Add node IP to HostNetworkNamespace address_set

[asood-rh]

When NoOverlay mode is used for a network, it uses learned route with proto bgp and that sets Node IP as source IP.

10.129.2.0/23 nhid 157 via 192.168.100.100 dev br-ex proto bgp metric 20

So, it is essential to add node IP to HostNetworkNamespace address_set to let host network POD use network-policy while using NoOverlay mode.

📑 Description

This PR is just to pre merge upstream commit with CNO PR openshift/cluster-network-operator#2960 for bug https://redhat.atlassian.net/browse/OCPBUGS-83406

Fixes #

Additional Information for reviewers

✅ Checks

• My code requires changes to the documentation
• if so, I have updated the documentation as required
• My code requires tests
• if so, I have added and/or updated the tests as required
• All the tests have passed in the CI

How to verify it

Summary by CodeRabbit

• Bug Fixes

  • Host‑network namespace address set in NoOverlay mode now includes nodes' primary interface addresses.

• Tests

  • Added a test verifying the host‑network address set contains the node primary IPs when NoOverlay mode is enabled.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro Plus

Run ID: 0faebaed-055b-495c-aac0-4afa2875a458

📥 Commits

Reviewing files that changed from the base of the PR and between fbfc8e9 and 37dd7a4.

📒 Files selected for processing (1)

• go-controller/pkg/ovn/master_test.go

🚧 Files skipped from review as they are similar to previous changes (1)

• go-controller/pkg/ovn/master_test.go

---

Walkthrough

Adds logic to include a node's primary interface IPs (from the node annotation) in host-network-namespace address sets when transport mode is set to NoOverlay; includes a unit test validating the behavior.

Changes

Cohort / File(s)	Summary
Host-namespace IP collection go-controller/pkg/ovn/namespace.go	getHostNamespaceAddressesForNode augmented to, in NoOverlay mode, read the node primary-interface-address annotation via util.GetNodeIfAddrAnnotation, parse IPv4/IPv6 CIDRs, append resulting IPs to the returned list, and surface annotation/parse errors.
Unit test go-controller/pkg/ovn/master_test.go	New Ginkgo test: configures NoOverlay and host-network namespace, creates a Node with primary-ifaddr annotation, and asserts the host-network address_set includes the management/gateway IPs plus the annotated primary IPv4.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 I dug a tunnel through the code tonight,
I found the node's own IP and brought it to light.
In NoOverlay lanes the addresses now play,
A hop, a test, and everything's in array. 🥕✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: adding the node IP to the HostNetworkNamespace address_set. This aligns directly with the code changes that extend the address_set with the node's primary IP in NoOverlay mode.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: asood-rh
Once this PR has been reviewed and has the lgtm label, please assign kyrtapz for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[coderabbitai]

🧹 Nitpick comments (1)

go-controller/pkg/ovn/master_test.go (1)

1885-1888: Consider adding an IPv6 primary-ifaddr assertion in this test.

The production path in getHostNamespaceAddressesForNode now handles both IPv4 and IPv6 primary interface CIDRs, but this case validates only IPv4. Adding a dual-stack variant would lock coverage for both parse branches.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@go-controller/pkg/ovn/master_test.go` around lines 1885 - 1888, Add an IPv6
primary interface address to the test so the getHostNamespaceAddressesForNode
IPv6 branch is exercised: in the same test case where ips is appended with
"192.168.1.10" also append a representative IPv6 primary-ifaddr like "fd00::10"
(or the dual-stack variant used elsewhere) and then call
fakeOvn.asf.EventuallyExpectAddressSetWithAddresses(config.Kubernetes.HostNetworkNamespace,
ips) so the expected addresses include both the IPv4 and IPv6 primary interface
addresses; ensure the ips slice used by the assertion matches the dual-stack
inputs for getHostNamespaceAddressesForNode.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Nitpick comments:
In `@go-controller/pkg/ovn/master_test.go`:
- Around line 1885-1888: Add an IPv6 primary interface address to the test so
the getHostNamespaceAddressesForNode IPv6 branch is exercised: in the same test
case where ips is appended with "192.168.1.10" also append a representative IPv6
primary-ifaddr like "fd00::10" (or the dual-stack variant used elsewhere) and
then call
fakeOvn.asf.EventuallyExpectAddressSetWithAddresses(config.Kubernetes.HostNetworkNamespace,
ips) so the expected addresses include both the IPv4 and IPv6 primary interface
addresses; ensure the ips slice used by the assertion matches the dual-stack
inputs for getHostNamespaceAddressesForNode.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yml

Review profile: CHILL

Plan: Pro Plus

Run ID: 262325c2-c283-4ea4-84f2-0df676bbf958

📥 Commits

Reviewing files that changed from the base of the PR and between 90d101f and fbfc8e9.

📒 Files selected for processing (2)

• go-controller/pkg/ovn/master_test.go
• go-controller/pkg/ovn/namespace.go

[openshift-ci]

@asood-rh: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-azure-ovn-upgrade	37dd7a4	link	true	/test e2e-azure-ovn-upgrade
ci/prow/e2e-aws-ovn-rhcos10-techpreview	37dd7a4	link	false	/test e2e-aws-ovn-rhcos10-techpreview
ci/prow/e2e-metal-ipi-ovn-ipv6	37dd7a4	link	true	/test e2e-metal-ipi-ovn-ipv6
ci/prow/security	37dd7a4	link	false	/test security
ci/prow/e2e-metal-ipi-ovn-dualstack-bgp-local-gw	37dd7a4	link	true	/test e2e-metal-ipi-ovn-dualstack-bgp-local-gw
ci/prow/e2e-gcp-ovn	37dd7a4	link	true	/test e2e-gcp-ovn
ci/prow/e2e-aws-ovn-hypershift	37dd7a4	link	true	/test e2e-aws-ovn-hypershift
ci/prow/e2e-aws-ovn-edge-zones	37dd7a4	link	true	/test e2e-aws-ovn-edge-zones

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.