Merge branch 'network-operator-26.1.x' into forked-master

# Conflicts:
#	pkg/daemon/daemon_test.go

Author: heyvister1

.github/workflows/test.yml

@@ -122,26 +122,6 @@ jobs:
         with:
           severity: error
 
-  hadolint:
-    name: hadolint
-    runs-on: ubuntu-24.04
-    steps:
-    - name: checkout PR 
-      uses: actions/checkout@v5
-    - name: run hadolint on operator dockerfile
-      # using commit sha of the hadolint-action to preserve immutability
-      uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5
-      with:
-        dockerfile: Dockerfile
-    - name: run hadolint on config daemon dockerfile
-      uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5
-      with:
-        dockerfile: Dockerfile.sriov-network-config-daemon
-        ignore: DL3033
-    - name: run hadolint on webhook dockerfile
-      uses: hadolint/hadolint-action@2332a7b74a6de0dda2e2221d575162eba76ba5e5
-      with:
-        dockerfile: Dockerfile.webhook
   test-coverage:
     name: test-coverage
     runs-on: ubuntu-24.04

api/v1/helper.go

@@ -204,6 +204,29 @@ func GetEswitchModeFromStatus(ifaceStatus *InterfaceExt) string {
 	return ifaceStatus.EswitchMode
 }
 
+func NeedToUpdateDevlinkParams(desired *DevlinkParams, current *DevlinkParams) bool {
+	for _, dParam := range desired.Params {
+		found := false
+		for _, cParam := range current.Params {
+			if dParam.Name == cParam.Name {
+				found = true
+				if dParam.Value != cParam.Value {
+					log.V(0).Info("NeedToUpdateDevlinkParams(): DevlinkParam needs update",
+						"name", dParam.Name, "desired", dParam.Value, "current", cParam.Value)
+					return true
+				}
+				break
+			}
+		}
+		if !found {
+			log.V(0).Info("NeedToUpdateDevlinkParams(): DevlinkParam needs update - not found in status",
+				"name", dParam.Name, "desired", dParam.Value)
+			return true
+		}
+	}
+	return false
+}
+
 func NeedToUpdateSriov(ifaceSpec *Interface, ifaceStatus *InterfaceExt) bool {
 	if ifaceSpec.Mtu > 0 {
 		mtu := ifaceSpec.Mtu
@@ -282,6 +305,11 @@ func NeedToUpdateSriov(ifaceSpec *Interface, ifaceStatus *InterfaceExt) bool {
 			}
 		}
 	}
+
+	if NeedToUpdateDevlinkParams(&ifaceSpec.DevlinkParams, &ifaceStatus.DevlinkParams) {
+		return true
+	}
+
 	return false
 }
 
@@ -362,6 +390,7 @@ func (p *SriovNetworkNodePolicy) Apply(state *SriovNetworkNodeState, equalPriori
 				EswitchMode:       p.Spec.EswitchMode,
 				NumVfs:            p.Spec.NumVfs,
 				ExternallyManaged: p.Spec.ExternallyManaged,
+				DevlinkParams:     p.Spec.DevlinkParams,
 			}
 			if p.Spec.NumVfs > 0 {
 				group, err := p.generatePfNameVfGroup(&iface)
@@ -405,6 +434,18 @@ func (p *SriovNetworkNodePolicy) ApplyBridgeConfig(state *SriovNetworkNodeState)
 			return fmt.Errorf("software bridge management can't be used when link is externally managed")
 		}
 	}
+
+	// Set GroupingPolicy from policy to state
+	if p.Spec.Bridge.GroupingPolicy != "" {
+		state.Spec.Bridges.GroupingPolicy = p.Spec.Bridge.GroupingPolicy
+	}
+
+	// When groupingPolicy is "all", create a single bridge entry with all matching interfaces as uplinks.
+	// The daemon will use this to create the grouped bridge.
+	if p.Spec.Bridge.GroupingPolicy == consts.OvsGroupingPolicyAll {
+		return p.applyGroupedBridgeConfig(state)
+	}
+
 	for _, iface := range state.Status.Interfaces {
 		if p.Spec.NicSelector.Selected(&iface) {
 			if p.Spec.Bridge.OVS == nil {
@@ -451,6 +492,75 @@ func (p *SriovNetworkNodePolicy) ApplyBridgeConfig(state *SriovNetworkNodeState)
 	return nil
 }
 
