Merge branch 'pr/5561' into ds_5561

Author: kyrtapz

README.md

@@ -35,9 +35,9 @@ Here are some links to help in your ovn-kubernetes journey:
 
 - [Welcome to ovn-kubernetes](https://ovn-kubernetes.io/) for overview of ovn-kubernetes.
 - [Architecture of ovn-kubernetes](https://ovn-kubernetes.io/design/architecture/)
-- [Deploying OVN Kubernetes cluster using KIND](https://ovn-kubernetes.io/installation/launching-ovn-kubernetes-on-kind/)
-- [Deploying OVN Kubernetes CNI using Helm](https://ovn-kubernetes.io/installation/launching-ovn-kubernetes-with-helm/)
-- [Contributing to OVN Kubernetes](https://ovn-kubernetes.io/governance/CONTRIBUTING/) for how to get involved
+- [Deploying OVN-Kubernetes cluster using KIND](https://ovn-kubernetes.io/installation/launching-ovn-kubernetes-on-kind/)
+- [Deploying OVN-Kubernetes CNI using Helm](https://ovn-kubernetes.io/installation/launching-ovn-kubernetes-with-helm/)
+- [Contributing to OVN-Kubernetes](https://ovn-kubernetes.io/governance/CONTRIBUTING/) for how to get involved
   in our project
 - [Meet the Community](https://ovn-kubernetes.io/governance/MEETINGS/) for details on community
   meeting details.

SECURITY.md

@@ -1,6 +1,6 @@
 # Security Policy
 
-OVNKubernetes repo uses the [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) which does automatic security updates by scanning the repo and opening PRs to update the effected libraries.
+OVN-Kubernetes repo uses the [dependabot](https://docs.github.com/en/code-security/dependabot/dependabot-security-updates/configuring-dependabot-security-updates) which does automatic security updates by scanning the repo and opening PRs to update the effected libraries.
 
 ## Reporting a Vulnerability
 

contrib/kind-helm.sh

@@ -52,8 +52,8 @@ set_default_params() {
   export SVC_CIDR_IPV6=${SVC_CIDR_IPV6:-fd00:10:96::/112}
   export JOIN_SUBNET_IPV4=${JOIN_SUBNET_IPV4:-100.64.0.0/16}
   export JOIN_SUBNET_IPV6=${JOIN_SUBNET_IPV6:-fd98::/64}
-  export TRANSIT_SWITCH_SUBNET_IPV4=${TRANSIT_SWITCH_SUBNET_IPV4:-100.88.0.0/16}
-  export TRANSIT_SWITCH_SUBNET_IPV6=${TRANSIT_SWITCH_SUBNET_IPV6:-fd97::/64}
+  export TRANSIT_SUBNET_IPV4=${TRANSIT_SUBNET_IPV4:-100.88.0.0/16}
+  export TRANSIT_SUBNET_IPV6=${TRANSIT_SUBNET_IPV6:-fd97::/64}
   export METALLB_CLIENT_NET_SUBNET_IPV4=${METALLB_CLIENT_NET_SUBNET_IPV4:-172.22.0.0/16}
   export METALLB_CLIENT_NET_SUBNET_IPV6=${METALLB_CLIENT_NET_SUBNET_IPV6:-fc00:f853:ccd:e792::/64}
 

