diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 9511f9ecb040..02ca4059b7c8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -51,6 +51,7 @@ repos: description: Runs `make verify`. entry: make verify language: system + pass_filenames: false stages: [pre-push] require_serial: true - id: make-test @@ -58,6 +59,7 @@ repos: description: Runs `make test`. entry: make test language: system + pass_filenames: false stages: [ pre-push ] exclude: '^vendor/|^hack/tools/vendor/|^api/vendor/' fail_fast: true \ No newline at end of file diff --git a/api/hypershift/v1beta1/operator.go b/api/hypershift/v1beta1/operator.go index c14858d3fa14..5c4160fb257a 100644 --- a/api/hypershift/v1beta1/operator.go +++ b/api/hypershift/v1beta1/operator.go @@ -82,6 +82,8 @@ type ClusterNetworkOperatorSpec struct { // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || has(self.ipv6)", message="ipv6 is immutable once set and cannot be removed" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalJoinSubnet) || (has(self.ipv6) && has(self.ipv6.internalJoinSubnet))", message="ipv6.internalJoinSubnet cannot be removed once set" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))", message="ipv6.internalTransitSwitchSubnet cannot be removed once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)",message="v4InternalSubnet is immutable once set and cannot be removed" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)",message="v6InternalSubnet is immutable once set and cannot be removed" // +kubebuilder:validation:MinProperties=1 type OVNKubernetesConfig struct { // ipv4 allows users to configure IP settings for IPv4 connections. When omitted, @@ -115,6 +117,58 @@ type OVNKubernetesConfig struct { // +kubebuilder:validation:Maximum=9216 // +optional MTU int32 `json:"mtu,omitempty"` + + // v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + // router logical router port (LRP) addresses and masquerade/SNAT traffic within + // the OVN logical topology. It must not overlap with any other subnet being used + // by OpenShift or by the node network. The size of the subnet must be larger than + // the number of nodes. + // This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + // for the join switch that interconnects per-node gateway routers with the cluster + // router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + // internal networks and can be configured independently to avoid overlaps with + // existing network infrastructure. + // Once set, the value is immutable and cannot be modified in subsequent updates. + // The default is 100.64.0.0/16. + // The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + // four decimal octets (0-255) separated by dots, followed by a slash and a prefix + // length. The prefix length must be between 0 and 30 inclusive, and the first + // octet must not be 0. + // The value must be between 9 and 18 characters in length. + // This field is immutable once set. + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:MinLength=9 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v4InternalSubnet is immutable once set" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in a valid IPv4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4 && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + V4InternalSubnet string `json:"v4InternalSubnet,omitempty"` + + // v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + // router logical router port (LRP) addresses and masquerade/SNAT traffic within + // the OVN logical topology. It must not overlap with any other subnet being used + // by OpenShift or by the node network. The size of the subnet must be larger than + // the number of nodes. + // This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + // for the join switch that interconnects per-node gateway routers with the cluster + // router. Both default to fd98::/64 but control different OVN-Kubernetes internal + // networks and can be configured independently to avoid overlaps with existing + // network infrastructure. + // Once set, the value is immutable and cannot be modified in subsequent updates. + // The default is fd98::/64. + // The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + // IPv6 address followed by a slash and a prefix length. The prefix length must + // be between 0 and 125 inclusive. + // The value must be between 4 and 48 characters in length. + // This field is immutable once set. + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:MinLength=4 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v6InternalSubnet is immutable once set" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPv6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + V6InternalSubnet string `json:"v6InternalSubnet,omitempty"` } // OVNIPv4Config contains IPv4-specific configuration options for OVN-Kubernetes. diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml index 4ed2391e13e2..ec878578bd82 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml @@ -3282,6 +3282,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3306,6 +3368,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml index 9185fb00d932..276613512fd7 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml @@ -3273,6 +3273,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3297,6 +3359,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml index 2269797a21d4..c111a539ebde 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml @@ -3273,6 +3273,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3297,6 +3359,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml index 