diff --git a/go.mod b/go.mod
index 83d147a61da7db79a5df9f96ab9f6bf513313029..cdaa4d911390ec43b8ddbaa4b191e67dd9dc7afc 100644
--- a/go.mod
+++ b/go.mod
@@ -14,7 +14,7 @@ require (
github.com/mdlayher/ethernet v0.0.0-20220221185849-529eae5b6118
github.com/netobserv/flowlogs-pipeline v1.7.0-community.0.20241217113023-fa0540a1658e
github.com/netobserv/gopipes v0.3.0
- github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250116185920-20e7a0e40c93
+ github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250215040159-dd2a70c928d3
github.com/paulbellamy/ratecounter v0.2.0
github.com/prometheus/client_golang v1.20.5
github.com/segmentio/kafka-go v0.4.47
diff --git a/go.sum b/go.sum
index be6453e594e2a9918f38aab722c0df31e14f9f40..ff5254e80c16f8fe9562214b0af48f161a342dea 100644
--- a/go.sum
+++ b/go.sum
@@ -749,8 +749,8 @@ github.com/openzipkin/zipkin-go v0.2.1/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnh
github.com/openzipkin/zipkin-go v0.2.2/go.mod h1:NaW6tEwdmWMaCDZzg8sh+IBNOxHMPnhQw8ySjnjRyN4=
github.com/ovn-org/libovsdb v0.7.1-0.20240820095311-ce1951614a20 h1:OoDvzyaK7F/ZANIIFOgb4Haj7mye3Hle0fYZZNdidSs=
github.com/ovn-org/libovsdb v0.7.1-0.20240820095311-ce1951614a20/go.mod h1:dJbxEaalQl83nn904K32FaMjlH/qOObZ0bj4ejQ78AI=
-github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250116185920-20e7a0e40c93 h1:BJxeBVZvLEOOz7TswGbJFC60uOFpqUyJBHp7wvmdVIM=
-github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250116185920-20e7a0e40c93/go.mod h1:9LxDV3rAHlGHAYtVrT62y/fqfIxc5RrDiYi9RVeD0gg=
+github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250215040159-dd2a70c928d3 h1:tXdBJx1z7CYnjWCQnT6kBbI2LJd5XlDrIymIsxGWPF8=
+github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250215040159-dd2a70c928d3/go.mod h1:MzFM3OEsLM2w/4MBMOCsxGR6ZBUvJfOxvQHB8LIKSv4=
github.com/pact-foundation/pact-go v1.0.4/go.mod h1:uExwJY4kCzNPcHRj+hCR/HBbOOIwwtUjcrb0b5/5kLM=
github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc=
diff --git a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model/network_event.go b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model/network_event.go
index 00fb19fcfd91731085bd10e30200100705039418..3a10bdbcf3ec943d4be6ebae7bd2f2f7df197590 100644
--- a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model/network_event.go
+++ b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model/network_event.go
@@ -2,9 +2,30 @@ package model
import (
"fmt"
+)
+
+const (
+ // Constants are duplicated to minimize dependencies
+ // When adding constants here, add them in network_event_test.go too
+
+ // libovsdb constants: see also github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdb/ops
+ egressFirewallOwnerType = "EgressFirewall"
+ adminNetworkPolicyOwnerType = "AdminNetworkPolicy"
+ baselineAdminNetworkPolicyOwnerType = "BaselineAdminNetworkPolicy"
+ networkPolicyOwnerType = "NetworkPolicy"
+ multicastNamespaceOwnerType = "MulticastNS"
+ multicastClusterOwnerType = "MulticastCluster"
+ netpolNodeOwnerType = "NetpolNode"
+ netpolNamespaceOwnerType = "NetpolNamespace"
+ udnIsolationOwnerType = "UDNIsolation"
- libovsdbops "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdb/ops"
- "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/nbdb"
+ // nbdb constants: see also github.com/ovn-org/ovn-kubernetes/go-controller/pkg/nbdb
