Integrate macvtap cni #346
Conversation
kubevirt-bot
added
dco-signoff: yes
kubevirt-bot
added
size/L
release-note
|
/cc @phoracek |
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
2 times, most recently
from
78637c8 to
c7e51bd
Compare
| @@ -55,7 +55,7 @@ type templateData struct { | |||
| OperatorVersion string | |||
| Namespace string | |||
| ContainerPrefix string | |||
| ImageName string | |||
| ImageName string | |||
| ContainerTag string | |||
There was a problem hiding this comment.
go fmt is good w/ it ...
EDIT: my bad, commented on outdated code; please confirm it's OK now.
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
from
c7e51bd to
dd3517d
Compare
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
from
dd3517d to
6fc524a
Compare
| @@ -0,0 +1,63 @@ | |||
| --- | |||
| kind: ConfigMap | |||
There was a problem hiding this comment.
Please try to edit this CM deployed by CNAO. I have a bad feeling the settings would get reverted by the operator. e.g. deploy macvtap, edit the CM, additionally deploy ovs, see if the CM remained in the original state.
If the CM changes, we have two options:
- Ask user to deploy it themselves
- Add explicit setting to CNAO not to touch it
I feel the former is better.
There was a problem hiding this comment.
Yup, after updating the value, the operator puts it back the way it was.
Remember that in kubevirt/macvtap-cni#11 the configmap is still required, and that the macvtap DS won't come up until the config map is available.
That would require us (at least in the tests) to create the config map by some other means (hacky move).
How can we add the explicit setting to CNAO to stay away from the config map ? What are the disadvantages of this option ?
There was a problem hiding this comment.
Disadvantage is that we spoil the generic code with "if macvtap DP".
I was writing a guide on "how to hack it", but I think there is an elegant way too.
So this issue where we want to keep user changes on objects deployed is pretty common, although we were successful avoiding addressing it, until now.
So let's think how can we make it generic in the CNAO framework and keep everything specific to the component under data/ or pkg/network.
Option A: The simplest fit into the current API would be to introduce a Kubernetes object label networkaddonsoperator.network.kubevirt.io/untouchable: "true" (or any better name after /). That can be set by a user who wants to debug manual changes on any deployed component (e.g. they want to change resource requests, add debugging flags to running apps etc). It can be also set by default under data/ manifests. The only code we need to introduce then would live around https://github.com/kubevirt/cluster-network-addons-operator/blob/master/pkg/apply/apply.go#L37, where we check if an existing object we want to update has this flag, if it does, we ignore it. If you implement it, please do it in a separate PR (in case we need to backport it) and document it at the bottom of the README.
I am tempted to say "let's just keep it as it is and wait for the proper API", but that would make it harder to test under kubevirt and if somebody unaware uses it (despite it us "experimental", they may get hurt).
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
from
6fc524a to
b2d5234
Compare
| @@ -0,0 +1,63 @@ | |||
| --- | |||
| kind: ConfigMap | |||
There was a problem hiding this comment.
Yup, after updating the value, the operator puts it back the way it was.
Remember that in kubevirt/macvtap-cni#11 the configmap is still required, and that the macvtap DS won't come up until the config map is available.
That would require us (at least in the tests) to create the config map by some other means (hacky move).
How can we add the explicit setting to CNAO to stay away from the config map ? What are the disadvantages of this option ?
| @@ -55,7 +55,7 @@ type templateData struct { | |||
| OperatorVersion string | |||
| Namespace string | |||
| ContainerPrefix string | |||
| ImageName string | |||
| ImageName string | |||
| ContainerTag string | |||
There was a problem hiding this comment.
go fmt is good w/ it ...
EDIT: my bad, commented on outdated code; please confirm it's OK now.
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
from
b2d5234 to
e9b03d3
Compare
|
/retest |
| Macvtap-cni must be explicitly configured by the administrator, indicating the | ||
| interfaces on top of which logical networks can be created. | ||
|
|
||
| A simple example on how to do so, the user must deploy a `ConfigMap`, such as in [this example](https://github.com/kubevirt/macvtap-cni/blob/master/examples/macvtap-deviceplugin-config.yaml). |
There was a problem hiding this comment.
