diff --git a/go.mod b/go.mod
index 9bbf6f6e7..36f6da660 100644
--- a/go.mod
+++ b/go.mod
@@ -66,3 +66,5 @@ retract v3.9.0+incompatible
// To make go aware of the retraction, we need to tag a new version that can be
// retracted by itself.
retract v0.0.1
+
+replace github.com/openshift/api => github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866
diff --git a/go.sum b/go.sum
index 2d9a9eac7..a06539a63 100644
--- a/go.sum
+++ b/go.sum
@@ -57,14 +57,14 @@ github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM
github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
-github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7 h1:DeKd90ff6ieG02cFroiRTh7oKguGVaEYyTDkXHLIn5A=
-github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee h1:+Sp5GGnjHDhT/a/nQ1xdp43UscBMr7G5wxsYotyhzJ4=
github.com/openshift/build-machinery-go v0.0.0-20250530140348-dc5b2804eeee/go.mod h1:8jcm8UPtg2mCAsxfqKil1xrmRMI3a+XU2TZ9fF8A7TE=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866 h1:/Czn5nnlZaR9XroaoyGrQCyEUV85CgriqAzj+NSR8yE=
+github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866/go.mod h1:d5uzF0YN2nQQFA0jIEWzzOZ+edmo6wzlGLvx5Fhz4uY=
github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
github.com/spf13/pflag v1.0.6 h1:jFzHGLGAlb3ruxLB8MhbI6A8+AQX/2eW4qeyNZXNp2o=
diff --git a/operator/applyconfigurations/internal/internal.go b/operator/applyconfigurations/internal/internal.go
index d2451c572..109db2468 100644
--- a/operator/applyconfigurations/internal/internal.go
+++ b/operator/applyconfigurations/internal/internal.go
@@ -389,6 +389,15 @@ var schemaYAML = typed.YAMLObject(`types:
type:
scalar: string
default: ""
+- name: com.github.openshift.api.operator.v1.BGPManagedConfig
+ map:
+ fields:
+ - name: asNumber
+ type:
+ scalar: numeric
+ - name: bgpTopology
+ type:
+ scalar: string
- name: com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig
map:
fields:
@@ -2837,6 +2846,15 @@ var schemaYAML = typed.YAMLObject(`types:
- name: version
type:
scalar: string
+- name: com.github.openshift.api.operator.v1.NoOverlayOptions
+ map:
+ fields:
+ - name: outboundSNAT
+ type:
+ scalar: string
+ - name: routing
+ type:
+ scalar: string
- name: com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus
map:
fields:
@@ -3136,6 +3154,17 @@ var schemaYAML = typed.YAMLObject(`types:
- name: com.github.openshift.api.operator.v1.OVNKubernetesConfig
map:
fields:
+ - name: bgpManagedConfig
+ type:
+ namedType: com.github.openshift.api.operator.v1.BGPManagedConfig
+ default: {}
+ - name: defaultNetworkNoOverlayOptions
+ type:
+ namedType: com.github.openshift.api.operator.v1.NoOverlayOptions
+ default: {}
+ - name: defaultNetworkTransport
+ type:
+ scalar: string
- name: egressIPConfig
type:
namedType: com.github.openshift.api.operator.v1.EgressIPConfig
diff --git a/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go b/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go
new file mode 100644
index 000000000..fe44370a9
--- /dev/null
+++ b/operator/applyconfigurations/operator/v1/bgpmanagedconfig.go
@@ -0,0 +1,36 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ operatorv1 "github.com/openshift/api/operator/v1"
+)
+
+// BGPManagedConfigApplyConfiguration represents a declarative configuration of the BGPManagedConfig type for use
+// with apply.
+type BGPManagedConfigApplyConfiguration struct {
+ ASNumber *int64 `json:"asNumber,omitempty"`
+ BGPTopology *operatorv1.BGPTopology `json:"bgpTopology,omitempty"`
+}
+
+// BGPManagedConfigApplyConfiguration constructs a declarative configuration of the BGPManagedConfig type for use with
+// apply.
