From e9938e11b2032e1ca7ffc44be7889ba41692a0a8 Mon Sep 17 00:00:00 2001
From: Riccardo Ravaioli <rravaiol@redhat.com>
Date: Thu, 10 Jul 2025 09:59:37 +0200
Subject: [PATCH] Disable network segmentation when multus is disabled

Signed-off-by: Riccardo Ravaioli <rravaiol@redhat.com>
---
 pkg/network/ovn_kubernetes.go      |  2 ++
 pkg/network/ovn_kubernetes_test.go | 43 ++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+)

diff --git a/pkg/network/ovn_kubernetes.go b/pkg/network/ovn_kubernetes.go
index f1da1d850f..e73c8eabb1 100644
--- a/pkg/network/ovn_kubernetes.go
+++ b/pkg/network/ovn_kubernetes.go
@@ -368,6 +368,8 @@ func renderOVNKubernetes(conf *operv1.NetworkSpec, bootstrapResult *bootstrap.Bo
 	data.Data["OVN_MULTI_NETWORK_POLICY_ENABLE"] = false
 	if conf.DisableMultiNetwork != nil && *conf.DisableMultiNetwork {
 		data.Data["OVN_MULTI_NETWORK_ENABLE"] = false
+		data.Data["OVN_NETWORK_SEGMENTATION_ENABLE"] = false
+		klog.Warningf("Forcing OVN_NETWORK_SEGMENTATION_ENABLE=false because DisableMultiNetwork=true in the operator config")
 	} else if conf.UseMultiNetworkPolicy != nil && *conf.UseMultiNetworkPolicy {
 		// Multi-network policy support requires multi-network support to be
 		// enabled
diff --git a/pkg/network/ovn_kubernetes_test.go b/pkg/network/ovn_kubernetes_test.go
index f19c20fedb..8ed6b9af3b 100644
--- a/pkg/network/ovn_kubernetes_test.go
+++ b/pkg/network/ovn_kubernetes_test.go
@@ -821,6 +821,49 @@ logfile-maxage=0`,
 			controlPlaneReplicaCount: 2,
 			enabledFeatureGates:      []configv1.FeatureGateName{apifeatures.FeatureGateNetworkSegmentation},
 		},
+		{
+			desc: "disable network segmentation when multi-network is disabled",
+			expected: `
+[default]
+mtu="1500"
+cluster-subnets="10.128.0.0/15/23,10.0.0.0/14/24"
+encap-port="8061"
+enable-lflow-cache=true
+lflow-cache-limit-kb=1048576
+enable-udp-aggregation=true
+udn-allowed-default-services="default/kubernetes,openshift-dns/dns-default"
+
+[kubernetes]
+service-cidrs="172.30.0.0/16"
+ovn-config-namespace="openshift-ovn-kubernetes"
+apiserver="https://testing.test:8443"
+host-network-namespace="openshift-host-network"
+platform-type="GCP"
+healthz-bind-address="0.0.0.0:10256"
+dns-service-namespace="openshift-dns"
+dns-service-name="dns-default"
+
+[ovnkubernetesfeature]
+enable-egress-ip=true
+enable-egress-firewall=true
+enable-egress-qos=true
+enable-egress-service=true
+egressip-node-healthcheck-port=9107
+enable-multi-external-gateway=true
+
+[gateway]
+mode=shared
+nodeport=true
+
+[logging]
+libovsdblogfile=/var/log/ovnkube/libovsdb.log
+logfile-maxsize=100
+logfile-maxbackups=5
+logfile-maxage=0`,
+			controlPlaneReplicaCount: 2,
+			disableMultiNet:          true,
+			enabledFeatureGates:      []configv1.FeatureGateName{apifeatures.FeatureGateNetworkSegmentation},
+		},
 		{
 			desc: "enable multi-network policies without multi-network support",
 			expected: `