From 825a59cd94af143d2a33f84c5043481eb5bf5533 Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 14:00:40 +0000
Subject: [PATCH 1/7] feat(api): add v4InternalSubnet and v6InternalSubnet to
OVNKubernetesConfig
- Add V4InternalSubnet field for customizing OVN-Kubernetes internal IPv4 subnet
(default 100.64.0.0/16), validated via CEL for IPv4 CIDR format, prefix /0-/30,
and non-zero first octet
- Add V6InternalSubnet field for customizing OVN-Kubernetes internal IPv6 subnet
(default fd98::/64), validated via CEL for IPv6 CIDR format, prefix /0-/125
- Both fields are immutable once set, enforced at struct and field level
- Regenerate featuregated CRD manifests for HostedCluster and HostedControlPlane
Signed-off-by: OpenShift CI Bot
Commit-Message-Assisted-by: Claude (via Claude Code)
---
api/hypershift/v1beta1/operator.go | 42 ++++++++++++++
.../AAA_ungated.yaml | 56 +++++++++++++++++++
.../ClusterUpdateAcceptRisks.yaml | 56 +++++++++++++++++++
.../ClusterVersionOperatorConfiguration.yaml | 56 +++++++++++++++++++
.../ExternalOIDC.yaml | 56 +++++++++++++++++++
...ernalOIDCWithUIDAndExtraClaimMappings.yaml | 56 +++++++++++++++++++
.../ExternalOIDCWithUpstreamParity.yaml | 56 +++++++++++++++++++
.../GCPPlatform.yaml | 56 +++++++++++++++++++
.../HCPEtcdBackup.yaml | 56 +++++++++++++++++++
...perShiftOnlyDynamicResourceAllocation.yaml | 56 +++++++++++++++++++
.../ImageStreamImportMode.yaml | 56 +++++++++++++++++++
.../KMSEncryptionProvider.yaml | 56 +++++++++++++++++++
.../OpenStack.yaml | 56 +++++++++++++++++++
.../TLSAdherence.yaml | 56 +++++++++++++++++++
.../AAA_ungated.yaml | 56 +++++++++++++++++++
.../ClusterUpdateAcceptRisks.yaml | 56 +++++++++++++++++++
.../ClusterVersionOperatorConfiguration.yaml | 56 +++++++++++++++++++
.../ExternalOIDC.yaml | 56 +++++++++++++++++++
...ernalOIDCWithUIDAndExtraClaimMappings.yaml | 56 +++++++++++++++++++
.../ExternalOIDCWithUpstreamParity.yaml | 56 +++++++++++++++++++
.../GCPPlatform.yaml | 56 +++++++++++++++++++
.../HCPEtcdBackup.yaml | 56 +++++++++++++++++++
...perShiftOnlyDynamicResourceAllocation.yaml | 56 +++++++++++++++++++
.../ImageStreamImportMode.yaml | 56 +++++++++++++++++++
.../KMSEncryptionProvider.yaml | 56 +++++++++++++++++++
.../OpenStack.yaml | 56 +++++++++++++++++++
.../TLSAdherence.yaml | 56 +++++++++++++++++++
27 files changed, 1498 insertions(+)
diff --git a/api/hypershift/v1beta1/operator.go b/api/hypershift/v1beta1/operator.go
index c14858d3fa14..0b58a6a51092 100644
--- a/api/hypershift/v1beta1/operator.go
+++ b/api/hypershift/v1beta1/operator.go
@@ -82,6 +82,8 @@ type ClusterNetworkOperatorSpec struct {
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || has(self.ipv6)", message="ipv6 is immutable once set and cannot be removed"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalJoinSubnet) || (has(self.ipv6) && has(self.ipv6.internalJoinSubnet))", message="ipv6.internalJoinSubnet cannot be removed once set"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))", message="ipv6.internalTransitSwitchSubnet cannot be removed once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)",message="v4InternalSubnet is immutable once set and cannot be removed"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)",message="v6InternalSubnet is immutable once set and cannot be removed"
// +kubebuilder:validation:MinProperties=1
type OVNKubernetesConfig struct {
// ipv4 allows users to configure IP settings for IPv4 connections. When omitted,
@@ -115,6 +117,46 @@ type OVNKubernetesConfig struct {
// +kubebuilder:validation:Maximum=9216
// +optional
MTU int32 `json:"mtu,omitempty"`
+
+ // v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ // default one is being already used by something else. It must not overlap with
+ // any other subnet being used by OpenShift or by the node network. The size of the
+ // subnet must be larger than the number of nodes. Once set, the value is immutable
+ // and cannot be modified in subsequent updates.
+ // The default is 100.64.0.0/16.
+ // The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ // four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ // length. The prefix length must be between 0 and 30 inclusive, and the first
+ // octet must not be 0.
+ // The value must be between 9 and 18 characters in length.
+ // This field is immutable once set.
+ // +kubebuilder:validation:MaxLength=18
+ // +kubebuilder:validation:MinLength=9
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v4InternalSubnet is immutable once set"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in a valid IPv4 CIDR format"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4 && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0"
+ // +optional
+ V4InternalSubnet string `json:"v4InternalSubnet,omitempty"`
+
+ // v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ // default one is being already used by something else. It must not overlap with
+ // any other subnet being used by OpenShift or by the node network. The size of the
+ // subnet must be larger than the number of nodes. Once set, the value is immutable
+ // and cannot be modified in subsequent updates.
+ // The default is fd98::/64.
+ // The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ // IPv6 address followed by a slash and a prefix length. The prefix length must
+ // be between 0 and 125 inclusive.
+ // The value must be between 4 and 48 characters in length.
+ // This field is immutable once set.
+ // +kubebuilder:validation:MaxLength=48
+ // +kubebuilder:validation:MinLength=4
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v6InternalSubnet is immutable once set"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPv6 CIDR format"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive"
+ // +optional
+ V6InternalSubnet string `json:"v6InternalSubnet,omitempty"`
}
// OVNIPv4Config contains IPv4-specific configuration options for OVN-Kubernetes.