contrib/kind.sh

@@ -121,7 +121,7 @@ echo "-npz | --nodes-per-zone                       If interconnect is enabled,
 echo "-mtu                                          Define the overlay mtu"
 echo "--isolated                                    Deploy with an isolated environment (no default gateway)"
 echo "--delete                                      Delete current cluster"
-echo "--deploy                                      Deploy ovn kubernetes without restarting kind"
+echo "--deploy                                      Deploy ovn-kubernetes without restarting kind"
 echo "--add-nodes                                   Adds nodes to an existing cluster. The number of nodes to be added is specified by --num-workers. Also use -ic if the cluster is using interconnect."
 echo "-dns | --enable-dnsnameresolver               Enable DNSNameResolver for resolving the DNS names used in the DNS rules of EgressFirewall."
 echo "-obs | --observability                        Enable OVN Observability feature."
@@ -593,8 +593,8 @@ set_default_params() {
   JOIN_SUBNET_IPV6=${JOIN_SUBNET_IPV6:-fd98::/64}
   MASQUERADE_SUBNET_IPV4=${MASQUERADE_SUBNET_IPV4:-169.254.0.0/17}
   MASQUERADE_SUBNET_IPV6=${MASQUERADE_SUBNET_IPV6:-fd69::/112}
-  TRANSIT_SWITCH_SUBNET_IPV4=${TRANSIT_SWITCH_SUBNET_IPV4:-100.88.0.0/16}
-  TRANSIT_SWITCH_SUBNET_IPV6=${TRANSIT_SWITCH_SUBNET_IPV6:-fd97::/64}
+  TRANSIT_SUBNET_IPV4=${TRANSIT_SUBNET_IPV4:-100.88.0.0/16}
+  TRANSIT_SUBNET_IPV6=${TRANSIT_SUBNET_IPV6:-fd97::/64}
   METALLB_CLIENT_NET_SUBNET_IPV4=${METALLB_CLIENT_NET_SUBNET_IPV4:-172.22.0.0/16}
   METALLB_CLIENT_NET_SUBNET_IPV6=${METALLB_CLIENT_NET_SUBNET_IPV6:-fc00:f853:ccd:e792::/64}
   BGP_SERVER_NET_SUBNET_IPV4=${BGP_SERVER_NET_SUBNET_IPV4:-172.26.0.0/16}
@@ -631,7 +631,7 @@ set_default_params() {
   OVN_HOST_NETWORK_NAMESPACE=${OVN_HOST_NETWORK_NAMESPACE:-ovn-host-network}
   OVN_EGRESSIP_HEALTHCHECK_PORT=${OVN_EGRESSIP_HEALTHCHECK_PORT:-9107}
   OCI_BIN=${KIND_EXPERIMENTAL_PROVIDER:-docker}
-  OVN_DEPLOY_PODS=${OVN_DEPLOY_PODS:-"ovnkube-zone-controller ovnkube-control-plane ovnkube-master ovnkube-node"}
+  OVN_DEPLOY_PODS=${OVN_DEPLOY_PODS:-"ovnkube-identity ovnkube-zone-controller ovnkube-control-plane ovnkube-master ovnkube-node"}
   OVN_METRICS_SCALE_ENABLE=${OVN_METRICS_SCALE_ENABLE:-false}
   OVN_ISOLATED=${OVN_ISOLATED:-false}
   OVN_GATEWAY_OPTS=${OVN_GATEWAY_OPTS:-""}
@@ -914,8 +914,8 @@ create_ovn_kube_manifests() {
     --v6-join-subnet="${JOIN_SUBNET_IPV6}" \
     --v4-masquerade-subnet="${MASQUERADE_SUBNET_IPV4}" \
     --v6-masquerade-subnet="${MASQUERADE_SUBNET_IPV6}" \
-    --v4-transit-switch-subnet="${TRANSIT_SWITCH_SUBNET_IPV4}" \
-    --v6-transit-switch-subnet="${TRANSIT_SWITCH_SUBNET_IPV6}" \
+    --v4-transit-subnet="${TRANSIT_SUBNET_IPV4}" \
+    --v6-transit-subnet="${TRANSIT_SUBNET_IPV6}" \
     --ex-gw-network-interface="${OVN_EX_GW_NETWORK_INTERFACE}" \
     --multi-network-enable="${ENABLE_MULTI_NET}" \
     --network-segmentation-enable="${ENABLE_NETWORK_SEGMENTATION}" \

dist/images/daemonset.sh

@@ -79,8 +79,8 @@ OVN_V4_JOIN_SUBNET=""
 OVN_V6_JOIN_SUBNET=""
 OVN_V4_MASQUERADE_SUBNET=""
 OVN_V6_MASQUERADE_SUBNET=""
-OVN_V4_TRANSIT_SWITCH_SUBNET=""
-OVN_V6_TRANSIT_SWITCH_SUBNET=""
+OVN_V4_TRANSIT_SUBNET=""
+OVN_V6_TRANSIT_SUBNET=""
 OVN_NETFLOW_TARGETS=""
 OVN_SFLOW_TARGETS=""
 OVN_IPFIX_TARGETS=""
@@ -302,11 +302,11 @@ while [ "$1" != "" ]; do
   --v6-masquerade-subnet)
     OVN_V6_MASQUERADE_SUBNET=$VALUE
     ;;
-  --v4-transit-switch-subnet)
-    OVN_V4_TRANSIT_SWITCH_SUBNET=$VALUE
+  --v4-transit-subnet)
+    OVN_V4_TRANSIT_SUBNET=$VALUE
     ;; 
-  --v6-transit-switch-subnet)
-    OVN_V6_TRANSIT_SWITCH_SUBNET=$VALUE
+  --v6-transit-subnet)
+    OVN_V6_TRANSIT_SUBNET=$VALUE
     ;; 
   --netflow-targets)
     OVN_NETFLOW_TARGETS=$VALUE
@@ -536,10 +536,10 @@ ovn_v4_masquerade_subnet=${OVN_V4_MASQUERADE_SUBNET}
 echo "ovn_v4_masquerade_subnet: ${ovn_v4_masquerade_subnet}"
 ovn_v6_masquerade_subnet=${OVN_V6_MASQUERADE_SUBNET}
 echo "ovn_v6_masquerade_subnet: ${ovn_v6_masquerade_subnet}"
-ovn_v4_transit_switch_subnet=${OVN_V4_TRANSIT_SWITCH_SUBNET}
-echo "ovn_v4_transit_switch_subnet: ${ovn_v4_transit_switch_subnet}"
-ovn_v6_transit_switch_subnet=${OVN_V6_TRANSIT_SWITCH_SUBNET}
-echo "ovn_v6_transit_switch_subnet: ${ovn_v6_transit_switch_subnet}"
+ovn_v4_transit_subnet=${OVN_V4_TRANSIT_SUBNET}
+echo "ovn_v4_transit_subnet: ${ovn_v4_transit_subnet}"
+ovn_v6_transit_subnet=${OVN_V6_TRANSIT_SUBNET}
+echo "ovn_v6_transit_subnet: ${ovn_v6_transit_subnet}"
 ovn_netflow_targets=${OVN_NETFLOW_TARGETS}
 echo "ovn_netflow_targets: ${ovn_netflow_targets}"
 ovn_sflow_targets=${OVN_SFLOW_TARGETS}
@@ -842,8 +842,8 @@ ovn_image=${ovnkube_image} \
   ovn_enable_multi_external_gateway=${ovn_enable_multi_external_gateway} \
   ovn_enable_ovnkube_identity=${ovn_enable_ovnkube_identity} \
   ovn_network_qos_enable=${ovn_network_qos_enable} \
-  ovn_v4_transit_switch_subnet=${ovn_v4_transit_switch_subnet} \
-  ovn_v6_transit_switch_subnet=${ovn_v6_transit_switch_subnet} \
+  ovn_v4_transit_subnet=${ovn_v4_transit_subnet} \
+  ovn_v6_transit_subnet=${ovn_v6_transit_subnet} \
   ovn_enable_persistent_ips=${ovn_enable_persistent_ips} \
   ovn_enable_dnsnameresolver=${ovn_enable_dnsnameresolver} \
   ovn_observ_enable=${ovn_observ_enable} \

