+(Appears on: +OVNKubernetesConfig) +
++
OVNIPv6Config contains IPv6-specific configuration options for OVN-Kubernetes. +https://github.com/openshift/api/blob/6d3c4e25a8d3aeb57ad61649d80c38cbd27d1cc8/operator/v1/types_network.go#L541-L570
+ +| Field | +Description | +
|---|---|
+internalTransitSwitchSubnet
+
+string
+
+ |
+
+(Optional)
+ internalTransitSwitchSubnet is a v6 subnet in IPv6 CIDR format used internally +by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect +architecture that connects the cluster routers on each node together to enable +east west traffic. The subnet chosen should not overlap with other networks +specified for OVN-Kubernetes as well as other networks used on the host. +When omitted, this means no opinion and the platform is left to choose a reasonable +default which is subject to change over time. +The current default subnet is fd97::/64. +The subnet must be large enough to accommodate one IP per node in your cluster. +The value must be a valid IPv6 CIDR (e.g. fd97::/64). IPv4 addresses, +IPv4-mapped IPv6 addresses, and dual-stack addresses are not permitted. +The prefix length must be in the range /0 to /125 inclusive. +This field is immutable once set. + |
+
+internalJoinSubnet
+
+string
+
+ |
+
+(Optional)
+ internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the +default one is being already used by something else. It must not overlap with +any other subnet being used by OpenShift or by the node network. The size of the +subnet must be larger than the number of nodes. +The current default value is fd98::/64. +For KubeVirt hosted clusters, if this field is not set, HyperShift will +automatically use fd99::/64 to avoid collisions with the management cluster’s +default join subnet (fd98::/64). +The subnet must be large enough to accommodate one IP per node in your cluster. +The value must be a valid IPv6 CIDR (e.g. fd98::/64). IPv4 addresses, +IPv4-mapped IPv6 addresses, and dual-stack addresses are not permitted. +The prefix length must be in the range /0 to /125 inclusive. +This field is immutable once set. + |
+
(Appears on: @@ -47876,6 +47943,25 @@ fields within ipv4 for details of default values.
ipv6,omitzero
+
+
+OVNIPv6Config
+
+
+ipv6 allows users to configure IP settings for IPv6 connections. When omitted, +this means no opinions and the default configuration is used. Check individual +fields within ipv6 for details of default values. +For KubeVirt hosted clusters using dual-stack networking, it is recommended to +set ipv6.internalJoinSubnet to a value different from the management cluster’s +join subnet (default fd98::/64) to avoid IPv6 routing conflicts.
+mtu
int32
diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md
index 81f244bc303..828e8531ff1 100644
--- a/docs/content/reference/api.md
+++ b/docs/content/reference/api.md
@@ -13630,6 +13630,73 @@ The value must be in proper IPV4 CIDR format
+(Appears on: +OVNKubernetesConfig) +
++
OVNIPv6Config contains IPv6-specific configuration options for OVN-Kubernetes. +https://github.com/openshift/api/blob/6d3c4e25a8d3aeb57ad61649d80c38cbd27d1cc8/operator/v1/types_network.go#L541-L570
+ +| Field | +Description | +
|---|---|
+internalTransitSwitchSubnet
+
+string
+
+ |
+
+(Optional)
+ internalTransitSwitchSubnet is a v6 subnet in IPv6 CIDR format used internally +by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect +architecture that connects the cluster routers on each node together to enable +east west traffic. The subnet chosen should not overlap with other networks +specified for OVN-Kubernetes as well as other networks used on the host. +When omitted, this means no opinion and the platform is left to choose a reasonable +default which is subject to change over time. +The current default subnet is fd97::/64. +The subnet must be large enough to accommodate one IP per node in your cluster. +The value must be a valid IPv6 CIDR (e.g. fd97::/64). IPv4 addresses, +IPv4-mapped IPv6 addresses, and dual-stack addresses are not permitted. +The prefix length must be in the range /0 to /125 inclusive. +This field is immutable once set. + |
+
+internalJoinSubnet
+
+string
+
+ |
+
+(Optional)
+ internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the +default one is being already used by something else. It must not overlap with +any other subnet being used by OpenShift or by the node network. The size of the +subnet must be larger than the number of nodes. +The current default value is fd98::/64. +For KubeVirt hosted clusters, if this field is not set, HyperShift will +automatically use fd99::/64 to avoid collisions with the management cluster’s +default join subnet (fd98::/64). +The subnet must be large enough to accommodate one IP per node in your cluster. +The value must be a valid IPv6 CIDR (e.g. fd98::/64). IPv4 addresses, +IPv4-mapped IPv6 addresses, and dual-stack addresses are not permitted. +The prefix length must be in the range /0 to /125 inclusive. +This field is immutable once set. + |
+
(Appears on: @@ -13665,6 +13732,25 @@ fields within ipv4 for details of default values.
