Skip to content

NETOBSERV-2484: improve ovn subnets detection #2169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jotak merged 7 commits into from
Dec 5, 2025
Merged

NETOBSERV-2484: improve ovn subnets detection #2169

jotak merged 7 commits into from
Dec 5, 2025

Conversation

@jotak
Copy link
Member

@jotak jotak commented Nov 20, 2025

Description

  • Check for internal/masquerade/transitswitch subnets
  • Add API server

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
    • If so, make sure the JIRA epic is labeled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
    • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
    • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
    • Standard QE validation, with pre-merge tests unless stated otherwise.
    • Regression tests only (e.g. refactoring with no user-facing change).
    • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

@openshift-ci
Copy link

openshift-ci bot commented Nov 20, 2025

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Nov 20, 2025
edited by openshift-ci bot
Loading

@jotak: This pull request references NETOBSERV-2484 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.21.0" version, but no target version was set.

In response to this:

Description

  • Check for internal/masquerade/transitswitch subnets
  • Add API server

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labeled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@codecov
Copy link

codecov bot commented Nov 20, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 52.50000% with 57 lines in your changes missing coverage. Please review.
✅ Project coverage is 73.29%. Comparing base (8b929d7) to head (1c64baf).
⚠️ Report is 18 commits behind head on main.

Files with missing lines Patch % Lines
internal/controller/flp/detect_subnets.go 48.18% 44 Missing and 13 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2169      +/-   ##
==========================================
+ Coverage   73.24%   73.29%   +0.05%     
==========================================
  Files          82       84       +2     
  Lines        9339     9391      +52     
==========================================
+ Hits         6840     6883      +43     
- Misses       2075     2085      +10     
+ Partials      424      423       -1
Flag Coverage Δ
unittests 73.29% <52.50%> (+0.05%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
internal/controller/flp/flp_controller.go 78.44% <ø> (+12.35%) ⬆️
internal/controller/networkpolicy/np_controller.go 82.60% <100.00%> (ø)
internal/controller/networkpolicy/np_objects.go 93.14% <100.00%> (-0.27%) ⬇️
internal/pkg/cluster/apiserver_endpoint.go 42.00% <100.00%> (ø)
internal/pkg/helper/ip.go 100.00% <100.00%> (ø)
internal/pkg/manager/manager.go 66.66% <ø> (ø)
internal/controller/flp/detect_subnets.go 48.18% <48.18%> (ø)

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

OlivierCazade
OlivierCazade reviewed Nov 21, 2025
View reviewed changes
OlivierCazade
OlivierCazade approved these changes Nov 24, 2025
View reviewed changes
Copy link
Contributor

@OlivierCazade OlivierCazade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@openshift-ci openshift-ci bot added the lgtm label Nov 24, 2025
@openshift-ci openshift-ci bot removed the lgtm label Dec 3, 2025
@openshift-ci
Copy link

openshift-ci bot commented Dec 3, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from oliviercazade. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jotak jotak marked this pull request as ready for review December 3, 2025 15:28
@jotak jotak added the needs-review Tells that the PR needs a review label Dec 3, 2025
@jotak jotak removed the needs-review Tells that the PR needs a review label Dec 4, 2025
OlivierCazade
OlivierCazade approved these changes Dec 4, 2025
View reviewed changes
Copy link
Contributor

@OlivierCazade OlivierCazade left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@openshift-ci openshift-ci bot added the lgtm label Dec 4, 2025
jpinsonneau
jpinsonneau reviewed Dec 4, 2025
View reviewed changes
internal/controller/flp/detect_subnets.go
Comment on lines +164 to +177
internalSubnet := "100.64.0.0/16"
transitSwitchSubnet := "100.88.0.0/16"
masqueradeSubnet := "169.254.0.0/17"
ovnk := networkOp.Spec.DefaultNetwork.OVNKubernetesConfig
if ovnk != nil {
if ovnk.V4InternalSubnet != "" {
internalSubnet = ovnk.V4InternalSubnet
}
if ovnk.IPv4 != nil && ovnk.IPv4.InternalTransitSwitchSubnet != "" {
transitSwitchSubnet = ovnk.IPv4.InternalTransitSwitchSubnet
}
if ovnk.GatewayConfig != nil && ovnk.GatewayConfig.IPv4.InternalMasqueradeSubnet != "" {
masqueradeSubnet = ovnk.GatewayConfig.IPv4.InternalMasqueradeSubnet
}
Copy link
Contributor

@jpinsonneau jpinsonneau Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can't we import https://raw.githubusercontent.com/openshift/cluster-network-operator/refs/heads/master/pkg/network/ovn_kubernetes.go here ?

