add support for provider network vlan interfaces

Author: abasitt

charts/kube-ovn-v2/crds/kube-ovn-crd.yaml

@@ -2916,6 +2916,15 @@ spec:
                   type: array
                   items:
                     type: string
+                preserveVlanInterfaces:
+                  type: boolean
+                  description: Enable automatic detection and preservation of VLAN interfaces
+                vlanInterfaces:
+                  type: array
+                  items:
+                    type: string
+                    pattern: '^[a-zA-Z0-9_-]+\.[0-9]{1,4}$'
+                  description: Optional explicit list of VLAN interface names to preserve (e.g., eth0.10, bond0.20)
               required:
                 - defaultInterface
             status:

charts/kube-ovn/templates/kube-ovn-crd.yaml

@@ -2916,6 +2916,15 @@ spec:
                   type: array
                   items:
                     type: string
+                preserveVlanInterfaces:
+                  type: boolean
+                  description: Enable automatic detection and preservation of VLAN interfaces
+                vlanInterfaces:
+                  type: array
+                  items:
+                    type: string
+                    pattern: '^[a-zA-Z0-9_-]+\.[0-9]{1,4}$'
+                  description: Optional explicit list of VLAN interface names to preserve (e.g., eth0.10, bond0.20)
               required:
                 - defaultInterface
             status:

pkg/apis/kubeovn/v1/provider-network.go

@@ -37,6 +37,10 @@ type ProviderNetworkSpec struct {
 	NodeSelector     *metav1.LabelSelector `json:"nodeSelector,omitempty"`
 	ExcludeNodes     []string              `json:"excludeNodes,omitempty"`
 	ExchangeLinkName bool                  `json:"exchangeLinkName,omitempty"`
+	// Enable automatic detection and preservation of existing VLAN interfaces on the default interface
+	PreserveVlanInterfaces bool `json:"preserveVlanInterfaces,omitempty"`
+	// Explicit list of VLAN interface names to preserve (e.g., eth0.10, bond0.20)
+	VlanInterfaces   []string          `json:"vlanInterfaces,omitempty"`
 }
 
 type ProviderNetworkCondition struct {

pkg/daemon/controller.go

@@ -360,6 +360,7 @@ func (c *Controller) initProviderNetwork(pn *kubeovnv1.ProviderNetwork, node *v1
 		fmt.Sprintf(util.ProviderNetworkInterfaceTemplate, pn.Name): nil,
 		fmt.Sprintf(util.ProviderNetworkMtuTemplate, pn.Name):       nil,
 		fmt.Sprintf(util.ProviderNetworkExcludeTemplate, pn.Name):   nil,
+		fmt.Sprintf(util.ProviderNetworkVlanIntTemplate, pn.Name):   nil,
 	}
 
 	vlans := strset.NewWithSize(len(pn.Status.Vlans) + 1)
@@ -378,10 +379,52 @@ func (c *Controller) initProviderNetwork(pn *kubeovnv1.ProviderNetwork, node *v1
 	// always add trunk 0 so that the ovs bridge can communicate with the external network
 	vlans.Add("0")
 
