Clean backport of transit subnets to 4.13

Although transit switch doesn't exsit in 4.13. We need this flag to allow users to customize the value before upgrading to 4.14. Signed-off-by: Peng Liu <[email protected]>
openshift · Jan 14, 2025 · 2e7b000 · 2e7b000
1 parent 0f638a8
commit 2e7b000
Show file tree

Hide file tree

Showing 6 changed files with 254 additions and 1 deletion.
diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go
diff --git a/openapi/openapi.json b/openapi/openapi.json
@@ -23826,6 +23826,24 @@
     "com.github.openshift.api.operator.v1.IPsecConfig": {
       "type": "object"
     },
+    "com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig": {
+      "type": "object",
+      "properties": {
+        "internalTransitSwitchSubnet": {
+          "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value can be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format",
+          "type": "string"
+        }
+      }
+    },
+    "com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig": {
+      "type": "object",
+      "properties": {
+        "internalTransitSwitchSubnet": {
+          "description": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value can be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted",
+          "type": "string"
+        }
+      }
+    },
     "com.github.openshift.api.operator.v1.IngressController": {
       "description": "IngressController describes a managed ingress controller for the cluster. The controller can service OpenShift Route and Kubernetes Ingress resources.\n\nWhen an IngressController is created, a new ingress controller deployment is created to allow external traffic to reach the services that expose Ingress or Route resources. Updating this resource may lead to disruption for public facing network connections as a new ingress controller revision may be rolled out.\n\nhttps://kubernetes.io/docs/concepts/services-networking/ingress-controllers\n\nWhenever possible, sensible defaults for the platform are used. See each field for more details.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).",
       "type": "object",
@@ -25618,6 +25636,14 @@
           "description": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.",
           "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPsecConfig"
         },
+        "ipv4": {
+          "description": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.",
+          "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv4OVNKubernetesConfig"
+        },
+        "ipv6": {
+          "description": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.",
+          "$ref": "#/definitions/com.github.openshift.api.operator.v1.IPv6OVNKubernetesConfig"
+        },
         "mtu": {
           "description": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400",
           "type": "integer",

diff --git a/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/operator/v1/0000_70_cluster-network-operator_01.crd.yaml
@@ -249,6 +249,60 @@ spec:
                         ipsecConfig:
                           description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
                           type: object
+                        ipv4:
+                          description: ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
+                          type: object
+                          properties:
+                            internalTransitSwitchSubnet:
+                              description: internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value can be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format
+                              type: string
+                              maxLength: 18
+                              x-kubernetes-validations:
+                                - rule: self.indexOf('/') == self.lastIndexOf('/')
+                                  message: CIDR format must contain exactly one '/'
+                                - rule: '[int(self.split(''/'')[1])].all(x, x <= 30 && x >= 0)'
+                                  message: subnet must be in the range /0 to /30 inclusive
+                                - rule: self.split('/')[0].split('.').size() == 4
+                                  message: a valid IPv4 address must contain 4 octets
+                                - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != ''0'' && int(x) <= 255 && !x.startsWith(''0''))'
+                                  message: first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255
+                                - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], self.findAll(''[0-9]+'')[3]].all(x, int(x) <= 255 && (x == ''0'' || !x.startsWith(''0'')))'
+                                  message: IP address octets must not contain leading zeros, and must be less or equal to 255
+                        ipv6:
+                          description: ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.
+                          type: object
+                          properties:
+                            internalTransitSwitchSubnet:
+                              description: internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value can be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted
+                              type: string
+                              maxLength: 48
+                              x-kubernetes-validations:
+                                - rule: self.indexOf('/') == self.lastIndexOf('/')
+                                  message: CIDR format must contain exactly one '/'
+                                - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)
+                                  message: subnet must be in the range /0 to /125 inclusive
+                                - rule: self.indexOf('::') == self.lastIndexOf('::')
+                                  message: IPv6 addresses must contain at most one '::' and may only be shortened once
+                                - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() <= 8 : self.split(''/'')[0].split('':'').size() == 8'
+                                  message: a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7
+                                - rule: 'self.split(''/'')[0].split('':'').size() >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) && size(x)<5 ) : true'
+                                  message: each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8
+                                - rule: '!self.contains(''.'')'
+                                  message: IPv6 dual addresses are not permitted, value should not contain `.` characters
                         mtu:
                           description: mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400
                           type: integer