Add CR option to specify which storage class to use for VM persistent…

… state (#2372)

Signed-off-by: Jed Lejosne <jed@redhat.com>

api/v1beta1/hyperconverged_types.go

@@ -180,6 +180,11 @@ type HyperConvergedSpec struct {
 	// +kubebuilder:validation:Enum=None;LiveMigrate;External
 	// +optional
 	EvictionStrategy *v1.EvictionStrategy `json:"evictionStrategy,omitempty"`
+
+	// VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM.
+	// The storage class must support RWX in filesystem mode.
+	// +optional
+	VMStateStorageClass *string `json:"vmStateStorageClass,omitempty"`
 }
 
 // CertRotateConfigCA contains the tunables for TLS certificates.

config/crd/bases/hco.kubevirt.io_hyperconvergeds.yaml

@@ -2514,6 +2514,11 @@ spec:
                 description: VDDK Init Image eventually used to import VMs from external
                   providers
                 type: string
+              vmStateStorageClass:
+                description: VMStateStorageClass is the name of the storage class
+                  to use for the PVCs created to preserve VM state, like TPM. The
+                  storage class must support RWX in filesystem mode.
+                type: string
               workloadUpdateStrategy:
                 default:
                   batchEvictionInterval: 1m0s

controllers/operands/kubevirt.go

@@ -429,6 +429,10 @@ func getKVConfig(hc *hcov1beta1.HyperConverged) (*kubevirtcorev1.KubeVirtConfigu
 		config.CPUModel = *hc.Spec.DefaultCPUModel
 	}
 
+	if hc.Spec.VMStateStorageClass != nil {
+		config.VMStateStorageClass = *hc.Spec.VMStateStorageClass
+	}
+
 	return config, nil
 }
 

controllers/operands/kubevirt_test.go

@@ -2694,6 +2694,36 @@ Version: 1.2.3`)
 			})
 		})
 
+		Context("VM state storage class", func() {
+			It("should modify storage class according to HCO CR", func() {
+				existingResource, err := NewKubeVirt(hco)
+				Expect(err).ToNot(HaveOccurred())
+
+				By("Modify HCO's VM state storage class configuration")
+				hco.Spec.VMStateStorageClass = pointer.String("rook-cephfs")
+
+				cl := commontestutils.InitClient([]runtime.Object{hco, existingResource})
+				handler := (*genericOperand)(newKubevirtHandler(cl, commontestutils.GetScheme()))
+				res := handler.ensure(req)
+				Expect(res.UpgradeDone).To(BeFalse())
+				Expect(res.Updated).To(BeTrue())
+				Expect(res.Err).ToNot(HaveOccurred())
+
+				foundResource := &kubevirtcorev1.KubeVirt{}
+				Expect(
+					cl.Get(context.TODO(),
+						types.NamespacedName{Name: existingResource.Name, Namespace: existingResource.Namespace},
+						foundResource),
+				).ToNot(HaveOccurred())
+
+				Expect(existingResource.Spec.Configuration.VMStateStorageClass).To(BeEmpty())
+
+				Expect(foundResource.Spec.Configuration.VMStateStorageClass).To(Equal("rook-cephfs"))
+
+				Expect(req.Conditions).To(BeEmpty())
+			})
+		})
+
 		It("should handle conditions", func() {
 			expectedResource, err := NewKubeVirt(hco, commontestutils.Namespace)
 			Expect(err).ToNot(HaveOccurred())

deploy/crds/hco00.crd.yaml

@@ -2514,6 +2514,11 @@ spec:
                 description: VDDK Init Image eventually used to import VMs from external
                   providers
                 type: string
+              vmStateStorageClass:
+                description: VMStateStorageClass is the name of the storage class
+                  to use for the PVCs created to preserve VM state, like TPM. The
+                  storage class must support RWX in filesystem mode.
+                type: string
               workloadUpdateStrategy:
                 default:
                   batchEvictionInterval: 1m0s

deploy/index-image/community-kubevirt-hyperconverged/1.10.0/manifests/hco00.crd.yaml

@@ -2514,6 +2514,11 @@ spec:
                 description: VDDK Init Image eventually used to import VMs from external
                   providers
                 type: string
+              vmStateStorageClass:
+                description: VMStateStorageClass is the name of the storage class
+                  to use for the PVCs created to preserve VM state, like TPM. The
+                  storage class must support RWX in filesystem mode.
+                type: string
               workloadUpdateStrategy:
                 default:
                   batchEvictionInterval: 1m0s

deploy/olm-catalog/community-kubevirt-hyperconverged/1.10.0/manifests/hco00.crd.yaml

@@ -2514,6 +2514,11 @@ spec:
                 description: VDDK Init Image eventually used to import VMs from external
                   providers
                 type: string
+              vmStateStorageClass:
+                description: VMStateStorageClass is the name of the storage class
+                  to use for the PVCs created to preserve VM state, like TPM. The
+                  storage class must support RWX in filesystem mode.
+                type: string
               workloadUpdateStrategy:
                 default:
                   batchEvictionInterval: 1m0s

docs/api.md

@@ -190,6 +190,7 @@ HyperConvergedSpec defines the desired state of HyperConverged
 | tektonPipelinesNamespace | TektonPipelinesNamespace defines namespace in which example pipelines will be deployed. | *string |  | false |
 | kubeSecondaryDNSNameServerIP | KubeSecondaryDNSNameServerIP defines name server IP used by KubeSecondaryDNS | *string |  | false |
 | evictionStrategy | EvictionStrategy defines at the cluster level if the VirtualMachineInstance should be migrated instead of shut-off in case of a node drain. If the VirtualMachineInstance specific field is set it overrides the cluster level one. | *v1.EvictionStrategy | LiveMigrate | false |
+| vmStateStorageClass | VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. The storage class must support RWX in filesystem mode. | *string |  | false |
 
 [Back to TOC](#table-of-contents)
 

docs/cluster-configuration.md

@@ -824,6 +824,20 @@ Possible values:
 `LiveMigrate` is the default behaviour.
 
 
+## VM state storage class
+
+`VMStateStorageClass` defines the [Kubernetes Storage Class](https://kubernetes.io/docs/concepts/storage/storage-classes/)
+to be used for creating persistent state PVCs for VMs, used for example for persisting the state of the vTPM.
+The storage class must be of type "filesystem" and support the ReadWriteMany (RWX) access mode.
+This option should be set simply to the storage class name. Example:
+```yaml
+kind: HyperConverged
+metadata:
+  name: kubevirt-hyperconverged
+spec:
+  vmStateStorageClass: "rook-cephfs"
+```
+
 ## Hyperconverged Kubevirt cluster-wide Crypto Policy API
 
 Starting from OCP/OKD 4.6, a [cluster-wide API](https://github.com/openshift/enhancements/blob/master/enhancements/kube-apiserver/tls-config.md) is available for cluster administrators to set TLS profiles for OCP/OKD core components.