+	// VLAN sub-interface handling - use map for efficiency
+	vlanInterfaceMap := make(map[string]int) // interfaceName -> vlanID
+
+	// Process explicitly specified VLAN interfaces
+	if len(pn.Spec.VlanInterfaces) > 0 {
+		klog.Infof("Processing %d explicitly specified VLAN interfaces", len(pn.Spec.VlanInterfaces))
+		for _, vlanIfName := range pn.Spec.VlanInterfaces {
+			if util.CheckInterfaceExists(vlanIfName) {
+				// Extract VLAN ID from interface name (e.g., "eth0.10" -> 10)
+				vlanID, err := util.ExtractVlanIDFromInterface(vlanIfName)
+				if err != nil {
+					klog.Warningf("Failed to extract VLAN ID from interface %s: %v", vlanIfName, err)
+					continue
+				}
+				vlanInterfaceMap[vlanIfName] = vlanID
+				vlans.Add(strconv.Itoa(vlanID))
+				klog.V(3).Infof("Added explicit VLAN interface %s (VLAN ID %d)", vlanIfName, vlanID)
+			} else {
+				klog.Warningf("Explicitly specified VLAN interface %s does not exist, skipping", vlanIfName)
+			}
+		}
+	}
+
+	// Auto-detection of additional VLAN interfaces (if enabled)
+	if pn.Spec.PreserveVlanInterfaces {
+		klog.Infof("Auto-detecting VLAN interfaces on %s", nic)
+		vlanIDs := util.DetectVlanInterfaces(nic)
+		for _, vlanID := range vlanIDs {
+			vlanIfName := fmt.Sprintf("%s.%d", nic, vlanID)
+			// Only add if not already explicitly specified
+			if _, exists := vlanInterfaceMap[vlanIfName]; !exists {
+				vlanInterfaceMap[vlanIfName] = vlanID
+				vlans.Add(strconv.Itoa(vlanID))
+				klog.V(3).Infof("Auto-detected VLAN interface %s (VLAN ID %d)", vlanIfName, vlanID)
+			} else {
+				klog.V(3).Infof("VLAN interface %s already explicitly specified, skipping auto-detection", vlanIfName)
+			}
+		}
+		klog.Infof("Auto-detected %d additional VLAN interfaces for %s", len(vlanIDs), nic)
+	}
+
 	var mtu int
 	var err error
 	klog.V(3).Infof("ovs init provider network %s", pn.Name)
-	if mtu, err = c.ovsInitProviderNetwork(pn.Name, nic, vlans.List(), pn.Spec.ExchangeLinkName, c.config.MacLearningFallback); err != nil {
+	// Configure main interface with ALL VLANs (including detected ones) in trunk
+	if mtu, err = c.ovsInitProviderNetwork(pn.Name, nic, vlans.List(), pn.Spec.ExchangeLinkName, c.config.MacLearningFallback, vlanInterfaceMap); err != nil {
 		delete(patch, fmt.Sprintf(util.ProviderNetworkExcludeTemplate, pn.Name))
 		if err1 := util.PatchLabels(c.config.KubeClient.CoreV1().Nodes(), node.Name, patch); err1 != nil {
 			klog.Errorf("failed to patch annotations of node %s: %v", node.Name, err1)
@@ -393,6 +436,9 @@ func (c *Controller) initProviderNetwork(pn *kubeovnv1.ProviderNetwork, node *v1
 	patch[fmt.Sprintf(util.ProviderNetworkReadyTemplate, pn.Name)] = "true"
 	patch[fmt.Sprintf(util.ProviderNetworkInterfaceTemplate, pn.Name)] = nic
 	patch[fmt.Sprintf(util.ProviderNetworkMtuTemplate, pn.Name)] = strconv.Itoa(mtu)
+	if len(vlanInterfaceMap) > 0 {
+		patch[fmt.Sprintf(util.ProviderNetworkVlanIntTemplate, pn.Name)] = "true"
+	}
 	if err = util.PatchLabels(c.config.KubeClient.CoreV1().Nodes(), node.Name, patch); err != nil {
 		klog.Errorf("failed to patch labels of node %s: %v", node.Name, err)
 		return err
@@ -481,6 +527,7 @@ func (c *Controller) handleDeleteProviderNetwork(pn *kubeovnv1.ProviderNetwork)
 		fmt.Sprintf(util.ProviderNetworkInterfaceTemplate, pn.Name): nil,
 		fmt.Sprintf(util.ProviderNetworkMtuTemplate, pn.Name):       nil,
 		fmt.Sprintf(util.ProviderNetworkExcludeTemplate, pn.Name):   nil,
+		fmt.Sprintf(util.ProviderNetworkVlanIntTemplate, pn.Name):   nil,
 	}
 	if err = util.PatchLabels(c.config.KubeClient.CoreV1().Nodes(), node.Name, patch); err != nil {
 		klog.Errorf("failed to patch labels of node %s: %v", node.Name, err)

pkg/daemon/init.go

@@ -97,8 +97,7 @@ func InitMirror(config *Configuration) error {
 	return configureEmptyMirror(config.MirrorNic, config.MTU)
 }
 
-func (c *Controller) ovsInitProviderNetwork(provider, nic string, trunks []string, exchangeLinkName, macLearningFallback bool) (int, error) {
-	// create and configure external bridge
+func (c *Controller) ovsInitProviderNetwork(provider, nic string, trunks []string, exchangeLinkName, macLearningFallback bool, vlanInterfaceMap map[string]int) (int, error) {	// create and configure external bridge
 	brName := util.ExternalBridgeName(provider)
 	if exchangeLinkName {
 		exchanged, err := c.changeProvideNicName(nic, brName)
@@ -112,7 +111,7 @@ func (c *Controller) ovsInitProviderNetwork(provider, nic string, trunks []strin
 	}
 
 	klog.V(3).Infof("configure external bridge %s", brName)
-	if err := c.configExternalBridge(provider, brName, nic, exchangeLinkName, macLearningFallback); err != nil {
+	if err := c.configExternalBridge(provider, brName, nic, exchangeLinkName, macLearningFallback, vlanInterfaceMap); err != nil {
 		errMsg := fmt.Errorf("failed to create and configure external bridge %s: %w", brName, err)
 		klog.Error(errMsg)
 		return 0, errMsg
@@ -134,6 +133,15 @@ func (c *Controller) ovsInitProviderNetwork(provider, nic string, trunks []strin
 		return 0, errMsg
 	}
 