ipv6,omitzero
+
+
+OVNIPv6Config
+
+
+ipv6 allows users to configure IP settings for IPv6 connections. When omitted, +this means no opinions and the default configuration is used. Check individual +fields within ipv6 for details of default values. +For KubeVirt hosted clusters using dual-stack networking, it is recommended to +set ipv6.internalJoinSubnet to a value different from the management cluster’s +join subnet (default fd98::/64) to avoid IPv6 routing conflicts.
+mtu
int32
diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
index bec35502b68..450507dd1ab 100644
--- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
+++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go
@@ -4336,6 +4336,50 @@ func validateSliceNetworkCIDRs(hc *hyperv1.HostedCluster) field.ErrorList {
}
}
}
+
+ if hc.Spec.Networking.NetworkType == hyperv1.OVNKubernetes {
+ var ipv4JoinSubnet string
+ if hc.Spec.OperatorConfiguration != nil && hc.Spec.OperatorConfiguration.ClusterNetworkOperator != nil &&
+ hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil &&
+ hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv4 != nil {
+ ipv4JoinSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv4.InternalJoinSubnet
+ }
+ // The reconciler defaults KubeVirt IPv4 internal subnet to avoid collision
+ // with the management cluster; include the effective value so overlaps are caught at admission time.
+ if ipv4JoinSubnet == "" && hc.Spec.Platform.Type == hyperv1.KubevirtPlatform {
+ _, cidr, err := net.ParseCIDR(hyperv1.KubevirtDefaultV4InternalSubnet)
+ if err == nil {
+ ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv4", "v4InternalSubnet (default)")}
+ cidrEntries = append(cidrEntries, ce)
+ }
+ }
+
+ var ipv6JoinSubnet, ipv6TransitSubnet string
+ if hc.Spec.OperatorConfiguration != nil && hc.Spec.OperatorConfiguration.ClusterNetworkOperator != nil &&
+ hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig != nil {
+ ipv6JoinSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6.InternalJoinSubnet
+ ipv6TransitSubnet = hc.Spec.OperatorConfiguration.ClusterNetworkOperator.OVNKubernetesConfig.IPv6.InternalTransitSwitchSubnet
+ }
+ // The reconciler defaults KubeVirt IPv6 join subnet to avoid collision with the
+ // management cluster; include the effective value so overlaps are caught at admission time.
+ if ipv6JoinSubnet == "" && hc.Spec.Platform.Type == hyperv1.KubevirtPlatform {
+ ipv6JoinSubnet = hyperv1.KubevirtDefaultV6InternalJoinSubnet
+ }
+ if ipv6JoinSubnet != "" {
+ _, cidr, err := net.ParseCIDR(ipv6JoinSubnet)
+ if err == nil {
+ ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv6", "internalJoinSubnet")}
+ cidrEntries = append(cidrEntries, ce)
+ }
+ }
+ if ipv6TransitSubnet != "" {
+ _, cidr, err := net.ParseCIDR(ipv6TransitSubnet)
+ if err == nil {
+ ce := cidrEntry{*cidr, *field.NewPath("spec", "operatorConfiguration", "clusterNetworkOperator", "ovnKubernetesConfig", "ipv6", "internalTransitSwitchSubnet")}
+ cidrEntries = append(cidrEntries, ce)
+ }
+ }
+ }
return compareCIDREntries(cidrEntries)
}
diff --git a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
index f289f3dd122..8c0a8b33f75 100644
--- a/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
+++ b/hypershift-operator/controllers/hostedcluster/hostedcluster_controller_test.go
@@ -3918,13 +3918,14 @@ func TestComputeAWSEndpointServiceCondition(t *testing.T) {
func TestValidateSliceNetworkCIDRs(t *testing.T) {
t.Parallel()
tests := []struct {
- name string
- mn []hyperv1.MachineNetworkEntry
- cn []hyperv1.ClusterNetworkEntry
- sn []hyperv1.ServiceNetworkEntry
- networkType hyperv1.NetworkType
- ovnConfig *hyperv1.OVNKubernetesConfig
- wantErr bool
+ name string
+ mn []hyperv1.MachineNetworkEntry
+ cn []hyperv1.ClusterNetworkEntry
+ sn []hyperv1.ServiceNetworkEntry
+ networkType hyperv1.NetworkType
+ platformType hyperv1.PlatformType
+ ovnConfig *hyperv1.OVNKubernetesConfig
+ wantErr bool
}{
{
name: "given a conflicting IPv6 clusterNetwork overlapped with machineNetwork, it should fail",
@@ -4069,6 +4070,143 @@ func TestValidateSliceNetworkCIDRs(t *testing.T) {
},
wantErr: false,
},
+ {
