New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
net, admitter: Move (all) network validation admitters under network
pkg.
#11698
Conversation
Validators that check that the network name is unique and that each network has a counterpart interface have been moved and adjusted to the `network/admitter` package. Signed-off-by: Edward Haas <edwardh@redhat.com>
Testing uniqueness of a port name between different interfaces is irrelevant because there can be only a single pod network. The existing validation checks the duplication for pod network interfaces only. Signed-off-by: Edward Haas <edwardh@redhat.com>
network
pkg.
/test pull-kubevirt-e2e-k8s-1.29-ipv6-sig-network |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for this clean up PR, awesome work
Overall looks good to me please see my comments.
nit are not a must.
}, | ||
}, | ||
{ | ||
Name: "default", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I suggest to not duplicate the network test here, its a bit confusing becuase this test is about interfaces name duplication but it can also fail due to network name duplications.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is not better and not worse than placing here a single network or two networks of a different name. In all scenarios we will get a combination or failures.
Therefore, I chose this one which seems simple enough.
{ | ||
Name: "default", | ||
InterfaceBindingMethod: v1.InterfaceBindingMethod{Bridge: &v1.InterfaceBridge{}}, | ||
}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Mix and match using v1.DefaultBridgeNetworkInterface
and having in-place interface definition is a bit confusing.
You can simulate duplication by using *v1.DefaultBridgeNetworkInterface(),
twice.
If you like to reflect the interface names better, I think it better to have additional in place interface definition (as in lines 84-88).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
pkg/network/admitter/binding.go
Outdated
if iface.Binding != nil { | ||
if hasInterfaceBindingMethod(iface) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think we can reduce if clauses here:
if iface.Binding != nil { | |
if hasInterfaceBindingMethod(iface) { | |
if iface.Binding != nil && hasInterfaceBindingMethod(iface) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
@@ -52,3 +62,22 @@ func hasInterfaceBindingMethod(iface v1.Interface) bool { | |||
iface.InterfaceBindingMethod.Macvtap != nil || | |||
iface.InterfaceBindingMethod.Passt != nil | |||
} | |||
|
|||
func validateMasqueradeBinding(fieldPath *field.Path, idx int, iface v1.Interface, net v1.Network) []metav1.StatusCause { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think checking the iface use masquerade binding can be asked once and reused.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I do not understand what you mean by this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The masquerade binding check, at lines 66 and 73.
v1 "kubevirt.io/api/core/v1" | ||
) | ||
|
||
func validatePasstBinding( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since passt iface API is deprecated in favor of Passt network binding plugin, I think it will be nice if this validation function would reflect it, and maybe recommend using the plugin.
Changing it on a follow up PR may be a better fit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is part of the passt core binding check, not about the binding plugin which is not specific to passt or any other binding. When we remove passt core binding, we will remove these as well.
//networkNameMap := vmispec.IndexNetworkSpecByName(spec.Networks) | ||
|
||
// Make sure the port name is unique across all the interfaces | ||
portForwardMap := make(map[string]struct{}) | ||
//portForwardMap := make(map[string]struct{}) | ||
|
||
// Validate that each interface has a matching network | ||
for idx, iface := range spec.Domain.Devices.Interfaces { | ||
|
||
networkData, networkExists := networkNameMap[iface.Name] | ||
//networkData, networkExists := networkNameMap[iface.Name] | ||
|
||
causes = append(causes, validatePortConfiguration(field, networkExists, &networkData, iface, idx, portForwardMap)...) | ||
//causes = append(causes, validatePortConfiguration(field, networkExists, &networkData, iface, idx, portForwardMap)...) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't the commented line be removed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like leftovers, thanks.
Done.
causes = append(causes, metav1.StatusCause{ | ||
Type: metav1.CauseTypeFieldValueInvalid, | ||
Message: "Macvtap feature gate is not enabled", | ||
Field: fieldPath.Child("domain", "devices", "interfaces").Index(idx).Child("name").String(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think the field path string can be reused
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In this case, we will loose context in favor of a negligible optimization.
