@@ -3211,6 +3211,50 @@ spec:
32113211 layer2 :
32123212 description : Layer2 is the Layer2 topology configuration.
32133213 properties :
3214+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3215+ defaultGatewayIPs :
3216+ description : |-
3217+ defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology.
3218+
3219+ Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed.
3220+ This field is only allowed for "Primary" network.
3221+ It is not recommended to set this field without explicit need and understanding of the OVN network topology.
3222+ When omitted, an IP from network subnet is used.
3223+ items :
3224+ type : string
3225+ x-kubernetes-validations :
3226+ - message : IP is invalid
3227+ rule : isIP(self)
3228+ maxItems : 2
3229+ minItems : 1
3230+ type : array
3231+ x-kubernetes-validations :
3232+ - message : When 2 IPs are set, they must be from different IP
3233+ families
3234+ rule : size(self) != 2 || !isIP(self[0]) || !isIP(self[1]) ||
3235+ ip(self[0]).family() != ip(self[1]).family()
3236+ infrastructureSubnets :
3237+ description : |-
3238+ infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure.
3239+ Any IP addresses within these ranges cannot be assigned to workloads.
3240+ When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs.
3241+ When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs.
3242+ When `reservedSubnets` is also specified the CIDRs cannot overlap.
3243+ When `defaultGatewayIPs` is also specified the default gateway IPs must belong to one of the CIDRs.
3244+ Each item should be in range of the specified CIDR(s) in `subnets`.
3245+ The maximum number of entries allowed is 10.
3246+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3247+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3248+ items :
3249+ maxLength : 43
3250+ type : string
3251+ x-kubernetes-validations :
3252+ - message : CIDR is invalid
3253+ rule : isCIDR(self)
3254+ maxItems : 10
3255+ minItems : 1
3256+ type : array
3257+ {{- end }}
32143258 ipam :
32153259 description : IPAM section contains IPAM-related configuration
32163260 for the network.
@@ -3277,6 +3321,26 @@ spec:
32773321 maximum : 65536
32783322 minimum : 576
32793323 type : integer
3324+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3325+ reservedSubnets :
3326+ description : |-
3327+ reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation.
3328+ reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment.
3329+ IPs from these ranges can still be requested through static IP assignment in pod annotations.
3330+ Each item should be in range of the specified CIDR(s) in `subnets`.
3331+ The maximum number of entries allowed is 25.
3332+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3333+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3334+ items :
3335+ maxLength : 43
3336+ type : string
3337+ x-kubernetes-validations :
3338+ - message : CIDR is invalid
3339+ rule : isCIDR(self)
3340+ maxItems : 25
3341+ minItems : 1
3342+ type : array
3343+ {{- end }}
32803344 role :
32813345 description : |-
32823346 Role describes the network role in the pod.
@@ -3328,6 +3392,42 @@ spec:
33283392 is used
33293393 rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
33303394 isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
3395+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3396+ - message : defaultGatewayIPs is only supported for Primary network
3397+ rule : ' !has(self.defaultGatewayIPs) || has(self.role) && self.role
3398+ == '' Primary'' '
3399+ - message : defaultGatewayIPs must belong to one of the subnets specified
3400+ in the subnets field
3401+ rule : ' !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip,
3402+ self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))'
3403+ - message : defaultGatewayIPs must be specified for all IP families
3404+ rule : ' !has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs)
3405+ == size(self.subnets)'
3406+ - message : reservedSubnets must be unset when subnets is unset
3407+ rule : ' !has(self.reservedSubnets) || has(self.reservedSubnets) &&
3408+ has(self.subnets)'
3409+ - message : infrastructureSubnets must be unset when subnets is unset
3410+ rule : ' !has(self.infrastructureSubnets) || has(self.infrastructureSubnets)
3411+ && has(self.subnets)'
3412+ - message : defaultGatewayIPs have to belong to infrastructureSubnets
3413+ rule : ' !has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs)
3414+ || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet,
3415+ cidr(subnet).containsIP(ip)))'
3416+ - fieldPath : .reservedSubnets
3417+ message : reservedSubnets must be subnetworks of the networks specified
3418+ in the subnets field
3419+ rule : ' !has(self.reservedSubnets) || self.reservedSubnets.all(e,
3420+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
3421+ - fieldPath : .infrastructureSubnets
3422+ message : infrastructureSubnets must be subnetworks of the networks
3423+ specified in the subnets field
3424+ rule : ' !has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e,
3425+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
3426+ - message : infrastructureSubnets and reservedSubnets must not overlap
3427+ rule : ' !has(self.infrastructureSubnets) || !has(self.reservedSubnets)
3428+ || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved,
3429+ cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))'
3430+ {{- end }}
33313431 layer3 :
33323432 description : Layer3 is the Layer3 topology configuration.
33333433 properties :
@@ -3621,6 +3721,50 @@ spec:
36213721 layer2 :
36223722 description : Layer2 is the Layer2 topology configuration.
36233723 properties :
3724+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3725+ defaultGatewayIPs :
3726+ description : |-
3727+ defaultGatewayIPs specifies the default gateway IP used in the internal OVN topology.
3728+
3729+ Dual-stack clusters may set 2 IPs (one for each IP family), otherwise only 1 IP is allowed.
3730+ This field is only allowed for "Primary" network.
3731+ It is not recommended to set this field without explicit need and understanding of the OVN network topology.
3732+ When omitted, an IP from network subnet is used.