+func BGPManagedConfig() *BGPManagedConfigApplyConfiguration {
+ return &BGPManagedConfigApplyConfiguration{}
+}
+
+// WithASNumber sets the ASNumber field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the ASNumber field is set to the value of the last call.
+func (b *BGPManagedConfigApplyConfiguration) WithASNumber(value int64) *BGPManagedConfigApplyConfiguration {
+ b.ASNumber = &value
+ return b
+}
+
+// WithBGPTopology sets the BGPTopology field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the BGPTopology field is set to the value of the last call.
+func (b *BGPManagedConfigApplyConfiguration) WithBGPTopology(value operatorv1.BGPTopology) *BGPManagedConfigApplyConfiguration {
+ b.BGPTopology = &value
+ return b
+}
diff --git a/operator/applyconfigurations/operator/v1/nooverlayoptions.go b/operator/applyconfigurations/operator/v1/nooverlayoptions.go
new file mode 100644
index 000000000..7ac090c24
--- /dev/null
+++ b/operator/applyconfigurations/operator/v1/nooverlayoptions.go
@@ -0,0 +1,36 @@
+// Code generated by applyconfiguration-gen. DO NOT EDIT.
+
+package v1
+
+import (
+ operatorv1 "github.com/openshift/api/operator/v1"
+)
+
+// NoOverlayOptionsApplyConfiguration represents a declarative configuration of the NoOverlayOptions type for use
+// with apply.
+type NoOverlayOptionsApplyConfiguration struct {
+ OutboundSNAT *operatorv1.SNATOption `json:"outboundSNAT,omitempty"`
+ Routing *operatorv1.RoutingOption `json:"routing,omitempty"`
+}
+
+// NoOverlayOptionsApplyConfiguration constructs a declarative configuration of the NoOverlayOptions type for use with
+// apply.
+func NoOverlayOptions() *NoOverlayOptionsApplyConfiguration {
+ return &NoOverlayOptionsApplyConfiguration{}
+}
+
+// WithOutboundSNAT sets the OutboundSNAT field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the OutboundSNAT field is set to the value of the last call.
+func (b *NoOverlayOptionsApplyConfiguration) WithOutboundSNAT(value operatorv1.SNATOption) *NoOverlayOptionsApplyConfiguration {
+ b.OutboundSNAT = &value
+ return b
+}
+
+// WithRouting sets the Routing field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the Routing field is set to the value of the last call.
+func (b *NoOverlayOptionsApplyConfiguration) WithRouting(value operatorv1.RoutingOption) *NoOverlayOptionsApplyConfiguration {
+ b.Routing = &value
+ return b
+}
diff --git a/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go b/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go
index 9d878cea9..4fbfb206d 100644
--- a/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go
+++ b/operator/applyconfigurations/operator/v1/ovnkubernetesconfig.go
@@ -9,18 +9,21 @@ import (
// OVNKubernetesConfigApplyConfiguration represents a declarative configuration of the OVNKubernetesConfig type for use
// with apply.
