@@ -3283,6 +3283,50 @@ spec:
32833283 layer2 :
32843284 description : Layer2 is the Layer2 topology configuration.
32853285 properties :
3286+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3287+ defaultGatewayIPs :
3288+ description : |-
3289+ defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology.
3290+
3291+ Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed.
3292+ This field is only allowed for "Primary" network.
3293+ It is not recommended to set this field without explicit need and understanding of the OVN network topology.
3294+ When omitted, an IP from network subnet is used.
3295+ items :
3296+ type : string
3297+ x-kubernetes-validations :
3298+ - message : IP is invalid
3299+ rule : isIP(self)
3300+ maxItems : 2
3301+ minItems : 1
3302+ type : array
3303+ x-kubernetes-validations :
3304+ - message : When 2 IPs are set, they must be from different IP
3305+ families
3306+ rule : size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) ||
3307+ ip(self[0]).family() != ip(self[1]).family()
3308+ infrastructureSubnets :
3309+ description : |-
3310+ infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure.
3311+ Any IP addresses within these ranges cannot be assigned to workloads.
3312+ When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs.
3313+ When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs.
3314+ When `reservedSubnets` is also specified the CIDRs cannot overlap.
3315+ When `defaultGatewayIPs` is also specified the default gateway IPs must belong to one of the CIDRs.
3316+ Each item should be in range of the specified CIDR(s) in `subnets`.
3317+ The maximum number of entries allowed is 10.
3318+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3319+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3320+ items :
3321+ maxLength : 43
3322+ type : string
3323+ x-kubernetes-validations :
3324+ - message : CIDR is invalid
3325+ rule : isCIDR(self)
3326+ maxItems : 10
3327+ minItems : 1
3328+ type : array
3329+ {{- end }}
32863330 ipam :
32873331 description : IPAM section contains IPAM-related configuration
32883332 for the network.
@@ -3349,6 +3393,26 @@ spec:
33493393 maximum : 65536
33503394 minimum : 576
33513395 type : integer
3396+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3397+ reservedSubnets :
3398+ description : |-
3399+ reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation.
3400+ reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment.
3401+ IPs from these ranges can still be requested through static IP assignment in pod annotations.
3402+ Each item should be in range of the specified CIDR(s) in `subnets`.
3403+ The maximum number of entries allowed is 25.
3404+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3405+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3406+ items :
3407+ maxLength : 43
3408+ type : string
3409+ x-kubernetes-validations :
3410+ - message : CIDR is invalid
3411+ rule : isCIDR(self)
3412+ maxItems : 25
3413+ minItems : 1
3414+ type : array
3415+ {{- end }}
33523416 role :
33533417 description : |-
33543418 Role describes the network role in the pod.
@@ -3400,6 +3464,42 @@ spec:
34003464 is used
34013465 rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
34023466 isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
3467+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3468+ - message : defaultGatewayIPs is only supported for Primary network
3469+ rule : ' !has(self.defaultGatewayIPs) || has(self.role) && self.role
3470+ == '' Primary'' '
3471+ - message : defaultGatewayIPs must belong to one of the subnets specified
3472+ in the subnets field
3473+ rule : ' !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip,
3474+ self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))'
3475+ - message : defaultGatewayIPs must be specified for all IP families
3476+ rule : ' !has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs)
3477+ == size(self.subnets)'
3478+ - message : reservedSubnets must be unset when subnets is unset
3479+ rule : ' !has(self.reservedSubnets) || has(self.reservedSubnets) &&
3480+ has(self.subnets)'
3481+ - message : infrastructureSubnets must be unset when subnets is unset
3482+ rule : ' !has(self.infrastructureSubnets) || has(self.infrastructureSubnets)
3483+ && has(self.subnets)'
3484+ - message : defaultGatewayIPs have to belong to infrastructureSubnets
3485+ rule : ' !has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs)
3486+ || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet,
3487+ cidr(subnet).containsIP(ip)))'
3488+ - fieldPath : .reservedSubnets
3489+ message : reservedSubnets must be subnetworks of the networks specified
3490+ in the subnets field
3491+ rule : ' !has(self.reservedSubnets) || self.reservedSubnets.all(e,
3492+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
3493+ - fieldPath : .infrastructureSubnets
3494+ message : infrastructureSubnets must be subnetworks of the networks
3495+ specified in the subnets field
3496+ rule : ' !has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e,
3497+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
3498+ - message : infrastructureSubnets and reservedSubnets must not overlap
3499+ rule : ' !has(self.infrastructureSubnets) || !has(self.reservedSubnets)
3500+ || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved,
3501+ cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))'
3502+ {{- end }}
34033503 layer3 :
34043504 description : Layer3 is the Layer3 topology configuration.
