-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-1.1] Ensure virt-export route has redirect policy #12334
Conversation
Prefer Pods.GetLogs in guestlog functional tests since we fear that abusing `clientcmd.RunCommandWithNS("kubectl logs")` can lead to starvation of the test enviroment. Signed-off-by: Simone Tiraboschi <stirabos@redhat.com>
…-to-release-1.1 [release-1.1] [test] Prefer GetLogs in guestlog func tests
cmd/network-passt-binding: |_ callback |_ server main.go server & main.go Boilerplate code for registration to Kubevrit's hooks. Can be replaced with sidecar-shim container in the future. callback: Implement Kubevirt OnDefineDomain hook point callback. The DomainSpecMutator interface should be implemented by the concrete passt binding implementation. passt binding implementation will be introduced in follow-up commits. Signed-off-by: Or Mergi <ormergi@redhat.com>
The pod network configurator generates a domain interface spec and add it to the given domian spec according to the given VMI interface and network objects. Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
Signed-off-by: Or Mergi <ormergi@redhat.com>
…-to-release-1.1 [release-1.1] network binding plugin API: Fix logic network name CNI arg format
…-to-release-1.1 [release-1.1] net, setup: Integrate the unplug flow through netpod (and nmstate)
Address CVE-2023-44487 Signed-off-by: Michael Henriksen <mhenriks@redhat.com>
…-to-release-1.1 [release-1.1] Introduce Passt network binding plugin
[release-1.1] Update google.golang.org/grpc to 1.56.3
Introduce a CNI plugin that serves the passt network binding plugin. Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
As part of the cluster-sync flow, deploy relevant artifacts to the nodes. For now, only a single binary is deployed: the passt binding plugin. The network binding plugin is conditionally uploaded to the nodes when `KUBEVIRT_DEPLOY_NET_BINDING_CNI` is set to `true`. On CI, targets which include `sig-network` in their names are setting the mentioned env variable and will deploy the CNI plugin. Signed-off-by: Edward Haas <edwardh@redhat.com>
The returned `vmi` object needs to be refreshed after the login to the guest succeeds. Signed-off-by: Edward Haas <edwardh@redhat.com>
This change introduces the passt network binding plugin e2e test. It is aimed to test the network binding plugin infrastructure, which utilizes a sidecar and a CNI plugin. In order to implement the test, the relevant feature-gate (`NetworkBindingPlugins`) is activated and the network binding is registered (`passt`). To help execute these changes on the kubevirt CR, a new `libkvconfig` is introduced. The new package is performing the changes using JSON patch This change also introduces a new ginkgo label `netCustomBindingPlugins` that should allow control on the test execution. Only clusters that deploy the network binding plugin CNI should run the test. Signed-off-by: Edward Haas <edwardh@redhat.com>
On CI, an old version of `multus-cni` is used (3.8). Therefore, it is not possible to use the 1.0.0 cni version. Once the CI is rectified to deploy a more recent `multus` version, this change can be reverted. Signed-off-by: Edward Haas <edwardh@redhat.com>
When using `passt`, it takes more time for libvirt to load the domain and in turn event warnings are observed. Ignore these events and give a chance for the VMI to load. Signed-off-by: Edward Haas <edwardh@redhat.com>
Eventually macvtap, bridge and masquerade binding should use this tap generator. Also, binding plugins will be able to choose this genrator as their domain attachment. Signed-off-by: Alona Paz <alkaplan@redhat.com>
Signed-off-by: Alona Paz <alkaplan@redhat.com>
The MAC then (next commit) can be used by the virt-launcher instead of reading it from the cache file. Note- The write to the cache file is not removed to keep backward compatability (hotplug to an old virt-launcher). Signed-off-by: Alona Paz <alkaplan@redhat.com>
Signed-off-by: Alona Paz <alkaplan@redhat.com>
…e MAC The tests are verifying that when bridge binding is used, the original pod interface MAC is removed from the pod network namespace. However, since now the dummy interface holds the MAC, the test was changed to a more specific verification. It verifies the MAC is not on the pod interface. Signed-off-by: Alona Paz <alkaplan@redhat.com>
…-to-release-1.1 [release-1.1] Tap generator
The qemu log path is now under /var/run/kubevirt-private/libvirt/qemu instead of /var/run/libvirt/qemu. This change adapt the virt-launcher code to that Signed-off-by: Enrique Llorente <ellorent@redhat.com>
…-to-release-1.1 [release-1.1] cniplugins: Add passt-binding CNI plugin
When a block volume is non-hotpluggable (i.e. it is specified explicitly in the VMI spec), the device cgroup permissions are managed purely by Kubernetes and CRI. For v2, that means a BPF program is assigned to the POD's cgroup. However, when we manage hotplug volumes, we overwrite the BPF program to allow access to the new block device. The problem is that we do not know what the existing BPF program does, hence we just follow some assumptions about the 'default' devices that we need to allow (e.g. /dev/kvm and some others). We need to also consider the non-hotpluggable volumes, otherwise a VM with a block PVC or DV will fail to start if a hotplug volume is attached to it. Signed-off-by: Vasiliy Ulyanov <vulyanov@suse.de> Signed-off-by: Alex Kalenyuk <akalenyu@redhat.com>
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@awels: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
This is a manual cherry-pick of #12195
/assign awels