Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove root FG #2415

Merged
merged 1 commit into from
Jul 4, 2023
Merged

Remove root FG #2415

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 4 additions & 13 deletions api/v1beta1/hyperconverged_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ type HyperConvergedSpec struct {

// featureGates is a map of feature gate flags. Setting a flag to `true` will enable
// the feature. Setting `false` or removing the feature gate, disables the feature.
// +kubebuilder:default={"withHostPassthroughCPU": false, "enableCommonBootImageImport": true, "deployTektonTaskResources": false, "deployKubeSecondaryDNS": false}
// +kubebuilder:default={"withHostPassthroughCPU": false, "enableCommonBootImageImport": true, "deployTektonTaskResources": false, "deployKubeSecondaryDNS": false, "nonRoot": true}
// +optional
FeatureGates HyperConvergedFeatureGates `json:"featureGates,omitempty"`

Expand Down Expand Up @@ -318,7 +318,6 @@ type LiveMigrationConfigurations struct {
// HyperConvergedFeatureGates is a set of optional feature gates to enable or disable new features that are not enabled
// by default yet.
// +k8s:openapi-gen=true
// +kubebuilder:validation:XValidation:rule="!has(self.nonRoot) || !has(self.root) || self.root == !self.nonRoot",message="nonRoot FG is deprecated, please use root FG with opposite logic"
type HyperConvergedFeatureGates struct {
// Allow migrating a virtual machine with CPU host-passthrough mode. This should be
// enabled only when the Cluster is homogeneous from CPU HW perspective doc here
Expand Down Expand Up @@ -354,18 +353,10 @@ type HyperConvergedFeatureGates struct {
//
// Deprecated: please use the root FG.
// +optional
// +kubebuilder:default=true
// +default=true
NonRoot *bool `json:"nonRoot,omitempty"`

// TODO: skipping any default on root here to avoid any
// conflict during CRD updates.
// The default will be set by a mutating webhook.
// Enable back a default here when we can finally get rid of
// NonRoot

// Enable root virt-launcher (default: false).
// +optional
Root *bool `json:"root,omitempty"`

// Disable mediated devices handling on KubeVirt
// +optional
// +kubebuilder:default=false
Expand Down Expand Up @@ -646,7 +637,7 @@ type HyperConverged struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`

// +kubebuilder:default={"certConfig": {"ca": {"duration": "48h0m0s", "renewBefore": "24h0m0s"}, "server": {"duration": "24h0m0s", "renewBefore": "12h0m0s"}}, "featureGates": {"withHostPassthroughCPU": false, "enableCommonBootImageImport": true, "deployTektonTaskResources": false, "deployKubeSecondaryDNS": false}, "liveMigrationConfig": {"completionTimeoutPerGiB": 800, "parallelMigrationsPerCluster": 5, "parallelOutboundMigrationsPerNode": 2, "progressTimeout": 150, "allowAutoConverge": false, "allowPostCopy": false}, "uninstallStrategy": "BlockUninstallIfWorkloadsExist"}
// +kubebuilder:default={"certConfig": {"ca": {"duration": "48h0m0s", "renewBefore": "24h0m0s"}, "server": {"duration": "24h0m0s", "renewBefore": "12h0m0s"}}, "featureGates": {"withHostPassthroughCPU": false, "enableCommonBootImageImport": true, "deployTektonTaskResources": false, "deployKubeSecondaryDNS": false, "nonRoot": true}, "liveMigrationConfig": {"completionTimeoutPerGiB": 800, "parallelMigrationsPerCluster": 5, "parallelOutboundMigrationsPerNode": 2, "progressTimeout": 150, "allowAutoConverge": false, "allowPostCopy": false}, "uninstallStrategy": "BlockUninstallIfWorkloadsExist"}
// +optional
Spec HyperConvergedSpec `json:"spec,omitempty"`
Status HyperConvergedStatus `json:"status,omitempty"`
Expand Down
5 changes: 0 additions & 5 deletions api/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions api/v1beta1/zz_generated.defaults.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 1 addition & 7 deletions api/v1beta1/zz_generated.openapi.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 3 additions & 7 deletions config/crd/bases/hco.kubevirt.io_hyperconvergeds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
liveMigrationConfig:
allowAutoConverge: false
Expand Down Expand Up @@ -1052,6 +1053,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
description: featureGates is a map of feature gate flags. Setting
a flag to `true` will enable the feature. Setting `false` or removing
Expand Down Expand Up @@ -1081,6 +1083,7 @@ spec:
dataImportCronTemplates field.'
type: boolean
nonRoot:
default: true
description: "Enables rootless virt-launcher. \n Deprecated: please
use the root FG."
type: boolean
Expand All @@ -1094,20 +1097,13 @@ spec:
the virt-handler pod. Enabling (or removing) the feature gate
causes the redeployment of the virt-handler pod.
type: boolean
root:
description: 'Enable root virt-launcher (default: false).'
type: boolean
withHostPassthroughCPU:
default: false
description: Allow migrating a virtual machine with CPU host-passthrough
mode. This should be enabled only when the Cluster is homogeneous
from CPU HW perspective doc here
type: boolean
type: object
x-kubernetes-validations:
- message: nonRoot FG is deprecated, please use root FG with opposite
logic
rule: '!has(self.nonRoot) || !has(self.root) || self.root == !self.nonRoot'
filesystemOverhead:
description: FilesystemOverhead describes the space reserved for overhead
when using Filesystem volumes. A value is between 0 and 1, if not
Expand Down
6 changes: 1 addition & 5 deletions controllers/operands/kubevirt.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -698,11 +698,7 @@ func getFeatureGateChecks(featureGates *hcov1beta1.HyperConvergedFeatureGates) [
fgs = append(fgs, kvWithHostPassthroughCPU)
}