type OVNKubernetesConfigApplyConfiguration struct {
- MTU *uint32 `json:"mtu,omitempty"`
- GenevePort *uint32 `json:"genevePort,omitempty"`
- HybridOverlayConfig *HybridOverlayConfigApplyConfiguration `json:"hybridOverlayConfig,omitempty"`
- IPsecConfig *IPsecConfigApplyConfiguration `json:"ipsecConfig,omitempty"`
- PolicyAuditConfig *PolicyAuditConfigApplyConfiguration `json:"policyAuditConfig,omitempty"`
- GatewayConfig *GatewayConfigApplyConfiguration `json:"gatewayConfig,omitempty"`
- V4InternalSubnet *string `json:"v4InternalSubnet,omitempty"`
- V6InternalSubnet *string `json:"v6InternalSubnet,omitempty"`
- EgressIPConfig *EgressIPConfigApplyConfiguration `json:"egressIPConfig,omitempty"`
- IPv4 *IPv4OVNKubernetesConfigApplyConfiguration `json:"ipv4,omitempty"`
- IPv6 *IPv6OVNKubernetesConfigApplyConfiguration `json:"ipv6,omitempty"`
- RouteAdvertisements *operatorv1.RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"`
+ MTU *uint32 `json:"mtu,omitempty"`
+ GenevePort *uint32 `json:"genevePort,omitempty"`
+ HybridOverlayConfig *HybridOverlayConfigApplyConfiguration `json:"hybridOverlayConfig,omitempty"`
+ IPsecConfig *IPsecConfigApplyConfiguration `json:"ipsecConfig,omitempty"`
+ PolicyAuditConfig *PolicyAuditConfigApplyConfiguration `json:"policyAuditConfig,omitempty"`
+ GatewayConfig *GatewayConfigApplyConfiguration `json:"gatewayConfig,omitempty"`
+ V4InternalSubnet *string `json:"v4InternalSubnet,omitempty"`
+ V6InternalSubnet *string `json:"v6InternalSubnet,omitempty"`
+ EgressIPConfig *EgressIPConfigApplyConfiguration `json:"egressIPConfig,omitempty"`
+ IPv4 *IPv4OVNKubernetesConfigApplyConfiguration `json:"ipv4,omitempty"`
+ IPv6 *IPv6OVNKubernetesConfigApplyConfiguration `json:"ipv6,omitempty"`
+ RouteAdvertisements *operatorv1.RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"`
+ DefaultNetworkTransport *operatorv1.TransportOption `json:"defaultNetworkTransport,omitempty"`
+ DefaultNetworkNoOverlayOptions *NoOverlayOptionsApplyConfiguration `json:"defaultNetworkNoOverlayOptions,omitempty"`
+ BGPManagedConfig *BGPManagedConfigApplyConfiguration `json:"bgpManagedConfig,omitempty"`
}
// OVNKubernetesConfigApplyConfiguration constructs a declarative configuration of the OVNKubernetesConfig type for use with
@@ -124,3 +127,27 @@ func (b *OVNKubernetesConfigApplyConfiguration) WithRouteAdvertisements(value op
b.RouteAdvertisements = &value
return b
}
+
+// WithDefaultNetworkTransport sets the DefaultNetworkTransport field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DefaultNetworkTransport field is set to the value of the last call.
+func (b *OVNKubernetesConfigApplyConfiguration) WithDefaultNetworkTransport(value operatorv1.TransportOption) *OVNKubernetesConfigApplyConfiguration {
+ b.DefaultNetworkTransport = &value
+ return b
+}
+
+// WithDefaultNetworkNoOverlayOptions sets the DefaultNetworkNoOverlayOptions field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the DefaultNetworkNoOverlayOptions field is set to the value of the last call.
+func (b *OVNKubernetesConfigApplyConfiguration) WithDefaultNetworkNoOverlayOptions(value *NoOverlayOptionsApplyConfiguration) *OVNKubernetesConfigApplyConfiguration {
+ b.DefaultNetworkNoOverlayOptions = value
+ return b
+}
+
+// WithBGPManagedConfig sets the BGPManagedConfig field in the declarative configuration to the given value
+// and returns the receiver, so that objects can be built by chaining "With" function invocations.
+// If called multiple times, the BGPManagedConfig field is set to the value of the last call.
