetConfig
 }
 
 func RenderNetAttachDefManifest(obj client.Object, targetNamespace string) (*netv1.NetworkAttachmentDefinition, error) {
@@ -109,7 +111,8 @@ func renderNADLabels(obj client.Object) map[string]string {
 
 func validateTopology(spec SpecGetter) error {
 	if spec.GetTopology() == userdefinednetworkv1.NetworkTopologyLayer3 && spec.GetLayer3() == nil ||
-		spec.GetTopology() == userdefinednetworkv1.NetworkTopologyLayer2 && spec.GetLayer2() == nil {
+		spec.GetTopology() == userdefinednetworkv1.NetworkTopologyLayer2 && spec.GetLayer2() == nil ||
+		spec.GetTopology() == userdefinednetworkv1.NetworkTopologyLocalnet && spec.GetLocalnet() == nil {
 		return fmt.Errorf("topology %[1]s is specified but %[1]s config is nil", spec.GetTopology())
 	}
 	return nil
@@ -138,17 +141,30 @@ func renderCNINetworkConfig(networkName, nadName string, spec SpecGetter) (map[s
 		if err := validateIPAM(cfg.IPAM); err != nil {
 			return nil, err
 		}
-		netConfSpec.Role = strings.ToLower(string(cfg.Role))
-		netConfSpec.MTU = int(cfg.MTU)
-		netConfSpec.AllowPersistentIPs = cfg.IPAM != nil && cfg.IPAM.Lifecycle == userdefinednetworkv1.IPAMLifecyclePersistent
 		if ipamEnabled(cfg.IPAM) && len(cfg.Subnets) == 0 {
 			return nil, fmt.Errorf("subnets is required with ipam.mode is Enabled or unset")
 		}
 		if !ipamEnabled(cfg.IPAM) && len(cfg.Subnets) > 0 {
 			return nil, fmt.Errorf("subnets must be unset when ipam.mode is Disabled")
 		}
+
+		netConfSpec.Role = strings.ToLower(string(cfg.Role))
+		netConfSpec.MTU = int(cfg.MTU)
+		netConfSpec.AllowPersistentIPs = cfg.IPAM != nil && cfg.IPAM.Lifecycle == userdefinednetworkv1.IPAMLifecyclePersistent
 		netConfSpec.Subnets = cidrString(cfg.Subnets)
 		netConfSpec.JoinSubnet = cidrString(renderJoinSubnets(cfg.Role, cfg.JoinSubnets))
+	case userdefinednetworkv1.NetworkTopologyLocalnet:
+		cfg := spec.GetLocalnet()
+		netConfSpec.Role = strings.ToLower(string(cfg.Role))
+		netConfSpec.MTU = localnetMTU(cfg.MTU)
+		netConfSpec.AllowPersistentIPs = cfg.IPAM != nil && cfg.IPAM.Lifecycle == userdefinednetworkv1.IPAMLifecyclePersistent
+		netConfSpec.Subnets = cidrString(cfg.Subnets)
+		netConfSpec.ExcludeSubnets = cidrString(cfg.ExcludeSubnets)
+		netConfSpec.PhysicalNetworkName = cfg.PhysicalNetworkName
+
+		if cfg.VLAN != nil && cfg.VLAN.Access != nil {
+			netConfSpec.VLANID = int(cfg.VLAN.Access.ID)
+		}
 	}
 
 	if err := util.ValidateNetConf(nadName, netConfSpec); err != nil {
@@ -184,10 +200,29 @@ func renderCNINetworkConfig(networkName, nadName string, spec SpecGetter) (map[s
 	if netConfSpec.AllowPersistentIPs {
 		cniNetConf["allowPersistentIPs"] = netConfSpec.AllowPersistentIPs
 	}
-
+	if netConfSpec.PhysicalNetworkName != "" {
+		cniNetConf["physicalNetworkName"] = netConfSpec.PhysicalNetworkName
+	}
+	if len(netConfSpec.ExcludeSubnets) > 0 {
+		cniNetConf["excludeSubnets"] = netConfSpec.ExcludeSubnets
+	}
+	if netConfSpec.VLANID != 0 {
+		cniNetConf["vlanID"] = netConfSpec.VLANID
+	}
 	return cniNetConf, nil
 }
 
+func localnetMTU(desiredMTU int32) int {
+	// The MTU for localnet topology should be as the default MTU (1500) because the underlay
+	// is not part of the SDN and compensating for the SDN overhead (100) is not required.
+	mtu := config.Default.MTU + 100
+	if desiredMTU > 0 {
+		mtu = int(desiredMTU)
+	}
+
+	return mtu
+}
+
 func ipamEnabled(ipam *userdefinednetworkv1.IPAMConfig) bool {
 	return ipam == nil || ipam.Mode == "" || ipam.Mode == userdefinednetworkv1.IPAMEnabled
 }

docs/api-reference/userdefinednetwork-api-spec.md

@@ -169,7 +169,7 @@ var _ = Describe("NetAttachDefTemplate", func() {
 		),
 	)
 