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
index 4ed2391e13e2..fcf358bb4449 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
@@ -3282,6 +3282,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3306,6 +3356,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
index 9185fb00d932..7177140bcf29 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
@@ -3273,6 +3273,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3297,6 +3347,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
index 2269797a21d4..586020960033 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
@@ -3273,6 +3273,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3297,6 +3347,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
index 0a1a136fa308..84bfc22ce3a9 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
@@ -3605,6 +3605,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3629,6 +3679,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
index cebc53316acf..4906d3b04e1a 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
@@ -3745,6 +3745,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3769,6 +3819,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
index 1270fd8cb1fb..4c22eda66569 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
@@ -3736,6 +3736,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3760,6 +3810,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
index f7170ecada7a..02a545dcae6f 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
@@ -3273,6 +3273,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3297,6 +3347,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
index fd458cb1f13b..fc8dd6c64bfe 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
@@ -3338,6 +3338,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3362,6 +3412,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
index 461ae7dc7982..3e89aee92e7e 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
@@ -3295,6 +3295,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3319,6 +3369,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
index f741a117e78b..55eb3916611c 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
@@ -3291,6 +3291,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3315,6 +3365,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
index 33c70e1bc312..4d1ae0061841 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
@@ -3349,6 +3349,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3373,6 +3423,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
index bdb6610a9248..417386cdc828 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
@@ -3273,6 +3273,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3297,6 +3347,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
index 517516cd2f4a..ec9d79df1b26 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
@@ -3313,6 +3313,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3337,6 +3387,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
index 7faf853bd178..a63aae3a138d 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
@@ -3170,6 +3170,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3194,6 +3244,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
index 927f2b9ffc23..3ac818564a52 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
@@ -3161,6 +3161,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3185,6 +3235,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
index ad6e7742c0ec..6392cbb63591 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
@@ -3161,6 +3161,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3185,6 +3235,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
index 1b9da7de5255..e1d09b289692 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
@@ -3493,6 +3493,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3517,6 +3567,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
index 3cd3503473be..bfff7b0e315a 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
@@ -3633,6 +3633,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3657,6 +3707,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
index 9d7a73cb3bf0..559aeaf08d0e 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
@@ -3624,6 +3624,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3648,6 +3698,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
index 1527b355549f..6b8fd15d1a54 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
@@ -3161,6 +3161,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3185,6 +3235,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
index 36a11500968d..73644a15a1e3 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
@@ -3226,6 +3226,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3250,6 +3300,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
index 5ea38844b584..0e899b6f787f 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
@@ -3183,6 +3183,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3207,6 +3257,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
index 9de4ad90ead5..86cf71e5a91c 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
@@ -3179,6 +3179,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3203,6 +3253,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
index db3f3840a8c2..0d07ee6f1c89 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
@@ -3237,6 +3237,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3261,6 +3311,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
index c3c0b64fcf23..19e01915aad0 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
@@ -3161,6 +3161,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3185,6 +3235,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
index e52cbe485e19..3533c0c1f756 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
@@ -3201,6 +3201,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3225,6 +3275,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
From b6d2cce1db0d5e665bea4597f355707773637d9e Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 14:00:46 +0000
Subject: [PATCH 2/7] chore(api): regenerate CRDs, clients, and vendor
Signed-off-by: OpenShift CI Bot
Commit-Message-Assisted-by: Claude (via Claude Code)
---
.../hypershift/v1beta1/ovnkubernetesconfig.go | 24 +-
...e.hostedclusters.networking.testsuite.yaml | 595 ++++++++++++++++++
...usters-Hypershift-CustomNoUpgrade.crd.yaml | 56 ++
...hostedclusters-Hypershift-Default.crd.yaml | 56 ++
...s-Hypershift-TechPreviewNoUpgrade.crd.yaml | 56 ++
...planes-Hypershift-CustomNoUpgrade.crd.yaml | 56 ++
...dcontrolplanes-Hypershift-Default.crd.yaml | 56 ++
...s-Hypershift-TechPreviewNoUpgrade.crd.yaml | 56 ++
.../api/hypershift/v1beta1/operator.go | 42 ++
9 files changed, 994 insertions(+), 3 deletions(-)
diff --git a/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go b/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go
index ec04a89fa382..6ebc638e6b9a 100644
--- a/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go
+++ b/client/applyconfiguration/hypershift/v1beta1/ovnkubernetesconfig.go
@@ -20,9 +20,11 @@ package v1beta1
// OVNKubernetesConfigApplyConfiguration represents a declarative configuration of the OVNKubernetesConfig type for use
// with apply.
type OVNKubernetesConfigApplyConfiguration struct {
- IPv4 *OVNIPv4ConfigApplyConfiguration `json:"ipv4,omitempty"`
- IPv6 *OVNIPv6ConfigApplyConfiguration `json:"ipv6,omitempty"`
- MTU *int32 `json:"mtu,omitempty"`
+ IPv4 *OVNIPv4ConfigApplyConfiguration `json:"ipv4,omitempty"`
+ IPv6 *OVNIPv6ConfigApplyConfiguration `json:"ipv6,omitempty"`
+ MTU *int32 `json:"mtu,omitempty"`
+ V4InternalSubnet *string `json:"v4InternalSubnet,omitempty"`
+ V6InternalSubnet *string `json:"v6InternalSubnet,omitempty"`
}
// OVNKubernetesConfigApplyConfiguration constructs a declarative configuration of the OVNKubernetesConfig type for use with
@@ -54,3 +56,19 @@ func (b *OVNKubernetesConfigApplyConfiguration) WithMTU(value int32) *OVNKuberne
b.MTU = &value
return b
}
+
+// WithV4InternalSubnet sets the V4InternalSubnet field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the V4InternalSubnet field is set to the value of the last call.
+func (b *OVNKubernetesConfigApplyConfiguration) WithV4InternalSubnet(value string) *OVNKubernetesConfigApplyConfiguration {
+ b.V4InternalSubnet = &value
+ return b
+}
+
+// WithV6InternalSubnet sets the V6InternalSubnet field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the V6InternalSubnet field is set to the value of the last call.
+func (b *OVNKubernetesConfigApplyConfiguration) WithV6InternalSubnet(value string) *OVNKubernetesConfigApplyConfiguration {
+ b.V6InternalSubnet = &value
+ return b
+}
diff --git a/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml b/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml
index 8c0073612e1f..58f044d52a77 100644
--- a/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/tests/hostedclusters.hypershift.openshift.io/stable.hostedclusters.networking.testsuite.yaml
@@ -579,6 +579,601 @@ tests:
type: Route
route: {}
+ # --- v4InternalSubnet validation ---
+ - name: When v4InternalSubnet is a valid IPv4 CIDR it should pass
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "100.64.0.0/16"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+
+ - name: When v4InternalSubnet is an IPv6 CIDR it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "fd98::/64"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "Subnet must be in a valid IPv4 CIDR format"
+
+ - name: When v4InternalSubnet has an invalid CIDR format it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "not-a-cidr!!"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "Subnet must be in a valid IPv4 CIDR format"
+
+ - name: When v4InternalSubnet prefix length exceeds /30 it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "10.10.0.0/31"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "subnet must be in the range /0 to /30 inclusive"
+
+ - name: When v4InternalSubnet first octet is 0 it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "0.10.0.0/16"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "first IP address octet must not be 0"
+
+ # --- v6InternalSubnet validation ---
+ - name: When v6InternalSubnet is a valid IPv6 CIDR it should pass
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v6InternalSubnet: "fd98::/64"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+
+ - name: When v6InternalSubnet is an IPv4 CIDR it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v6InternalSubnet: "10.10.0.0/16"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "Subnet must be in valid IPv6 CIDR format"
+
+ - name: When v6InternalSubnet prefix length exceeds /125 it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v6InternalSubnet: "fd98::/126"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "subnet must be in the range /0 to /125 inclusive"
+
+ # --- v4/v6InternalSubnet immutability ---
+ onUpdate:
+ - name: When v4InternalSubnet is changed on update it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "100.64.0.0/16"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ updated: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "10.10.0.0/16"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "v4InternalSubnet is immutable once set"
+
+ - name: When v6InternalSubnet is changed on update it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v6InternalSubnet: "fd98::/64"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ updated: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v6InternalSubnet: "fd99::/64"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "v6InternalSubnet is immutable once set"
+
+ - name: When v4InternalSubnet is removed on update it should fail
+ initial: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ v4InternalSubnet: "100.64.0.0/16"
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ updated: |
+ apiVersion: hypershift.openshift.io/v1beta1
+ kind: HostedCluster
+ spec:
+ networking:
+ networkType: OVNKubernetes
+ operatorConfiguration:
+ clusterNetworkOperator:
+ ovnKubernetesConfig:
+ mtu: 1400
+ dns:
+ baseDomain: example.com
+ platform:
+ type: AWS
+ pullSecret:
+ name: secret
+ release:
+ image: quay.io/openshift-release-dev/ocp-release:4.15.11-x86_64
+ secretEncryption:
+ aescbc:
+ activeKey:
+ name: key
+ type: aescbc
+ services:
+ - service: APIServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: OAuthServer
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Konnectivity
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ - service: Ignition
+ servicePublishingStrategy:
+ type: Route
+ route: {}
+ expectedError: "v4InternalSubnet is immutable once set and cannot be removed"
+
- name: When ovnKubernetesConfig is not set and networkType is not OVNKubernetes it should pass
initial: |
apiVersion: hypershift.openshift.io/v1beta1
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
index d406b89a759f..8a82beadb8c3 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
@@ -4104,6 +4104,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -4128,6 +4178,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
index bbafc3f882a8..0c3035c524e5 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
@@ -3774,6 +3774,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3798,6 +3848,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
index 30d17382b0f8..43a32af6af58 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
@@ -3975,6 +3975,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3999,6 +4049,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
index 798d4f0664f8..768305e0d4f2 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
@@ -3992,6 +3992,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -4016,6 +4066,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
index 5fd583a45ffa..390ae82a2000 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
@@ -3662,6 +3662,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3686,6 +3736,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
index 25068f5cf7f6..7d7517af56a9 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
@@ -3863,6 +3863,56 @@ spec:
x-kubernetes-validations:
- message: mtu is immutable once set
rule: self == oldSelf
+ v4InternalSubnet:
+ description: |-
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is 100.64.0.0/16.