So at some point if their defaults or CR changes, we'll be updated automatically.

Copy link
Member Author

@jotak jotak Dec 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Those constants aren't exported.
Also, if they change, we will have a bigger problem anyway, because that would be tied to the openshift version, so we would have to write specific code anyway. I just hope it won't change :-)

Copy link
Member Author

@jotak jotak Dec 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm merging it, as this is approved - let me know if it's not satisfying, we can still have follow-ups

Copy link
Contributor

@jpinsonneau jpinsonneau Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GetInternalSubnets function is public if you want to import that in the future 😉

Copy link
Member Author

@jotak jotak Dec 8, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes but like I said it doesn't really help, as we need to support past ovn versions, we will always need some hardcoding if the IPs change

@Amoghrd
Copy link
Member

Amoghrd commented Dec 4, 2025

/ok-to-test

@openshift-ci openshift-ci bot added the ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. label Dec 4, 2025
@github-actions
Copy link

github-actions bot commented Dec 4, 2025

New images:

  • quay.io/netobserv/network-observability-operator:b17bfde
  • quay.io/netobserv/network-observability-operator-bundle:v0.0.0-sha-b17bfde
  • quay.io/netobserv/network-observability-operator-catalog:v0.0.0-sha-b17bfde

They will expire after two weeks.

To deploy this build:

# Direct deployment, from operator repo
IMAGE=quay.io/netobserv/network-observability-operator:b17bfde make deploy

# Or using operator-sdk
operator-sdk run bundle quay.io/netobserv/network-observability-operator-bundle:v0.0.0-sha-b17bfde

Or as a Catalog Source:

apiVersion: operators.coreos.com/v1alpha1
kind: CatalogSource
metadata:
  name: netobserv-dev
  namespace: openshift-marketplace
spec:
  sourceType: grpc
  image: quay.io/netobserv/network-observability-operator-catalog:v0.0.0-sha-b17bfde
  displayName: NetObserv development catalog
  publisher: Me
  updateStrategy:
    registryPoll:
      interval: 1m

@Amoghrd
Copy link
Member

Amoghrd commented Dec 4, 2025

/label qe-approved

@openshift-ci openshift-ci bot added the qe-approved QE has approved this pull request label Dec 4, 2025
@openshift-ci-robot
Copy link
Collaborator

openshift-ci-robot commented Dec 4, 2025
edited by openshift-ci bot
Loading

@jotak: This pull request references NETOBSERV-2484 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.21.0" version, but no target version was set.

In response to this:

Description

  • Check for internal/masquerade/transitswitch subnets
  • Add API server

Dependencies

n/a

Checklist

If you are not familiar with our processes or don't know what to answer in the list below, let us know in a comment: the maintainers will take care of that.

  • Is this PR backed with a JIRA ticket? If so, make sure it is written as a title prefix (in general, PRs affecting the NetObserv/Network Observability product should be backed with a JIRA ticket - especially if they bring user facing changes).
  • Does this PR require product documentation?
  • If so, make sure the JIRA epic is labeled with "documentation" and provides a description relevant for doc writers, such as use cases or scenarios. Any required step to activate or configure the feature should be documented there, such as new CRD knobs.
  • Does this PR require a product release notes entry?
  • If so, fill in "Release Note Text" in the JIRA.
  • Is there anything else the QE team should know before testing? E.g: configuration changes, environment setup, etc.
  • If so, make sure it is described in the JIRA ticket.
  • QE requirements (check 1 from the list):
  • Standard QE validation, with pre-merge tests unless stated otherwise.
  • Regression tests only (e.g. refactoring with no user-facing change).
  • No QE (e.g. trivial change with high reviewer's confidence, or per agreement with the QE team).

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@jotak jotak merged commit 49a77da into netobserv:main Dec 5, 2025
17 of 18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jpinsonneau jpinsonneau jpinsonneau left review comments

@OlivierCazade OlivierCazade OlivierCazade approved these changes

Assignees

@OlivierCazade OlivierCazade

Labels

jira/valid-reference lgtm ok-to-test To set manually when a PR is safe to test. Triggers image build on PR. qe-approved QE has approved this pull request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@jotak @openshift-ci-robot @Amoghrd @OlivierCazade @jpinsonneau