34053505 properties :
@@ -3693,6 +3793,50 @@ spec:
36933793 layer2 :
36943794 description : Layer2 is the Layer2 topology configuration.
36953795 properties :
3796+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3797+ defaultGatewayIPs :
3798+ description : |-
3799+ defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology.
3800+
3801+ Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed.
3802+ This field is only allowed for "Primary" network.
3803+ It is not recommended to set this field without explicit need and understanding of the OVN network topology.
3804+ When omitted, an IP from network subnet is used.
3805+ items :
3806+ type : string
3807+ x-kubernetes-validations :
3808+ - message : IP is invalid
3809+ rule : isIP(self)
3810+ maxItems : 2
3811+ minItems : 1
3812+ type : array
3813+ x-kubernetes-validations :
3814+ - message : When 2 IPs are set, they must be from different
3815+ IP families
3816+ rule : size(self) != 2 || !isIP(self[0]) || !isIP(self[1])
3817+ || ip(self[0]).family() != ip(self[1]).family()
3818+ infrastructureSubnets :
3819+ description : |-
3820+ infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure.
3821+ Any IP addresses within these ranges cannot be assigned to workloads.
3822+ When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs.
3823+ When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs.
3824+ When `reservedSubnets` is also specified the CIDRs cannot overlap.
3825+ When `defaultGatewayIPs` is also specified the default gateway IPs must belong to one of the CIDRs.
3826+ Each item should be in range of the specified CIDR(s) in `subnets`.
3827+ The maximum number of entries allowed is 10.
3828+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3829+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3830+ items :
3831+ maxLength : 43
3832+ type : string
3833+ x-kubernetes-validations :
3834+ - message : CIDR is invalid
3835+ rule : isCIDR(self)
3836+ maxItems : 10
3837+ minItems : 1
3838+ type : array
3839+ {{- end }}
36963840 ipam :
36973841 description : IPAM section contains IPAM-related configuration
36983842 for the network.
@@ -3759,6 +3903,26 @@ spec:
37593903 maximum : 65536
37603904 minimum : 576
37613905 type : integer
3906+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3907+ reservedSubnets :
3908+ description : |-
3909+ reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation.
3910+ reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment.
3911+ IPs from these ranges can still be requested through static IP assignment in pod annotations.
3912+ Each item should be in range of the specified CIDR(s) in `subnets`.
3913+ The maximum number of entries allowed is 25.
3914+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3915+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3916+ items :
3917+ maxLength : 43
3918+ type : string
3919+ x-kubernetes-validations :
3920+ - message : CIDR is invalid
3921+ rule : isCIDR(self)
3922+ maxItems : 25
3923+ minItems : 1
3924+ type : array
3925+ {{- end }}
37623926 role :
37633927 description : |-
37643928 Role describes the network role in the pod.
@@ -3811,6 +3975,42 @@ spec:
38113975 subnet is used
38123976 rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
38133977 isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
3978+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3979+ - message : defaultGatewayIPs is only supported for Primary network
3980+ rule : ' !has(self.defaultGatewayIPs) || has(self.role) && self.role
3981+ == '' Primary'' '
3982+ - message : defaultGatewayIPs must belong to one of the subnets specified
3983+ in the subnets field
3984+ rule : ' !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip,
3985+ self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))'
3986+ - message : defaultGatewayIPs must be specified for all IP families
3987+ rule : ' !has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs)
3988+ == size(self.subnets)'
3989+ - message : reservedSubnets must be unset when subnets is unset
3990+ rule : ' !has(self.reservedSubnets) || has(self.reservedSubnets) &&
3991+ has(self.subnets)'
3992+ - message : infrastructureSubnets must be unset when subnets is unset
3993+ rule : ' !has(self.infrastructureSubnets) || has(self.infrastructureSubnets)
3994+ && has(self.subnets)'
3995+ - message : defaultGatewayIPs have to belong to infrastructureSubnets
3996+ rule : ' !has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs)
3997+ || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet,
3998+ cidr(subnet).containsIP(ip)))'
3999+ - fieldPath : .reservedSubnets
4000+ message : reservedSubnets must be subnetworks of the networks specified
4001+ in the subnets field
4002+ rule : ' !has(self.reservedSubnets) || self.reservedSubnets.all(e,
4003+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
4004+ - fieldPath : .infrastructureSubnets
4005+ message : infrastructureSubnets must be subnetworks of the networks
4006+ specified in the subnets field
4007+ rule : ' !has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e,
4008+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
4009+ - message : infrastructureSubnets and reservedSubnets must not overlap
4010+ rule : ' !has(self.infrastructureSubnets) || !has(self.reservedSubnets)
4011+ || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved,
4012+ cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))'
4013+ {{- end }}
38144014 layer3 :
38154015 description : Layer3 is the Layer3 topology configuration.
38164016 properties :
0 commit comments