net, admitter: Move (all) network validation admitters under network pkg.
#11698
Conversation
Validators that check that the network name is unique and that each network has a counterpart interface have been moved and adjusted to the `network/admitter` package. Signed-off-by: Edward Haas <edwardh@redhat.com>
Testing uniqueness of a port name between different interfaces is irrelevant because there can be only a single pod network. The existing validation checks the duplication for pod network interfaces only. Signed-off-by: Edward Haas <edwardh@redhat.com>
kubevirt-bot
added
release-note-none
EdDev
changed the title
network pkg.
|
/test pull-kubevirt-e2e-k8s-1.29-ipv6-sig-network |
| }, | ||
| }, | ||
| { | ||
| Name: "default", |
There was a problem hiding this comment.
nit: I suggest to not duplicate the network test here, its a bit confusing becuase this test is about interfaces name duplication but it can also fail due to network name duplications.
There was a problem hiding this comment.
It is not better and not worse than placing here a single network or two networks of a different name. In all scenarios we will get a combination or failures.
Therefore, I chose this one which seems simple enough.
| { | ||
| Name: "default", | ||
| InterfaceBindingMethod: v1.InterfaceBindingMethod{Bridge: &v1.InterfaceBridge{}}, | ||
| }, |
There was a problem hiding this comment.
nit: Mix and match using v1.DefaultBridgeNetworkInterface and having in-place interface definition is a bit confusing.
You can simulate duplication by using *v1.DefaultBridgeNetworkInterface(), twice.
If you like to reflect the interface names better, I think it better to have additional in place interface definition (as in lines 84-88).
pkg/network/admitter/binding.go
Outdated
| if iface.Binding != nil { | ||
| if hasInterfaceBindingMethod(iface) { |
There was a problem hiding this comment.
nit: I think we can reduce if clauses here:
| if iface.Binding != nil { | |
| if hasInterfaceBindingMethod(iface) { | |
| if iface.Binding != nil && hasInterfaceBindingMethod(iface) { |
| @@ -52,3 +62,22 @@ func hasInterfaceBindingMethod(iface v1.Interface) bool { | |||
| iface.InterfaceBindingMethod.Macvtap != nil || | |||
| iface.InterfaceBindingMethod.Passt != nil | |||
| } | |||
|
|
|||
| func validateMasqueradeBinding(fieldPath *field.Path, idx int, iface v1.Interface, net v1.Network) []metav1.StatusCause { | |||
There was a problem hiding this comment.
nit: I think checking the iface use masquerade binding can be asked once and reused.
There was a problem hiding this comment.
Sorry, I do not understand what you mean by this.
There was a problem hiding this comment.
The masquerade binding check, at lines 66 and 73.
| v1 "kubevirt.io/api/core/v1" | ||
| ) | ||
|
|
||
| func validatePasstBinding( |
There was a problem hiding this comment.
Since passt iface API is deprecated in favor of Passt network binding plugin, I think it will be nice if this validation function would reflect it, and maybe recommend using the plugin.
Changing it on a follow up PR may be a better fit.
There was a problem hiding this comment.
This is part of the passt core binding check, not about the binding plugin which is not specific to passt or any other binding. When we remove passt core binding, we will remove these as well.
| //networkNameMap := vmispec.IndexNetworkSpecByName(spec.Networks) | ||
|
|
||
| // Make sure the port name is unique across all the interfaces | ||
| portForwardMap := make(map[string]struct{}) | ||
| //portForwardMap := make(map[string]struct{}) | ||
|
|
||
| // Validate that each interface has a matching network | ||
| for idx, iface := range spec.Domain.Devices.Interfaces { | ||
|
|
||
| networkData, networkExists := networkNameMap[iface.Name] | ||
| //networkData, networkExists := networkNameMap[iface.Name] | ||
|
|
||
| causes = append(causes, validatePortConfiguration(field, networkExists, &networkData, iface, idx, portForwardMap)...) | ||
| //causes = append(causes, validatePortConfiguration(field, networkExists, &networkData, iface, idx, portForwardMap)...) |
There was a problem hiding this comment.
Shouldn't the commented line be removed?
There was a problem hiding this comment.
Looks like leftovers, thanks.
Done.
| causes = append(causes, metav1.StatusCause{ | ||
| Type: metav1.CauseTypeFieldValueInvalid, | ||
| Message: "Macvtap feature gate is not enabled", | ||
| Field: fieldPath.Child("domain", "devices", "interfaces").Index(idx).Child("name").String(), |
There was a problem hiding this comment.
nit: I think the field path string can be reused
There was a problem hiding this comment.
