Add GatewayConfig to OVNKubernetesConfig

With this we can enable users to specify gateway config options via CRD. For now we are exposing only the mode and egressMultipleExternalGateway options.
openshift · Oct 25, 2021 · 30b701d · 30b701d
1 parent 4436dc8
commit 30b701d
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 5 deletions.
diff --git a/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/operator/v1/0000_70_cluster-network-operator_01.crd.yaml
@@ -290,9 +290,29 @@ spec:
                         type: integer
                     type: object
                   ovnKubernetesConfig:
-                    description: oVNKubernetesConfig configures the ovn-kubernetes
-                      plugin. This is currently not implemented.
+                    description: ovnKubernetesConfig configures the ovn-kubernetes
+                      plugin.
                     properties:
+                      gatewayConfig:
+                        description: gatewayConfig holds the configuration for node
+                          gateway options. Supported from OCP 4.10.
+                        properties:
+                          egressMultipleExternalGateways:
+                            default: false
+                            description: egressMultipleExternalGateways allows traffic
+                              from pods in namespaces annotated with routing-external-gws
+                              to egress via configured external gateway pods by disabling
+                              SNAT at the gateway routers. Default is false.
+                            type: boolean
+                          mode:
+                            default: shared
+                            description: mode is the gateway mode; if may be either
+                              "shared", or "local". Default is shared.
+                            enum:
+                            - shared
+                            - local
+                            type: string
+                        type: object
                       genevePort:
                         description: geneve port is the UDP port to be used by geneve
                           encapulation. Default is 6081

diff --git a/operator/v1/types_network.go b/operator/v1/types_network.go
@@ -139,8 +139,7 @@ type DefaultNetworkDefinition struct {
 	// +optional
 	OpenShiftSDNConfig *OpenShiftSDNConfig `json:"openshiftSDNConfig,omitempty"`
 
-	// oVNKubernetesConfig configures the ovn-kubernetes plugin. This is currently
-	// not implemented.
+	// ovnKubernetesConfig configures the ovn-kubernetes plugin.
 	// +optional
 	OVNKubernetesConfig *OVNKubernetesConfig `json:"ovnKubernetesConfig,omitempty"`
 
@@ -374,6 +373,9 @@ type OVNKubernetesConfig struct {
 	// reported defaults are used.
 	// +optional
 	PolicyAuditConfig *PolicyAuditConfig `json:"policyAuditConfig,omitempty"`
+	// gatewayConfig holds the configuration for node gateway options. Supported from OCP 4.10.
+	// +optional
+	GatewayConfig *GatewayConfig `json:"gatewayConfig,omitempty"`
 }
 
 type HybridOverlayConfig struct {
@@ -388,6 +390,37 @@ type HybridOverlayConfig struct {
 type IPsecConfig struct {
 }
 
+// GatewayMode holds the node gateway mode
+type GatewayMode string
+
+const (
+	// gatewayModeShared indicates OVN shares a gateway interface with the node. All
+	// north-south traffic will pass into OVN directly via the shared gateway interface
+	// without touching the linux networking stack on the host.
+	GatewayModeShared GatewayMode = "shared"
+	// gatewayModeLocal indicates OVN creates a local NAT-ed interface for the gateway.
+	// All north-south traffic will touch the linux networking stack first before going
+	// into OVN. Use this mode if you want pod egress traffic to pass through host
+	// networking stack.
+	GatewayModeLocal GatewayMode = "local"
+)
+
+// GatewayConfig holds node gateway-related parsed config file parameters and command-line overrides
+type GatewayConfig struct {
+	// mode is the gateway mode; if may be either "shared", or "local".
+	// Default is shared.
+	// +kubebuilder:validation:Enum="shared";"local"
+	// +kubebuilder:default:="shared"
+	// +optional
+	Mode GatewayMode `json:"mode,omitempty"`
+	// egressMultipleExternalGateways allows traffic from pods in namespaces annotated with
+	// routing-external-gws to egress via configured external gateway pods by disabling SNAT
+	// at the gateway routers. Default is false.
+	// +kubebuilder:default:=false
+	// +optional
+	EgressMultipleExternalGateways bool `json:"egressMultipleExternalGateways,omitempty"`
+}
+
 type ExportNetworkFlows struct {
 	// netFlow defines the NetFlow configuration.
 	// +optional

diff --git a/operator/v1/zz_generated.deepcopy.go b/operator/v1/zz_generated.deepcopy.go
diff --git a/operator/v1/zz_generated.swagger_doc_generated.go b/operator/v1/zz_generated.swagger_doc_generated.go