+func (b *OVNKubernetesConfigApplyConfiguration) WithBGPManagedConfig(value *BGPManagedConfigApplyConfiguration) *OVNKubernetesConfigApplyConfiguration {
+ b.BGPManagedConfig = value
+ return b
+}
diff --git a/operator/applyconfigurations/utils.go b/operator/applyconfigurations/utils.go
index 476c71ae4..baf344126 100644
--- a/operator/applyconfigurations/utils.go
+++ b/operator/applyconfigurations/utils.go
@@ -50,6 +50,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &operatorv1.AzureCSIDriverConfigSpecApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("AzureDiskEncryptionSet"):
return &operatorv1.AzureDiskEncryptionSetApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("BGPManagedConfig"):
+ return &operatorv1.BGPManagedConfigApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("BootImageSkewEnforcementConfig"):
return &operatorv1.BootImageSkewEnforcementConfigApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("BootImageSkewEnforcementStatus"):
@@ -318,6 +320,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} {
return &operatorv1.NodePortStrategyApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("NodeStatus"):
return &operatorv1.NodeStatusApplyConfiguration{}
+ case v1.SchemeGroupVersion.WithKind("NoOverlayOptions"):
+ return &operatorv1.NoOverlayOptionsApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("OAuthAPIServerStatus"):
return &operatorv1.OAuthAPIServerStatusApplyConfiguration{}
case v1.SchemeGroupVersion.WithKind("OLM"):
diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md
index 6b21a4ae5..ababeca07 100644
--- a/vendor/github.com/openshift/api/features.md
+++ b/vendor/github.com/openshift/api/features.md
@@ -15,6 +15,7 @@
| NewOLMCatalogdAPIV1Metas| | | | Enabled | | | | Enabled |
| NewOLMOwnSingleNamespace| | | | Enabled | | | | Enabled |
| NewOLMPreflightPermissionChecks| | | | Enabled | | | | Enabled |
+| NoOverlayMode| | | | | | | Enabled | Enabled |
| NoRegistryClusterInstall| | | | Enabled | | | | Enabled |
| ProvisioningRequestAvailable| | | Enabled | Enabled | | | | |
| AWSClusterHostedDNS| | | Enabled | Enabled | | | Enabled | Enabled |
diff --git a/vendor/github.com/openshift/api/openapi/openapi.json b/vendor/github.com/openshift/api/openapi/openapi.json
index 4683af727..a55242936 100644
--- a/vendor/github.com/openshift/api/openapi/openapi.json
+++ b/vendor/github.com/openshift/api/openapi/openapi.json
@@ -10374,7 +10374,7 @@
"$ref": "#/definitions/com.github.openshift.api.config.v1.PKI"
},
"policyType": {
- "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI). This value is enabled by turning on the SigstoreImageVerificationPKI feature gate.",
+ "description": "policyType is a required field specifies the type of the policy for verification. This field must correspond to how the policy was generated. Allowed values are \"PublicKey\", \"FulcioCAWithRekor\", and \"PKI\". When set to \"PublicKey\", the policy relies on a sigstore publicKey and may optionally use a Rekor verification. When set to \"FulcioCAWithRekor\", the policy is based on the Fulcio certification and incorporates a Rekor verification. When set to \"PKI\", the policy is based on the certificates from Bring Your Own Public Key Infrastructure (BYOPKI).",
"type": "string",
"default": ""
},
@@ -28604,6 +28604,24 @@
}
}
},
+ "com.github.openshift.api.operator.v1.BGPManagedConfig": {
+ "description": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".",
+ "type": "object",
+ "required": [
+ "bgpTopology"
+ ],
+ "properties": {
+ "asNumber": {
+ "description": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.",
+ "type": "integer",
+ "format": "int64"
+ },
+ "bgpTopology": {
+ "description": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node deploys a BGP router, forming a BGP full mesh. This field is required when BGPManagedConfig is specified.",
+ "type": "string"
+ }
+ }
+ },
"com.github.openshift.api.operator.v1.BootImageSkewEnforcementConfig": {
"description": "BootImageSkewEnforcementConfig is used to configure how boot image version skew is enforced on the cluster.",
"type": "object",
@@ -32975,6 +32993,24 @@
}
}
},
+ "com.github.openshift.api.operator.v1.NoOverlayOptions": {
+ "description": "NoOverlayOptions contains configuration options for networks operating in no-overlay mode.",
+ "type": "object",
+ "required": [
+ "outboundSNAT",
+ "routing"
+ ],
+ "properties": {
+ "outboundSNAT": {
+ "description": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode.",
+ "type": "string"
+ },
+ "routing": {
+ "description": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode.",
