move overlay service lb to join switch

dist/images/Dockerfile.base

@@ -36,7 +36,7 @@ RUN cd /usr/src/ && git clone -b branch-22.12 --depth=1 https://github.com/ovn-o
     # change hash type from dp_hash to hash with field src_ip
     curl -s https://github.com/kubeovn/ovn/commit/4ad8763f707ff4088ae61396c7931e8735f71f22.patch | git apply && \
     # set ether dst addr for dnat on logical switch
-    curl -s https://github.com/kubeovn/ovn/commit/44875725ad6ce3cb38e4d471d540fe69ed204bff.patch | git apply && \
+    # curl -s https://github.com/kubeovn/ovn/commit/44875725ad6ce3cb38e4d471d540fe69ed204bff.patch | git apply && \
     # modify src route priority
     curl -s https://github.com/kubeovn/ovn/commit/da1388ece89b27012d081c31310fd577b036b071.patch | git apply && \
     # fix reaching resubmit limit in underlay
@@ -46,11 +46,11 @@ RUN cd /usr/src/ && git clone -b branch-22.12 --depth=1 https://github.com/ovn-o
     # fix lr-lb dnat with multiple distributed gateway ports
     curl -s https://github.com/kubeovn/ovn/commit/80f37c2debbf9f5230403691f791d11cc2b2e277.patch | git apply && \
     # lflow: do not send direct traffic between lports to conntrack
-    curl -s https://github.com/kubeovn/ovn/commit/54cbe0d1ba2051e640dd3e53498f373362547691.patch | git apply && \
+    # curl -s https://github.com/kubeovn/ovn/commit/54cbe0d1ba2051e640dd3e53498f373362547691.patch | git apply && \
     # northd: add nb option version_compatibility
-    curl -s https://github.com/kubeovn/ovn/commit/06f5a7c684a6030036e2663eecf934b37c3e666e.patch | git apply && \
+    curl -s https://github.com/kubeovn/ovn/commit/88a665d796b1007e963a05c5e15e3faad219e189.patch | git apply && \
     # northd: skip conntrack when access node local dns ip
-    curl -s https://github.com/kubeovn/ovn/commit/1ea964886da774506962d6bf23f8f894d93a10eb.patch | git apply
+    # curl -s https://github.com/kubeovn/ovn/commit/1ea964886da774506962d6bf23f8f894d93a10eb.patch | git apply
 
 RUN apt install -y build-essential fakeroot \
     autoconf automake bzip2 debhelper-compat dh-exec dh-python dh-sequence-python3 dh-sequence-sphinxdoc \

go.mod

@@ -5,8 +5,8 @@ go 1.22
 toolchain go1.22.2
 
 require (
-	github.com/Microsoft/go-winio v0.6.1
-	github.com/Microsoft/hcsshim v0.12.2
+	github.com/Microsoft/go-winio v0.6.2
+	github.com/Microsoft/hcsshim v0.12.3
 	github.com/alauda/felix v3.6.6-0.20201207121355-187332daf314+incompatible
 	github.com/bhendo/go-powershell v0.0.0-20190719160123-219e7fb4e41e
 	github.com/cenkalti/backoff/v4 v4.3.0
@@ -38,6 +38,7 @@ require (
 	github.com/stretchr/testify v1.9.0
 	github.com/vishvananda/netlink v1.2.1-beta.2
 	go.uber.org/mock v0.4.0
+	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f
 	golang.org/x/mod v0.17.0
 	golang.org/x/sys v0.19.0
 	golang.org/x/time v0.5.0
@@ -237,7 +238,6 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.22.0 // indirect
-	golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect
 	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/oauth2 v0.19.0 // indirect
 	golang.org/x/sync v0.7.0 // indirect

go.sum

@@ -635,10 +635,10 @@ github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0=
 github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.12.2 h1:AcXy+yfRvrx20g9v7qYaJv5Rh+8GaHOS6b8G6Wx/nKs=
-github.com/Microsoft/hcsshim v0.12.2/go.mod h1:RZV12pcHCXQ42XnlQ3pz6FZfmrC1C+R4gaOHhRNML1g=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0=
+github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ=
 github.com/NYTimes/gziphandler v1.1.1 h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=
 github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c=

pkg/controller/controller.go

@@ -740,22 +740,6 @@ func Run(ctx context.Context, config *Configuration) {
 func (c *Controller) Run(ctx context.Context) {
 	// The init process can only be placed here if the init process do really affect the normal process of controller, such as Nodes/Pods/Subnets...
 	// Otherwise, the init process should be placed after all workers have already started working
-	if err := c.OVNNbClient.SetLsDnatModDlDst(c.config.LsDnatModDlDst); err != nil {
-		util.LogFatalAndExit(err, "failed to set NB_Global option ls_dnat_mod_dl_dst")
-	}
-
-	if err := c.OVNNbClient.SetUseCtInvMatch(); err != nil {
-		util.LogFatalAndExit(err, "failed to set NB_Global option use_ct_inv_match to false")
-	}
-
-	if err := c.OVNNbClient.SetLsCtSkipDstLportIPs(c.config.LsCtSkipDstLportIPs); err != nil {
-		util.LogFatalAndExit(err, "failed to set NB_Global option ls_ct_skip_dst_lport_ips")
-	}
-
-	if err := c.OVNNbClient.SetNodeLocalDNSIP(c.config.NodeLocalDNSIP); err != nil {
-		util.LogFatalAndExit(err, "failed to set NB_Global option node_local_dns_ip")
-	}
-
 	if err := c.InitOVN(); err != nil {
 		util.LogFatalAndExit(err, "failed to initialize ovn resources")
 	}

pkg/controller/init.go

@@ -29,6 +29,10 @@ import (
 func (c *Controller) InitOVN() error {
 	var err error
 
