Kubeovn network attachment definition (multus) as default network fails.

[nics90]

Bug Report

While creating kubevirt VM, when we add network of type multus, we are unable to set "vmi.spec.network.multus" to true when network-attachment-definition is created of type kubeovn. This is the only way to control default network when multiple networks are attached to VM and also to assign DHCP ip with with proper gateway

This issue is being seen in all 1.12.x versions. However it works perfectly fine in 1.11.x versions

Expected Behavior

virt-launcher pod should be created with a corresponding vswitch in the annotation and IP of the virt-launcher pod and vmi should be assigned from the custom subnet & Network Attachment Definition

Actual Behavior

VMI and virt-launcher is getting created in "ovn-default" subnet

Steps to Reproduce the Problem

1. Create Network Attachment Definition of type kubeovn

   apiVersion: k8s.cni.cncf.io/v1
   kind: NetworkAttachmentDefinition
   metadata:
   annotations:
   available: "true"
   networkTypeCode: smo
   networkZone: default
   creationTimestamp: "2023-12-24T10:01:02Z"
   generation: 1
   name: test-default-98fl8
   namespace: kube-system
   resourceVersion: "3400883"
   uid: 484938ec-8892-476d-adb7-5cecad974c45
   spec:
   config: '{"cniVersion":"0.4.0","type":"kube-ovn","server_socket":"/run/openvswitch/kube-ovn-daemon.sock","provider":"test-default-98fl8.vm-registry.ovn"}'

   apiVersion: k8s.cni.cncf.io/v1
   kind: NetworkAttachmentDefinition
   metadata:
   annotations:
   available: "false"
   networkTypeCode: smo
   networkZone: default
   creationTimestamp: "2023-12-24T10:01:02Z"
   generation: 1
   name: test-default-98fl8
   namespace: vm-registry
   resourceVersion: "3402131"
   uid: 7f3ddda9-377b-42e7-8d4f-16a321dd630d
   spec:
   config: '{"cniVersion":"0.4.0","type":"kube-ovn","server_socket":"/run/openvswitch/kube-ovn-daemon.sock","provider":"test-default-98fl8.vm-registry.ovn"}'

2. Create Subnet and set provider to map to previously created Network Attachment Definition

root@k8s-devmaster01:~# kubectl get subnet test-default-sub -o yaml
apiVersion: kubeovn.io/v1
kind: Subnet
metadata:
  annotations:
    mac: 00:00:00:E4:31:11
  creationTimestamp: "2023-12-24T10:01:39Z"
  finalizers:
  - kube-ovn-controller
  generation: 2
  labels:
    nadName: test-default-98fl8
    networkzone: default
    nwTypeCode: smo
    subnetns.tatacommunications.com: vm-registry
  name: test-default-sub
  resourceVersion: "27687825"
  uid: 327c380d-7efc-4917-8058-2eeb124b11e2
spec:
  cidrBlock: 10.99.99.0/24
  default: false
  enableLb: true
  excludeIps:
  - 10.99.99.1
  gateway: 10.99.99.1
  gatewayNode: ""
  gatewayType: distributed
  natOutgoing: true
  private: false
  protocol: IPv4
  provider: test-default-98fl8.vm-registry.ovn
  vpc: ovn-cluster

3. Create VM or VMI with below mentioned spec where Network Attachment definition is added as Network and set default to true ---

apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
  annotations:
    assignedIps: ',10.99.99.2'
    kubevirt.io/latest-observed-api-version: v1
    kubevirt.io/storage-observed-api-version: v1
    mgmtnw: ""
  creationTimestamp: "2024-01-05T08:11:48Z"
  finalizers:
  - kubevirt.io/virtualMachineControllerFinalize
  generation: 7
  name: test-vysh-defaul-fip
  namespace: vm-registry
  resourceVersion: "27687998"
  uid: 639977a6-5e87-4ab7-bd62-838bf8014169
spec:
  dataVolumeTemplates:
  - metadata:
      annotations:
        ImageType: golden
        com.tcl.fusionstack.vm.images: vm-registry/ubuntu-2004
      creationTimestamp: null
      name: test-vysh-defaul-fip-bootdisk
      namespace: vm-registry
    spec:
      pvc:
        accessModes:
        - ReadWriteMany
        resources:
          requests:
            storage: 20Gi
        volumeMode: Block
      source:
        registry:
          url: docker://tcl1/ubuntu-x86_64:20.04
  running: true
  template:
    metadata:
      annotations:
        k8s.v1.cni.cncf.io/networks: vm-registry/test-default-98fl8
        ovn.kubernetes.io/eip: 100.130.105.40
        ovn.kubernetes.io/logical_switch: test-default-sub
        test-default-98fl8.vm-registry.ovn.kubernetes.io/ip_address: 10.99.99.2
        test-default-98fl8.vm-registry.ovn.kubernetes.io/mac_address: 00:00:00:98:70:F9
      creationTimestamp: null
    spec:
      architecture: amd64
      dnsConfig:
        nameservers:
        - 8.8.8.8
        - 8.8.4.4
      domain:
        cpu:
          cores: 4
        devices:
          disks:
          - bootOrder: 1
            disk:
              bus: virtio
            name: bootdisk
          - disk:
              bus: virtio
            name: cloudinitdisk-1
          interfaces:
          - bridge: {}
            macAddress: 00:00:00:98:70:F9
            model: virtio
            name: nic-0
          networkInterfaceMultiqueue: true
        machine:
          type: q35
        resources:
          limits:
            cpu: "4"
            memory: 4Gi
          requests:
            cpu: "4"
            memory: 4Gi
      networks:
      - multus:
          default: true
          networkName: test-default-98fl8
        name: nic-0
      volumes:
      - dataVolume:
          name: test-vysh-defaul-fip-bootdisk
        name: bootdisk
      - cloudInitConfigDrive:
          networkDataSecretRef:
            name: vm-nw-secret-test-vysh-defaul-fip
          userData: |-
            #!/bin/sh
            echo "Hello World!"
            echo "This will run as soon as possible in the boot sequence"
            useradd mediaadm
            mkdir /home/mediaadm
            chown mediaadm:mediaadm /home/mediaadm
            usermod -aG sudo mediaadm
            echo "mediaadm:tatacomm" |sudo chpasswd
            sudo sed -i "s/PasswordAuthentication no/PasswordAuthentication yes/g" /etc/ssh/sshd_config
            sudo /etc/init.d/ssh restart
            sudo iptables -F
            chsh -s /bin/bash mediaadm
            usermod -g 1000 mediaadm
        name: cloudinitdisk-1
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2024-01-10T06:29:08Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: null
    status: "True"
    type: LiveMigratable
  created: true
  desiredGeneration: 7
  observedGeneration: 7
  printableStatus: Running
  ready: true
  volumeSnapshotStatuses:
  - enabled: true
    name: bootdisk
  - enabled: false
    name: cloudinitdisk-1
    reason: Snapshot is not supported for this volumeSource type [cloudinitdisk-1]

apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "kube-ovn",
          "interface": "eth0",
          "ips": [
              "10.233.64.2"
          ],
          "mac": "00:00:00:65:2C:54",
          "default": true,
          "dns": {}
      }]
    k8s.v1.cni.cncf.io/networks-status: |-
      [{
          "name": "kube-ovn",
          "interface": "eth0",
          "ips": [
              "10.233.64.2"
          ],
          "mac": "00:00:00:65:2C:54",
          "default": true,
          "dns": {}
      }]
    ovn.kubernetes.io/allocated: "true"
    ovn.kubernetes.io/cidr: 10.233.64.0/18
    ovn.kubernetes.io/gateway: 10.233.64.1
    ovn.kubernetes.io/ip_address: 10.233.64.2
    ovn.kubernetes.io/logical_router: ovn-cluster
    ovn.kubernetes.io/logical_switch: ovn-default
    ovn.kubernetes.io/mac_address: 00:00:00:65:2C:54
    ovn.kubernetes.io/pod_nic_type: veth-pair
    ovn.kubernetes.io/routed: "true"
    ovn.kubernetes.io/virtualmachine: test-vysh-defaul-fip
  creationTimestamp: "2024-01-10T06:28:47Z"
  generateName: virt-launcher-test-vysh-defaul-fip-
  labels:
    kubevirt.io: virt-launcher
    kubevirt.io/created-by: 21d75a2b-1ced-4407-b02b-641d08f4a9f1
    kubevirt.io/nodeName: k8s-devmaster01
    vm.kubevirt.io/name: test-vysh-defaul-fip
  name: virt-launcher-test-vysh-defaul-fip-7lsk5
  namespace: vm-registry
  ownerReferences:
  - apiVersion: kubevirt.io/v1
    blockOwnerDeletion: true
    controller: true
    kind: VirtualMachineInstance
    name: test-vysh-defaul-fip
    uid: 21d75a2b-1ced-4407-b02b-641d08f4a9f1
  resourceVersion: "27687956"
  uid: 20e490f3-d302-44cd-8d54-c0fc5a9d2d68
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
        - matchExpressions:
          - key: node-labeller.kubevirt.io/obsolete-host-model
            operator: DoesNotExist
  automountServiceAccountToken: false
  containers:
  - command:
    - /usr/bin/virt-launcher-monitor
    - --qemu-timeout
    - 253s
    - --name
    - test-vysh-defaul-fip
    - --uid
    - 21d75a2b-1ced-4407-b02b-641d08f4a9f1
    - --namespace
    - vm-registry
    - --kubevirt-share-dir
    - /var/run/kubevirt
    - --ephemeral-disk-dir
    - /var/run/kubevirt-ephemeral-disks
    - --container-disk-dir
    - /var/run/kubevirt/container-disks
    - --grace-period-seconds
    - "45"
    - --hook-sidecars
    - "0"
    - --ovmf-path
    - /usr/share/OVMF
    - --run-as-nonroot
    env:
    - name: XDG_CACHE_HOME
      value: /var/run/kubevirt-private
    - name: XDG_CONFIG_HOME
      value: /var/run/kubevirt-private
    - name: XDG_RUNTIME_DIR
      value: /var/run
    - name: KUBEVIRT_RESOURCE_NAME_nic-0
    - name: POD_NAME
      valueFrom:
        fieldRef:
          apiVersion: v1
          fieldPath: metadata.name
    image: quay.io/kubevirt/virt-launcher:v1.0.1
    imagePullPolicy: IfNotPresent
    name: compute
    resources:
      limits:
        cpu: "4"
        devices.kubevirt.io/kvm: "1"
        devices.kubevirt.io/tun: "1"
        devices.kubevirt.io/vhost-net: "1"
        memory: "4582277121"
      requests:
        cpu: "4"
        devices.kubevirt.io/kvm: "1"
        devices.kubevirt.io/tun: "1"
        devices.kubevirt.io/vhost-net: "1"
        ephemeral-storage: 50M
        memory: "4582277121"
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        add:
        - NET_BIND_SERVICE
        drop:
        - ALL
      privileged: false
      runAsGroup: 107
      runAsNonRoot: true
      runAsUser: 107
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeDevices:
    - devicePath: /dev/bootdisk
      name: bootdisk
    volumeMounts:
    - mountPath: /var/run/kubevirt-private
      name: private
    - mountPath: /var/run/kubevirt
      name: public
    - mountPath: /var/run/kubevirt-ephemeral-disks
      name: ephemeral-disks
    - mountPath: /var/run/kubevirt/container-disks
      mountPropagation: HostToContainer
      name: container-disks
    - mountPath: /var/run/libvirt
      name: libvirt-runtime
    - mountPath: /var/run/kubevirt/sockets
      name: sockets
    - mountPath: /var/run/kubevirt-private/secret/cloudinitdisk-1/networkdata
      name: cloudinitdisk-1-ndata
      readOnly: true
      subPath: networkdata
    - mountPath: /var/run/kubevirt-private/secret/cloudinitdisk-1/networkData
      name: cloudinitdisk-1-ndata
      readOnly: true
      subPath: networkData
    - mountPath: /var/run/kubevirt/hotplug-disks
      mountPropagation: HostToContainer
      name: hotplug-disks
  dnsConfig:
    nameservers:
    - 8.8.8.8
    - 8.8.4.4
  dnsPolicy: ClusterFirst
  enableServiceLinks: false
  hostname: test-vysh-defaul-fip
  nodeName: k8s-devmaster01
  nodeSelector:
    kubernetes.io/arch: amd64
    kubevirt.io/schedulable: "true"
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  readinessGates:
  - conditionType: kubevirt.io/virtual-machine-unpaused
  restartPolicy: Never
  schedulerName: default-scheduler
  securityContext:
    fsGroup: 107
    runAsGroup: 107
    runAsNonRoot: true
    runAsUser: 107
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 60
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - emptyDir: {}
    name: private
  - emptyDir: {}
    name: public
  - emptyDir: {}
    name: sockets
  - emptyDir: {}
    name: virt-bin-share-dir
  - emptyDir: {}
    name: libvirt-runtime
  - emptyDir: {}
    name: ephemeral-disks
  - emptyDir: {}
    name: container-disks
  - name: bootdisk
    persistentVolumeClaim:
      claimName: test-vysh-defaul-fip-bootdisk
  - name: cloudinitdisk-1-ndata
    secret:
      defaultMode: 420
      secretName: vm-nw-secret-test-vysh-defaul-fip
  - emptyDir: {}
    name: hotplug-disks
status:
  conditions:
  - lastProbeTime: "2024-01-10T06:28:47Z"
    lastTransitionTime: "2024-01-10T06:28:47Z"
    message: the virtual machine is not paused
    reason: NotPaused
    status: "True"
    type: kubevirt.io/virtual-machine-unpaused
  - lastProbeTime: null
    lastTransitionTime: "2024-01-10T06:28:47Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2024-01-10T06:29:08Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2024-01-10T06:29:08Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2024-01-10T06:28:47Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: containerd://55f066e7ce48c61a63686c3eb2756750194882332750aeb66083886c68346978
    image: quay.io/kubevirt/virt-launcher:v1.0.1
    imageID: quay.io/kubevirt/virt-launcher@sha256:4c5fce3de2e2589197de72fb0c9436490ea318aca952c05a622c43e067023f35
    lastState: {}
    name: compute
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2024-01-10T06:29:07Z"
  hostIP: 100.130.101.16
  phase: Running
  podIP: 10.233.64.2
  podIPs:
  - ip: 10.233.64.2
  qosClass: Guaranteed
  startTime: "2024-01-10T06:28:47Z"