+ "type": "string"
+ }
+ }
+ },
"com.github.openshift.api.operator.v1.NodeDisruptionPolicyClusterStatus": {
"description": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies",
"type": "object",
@@ -33491,6 +33527,20 @@
"description": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project",
"type": "object",
"properties": {
+ "bgpManagedConfig": {
+ "description": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their NoOverlayOptions. It is required when DefaultNetworkNoOverlayOptions.Routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing.",
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.operator.v1.BGPManagedConfig"
+ },
+ "defaultNetworkNoOverlayOptions": {
+ "description": "defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. It is required when DefaultNetworkTransport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.",
+ "default": {},
+ "$ref": "#/definitions/com.github.openshift.api.operator.v1.NoOverlayOptions"
+ },
+ "defaultNetworkTransport": {
+ "description": "defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. Allowed values are \"NoOverlay\" and \"Geneve\". When set to \"NoOverlay\", the default network operates in no-overlay mode. When set to \"Geneve\", the default network uses Geneve overlay. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\".",
+ "type": "string"
+ },
"egressIPConfig": {
"description": "egressIPConfig holds the configuration for EgressIP options.",
"default": {},
diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go
index 111240eec..6d95e5905 100644
--- a/vendor/github.com/openshift/api/operator/v1/types_network.go
+++ b/vendor/github.com/openshift/api/operator/v1/types_network.go
@@ -397,8 +397,18 @@ type OpenShiftSDNConfig struct {
EnableUnidling *bool `json:"enableUnidling,omitempty"`
}
+// Maintainer note for NoOverlayMode feature (TechPreview):
+// When NoOverlayMode graduates to GA, add '+kubebuilder:default=Geneve' to the DefaultNetworkTransport
+// field so the default is visible in the CRD schema and applied by the API server automatically.
+// Currently CNO handles the default (treating omitted as Geneve) because the field is feature-gated
+// and existing ungated tests don't expect this field in outputs.
+
// ovnKubernetesConfig contains the configuration parameters for networks
// using the ovn-kubernetes network project
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.defaultNetworkTransport) || self.defaultNetworkTransport != 'NoOverlay' || has(self.defaultNetworkNoOverlayOptions)",message="defaultNetworkNoOverlayOptions is required when defaultNetworkTransport is NoOverlay"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(self.defaultNetworkNoOverlayOptions) || self.defaultNetworkNoOverlayOptions.routing != 'Managed' || has(self.bgpManagedConfig)",message="bgpManagedConfig is required when defaultNetworkNoOverlayOptions.routing is Managed"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.defaultNetworkTransport) || oldSelf.defaultNetworkTransport == '' || has(self.defaultNetworkTransport)",message="defaultNetworkTransport cannot be removed once set to a non-empty value"
+// +openshift:validation:FeatureGateAwareXValidation:featureGate=NoOverlayMode,rule="!has(oldSelf.defaultNetworkNoOverlayOptions) || has(self.defaultNetworkNoOverlayOptions)",message="defaultNetworkNoOverlayOptions cannot be removed once set"
type OVNKubernetesConfig struct {
// mtu is the MTU to use for the tunnel interface. This must be 100
// bytes smaller than the uplink mtu.
@@ -468,6 +478,35 @@ type OVNKubernetesConfig struct {
// +openshift:enable:FeatureGate=RouteAdvertisements
// +optional
RouteAdvertisements RouteAdvertisementsEnablement `json:"routeAdvertisements,omitempty"`
+
+ // defaultNetworkTransport describes the transport protocol for east-west traffic for the default network.
+ // Allowed values are "NoOverlay" and "Geneve".
+ // When set to "NoOverlay", the default network operates in no-overlay mode.
+ // When set to "Geneve", the default network uses Geneve overlay.
+ // When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time.
+ // The current default is "Geneve".
+ // +openshift:enable:FeatureGate=NoOverlayMode
+ // +kubebuilder:validation:Enum=NoOverlay;Geneve
+ // +kubebuilder:validation:XValidation:rule="oldSelf == '' || self == oldSelf",message="defaultNetworkTransport is immutable once set"
+ // +optional
+ DefaultNetworkTransport TransportOption `json:"defaultNetworkTransport,omitempty"`
+
+ // defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network.