+ The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ length. The prefix length must be between 0 and 30 inclusive, and the first
+ octet must not be 0.
+ The value must be between 9 and 18 characters in length.
+ This field is immutable once set.
+ maxLength: 18
+ minLength: 9
+ type: string
+ x-kubernetes-validations:
+ - message: v4InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in a valid IPv4 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ - message: subnet must be in the range /0 to /30 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 30
+ - message: first IP address octet must not be 0
+ rule: isCIDR(self) && cidr(self).ip().family() == 4
+ && int(self.split('.')[0]) > 0
+ v6InternalSubnet:
+ description: |-
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ default one is being already used by something else. It must not overlap with
+ any other subnet being used by OpenShift or by the node network. The size of the
+ subnet must be larger than the number of nodes. Once set, the value is immutable
+ and cannot be modified in subsequent updates.
+ The default is fd98::/64.
+ The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ IPv6 address followed by a slash and a prefix length. The prefix length must
+ be between 0 and 125 inclusive.
+ The value must be between 4 and 48 characters in length.
+ This field is immutable once set.
+ maxLength: 48
+ minLength: 4
+ type: string
+ x-kubernetes-validations:
+ - message: v6InternalSubnet is immutable once set
+ rule: self == oldSelf
+ - message: Subnet must be in valid IPv6 CIDR format
+ rule: isCIDR(self) && cidr(self).ip().family() == 6
+ - message: subnet must be in the range /0 to /125 inclusive
+ rule: isCIDR(self) && cidr(self).prefixLength() <= 125
type: object
x-kubernetes-validations:
- message: internalJoinSubnet and internalTransitSwitchSubnet
@@ -3887,6 +3937,12 @@ spec:
once set
rule: '!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet)
|| (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))'
+ - message: v4InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)'
+ - message: v6InternalSubnet is immutable once set and cannot
+ be removed
+ rule: '!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)'
type: object
x-kubernetes-validations:
- message: ovnKubernetesConfig is immutable once set and cannot
diff --git a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
index c14858d3fa14..0b58a6a51092 100644
--- a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
+++ b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
@@ -82,6 +82,8 @@ type ClusterNetworkOperatorSpec struct {
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || has(self.ipv6)", message="ipv6 is immutable once set and cannot be removed"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalJoinSubnet) || (has(self.ipv6) && has(self.ipv6.internalJoinSubnet))", message="ipv6.internalJoinSubnet cannot be removed once set"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))", message="ipv6.internalTransitSwitchSubnet cannot be removed once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v4InternalSubnet) || has(self.v4InternalSubnet)",message="v4InternalSubnet is immutable once set and cannot be removed"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.v6InternalSubnet) || has(self.v6InternalSubnet)",message="v6InternalSubnet is immutable once set and cannot be removed"
// +kubebuilder:validation:MinProperties=1
type OVNKubernetesConfig struct {
// ipv4 allows users to configure IP settings for IPv4 connections. When omitted,
@@ -115,6 +117,46 @@ type OVNKubernetesConfig struct {
// +kubebuilder:validation:Maximum=9216
// +optional
MTU int32 `json:"mtu,omitempty"`
+
+ // v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+ // default one is being already used by something else. It must not overlap with
+ // any other subnet being used by OpenShift or by the node network. The size of the
+ // subnet must be larger than the number of nodes. Once set, the value is immutable
+ // and cannot be modified in subsequent updates.
+ // The default is 100.64.0.0/16.
+ // The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+ // four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+ // length. The prefix length must be between 0 and 30 inclusive, and the first
+ // octet must not be 0.
+ // The value must be between 9 and 18 characters in length.
+ // This field is immutable once set.
+ // +kubebuilder:validation:MaxLength=18
+ // +kubebuilder:validation:MinLength=9
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v4InternalSubnet is immutable once set"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in a valid IPv4 CIDR format"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4 && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0"
+ // +optional
+ V4InternalSubnet string `json:"v4InternalSubnet,omitempty"`
+
+ // v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ // default one is being already used by something else. It must not overlap with
+ // any other subnet being used by OpenShift or by the node network. The size of the
+ // subnet must be larger than the number of nodes. Once set, the value is immutable
+ // and cannot be modified in subsequent updates.
+ // The default is fd98::/64.
+ // The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+ // IPv6 address followed by a slash and a prefix length. The prefix length must
+ // be between 0 and 125 inclusive.
+ // The value must be between 4 and 48 characters in length.
+ // This field is immutable once set.
+ // +kubebuilder:validation:MaxLength=48
+ // +kubebuilder:validation:MinLength=4
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="v6InternalSubnet is immutable once set"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPv6 CIDR format"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive"
+ // +optional
+ V6InternalSubnet string `json:"v6InternalSubnet,omitempty"`
}
// OVNIPv4Config contains IPv4-specific configuration options for OVN-Kubernetes.