+ aclActionAllow = "allow"
+ aclActionAllowRelated = "allow-related"
+ aclActionAllowStateless = "allow-stateless"
+ aclActionDrop = "drop"
+ aclActionReject = "reject"
+ aclActionPass = "pass"
)
type NetworkEvent interface {
@@ -23,38 +44,38 @@ type ACLEvent struct {
func (e *ACLEvent) String() string {
var action string
switch e.Action {
- case nbdb.ACLActionAllow, nbdb.ACLActionAllowRelated, nbdb.ACLActionAllowStateless:
+ case aclActionAllow, aclActionAllowRelated, aclActionAllowStateless:
action = "Allowed"
- case nbdb.ACLActionDrop:
+ case aclActionDrop:
action = "Dropped"
- case nbdb.ACLActionPass:
+ case aclActionPass:
action = "Delegated to network policy"
default:
action = "Action " + e.Action
}
var msg string
switch e.Actor {
- case libovsdbops.AdminNetworkPolicyOwnerType:
+ case adminNetworkPolicyOwnerType:
msg = fmt.Sprintf("admin network policy %s, direction %s", e.Name, e.Direction)
- case libovsdbops.BaselineAdminNetworkPolicyOwnerType:
+ case baselineAdminNetworkPolicyOwnerType:
msg = fmt.Sprintf("baseline admin network policy %s, direction %s", e.Name, e.Direction)
- case libovsdbops.MulticastNamespaceOwnerType:
+ case multicastNamespaceOwnerType:
msg = fmt.Sprintf("multicast in namespace %s, direction %s", e.Namespace, e.Direction)
- case libovsdbops.MulticastClusterOwnerType:
+ case multicastClusterOwnerType:
msg = fmt.Sprintf("cluster multicast policy, direction %s", e.Direction)
- case libovsdbops.NetpolNodeOwnerType:
+ case netpolNodeOwnerType:
msg = fmt.Sprintf("default allow from local node policy, direction %s", e.Direction)
- case libovsdbops.NetworkPolicyOwnerType:
+ case networkPolicyOwnerType:
if e.Namespace != "" {
msg = fmt.Sprintf("network policy %s in namespace %s, direction %s", e.Name, e.Namespace, e.Direction)
} else {
msg = fmt.Sprintf("network policy %s, direction %s", e.Name, e.Direction)
}
- case libovsdbops.NetpolNamespaceOwnerType:
+ case netpolNamespaceOwnerType:
msg = fmt.Sprintf("network policies isolation in namespace %s, direction %s", e.Namespace, e.Direction)
- case libovsdbops.EgressFirewallOwnerType:
+ case egressFirewallOwnerType:
msg = fmt.Sprintf("egress firewall in namespace %s", e.Namespace)
- case libovsdbops.UDNIsolationOwnerType:
+ case udnIsolationOwnerType:
msg = fmt.Sprintf("UDN isolation of type %s", e.Name)
}
return fmt.Sprintf("%s by %s", action, msg)
diff --git a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/sampledecoder/sample_decoder.go b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/sampledecoder/sample_decoder.go
index 0642e795b8e87b4e5c9ad02d7191853451659260..0beb41f9b5c9c5c4fc10d9476ec6d45cffa165ae 100644
--- a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/sampledecoder/sample_decoder.go
+++ b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/sampledecoder/sample_decoder.go
@@ -292,10 +292,13 @@ func (d *SampleDecoder) DeleteCollector(collectorID int) error {
return err
}
-// This is a copy of the ParseNetworkName function from go-controller/pkg/clustermanager/userdefinednetwork/template/net-attach-def-template.go
+// This is a copy of the ParseNetworkName function from go-controller/pkg/util/multi_network.go
// We need to copy it to optimize dependencies of observability-lib.
func ParseNetworkName(networkName string) (udnNamespace, udnName string) {
- parts := strings.Split(networkName, ".")