+ // It is required when DefaultNetworkTransport is "NoOverlay".
+ // When omitted, this means the user does not configure no-overlay mode options.
+ // +openshift:enable:FeatureGate=NoOverlayMode
+ // +kubebuilder:validation:XValidation:rule="!oldSelf.hasValue() || self == oldSelf.value()",message="defaultNetworkNoOverlayOptions is immutable once set",optionalOldSelf=true
+ // +optional
+ DefaultNetworkNoOverlayOptions NoOverlayOptions `json:"defaultNetworkNoOverlayOptions,omitzero,omitempty"`
+
+ // bgpManagedConfig configures the BGP properties for networks (default network or CUDNs)
+ // in no-overlay mode that specify routing="Managed" in their NoOverlayOptions.
+ // It is required when DefaultNetworkNoOverlayOptions.Routing is set to "Managed".
+ // When omitted, this means the user does not configure BGP for managed routing.
+ // +openshift:enable:FeatureGate=NoOverlayMode
+ // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="bgpManagedConfig field is immutable"
+ // +optional
+ BGPManagedConfig BGPManagedConfig `json:"bgpManagedConfig,omitzero,omitempty"`
}
type IPv4OVNKubernetesConfig struct {
@@ -898,3 +937,77 @@ type AdditionalRoutingCapabilities struct {
// +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))"
Providers []RoutingCapabilitiesProvider `json:"providers"`
}
+
+// TransportOption is the type for network transport options
+type TransportOption string
+
+// SNATOption is the type for SNAT configuration options
+type SNATOption string
+
+// RoutingOption is the type for routing configuration options
+type RoutingOption string
+
+// BGPTopology is the type for BGP topology configuration
+type BGPTopology string
+
+const (
+ // TransportOptionNoOverlay indicates the network operates in no-overlay mode
+ TransportOptionNoOverlay TransportOption = "NoOverlay"
+ // TransportOptionGeneve indicates the network uses Geneve overlay
+ TransportOptionGeneve TransportOption = "Geneve"
+
+ // SNATEnabled indicates outbound SNAT is enabled
+ SNATEnabled SNATOption = "Enabled"
+ // SNATDisabled indicates outbound SNAT is disabled
+ SNATDisabled SNATOption = "Disabled"
+
+ // RoutingManaged indicates routing is managed by OVN-Kubernetes
+ RoutingManaged RoutingOption = "Managed"
+ // RoutingUnmanaged indicates routing is managed by users
+ RoutingUnmanaged RoutingOption = "Unmanaged"
+
+ // BGPTopologyFullMesh indicates every node deploys a BGP router, forming a BGP full mesh
+ BGPTopologyFullMesh BGPTopology = "FullMesh"
+)
+
+// NoOverlayOptions contains configuration options for networks operating in no-overlay mode.
+type NoOverlayOptions struct {
+ // outboundSNAT defines the SNAT behavior for outbound traffic from pods.
+ // Allowed values are "Enabled" and "Disabled".
+ // When set to "Enabled", SNAT is performed on outbound traffic from pods.
+ // When set to "Disabled", SNAT is not performed and pod IPs are preserved in outbound traffic.
+ // This field is required when the network operates in no-overlay mode.
+ // +kubebuilder:validation:Enum=Enabled;Disabled
+ // +required
+ OutboundSNAT SNATOption `json:"outboundSNAT,omitempty"`
+
+ // routing specifies whether the pod network routing is managed by OVN-Kubernetes or users.
+ // Allowed values are "Managed" and "Unmanaged".
+ // When set to "Managed", OVN-Kubernetes manages the pod network routing configuration through BGP.
+ // When set to "Unmanaged", users are responsible for configuring the pod network routing.
+ // This field is required when the network operates in no-overlay mode.
+ // +kubebuilder:validation:Enum=Managed;Unmanaged
+ // +required
+ Routing RoutingOption `json:"routing,omitempty"`
+}
+
+// BGPManagedConfig contains configuration options for BGP when routing is "Managed".
