Register user-defined-network (UDN) binding on kubevirt CR #3034
Conversation
|
Skipping CI for Draft Pull Request. |
1 similar comment
|
Skipping CI for Draft Pull Request. |
kubevirt-bot
added
do-not-merge/work-in-progress
kubevirt-bot
added
do-not-merge/release-note-label-needed
There was a problem hiding this comment.
Thanks for the PR. Added some inline comments.
My main comment is about modifying the HC CR in kubevirt.go. We need to avoid that.
also, some TODOs, yes, I know it's WIP...
- please update docs/cluster-configuration.md
- please update the "feature gate defaults" test in tests/func-tests/defaults_test.go
controllers/operands/kubevirt.go
Outdated
| const ( | ||
| // Needs to align with the NAD that will be deployed by CNAO | ||
| primaryUDNNetworkBindingName = "primaryUserDefinedNetwork" | ||
| primaryUDNNetworkBindingNamespace = "default" |
There was a problem hiding this comment.
In order for the NetworkAttachmentDefinition to be available to all VMs on all namespaces, it needs to be deployed on default namespace.
For the dev-preview we think this is a good enough approach, but IMO in the future we will need to think of other ways.
Also note that HCO I changed the PR since when we talked and not it is not not deploying the NetworkAttachmentDefinition (will happen on CNAO)
controllers/operands/kubevirt.go
Outdated
| if hc.Spec.NetworkBinding == nil { | ||
| hc.Spec.NetworkBinding = make(map[string]kubevirtcorev1.InterfaceBindingPlugin) | ||
| } | ||
|
|
||
| var sidecarImage string | ||
| var ok bool | ||
| if sidecarImage, ok = os.LookupEnv(hcoutil.PrimaryUDNImageEnvV); !ok { | ||
| return nil, errors.New("failed to get primary UDN image env Var") | ||
| } | ||
| hc.Spec.NetworkBinding[primaryUDNNetworkBindingName] = primaryUserDefinedNetworkBinding(sidecarImage) |
There was a problem hiding this comment.
Why do we need to modify the HyperConverged CR? we'll need really good reason for that. the spec is for the user.
There was a problem hiding this comment.
We can't directly change the kubevirt CR. If we do, HCO will reconcile back to what's on hc.Spec.NetworkBinding..
There was a problem hiding this comment.
HCO currently just copies the NetworkBinding map to KV. I think we can change this code with the new logic.
e.g., instead of
NetworkConfiguration: &kubevirtcorev1.NetworkConfiguration{
NetworkInterface: string(kubevirtcorev1.MasqueradeInterface),
Binding: hc.Spec.NetworkBinding,
},do something like
NetworkConfiguration: &kubevirtcorev1.NetworkConfiguration{
NetworkInterface: string(kubevirtcorev1.MasqueradeInterface),
Binding: getNetworkBinding(hc),
},There was a problem hiding this comment.
and the new logic will get into the new function getNetworkBinding
deploy/images.csv
Outdated
| @@ -34,3 +34,4 @@ KUBEVIRT_CONSOLE_PROXY_IMAGE,quay.io/kubevirt-ui/kubevirt-apiserver-proxy,KUBEVI | |||
| AAQ_OPERATOR_IMAGE,quay.io/kubevirt/aaq-operator,AAQ_VERSION,002513b78dfd795f5195534b651eace136ead3d73c8ac8cae145607e79c8a8ba | |||
| AAQ_SERVER_IMAGE,quay.io/kubevirt/aaq-server,AAQ_VERSION,9db6ca9147b1d75ba4d6bb1326c4ec289327eb9f8aadbcd951fcc689e584cd0d | |||
| AAQ_CONTROLLER_IMAGE,quay.io/kubevirt/aaq-controller,AAQ_VERSION,170abd7a75397ddce07ba0d64886ead25183c49cacbccf0d191a4dd37ca013fd | |||
| PRIMARY_USER_DEFINED_NETWORK_BINDING_IMAGE,quay.io/kubevirt/network-passt-binding,KUBEVIRT_VERSION,3fb5f9fb87a9ab1f06bed2b2358ad862ef66bc47dc73044f1076a3eb9a4c55ff | |||
There was a problem hiding this comment.
please move it up, to be grouped with all the lines that use the KUBEVIRT_VERSION variable.
hack/build-manifests.sh
Outdated
| @@ -325,7 +326,8 @@ ${PROJECT_ROOT}/tools/manifest-templator/manifest-templator \ | |||
| --aaq-version="${AAQ_VERSION}" \ | |||
| --operator-image="${HCO_OPERATOR_IMAGE}" \ | |||
| --webhook-image="${HCO_WEBHOOK_IMAGE}" \ | |||
| --cli-downloads-image="${HCO_DOWNLOADS_IMAGE}" | |||
| --cli-downloads-image="${HCO_DOWNLOADS_IMAGE}" \ | |||
| --primary-udn-image="${}" | |||
There was a problem hiding this comment.
you need use the PRIMARY_USER_DEFINED_NETWORK_BINDING_IMAGE var here
There was a problem hiding this comment.
Also, the parameter name is wrong: should be primary-udn-binding-image
There was a problem hiding this comment.
oh damn, I though I got everything.
