@@ -3630,7 +3630,7 @@ spec:
36303630 description : |-
36313631 Lifecycle controls IP addresses management lifecycle.
36323632
3633- The only allowed value is Persistent. When set, OVN Kubernetes assigned IP addresses will be persisted in an
3633+ The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
36343634 `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
36353635 Only supported when mode is `Enabled`.
36363636enum :
@@ -3736,7 +3736,7 @@ spec:
37363736 rule : ' !has(self.joinSubnets) || has(self.role) && self.role
37373737 == '' Primary'' '
37383738 - message : MTU should be greater than or equal to 1280 when IPv6
3739- subent is used
3739+ subnet is used
37403740 rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
37413741 isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
37423742 layer3 :
@@ -3837,20 +3837,213 @@ spec:
38373837 rule : ' !has(self.joinSubnets) || has(self.role) && self.role
38383838 == '' Primary'' '
38393839 - message : MTU should be greater than or equal to 1280 when IPv6
3840- subent is used
3840+ subnet is used
38413841 rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
38423842 isCIDR(i.cidr) && cidr(i.cidr).ip().family() == 6) || self.mtu
38433843 >= 1280'
3844+ localnet :
3845+ description : Localnet is the Localnet topology configuration.
3846+ properties :
3847+ excludeSubnets :
3848+ description : |-
3849+ excludeSubnets is a list of CIDRs to be removed from the specified CIDRs in `subnets`.
3850+ The CIDRs in this list must be in range of at least one subnet specified in `subnets`.
3851+ excludeSubnets is optional. When omitted no IP address is excluded and all IP addresses specified in `subnets`
3852+ are subject to assignment.
3853+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3854+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3855+ When `physicalNetworkName` points to OVS bridge mapping of a network with reserved IP addresses
3856+ (which shouldn't be assigned by OVN-Kubernetes), the specified CIDRs will not be assigned. For example:
3857+ Given: `subnets: "10.0.0.0/24"`, `excludeSubnets: "10.0.0.200/30", the following addresses will not be assigned
3858+ to pods: `10.0.0.201`, `10.0.0.202`.
3859+ items :
3860+ maxLength : 43
3861+ type : string
3862+ x-kubernetes-validations :
3863+ - message : CIDR is invalid
3864+ rule : isCIDR(self)
3865+ maxItems : 25
3866+ minItems : 1
3867+ type : array
3868+ ipam :
3869+ description : " ipam configurations for the network.\n ipam is
3870+ optional. When omitted, `subnets` must be specified.\n When
3871+ `ipam.mode` is `Disabled`, `subnets` must be omitted.\n `ipam.mode`
3872+ controls how much of the IP configuration will be managed
3873+ by OVN.\n When `Enabled`, OVN-Kubernetes will apply IP
3874+ configuration to the SDN infra and assign IPs from the selected\n
3875+ \ subnet to the pods.\n When `Disabled`, OVN-Kubernetes
3876+ only assigns MAC addresses, and provides layer2 communication,
3877+ and enables users\n to configure IP addresses on the pods.\n `ipam.lifecycle`
3878+ controls IP addresses management lifecycle.\n When set
3879+ to 'Persistent', the assigned IP addresses will be persisted
3880+ in `ipamclaims.k8s.cni.cncf.io` object.\n\t Useful for
3881+ VMs, IP address will be persistent after restarts and migrations.
3882+ Supported when `ipam.mode` is `Enabled`."
3883+ minProperties : 1
3884+ properties :
3885+ lifecycle :
3886+ description : |-
3887+ Lifecycle controls IP addresses management lifecycle.
3888+
3889+ The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
3890+ `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
3891+ Only supported when mode is `Enabled`.
3892+ enum :
3893+ - Persistent
3894+ type : string
3895+ mode :
3896+ description : |-
3897+ Mode controls how much of the IP configuration will be managed by OVN.
3898+ `Enabled` means OVN-Kubernetes will apply IP configuration to the SDN infrastructure and it will also assign IPs
3899+ from the selected subnet to the individual pods.
