OpenShiftSDN CNI removal in OCP 4.17
The openshift-sdn CNI (Container Network Interface) plug-in was deprecated in version 4.14 and will be removed in version 4.17. See the table below for what is supported on current and future releases of Red Hat OpenShift Container Platform:
| Version | Upgrade openshift-sdn cluster from earlier release | New openshift-sdn cluster installations |
|---|---|---|
| 4.14 | Yes | Yes |
| 4.15 | Yes | No |
| 4.16 | Yes | No |
| 4.17+ | No | No |
The openshift-sdn CNI plug-in will be supported through the 4.16 EUS release cycle. However, as stated in the Red Hat OpenShift Container Platform Life Cycle Policy for an EUS release: “Red Hat provides backports of Critical and Important impact security updates and urgent-priority bug fixes for a predefined set of minor releases of Red Hat OpenShift.” For the openshift-sdn CNI plugin, customers should not expect bug fixes except in the case of regressions.
Migration to ovn-kubernetes will be required, in self-managed environments, in order to upgrade to OCP 4.17. An offline migration to the ovn-kubernetes CNI plug-in from openshift-sdn has been supported since OpenShift 4.8 and will continue to be supported through 4.16. A limited live migration option is available for OpenShift 4.16. It will safely migrate some network configurations, but require day-2 manual modifications for others. The limited live migration will not be viable for all network configurations. Red Hat has publish the covered scenarios in the 4.16 Networking Guide.
Why has Red Hat chosen to remove the openshift-sdn CNI?
Since the release of OpenShift 4.1, all new SDN feature development has been focused on the ovn-kubernetes CNI plug-in, while the openshift-sdn CNI plug-in has been feature frozen. The focus on ovn-kubernetes development has resulted in a long and growing list of features and advantages of ovn-kubernetes over its predecessor, openshift-sdn, such as (non-exhaustive):
- Improved scale and performance
- Support for running the primary CNI on both primary and secondary pod interfaces
- MetalLB BGP support
- Full support for IPv6 single-stack and IPv4/IPv6 dual-stack networking on supported platforms
- Implements Hybrid Networking to provide support for mixed Windows/Linux clusters using VXLAN tunnels
- Optional IPsec encryption of both East-West (intra-cluster) and North-South (egress-ingress) traffic
- Ability to offload network data processing from host CPU to compatible network cards and data processing units (DPUs) for increased data-plane performance
- Multiple External Gateways (MEG) allows for multiple dynamically or statically assigned egress next-hop gateways by utilizing OVN ECMP routing features
Resources
Deprecation of the OpenShift SDN network plugin in 4.14 release notes
Red Hat OpenShift Container Platform Life Cycle Policy
OVN-Kubernetes network plugin in 4.16 Networking Guide
Migrating from the OpenShift SDN network plugin in 4.16 Networking Guide
Best practices for OpenShiftSDN to OVNKubernetes CNI migration
Limited live migration to the OVN-Kubernetes network plugin in 4.16