+type BGPManagedConfig struct {
+ // asNumber is the 2-byte or 4-byte Autonomous System Number (ASN)
+ // to be used in the generated FRR configuration.
+ // Valid values are 1 to 4294967295.
+ // When omitted, this defaults to 64512.
+ // +kubebuilder:validation:Minimum=1
+ // +kubebuilder:validation:Maximum=4294967295
+ // +kubebuilder:default=64512
+ // +optional
+ ASNumber int64 `json:"asNumber,omitempty"`
+
+ // bgpTopology defines the BGP topology to be used.
+ // Allowed values are "FullMesh".
+ // When set to "FullMesh", every node deploys a BGP router, forming a BGP full mesh.
+ // This field is required when BGPManagedConfig is specified.
+ // +kubebuilder:validation:Enum=FullMesh
+ // +required
+ BGPTopology BGPTopology `json:"bgpTopology,omitempty"`
+}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
index 3bc6b81de..30f437b45 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go
@@ -390,6 +390,22 @@ func (in *AzureDiskEncryptionSet) DeepCopy() *AzureDiskEncryptionSet {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *BGPManagedConfig) DeepCopyInto(out *BGPManagedConfig) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BGPManagedConfig.
+func (in *BGPManagedConfig) DeepCopy() *BGPManagedConfig {
+ if in == nil {
+ return nil
+ }
+ out := new(BGPManagedConfig)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *BootImageSkewEnforcementConfig) DeepCopyInto(out *BootImageSkewEnforcementConfig) {
*out = *in
@@ -3665,6 +3681,22 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus {
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *NoOverlayOptions) DeepCopyInto(out *NoOverlayOptions) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NoOverlayOptions.
+func (in *NoOverlayOptions) DeepCopy() *NoOverlayOptions {
+ if in == nil {
+ return nil
+ }
+ out := new(NoOverlayOptions)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) {
*out = *in
@@ -4158,6 +4190,8 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) {
*out = new(IPv6OVNKubernetesConfig)
**out = **in
}
+ out.DefaultNetworkNoOverlayOptions = in.DefaultNetworkNoOverlayOptions
+ out.BGPManagedConfig = in.BGPManagedConfig
return
}
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
index e7c94e286..c35554548 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -330,6 +330,7 @@ networks.operator.openshift.io:
FeatureGates:
- AdditionalRoutingCapabilities
- NetworkLiveMigration
+ - NoOverlayMode
- RouteAdvertisements
FilenameOperatorName: network
FilenameOperatorOrdering: "01"
diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
index 06096a6c8..526e4c201 100644
--- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
+++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go
@@ -1669,6 +1669,16 @@ func (AdditionalRoutingCapabilities) SwaggerDoc() map[string]string {
return map_AdditionalRoutingCapabilities
}
+var map_BGPManagedConfig = map[string]string{
+ "": "BGPManagedConfig contains configuration options for BGP when routing is \"Managed\".",
+ "asNumber": "asNumber is the 2-byte or 4-byte Autonomous System Number (ASN) to be used in the generated FRR configuration. Valid values are 1 to 4294967295. When omitted, this defaults to 64512.",
+ "bgpTopology": "bgpTopology defines the BGP topology to be used. Allowed values are \"FullMesh\". When set to \"FullMesh\", every node deploys a BGP router, forming a BGP full mesh. This field is required when BGPManagedConfig is specified.",
+}
+
+func (BGPManagedConfig) SwaggerDoc() map[string]string {
+ return map_BGPManagedConfig
+}
+
var map_ClusterNetworkEntry = map[string]string{
"": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks",
}
@@ -1896,20 +1906,33 @@ func (NetworkStatus) SwaggerDoc() map[string]string {
return map_NetworkStatus
}
+var map_NoOverlayOptions = map[string]string{
+ "": "NoOverlayOptions contains configuration options for networks operating in no-overlay mode.",
+ "outboundSNAT": "outboundSNAT defines the SNAT behavior for outbound traffic from pods. Allowed values are \"Enabled\" and \"Disabled\". When set to \"Enabled\", SNAT is performed on outbound traffic from pods. When set to \"Disabled\", SNAT is not performed and pod IPs are preserved in outbound traffic. This field is required when the network operates in no-overlay mode.",
+ "routing": "routing specifies whether the pod network routing is managed by OVN-Kubernetes or users. Allowed values are \"Managed\" and \"Unmanaged\". When set to \"Managed\", OVN-Kubernetes manages the pod network routing configuration through BGP. When set to \"Unmanaged\", users are responsible for configuring the pod network routing. This field is required when the network operates in no-overlay mode.",