From de474da4fa3bd097f4f76ccfd437c9ca3398ba62 Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 14:00:53 +0000
Subject: [PATCH 3/7] feat(hypershift-operator): add CIDR overlap validation
for v4/v6InternalSubnet
- Extract appendCIDREntry helper for compile-time safe CIDR entry construction
- Add v4InternalSubnet and v6InternalSubnet to CIDR overlap validation in
validateSliceNetworkCIDRs
- Add unit tests for overlap detection against machine, cluster, and service
networks, as well as cross-field overlap with internalJoinSubnet
Signed-off-by: OpenShift CI Bot
Commit-Message-Assisted-by: Claude (via Claude Code)
---
.../hostedcluster/hostedcluster_controller.go | 35 +++----
.../hostedcluster_controller_test.go | 95 +++++++++++++++++++
2 files changed, 114 insertions(+), 16 deletions(-)
diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
index 61c5c63bb16c..a19283c0d099 100644
--- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
+++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
@@ -4373,23 +4373,15 @@ func validateSliceNetworkCIDRs(hc *hyperv1.HostedCluster) field.ErrorList {
if hc.Spec.Networking.NetworkType == hyperv1.OVNKubernetes &&
hc.Spec.OperatorConfiguration != nil && hc.Spec.OperatorConfiguration.ClusterNetworkOperator != nil &&
- hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil &&
- hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv4 != nil {
- ovnConfig := hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv4
- if ovnConfig.InternalJoinSubnet != "" {
- _, cidr, err := net.ParseCIDR(ovnConfig.InternalJoinSubnet)
- if err == nil {
- ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv4", "internalJoinSubnet")}
- cidrEntries = append(cidrEntries, ce)
- }
- }
- if ovnConfig.InternalTransitSwitchSubnet != "" {
- _, cidr, err := net.ParseCIDR(ovnConfig.InternalTransitSwitchSubnet)
- if err == nil {
- ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv4", "internalTransitSwitchSubnet")}
- cidrEntries = append(cidrEntries, ce)
- }
+ hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil {
+ ovnKubeConfig := hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig
+ ovnBasePath := []string{"spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig"}
+ if ovnKubeConfig.IPv4 != nil {
+ cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.IPv4.InternalJoinSubnet, append(ovnBasePath, "ipv4", "internalJoinSubnet")...)
+ cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.IPv4.InternalTransitSwitchSubnet, append(ovnBasePath, "ipv4", "internalTransitSwitchSubnet")...)
}
+ cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.V4InternalSubnet, append(ovnBasePath, "v4InternalSubnet")...)
+ cidrEntries = appendCIDREntry(cidrEntries, ovnKubeConfig.V6InternalSubnet, append(ovnBasePath, "v6InternalSubnet")...)
}
if hc.Spec.Networking.NetworkType == hyperv1.OVNKubernetes {
@@ -4438,6 +4430,17 @@ func validateSliceNetworkCIDRs(hc *hyperv1.HostedCluster) field.ErrorList {
return compareCIDREntries(cidrEntries)
}
+func appendCIDREntry(entries []cidrEntry, cidrStr string, pathElements ...string) []cidrEntry {
+ if cidrStr == "" || len(pathElements) == 0 {
+ return entries
+ }
+ _, cidr, err := net.ParseCIDR(cidrStr)
+ if err != nil {
+ return entries
+ }
+ return append(entries, cidrEntry{*cidr, *field.NewPath(pathElements[0], pathElements[1:]...)})
+}
+
type cidrEntry struct {
net net.IPNet
path field.Path
diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
index 4554f0cbc5b5..a46e6666a6f6 100644
--- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
+++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
@@ -4467,6 +4467,101 @@ func TestValidateSliceNetworkCIDRs(t *testing.T) {
ovnConfig: nil,
wantErr: false,
},
+ {
+ name: "When OVN-Kubernetes v4InternalSubnet does not overlap, it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "100.64.0.0/16",
+ },
+ wantErr: false,
+ },
+ {
+ name: "When OVN-Kubernetes v4InternalSubnet overlaps with MachineNetwork, it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "192.168.0.0/16",
+ },
+ wantErr: true,
+ },
+ {
+ name: "When OVN-Kubernetes v4InternalSubnet overlaps with ClusterNetwork, it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "10.129.0.0/16",
+ },
+ wantErr: true,
+ },
+ {
+ name: "When OVN-Kubernetes v4InternalSubnet overlaps with InternalJoinSubnet, it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "100.64.0.0/16",
+ IPv4: &hyperv1.OVNIPv4Config{
+ InternalJoinSubnet: "100.64.0.0/24",
+ },
+ },
+ wantErr: true,
+ },
+ {
+ name: "When OVN-Kubernetes v4InternalSubnet with IPv4 subnets and no overlap, it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "100.64.0.0/16",
+ IPv4: &hyperv1.OVNIPv4Config{
+ InternalJoinSubnet: "100.66.0.0/16",
+ InternalTransitSwitchSubnet: "100.88.0.0/16",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "When OVN-Kubernetes v6InternalSubnet does not overlap, it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd99::/64",
+ },
+ wantErr: false,
+ },
+ {
+ name: "When OVN-Kubernetes v6InternalSubnet overlaps with MachineNetwork, it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd01::1:0/64",
+ },
+ wantErr: true,
+ },
+ {
+ name: "When OVN-Kubernetes v6InternalSubnet overlaps with ClusterNetwork, it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd02::1:0/64",
+ },
+ wantErr: true,
+ },
}
for _, tt := range tests {
From acbc52f6c6a7fd2217e6bd2470d3632cebff3cc0 Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 14:00:59 +0000
Subject: [PATCH 4/7] feat(control-plane-operator): propagate
v4/v6InternalSubnet to network operator
- Extract applyOVNConfig to reduce cyclomatic complexity in ReconcileNetworkOperator
- Propagate V4InternalSubnet and V6InternalSubnet from HostedCluster OVN config
to the guest cluster network operator CR
- User-specified values override platform defaults (e.g. KubeVirt's 100.66.0.0/16)
- Add tests for AWS propagation, KubeVirt override, combined fields, and non-OVN
network type no-ops
Signed-off-by: OpenShift CI Bot
Commit-Message-Assisted-by: Claude (via Claude Code)
---
.../resources/network/reconcile.go | 73 ++++----
.../resources/network/reconcile_test.go | 164 ++++++++++++++++++
2 files changed, 207 insertions(+), 30 deletions(-)
diff --git a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go
index 1d22a3e2d4a5..be583cadc5b8 100644
--- a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go
+++ b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile.go
@@ -89,36 +89,7 @@ func ReconcileNetworkOperator(network *operatorv1.Network, networkType hyperv1.N
if network.Spec.DefaultNetwork.OVNKubernetesConfig == nil {
network.Spec.DefaultNetwork.OVNKubernetesConfig = &operatorv1.OVNKubernetesConfig{}
}
- ovnCfg := network.Spec.DefaultNetwork.OVNKubernetesConfig
- // Apply IPv4 configuration
- if ovnConfig.IPv4 != nil {
- if ovnCfg.IPv4 == nil {
- ovnCfg.IPv4 = &operatorv1.IPv4OVNKubernetesConfig{}
- }
- if ovnConfig.IPv4.InternalJoinSubnet != "" {
- ovnCfg.IPv4.InternalJoinSubnet = ovnConfig.IPv4.InternalJoinSubnet
- }
- if ovnConfig.IPv4.InternalTransitSwitchSubnet != "" {
- ovnCfg.IPv4.InternalTransitSwitchSubnet = ovnConfig.IPv4.InternalTransitSwitchSubnet
- }
- }
- // Apply IPv6 configuration
- if ovnConfig.IPv6.InternalJoinSubnet != "" {
- if ovnCfg.IPv6 == nil {
- ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{}
- }
- ovnCfg.IPv6.InternalJoinSubnet = ovnConfig.IPv6.InternalJoinSubnet
- }
- if ovnConfig.IPv6.InternalTransitSwitchSubnet != "" {
- if ovnCfg.IPv6 == nil {
- ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{}
- }
- ovnCfg.IPv6.InternalTransitSwitchSubnet = ovnConfig.IPv6.InternalTransitSwitchSubnet
- }
- // Apply MTU configuration
- if ovnConfig.MTU > 0 {
- ovnCfg.MTU = ptr.To(uint32(ovnConfig.MTU))
- }
+ applyOVNConfig(network.Spec.DefaultNetwork.OVNKubernetesConfig, ovnConfig)
}
// Setting the management state is required in order to create
@@ -135,6 +106,48 @@ func ReconcileNetworkOperator(network *operatorv1.Network, networkType hyperv1.N
}
}
+// applyOVNConfig applies user-specified OVN configuration to the network operator config.