-	DescribeTable("should fail to render NAD, given",
+	DescribeTable("should fail to render NAD manifest, given",
 		func(obj client.Object) {
 			_, err := RenderNetAttachDefManifest(obj, "test")
 			Expect(err).To(HaveOccurred())
@@ -223,10 +223,35 @@ var _ = Describe("NetAttachDefTemplate", func() {
 			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
 				Topology: udnv1.NetworkTopologyLayer2, Layer3: &udnv1.Layer3Config{}}}},
 		),
+		Entry("CUDN, invalid topology: topology layer2 & localnet config",
+			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLayer2, Localnet: &udnv1.LocalnetConfig{}}}},
+		),
 		Entry("CUDN, invalid topology: topology layer3 & layer2 config",
 			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
 				Topology: udnv1.NetworkTopologyLayer3, Layer2: &udnv1.Layer2Config{}}}},
 		),
+		Entry("CUDN, invalid topology: topology layer3 & localnet config",
+			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLayer3, Localnet: &udnv1.LocalnetConfig{}}}},
+		),
+		Entry("CUDN, invalid topology: topology localnet & layer2 config",
+			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLocalnet, Layer2: &udnv1.Layer2Config{}}}},
+		),
+		Entry("CUDN, invalid topology: topology localnet & layer3 config",
+			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLocalnet, Layer3: &udnv1.Layer3Config{}}}},
+		),
+		Entry("CUDN, localnet: excludeSubnets not in range of subnets",
+			&udnv1.ClusterUserDefinedNetwork{Spec: udnv1.ClusterUserDefinedNetworkSpec{Network: udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLocalnet,
+				Localnet: &udnv1.LocalnetConfig{Role: udnv1.NetworkRoleSecondary, PhysicalNetworkName: "localnet1",
+					Subnets:        udnv1.DualStackCIDRs{"192.168.0.0/16", "2001:dbb::/64"},
+					ExcludeSubnets: []udnv1.CIDR{"192.200.0.0/30", "2001:aaa::/127", "192.300.0.1/32", "2001:bbb::1/120"},
+				},
+			}}},
+		),
 	)
 
 	It("should return no error given no UDN", func() {
@@ -492,7 +517,7 @@ var _ = Describe("NetAttachDefTemplate", func() {
 			  "allowPersistentIPs": true
 			}`,
 		),
-		Entry("secondary network",
+		Entry("secondary network, layer2",
 			udnv1.NetworkSpec{
 				Topology: udnv1.NetworkTopologyLayer2,
 				Layer2: &udnv1.Layer2Config{
@@ -516,5 +541,64 @@ var _ = Describe("NetAttachDefTemplate", func() {
 			  "allowPersistentIPs": true
 			}`,
 		),
+		Entry("secondary network, localnet",
+			udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLocalnet,
+				Localnet: &udnv1.LocalnetConfig{
+					Role:                udnv1.NetworkRoleSecondary,
+					PhysicalNetworkName: "mylocalnet1",
+					MTU:                 1600,
+					VLAN:                &udnv1.VLANConfig{Mode: udnv1.VLANModeAccess, Access: &udnv1.AccessVLANConfig{ID: 200}},
+					Subnets:             udnv1.DualStackCIDRs{"192.168.100.0/24", "2001:dbb::/64"},
+					ExcludeSubnets:      []udnv1.CIDR{"192.168.100.1/32", "2001:dbb::0/128"},
+					IPAM: &udnv1.IPAMConfig{
+						Lifecycle: udnv1.IPAMLifecyclePersistent,
+					},
+				},
+			},
+			`{
+			  "cniVersion": "1.0.0",
+			  "type": "ovn-k8s-cni-overlay",
+			  "name": "cluster_udn_test-net",
+			  "netAttachDefName": "mynamespace/test-net",
+			  "role": "secondary",
+			  "topology": "localnet",
+		      "physicalNetworkName": "mylocalnet1",
+			  "subnets": "192.168.100.0/24,2001:dbb::/64",
+              "excludeSubnets": "192.168.100.1/32,2001:dbb::0/128",
+			  "mtu": 1600,
+              "vlanID": 200, 
+			  "allowPersistentIPs": true
+			}`,
+		),
+		Entry("secondary network, localnet, when MTU is unset it should set default MTU",
+			udnv1.NetworkSpec{
+				Topology: udnv1.NetworkTopologyLocalnet,
+				Localnet: &udnv1.LocalnetConfig{
+					Role:                udnv1.NetworkRoleSecondary,
+					PhysicalNetworkName: "mylocalnet1",
+					VLAN:                &udnv1.VLANConfig{Mode: udnv1.VLANModeAccess, Access: &udnv1.AccessVLANConfig{ID: 200}},
+					Subnets:             udnv1.DualStackCIDRs{"192.168.100.0/24", "2001:dbb::/64"},
+					ExcludeSubnets:      []udnv1.CIDR{"192.168.100.1/32", "2001:dbb::0/128"},
+					IPAM: &udnv1.IPAMConfig{
+						Lifecycle: udnv1.IPAMLifecyclePersistent,
+					},
+				},
+			},
+			`{
+			  "cniVersion": "1.0.0",
+			  "type": "ovn-k8s-cni-overlay",
+			  "name": "cluster_udn_test-net",
+			  "netAttachDefName": "mynamespace/test-net",
+			  "role": "secondary",
+			  "topology": "localnet",
+		      "physicalNetworkName": "mylocalnet1",
+			  "subnets": "192.168.100.0/24,2001:dbb::/64",
+              "excludeSubnets": "192.168.100.1/32,2001:dbb::0/128",
+			  "mtu": 1500,
+              "vlanID": 200, 
+			  "allowPersistentIPs": true
+			}`,
+		),
 	)
 })