There was a problem hiding this comment.
Currently we don't have any tests of functionality of operands. I really want to add at least basic sanity checks, but we need to setup test lane for it first. No need to add the test.
| Macvtap-cni must be explicitly configured by the administrator, indicating the | ||
| interfaces on top of which logical networks can be created. | ||
|
|
||
| A simple example on how to do so, the user must deploy a `ConfigMap`, such as in [this example](https://github.com/kubevirt/macvtap-cni/blob/master/examples/macvtap-deviceplugin-config.yaml). |
There was a problem hiding this comment.
Currently we don't have any tests of functionality of operands. I really want to add at least basic sanity checks, but we need to setup test lane for it first. No need to add the test.
| requests: | ||
| cpu: "60m" | ||
| memory: "30Mi" | ||
| limits: |
There was a problem hiding this comment.
Please drop limits. It causes obscure bugs on OpenShift. requests is enough
| @@ -0,0 +1,63 @@ | |||
| --- | |||
| kind: ConfigMap | |||
There was a problem hiding this comment.
Disadvantage is that we spoil the generic code with "if macvtap DP".
I was writing a guide on "how to hack it", but I think there is an elegant way too.
So this issue where we want to keep user changes on objects deployed is pretty common, although we were successful avoiding addressing it, until now.
So let's think how can we make it generic in the CNAO framework and keep everything specific to the component under data/ or pkg/network.
Option A: The simplest fit into the current API would be to introduce a Kubernetes object label networkaddonsoperator.network.kubevirt.io/untouchable: "true" (or any better name after /). That can be set by a user who wants to debug manual changes on any deployed component (e.g. they want to change resource requests, add debugging flags to running apps etc). It can be also set by default under data/ manifests. The only code we need to introduce then would live around https://github.com/kubevirt/cluster-network-addons-operator/blob/master/pkg/apply/apply.go#L37, where we check if an existing object we want to update has this flag, if it does, we ignore it. If you implement it, please do it in a separate PR (in case we need to backport it) and document it at the bottom of the README.
I am tempted to say "let's just keep it as it is and wait for the proper API", but that would make it harder to test under kubevirt and if somebody unaware uses it (despite it us "experimental", they may get hurt).
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
from
0e76c7a to
e659087
Compare
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Also deploy the default configuration of the macvtap feature. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
As a result, when you apply the generated CNAO manifest, it will also deploy the macvtap-cni daemonsets and configuration. Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
Signed-off-by: Miguel Duarte Barroso <[email protected]>
maiqueb
force-pushed
the
integrate_macvtap_cni
branch
from
e659087 to
1322900
Compare
There was a problem hiding this comment.
Option A: The simplest fit into the current API would be to introduce a Kubernetes object label networkaddonsoperator.network.kubevirt.io/untouchable: "true" (or any better name after /). That can be set by a user who wants to debug manual changes on any deployed component (e.g. they want to change resource requests, add debugging flags to running apps etc). It can be also set by default under data/ manifests. The only code we need to introduce then would live around https://github.com/kubevirt/cluster-network-addons-operator/blob/master/pkg/apply/apply.go#L37, where we check if an existing object we want to update has this flag, if it does, we ignore it. If you implement it, please do it in a separate PR (in case we need to backport it) and document it at the bottom of the README.
I am tempted to say "let's just keep it as it is and wait for the proper API", but that would make it harder to test under kubevirt and if somebody unaware uses it (despite it us "experimental", they may get hurt).
Whatever the choice, it'll happen on a follow up set of patches.
I'm quite OK with adding that label.
| requests: | ||
| cpu: "60m" | ||
| memory: "30Mi" | ||
| limits: |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: phoracek The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
Add macvtap CNI to the list of network addons installed by the CNAO operator.
It deploys and empty configuration, which currently doesn't expose any host interfaces.
Once kubevirt/macvtap-cni#11 is merged, it would start to expose all the host's interfaces.