3733+ items :
3734+ type : string
3735+ x-kubernetes-validations :
3736+ - message : IP is invalid
3737+ rule : isIP(self)
3738+ maxItems : 2
3739+ minItems : 1
3740+ type : array
3741+ x-kubernetes-validations :
3742+ - message : When 2 IPs are set, they must be from different
3743+ IP families
3744+ rule : size(self) != 2 || !isIP(self[0]) || !isIP(self[1])
3745+ || ip(self[0]).family() != ip(self[1]).family()
3746+ infrastructureSubnets :
3747+ description : |-
3748+ infrastructureSubnets specifies a list of internal CIDR ranges that OVN-Kubernetes will reserve for internal network infrastructure.
3749+ Any IP addresses within these ranges cannot be assigned to workloads.
3750+ When omitted, OVN-Kubernetes will automatically allocate IP addresses from `subnets` for its infrastructure needs.
3751+ When there are not enough available IPs in the provided infrastructureSubnets, OVN-Kubernetes will automatically allocate IP addresses from subnets for its infrastructure needs.
3752+ When `reservedSubnets` is also specified the CIDRs cannot overlap.
3753+ When `defaultGatewayIPs` is also specified the default gateway IPs must belong to one of the CIDRs.
3754+ Each item should be in range of the specified CIDR(s) in `subnets`.
3755+ The maximum number of entries allowed is 10.
3756+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3757+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3758+ items :
3759+ maxLength : 43
3760+ type : string
3761+ x-kubernetes-validations :
3762+ - message : CIDR is invalid
3763+ rule : isCIDR(self)
3764+ maxItems : 10
3765+ minItems : 1
3766+ type : array
3767+ {{- end }}
36243768 ipam :
36253769 description : IPAM section contains IPAM-related configuration
36263770 for the network.
@@ -3687,6 +3831,26 @@ spec:
36873831 maximum : 65536
36883832 minimum : 576
36893833 type : integer
3834+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3835+ reservedSubnets :
3836+ description : |-
3837+ reservedSubnets specifies a list of CIDRs reserved for static IP assignment, excluded from automatic allocation.
3838+ reservedSubnets is optional. When omitted, all IP addresses in `subnets` are available for automatic assignment.
3839+ IPs from these ranges can still be requested through static IP assignment in pod annotations.
3840+ Each item should be in range of the specified CIDR(s) in `subnets`.
3841+ The maximum number of entries allowed is 25.
3842+ The format should match standard CIDR notation (for example, "10.128.0.0/16").
3843+ This field must be omitted if `subnets` is unset or `ipam.mode` is `Disabled`.
3844+ items :
3845+ maxLength : 43
3846+ type : string
3847+ x-kubernetes-validations :
3848+ - message : CIDR is invalid
3849+ rule : isCIDR(self)
3850+ maxItems : 25
3851+ minItems : 1
3852+ type : array
3853+ {{- end }}
36903854 role :
36913855 description : |-
36923856 Role describes the network role in the pod.
@@ -3739,6 +3903,42 @@ spec:
37393903 subnet is used
37403904 rule : ' !has(self.subnets) || !has(self.mtu) || !self.subnets.exists_one(i,
37413905 isCIDR(i) && cidr(i).ip().family() == 6) || self.mtu >= 1280'
3906+ {{- if .OVN_PRE_CONF_UDN_ADDR_ENABLE }}
3907+ - message : defaultGatewayIPs is only supported for Primary network
3908+ rule : ' !has(self.defaultGatewayIPs) || has(self.role) && self.role
3909+ == '' Primary'' '
3910+ - message : defaultGatewayIPs must belong to one of the subnets specified
3911+ in the subnets field
3912+ rule : ' !has(self.defaultGatewayIPs) || self.defaultGatewayIPs.all(ip,
3913+ self.subnets.exists(subnet, cidr(subnet).containsIP(ip)))'
3914+ - message : defaultGatewayIPs must be specified for all IP families
3915+ rule : ' !has(self.defaultGatewayIPs) || size(self.defaultGatewayIPs)
3916+ == size(self.subnets)'
3917+ - message : reservedSubnets must be unset when subnets is unset
3918+ rule : ' !has(self.reservedSubnets) || has(self.reservedSubnets) &&
3919+ has(self.subnets)'
3920+ - message : infrastructureSubnets must be unset when subnets is unset
3921+ rule : ' !has(self.infrastructureSubnets) || has(self.infrastructureSubnets)
3922+ && has(self.subnets)'
3923+ - message : defaultGatewayIPs have to belong to infrastructureSubnets
3924+ rule : ' !has(self.infrastructureSubnets) || !has(self.defaultGatewayIPs)
3925+ || self.defaultGatewayIPs.all(ip, self.infrastructureSubnets.exists(subnet,
3926+ cidr(subnet).containsIP(ip)))'
3927+ - fieldPath : .reservedSubnets
3928+ message : reservedSubnets must be subnetworks of the networks specified
3929+ in the subnets field
3930+ rule : ' !has(self.reservedSubnets) || self.reservedSubnets.all(e,
3931+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
3932+ - fieldPath : .infrastructureSubnets
3933+ message : infrastructureSubnets must be subnetworks of the networks
3934+ specified in the subnets field
3935+ rule : ' !has(self.infrastructureSubnets) || self.infrastructureSubnets.all(e,
3936+ self.subnets.exists(s, cidr(s).containsCIDR(cidr(e))))'
3937+ - message : infrastructureSubnets and reservedSubnets must not overlap
3938+ rule : ' !has(self.infrastructureSubnets) || !has(self.reservedSubnets)
3939+ || self.infrastructureSubnets.all(infra, !self.reservedSubnets.exists(reserved,
3940+ cidr(infra).containsCIDR(reserved) || cidr(reserved).containsCIDR(infra)))'
3941+ {{- end }}
37423942 layer3 :
37433943 description : Layer3 is the Layer3 topology configuration.
37443944 properties :
0 commit comments