dist/images/ovnkube.sh

@@ -238,10 +238,10 @@ ovn_v6_join_subnet=${OVN_V6_JOIN_SUBNET:-}
 ovn_v4_masquerade_subnet=${OVN_V4_MASQUERADE_SUBNET:-}
 # OVN_V6_MASQUERADE_SUBNET - v6 masquerade subnet
 ovn_v6_masquerade_subnet=${OVN_V6_MASQUERADE_SUBNET:-}
-# OVN_V4_TRANSIT_SWITCH_SUBNET - v4 Transit switch subnet
-ovn_v4_transit_switch_subnet=${OVN_V4_TRANSIT_SWITCH_SUBNET:-}
-# OVN_V6_TRANSIT_SWITCH_SUBNET - v6 Transit switch subnet
-ovn_v6_transit_switch_subnet=${OVN_V6_TRANSIT_SWITCH_SUBNET:-}
+# OVN_V4_TRANSIT_SUBNET - v4 Transit subnet
+ovn_v4_transit_subnet=${OVN_V4_TRANSIT_SUBNET:-}
+# OVN_V6_TRANSIT_SUBNET - v6 Transit subnet
+ovn_v6_transit_subnet=${OVN_V6_TRANSIT_SUBNET:-}
 #OVN_REMOTE_PROBE_INTERVAL - ovn remote probe interval in ms (default 100000)
 ovn_remote_probe_interval=${OVN_REMOTE_PROBE_INTERVAL:-100000}
 #OVN_MONITOR_ALL - ovn-controller monitor all data in SB DB
@@ -2356,17 +2356,17 @@ ovn-cluster-manager() {
   fi
   echo "ovn_v6_masquerade_subnet_opt=${ovn_v6_masquerade_subnet_opt}"
 
-  ovn_v4_transit_switch_subnet_opt=
-  if [[ -n ${ovn_v4_transit_switch_subnet} ]]; then
-      ovn_v4_transit_switch_subnet_opt="--cluster-manager-v4-transit-switch-subnet=${ovn_v4_transit_switch_subnet}"
+  ovn_v4_transit_subnet_opt=
+  if [[ -n ${ovn_v4_transit_subnet} ]]; then
+      ovn_v4_transit_subnet_opt="--cluster-manager-v4-transit-subnet=${ovn_v4_transit_subnet}"
   fi
-  echo "ovn_v4_transit_switch_subnet_opt=${ovn_v4_transit_switch_subnet}"
+  echo "ovn_v4_transit_subnet_opt=${ovn_v4_transit_subnet}"
 
-  ovn_v6_transit_switch_subnet_opt=
-  if [[ -n ${ovn_v6_transit_switch_subnet} ]]; then
-      ovn_v6_transit_switch_subnet_opt="--cluster-manager-v6-transit-switch-subnet=${ovn_v6_transit_switch_subnet}"
+  ovn_v6_transit_subnet_opt=
+  if [[ -n ${ovn_v6_transit_subnet} ]]; then
+      ovn_v6_transit_subnet_opt="--cluster-manager-v6-transit-subnet=${ovn_v6_transit_subnet}"
   fi
-  echo "ovn_v6_transit_switch_subnet_opt=${ovn_v6_transit_switch_subnet}"
+  echo "ovn_v6_transit_subnet_opt=${ovn_v6_transit_subnet}"
 
   multicast_enabled_flag=
   if [[ ${ovn_multicast_enable} == "true" ]]; then
@@ -2476,8 +2476,8 @@ ovn-cluster-manager() {
     ${ovn_v4_masquerade_subnet_opt} \
     ${ovn_v6_join_subnet_opt} \
     ${ovn_v6_masquerade_subnet_opt} \
-    ${ovn_v4_transit_switch_subnet_opt} \
-    ${ovn_v6_transit_switch_subnet_opt} \
+    ${ovn_v4_transit_subnet_opt} \
+    ${ovn_v6_transit_subnet_opt} \
     ${network_qos_enabled_flag} \
     ${ovn_enable_dnsnameresolver_flag} \
     --gateway-mode=${ovn_gateway_mode} \

dist/templates/k8s.ovn.org_clusteruserdefinednetworks.yaml.j2

@@ -145,7 +145,7 @@ spec:
                             description: |-
                               Lifecycle controls IP addresses management lifecycle.
 
