Skip to content

Allow use of external networks on compute nodes without gateway functionality

Summary

Currently, the OVN agent detects its gateway-ness by checking whether a bridgeConfig exists: https://gitlab.com/yaook/images/ovn/-/blob/devel/files/ovn_controller_setup.sh?ref_type=heads#L67. This means that you cannot have a non-gateway OVN node with external networks. That means it's impossible to connect instances to external networks via layer 2 without also running routers on compute nodes.

Use cases

  • As a cloud operator, I want to be able to handle weird special clouds where users connect instances directly (layer 2) to "provider" networks.

Proposal

  • Add a boolean option to spec.setup.ovn.controller.configTemplates[] which controls the ovn-cms-options=enable-chassis-as-gw OVN flag.
  • Set no default for this option in the CRD
  • Infer the default in the code if no explicit value is set:
    • If a bridge mapping is present, default to true
    • If a bridge mapping is absent, default to false

Specification

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this issue are to be interpreted in the spirit of RFC 2119, even though we're not technically doing protocol design.

  • MUST have a solid migration path for existing setups

TODOs

  • Test that removing this flag even does the right thing. Assigning to me for that test.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information