+	// add vlan interfaces to the external bridge
+	if len(vlanInterfaceMap) > 0 {
+		if err = c.configProviderVlanInterfaces(vlanInterfaceMap, brName); err != nil {
+			errMsg := fmt.Errorf("failed to add vlan interfaces to external bridge %s: %w", brName, err)
+			klog.Error(errMsg)
+			return 0, errMsg
+		}
+	}
+
 	return mtu, nil
 }
 
@@ -183,10 +191,19 @@ func (c *Controller) ovsCleanProviderNetwork(provider string) error {
 				if output != "" {
 					continue
 				}
-				klog.Infof("removing ovs port %s from bridge %s", port, brName)
-				if err = c.removeProviderNic(port, brName); err != nil {
-					klog.Errorf("failed to remove port %s from external bridge %s: %v", port, brName, err)
-					return err
+				// Check if this is a VLAN internal port (e.g., br-eth0-vlan10)
+				if matched, vlanID := util.IsVlanInternalPort(port); matched {
+					klog.Infof("removing VLAN internal port %s (VLAN %d) from bridge %s", port, vlanID, brName)
+					if err = c.removeProviderVlanInterface(port, brName, vlanID); err != nil {
+						klog.Errorf("failed to remove VLAN internal port %s from external bridge %s: %v", port, brName, err)
+						return err
+					}
+				} else {
+					klog.Infof("removing ovs port %s from bridge %s", port, brName)
+					if err = c.removeProviderNic(port, brName); err != nil {
+						klog.Errorf("failed to remove port %s from external bridge %s: %v", port, brName, err)
+						return err
+					}
 				}
 				klog.Infof("ovs port %s has been removed from bridge %s", port, brName)
 			}

pkg/daemon/ovs.go

@@ -233,7 +233,7 @@ func removeOvnMapping(name, key string) error {
 	return setOvnMappings(name, mappings)
 }
 
-func (c *Controller) configExternalBridge(provider, bridge, nic string, exchangeLinkName, macLearningFallback bool) error {
+func (c *Controller) configExternalBridge(provider, bridge, nic string, exchangeLinkName, macLearningFallback bool, vlanInterfaceMap map[string]int) error {
 	// check if nic exists before configuring external bridge
 	nicExists, err := linkExists(nic)
 	if err != nil {
@@ -243,6 +243,8 @@ func (c *Controller) configExternalBridge(provider, bridge, nic string, exchange
 		return fmt.Errorf("nic %s does not exist", nic)
 	}
 
+	klog.Infof("Configuring external bridge %s for provider %s, nic %s, and vlan interfaces %v", bridge, provider, nic, vlanInterfaceMap)
+
 	brExists, err := ovs.BridgeExists(bridge)
 	if err != nil {
 		return fmt.Errorf("failed to check OVS bridge existence: %w", err)
@@ -266,16 +268,37 @@ func (c *Controller) configExternalBridge(provider, bridge, nic string, exchange
 	}
 	if output != "" {
 		for port := range strings.SplitSeq(output, "\n") {
-			if port != nic {
-				ok, err := ovs.ValidatePortVendor(port)
-				if err != nil {
-					return fmt.Errorf("failed to check vendor of port %s: %w", port, err)
+			// Skip the main NIC or VLAN subinterfaces belonging to it
+			if port == nic {
+				klog.Infof("Skipping main NIC port %s on bridge %s", port, bridge)
+				continue
+			}
+			// Check if this port is a VLAN internal port we created (e.g., br-eth0-vlan10)
+			isVlanInternalPort := false
+			for vlanIf, vlanID := range vlanInterfaceMap {
+				expectedInternalPort := fmt.Sprintf("%s-vlan%d", bridge, vlanID)
+				if port == expectedInternalPort {
+					klog.Infof("Preserving VLAN internal port %s for VLAN interface %s on bridge %s", port, vlanIf, bridge)
+					isVlanInternalPort = true
+					break
 				}
-				if ok {
-					if err = c.removeProviderNic(port, bridge); err != nil {
-						return fmt.Errorf("failed to remove port %s from OVS bridge %s: %w", port, bridge, err)
-					}
+			}
+			if isVlanInternalPort {
+				continue
+			}
+
+			ok, err := ovs.ValidatePortVendor(port)
+			if err != nil {
+				return fmt.Errorf("failed to check vendor of port %s: %w", port, err)
+			}
+
+			if ok {
+				klog.Infof("Removing unmanaged port %s from bridge %s", port, bridge)
+				if err = c.removeProviderNic(port, bridge); err != nil {
+					return fmt.Errorf("failed to remove port %s from OVS bridge %s: %w", port, bridge, err)
 				}
+			} else {
+				klog.Infof("Port %s on bridge %s has different vendor, skipping removal", port, bridge)
 			}
 		}
 	}