[wip] test https://github.com/ovn-kubernetes/ovn-kubernetes/pull/6138#3103
Draft
kyrtapz wants to merge 40 commits intoopenshift:masterfrom
Draft
[wip] test https://github.com/ovn-kubernetes/ovn-kubernetes/pull/6138#3103kyrtapz wants to merge 40 commits intoopenshift:masterfrom
kyrtapz wants to merge 40 commits intoopenshift:masterfrom
Conversation
Add comprehensive test coverage for ClusterUserDefinedNetwork BGP route import behavior across different transport modes. This verifies that the route import controller correctly handles pod subnet routes based on the network's transport configuration. Signed-off-by: Arnab Ghosh <arnabghosh89@gmail.com>
Signed-off-by: Surya Seetharaman <suryaseetharaman.9@gmail.com>
…s in Layer3 Topology Co-authored-by: Tim Rozet <trozet@nvidia.com> Signed-off-by: Lei Huang <leih@nvidia.com>
When kubelet deletes a pod, the SR-IOV device plugin can re-allocate the same VF before the old pod's CmdDel completes. The old pod's CmdDel shim then runs concurrently with the new pod's CmdAdd shim on the same representor. On the setup side, move LinkSetUp and LinkSetMTU from setupSriovInterface (and DPU's addRepPort) into ConfigureOVS so they run immediately after add-port. This ensures the representor is only brought up once it is on br-int, closing the window where an old pod's CmdDel del-port could interfere. On the teardown side, reorder deletePort to call LinkSetDown before del-port, eliminate the window where a racing CmdAdd could have its link setup undone. Signed-off-by: Yun Zhou <yunz@nvidia.com>
There's more things we can transform and trim off of pod objects to reduce informer cache size and memory usage. Signed-off-by: Tim Rozet <trozet@nvidia.com>
UpdatePodStatus was updating the entire pod status, including all the container statuses. Although the webhook would protect against overwriting the status, it would still cause us to have to get the pod and retry update again if status had changed. This fix allows us to still use the status subresource, but now we can target only the annotations we want to change with patch operations. The JSON patch checks with a test operation to make sure the value we are operating on is the latest value, and retries if not, preserving the previous behavior of making sure multiple writers do not ovewrite each other. When the patch operation fails due to conflict we will get StatusReasonInvalid instead of StatusReasonConflict. So update the retry mechanism to look for either error for pod anno updates. Signed-off-by: Tim Rozet <trozet@nvidia.com>
Add tests to verify pod2pod, pod2service, host2pod, and host2service connectivity work correctly in no-overlay mode, both before and after OVN pod restarts. Key test scenarios: - Pod-to-pod connectivity across different nodes - Host-to-pod connectivity (using host network pod) - Pod-to-service connectivity via ClusterIP - Host-to-service connectivity via ClusterIP - Verify all connectivity persists after ovnkube-node pod restart - Verify no Geneve overlay traffic is captured (traffic should be direct, not encapsulated) Changes: - Add NoOverlay feature flag for test categorization ovnkube-config ConfigMap - Add netshoot image for tcpdump-based traffic capture - Add helper functions: getTcpdumpOnPhysicalIface, checkConnectivityWithoutOverlay Signed-off-by: zhaozhanqi <zzhao@redhat.com>
Signed-off-by: zhaozhanqi <zzhao@redhat.com>
Signed-off-by: zhaozhanqi <zzhao@redhat.com>
Signed-off-by: Ayushi Chouhan <aychouha@aychouha-thinkpadp1gen4i.bengluru.csb> Addressed the comments Signed-off-by: Ayushi Chouhan <aychouha@aychouha-thinkpadp1gen4i.bengluru.csb>
Signed-off-by: Ayushi Chouhan <aychouha@aychouha-thinkpadp1gen4i.bengluru.csb>
…rage These unit tests ensures overlay networks create interconnect resources for multi-zone connectivity, while no-overlay networks remain clean as they rely on BGP-advertised routes instead. Test coverage: - Add test verifying interconnect resources created properly for CUDN with overlay transport. - Add test verifying interconnect resources are not created for CUDN with NoOverlay transport. Signed-off-by: Arnab Ghosh <arnabghosh89@gmail.com>
Fix the RouteAdvertisements controller to populate the toReceive field with pod subnets from all selected no-overlay networks, not just the currently matched network. - Iterate through all selected networks to collect no-overlay pod subnets - Add unit test verifying CUDN pod subnets are included in toReceive Signed-off-by: Arnab Ghosh <arnabghosh89@gmail.com>
Add transport validation for ClusterUserDefinedNetwork (CUDN) resources with no-overlay and EVPN transports in the UDN controller. This validates that required RouteAdvertisements CRs exist and are accepted, setting the TransportAccepted status condition accordingly. Key changes: - Add RouteAdvertisements notifier to UDN controller - Implement transport validation in transport_validation.go - Set TransportAccepted status condition based on transport type: * Default Transport: Always accepted (default) * NoOverlay/EVPN: Validated against RouteAdvertisements CR - Re-queue CUDNs when RouteAdvertisements changes Status conditions set: - TransportAccepted=True (DefaultTransportAccepted) for Default Transport - TransportAccepted=True (NoOverlayTransportAccepted) when RA is accepted - TransportAccepted=False (NoOverlayRouteAdvertisementsIsMissing) when no RA - TransportAccepted=False (NoOverlayRouteAdvertisementsNotAccepted) when RA not accepted - Similar conditions for EVPN transport Signed-off-by: Arnab Ghosh <arnabghosh89@gmail.com>
Signed-off-by: Jaime Caamaño Ruiz <jcaamano@redhat.com>
Add e2e test for default network with no-overlay mode
evpn: fix wrong use of IPv4 GW address on IPv6 ACL
Redesign UI-Left Sidebar Panel
CNC: Fix typo in CRD description
Trim more information from pod informer cache
Overlay mode cudn
randomCUDNSubnets() excluded four second octets (96, 132, 243, 244) but not 88, so it could generate /20 subnets within podman's default 10.88.0.0/16 network, causing EVPN e2e test failures on hosts with the default podman bridge. Add 88 to the hardcoded exclusion list. Signed-off-by: Matteo Dallaglio <mdallagl@redhat.com>
OKEP-5377: Extend Primary UDN/CUDN to Support Multiple Cluster Subnets in Layer3 Topology
CNI: reorder SR-IOV representor lifecycle to prevent CmdAdd/CmdDel race
This commit extracts container and network operations from provider-specific code into shared abstractions that can be reused across different infrastructure providers (kind, openshift etc.). This creates a base provider that embeds common container operations, reducing code duplication and improving maintainability. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
…neration Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
The commit ded349d used framework.CreateTestingNS which doesn't properly propagate pod-security.kubernetes.io labels to test namespace. This updates to use f.CreateNamespace() which correctly handles label propagation. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
The change replaces explicit NamespacePodSecurityEnforceLevel and NamespacePodSecurityWarnLevel settings with the unified NamespacePodSecurityLevel field that sets all three security levels (enforce, warn, and audit) at once. Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
The following changes are done with this commit: - Move container operations to ops/ops.go with Runner abstraction - Add DirectRunner for local command execution - Extract TestContext to testcontext package with cleanup management - Restructure Engine as a facade with test context integration - Move kind package from internal to public - Replace GetAttachedNetworks() with direct GetNetwork() calls Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
Split Provider and Context interfaces into focused sub-interfaces: - ClusterProvider / ClusterContextProvider - ExternalContainerProvider / ExternalContainerContextProvider Signed-off-by: Periyasamy Palanisamy <pepalani@redhat.com>
Strict check enables kernel-side filtering for netlink dump requests. Signed-off-by: Patryk Diak <pdiak@redhat.com> # Conflicts: # go-controller/pkg/util/net_linux.go
Bump github.com/vishvananda/netlink to consume vishvananda/netlink@72a8cd7 Signed-off-by: Patryk Diak <pdiak@redhat.com>
Signed-off-by: Patryk Diak <pdiak@redhat.com>
openshift-ci
Bot
added
the
do-not-merge/work-in-progress
Contributor
|
Skipping CI for Draft Pull Request. |
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Path: .coderabbit.yml Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kyrtapz The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
Bot
added
the
approved
Contributor
|
/test images |
1 similar comment
Contributor
Author
|
/test images |
Signed-off-by: Patryk Diak <pdiak@redhat.com>
Contributor
Author
|
/test images |
When a UDN controller is recreated, cleanup() deletes pod-selector address sets directly from the NB DB via cleanupPolicyLogicalEntities. However, the shared AddressSetManager retains stale references. When the network is re-created, EnsureAddressSet finds the cached entry and reuses the dead UUID, causing permanent "object not found" errors on SetAddresses. Add AddressSetManager.CleanupForController() which destroys address sets owned by the network. Signed-off-by: Patryk Diak <pdiak@redhat.com>
Contributor
Author
|
/test images |
Contributor
|
@kyrtapz: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
openshift-ci
Bot
added
the
needs-rebase
Contributor
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📑 Description
Fixes #
Additional Information for reviewers
✅ Checks
How to verify it