0a1a136fa308..63ce8ae49cf0 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml @@ -3605,6 +3605,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3629,6 +3691,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml index cebc53316acf..3a8bf4aaf010 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml @@ -3745,6 +3745,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3769,6 +3831,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml index 1270fd8cb1fb..3fe253d52502 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml @@ -3736,6 +3736,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3760,6 +3822,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml index f7170ecada7a..738e08e623e2 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml @@ -3273,6 +3273,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3297,6 +3359,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml index fd458cb1f13b..7c30226df0d8 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml @@ -3338,6 +3338,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3362,6 +3424,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml index 461ae7dc7982..52b64931802e 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml @@ -3295,6 +3295,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3319,6 +3381,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml index f741a117e78b..a4cc247c18ae 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml @@ -3291,6 +3291,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3315,6 +3377,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml index 33c70e1bc312..03ee4e9f7bb1 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml @@ -3349,6 +3349,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3373,6 +3435,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml index bdb6610a9248..7c68a92ce8e9 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml @@ -3273,6 +3273,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3297,6 +3359,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml index 517516cd2f4a..b8ff95cd84bf 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml @@ -3313,6 +3313,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3337,6 +3399,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml index 7faf853bd178..e3c89b9609dd 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml @@ -3170,6 +3170,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3194,6 +3256,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml index 927f2b9ffc23..29709065fff0 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml @@ -3161,6 +3161,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3185,6 +3247,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml index ad6e7742c0ec..3b41adadd270 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml @@ -3161,6 +3161,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3185,6 +3247,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml index 1b9da7de5255..928be05cc8b6 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml @@ -3493,6 +3493,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3517,6 +3579,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml index 3cd3503473be..1839c9c409b9 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml @@ -3633,6 +3633,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3657,6 +3719,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml index 9d7a73cb3bf0..5ddb9bba3bbf 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml @@ -3624,6 +3624,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3648,6 +3710,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml index 1527b355549f..25cdee2193ba 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml @@ -3161,6 +3161,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3185,6 +3247,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml index 36a11500968d..4507fc4ec999 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml @@ -3226,6 +3226,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3250,6 +3312,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml index 5ea38844b584..e430dd8d5432 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml @@ -3183,6 +3183,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3207,6 +3269,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml index 9de4ad90ead5..c6af98a8c635 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml @@ -3179,6 +3179,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3203,6 +3265,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml index db3f3840a8c2..de5ad436611a 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml @@ -3237,6 +3237,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3261,6 +3323,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml index c3c0b64fcf23..553b07e49abd 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml @@ -3161,6 +3161,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3185,6 +3247,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml index e52cbe485e19..5a69cea1c336 100644 --- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml +++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml @@ -3201,6 +3201,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3225,6 +3287,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go b/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go index ec04a89fa382..6ebc638e6b9a 100644 --- a/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go +++ b/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go @@ -20,9 +20,11 @@ package v1beta1 // OVNKubernetesConfigApplyConfiguration