[release-1.1] Ensure virt-export route has redirect policy #12334
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Prefer Pods.GetLogs in guestlog functional tests
since we fear that abusing
`clientcmd.RunCommandWithNS("kubectl logs")`
can lead to starvation of the test enviroment.
Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
…-to-release-1.1 [release-1.1] [test] Prefer GetLogs in guestlog func tests
cmd/network-passt-binding: |_ callback |_ server main.go server & main.go Boilerplate code for registration to Kubevrit's hooks. Can be replaced with sidecar-shim container in the future. callback: Implement Kubevirt OnDefineDomain hook point callback. The DomainSpecMutator interface should be implemented by the concrete passt binding implementation. passt binding implementation will be introduced in follow-up commits. Signed-off-by: Or Mergi <ormergi@redhat.com>
The pod network configurator generates a domain interface spec and add it to the given domian spec according to the given VMI interface and network objects. Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
…-to-release-1.1 [release-1.1] network binding plugin API: Fix logic network name CNI arg format
…-to-release-1.1 [release-1.1] net, setup: Integrate the unplug flow through netpod (and nmstate)
Address CVE-2023-44487 Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
…-to-release-1.1 [release-1.1] Introduce Passt network binding plugin
[release-1.1] Update google.golang.org/grpc to 1.56.3
Introduce a CNI plugin that serves the passt network binding plugin. Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
As part of the cluster-sync flow, deploy relevant artifacts to the nodes. For now, only a single binary is deployed: the passt binding plugin. The network binding plugin is conditionally uploaded to the nodes when `KUBEVIRT_DEPLOY_NET_BINDING_CNI` is set to `true`. On CI, targets which include `sig-network` in their names are setting the mentioned env variable and will deploy the CNI plugin. Signed-off-by: Edward Haas <edwardh@redhat.com>
The returned `vmi` object needs to be refreshed after the login to the guest succeeds. Signed-off-by: Edward Haas <edwardh@redhat.com>
This change introduces the passt network binding plugin e2e test. It is aimed to test the network binding plugin infrastructure, which utilizes a sidecar and a CNI plugin. In order to implement the test, the relevant feature-gate (`NetworkBindingPlugins`) is activated and the network binding is registered (`passt`). To help execute these changes on the kubevirt CR, a new `libkvconfig` is introduced. The new package is performing the changes using JSON patch This change also introduces a new ginkgo label `netCustomBindingPlugins` that should allow control on the test execution. Only clusters that deploy the network binding plugin CNI should run the test. Signed-off-by: Edward Haas <edwardh@redhat.com>
On CI, an old version of `multus-cni` is used (3.8). Therefore, it is not possible to use the 1.0.0 cni version. Once the CI is rectified to deploy a more recent `multus` version, this change can be reverted. Signed-off-by: Edward Haas <edwardh@redhat.com>
When using `passt`, it takes more time for libvirt to load the domain and in turn event warnings are observed. Ignore these events and give a chance for the VMI to load. Signed-off-by: Edward Haas <edwardh@redhat.com>
Eventually macvtap, bridge and masquerade binding should use this tap generator. Also, binding plugins will be able to choose this genrator as their domain attachment. Signed-off-by: Alona Paz <alkaplan@redhat.com>
Signed-off-by: Alona Paz <alkaplan@redhat.com>
The MAC then (next commit) can be used by the virt-launcher instead of reading it from the cache file. Note- The write to the cache file is not removed to keep backward compatability (hotplug to an old virt-launcher). Signed-off-by: Alona Paz <alkaplan@redhat.com>
Signed-off-by: Alona Paz <alkaplan@redhat.com>
…e MAC The tests are verifying that when bridge binding is used, the original pod interface MAC is removed from the pod network namespace. However, since now the dummy interface holds the MAC, the test was changed to a more specific verification. It verifies the MAC is not on the pod interface. Signed-off-by: Alona Paz <alkaplan@redhat.com>
…-to-release-1.1 [release-1.1] Tap generator
The qemu log path is now under /var/run/kubevirt-private/libvirt/qemu instead of /var/run/libvirt/qemu. This change adapt the virt-launcher code to that Signed-off-by: Enrique Llorente <ellorent@redhat.com>
…-to-release-1.1 [release-1.1] cniplugins: Add passt-binding CNI plugin
When a block volume is non-hotpluggable (i.e. it is specified explicitly in the VMI spec), the device cgroup permissions are managed purely by Kubernetes and CRI. For v2, that means a BPF program is assigned to the POD's cgroup. However, when we manage hotplug volumes, we overwrite the BPF program to allow access to the new block device. The problem is that we do not know what the existing BPF program does, hence we just follow some assumptions about the 'default' devices that we need to allow (e.g. /dev/kvm and some others). We need to also consider the non-hotpluggable volumes, otherwise a VM with a block PVC or DV will fail to start if a hotplug volume is attached to it. Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de> Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
kubevirt-bot
added
area/instancetype
needs-rebase
|
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
kubevirt-bot
added
area/virtctl
kind/api-change
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
requested review from
akalenyu,
akrejcir,
AlonaKaplan,
assafad,
avlitman,
EdDev,
enp0s3,
kbidarkar,
lyarwood,
machadovilaca,
ormergi,
oshoval,
RamLavi,
ShellyKa13,
victortoso and
xpivarc
|
@awels: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a manual cherry-pick of #12195
/assign awels