-                              The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
+                              The only allowed value is Persistent. When set, the IP addresses assigned by OVN-Kubernetes will be persisted in an
                               `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
                               Only supported when mode is `Enabled`.
                             enum:
@@ -468,7 +468,7 @@ spec:
                             description: |-
                               Lifecycle controls IP addresses management lifecycle.
 
-                              The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
+                              The only allowed value is Persistent. When set, the IP addresses assigned by OVN-Kubernetes will be persisted in an
                               `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
                               Only supported when mode is `Enabled`.
                             enum:

dist/templates/k8s.ovn.org_userdefinednetworks.yaml.j2

@@ -93,7 +93,7 @@ spec:
                         description: |-
                           Lifecycle controls IP addresses management lifecycle.
 
-                          The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an
+                          The only allowed value is Persistent. When set, the IP addresses assigned by OVN-Kubernetes will be persisted in an
                           `ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.
                           Only supported when mode is `Enabled`.
                         enum:

dist/templates/ovnkube-control-plane.yaml.j2

@@ -179,10 +179,10 @@ spec:
           value: "{{ ovn_enable_interconnect }}"
         - name: OVN_ENABLE_MULTI_EXTERNAL_GATEWAY
           value: "{{ ovn_enable_multi_external_gateway }}"
-        - name: OVN_V4_TRANSIT_SWITCH_SUBNET
-          value: "{{ ovn_v4_transit_switch_subnet }}"
-        - name: OVN_V6_TRANSIT_SWITCH_SUBNET
-          value: "{{ ovn_v6_transit_switch_subnet }}"
+        - name: OVN_V4_TRANSIT_SUBNET
+          value: "{{ ovn_v4_transit_subnet }}"
+        - name: OVN_V6_TRANSIT_SUBNET
+          value: "{{ ovn_v6_transit_subnet }}"
         - name: OVN_ENABLE_PERSISTENT_IPS
           value: "{{ ovn_enable_persistent_ips }}"
         - name: OVN_NETWORK_QOS_ENABLE

docs/api-reference/userdefinednetwork-api-spec.md

@@ -153,7 +153,7 @@ _Appears in:_
 | Field | Description | Default | Validation |
 | --- | --- | --- | --- |
 | `mode` _[IPAMMode](#ipammode)_ | Mode controls how much of the IP configuration will be managed by OVN.<br />`Enabled` means OVN-Kubernetes will apply IP configuration to the SDN infrastructure and it will also assign IPs<br />from the selected subnet to the individual pods.<br />`Disabled` means OVN-Kubernetes will only assign MAC addresses and provide layer 2 communication, letting users<br />configure IP addresses for the pods.<br />`Disabled` is only available for Secondary networks.<br />By disabling IPAM, any Kubernetes features that rely on selecting pods by IP will no longer function<br />(such as network policy, services, etc). Additionally, IP port security will also be disabled for interfaces attached to this network.<br />Defaults to `Enabled`. |  | Enum: [Enabled Disabled] <br /> |
-| `lifecycle` _[NetworkIPAMLifecycle](#networkipamlifecycle)_ | Lifecycle controls IP addresses management lifecycle.<br /><br />The only allowed value is Persistent. When set, the IP addresses assigned by OVN Kubernetes will be persisted in an<br />`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.<br />Only supported when mode is `Enabled`. |  | Enum: [Persistent] <br /> |
+| `lifecycle` _[NetworkIPAMLifecycle](#networkipamlifecycle)_ | Lifecycle controls IP addresses management lifecycle.<br /><br />The only allowed value is Persistent. When set, the IP addresses assigned by OVN-Kubernetes will be persisted in an<br />`ipamclaims.k8s.cni.cncf.io` object. These IP addresses will be reused by other pods if requested.<br />Only supported when mode is `Enabled`. |  | Enum: [Persistent] <br /> |
 
 
 #### IPAMMode