Additional Info

After the VM creation VMI and virt-launcher pod gets wrong IP from ovn-default instead of “test-default-sub”

virt-launcher pod has no annotation related to vswitch that corresponds to the subnet created above (full yaml is attached)

• Kubernetes version:

  Output of kubectl version:

  root@k8s-devmaster01:~# kubectl version
  WARNING: This version information is deprecated and will be replaced with the output from kubectl version --short.  Use --output=yaml|json to get the full version.
  Client Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.0", GitCommit:"4ce5a8954017644c5420bae81d72b09b735c21f0", GitTreeState:"clean", BuildDate:"2022-05-03T13:46:05Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}
  Kustomize Version: v4.5.4
  Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.0", GitCommit:"4ce5a8954017644c5420bae81d72b09b735c21f0", GitTreeState:"clean", BuildDate:"2022-05-03T13:38:19Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}
  

• kube-ovn version:

  root@k8s-devmaster01:~# kubectl get po -n kube-system kube-ovn-controller-55bc486b5-74qv9 -o yaml|grep image
  image: docker.io/kubeovn/kube-ovn:v1.12.3
  imagePullPolicy: IfNotPresent
  image: docker.io/kubeovn/kube-ovn:v1.12.3
  imageID: [docker.io/kubeovn/kube-ovn@sha256:5634c94cfda7453174604788b41512c0df5e062666b15eccafca4a6d0cc9a105](mailto:docker.io/kubeovn/kube-ovn@sha256:5634c94cfda7453174604788b41512c0df5e062666b15eccafca4a6d0cc9a105)
  

• operation-system/kernel version:

  Output of awk -F '=' '/PRETTY_NAME/ { print $2 }' /etc/os-release: Output of uname -r:

  
  NAME="Ubuntu"
  VERSION="20.04.6 LTS (Focal Fossa)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 20.04.6 LTS"
  VERSION_ID="20.04"
  VERSION_CODENAME=focal
  UBUNTU_CODENAME=focal

Linux k8s-devmaster01 5.4.0-169-generic #187-Ubuntu SMP Thu Nov 23 14:52:28 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

<!-- Any other additional information -->

[vysr2939]

I am seeing the same issue... @nics90 / @bobz965 is there any workaround you are aware till the bug is fixed? I am trying to attach multiple non default subnets though multus to kubevirt VM and unable to push default route.

[nics90]

@bobz965 : Could you please suggest any workaround till the time fix is available or let me know if any help is required in fixing the bug.

[bobz965]

@bobz965 : Could you please suggest any workaround till the time fix is available or let me know if any help is required in fixing the bug.

