NP-764: Enable no uplink OVN-K gateway bridge mode

[pliurh]

Use no uplink OVN-K gateway bridge to decouple br-ex from host physical interface.
Use ovs-vsctl to create br-ex bridge instead of NM, as we don't need to run DHCP client for br-ex interface anymore.

[dhellmann]

@pliurh I think that if you rebase this PR on the HEAD of the main branch we will get better results from the CI jobs.

[pliurh]

/retest

[pliurh]

/retest

[pliurh]

/retest

[anuragthehatter]

/hold

This is failing on QE Ushift clusters causing node to go into NOTREADY state with error
container runtime network not ready: NetworkReady=false reason:NetworkPluginNotReady message:Network plugin returns error: No CNI configuration file in /etc/cni/net.d/.

10-ovn-kubernetes.conf is absent under /etc/cni/net.d/

[pliurh]

/retest

[pmtk]

/retest

[pmtk]

Today's rebase brought in changes for amd64 (it seems that we already had them for arm - introduced in 2023-06-15-173508, we had 2023-06-16-015443)

- ovn-kubernetes image-amd64 23c67c62ed1d912387791a1d8eb422b367c422dc to 5217351470aaa77bcfca04a1b6ee1ebf2bfbe7d9
  - eacdaa7 2023-06-13T09:44:38+02:00 Validate port before deleting conntrack flow
  - d829d7d 2023-06-13T09:44:21+02:00 Use no-uplink gateway bridge in compact-mode e2e test
  - f764a79 2023-06-13T09:44:16+02:00 Allow external gateway bridge without uplink port In local gateway mode

[pmtk]

some infra problems
/retest

[pmtk]

/test e2e-openshift-conformance-reduced

[pliurh]

Several other comments besides the inline ones:

1. shall we deprecate the "gatewayInterface" in this PR?

Yes.

2. we should no longer need to listen on the "br-ex" interface in the mdns controller.

Agree.

3. do we "need to" consider upgrade from default ovnk to no-uplink ovnk?

The configure-ovs.sh will handle the upgrade scenario. It will remove the NM config files and the OVS bridges and ports, then create br-ex with ovs-vsctl command.

[zshi-redhat]

In a fresh deployment, the service address will always be assigned to loopback device since this node network configuration runs before the InfrastructureServices controller (where CNI is started). Is it expected?

[pliurh]

/retest

[zshi-redhat]

@jcaamano Could you also take a look?
This is about integrating no-uplink ovnk gateway change in microshift, specifically the configure-ovs.sh script is updated to handle upgrade from uplink NM settings to no-uplink NM settings.

[openshift-ci-robot]

@pliurh: This pull request references NP-764 which is a valid jira issue.

Details

In response to this:

Use no uplink OVN-K gateway bridge to decouple br-ex from host physical interface.
Use ovs-vsctl to create br-ex bridge instead of NM, as we don't need to run DHCP client for br-ex interface anymore.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pliurh]

/unhold

[jcaamano]

@jcaamano Could you also take a look? This is about integrating no-uplink ovnk gateway change in microshift, specifically the configure-ovs.sh script is updated to handle upgrade from uplink NM settings to no-uplink NM settings.

That part LGTM, just that small comment

[pmtk]

LGTM

I also verified upgrade from 4.13 to (this+#1957) and worked perfectly

[pliurh]

/retest

[zshi-redhat]

/retest

[pmtk]

/retest

[zshi-redhat]

/test e2e-openshift-conformance-reduced-arm

[dhellmann]

This version looks good and seems to be passing the tests now that the topolvm image issue is resolved. I have one comment about some documentation, but that can (and probably should) be addressed in a simple follow-up PR, rather than requiring another iteration on this one.

The ARM tests are still a bit flakey for reasons outside of our control, so if those fail we can still merge this, unless you have reason to think the failure is related to the code.

@zshi-redhat do you want to apply the LGTM when you're happy?

[dhellmann]

The details in this comment thread are an important part of the design. Are they written down somewhere? If not, could you add them in a comment in this function, please? You can use a follow-up PR, since this one looks like it is almost ready to be merged.

[zshi-redhat]

This version looks good and seems to be passing the tests now that the topolvm image issue is resolved. I have one comment about some documentation, but that can (and probably should) be addressed in a simple follow-up PR, rather than requiring another iteration on this one.

@pliurh please file a followup PR for the documentation change.

The ARM tests are still a bit flakey for reasons outside of our control, so if those fail we can still merge this, unless you have reason to think the failure is related to the code.

agree, looking at the job history, it has 4 pass in May and zero pass in June. And the failed tests are different in each run. I will go ahead and lgtm the PR.

@zshi-redhat do you want to apply the LGTM when you're happy?

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: pliurh, zshi-redhat

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [pliurh,zshi-redhat]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@pliurh: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-openshift-conformance-reduced-arm	e3fc6b9	link	false	/test e2e-openshift-conformance-reduced-arm

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.