+// applyGroupedBridgeConfig creates a single OVS bridge entry with all matching interfaces as uplinks
+// when groupingPolicy is "all". The first uplink will be used to create the bridge,
+// and the remaining uplinks will be added by the daemon using AddInterfaceToOVSBridge.
+func (p *SriovNetworkNodePolicy) applyGroupedBridgeConfig(state *SriovNetworkNodeState) error {
+	if p.Spec.Bridge.OVS == nil {
+		// No OVS config, nothing to do
+		return nil
+	}
+
+	// Collect all matching interfaces as uplinks
+	var uplinks []OVSUplinkConfigExt
+	for _, iface := range state.Status.Interfaces {
+		if p.Spec.NicSelector.Selected(&iface) {
+			uplink := OVSUplinkConfigExt{
+				PciAddress: iface.PciAddress,
+				Name:       iface.Name,
+				Interface:  p.Spec.Bridge.OVS.Uplink.Interface,
+			}
+			if p.Spec.Mtu > 0 {
+				mtu := p.Spec.Mtu
+				uplink.Interface.MTURequest = &mtu
+			}
+			uplinks = append(uplinks, uplink)
+		}
+	}
+
+	if len(uplinks) == 0 {
+		// No matching interfaces
+		return nil
+	}
+
+	// Sort uplinks by PciAddress for consistent ordering
+	sort.Slice(uplinks, func(i, j int) bool {
+		return uplinks[i].PciAddress < uplinks[j].PciAddress
+	})
+
+	// Create a single bridge with all uplinks
+	// Use the policy name as part of the bridge name for grouped bridges
+	brName := "br-" + p.Name
+	ovsBridge := OVSConfigExt{
+		Name:    brName,
+		Bridge:  p.Spec.Bridge.OVS.Bridge,
+		Uplinks: uplinks,
+	}
+
+	log.Info("Update grouped bridge for policy", "policy", p.Name, "bridge", brName, "uplinks", len(uplinks))
+
+	// Remove any existing individual per-PF bridges for the matching interfaces
+	for _, uplink := range uplinks {
+		state.Spec.Bridges.OVS = slices.DeleteFunc(state.Spec.Bridges.OVS, func(br OVSConfigExt) bool {
+			return slices.ContainsFunc(br.Uplinks, func(u OVSUplinkConfigExt) bool {
+				return u.PciAddress == uplink.PciAddress
+			})
+		})
+	}
+
+	// Add or update the grouped bridge
+	pos, exist := slices.BinarySearchFunc(state.Spec.Bridges.OVS, ovsBridge, func(x, y OVSConfigExt) int {
+		return strings.Compare(x.Name, y.Name)
+	})
+	if exist {
+		state.Spec.Bridges.OVS[pos] = ovsBridge
+	} else {
+		state.Spec.Bridges.OVS = slices.Insert(state.Spec.Bridges.OVS, pos, ovsBridge)
+	}
+
+	return nil
+}
+
 // mergeConfigs merges configs from multiple polices where the last one has the
 // highest priority. This merge is dependent on: 1. SR-IOV partition is
 // configured with the #-notation in pfName, 2. The VF groups are
@@ -957,7 +1067,9 @@ func GenerateBridgeName(iface *InterfaceExt) string {
 
 // NeedToUpdateBridges returns true if bridge for the host requires update
 func NeedToUpdateBridges(bridgeSpec, bridgeStatus *Bridges) bool {
-	return !equality.Semantic.DeepEqual(bridgeSpec, bridgeStatus)
+	// Compare only OVS configurations, not GroupingPolicy which is a policy directive
+	// and not something that exists in the actual OVS state
+	return !equality.Semantic.DeepEqual(bridgeSpec.OVS, bridgeStatus.OVS)
 }
 
 // SetKeepUntilTime sets an annotation to hold the "keep until time" for the node’s state.

api/v1/helper_test.go

@@ -1495,6 +1495,156 @@ func TestSriovNetworkNodePolicyApplyBridgeConfig(t *testing.T) {
 				},
 			}},
 		},
+		{
+			tname:        "groupingPolicy all - creates single bridge with all uplinks",
+			currentState: newNodeState(),
+			policy: &v1.SriovNetworkNodePolicy{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "rail-1",
+				},
+				Spec: v1.SriovNetworkNodePolicySpec{
+					DeviceType: consts.DeviceTypeNetDevice,
+					NicSelector: v1.SriovNetworkNicSelector{
+						RootDevices: []string{"0000:86:00.0", "0000:86:00.2"},
+					},
+					NodeSelector: map[string]string{
+						"feature.node.kubernetes.io/network-sriov.capable": "true",
+					},
+					NumVfs:       2,
+					Priority:     99,
+					EswitchMode:  "switchdev",
+					ResourceName: "p1res",
+					Bridge: v1.Bridge{
+						GroupingPolicy: consts.OvsGroupingPolicyAll,
+						OVS: &v1.OVSConfig{
+							Bridge: v1.OVSBridgeConfig{DatapathType: "netdev", FailMode: "secure"},
+							Uplink: v1.OVSUplinkConfig{
+								Interface: v1.OVSInterfaceConfig{
+									Type: "dpdk",
+								}},
+						}},
+				},
+			},
+			expectedBridges: v1.Bridges{
+				GroupingPolicy: consts.OvsGroupingPolicyAll,
+				OVS: []v1.OVSConfigExt{
+					{
+						Name:   "br-rail-1",
+						Bridge: v1.OVSBridgeConfig{DatapathType: "netdev", FailMode: "secure"},
+						Uplinks: []v1.OVSUplinkConfigExt{
+							{
+								Name:       "ens803f0",
+								PciAddress: "0000:86:00.0",
+								Interface:  v1.OVSInterfaceConfig{Type: "dpdk"},
+							},
+							{
+								Name:       "ens803f2",
+								PciAddress: "0000:86:00.2",
+								Interface:  v1.OVSInterfaceConfig{Type: "dpdk"},
+							},
+						},
+					},
+				}},
+		},
+		{
+			tname: "groupingPolicy all - removes existing per-PF bridges",
+			currentState: &v1.SriovNetworkNodeState{
+				Spec: v1.SriovNetworkNodeStateSpec{
+					Bridges: v1.Bridges{OVS: []v1.OVSConfigExt{
+						{
+							Name:   "br-0000_86_00.0",
+							Bridge: v1.OVSBridgeConfig{DatapathType: "old"},
+							Uplinks: []v1.OVSUplinkConfigExt{{
+								Name:       "ens803f0",
+								PciAddress: "0000:86:00.0",
+								Interface:  v1.OVSInterfaceConfig{Type: "old"},
+							}},
+						},
+						{
+							Name:   "br-0000_86_00.2",
+							Bridge: v1.OVSBridgeConfig{DatapathType: "old"},
+							Uplinks: []v1.OVSUplinkConfigExt{{
+								Name:       "ens803f2",
+								PciAddress: "0000:86:00.2",
+								Interface:  v1.OVSInterfaceConfig{Type: "old"},
+							}},
+						},
+					}},
+				},
+				Status: v1.SriovNetworkNodeStateStatus{
+					Interfaces: []v1.InterfaceExt{
+						{
+							VFs:        []v1.VirtualFunction{{}},
+							DeviceID:   "158b",
+							Driver:     "i40e",
+							Mtu:        1500,
+							Name:       "ens803f0",
+							PciAddress: "0000:86:00.0",
+							Vendor:     "8086",
+							NumVfs:     4,
+							TotalVfs:   64,
+						},
+						{
+							VFs:        []v1.VirtualFunction{{}},
+							DeviceID:   "158b",
+							Driver:     "i40e",
+							Mtu:        1500,
+							Name:       "ens803f2",
+							PciAddress: "0000:86:00.2",
+							Vendor:     "8086",
+							NumVfs:     4,
+							TotalVfs:   64,
+						},
+					},
+				}},
+			policy: &v1.SriovNetworkNodePolicy{
+				ObjectMeta: metav1.ObjectMeta{
+					Name: "grouped-bridge",
+				},
+				Spec: v1.SriovNetworkNodePolicySpec{
+					DeviceType: consts.DeviceTypeNetDevice,
+					NicSelector: v1.SriovNetworkNicSelector{
+						RootDevices: []string{"0000:86:00.0", "0000:86:00.2"},
+					},
+					NodeSelector: map[string]string{
+						"feature.node.kubernetes.io/network-sriov.capable": "true",
+					},
+					NumVfs:       2,
+					Priority:     99,
+					EswitchMode:  "switchdev",
+					ResourceName: "p1res",
+					Bridge: v1.Bridge{
+						GroupingPolicy: consts.OvsGroupingPolicyAll,
+						OVS: &v1.OVSConfig{
+							Bridge: v1.OVSBridgeConfig{DatapathType: "netdev"},
+							Uplink: v1.OVSUplinkConfig{
+								Interface: v1.OVSInterfaceConfig{
+									Type: "dpdk",
+								}},
+						}},
+				},
+			},
+			expectedBridges: v1.Bridges{
+				GroupingPolicy: consts.OvsGroupingPolicyAll,
+				OVS: []v1.OVSConfigExt{
+					{
+						Name:   "br-grouped-bridge",
+						Bridge: v1.OVSBridgeConfig{DatapathType: "netdev"},
+						Uplinks: []v1.OVSUplinkConfigExt{
+							{
+								Name:       "ens803f0",
+								PciAddress: "0000:86:00.0",
+								Interface:  v1.OVSInterfaceConfig{Type: "dpdk"},
+							},
+							{
+								Name:       "ens803f2",
+								PciAddress: "0000:86:00.2",
+								Interface:  v1.OVSInterfaceConfig{Type: "dpdk"},
+							},
+						},
+					},
+				}},
+		},
 	}
 	for _, tc := range testtable {
 		t.Run(tc.tname, func(t *testing.T) {
@@ -1538,6 +1688,18 @@ func TestNeedToUpdateBridges(t *testing.T) {
 			statusBridge:   &v1.Bridges{OVS: []v1.OVSConfigExt{}},
 			expectedResult: true,
 		},
+		{
+			tname: "no update required - groupingPolicy difference should be ignored",
+			specBridge: &v1.Bridges{
+				GroupingPolicy: "all",
+				OVS:            []v1.OVSConfigExt{{Name: "br-test", Bridge: v1.OVSBridgeConfig{DatapathType: "netdev"}}},
+			},
+			statusBridge: &v1.Bridges{
+				// Status doesn't have GroupingPolicy since it's not stored in OVS
+				OVS: []v1.OVSConfigExt{{Name: "br-test", Bridge: v1.OVSBridgeConfig{DatapathType: "netdev"}}},
+			},
+			expectedResult: false,
+		},
 	}
 	for _, tc := range testtable {
 		t.Run(tc.tname, func(t *testing.T) {