+ name: "When OVN-Kubernetes with valid IPv6 InternalJoinSubnet it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalJoinSubnet: "fd99::/64",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "When OVN-Kubernetes with valid IPv6 InternalTransitSwitchSubnet it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalTransitSwitchSubnet: "fd97:1::/64",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "When OVN-Kubernetes IPv6 InternalJoinSubnet overlaps with MachineNetwork it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd99::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalJoinSubnet: "fd99::/64",
+ },
+ },
+ wantErr: true,
+ },
+ {
+ name: "When OVN-Kubernetes IPv6 subnets overlap with each other it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalJoinSubnet: "fd99::/64",
+ InternalTransitSwitchSubnet: "fd99::/48",
+ },
+ },
+ wantErr: true,
+ },
+ {
+ name: "When OVN-Kubernetes with both valid IPv4 and IPv6 subnets it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv4: &hyperv1.OVNIPv4Config{
+ InternalJoinSubnet: "100.64.0.0/16",
+ },
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalJoinSubnet: "fd99::/64",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "When OVN-Kubernetes with empty IPv6 subnet strings it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalJoinSubnet: "",
+ InternalTransitSwitchSubnet: "",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "When KubeVirt OVN-Kubernetes with no IPv6 config and MachineNetwork overlaps default fd99::/64 it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd99::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ platformType: hyperv1.KubevirtPlatform,
+ ovnConfig: nil,
+ wantErr: true,
+ },
+ {
+ name: "When KubeVirt OVN-Kubernetes with no IPv6 config and non-overlapping networks it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd03::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ platformType: hyperv1.KubevirtPlatform,
+ ovnConfig: nil,
+ wantErr: false,
+ },
+ {
+ name: "When KubeVirt OVN-Kubernetes with explicit IPv6 join subnet it should use explicit value not default",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd99::/48")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd01::/64")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("fd02::/112")}},
+ networkType: hyperv1.OVNKubernetes,
+ platformType: hyperv1.KubevirtPlatform,
+ ovnConfig: &hyperv1.OVNKubernetesConfig{
+ IPv6: hyperv1.OVNIPv6Config{
+ InternalJoinSubnet: "fdaa::/64",
+ },
+ },
+ wantErr: false,
+ },
+ {
+ name: "When KubeVirt OVN-Kubernetes with no IPv4 config and MachineNetwork overlaps default 100.66.0.0/16 it should fail",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("100.66.0.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ platformType: hyperv1.KubevirtPlatform,
+ ovnConfig: nil,
+ wantErr: true,
+ },
+ {
+ name: "When KubeVirt OVN-Kubernetes with no IPv4 config and non-overlapping networks it should succeed",
+ mn: []hyperv1.MachineNetworkEntry{{CIDR: *ipnet.MustParseCIDR("192.168.1.0/24")}},
+ cn: []hyperv1.ClusterNetworkEntry{{CIDR: *ipnet.MustParseCIDR("10.128.0.0/14")}},
+ sn: []hyperv1.ServiceNetworkEntry{{CIDR: *ipnet.MustParseCIDR("172.30.0.0/16")}},
+ networkType: hyperv1.OVNKubernetes,
+ platformType: hyperv1.KubevirtPlatform,
+ ovnConfig: nil,
+ wantErr: false,
+ },
}
for _, tt := range tests {
@@ -4079,6 +4217,9 @@ func TestValidateSliceNetworkCIDRs(t *testing.T) {
Namespace: "any",
},
Spec: hyperv1.HostedClusterSpec{
+ Platform: hyperv1.PlatformSpec{
+ Type: tt.platformType,
+ },
Networking: hyperv1.ClusterNetworking{
NetworkType: tt.networkType,
MachineNetwork: tt.mn,
@@ -4088,9 +4229,7 @@ func TestValidateSliceNetworkCIDRs(t *testing.T) {
},
}
- // Set OVN configuration if provided
if tt.ovnConfig != nil {
- //OperatorConfiguration
hc.Spec.OperatorConfiguration = &hyperv1.OperatorConfiguration{
ClusterNetworkOperator: &hyperv1.ClusterNetworkOperatorSpec{
OVNKubernetesConfig: tt.ovnConfig,
diff --git a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
index ee74790f5ba..c14858d3fa1 100644
--- a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
+++ b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/operator.go
@@ -4,6 +4,20 @@ import (
operatorv1 "github.com/openshift/api/operator/v1"
)
+const (
+ // KubevirtDefaultV6InternalJoinSubnet is the default IPv6 OVN join subnet
+ // for KubeVirt hosted clusters. The upstream OVN-Kubernetes default is fd98::/64,
+ // but KubeVirt guests use fd99::/64 to avoid collisions with the management
+ // cluster's join subnet when both run OVN-Kubernetes.
