neonvm: prevent migrating VMs to the nodes with non-matching architecture #1123
Conversation
No changes to the coverage.
HTML Report |
mikhail-sakhnov
force-pushed
the
misha/architecture-fence-for-livemigration
branch
2 times, most recently
from
5446383 to
a036d85
Compare
mikhail-sakhnov
force-pushed
the
misha/architecture-fence-for-livemigration
branch
3 times, most recently
from
893c635 to
8e751ea
Compare
| if vm.Spec.Affinity != nil && vm.Spec.Affinity.NodeAffinity != nil && vm.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution != nil { | ||
| for _, term := range vm.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms { | ||
| for _, expr := range term.MatchExpressions { | ||
| if expr.Key == "kubernetes.io/arch" && expr.Operator == corev1.NodeSelectorOpIn && len(expr.Values) > 0 { |
There was a problem hiding this comment.
question: does len(expr.Values) > 0 mean that this function will return true for VMs that have an architecture affinity for e.g. "either amd64 or arm64" ? IIUC, would that mean that we could accidentally migrate between x86 and ARM?
There was a problem hiding this comment.
Values are checked in the loop body, if I understand correctly your question
| if err := addArchitectureAffinity(vm, sourceNode); err != nil { | ||
| log.Error(err, "Failed to add architecture affinity to VM", "sourceNodeStatus", sourceNode.Status) | ||
| } | ||
| if err = r.Update(ctx, vm); err != nil { | ||
| log.Error(err, "Failed to update node affinity of the source vm") | ||
| return ctrl.Result{RequeueAfter: time.Second}, err | ||
| } |
There was a problem hiding this comment.
question: IIUC, does this mean that the VM will permanently get affinity for the node it starts with?
Is there a reason we can't just do it on the target pod for the migration? (I guess, potential race conditions?)
There was a problem hiding this comment.
I don't think there is a particular reason, I just feel it is a bit safer to make the guard on the very first step of the migration.
Plus if we going to have multiarch clusters it is a bit unsafe to even have VM without architecture affinity, may be in later it should be even added during the VM creation, in the vmcontroller?
Signed-off-by: Misha Sakhnov <[email protected]>
mikhail-sakhnov
force-pushed
the
misha/architecture-fence-for-livemigration
branch
from
a0219ef to
c5ba550
Compare
Signed-off-by: Misha Sakhnov <[email protected]>
mikhail-sakhnov
force-pushed
the
misha/architecture-fence-for-livemigration
branch
from
c5ba550 to
f5246f7
Compare
Add node affinity to the VM spec during the live migration pending state, if it doesn't have.
#1083