represents a declarative configuration of the OVNKubernetesConfig type for use // with apply. type OVNKubernetesConfigApplyConfiguration struct { - IPv4 *OVNIPv4ConfigApplyConfiguration `json:"ipv4,omitempty"` - IPv6 *OVNIPv6ConfigApplyConfiguration `json:"ipv6,omitempty"` - MTU *int32 `json:"mtu,omitempty"` + IPv4 *OVNIPv4ConfigApplyConfiguration `json:"ipv4,omitempty"` + IPv6 *OVNIPv6ConfigApplyConfiguration `json:"ipv6,omitempty"` + MTU *int32 `json:"mtu,omitempty"` + V4InternalSubnet *string `json:"v4InternalSubnet,omitempty"` + V6InternalSubnet *string `json:"v6InternalSubnet,omitempty"` } // OVNKubernetesConfigApplyConfiguration constructs a declarative configuration of the OVNKubernetesConfig type for use with @@ -54,3 +56,19 @@ func (b *OVNKubernetesConfigApplyConfiguration) WithMTU(value int32) *OVNKuberne b.MTU = &value return b } + +// WithV4InternalSubnet sets the V4InternalSubnet field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the V4InternalSubnet field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithV4InternalSubnet(value string) *OVNKubernetesConfigApplyConfiguration { + b.V4InternalSubnet = &value + return b +} + +// WithV6InternalSubnet sets the V6InternalSubnet field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the V6InternalSubnet field is set to the value of the last call. +func (b *OVNKubernetesConfigApplyConfiguration) WithV6InternalSubnet(value string) *OVNKubernetesConfigApplyConfiguration { + b.V6InternalSubnet = &value + return b +} diff --git a/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml b/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml index 8c0073612e1f..58f044d52a77 100644 --- a/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml +++ b/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml @@ -579,6 +579,601 @@ tests: type: Route route: {} + # --- v4InternalSubnet validation --- + - name: When v4InternalSubnet is a valid IPv4 CIDR it should pass + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "100.64.0.0/16" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + + - name: When v4InternalSubnet is an IPv6 CIDR it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "fd98::/64" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "Subnet must be in a valid IPv4 CIDR format" + + - name: When v4InternalSubnet has an invalid CIDR format it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "not-a-cidr!!" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "Subnet must be in a valid IPv4 CIDR format" + + - name: When v4InternalSubnet prefix length exceeds /30 it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "10.10.0.0/31" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "subnet must be in the range /0 to /30 inclusive" + + - name: When v4InternalSubnet first octet is 0 it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "0.10.0.0/16" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "first IP address octet must not be 0" + + # --- v6InternalSubnet validation --- + - name: When v6InternalSubnet is a valid IPv6 CIDR it should pass + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v6InternalSubnet: "fd98::/64" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + + - name: When v6InternalSubnet is an IPv4 CIDR it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v6InternalSubnet: "10.10.0.0/16" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "Subnet must be in valid IPv6 CIDR format" + + - name: When v6InternalSubnet prefix length exceeds /125 it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v6InternalSubnet: "fd98::/126" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "subnet must be in the range /0 to /125 inclusive" + + # --- v4/v6InternalSubnet immutability --- + onUpdate: + - name: When v4InternalSubnet is changed on update it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "100.64.0.0/16" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + updated: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "10.10.0.0/16" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "v4InternalSubnet is immutable once set" + + - name: When v6InternalSubnet is changed on update it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v6InternalSubnet: "fd98::/64" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + updated: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v6InternalSubnet: "fd99::/64" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "v6InternalSubnet is immutable once set" + + - name: When v4InternalSubnet is removed on update it should fail + initial: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + v4InternalSubnet: "100.64.0.0/16" + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + updated: | + apiVersion: hypershift.openshift.io/v1beta1 + kind: HostedCluster + spec: + networking: + networkType: OVNKubernetes + operatorConfiguration: + clusterNetworkOperator: + ovnKubernetesConfig: + mtu: 1400 + dns: + baseDomain: example.com + platform: + type: AWS + pullSecret: + name: secret + release: + image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64 + secretEncryption: + aescbc: + activeKey: + name: key + type: aescbc + services: + - service: APIServer + servicePublishingStrategy: + type: Route + route: {} + - service: OAuthServer + servicePublishingStrategy: + type: Route + route: {} + - service: Konnectivity + servicePublishingStrategy: + type: Route + route: {} + - service: Ignition + servicePublishingStrategy: + type: Route + route: {} + expectedError: "v4InternalSubnet is immutable once set and cannot be removed" + - name: When ovnKubernetesConfig is not set and networkType is not OVNKubernetes it should pass initial: | apiVersion: hypershift.openshift.io/v1beta1 diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml index d406b89a759f..49314345ef91 100644 --- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml +++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml @@ -4104,6 +4104,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -4128,6 +4190,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml index bbafc3f882a8..1b5c8f9d2f5f 100644 --- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml +++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml @@ -3774,6 +3774,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3798,6 +3860,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml index 30d17382b0f8..94fea6d2dab1 100644 --- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml +++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml @@ -3975,6 +3975,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3999,6 +4061,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml index 798d4f0664f8..700aefa382ec 100644 --- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml +++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml @@ -3992,6 +3992,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -4016,6 +4078,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml index 5fd583a45ffa..ae537948064d 100644 --- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml +++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml @@ -3662,6 +3662,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3686,6 +3748,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml index 25068f5cf7f6..949dbbfa52e0 100644 --- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml +++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml @@ -3863,6 +3863,68 @@ spec: x-kubernetes-validations: - message: mtu is immutable once set rule: self == oldSelf + v4InternalSubnet: + description: |- + v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + internal networks and can be configured independently to avoid overlaps with + existing network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is 100.64.0.0/16. + The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + four decimal octets (0-255) separated by dots, followed by a slash and a prefix + length. The prefix length must be between 0 and 30 inclusive, and the first + octet must not be 0. + The value must be between 9 and 18 characters in length. + This field is immutable once set. + maxLength: 18 + minLength: 9 + type: string + x-kubernetes-validations: + - message: v4InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in a valid IPv4 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 4 + - message: subnet must be in the range /0 to /30 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 30 + - message: first IP address octet must not be 0 + rule: isCIDR(self) && cidr(self).ip().family() == 4 + && int(self.split('.')[0]) > 0 + v6InternalSubnet: + description: |- + v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + router logical router port (LRP) addresses and masquerade/SNAT traffic within + the OVN logical topology. It must not overlap with any other subnet being used + by OpenShift or by the node network. The size of the subnet must be larger than + the number of nodes. + This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + for the join switch that interconnects per-node gateway routers with the cluster + router. Both default to fd98::/64 but control different OVN-Kubernetes internal + networks and can be configured independently to avoid overlaps with existing + network infrastructure. + Once set, the value is immutable and cannot be modified in subsequent updates. + The default is fd98::/64. + The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + IPv6 address followed by a slash and a prefix length. The prefix length must + be between 0 and 125 inclusive. + The value must be between 4 and 48 characters in length. + This field is immutable once set. + maxLength: 48 + minLength: 4 + type: string + x-kubernetes-validations: + - message: v6InternalSubnet is immutable once set + rule: self == oldSelf + - message: Subnet must be in valid IPv6 CIDR format + rule: isCIDR(self) && cidr(self).ip().family() == 6 + - message: subnet must be in the range /0 to /125 inclusive + rule: isCIDR(self) && cidr(self).prefixLength() <= 125 type: object x-kubernetes-validations: - message: internalJoinSubnet and internalTransitSwitchSubnet @@ -3887,6 +3949,12 @@ spec: once set rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))' + - message: v4InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)' + - message: v6InternalSubnet is immutable once set and cannot + be removed + rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)' type: object x-kubernetes-validations: - message: ovnKubernetesConfig is immutable once set and cannot diff --git a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go index 1d22a3e2d4a5..be583cadc5b8 100644 --- a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go +++ b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go @@ -89,36 +89,7 @@ func ReconcileNetworkOperator(network *operatorv1.Network, networkType hyperv1.N if network.Spec.DefaultNetwork.OVNKubernetesConfig == nil { network.Spec.DefaultNetwork.OVNKubernetesConfig = &operatorv1.OVNKubernetesConfig{} } - ovnCfg := network.Spec.DefaultNetwork.OVNKubernetesConfig - // Apply IPv4 configuration - if ovnConfig.IPv4 != nil { - if ovnCfg.IPv4 == nil { - ovnCfg.IPv4 = &operatorv1.IPv4OVNKubernetesConfig{} - } - if ovnConfig.IPv4.InternalJoinSubnet != "" { - ovnCfg.IPv4.InternalJoinSubnet = ovnConfig.IPv4.InternalJoinSubnet - } - if ovnConfig.IPv4.InternalTransitSwitchSubnet != "" { - ovnCfg.IPv4.InternalTransitSwitchSubnet = ovnConfig.IPv4.InternalTransitSwitchSubnet - } - } - // Apply IPv6 configuration - if ovnConfig.IPv6.InternalJoinSubnet != "" { - if ovnCfg.IPv6 == nil { - ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{} - } - ovnCfg.IPv6.InternalJoinSubnet = ovnConfig.IPv6.InternalJoinSubnet - } - if ovnConfig.IPv6.InternalTransitSwitchSubnet != "" { - if ovnCfg.IPv6 == nil { - ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{} - } - ovnCfg.IPv6.InternalTransitSwitchSubnet = ovnConfig.IPv6.InternalTransitSwitchSubnet - } - // Apply MTU configuration - if ovnConfig.MTU > 0 { - ovnCfg.MTU = ptr.To(uint32(ovnConfig.MTU)) - } + applyOVNConfig(network.Spec.DefaultNetwork.OVNKubernetesConfig, ovnConfig) } // Setting the management state is required in order to create @@ -135,6 +106,48 @@ func ReconcileNetworkOperator(network *operatorv1.Network, networkType hyperv1.N } } +// applyOVNConfig applies user-specified OVN configuration to the network operator config. +// User-specified values take precedence over platform defaults (e.g., KubeVirt's 100.66.0.0/16). +func applyOVNConfig(ovnCfg *operatorv1.OVNKubernetesConfig, ovnConfig *hyperv1.OVNKubernetesConfig) { + // Apply IPv4 configuration + if ovnConfig.IPv4 != nil { + if ovnCfg.IPv4 == nil { + ovnCfg.IPv4 = &operatorv1.IPv4OVNKubernetesConfig{} + } + if ovnConfig.IPv4.InternalJoinSubnet != "" { + ovnCfg.IPv4.InternalJoinSubnet = ovnConfig.IPv4.InternalJoinSubnet + } + if ovnConfig.IPv4.InternalTransitSwitchSubnet != "" { + ovnCfg.IPv4.InternalTransitSwitchSubnet = ovnConfig.IPv4.InternalTransitSwitchSubnet + } + } + // Apply IPv6 configuration + if ovnConfig.IPv6.InternalJoinSubnet != "" { + if ovnCfg.IPv6 == nil { + ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{} + } + ovnCfg.IPv6.InternalJoinSubnet = ovnConfig.IPv6.InternalJoinSubnet + } + if ovnConfig.IPv6.InternalTransitSwitchSubnet != "" { + if ovnCfg.IPv6 == nil { + ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{} + } + ovnCfg.IPv6.InternalTransitSwitchSubnet = ovnConfig.IPv6.InternalTransitSwitchSubnet + } + // Apply MTU configuration + if ovnConfig.MTU > 0 { + ovnCfg.MTU = ptr.To(uint32(ovnConfig.MTU)) + } + // Apply V4InternalSubnet configuration. + if ovnConfig.V4InternalSubnet != "" { + ovnCfg.V4InternalSubnet = ovnConfig.V4InternalSubnet + } + // Apply V6InternalSubnet configuration. + if ovnConfig.V6InternalSubnet != "" { + ovnCfg.V6InternalSubnet = ovnConfig.V6InternalSubnet + } +} + func DetectSuboptimalMTU(ctx context.Context, mgmtClient client.Client, guestNetworkOperator *operatorv1.Network, hcp *hyperv1.HostedControlPlane) error { const recommendedMinMTU = uint32(9000) diff --git a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go index 8222e38dabe4..87ec41c5a1e8 100644 --- a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go +++ b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go @@ -601,6 +601,170 @@ func TestReconcileDefaultIngressController(t *testing.T) { }, }, }, + { + name: "When v4InternalSubnet is specified, it should propagate to network operator", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OVNKubernetes, + inputPlatformType: hyperv1.AWSPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "10.128.0.0/16", + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + DefaultNetwork: operatorv1.DefaultNetworkDefinition{ + OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{ + V4InternalSubnet: "10.128.0.0/16", + }, + }, + }, + }, + }, + { + name: "When v6InternalSubnet is specified, it should propagate to network operator", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OVNKubernetes, + inputPlatformType: hyperv1.AWSPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd99::/64", + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + DefaultNetwork: operatorv1.DefaultNetworkDefinition{ + OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd99::/64", + }, + }, + }, + }, + }, + { + name: "When KubeVirt with OVNKubernetes has user-specified v4InternalSubnet, it should override platform default", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OVNKubernetes, + inputPlatformType: hyperv1.KubevirtPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "10.200.0.0/16", + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + DefaultNetwork: operatorv1.DefaultNetworkDefinition{ + OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{ + GenevePort: &genevePort, + V4InternalSubnet: "10.200.0.0/16", + }, + }, + }, + }, + }, + { + name: "When KubeVirt with OVNKubernetes has user-specified v6InternalSubnet only, it should retain platform defaults and apply V6", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OVNKubernetes, + inputPlatformType: hyperv1.KubevirtPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd99::/64", + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + DefaultNetwork: operatorv1.DefaultNetworkDefinition{ + OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{ + GenevePort: &genevePort, + V4InternalSubnet: v4InternalSubnet, + V6InternalSubnet: "fd99::/64", + }, + }, + }, + }, + }, + { + name: "When v4InternalSubnet is specified with IPv4 subnets and MTU, it should propagate all", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OVNKubernetes, + inputPlatformType: hyperv1.AWSPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + MTU: 8901, + V4InternalSubnet: "10.200.0.0/16", + V6InternalSubnet: "fd99::/64", + IPv4: &hyperv1.OVNIPv4Config{ + InternalJoinSubnet: "192.168.1.0/24", + }, + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + DefaultNetwork: operatorv1.DefaultNetworkDefinition{ + OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{ + MTU: ptr.To(uint32(8901)), + V4InternalSubnet: "10.200.0.0/16", + V6InternalSubnet: "fd99::/64", + IPv4: &operatorv1.IPv4OVNKubernetesConfig{ + InternalJoinSubnet: "192.168.1.0/24", + }, + }, + }, + }, + }, + }, + { + name: "When v4InternalSubnet is specified with non-OVN network type, it should be ignored", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OpenShiftSDN, + inputPlatformType: hyperv1.AWSPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "10.200.0.0/16", + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + }, + }, + }, + { + name: "When v6InternalSubnet is specified with non-OVN network type, it should be ignored", + inputNetwork: NetworkOperator(), + inputNetworkType: hyperv1.OpenShiftSDN, + inputPlatformType: hyperv1.AWSPlatform, + disableMultiNetwork: false, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd99::/64", + }, + expectedNetwork: &operatorv1.Network{ + ObjectMeta: NetworkOperator().ObjectMeta, + Spec: operatorv1.NetworkSpec{ + OperatorSpec: operatorv1.OperatorSpec{ + ManagementState: "Managed", + }, + }, + }, + }, } for _, tc := range testsCases { diff --git a/docs/content/reference/aggregated-docs.md b/docs/content/reference/aggregated-docs.md index c61fb9f9f0fd..7cb221db78cf 100644 --- a/docs/content/reference/aggregated-docs.md +++ b/docs/content/reference/aggregated-docs.md @@ -50333,6 +50333,63 @@ The minimum is 576, which is the minimum IPv4 MTU per RFC 791. This field is immutable once set.

+ + +v4InternalSubnet
+ +string + + + +(Optional) +

v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway +router logical router port (LRP) addresses and masquerade/SNAT traffic within +the OVN logical topology. It must not overlap with any other subnet being used +by OpenShift or by the node network. The size of the subnet must be larger than +the number of nodes. +This field is distinct from ipv4.internalJoinSubnet, which configures the subnet +for the join switch that interconnects per-node gateway routers with the cluster +router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes +internal networks and can be configured independently to avoid overlaps with +existing network infrastructure. +Once set, the value is immutable and cannot be modified in subsequent updates. +The default is 100.64.0.0/16. +The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of +four decimal octets (0-255) separated by dots, followed by a slash and a prefix +length. The prefix length must be between 0 and 30 inclusive, and the first +octet must not be 0. +The value must be between 9 and 18 characters in length. +This field is immutable once set.

+ + + + +v6InternalSubnet
+ +string + + + +(Optional) +

v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway +router logical router port (LRP) addresses and masquerade/SNAT traffic within +the OVN logical topology. It must not overlap with any other subnet being used +by OpenShift or by the node network. The size of the subnet must be larger than +the number of nodes. +This field is distinct from ipv6.internalJoinSubnet, which configures the subnet +for the join switch that interconnects per-node gateway routers with the cluster +router. Both default to fd98::/64 but control different OVN-Kubernetes internal +networks and can be configured independently to avoid overlaps with existing +network infrastructure. +Once set, the value is immutable and cannot be modified in subsequent updates. +The default is fd98::/64. +The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an +IPv6 address followed by a slash and a prefix length. The prefix length must +be between 0 and 125 inclusive. +The value must be between 4 and 48 characters in length. +This field is immutable once set.

+ + ###ObjectEncodingFormat { #hypershift.openshift.io/v1beta1.ObjectEncodingFormat } diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md index fb4fb96c1b20..e1bd8d287954 100644 --- a/docs/content/reference/api.md +++ b/docs/content/reference/api.md @@ -13933,6 +13933,63 @@ The minimum is 576, which is the minimum IPv4 MTU per RFC 791. This field is immutable once set.

+ + +v4InternalSubnet
+ +string + + + +(Optional) +

v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway +router logical router port (LRP) addresses and masquerade/SNAT traffic within +the OVN logical topology. It must not overlap with any other subnet being used +by OpenShift or by the node network. The size of the subnet must be larger than +the number of nodes. +This field is distinct from ipv4.internalJoinSubnet, which configures the subnet +for the join switch that interconnects per-node gateway routers with the cluster +router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes +internal networks and can be configured independently to avoid overlaps with +existing network infrastructure. +Once set, the value is immutable and cannot be modified in subsequent updates. +The default is 100.64.0.0/16. +The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of +four decimal octets (0-255) separated by dots, followed by a slash and a prefix +length. The prefix length must be between 0 and 30 inclusive, and the first +octet must not be 0. +The value must be between 9 and 18 characters in length. +This field is immutable once set.