if featureGates.Root != nil {
if *featureGates.Root {
fgs = append(fgs, kvRoot)
}
} else if featureGates.NonRoot != nil && !*featureGates.NonRoot { //nolint SA1019
if featureGates.NonRoot != nil && !*featureGates.NonRoot { //nolint SA1019
fgs = append(fgs, kvRoot)
}
if featureGates.DisableMDevConfiguration != nil && *featureGates.DisableMDevConfiguration {
Expand Down
67 changes: 0 additions & 67 deletions controllers/operands/kubevirt_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1551,73 +1551,6 @@ Version: 1.2.3`)
})
})

It("should add the Root feature gate if Root is true in HyperConverged CR", func() {
hco.Spec.FeatureGates = hcov1beta1.HyperConvergedFeatureGates{
Root: pointer.Bool(true),
}

existingResource, err := NewKubeVirt(hco)
Expect(err).ToNot(HaveOccurred())
By("KV CR should contain the Root feature gate", func() {
Expect(existingResource.Spec.Configuration.DeveloperConfiguration).NotTo(BeNil())
Expect(existingResource.Spec.Configuration.DeveloperConfiguration.FeatureGates).To(ContainElement(kvRoot))
})
})

It("should not add the Root feature gate if Root is false in HyperConverged CR", func() {
hco.Spec.FeatureGates = hcov1beta1.HyperConvergedFeatureGates{
Root: pointer.Bool(false),
}

existingResource, err := NewKubeVirt(hco)
Expect(err).ToNot(HaveOccurred())
By("KV CR should not contain the Root feature gate", func() {
Expect(existingResource.Spec.Configuration.DeveloperConfiguration).NotTo(BeNil())
Expect(existingResource.Spec.Configuration.DeveloperConfiguration.FeatureGates).ToNot(ContainElement(kvRoot))
})
})

It("should not add the Root feature gate if Root is not set in HyperConverged CR", func() {
hco.Spec.FeatureGates = hcov1beta1.HyperConvergedFeatureGates{
Root: nil,
}

existingResource, err := NewKubeVirt(hco)
Expect(err).ToNot(HaveOccurred())
By("KV CR should not contain the Root feature gate", func() {
Expect(existingResource.Spec.Configuration.DeveloperConfiguration).NotTo(BeNil())
Expect(existingResource.Spec.Configuration.DeveloperConfiguration.FeatureGates).ToNot(ContainElement(kvRoot))
})
})

It("should honour Root feature gate if Root are not consistent on the HyperConverged CR (the CEL expression should prevent this case) - 1", func() {
hco.Spec.FeatureGates = hcov1beta1.HyperConvergedFeatureGates{
NonRoot: pointer.Bool(false), //nolint SA1019
Root: pointer.Bool(false),
}

existingResource, err := NewKubeVirt(hco)
Expect(err).ToNot(HaveOccurred())
By("KV CR should not contain the Root feature gate", func() {
Expect(existingResource.Spec.Configuration.DeveloperConfiguration).NotTo(BeNil())
Expect(existingResource.Spec.Configuration.DeveloperConfiguration.FeatureGates).ToNot(ContainElement(kvRoot))
})
})

It("should honour Root feature gate if Root are not consistent on the HyperConverged CR (the CEL expression should prevent this case) - 2", func() {
hco.Spec.FeatureGates = hcov1beta1.HyperConvergedFeatureGates{
NonRoot: pointer.Bool(true), //nolint SA1019
Root: pointer.Bool(true),
}

existingResource, err := NewKubeVirt(hco)
Expect(err).ToNot(HaveOccurred())
By("KV CR should contain the Root feature gate", func() {
Expect(existingResource.Spec.Configuration.DeveloperConfiguration).NotTo(BeNil())
Expect(existingResource.Spec.Configuration.DeveloperConfiguration.FeatureGates).To(ContainElement(kvRoot))
})
})