Thanks for the catch!
kubevirt-bot
added
the
needs-rebase
RamLavi
force-pushed
the
register_udn
branch
2 times, most recently
from
7e5a784 to
a34a83a
Compare
RamLavi
changed the title
kubevirt-bot
added
release-note-none
|
Change: Added unit tests. |
|
Change: Added kubebuilder default labels on HCO CR tree, Added documentation for new FG |
kubevirt-bot
removed
the
needs-rebase
|
Change: auto-generating manifests, rebase |
kubevirt-bot
removed
the
do-not-merge/work-in-progress
controllers/operands/kubevirt.go
Outdated
| }, | ||
| ComputeResourceOverhead: &corev1.ResourceRequirements{ | ||
| Requests: corev1.ResourceList{ | ||
| corev1.ResourceMemory: resource.MustParse("500Mi"), |
There was a problem hiding this comment.
This magic number of 500Mi is not clear. Can we use a constant with meaningful name, that will self explain it?
controllers/operands/kubevirt.go
Outdated
| var sidecarImage string | ||
| var ok bool | ||
| if sidecarImage, ok = os.LookupEnv(hcoutil.PrimaryUDNImageEnvV); !ok { | ||
| return nil, errors.New("failed to get primary UDN image env Var") |
There was a problem hiding this comment.
Not sure about this error. This is not something the user can fix. Maybe it will better to check it on boot time and exit, to fail the pod? @tiraboschi WDYT?
There was a problem hiding this comment.
I agree: this is something we are configuring at the bundle build time as part of the opinionated deployment and it's not something the user can or should try to fix.
| ### primaryUserDefinedNetworkBinding Feature Gate | ||
| Set the `primaryUserDefinedNetworkBinding` feature gate to deploy the needed configurations for kubevirt users, so they | ||
| can bind their VM to a user-defined network (UDN) on the VM's primary interface. | ||
|
|
There was a problem hiding this comment.
do we have some kind of documentation we can add as a reference? I'm afraid this description is a bit crypt.
There was a problem hiding this comment.
what documentation are you hoping for @nunnatsa ?
I'm afraid all we have is the openshift enhancement document.
There was a problem hiding this comment.
maybe worth to add the env var that can be set in order to determine non default value
(this what we are doing for example on CNAO readme)
together with the current info, it can give a simple user guide (please consider adding few words that will make it user guide in case it miss)
also good to have please on PR desc the important details, such as the feature gate name and so on
There was a problem hiding this comment.
maybe worth to add the env var that can be set in order to determine non default value (this what we are doing for example on CNAO readme) together with the current info, it can give a simple user guide (please consider adding few words that will make it user guide in case it miss)
Not sure what you mean here. what env var? This FG is set by HCO CR, and is set to false by default.. In order to activate it, no env var is required - only changing the FG value to true.
also good to have please on PR desc the important details, such as the feature gate name and so on
DONE
There was a problem hiding this comment.
I'm afraid all we have is the openshift enhancement document.
@nunnatsa will that be sufficient?
There was a problem hiding this comment.
Not sure what you mean here. what env var? This FG is set by HCO CR, and is set to
falseby default.. In order to activate it, no env var is required - only changing the FG value totrue.
I meant the one that allows to override the image, but no biggie
There was a problem hiding this comment.
ah.. that's not something a user should be exposed to imo.
|
Change: Add meaningful name const. |
|
hco-e2e-upgrade-prev-operator-sdk-aws lane succeeded. |
|
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-azure, ci/prow/hco-e2e-upgrade-operator-sdk-sno-azure, ci/prow/hco-e2e-upgrade-prev-operator-sdk-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nunnatsa The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
|
/retest |
|
@RamLavi: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
hco-e2e-upgrade-prev-operator-sdk-sno-azure lane succeeded. |
|
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]; it also requires the KubeVirt IPAM controller component to persist the IP addresses between VM migrations, and restarts. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]; it also requires the KubeVirt IPAM controller component to persist the IP addresses between VM migrations, and restarts. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]; it also requires the KubeVirt IPAM controller component to persist the IP addresses between VM migrations, and restarts. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
This HCO feature gate was introduced in [0]; it also requires the KubeVirt IPAM controller component to persist the IP addresses between VM migrations, and restarts. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
…ubmits (#57704) * ovn-kubernetes, virt: add new AWS virt lane to run OVN presubmits Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> * udn, virt: enable primary UDN binding This HCO feature gate was introduced in [0]; it also requires the KubeVirt IPAM controller component to persist the IP addresses between VM migrations, and restarts. [0] - kubevirt/hyperconverged-cluster-operator#3034 Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> * udn, virt, tests: run only virt-aware tests A future PR will add tests for this feature gate and feature in openshift/origin project. Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> * ovn-kubernetes, virt: add new AWS virt lane to run OVN 4.18/4.19 presubmits Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com> --------- Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
What this PR does / why we need it:
This PR adds support to user-defined-network binding to the kubevirt CR.
This is part of the process described on kubevirt user guide.
The behavior added is currently dev-preview, and as such is protected behind a FG:
PrimaryUserDefinedNetworkBinding, that is set tofalseby default.Reviewer Checklist
Jira Ticket:
Release note: