[wip] Layer2 router upgrade #2778
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
openshift-ci
bot
added
the
do-not-merge/work-in-progress
|
Skipping CI for Draft Pull Request. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kyrtapz The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
Enable tracking used MAC addresses with owner identification. Enabling MAC addresses conflict detection when multiple entities try to use the same address within the same network. The MAC manager will be integrated with cluster-manager's pod-allocator code in follow-up commits. Since pod-allocator run by multiple Goroutines, use Mutex to prevent race conditions on reserve and release MACs. Signed-off-by: Ram Lavi <[email protected]> Co-authored-by: Or Mergi <[email protected]>
Integrate the MAC manager to podAllocator, instantiate the MAC manager on primary L2 networks UDNs with persistentIPs enabled, when EnablePreconfiguredUDNAddresses is enabled. The pod-allocator is instantiated for each network, thus network isolation is maintained. MACs can reused in different UDNs. On pod allocation, record the used MAC address and its owner-id, if already used raise MAC conflict error. Compose the owner-id in the following format: <pod.metadata.namespace>/<metadata.name> E.g: Given pod namespace=blue, name=mypod, owner-id is blue/mypod To allow VM migration scenario, where two pods should use the same MAC, relax MAC conflicts by composing the owner-id from the associated VM name: <pod.metadata.namespace>/<VM name label value> E.g: Given pod namespace=blue, name=virt-launcher-myvm-abc123 VM name=myvm, owner id is "blue/mypod". The VM name is reflected by the "vm.kubevirt.io/name" label In addition, in a scenario of repeated request (same mac & owner) that was already handled, being rollback due to failure (e.g.: pod update failure), do not release the reserved MAC as part of the pod-allocation rollback. MAC addresses release on pod deletion, and initializing the MAC manager on start up will be done in follow-up commits. Signed-off-by: Ram Lavi <[email protected]> Co-authored-by: Or Mergi <[email protected]>
Emit pod event when MAC conflict is detected during pod allocation process. Avoid user-defined network name leak to pod events, as they are visible by non cluster-admin users. Signed-off-by: Or Mergi <[email protected]>
On pod deletion, remove the MAC address used by the pod from the MAC manager store. To allow VM migration scenario, do not release the MAC when there is at least one VM pod that is not in complete state. Resolve the VM pod owner-id by composing the owner-id from the associated VM name. Initializing the MAC manager on start up will be done in follow-up commits. Signed-off-by: Ram Lavi <[email protected]> Co-authored-by: Or Mergi <[email protected]>
Initialize the pod allocator MAC manager MACs of the network GW and management ports, preventing conflicts with new pods requesting those MACs. The MAC manager is instantiated on primary L2 UDNs with persistent IPs enabled, when EnablePreconfiguredUDNAddresses. The network logical switch has GW (.1) and management (.2) ports. Their MAC address is generated from the IP address. Calculate the GW and management MAC addresses from their IP addresses. Signed-off-by: Or Mergi <[email protected]> Co-authored-by: Ram Lavi <[email protected]>
Initialize the pod-allocator MAC manager with MACs of existing pods in the network. Preventing unexpected conflicts in scenarios where the control-plane restarts. The MAC manager is instantiated on primary L2 UDNs with persistent IPs enabled, when EnablePreconfiguredUDNAddresses. VMs can have multiple associated pods with the same MAC address (migration scenario). Allow VM associated pods have the same MAC, by composing the owner-id from the associated VM name. Signed-off-by: Ram Lavi <[email protected]>
Signed-off-by: Or Mergi <[email protected]>
Signed-off-by: Or Mergi <[email protected]>
In a scenario of primary CUDN where multiple NAD exist all with the same spec,
NetworkInfo.GetNADs return multiple NADs of the selected namespaces.
The GetPodNADToNetworkMappingWithActiveNetwork helper, assume the
active-network (NetworkInfo{}) consist of single NAD, and return
the mapping with the first NAD of the active-network it found.
This approach fall short when the given pod is connected to CUDN that span
over multiple namespaces, i.e.: active network consist of multiple NADs.
The helper return inconsistent mapping where the NAD key doesn't match
the pod namespace (NAD of another namespaces).
Chagne the helper to find the active-network matching NAD; the NAD that
reside at the same namespace as the given pod (matching namespace)
Change test to always set an appropriate namespace to the tested pod.
Extend the test suite to allow injecting multiple NADs for the
active-network, and simulating the CUDN use-case.
Signed-off-by: Or Mergi <[email protected]>
Not waiting for `killall` to terminate can cause the Kubevirt console expecter/matcher to incorrectly match the negative case. This occurs because the "Exit 1" string may prematurely appear in the output. Signed-off-by: Enrique Llorente <[email protected]>
…heck udn, primary, layer2: Detect MAC conflicts
kv, e2e: Add --wait to killall
docs: Add instructions for CI failures
|
/test ? |
|
@kyrtapz: The following commands are available to trigger required jobs: The following commands are available to trigger optional jobs: Use In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
/test e2e-metal-ipi-ovn-bgp-virt-dualstack-techpreview |
Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
This subnet is now also used for transit routers in the layer2 topology. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
Make sure it reserves already allocated ids on startup. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
Add transit router info to use for layer2 interconnect. Signed-off-by: Nadia Pinaeva <[email protected]> Co-authored-by: Enrique Llorente <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]> Co-authored-by: Enrique Llorente <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]> Co-authored-by: Enrique Llorente <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]> Co-authored-by: Enrique Llorente <[email protected]>
gateway: Remove old GW router to layer2 switch ports together with stale routes, policies and NATs. layer2_controller: Create an extra switch to transit router link with MAC-only router port. Add fake join subnet IPs to the transit router to switch port. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
It is only triggered on restart now Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
"UDN pod to the same node nodeport service in different UDN network" test used to work on Layer2 UDN for ipv6 because of the SNAT on the GR. Now SNAT was moved to the transit router and works the same way as Layer3 networks. Signed-off-by: Nadia Pinaeva <[email protected]>
Previously default gateway for layer2 was on the GR, so we had to use it's primary joinIP to evaluate expected MAC and LLA, now the default gateway is on the transit router with the first subnet IP. Signed-off-by: Nadia Pinaeva <[email protected]>
cni/NetNS is replaced with github.com/containernetworking/plugins/pkg/ns/NetNS node.ManagementPort was moved to its own package. Signed-off-by: Nadia Pinaeva <[email protected]>
Fix unit tests for the introduced changes. Signed-off-by: Nadia Pinaeva <[email protected]>
Signed-off-by: Nadia Pinaeva <[email protected]>
Co-authored-by: Enrique Llorente <[email protected]> Signed-off-by: Nadia Pinaeva <[email protected]>
After topology upgrade a new default gateway for layer2 VMs will be on the transit router, so we need to remove previously learned MAC. Co-authored-by: Enrique Llorente <[email protected]> Signed-off-by: Nadia Pinaeva <[email protected]>
Add a transitSubnet field similar to joinSubnet to the NetConf, but only set it for Primary Layer2 networks. Set transit subnets for NADs Signed-off-by: Nadia Pinaeva <[email protected]>
|
/test e2e-metal-ipi-ovn-bgp-virt-dualstack-techpreview |
|
/retest |
|
/test e2e-metal-ipi-ovn-dualstack-bgp-local-gw |
|
@kyrtapz: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.