I will try to fix it next week.

[nics90]

@bobz965 : Did you get chance to look into this issue ?

[bobz965]

@bobz965 : Did you get chance to look into this issue ?

sorry, not yet. too busy, please wait, thanks

[nics90]

Understand @bobz965, please let us know if I can help anyhow, since this issue is a blocker for us.

[bobz965]

Understand @bobz965, please let us know if I can help anyhow, since this issue is a blocker for us.

ok. thanks

[bobz965]

hi @nics90 , I retest the issue in master, seems no problem

root@empty:~/test1/multus# k get subnet
NAME                       PROVIDER                               VPC             PROTOCOL   CIDR            PRIVATE   NAT     DEFAULT   GATEWAYTYPE   V4USED   V4AVAILABLE   V6USED   V6AVAILABLE   EXCLUDEIPS                                 U2OINTERCONNECTIONIP
join                       ovn                                    ovn-cluster     IPv4       100.64.0.0/16   false     false   false     distributed   2        65531         0        0             ["100.64.0.1"]
overlay-subnet-111315925   ovn                                    vpc-151919753   IPv4       10.0.0.0/24     false     false   false     distributed   5        248           0        0             ["10.0.0.1"]
ovn-default                ovn                                    ovn-cluster     IPv4       10.16.0.0/16    false     true    true      distributed   4        65529         0        0             ["10.16.0.1"]
ovn-vpc-external-network   ovn-vpc-external-network.kube-system                   IPv4       172.22.0.0/16   false     false   false     distributed   6        65525         0        0             ["172.22.0.1","172.22.0.2","172.22.0.3"]
root@empty:~/test1/multus#

root@empty:~/test1/multus# cat multi-nic.yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/networks: kube-system/ovn-vpc-external-network
    ovn.kubernetes.io/logical_switch: overlay-subnet-111315925 # default network is a custom vpc subnet
  name: multi-nic
  namespace: kube-system
spec:
  affinity: {}
  containers:
  - args:
    - -c
    - while true; do sleep 10000; done
    command:
    - bash
    image: docker.io/kubeovn/vpc-nat-gateway:v1.13.0
    imagePullPolicy: IfNotPresent
    name: vpc-nat-gw
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      privileged: true
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
root@empty:~/test1/multus#

# after I apply the Yaml, then i get pod which use the custom vpc subnetwork

root@empty:~/test1/multus# k exec -it  -n kube-system   multi-nic  -- bash
multi-nic:/kube-ovn#
multi-nic:/kube-ovn#
multi-nic:/kube-ovn# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo
       valid_lft forever preferred_lft forever
2: net1@if42: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether da:22:ad:f7:d3:fd brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 172.22.0.9/16 brd 172.22.255.255 scope global net1
       valid_lft forever preferred_lft forever
    inet6 fe80::d822:adff:fef7:d3fd/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever
63: eth0@if64: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1400 qdisc noqueue state UP group default
    link/ether 00:00:00:59:15:37 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.0.5/24 brd 10.0.0.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::200:ff:fe59:1537/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

root@empty:~/test1/multus# k get po -n kube-system   multi-nic -o yaml
apiVersion: v1
kind: Pod
metadata:
  annotations:
    k8s.v1.cni.cncf.io/network-status: |-
      [{
          "name": "kube-ovn",
          "interface": "eth0",
          "ips": [
              "10.0.0.5"
          ],
          "mac": "00:00:00:59:15:37",
          "default": true,
          "dns": {},
          "gateway": [
              "10.0.0.1"
          ]
      },{
          "name": "kube-system/ovn-vpc-external-network",
          "interface": "net1",
          "ips": [
              "172.22.0.9"
          ],
          "mac": "da:22:ad:f7:d3:fd",
          "dns": {}
      }]
    k8s.v1.cni.cncf.io/networks: kube-system/ovn-vpc-external-network
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Pod","metadata":{"annotations":{"k8s.v1.cni.cncf.io/networks":"kube-system/ovn-vpc-external-network","ovn.kubernetes.io/logical_switch":"overlay-subnet-111315925"},"name":"multi-nic","namespace":"kube-system"},"spec":{"affinity":{},"containers":[{"args":["-c","while true; do sleep 10000; done"],"command":["bash"],"image":"docker.io/kubeovn/vpc-nat-gateway:v1.13.0","imagePullPolicy":"IfNotPresent","name":"vpc-nat-gw","resources":{},"securityContext":{"allowPrivilegeEscalation":true,"privileged":true}}],"priority":0,"restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"serviceAccount":"default","serviceAccountName":"default"}}
    ovn-vpc-external-network.kube-system.kubernetes.io/allocated: "true"
    ovn-vpc-external-network.kube-system.kubernetes.io/cidr: 172.22.0.0/16
    ovn-vpc-external-network.kube-system.kubernetes.io/gateway: 172.22.0.1
    ovn-vpc-external-network.kube-system.kubernetes.io/ip_address: 172.22.0.9
    ovn-vpc-external-network.kube-system.kubernetes.io/mac_address: 00:00:00:0C:3C:D8
    ovn.kubernetes.io/allocated: "true"
    ovn.kubernetes.io/cidr: 10.0.0.0/24
    ovn.kubernetes.io/gateway: 10.0.0.1
    ovn.kubernetes.io/ip_address: 10.0.0.5
    ovn.kubernetes.io/logical_router: vpc-151919753
    ovn.kubernetes.io/logical_switch: overlay-subnet-111315925
    ovn.kubernetes.io/mac_address: "00:00:00:59:15:37"
    ovn.kubernetes.io/pod_nic_type: veth-pair
    ovn.kubernetes.io/routed: "true"
  creationTimestamp: "2024-01-30T09:09:18Z"
  name: multi-nic
  namespace: kube-system
  resourceVersion: "4934"
  uid: eda05526-e046-4e19-8ea9-a55ecf937a10
spec:
  affinity: {}
  containers:
  - args:
    - -c
    - while true; do sleep 10000; done
    command:
    - bash
    image: docker.io/kubeovn/vpc-nat-gateway:v1.13.0
    imagePullPolicy: IfNotPresent
    name: vpc-nat-gw
    resources: {}
    securityContext:
      allowPrivilegeEscalation: true
      privileged: true
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-knzzb
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: kube-ovn-worker
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext: {}
  serviceAccount: default
  serviceAccountName: default
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - name: kube-api-access-knzzb
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2024-01-30T09:09:18Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2024-01-30T09:09:20Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2024-01-30T09:09:20Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2024-01-30T09:09:18Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: containerd://435499da2a28131b44ec85eac1ba4df7a9ac4e1eebea7d4f0c38b4d3d40d609d
    image: docker.io/kubeovn/vpc-nat-gateway:v1.13.0
    imageID: docker.io/library/import-2024-01-30@sha256:c8e03b7371b1610409cb17d7eda0a7fcb011d31b0329c8fd2b68a804002c60c7
    lastState: {}
    name: vpc-nat-gw
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2024-01-30T09:09:19Z"
  hostIP: 172.18.0.3
  phase: Running
  podIP: 10.0.0.5
  podIPs:
  - ip: 10.0.0.5
  qosClass: BestEffort
  startTime: "2024-01-30T09:09:18Z"

can you retest my example pod yaml in your env, maybe pod annos for multi nic is not right? I still not test this in release 1.12.

[nics90]

@bobz965 : Is there any dependency of kube ovn v1.12.3 on multus CNI version, since we are using multus version v3.8 [sha: 9479537fe0827d23bc40056e98f8d1e75778ec294d89ae4d8a62f83dfc74a31d] ?

Also, we found that in Makefile: MULTUS_VERSION = v4.0.2

[bobz965]

@bobz965 : Is there any dependency of kube ovn v1.12.3 on multus CNI version, since we are using multus version v3.8 [sha: 9479537fe0827d23bc40056e98f8d1e75778ec294d89ae4d8a62f83dfc74a31d] ?

Also, we found that in Makefile: MULTUS_VERSION = v4.0.2

I'm not clear about this, please try MULTUS_VERSION = v4.0.2

[zcq98]

try setting annotation in vm： v1.multus-cni.io/default-network: vm-registry/test-default-98fl8 ovn.kubernetes.io/logical_switch: test-default-sub

[Ultima1252]

One other thing about this bug that I have noticed. It seems that only the 'thick' version of multus is affected. I switched to the non-thick daemon and don't seem to be hitting this issue anymore.

[zhangzujian]

Please upgrade kube-ovn to the latest v1.12.x version.