+// User-specified values take precedence over platform defaults (e.g., KubeVirt's 100.66.0.0/16).
+func applyOVNConfig(ovnCfg *operatorv1.OVNKubernetesConfig, ovnConfig *hyperv1.OVNKubernetesConfig) {
+ // Apply IPv4 configuration
+ if ovnConfig.IPv4 != nil {
+ if ovnCfg.IPv4 == nil {
+ ovnCfg.IPv4 = &operatorv1.IPv4OVNKubernetesConfig{}
+ }
+ if ovnConfig.IPv4.InternalJoinSubnet != "" {
+ ovnCfg.IPv4.InternalJoinSubnet = ovnConfig.IPv4.InternalJoinSubnet
+ }
+ if ovnConfig.IPv4.InternalTransitSwitchSubnet != "" {
+ ovnCfg.IPv4.InternalTransitSwitchSubnet = ovnConfig.IPv4.InternalTransitSwitchSubnet
+ }
+ }
+ // Apply IPv6 configuration
+ if ovnConfig.IPv6.InternalJoinSubnet != "" {
+ if ovnCfg.IPv6 == nil {
+ ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{}
+ }
+ ovnCfg.IPv6.InternalJoinSubnet = ovnConfig.IPv6.InternalJoinSubnet
+ }
+ if ovnConfig.IPv6.InternalTransitSwitchSubnet != "" {
+ if ovnCfg.IPv6 == nil {
+ ovnCfg.IPv6 = &operatorv1.IPv6OVNKubernetesConfig{}
+ }
+ ovnCfg.IPv6.InternalTransitSwitchSubnet = ovnConfig.IPv6.InternalTransitSwitchSubnet
+ }
+ // Apply MTU configuration
+ if ovnConfig.MTU > 0 {
+ ovnCfg.MTU = ptr.To(uint32(ovnConfig.MTU))
+ }
+ // Apply V4InternalSubnet configuration.
+ if ovnConfig.V4InternalSubnet != "" {
+ ovnCfg.V4InternalSubnet = ovnConfig.V4InternalSubnet
+ }
+ // Apply V6InternalSubnet configuration.
+ if ovnConfig.V6InternalSubnet != "" {
+ ovnCfg.V6InternalSubnet = ovnConfig.V6InternalSubnet
+ }
+}
+
func DetectSuboptimalMTU(ctx context.Context, mgmtClient client.Client,
guestNetworkOperator *operatorv1.Network, hcp *hyperv1.HostedControlPlane) error {
const recommendedMinMTU = uint32(9000)
diff --git a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go
index 8222e38dabe4..87ec41c5a1e8 100644
--- a/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go
+++ b/control-plane-operator/hostedclusterconfigoperator/controllers/resources/network/reconcile_test.go
@@ -601,6 +601,170 @@ func TestReconcileDefaultIngressController(t *testing.T) {
},
},
},
+ {
+ name: "When v4InternalSubnet is specified, it should propagate to network operator",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OVNKubernetes,
+ inputPlatformType: hyperv1.AWSPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "10.128.0.0/16",
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ DefaultNetwork: operatorv1.DefaultNetworkDefinition{
+ OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{
+ V4InternalSubnet: "10.128.0.0/16",
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "When v6InternalSubnet is specified, it should propagate to network operator",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OVNKubernetes,
+ inputPlatformType: hyperv1.AWSPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd99::/64",
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ DefaultNetwork: operatorv1.DefaultNetworkDefinition{
+ OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd99::/64",
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "When KubeVirt with OVNKubernetes has user-specified v4InternalSubnet, it should override platform default",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OVNKubernetes,
+ inputPlatformType: hyperv1.KubevirtPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "10.200.0.0/16",
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ DefaultNetwork: operatorv1.DefaultNetworkDefinition{
+ OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{
+ GenevePort: &genevePort,
+ V4InternalSubnet: "10.200.0.0/16",
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "When KubeVirt with OVNKubernetes has user-specified v6InternalSubnet only, it should retain platform defaults and apply V6",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OVNKubernetes,
+ inputPlatformType: hyperv1.KubevirtPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd99::/64",
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ DefaultNetwork: operatorv1.DefaultNetworkDefinition{
+ OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{
+ GenevePort: &genevePort,
+ V4InternalSubnet: v4InternalSubnet,
+ V6InternalSubnet: "fd99::/64",
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "When v4InternalSubnet is specified with IPv4 subnets and MTU, it should propagate all",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OVNKubernetes,
+ inputPlatformType: hyperv1.AWSPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ MTU: 8901,
+ V4InternalSubnet: "10.200.0.0/16",
+ V6InternalSubnet: "fd99::/64",
+ IPv4: &hyperv1.OVNIPv4Config{
+ InternalJoinSubnet: "192.168.1.0/24",
+ },
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ DefaultNetwork: operatorv1.DefaultNetworkDefinition{
+ OVNKubernetesConfig: &operatorv1.OVNKubernetesConfig{
+ MTU: ptr.To(uint32(8901)),
+ V4InternalSubnet: "10.200.0.0/16",
+ V6InternalSubnet: "fd99::/64",
+ IPv4: &operatorv1.IPv4OVNKubernetesConfig{
+ InternalJoinSubnet: "192.168.1.0/24",
+ },
+ },
+ },
+ },
+ },
+ },
+ {
+ name: "When v4InternalSubnet is specified with non-OVN network type, it should be ignored",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OpenShiftSDN,
+ inputPlatformType: hyperv1.AWSPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V4InternalSubnet: "10.200.0.0/16",
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ },
+ },
+ },
+ {
+ name: "When v6InternalSubnet is specified with non-OVN network type, it should be ignored",
+ inputNetwork: NetworkOperator(),
+ inputNetworkType: hyperv1.OpenShiftSDN,
+ inputPlatformType: hyperv1.AWSPlatform,
+ disableMultiNetwork: false,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ V6InternalSubnet: "fd99::/64",
+ },
+ expectedNetwork: &operatorv1.Network{
+ ObjectMeta: NetworkOperator().ObjectMeta,
+ Spec: operatorv1.NetworkSpec{
+ OperatorSpec: operatorv1.OperatorSpec{
+ ManagementState: "Managed",
+ },
+ },
+ },
+ },
}
for _, tc := range testsCases {
From 797deea79b2a1888e7682a6d087ced31fce6932c Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 14:01:02 +0000
Subject: [PATCH 5/7] docs: regenerate API reference and aggregated docs
Signed-off-by: OpenShift CI Bot
Commit-Message-Assisted-by: Claude (via Claude Code)
---
docs/content/reference/aggregated-docs.md | 45 +++++++++++++++++++++++
docs/content/reference/api.md | 45 +++++++++++++++++++++++
2 files changed, 90 insertions(+)
diff --git a/docs/content/reference/aggregated-docs.md b/docs/content/reference/aggregated-docs.md
index c61fb9f9f0fd..a989a2ac26fa 100644
--- a/docs/content/reference/aggregated-docs.md
+++ b/docs/content/reference/aggregated-docs.md
@@ -50333,6 +50333,51 @@ The minimum is 576, which is the minimum IPv4 MTU per RFC 791.