It("should add the DisableMDevConfiguration feature gate if DisableMDevConfiguration is true in HyperConverged CR", func() {
hco.Spec.FeatureGates = hcov1beta1.HyperConvergedFeatureGates{
DisableMDevConfiguration: pointer.Bool(true),
Expand Down
10 changes: 3 additions & 7 deletions deploy/crds/hco00.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
liveMigrationConfig:
allowAutoConverge: false
Expand Down Expand Up @@ -1052,6 +1053,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
description: featureGates is a map of feature gate flags. Setting
a flag to `true` will enable the feature. Setting `false` or removing
Expand Down Expand Up @@ -1081,6 +1083,7 @@ spec:
dataImportCronTemplates field.'
type: boolean
nonRoot:
default: true
description: "Enables rootless virt-launcher. \n Deprecated: please
use the root FG."
type: boolean
Expand All @@ -1094,20 +1097,13 @@ spec:
the virt-handler pod. Enabling (or removing) the feature gate
causes the redeployment of the virt-handler pod.
type: boolean
root:
description: 'Enable root virt-launcher (default: false).'
type: boolean
withHostPassthroughCPU:
default: false
description: Allow migrating a virtual machine with CPU host-passthrough
mode. This should be enabled only when the Cluster is homogeneous
from CPU HW perspective doc here
type: boolean
type: object
x-kubernetes-validations:
- message: nonRoot FG is deprecated, please use root FG with opposite
logic
rule: '!has(self.nonRoot) || !has(self.root) || self.root == !self.nonRoot'
filesystemOverhead:
description: FilesystemOverhead describes the space reserved for overhead
when using Filesystem volumes. A value is between 0 and 1, if not
Expand Down
1 change: 1 addition & 0 deletions deploy/hco.cr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ spec:
deployTektonTaskResources: false
disableMDevConfiguration: false
enableCommonBootImageImport: true
nonRoot: true
persistentReservation: false
withHostPassthroughCPU: false
infra: {}
Expand Down
10 changes: 3 additions & 7 deletions deploy/index-image/community-kubevirt-hyperconverged/1.10.0/manifests/hco00.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
liveMigrationConfig:
allowAutoConverge: false
Expand Down Expand Up @@ -1052,6 +1053,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
description: featureGates is a map of feature gate flags. Setting
a flag to `true` will enable the feature. Setting `false` or removing
Expand Down Expand Up @@ -1081,6 +1083,7 @@ spec:
dataImportCronTemplates field.'
type: boolean
nonRoot:
default: true
description: "Enables rootless virt-launcher. \n Deprecated: please
use the root FG."
type: boolean
Expand All @@ -1094,20 +1097,13 @@ spec:
the virt-handler pod. Enabling (or removing) the feature gate
causes the redeployment of the virt-handler pod.
type: boolean
root:
description: 'Enable root virt-launcher (default: false).'
type: boolean
withHostPassthroughCPU:
default: false
description: Allow migrating a virtual machine with CPU host-passthrough
mode. This should be enabled only when the Cluster is homogeneous
from CPU HW perspective doc here
type: boolean
type: object
x-kubernetes-validations:
- message: nonRoot FG is deprecated, please use root FG with opposite
logic
rule: '!has(self.nonRoot) || !has(self.root) || self.root == !self.nonRoot'
filesystemOverhead:
description: FilesystemOverhead describes the space reserved for overhead
when using Filesystem volumes. A value is between 0 and 1, if not
Expand Down
10 changes: 3 additions & 7 deletions deploy/olm-catalog/community-kubevirt-hyperconverged/1.10.0/manifests/hco00.crd.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
liveMigrationConfig:
allowAutoConverge: false
Expand Down Expand Up @@ -1052,6 +1053,7 @@ spec:
deployKubeSecondaryDNS: false
deployTektonTaskResources: false
enableCommonBootImageImport: true
nonRoot: true
withHostPassthroughCPU: false
description: featureGates is a map of feature gate flags. Setting
a flag to `true` will enable the feature. Setting `false` or removing
Expand Down Expand Up @@ -1081,6 +1083,7 @@ spec:
dataImportCronTemplates field.'
type: boolean
nonRoot:
default: true
description: "Enables rootless virt-launcher. \n Deprecated: please
use the root FG."
type: boolean
Expand All @@ -1094,20 +1097,13 @@ spec:
the virt-handler pod. Enabling (or removing) the feature gate
causes the redeployment of the virt-handler pod.
type: boolean
root:
description: 'Enable root virt-launcher (default: false).'
type: boolean
withHostPassthroughCPU:
default: false
description: Allow migrating a virtual machine with CPU host-passthrough
mode. This should be enabled only when the Cluster is homogeneous
from CPU HW perspective doc here
type: boolean
type: object
x-kubernetes-validations:
- message: nonRoot FG is deprecated, please use root FG with opposite
logic
rule: '!has(self.nonRoot) || !has(self.root) || self.root == !self.nonRoot'
filesystemOverhead:
description: FilesystemOverhead describes the space reserved for overhead
when using Filesystem volumes. A value is between 0 and 1, if not
Expand Down
Loading