3900+ `Disabled` means OVN-Kubernetes will only assign MAC addresses and provide layer 2 communication, letting users
3901+ configure IP addresses for the pods.
3902+ `Disabled` is only available for Secondary networks.
3903+ By disabling IPAM, any Kubernetes features that rely on selecting pods by IP will no longer function
3904+ (such as network policy, services, etc). Additionally, IP port security will also be disabled for interfaces attached to this network.
3905+ Defaults to `Enabled`.
3906+ enum :
3907+ - Enabled
3908+ - Disabled
3909+ type : string
3910+ type : object
3911+ x-kubernetes-validations :
3912+ - message : lifecycle Persistent is only supported when ipam.mode
3913+ is Enabled
3914+ rule : ' !has(self.lifecycle) || self.lifecycle != '' Persistent''
3915+ || !has(self.mode) || self.mode == '' Enabled'' '
3916+ mtu :
3917+ description : |-
3918+ mtu is the maximum transmission unit for a network.
3919+ mtu is optional. When omitted, the configured value in OVN-Kubernetes (defaults to 1500 for localnet topology)
3920+ is used for the network.
3921+ Minimum value for IPv4 subnet is 576, and for IPv6 subnet is 1280.
3922+ Maximum value is 65536.
3923+ In a scenario `physicalNetworkName` points to OVS bridge mapping of a network configured with certain MTU settings,
3924+ this field enables configuring the same MTU on pod interface, having the pod MTU aligned with the network MTU.
3925+ Misaligned MTU across the stack (e.g.: pod has MTU X, node NIC has MTU Y), could result in network disruptions
3926+ and bad performance.
3927+ format : int32
3928+ maximum : 65536
3929+ minimum : 576
3930+ type : integer
3931+ physicalNetworkName :
3932+ description : |-
3933+ physicalNetworkName points to the OVS bridge-mapping's network-name configured in the nodes, required.
3934+ Min length is 1, max length is 253, cannot contain `,` or `:` characters.
3935+ In case OVS bridge-mapping is defined by Kubernetes-nmstate with `NodeNetworkConfigurationPolicy` (NNCP),
3936+ this field should point to the NNCP `spec.desiredState.ovn.bridge-mappings` item's `localnet` value.
3937+ maxLength : 253
3938+ minLength : 1
3939+ type : string
3940+ x-kubernetes-validations :
3941+ - message : physicalNetworkName cannot contain `,` or `:` characters
3942+ rule : self.matches('^[^,:]+$')
3943+ role :
3944+ description : |-
3945+ role describes the network role in the pod, required.
3946+ Controls whether the pod interface will act as primary or secondary.
3947+ Localnet topology supports `Secondary` only.
3948+ The network will be assigned to pods that have the `k8s.v1.cni.cncf.io/networks` annotation in place pointing
3949+ to subject.
3950+ enum :
3951+ - Secondary
3952+ type : string
3953+ subnets :
3954+ description : |-
3955+ subnets is a list of subnets used for pods in this localnet network across the cluster.
3956+ The list may be either 1 IPv4 subnet, 1 IPv6 subnet, or 1 of each IP family.
3957+ When set, OVN-Kubernetes assigns an IP address from the specified CIDRs to the connected pod,
3958+ eliminating the need for manual IP assignment or reliance on an external IPAM service (e.g., a DHCP server).
3959+ subnets is optional. When omitted OVN-Kubernetes won't assign IP address automatically.
3960+ Dual-stack clusters may set 2 subnets (one for each IP family), otherwise only 1 subnet is allowed.
3961+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3962+ This field must be omitted if `ipam.mode` is `Disabled`.
3963+ When physicalNetworkName points to the OVS bridge mapping of a network that provides IPAM services
3964+ (e.g., a DHCP server), ipam.mode should be set to Disabled. This turns off OVN-Kubernetes IPAM and avoids
3965+ conflicts with the existing IPAM services on this localnet network.