This field is immutable once set.
+
+
+v4InternalSubnet
+
+string
+
+ |
+
+(Optional)
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. Once set, the value is immutable
+and cannot be modified in subsequent updates.
+The default is 100.64.0.0/16.
+The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+length. The prefix length must be between 0 and 30 inclusive, and the first
+octet must not be 0.
+The value must be between 9 and 18 characters in length.
+This field is immutable once set.
+ |
+
+
+
+v6InternalSubnet
+
+string
+
+ |
+
+(Optional)
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. Once set, the value is immutable
+and cannot be modified in subsequent updates.
+The default is fd98::/64.
+The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+IPv6 address followed by a slash and a prefix length. The prefix length must
+be between 0 and 125 inclusive.
+The value must be between 4 and 48 characters in length.
+This field is immutable once set.
+ |
+
###ObjectEncodingFormat { #hypershift.openshift.io/v1beta1.ObjectEncodingFormat }
diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md
index fb4fb96c1b20..5c0b3a27704f 100644
--- a/docs/content/reference/api.md
+++ b/docs/content/reference/api.md
@@ -13933,6 +13933,51 @@ The minimum is 576, which is the minimum IPv4 MTU per RFC 791.
This field is immutable once set.
+
+
+v4InternalSubnet
+
+string
+
+ |
+
+(Optional)
+ v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. Once set, the value is immutable
+and cannot be modified in subsequent updates.
+The default is 100.64.0.0/16.
+The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
+four decimal octets (0-255) separated by dots, followed by a slash and a prefix
+length. The prefix length must be between 0 and 30 inclusive, and the first
+octet must not be 0.
+The value must be between 9 and 18 characters in length.
+This field is immutable once set.
+ |
+
+
+
+v6InternalSubnet
+
+string
+
+ |
+
+(Optional)
+ v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+default one is being already used by something else. It must not overlap with
+any other subnet being used by OpenShift or by the node network. The size of the
+subnet must be larger than the number of nodes. Once set, the value is immutable
+and cannot be modified in subsequent updates.
+The default is fd98::/64.
+The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
+IPv6 address followed by a slash and a prefix length. The prefix length must
+be between 0 and 125 inclusive.
+The value must be between 4 and 48 characters in length.
+This field is immutable once set.
+ |
+
###ObjectEncodingFormat { #hypershift.openshift.io/v1beta1.ObjectEncodingFormat }
From 7bd6c967381447b49c3d964a44cdb9e0535a53e7 Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 15:00:38 +0000
Subject: [PATCH 6/7] fix(pre-commit): prevent filename passthrough to make
pre-push hooks
The pre-commit framework passes changed filenames as extra arguments
to hook commands by default. For make-based hooks, this causes make
to interpret those filenames as additional targets, triggering parallel
invocations of the generate dependency. This creates a race condition
in git clean -fx -- '*_mock.go' where one invocation deletes the mock
files while others simultaneously try to lstat them, causing fatal
errors.
Add pass_filenames: false to both make-verify and make-test pre-push
hooks since these make targets operate on the entire codebase and
should not receive individual filenames.
Co-Authored-By: Claude Opus 4.6
---
.pre-commit-config.yaml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 9511f9ecb040..02ca4059b7c8 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -51,6 +51,7 @@ repos:
description: Runs `make verify`.
entry: make verify
language: system
+ pass_filenames: false
stages: [pre-push]
require_serial: true
- id: make-test
@@ -58,6 +59,7 @@ repos:
description: Runs `make test`.
entry: make test
language: system
+ pass_filenames: false
stages: [ pre-push ]
exclude: '^vendor/|^hack/tools/vendor/|^api/vendor/'
fail_fast: true
\ No newline at end of file
From 92a4976574bd16ecad4b7a9381fe2bba288f3c5d Mon Sep 17 00:00:00 2001
From: OpenShift CI Bot
Date: Thu, 18 Jun 2026 16:23:26 +0000
Subject: [PATCH 7/7] docs(api): clarify v4/v6InternalSubnet vs
internalJoinSubnet in GoDoc
Update GoDoc for v4InternalSubnet and v6InternalSubnet to clearly
explain their purpose (gateway router LRP addresses and masquerade/SNAT
traffic) and explicitly distinguish them from ipv4/ipv6.internalJoinSubnet
(join switch interconnecting gateway routers with the cluster router).
Both share the same default but control different OVN-Kubernetes internal
networks. Regenerated CRDs and API docs.
Co-Authored-By: Claude Opus 4.6
---
api/hypershift/v1beta1/operator.go | 32 +++++++++++++------
.../AAA_ungated.yaml | 32 +++++++++++++------
.../ClusterUpdateAcceptRisks.yaml | 32 +++++++++++++------
.../ClusterVersionOperatorConfiguration.yaml | 32 +++++++++++++------
.../ExternalOIDC.yaml | 32 +++++++++++++------
...ernalOIDCWithUIDAndExtraClaimMappings.yaml | 32 +++++++++++++------
.../ExternalOIDCWithUpstreamParity.yaml | 32 +++++++++++++------
.../GCPPlatform.yaml | 32 +++++++++++++------
.../HCPEtcdBackup.yaml | 32 +++++++++++++------
...perShiftOnlyDynamicResourceAllocation.yaml | 32 +++++++++++++------
.../ImageStreamImportMode.yaml | 32 +++++++++++++------
.../KMSEncryptionProvider.yaml | 32 +++++++++++++------
.../OpenStack.yaml | 32 +++++++++++++------
.../TLSAdherence.yaml | 32 +++++++++++++------
.../AAA_ungated.yaml | 32 +++++++++++++------
.../ClusterUpdateAcceptRisks.yaml | 32 +++++++++++++------
.../ClusterVersionOperatorConfiguration.yaml | 32 +++++++++++++------
.../ExternalOIDC.yaml | 32 +++++++++++++------
...ernalOIDCWithUIDAndExtraClaimMappings.yaml | 32 +++++++++++++------
.../ExternalOIDCWithUpstreamParity.yaml | 32 +++++++++++++------
.../GCPPlatform.yaml | 32 +++++++++++++------
.../HCPEtcdBackup.yaml | 32 +++++++++++++------
...perShiftOnlyDynamicResourceAllocation.yaml | 32 +++++++++++++------
.../ImageStreamImportMode.yaml | 32 +++++++++++++------
.../KMSEncryptionProvider.yaml | 32 +++++++++++++------
.../OpenStack.yaml | 32 +++++++++++++------
.../TLSAdherence.yaml | 32 +++++++++++++------
...usters-Hypershift-CustomNoUpgrade.crd.yaml | 32 +++++++++++++------
...hostedclusters-Hypershift-Default.crd.yaml | 32 +++++++++++++------
...s-Hypershift-TechPreviewNoUpgrade.crd.yaml | 32 +++++++++++++------
...planes-Hypershift-CustomNoUpgrade.crd.yaml | 32 +++++++++++++------
...dcontrolplanes-Hypershift-Default.crd.yaml | 32 +++++++++++++------
...s-Hypershift-TechPreviewNoUpgrade.crd.yaml | 32 +++++++++++++------
docs/content/reference/aggregated-docs.md | 32 +++++++++++++------
docs/content/reference/api.md | 32 +++++++++++++------
.../api/hypershift/v1beta1/operator.go | 32 +++++++++++++------
36 files changed, 792 insertions(+), 360 deletions(-)
diff --git a/api/hypershift/v1beta1/operator.go b/api/hypershift/v1beta1/operator.go
index 0b58a6a51092..5c4160fb257a 100644
--- a/api/hypershift/v1beta1/operator.go
+++ b/api/hypershift/v1beta1/operator.go
@@ -118,11 +118,17 @@ type OVNKubernetesConfig struct {
// +optional
MTU int32 `json:"mtu,omitempty"`
- // v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- // default one is being already used by something else. It must not overlap with
- // any other subnet being used by OpenShift or by the node network. The size of the
- // subnet must be larger than the number of nodes. Once set, the value is immutable
- // and cannot be modified in subsequent updates.