+ KubevirtDefaultV6InternalJoinSubnet = "fd99::/64"
+
+ // KubevirtDefaultV4InternalSubnet is the default IPv4 OVN internal subnet
+ // for KubeVirt hosted clusters. The upstream OVN-Kubernetes default gateway
+ // router LRP CIDR is 100.64.0.0/16 and the default UDNs is 100.65.0.0/16.
+ // KubeVirt guests use 100.66.0.0/16 to avoid collisions with the management cluster.
+ KubevirtDefaultV4InternalSubnet = "100.66.0.0/16"
+)
+
// +kubebuilder:validation:Enum="";Normal;Debug;Trace;TraceAll
type LogLevel string
@@ -38,6 +52,7 @@ type ClusterVersionOperatorSpec struct {
OperatorLogLevel LogLevel `json:"operatorLogLevel,omitempty"`
}
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ovnKubernetesConfig) || has(self.ovnKubernetesConfig)", message="ovnKubernetesConfig is immutable once set and cannot be removed"
type ClusterNetworkOperatorSpec struct {
// disableMultiNetwork when set to true disables the Multus CNI plugin and related components
// in the hosted cluster. This prevents the installation of multus daemon sets in the
@@ -62,7 +77,11 @@ type ClusterNetworkOperatorSpec struct {
// OVNKubernetesConfig contains OVN-Kubernetes specific configuration options.
// https://github.com/openshift/api/blob/6d3c4e25a8d3aeb57ad61649d80c38cbd27d1cc8/operator/v1/types_network.go#L400-L471
// +kubebuilder:validation:XValidation:rule="!has(self.ipv4) || !has(self.ipv4.internalJoinSubnet) || !has(self.ipv4.internalTransitSwitchSubnet) || self.ipv4.internalJoinSubnet != self.ipv4.internalTransitSwitchSubnet", message="internalJoinSubnet and internalTransitSwitchSubnet must not be the same"
+// +kubebuilder:validation:XValidation:rule="!has(self.ipv6) || !has(self.ipv6.internalJoinSubnet) || !has(self.ipv6.internalTransitSwitchSubnet) || self.ipv6.internalJoinSubnet != self.ipv6.internalTransitSwitchSubnet", message="ipv6 internalJoinSubnet and internalTransitSwitchSubnet must not be the same"
// +kubebuilder:validation:XValidation:rule="!has(oldSelf.mtu) || has(self.mtu)",message="mtu is immutable once set and cannot be removed"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || has(self.ipv6)", message="ipv6 is immutable once set and cannot be removed"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalJoinSubnet) || (has(self.ipv6) && has(self.ipv6.internalJoinSubnet))", message="ipv6.internalJoinSubnet cannot be removed once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ipv6) || !has(oldSelf.ipv6.internalTransitSwitchSubnet) || (has(self.ipv6) && has(self.ipv6.internalTransitSwitchSubnet))", message="ipv6.internalTransitSwitchSubnet cannot be removed once set"
// +kubebuilder:validation:MinProperties=1
type OVNKubernetesConfig struct {
// ipv4 allows users to configure IP settings for IPv4 connections. When omitted,
@@ -71,6 +90,15 @@ type OVNKubernetesConfig struct {
// +optional
IPv4 *OVNIPv4Config `json:"ipv4,omitempty"`
+ // ipv6 allows users to configure IP settings for IPv6 connections. When omitted,
+ // this means no opinions and the default configuration is used. Check individual
+ // fields within ipv6 for details of default values.