+}
+
+func (NoOverlayOptions) SwaggerDoc() map[string]string {
+ return map_NoOverlayOptions
+}
+
var map_OVNKubernetesConfig = map[string]string{
- "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project",
- "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400",
- "genevePort": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081",
- "hybridOverlayConfig": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.",
- "ipsecConfig": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.",
- "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.",
- "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.",
- "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16",
- "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64",
- "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.",
- "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.",
- "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.",
- "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".",
+ "": "ovnKubernetesConfig contains the configuration parameters for networks using the ovn-kubernetes network project",
+ "mtu": "mtu is the MTU to use for the tunnel interface. This must be 100 bytes smaller than the uplink mtu. Default is 1400",
+ "genevePort": "geneve port is the UDP port to be used by geneve encapulation. Default is 6081",
+ "hybridOverlayConfig": "hybridOverlayConfig configures an additional overlay network for peers that are not using OVN.",
+ "ipsecConfig": "ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.",
+ "policyAuditConfig": "policyAuditConfig is the configuration for network policy audit events. If unset, reported defaults are used.",
+ "gatewayConfig": "gatewayConfig holds the configuration for node gateway options.",
+ "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is 100.64.0.0/16",
+ "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. Default is fd98::/64",
+ "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.",
+ "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.",
+ "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.",
+ "routeAdvertisements": "routeAdvertisements determines if the functionality to advertise cluster network routes through a dynamic routing protocol, such as BGP, is enabled or not. This functionality is configured through the ovn-kubernetes RouteAdvertisements CRD. Requires the 'FRR' routing capability provider to be enabled as an additional routing capability. Allowed values are \"Enabled\", \"Disabled\" and ommited. When omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is \"Disabled\".",
+ "defaultNetworkTransport": "defaultNetworkTransport describes the transport protocol for east-west traffic for the default network. Allowed values are \"NoOverlay\" and \"Geneve\". When set to \"NoOverlay\", the default network operates in no-overlay mode. When set to \"Geneve\", the default network uses Geneve overlay. When omitted, this means the user has no opinion and the platform chooses a reasonable default which is subject to change over time. The current default is \"Geneve\".",
+ "defaultNetworkNoOverlayOptions": "defaultNetworkNoOverlayOptions contains configuration for no-overlay mode for the default network. It is required when DefaultNetworkTransport is \"NoOverlay\". When omitted, this means the user does not configure no-overlay mode options.",
+ "bgpManagedConfig": "bgpManagedConfig configures the BGP properties for networks (default network or CUDNs) in no-overlay mode that specify routing=\"Managed\" in their NoOverlayOptions. It is required when DefaultNetworkNoOverlayOptions.Routing is set to \"Managed\". When omitted, this means the user does not configure BGP for managed routing.",
}
func (OVNKubernetesConfig) SwaggerDoc() map[string]string {
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 3ebcde5a0..390cc3c86 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -62,7 +62,7 @@ github.com/modern-go/reflect2
# github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
## explicit
github.com/munnerz/goautoneg
-# github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7
+# github.com/openshift/api v0.0.0-20260105114749-aae5635a71a7 => github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866
## explicit; go 1.24.0
github.com/openshift/api
github.com/openshift/api/apiextensions
@@ -531,3 +531,4 @@ sigs.k8s.io/structured-merge-diff/v6/value
# sigs.k8s.io/yaml v1.6.0
## explicit; go 1.22
sigs.k8s.io/yaml
+# github.com/openshift/api => github.com/ricky-rav/api v0.0.0-20251215092810-0a87dc54a866