[release-4.22] NVIDIA-554: DPU-host mode: use ConfigMap for OVN feature enablement instead of per-node script gating#3029
Conversation
The OVN config map templates had broken conditional logic around enable-multi-network: the self-hosted template used "if not .OVN_MULTI_NETWORK_ENABLE" (inverted), while the managed template had both "if" and "if not" branches — resulting in enable-multi-network=true being emitted regardless of the flag. Replace these broken conditionals with unconditional enable-multi-network=true, remove the OVN_MULTI_NETWORK_ENABLE template variable from the Go code, and decouple OVN_MULTI_NETWORK_POLICY_ENABLE from DisableMultiNetwork so that UseMultiNetworkPolicy is always respected. DisableMultiNetwork continues to control Multus deployment in render.go / multus.go — only the OVN feature-flag plumbing is removed here. Made-with: Cursor
…nstead of per-node script gating All OVN-Kubernetes features (egress IP, egress firewall, multicast, multi-network, admin network policy, multi-external-gateway, etc.) are now enabled in DPU-host mode. The OVN controller on DPU-host nodes processes the configuration but does not offload egress IP datapath — traffic follows the regular kernel path instead. Because these features are safe to enable cluster-wide, the per-node gating logic in the startup script (008-script-lib.yaml) is no longer needed. Feature flags are managed solely through the cluster-wide ConfigMap (004-config.yaml) passed to ovnkube via --config-file. OVN_NODE_MODE remains used only for DPU-host structural differences: gateway interface selection, --ovnkube-node-mode flag, and disabling init-ovnkube-controller. Also removes the redundant network_connect_enabled_flag CLI flag from the node startup script — enable-network-connect is already managed through the ConfigMap. Made-with: Cursor
Remove enable-multicast=true from ovnkube config maps and pass it directly as --enable-multicast on the ovnkube CLI for node and control plane processes (both self-hosted and managed). Made-with: Cursor
openshift-ci-robot
added
the
jira/valid-reference
|
@tsorya: This pull request references NVIDIA-554 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository: openshift/coderabbit/.coderabbit.yaml Review profile: CHILL Plan: Enterprise Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: tsorya The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
/payload 4.22 ci blocking |
|
@tsorya: trigger 5 job(s) of type blocking for the ci release of OCP 4.22
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a4a60830-65b0-11f1-9f2f-8c97b3c486fd-0 trigger 13 job(s) of type blocking for the nightly release of OCP 4.22
See details on https://pr-payload-tests.ci.openshift.org/runs/ci/a4a60830-65b0-11f1-9f2f-8c97b3c486fd-1 |
|
@arkadeepsen can i get a review here please |
|
/cc @arkadeepsen |
|
/retest |
|
@tsorya: The following tests failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
2 participants
This is a cherry-pick of #2944 to release-4.22.
Conflicts resolved against #3028 (runtime detection of --enable-interconnect).
Supersedes #2997 which had stale merge conflicts.
Resolved conflicts in:
Conflict 1 — Commit 2/3 (NVIDIA-554: DPU-host mode...):
bindata/network/ovn-kubernetes/managed/ovnkube-control-plane.yaml — kept the ${enable_interconnect_flag} runtime detection block, removed the other per-node flag variables that moved to ConfigMap.
Conflict 2 — Commit 3/3 (OCPBUGS-78731: Move enable-multicast...):
bindata/network/ovn-kubernetes/common/008-script-lib.yaml (line ~735)
bindata/network/ovn-kubernetes/managed/ovnkube-control-plane.yaml (line ~206)
bindata/network/ovn-kubernetes/self-hosted/ovnkube-control-plane.yaml (line ~162)
/assign tsorya