+	if err = c.initOVNNBGlobal(); err != nil {
+		util.LogFatalAndExit(err, "failed to initialize OVN NB_Global")
+	}
+
 	if err = c.initClusterRouter(); err != nil {
 		klog.Errorf("init cluster router failed: %v", err)
 		return err
@@ -198,7 +202,18 @@ func (c *Controller) initNodeSwitch() error {
 	return nil
 }
 
-// InitClusterRouter init cluster router to connect different logical switches
+func (c *Controller) initOVNNBGlobal() error {
+	options := map[string]string{
+		"use_ct_inv_match": "false",
+		"node_switch":      "",
+	}
+	if c.config.EnableLb {
+		options["node_switch"] = c.config.NodeSwitch
+	}
+	return c.OVNNbClient.SetNBGlobalOptions(options)
+}
+
+// initClusterRouter init cluster router to connect different logical switches
 func (c *Controller) initClusterRouter() error {
 	return c.OVNNbClient.CreateLogicalRouter(c.config.ClusterRouter)
 }
@@ -230,7 +245,7 @@ func (c *Controller) initLB(name, protocol string, sessionAffinity bool) error {
 	return nil
 }
 
-// InitLoadBalancer init the default tcp and udp cluster loadbalancer
+// initLoadBalancer init the default tcp and udp cluster loadbalancer
 func (c *Controller) initLoadBalancer() error {
 	vpcs, err := c.vpcsLister.List(labels.Everything())
 	if err != nil {

pkg/controller/subnet.go

@@ -831,26 +831,26 @@ func (c *Controller) handleAddOrUpdateSubnet(key string) error {
 		return err
 	}
 
-	if c.config.EnableLb && subnet.Name != c.config.NodeSwitch {
-		lbs := []string{
-			vpc.Status.TCPLoadBalancer,
-			vpc.Status.TCPSessionLoadBalancer,
-			vpc.Status.UDPLoadBalancer,
-			vpc.Status.UDPSessionLoadBalancer,
-			vpc.Status.SctpLoadBalancer,
-			vpc.Status.SctpSessionLoadBalancer,
-		}
-		if subnet.Spec.EnableLb != nil && *subnet.Spec.EnableLb {
-			if err := c.OVNNbClient.LogicalSwitchUpdateLoadBalancers(subnet.Name, ovsdb.MutateOperationInsert, lbs...); err != nil {
-				c.patchSubnetStatus(subnet, "AddLbToLogicalSwitchFailed", err.Error())
-				klog.Error(err)
-				return err
-			}
-		} else {
-			if err := c.OVNNbClient.LogicalSwitchUpdateLoadBalancers(subnet.Name, ovsdb.MutateOperationDelete, lbs...); err != nil {
-				klog.Errorf("remove load-balancer from subnet %s failed: %v", subnet.Name, err)
-				return err
-			}
+	lbs := []string{
+		vpc.Status.TCPLoadBalancer,
+		vpc.Status.TCPSessionLoadBalancer,
+		vpc.Status.UDPLoadBalancer,
+		vpc.Status.UDPSessionLoadBalancer,
+		vpc.Status.SctpLoadBalancer,
+		vpc.Status.SctpSessionLoadBalancer,
+	}
+	// TODO: consider subnet.Spec.U2OInterconnection in the default vpc
+	if c.config.EnableLb && ((subnet.Name == c.config.NodeSwitch || subnet.Spec.Vpc != c.config.ClusterRouter) ||
+		(subnet.Spec.Vlan != "" && subnet.Spec.EnableLb != nil && *subnet.Spec.EnableLb)) {
+		if err := c.OVNNbClient.LogicalSwitchUpdateLoadBalancers(subnet.Name, ovsdb.MutateOperationInsert, lbs...); err != nil {
+			c.patchSubnetStatus(subnet, "AddLbToLogicalSwitchFailed", err.Error())
+			klog.Error(err)
+			return err
+		}
+	} else {
+		if err := c.OVNNbClient.LogicalSwitchUpdateLoadBalancers(subnet.Name, ovsdb.MutateOperationDelete, lbs...); err != nil {
+			klog.Errorf("remove load-balancer from subnet %s failed: %v", subnet.Name, err)
+			return err
 		}
 	}
 

pkg/ovs/interface.go

@@ -14,11 +14,8 @@ import (
 type NBGlobal interface {
 	UpdateNbGlobal(nbGlobal *ovnnb.NBGlobal, fields ...interface{}) error
 	SetAzName(azName string) error
-	SetUseCtInvMatch() error
 	SetICAutoRoute(enable bool, blackList []string) error
-	SetLsDnatModDlDst(enabled bool) error
-	SetLsCtSkipDstLportIPs(enabled bool) error
-	SetNodeLocalDNSIP(nodeLocalDNSIP string) error
+	SetNBGlobalOptions(options map[string]string) error
 	GetNbGlobal() (*ovnnb.NBGlobal, error)
 }
 

pkg/ovs/ovn-nb-suite_test.go

@@ -72,10 +72,6 @@ func (suite *OvnClientTestSuite) Test_SetUseCtInvMatch() {
 	suite.testSetUseCtInvMatch()
 }
 
-func (suite *OvnClientTestSuite) Test_SetLBCIDR() {
-	suite.testSetLBCIDR()
-}
-
 /* logical_switch unit test */
 func (suite *OvnClientTestSuite) Test_CreateLogicalSwitch() {
 	suite.testCreateLogicalSwitch()