+ + + + +v6InternalSubnet
+ +string + + + +(Optional) +

v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway +router logical router port (LRP) addresses and masquerade/SNAT traffic within +the OVN logical topology. It must not overlap with any other subnet being used +by OpenShift or by the node network. The size of the subnet must be larger than +the number of nodes. +This field is distinct from ipv6.internalJoinSubnet, which configures the subnet +for the join switch that interconnects per-node gateway routers with the cluster +router. Both default to fd98::/64 but control different OVN-Kubernetes internal +networks and can be configured independently to avoid overlaps with existing +network infrastructure. +Once set, the value is immutable and cannot be modified in subsequent updates. +The default is fd98::/64. +The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an +IPv6 address followed by a slash and a prefix length. The prefix length must +be between 0 and 125 inclusive. +The value must be between 4 and 48 characters in length. +This field is immutable once set.

+ + ###ObjectEncodingFormat { #hypershift.openshift.io/v1beta1.ObjectEncodingFormat } diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go index 61c5c63bb16c..a19283c0d099 100644 --- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go +++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go @@ -4373,23 +4373,15 @@ func validateSliceNetworkCIDRs(hc *hyperv1.HostedCluster) field.ErrorList { if hc.Spec.Networking.NetworkType == hyperv1.OVNKubernetes && hc.Spec.OperatorConfiguration != nil && hc.Spec.OperatorConfiguration.ClusterNetworkOperator != nil && - hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil && - hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv4 != nil { - ovnConfig := hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv4 - if ovnConfig.InternalJoinSubnet != "" { - _, cidr, err := net.ParseCIDR(ovnConfig.InternalJoinSubnet) - if err == nil { - ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv4", "internalJoinSubnet")} - cidrEntries = append(cidrEntries, ce) - } - } - if ovnConfig.InternalTransitSwitchSubnet != "" { - _, cidr, err := net.ParseCIDR(ovnConfig.InternalTransitSwitchSubnet) - if err == nil { - ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv4", "internalTransitSwitchSubnet")} - cidrEntries = append(cidrEntries, ce) - } + hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil { + ovnKubeConfig := hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig + ovnBasePath := []string{"spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig"} + if ovnKubeConfig.IPv4 != nil { + cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.IPv4.InternalJoinSubnet, append(ovnBasePath, "ipv4", "internalJoinSubnet")...) + cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.IPv4.InternalTransitSwitchSubnet, append(ovnBasePath, "ipv4", "internalTransitSwitchSubnet")...) } + cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.V4InternalSubnet, append(ovnBasePath, "v4InternalSubnet")...) + cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.V6InternalSubnet, append(ovnBasePath, "v6InternalSubnet")...) } if hc.Spec.Networking.NetworkType == hyperv1.OVNKubernetes { @@ -4438,6 +4430,17 @@ func validateSliceNetworkCIDRs(hc *hyperv1.HostedCluster) field.ErrorList { return compareCIDREntries(cidrEntries) } +func appendCIDREntry(entries []cidrEntry, cidrStr string, pathElements ...string) []cidrEntry { + if cidrStr == "" || len(pathElements) == 0 { + return entries + } + _, cidr, err := net.ParseCIDR(cidrStr) + if err != nil { + return entries + } + return append(entries, cidrEntry{*cidr, *field.NewPath(pathElements[0], pathElements[1:]...)}) +} + type cidrEntry struct { net net.IPNet path field.Path diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go index 4554f0cbc5b5..a46e6666a6f6 100644 --- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go +++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go @@ -4467,6 +4467,101 @@ func TestValidateSliceNetworkCIDRs(t *testing.T) { ovnConfig: nil, wantErr: false, }, + { + name: "When OVN-Kubernetes v4InternalSubnet does not overlap, it should succeed", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "100.64.0.0/16", + }, + wantErr: false, + }, + { + name: "When OVN-Kubernetes v4InternalSubnet overlaps with MachineNetwork, it should fail", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "192.168.0.0/16", + }, + wantErr: true, + }, + { + name: "When OVN-Kubernetes v4InternalSubnet overlaps with ClusterNetwork, it should fail", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "10.129.0.0/16", + }, + wantErr: true, + }, + { + name: "When OVN-Kubernetes v4InternalSubnet overlaps with InternalJoinSubnet, it should fail", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "100.64.0.0/16", + IPv4: &hyperv1.OVNIPv4Config{ + InternalJoinSubnet: "100.64.0.0/24", + }, + }, + wantErr: true, + }, + { + name: "When OVN-Kubernetes v4InternalSubnet with IPv4 subnets and no overlap, it should succeed", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V4InternalSubnet: "100.64.0.0/16", + IPv4: &hyperv1.OVNIPv4Config{ + InternalJoinSubnet: "100.66.0.0/16", + InternalTransitSwitchSubnet: "100.88.0.0/16", + }, + }, + wantErr: false, + }, + { + name: "When OVN-Kubernetes v6InternalSubnet does not overlap, it should succeed", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd99::/64", + }, + wantErr: false, + }, + { + name: "When OVN-Kubernetes v6InternalSubnet overlaps with MachineNetwork, it should fail", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd01::1:0/64", + }, + wantErr: true, + }, + { + name: "When OVN-Kubernetes v6InternalSubnet overlaps with ClusterNetwork, it should fail", + mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}}, + cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}}, + sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}}, + networkType: hyperv1.OVNKubernetes, + ovnConfig: &hyperv1.OVNKubernetesConfig{ + V6InternalSubnet: "fd02::1:0/64", + }, + wantErr: true, + }, } for _, tt := range tests { diff --git a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go index c14858d3fa14..5c4160fb257a 100644 --- a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go +++ b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go @@ -82,6 +82,8 @@ type ClusterNetworkOperatorSpec struct { // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || has(self.ipv6)", message="ipv6 is immutable once set and cannot be removed" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalJoinSubnet) || (has(self.ipv6) && has(self.ipv6.internalJoinSubnet))", message="ipv6.internalJoinSubnet cannot be removed once set" // +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))", message="ipv6.internalTransitSwitchSubnet cannot be removed once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)",message="v4InternalSubnet is immutable once set and cannot be removed" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)",message="v6InternalSubnet is immutable once set and cannot be removed" // +kubebuilder:validation:MinProperties=1 type OVNKubernetesConfig struct { // ipv4 allows users to configure IP settings for IPv4 connections. When omitted, @@ -115,6 +117,58 @@ type OVNKubernetesConfig struct { // +kubebuilder:validation:Maximum=9216 // +optional MTU int32 `json:"mtu,omitempty"` + + // v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway + // router logical router port (LRP) addresses and masquerade/SNAT traffic within + // the OVN logical topology. It must not overlap with any other subnet being used + // by OpenShift or by the node network. The size of the subnet must be larger than + // the number of nodes. + // This field is distinct from ipv4.internalJoinSubnet, which configures the subnet + // for the join switch that interconnects per-node gateway routers with the cluster + // router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes + // internal networks and can be configured independently to avoid overlaps with + // existing network infrastructure. + // Once set, the value is immutable and cannot be modified in subsequent updates. + // The default is 100.64.0.0/16. + // The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of + // four decimal octets (0-255) separated by dots, followed by a slash and a prefix + // length. The prefix length must be between 0 and 30 inclusive, and the first + // octet must not be 0. + // The value must be between 9 and 18 characters in length. + // This field is immutable once set. + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:MinLength=9 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v4InternalSubnet is immutable once set" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in a valid IPv4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4 && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + V4InternalSubnet string `json:"v4InternalSubnet,omitempty"` + + // v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway + // router logical router port (LRP) addresses and masquerade/SNAT traffic within + // the OVN logical topology. It must not overlap with any other subnet being used + // by OpenShift or by the node network. The size of the subnet must be larger than + // the number of nodes. + // This field is distinct from ipv6.internalJoinSubnet, which configures the subnet + // for the join switch that interconnects per-node gateway routers with the cluster + // router. Both default to fd98::/64 but control different OVN-Kubernetes internal + // networks and can be configured independently to avoid overlaps with existing + // network infrastructure. + // Once set, the value is immutable and cannot be modified in subsequent updates. + // The default is fd98::/64. + // The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an + // IPv6 address followed by a slash and a prefix length. The prefix length must + // be between 0 and 125 inclusive. + // The value must be between 4 and 48 characters in length. + // This field is immutable once set. + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:MinLength=4 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v6InternalSubnet is immutable once set" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPv6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + V6InternalSubnet string `json:"v6InternalSubnet,omitempty"` } // OVNIPv4Config contains IPv4-specific configuration options for OVN-Kubernetes.