+ // v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ // router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ // the OVN logical topology. It must not overlap with any other subnet being used
+ // by OpenShift or by the node network. The size of the subnet must be larger than
+ // the number of nodes.
+ // This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ // for the join switch that interconnects per-node gateway routers with the cluster
+ // router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ // internal networks and can be configured independently to avoid overlaps with
+ // existing network infrastructure.
+ // Once set, the value is immutable and cannot be modified in subsequent updates.
// The default is 100.64.0.0/16.
// The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
// four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -139,11 +145,17 @@ type OVNKubernetesConfig struct {
// +optional
V4InternalSubnet string `json:"v4InternalSubnet,omitempty"`
- // v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- // default one is being already used by something else. It must not overlap with
- // any other subnet being used by OpenShift or by the node network. The size of the
- // subnet must be larger than the number of nodes. Once set, the value is immutable
- // and cannot be modified in subsequent updates.
+ // v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ // router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ // the OVN logical topology. It must not overlap with any other subnet being used
+ // by OpenShift or by the node network. The size of the subnet must be larger than
+ // the number of nodes.
+ // This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ // for the join switch that interconnects per-node gateway routers with the cluster
+ // router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ // networks and can be configured independently to avoid overlaps with existing
+ // network infrastructure.
+ // Once set, the value is immutable and cannot be modified in subsequent updates.
// The default is fd98::/64.
// The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
// IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
index fcf358bb4449..ec878578bd82 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/AAA_ungated.yaml
@@ -3284,11 +3284,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3311,11 +3317,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
index 7177140bcf29..276613512fd7 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
@@ -3275,11 +3275,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3302,11 +3308,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
index 586020960033..c111a539ebde 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
@@ -3275,11 +3275,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3302,11 +3308,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
index 84bfc22ce3a9..63ce8ae49cf0 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDC.yaml
@@ -3607,11 +3607,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3634,11 +3640,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
index 4906d3b04e1a..3a8bf4aaf010 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
@@ -3747,11 +3747,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3774,11 +3780,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
index 4c22eda66569..3fe253d52502 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
@@ -3738,11 +3738,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3765,11 +3771,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
index 02a545dcae6f..738e08e623e2 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/GCPPlatform.yaml
@@ -3275,11 +3275,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3302,11 +3308,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
index fc8dd6c64bfe..7c30226df0d8 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HCPEtcdBackup.yaml
@@ -3340,11 +3340,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3367,11 +3373,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
index 3e89aee92e7e..52b64931802e 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
@@ -3297,11 +3297,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3324,11 +3330,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
index 55eb3916611c..a4cc247c18ae 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/ImageStreamImportMode.yaml
@@ -3293,11 +3293,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3320,11 +3326,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
index 4d1ae0061841..03ee4e9f7bb1 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/KMSEncryptionProvider.yaml
@@ -3351,11 +3351,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3378,11 +3384,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
index 417386cdc828..7c68a92ce8e9 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/OpenStack.yaml
@@ -3275,11 +3275,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3302,11 +3308,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
index ec9d79df1b26..b8ff95cd84bf 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedclusters.hypershift.openshift.io/TLSAdherence.yaml
@@ -3315,11 +3315,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3342,11 +3348,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
index a63aae3a138d..e3c89b9609dd 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/AAA_ungated.yaml
@@ -3172,11 +3172,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3199,11 +3205,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
index 3ac818564a52..29709065fff0 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterUpdateAcceptRisks.yaml
@@ -3163,11 +3163,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3190,11 +3196,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
index 6392cbb63591..3b41adadd270 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ClusterVersionOperatorConfiguration.yaml
@@ -3163,11 +3163,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3190,11 +3196,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
index e1d09b289692..928be05cc8b6 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDC.yaml
@@ -3495,11 +3495,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3522,11 +3528,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
index bfff7b0e315a..1839c9c409b9 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUIDAndExtraClaimMappings.yaml
@@ -3635,11 +3635,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3662,11 +3668,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
index 559aeaf08d0e..5ddb9bba3bbf 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ExternalOIDCWithUpstreamParity.yaml
@@ -3626,11 +3626,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3653,11 +3659,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
index 6b8fd15d1a54..25cdee2193ba 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/GCPPlatform.yaml
@@ -3163,11 +3163,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3190,11 +3196,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
index 73644a15a1e3..4507fc4ec999 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HCPEtcdBackup.yaml
@@ -3228,11 +3228,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3255,11 +3261,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
index 0e899b6f787f..e430dd8d5432 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/HyperShiftOnlyDynamicResourceAllocation.yaml
@@ -3185,11 +3185,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3212,11 +3218,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
index 86cf71e5a91c..c6af98a8c635 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/ImageStreamImportMode.yaml
@@ -3181,11 +3181,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3208,11 +3214,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
index 0d07ee6f1c89..de5ad436611a 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/KMSEncryptionProvider.yaml
@@ -3239,11 +3239,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3266,11 +3272,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
index 19e01915aad0..553b07e49abd 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/OpenStack.yaml
@@ -3163,11 +3163,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3190,11 +3196,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
index 3533c0c1f756..5a69cea1c336 100644
--- a/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
+++ b/api/hypershift/v1beta1/zz_generated.featuregated-crd-manifests/hostedcontrolplanes.hypershift.openshift.io/TLSAdherence.yaml
@@ -3203,11 +3203,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3230,11 +3236,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
index 8a82beadb8c3..49314345ef91 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-CustomNoUpgrade.crd.yaml
@@ -4106,11 +4106,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -4133,11 +4139,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
index 0c3035c524e5..1b5c8f9d2f5f 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-Default.crd.yaml
@@ -3776,11 +3776,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3803,11 +3809,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
index 43a32af6af58..94fea6d2dab1 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedclusters-Hypershift-TechPreviewNoUpgrade.crd.yaml
@@ -3977,11 +3977,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -4004,11 +4010,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
index 768305e0d4f2..700aefa382ec 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-CustomNoUpgrade.crd.yaml
@@ -3994,11 +3994,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -4021,11 +4027,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
index 390ae82a2000..ae537948064d 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-Default.crd.yaml
@@ -3664,11 +3664,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3691,11 +3697,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
index 7d7517af56a9..949dbbfa52e0 100644
--- a/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
+++ b/cmd/install/assets/crds/hypershift-operator/zz_generated.crd-manifests/hostedcontrolplanes-Hypershift-TechPreviewNoUpgrade.crd.yaml
@@ -3865,11 +3865,17 @@ spec:
rule: self == oldSelf
v4InternalSubnet:
description: |-
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ internal networks and can be configured independently to avoid overlaps with
+ existing network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -3892,11 +3898,17 @@ spec:
&& int(self.split('.')[0]) > 0
v6InternalSubnet:
description: |-
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- default one is being already used by something else. It must not overlap with
- any other subnet being used by OpenShift or by the node network. The size of the
- subnet must be larger than the number of nodes. Once set, the value is immutable
- and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ the OVN logical topology. It must not overlap with any other subnet being used
+ by OpenShift or by the node network. The size of the subnet must be larger than
+ the number of nodes.