+ if strings.HasPrefix(networkName, "cluster_udn_") {
+ return "", networkName[len("cluster_udn_"):]
+ }
+ parts := strings.Split(networkName, "_")
if len(parts) == 2 {
return parts[0], parts[1]
}
diff --git a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config/config.go b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config/config.go
index 1f601153fe6764b7ba6753f584fb9e62b2ad19b4..2759f071f2bca0a4f141fd6f205c36dd6b7411d2 100644
--- a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config/config.go
+++ b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/config/config.go
@@ -460,6 +460,7 @@ type GatewayConfig struct {
// NodeportEnable sets whether to provide Kubernetes NodePort service or not
NodeportEnable bool `gcfg:"nodeport"`
// DisableSNATMultipleGws sets whether to disable SNAT of egress traffic in namespaces annotated with routing-external-gws
+ // only applicable to the default network not for UDNs
DisableSNATMultipleGWs bool `gcfg:"disable-snat-multiple-gws"`
// V4JoinSubnet to be used in the cluster
V4JoinSubnet string `gcfg:"v4-join-subnet"`
@@ -661,6 +662,12 @@ func PrepareTestConfig() error {
return err
}
+ // set klog level here as some tests will not call InitConfig
+ var level klog.Level
+ if err := level.Set(strconv.Itoa(Logging.Level)); err != nil {
+ return fmt.Errorf("failed to set klog log level %v", err)
+ }
+
// Don't pick up defaults from the environment
os.Unsetenv("KUBECONFIG")
os.Unsetenv("K8S_CACERT")
diff --git a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdb/ops/lbgroup.go b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdb/ops/lbgroup.go
index 854c8f2b2d588a672cdcdf8f683fbbfe97a7ff62..71517cb9c04d3e1487a27e7f8c7d84aa9997cd1a 100644
--- a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdb/ops/lbgroup.go
+++ b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/libovsdb/ops/lbgroup.go
@@ -2,7 +2,6 @@ package ops
import (
"context"
-
libovsdbclient "github.com/ovn-org/libovsdb/client"
"github.com/ovn-org/libovsdb/ovsdb"
libovsdb "github.com/ovn-org/libovsdb/ovsdb"
@@ -30,6 +29,35 @@ func CreateOrUpdateLoadBalancerGroupOps(nbClient libovsdbclient.Client, ops []ov
return ops, nil
}
+// DeleteLoadBalancerGroupsOps DeleteLoadBalncerGroupOps creates the operations for deleting load balancer groups
+func DeleteLoadBalancerGroupsOps(nbClient libovsdbclient.Client, ops []libovsdb.Operation, groups ...*nbdb.LoadBalancerGroup) ([]ovsdb.Operation, error) {
+ opModels := make([]operationModel, 0, len(groups))
+ for i := range groups {
+ // can't use i in the predicate, for loop replaces it in-memory
+ lb := groups[i]
+ opModel := operationModel{
+ Model: lb,
+ ErrNotFound: false,
+ BulkOp: false,
+ }
+ opModels = append(opModels, opModel)
+ }
+
+ modelClient := newModelClient(nbClient)
+ return modelClient.DeleteOps(ops, opModels...)
+}
+
+// DeleteLoadBalancerGroups deletes the provided load balancer groups
+func DeleteLoadBalancerGroups(nbClient libovsdbclient.Client, groups []*nbdb.LoadBalancerGroup) error {
+ ops, err := DeleteLoadBalancerGroupsOps(nbClient, nil, groups...)