+ // For KubeVirt hosted clusters using dual-stack networking, it is recommended to
+ // set ipv6.internalJoinSubnet to a value different from the management cluster's
+ // join subnet (default fd98::/64) to avoid IPv6 routing conflicts.
+ // +optional
+ IPv6 OVNIPv6Config `json:"ipv6,omitzero,omitempty"`
+
// mtu is the MTU to use for the tunnel interface on hosted cluster nodes.
// This must be 100 bytes smaller than the uplink MTU.
// When unset, the cluster-network-operator will determine the MTU automatically
@@ -126,6 +154,52 @@ type OVNIPv4Config struct {
InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"`
}
+// OVNIPv6Config contains IPv6-specific configuration options for OVN-Kubernetes.
+// https://github.com/openshift/api/blob/6d3c4e25a8d3aeb57ad61649d80c38cbd27d1cc8/operator/v1/types_network.go#L541-L570
+// +kubebuilder:validation:MinProperties=1
+type OVNIPv6Config struct {
+ // internalTransitSwitchSubnet is a v6 subnet in IPv6 CIDR format used internally
+ // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect
+ // architecture that connects the cluster routers on each node together to enable
+ // east west traffic. The subnet chosen should not overlap with other networks
+ // specified for OVN-Kubernetes as well as other networks used on the host.
+ // When omitted, this means no opinion and the platform is left to choose a reasonable
+ // default which is subject to change over time.
+ // The current default subnet is fd97::/64.
+ // The subnet must be large enough to accommodate one IP per node in your cluster.
+ // The value must be a valid IPv6 CIDR (e.g. fd97::/64). IPv4 addresses,
+ // IPv4-mapped IPv6 addresses, and dual-stack addresses are not permitted.
+ // The prefix length must be in the range /0 to /125 inclusive.
+ // This field is immutable once set.
+ // +kubebuilder:validation:MaxLength=48
+ // +kubebuilder:validation:MinLength=3
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6", message="Subnet must be in valid IPv6 CIDR format (e.g., fd97::/64)"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125", message="subnet must be in the range /0 to /125 inclusive"
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="internalTransitSwitchSubnet is immutable"
+ // +optional
+ InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"`
+ // internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the
+ // default one is being already used by something else. It must not overlap with
+ // any other subnet being used by OpenShift or by the node network. The size of the
+ // subnet must be larger than the number of nodes.
+ // The current default value is fd98::/64.
+ // For KubeVirt hosted clusters, if this field is not set, HyperShift will
+ // automatically use fd99::/64 to avoid collisions with the management cluster's
+ // default join subnet (fd98::/64).
+ // The subnet must be large enough to accommodate one IP per node in your cluster.
+ // The value must be a valid IPv6 CIDR (e.g. fd98::/64). IPv4 addresses,
+ // IPv4-mapped IPv6 addresses, and dual-stack addresses are not permitted.
+ // The prefix length must be in the range /0 to /125 inclusive.
+ // This field is immutable once set.
+ // +kubebuilder:validation:MaxLength=48
+ // +kubebuilder:validation:MinLength=3
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6", message="Subnet must be in valid IPv6 CIDR format (e.g., fd98::/64)"
+ // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125", message="subnet must be in the range /0 to /125 inclusive"
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf", message="internalJoinSubnet is immutable"
+ // +optional
+ InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"`
+}
+
// IngressOperatorSpec is the specification of the desired behavior of the Ingress Operator.
type IngressOperatorSpec struct {
// endpointPublishingStrategy is used to publish the default ingress controller endpoints.
diff --git a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go
index 5954bdd73ad..a3d882374d2 100644
--- a/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/hypershift/api/hypershift/v1beta1/zz_generated.deepcopy.go
@@ -3818,6 +3818,21 @@ func (in *OVNIPv4Config) DeepCopy() *OVNIPv4Config {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *OVNIPv6Config) DeepCopyInto(out *OVNIPv6Config) {
+ *out = *in
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OVNIPv6Config.
+func (in *OVNIPv6Config) DeepCopy() *OVNIPv6Config {
+ if in == nil {
+ return nil
+ }
+ out := new(OVNIPv6Config)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) {
*out = *in
@@ -3826,6 +3841,7 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) {
*out = new(OVNIPv4Config)
**out = **in
}
+ out.IPv6 = in.IPv6
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OVNKubernetesConfig.