I think it is more readable this way and it is consistent with how we use it all over.
causes = append(causes, metav1.StatusCause{ | ||
Type: metav1.CauseTypeFieldValueInvalid, | ||
Message: "Passt feature gate is not enabled", | ||
Field: fieldPath.Child("domain", "devices", "interfaces").Index(idx).Child("name").String(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think the field path string can be reused
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same answer as before.
field.Child("domain", "devices", "interfaces").Index(idx).Child("name").String(), | ||
iface.MacAddress, | ||
), | ||
Field: field.Child("domain", "devices", "interfaces").Index(idx).Child("macAddress").String(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: I think the field path string can be reused
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same answer as before.
causes = append(causes, metav1.StatusCause{ | ||
Type: metav1.CauseTypeFieldValueDuplicate, | ||
Message: fmt.Sprintf("Duplicate name of the port: %s", forwardPort.Name), | ||
Field: field.Child("domain", "devices", "interfaces").Index(idx).Child("ports").Index(portIdx).Child("name").String(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Field path string can be reused
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same answer as before
Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Two masquerade binding validations, that check it is set with pod network and is not using the reserved mac address, have been moved to the `network/admitter` package. Signed-off-by: Edward Haas <edwardh@redhat.com>
The unit tests have been using a cluster-config-checker stub that was originally focused on SLIRP tests. Later it was used to just satisfy other scenarios which had nothing to do with SLIRP. As new cluster-config methods are needed for other scenarios, the current stub is generalized by name and location. Signed-off-by: Edward Haas <edwardh@redhat.com>
The validation that checks an interface with bridge binding set on a pod network is moved to the `network/admitter` package. Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
The passt core binding has a validation that checks that it is defined without any other interface in the spec. We support only L2 bindings on the secondary interfaces which use bridging to ling the pod interface to the VM. Therefore, there is no real limitation to have additional interfaces to passt. In addition, passt is targeted for removal after declared as deprecated in favor of the binding plugin version of it. Therefore, this single interface validation is removed. Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Signed-off-by: Edward Haas <edwardh@redhat.com>
Move interface fields validation to the `network/admitter` package and adjust them to the new location. The following validations have been moved in this change: - Interface name format. - Interface model. - Interface mac address. - Interface PCI address. Signed-off-by: Edward Haas <edwardh@redhat.com>
The interface port validations are moved to `network/admitter` and refactored there to use test tables. Signed-off-by: Edward Haas <edwardh@redhat.com>
Tests have been converted to test tables and duplicate tests removed. Signed-off-by: Edward Haas <edwardh@redhat.com>
423befe
to
f42ccc0
Compare
change: Answered review. |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: enp0s3 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -52,3 +62,22 @@ func hasInterfaceBindingMethod(iface v1.Interface) bool { | |||
iface.InterfaceBindingMethod.Macvtap != nil || | |||
iface.InterfaceBindingMethod.Passt != nil | |||
} | |||
|
|||
func validateMasqueradeBinding(fieldPath *field.Path, idx int, iface v1.Interface, net v1.Network) []metav1.StatusCause { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The masquerade binding check, at lines 66 and 73.
if iface.Binding != nil && !config.NetworkBindingPlugingsEnabled() { | ||
return []metav1.StatusCause{{ | ||
Type: metav1.CauseTypeFieldValueInvalid, | ||
Message: "Binding plugins feature gate is not enabled", |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The original is wrong, this is a good opportunity to fix.
Required labels detected, running phase 2 presubmits: |
/test pull-kubevirt-e2e-k8s-1.27-sig-compute |
/retest-required |
/test pull-kubevirt-e2e-k8s-1.27-sig-network |
@EdDev: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
What this PR does
Move and when needed adjust network validation admitters to the
network/admitter
package.The logic is now properly owned and organized for the
sig-network
.Fixes #
Why we need it and why it was done in this way
The following tradeoffs were made:
The following alternatives were considered:
Links to places where the discussion took place:
Special notes for your reviewer
Checklist
This checklist is not enforcing, but it's a reminder of items that could be relevant to every PR.
Approvers are expected to review this list.
Release note