+ if err != nil {
+ return err
+ }
+
+ _, err = TransactAndCheck(nbClient, ops)
+ return err
+}
+
// AddLoadBalancersToGroupOps adds the provided load balancers to the provided
// group and returns the corresponding ops
func AddLoadBalancersToGroupOps(nbClient libovsdbclient.Client, ops []libovsdb.Operation, group *nbdb.LoadBalancerGroup, lbs ...*nbdb.LoadBalancer) ([]libovsdb.Operation, error) {
diff --git a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types/const.go b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types/const.go
index 9c6afae5bae5f7f375fab5cbc03fd6ddbebd890f..8de44967fe7dbcd29b5523c88ea855bf2ba73c2a 100644
--- a/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types/const.go
+++ b/vendor/github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types/const.go
@@ -123,14 +123,14 @@ const (
EndpointSliceMirrorControllerName = "endpointslice-mirror-controller.k8s.ovn.org"
// EndpointSliceDefaultControllerName default kubernetes EndpointSlice controller name (used as a value for the "endpointslice.kubernetes.io/managed-by" label)
EndpointSliceDefaultControllerName = "endpointslice-controller.k8s.io"
- // LabelSourceEndpointSlice label key used in mirrored EndpointSlice
+ // SourceEndpointSliceAnnotation key used in mirrored EndpointSlice
// that has the value of the default EndpointSlice name
- LabelSourceEndpointSlice = "k8s.ovn.org/source-endpointslice"
+ SourceEndpointSliceAnnotation = "k8s.ovn.org/source-endpointslice"
// LabelSourceEndpointSliceVersion label key used in mirrored EndpointSlice
// that has the value of the last known default EndpointSlice ResourceVersion
LabelSourceEndpointSliceVersion = "k8s.ovn.org/source-endpointslice-version"
- // LabelUserDefinedEndpointSliceNetwork label key used in mirrored EndpointSlices that contains the current primary user defined network name
- LabelUserDefinedEndpointSliceNetwork = "k8s.ovn.org/endpointslice-network"
+ // UserDefinedNetworkEndpointSliceAnnotation key used in mirrored EndpointSlices that contains the current primary user defined network name
+ UserDefinedNetworkEndpointSliceAnnotation = "k8s.ovn.org/endpointslice-network"
// LabelUserDefinedServiceName label key used in mirrored EndpointSlices that contains the service name matching the EndpointSlice
LabelUserDefinedServiceName = "k8s.ovn.org/service-name"
@@ -215,6 +215,8 @@ const (
LoadBalancerOwnerExternalID = OvnK8sPrefix + "/" + "owner"
// key for UDN enabled services routes
UDNEnabledServiceExternalID = OvnK8sPrefix + "/" + "udn-enabled-default-service"
+ // RequiredUDNNamespaceLabel is the required namespace label for enabling primary UDNs
+ RequiredUDNNamespaceLabel = "k8s.ovn.org/primary-user-defined-network"
// different secondary network topology type defined in CNI netconf
Layer3Topology = "layer3"
@@ -226,12 +228,13 @@ const (
NetworkRolePrimary = "primary"
NetworkRoleSecondary = "secondary"
NetworkRoleDefault = "default"
- // defined internally by ovnkube to recognize "default"
- // network's role as a "infrastructure-locked" network
- // when user defined network is the primary network for
- // the pod which makes "default" network niether primary
+ // NetworkRoleInfrastructure is defined internally by ovnkube to recognize "default"
+ // network's role as an "infrastructure-locked" network
+ // when a user defined network is the primary network for
+ // the pod which makes "default" network neither primary
// nor secondary
NetworkRoleInfrastructure = "infrastructure-locked"
+ NetworkRoleNone = "none"
// db index keys
// PrimaryIDKey is used as a primary client index
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 507cc3e00c4574fda49250a415171fccbfefa721..1d688dc6742dca21c18e6276b6796d065f5b824b 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -357,7 +357,7 @@ github.com/ovn-org/libovsdb/model
github.com/ovn-org/libovsdb/ovsdb
github.com/ovn-org/libovsdb/ovsdb/serverdb
github.com/ovn-org/libovsdb/updates
-# github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250116185920-20e7a0e40c93
+# github.com/ovn-org/ovn-kubernetes/go-controller v0.0.0-20250215040159-dd2a70c928d3
## explicit; go 1.22.0
github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/model
github.com/ovn-org/ovn-kubernetes/go-controller/observability-lib/ovsdb