kubevirt icon indicating copy to clipboard operation
kubevirt copied to clipboard

Published 20 hours ago verified publisher icon kubevirt

Create kubevirt-node-validate

Open victortoso opened this issue 9 months ago • 4 comments

Is your feature request related to a problem? Please describe:

Sometimes it is hard to tell if KubeVirt can run in a given node or not. For instance, it is common to ask user to run virt-host-validate to check if something is missing on virtualization side but part of our stack might require new enough kernel or with some capabilities enabled.

Describe the solution you'd like:

We should have a tool that we could put this runtime requirements.

Additional context:

At the minimum, if a component crashes due lack of system's feature, we should be able to track it down by running this tool. Perhaps it can be used to avoid scheduling VMs in unsupported nodes (I'm sure we already have code that does this kind of checks)

See: https://github.com/kubevirt/kubevirt/issues/11886

victortoso avatar May 10 '24 12:05 victortoso

Would this be a CLI tool? Or an addition to virtctl?

How would you envision it to work?

i.e.

$ virtctl adm node-validate
foo01 PASS
foo02 PASS
bar42 FAIL - Missing …
$

Or how?

fabiand avatar May 13 '24 09:05 fabiand

Would this be a CLI tool? Or an addition to virtctl?

We would need to run it on the node, similar to virt-host-validate but with specific and important checks to KubeVirt to validate that node has runtime features we require such as /proc/sys/net/ipv4/ip_unprivileged_port_star mentioned in #11886.

Not sure how many checks we would need, but it feels right to have a place we could add KubeVirt specific node requirements.

How would you envision it to work?

At first, just a CLI tool. Could perhaps be integrated with virt-handler to validate further the node.

victortoso avatar May 13 '24 09:05 victortoso

I'm a bit uncertain if we should really run "virt-host-validate" as part of kubevirt. Ideally, we should expose the various virtualization features in a way that kubernetes can understand and that they can be query also by regular users and ideally used by the scheduler. Giving an example, kvm is present if we have the corresponding device plugin. Same for vhost-user.

alicefr avatar May 14 '24 07:05 alicefr

Can we return 1024 if /proc/sys/net/ipv4/ip_unprivileged_port_start does not exist? We won't be using passt-binding, so we can continue to use kubevirt on CentOS 7

Muyan0828 avatar May 17 '24 03:05 Muyan0828

What is the minimum kernel version? At kubevirt 1.2.0 I tested several versions of the kernel

kernel 3.10 3.15 4.4.5 4.14.15 4.16.9 4.17.14 4.18.16 5.4.15
vm false false false false false true true true

scydas avatar Jul 25 '24 14:07 scydas

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

/lifecycle stale

kubevirt-bot avatar Oct 29 '24 06:10 kubevirt-bot