In this case, we will loose context in favor of a negligible optimization.
I think it is more readable this way and it is consistent with how we use it all over.
| causes = append(causes, metav1.StatusCause{ | ||
| Type: metav1.CauseTypeFieldValueInvalid, | ||
| Message: "Passt feature gate is not enabled", | ||
| Field: fieldPath.Child("domain", "devices", "interfaces").Index(idx).Child("name").String(), |
There was a problem hiding this comment.
nit: I think the field path string can be reused
| field.Child("domain", "devices", "interfaces").Index(idx).Child("name").String(), | ||
| iface.MacAddress, | ||
| ), | ||
| Field: field.Child("domain", "devices", "interfaces").Index(idx).Child("macAddress").String(), |
There was a problem hiding this comment.
nit: I think the field path string can be reused
| causes = append(causes, metav1.StatusCause{ | ||
| Type: metav1.CauseTypeFieldValueDuplicate, | ||
| Message: fmt.Sprintf("Duplicate name of the port: %s", forwardPort.Name), | ||
| Field: field.Child("domain", "devices", "interfaces").Index(idx).Child("ports").Index(portIdx).Child("name").String(), |
There was a problem hiding this comment.
nit: Field path string can be reused
Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Two masquerade binding validations, that check it is set with pod network and is not using the reserved mac address, have been moved to the `network/admitter` package. Signed-off-by: Edward Haas <edwardh@redhat.com>
The unit tests have been using a cluster-config-checker stub that was originally focused on SLIRP tests. Later it was used to just satisfy other scenarios which had nothing to do with SLIRP. As new cluster-config methods are needed for other scenarios, the current stub is generalized by name and location. Signed-off-by: Edward Haas <edwardh@redhat.com>
The validation that checks an interface with bridge binding set on a pod network is moved to the `network/admitter` package. Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
The passt core binding has a validation that checks that it is defined without any other interface in the spec. We support only L2 bindings on the secondary interfaces which use bridging to ling the pod interface to the VM. Therefore, there is no real limitation to have additional interfaces to passt. In addition, passt is targeted for removal after declared as deprecated in favor of the binding plugin version of it. Therefore, this single interface validation is removed. Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Move interface fields validation to the `network/admitter` package and adjust them to the new location. The following validations have been moved in this change: - Interface name format. - Interface model. - Interface mac address. - Interface PCI address. Signed-off-by: Edward Haas <edwardh@redhat.com>
The interface port validations are moved to `network/admitter` and refactored there to use test tables. Signed-off-by: Edward Haas <edwardh@redhat.com>
Tests have been converted to test tables and duplicate tests removed. Signed-off-by: Edward Haas <edwardh@redhat.com>
EdDev
force-pushed
the
admitters-net-move-part3
branch
from
423befe
to
f42ccc0
Compare
|
change: Answered review. |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enp0s3 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kubevirt-bot
added
the
approved
| @@ -52,3 +62,22 @@ func hasInterfaceBindingMethod(iface v1.Interface) bool { | |||
| iface.InterfaceBindingMethod.Macvtap != nil || | |||
| iface.InterfaceBindingMethod.Passt != nil | |||
| } | |||
|
|
|||
| func validateMasqueradeBinding(fieldPath *field.Path, idx int, iface v1.Interface, net v1.Network) []metav1.StatusCause { | |||
There was a problem hiding this comment.
The masquerade binding check, at lines 66 and 73.
| if iface.Binding != nil && !config.NetworkBindingPlugingsEnabled() { | ||
| return []metav1.StatusCause{{ | ||
| Type: metav1.CauseTypeFieldValueInvalid, | ||
| Message: "Binding plugins feature gate is not enabled", |
There was a problem hiding this comment.
The original is wrong, this is a good opportunity to fix.
|
Required labels detected, running phase 2 presubmits: |
|
/test pull-kubevirt-e2e-k8s-1.27-sig-compute |
|
/retest-required |
|
/test pull-kubevirt-e2e-k8s-1.27-sig-network |
|
@EdDev: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
What this PR does
Move and when needed adjust network validation admitters to the
network/admitterpackage.The logic is now properly owned and organized for the
sig-network.Fixes #
Why we need it and why it was done in this way
The following tradeoffs were made:
The following alternatives were considered:
Links to places where the discussion took place:
Special notes for your reviewer
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note