3966+ items :
3967+ maxLength : 43
3968+ type : string
3969+ x-kubernetes-validations :
3970+ - message : CIDR is invalid
3971+ rule : isCIDR(self)
3972+ maxItems : 2
3973+ minItems : 1
3974+ type : array
3975+ x-kubernetes-validations :
3976+ - message : When 2 CIDRs are set, they must be from different
3977+ IP families
3978+ rule : size(self) != 2 || !isCIDR(self[0]) || !isCIDR(self[1])
3979+ || cidr(self[0]).ip().family() != cidr(self[1]).ip().family()
3980+ vlan :
3981+ description : |-
3982+ vlan configuration for the network.
3983+ vlan.mode is the VLAN mode.
3984+ When "Access" is set, OVN-Kubernetes configures the network logical switch port in access mode.
3985+ vlan.access is the access VLAN configuration.
3986+ vlan.access.id is the VLAN ID (VID) to be set on the network logical switch port.
3987+ vlan is optional, when omitted the underlying network default VLAN will be used (usually `1`).
3988+ When set, OVN-Kubernetes will apply VLAN configuration to the SDN infra and to the connected pods.
3989+ properties :
3990+ access :
3991+ description : Access is the access VLAN configuration
3992+ properties :
3993+ id :
3994+ description : |-
3995+ id is the VLAN ID (VID) to be set for the network.
3996+ id should be higher than 0 and lower than 4095.
3997+ format : int32
3998+ maximum : 4094
3999+ minimum : 1
4000+ type : integer
4001+ required :
4002+ - id
4003+ type : object
4004+ mode :
4005+ description : |-
4006+ mode describe the network VLAN mode.
4007+ Allowed value is "Access".
4008+ Access sets the network logical switch port in access mode, according to the config.
4009+ enum :
4010+ - Access
4011+ type : string
4012+ required :
4013+ - mode
4014+ type : object
4015+ x-kubernetes-validations :
4016+ - message : vlan access config is required when vlan mode is
4017+ ' Access' , and forbidden otherwise
4018+ rule : ' has(self.mode) && self.mode == '' Access'' ? has(self.access):
4019+ !has(self.access)'
4020+ required :
4021+ - physicalNetworkName
4022+ - role
4023+ type : object
4024+ x-kubernetes-validations :
4025+ - message : Subnets is required with ipam.mode is Enabled or unset,
4026+ and forbidden otherwise
4027+ rule : ' !has(self.ipam) || !has(self.ipam.mode) || self.ipam.mode
4028+ == '' Enabled'' ? has(self.subnets) : !has(self.subnets)'
4029+ - message : excludeSubnets must be unset when subnets is unset
4030+ rule : ' !has(self.excludeSubnets) || has(self.subnets)'
4031+ - message : MTU should be greater than or equal to 1280 when an
4032+ IPv6 subnet is used
4033+ rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
4034+ isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
38444035 topology :
38454036 description : |-
38464037 Topology describes network configuration.
38474038
3848- Allowed values are "Layer3", "Layer2".
4039+ Allowed values are "Layer3", "Layer2" and "Localnet" .
38494040 Layer3 topology creates a layer 2 segment per node, each with a different subnet. Layer 3 routing is used to interconnect node subnets.
38504041 Layer2 topology creates one logical switch shared by all nodes.
4042+ Localnet topology is based on layer 2 topology, but also allows connecting to an existent (configured) physical network to provide north-south traffic to the workloads.
38514043enum :
38524044 - Layer2
38534045 - Layer3
4046+ - Localnet
38544047 type : string
38554048 required :
38564049 - topology
@@ -3864,6 +4057,10 @@ spec:
38644057 otherwise
38654058 rule : ' has(self.topology) && self.topology == '' Layer2'' ? has(self.layer2):
38664059 !has(self.layer2)'
4060+ - message : spec.localnet is required when topology is Localnet and
4061+ forbidden otherwise
4062+ rule : ' has(self.topology) && self.topology == '' Localnet'' ? has(self.localnet):
4063+ !has(self.localnet)'
38674064 - message : Network spec is immutable
38684065 rule : self == oldSelf
38694066 required :
![openshift-merge-bot[bot]](https://avatars.githubusercontent.com/in/412865?v=4&size=40){kind=avatar}
0 commit comments