+ This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ for the join switch that interconnects per-node gateway routers with the cluster
+ router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ networks and can be configured independently to avoid overlaps with existing
+ network infrastructure.
+ Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/docs/content/reference/aggregated-docs.md b/docs/content/reference/aggregated-docs.md
index a989a2ac26fa..7cb221db78cf 100644
--- a/docs/content/reference/aggregated-docs.md
+++ b/docs/content/reference/aggregated-docs.md
@@ -50342,11 +50342,17 @@ string
(Optional)
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
-default one is being already used by something else. It must not overlap with
-any other subnet being used by OpenShift or by the node network. The size of the
-subnet must be larger than the number of nodes. Once set, the value is immutable
-and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+router logical router port (LRP) addresses and masquerade/SNAT traffic within
+the OVN logical topology. It must not overlap with any other subnet being used
+by OpenShift or by the node network. The size of the subnet must be larger than
+the number of nodes.
+This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+for the join switch that interconnects per-node gateway routers with the cluster
+router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+internal networks and can be configured independently to avoid overlaps with
+existing network infrastructure.
+Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -50365,11 +50371,17 @@ string
|
(Optional)
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
-default one is being already used by something else. It must not overlap with
-any other subnet being used by OpenShift or by the node network. The size of the
-subnet must be larger than the number of nodes. Once set, the value is immutable
-and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+router logical router port (LRP) addresses and masquerade/SNAT traffic within
+the OVN logical topology. It must not overlap with any other subnet being used
+by OpenShift or by the node network. The size of the subnet must be larger than
+the number of nodes.
+This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+for the join switch that interconnects per-node gateway routers with the cluster
+router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+networks and can be configured independently to avoid overlaps with existing
+network infrastructure.
+Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md
index 5c0b3a27704f..e1bd8d287954 100644
--- a/docs/content/reference/api.md
+++ b/docs/content/reference/api.md
@@ -13942,11 +13942,17 @@ string
|
(Optional)
- v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
-default one is being already used by something else. It must not overlap with
-any other subnet being used by OpenShift or by the node network. The size of the
-subnet must be larger than the number of nodes. Once set, the value is immutable
-and cannot be modified in subsequent updates.
+ v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+router logical router port (LRP) addresses and masquerade/SNAT traffic within
+the OVN logical topology. It must not overlap with any other subnet being used
+by OpenShift or by the node network. The size of the subnet must be larger than
+the number of nodes.
+This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+for the join switch that interconnects per-node gateway routers with the cluster
+router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+internal networks and can be configured independently to avoid overlaps with
+existing network infrastructure.
+Once set, the value is immutable and cannot be modified in subsequent updates.
The default is 100.64.0.0/16.
The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -13965,11 +13971,17 @@ string
|
(Optional)
- v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
-default one is being already used by something else. It must not overlap with
-any other subnet being used by OpenShift or by the node network. The size of the
-subnet must be larger than the number of nodes. Once set, the value is immutable
-and cannot be modified in subsequent updates.
+ v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+router logical router port (LRP) addresses and masquerade/SNAT traffic within
+the OVN logical topology. It must not overlap with any other subnet being used
+by OpenShift or by the node network. The size of the subnet must be larger than
+the number of nodes.
+This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+for the join switch that interconnects per-node gateway routers with the cluster
+router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+networks and can be configured independently to avoid overlaps with existing
+network infrastructure.
+Once set, the value is immutable and cannot be modified in subsequent updates.
The default is fd98::/64.
The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
IPv6 address followed by a slash and a prefix length. The prefix length must
diff --git a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
index 0b58a6a51092..5c4160fb257a 100644
--- a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
+++ b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
@@ -118,11 +118,17 @@ type OVNKubernetesConfig struct {
// +optional
MTU int32 `json:"mtu,omitempty"`
- // v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the
- // default one is being already used by something else. It must not overlap with
- // any other subnet being used by OpenShift or by the node network. The size of the
- // subnet must be larger than the number of nodes. Once set, the value is immutable
- // and cannot be modified in subsequent updates.
+ // v4InternalSubnet configures the IPv4 subnet used by OVN-Kubernetes for gateway
+ // router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ // the OVN logical topology. It must not overlap with any other subnet being used
+ // by OpenShift or by the node network. The size of the subnet must be larger than
+ // the number of nodes.
+ // This field is distinct from ipv4.internalJoinSubnet, which configures the subnet
+ // for the join switch that interconnects per-node gateway routers with the cluster
+ // router. Both default to 100.64.0.0/16 but control different OVN-Kubernetes
+ // internal networks and can be configured independently to avoid overlaps with
+ // existing network infrastructure.
+ // Once set, the value is immutable and cannot be modified in subsequent updates.
// The default is 100.64.0.0/16.
// The value must be in IPv4 CIDR notation (e.g., 192.168.0.0/16), consisting of
// four decimal octets (0-255) separated by dots, followed by a slash and a prefix
@@ -139,11 +145,17 @@ type OVNKubernetesConfig struct {
// +optional
V4InternalSubnet string `json:"v4InternalSubnet,omitempty"`
- // v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the
- // default one is being already used by something else. It must not overlap with
- // any other subnet being used by OpenShift or by the node network. The size of the
- // subnet must be larger than the number of nodes. Once set, the value is immutable
- // and cannot be modified in subsequent updates.
+ // v6InternalSubnet configures the IPv6 subnet used by OVN-Kubernetes for gateway
+ // router logical router port (LRP) addresses and masquerade/SNAT traffic within
+ // the OVN logical topology. It must not overlap with any other subnet being used
+ // by OpenShift or by the node network. The size of the subnet must be larger than
+ // the number of nodes.
+ // This field is distinct from ipv6.internalJoinSubnet, which configures the subnet
+ // for the join switch that interconnects per-node gateway routers with the cluster
+ // router. Both default to fd98::/64 but control different OVN-Kubernetes internal
+ // networks and can be configured independently to avoid overlaps with existing
+ // network infrastructure.
+ // Once set, the value is immutable and cannot be modified in subsequent updates.
// The default is fd98::/64.
// The value must be in IPv6 CIDR notation (e.g., fd98::/64), consisting of an
// IPv6 address followed by a slash and a prefix length. The prefix length must
|