Skip to content

Instantly share code, notes, and snippets.

@usrbinkat

usrbinkat/README.md

Last active June 9, 2022 19:54
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save usrbinkat/500a2d7314d938f6582f36059a7c1b29 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save usrbinkat/500a2d7314d938f6582f36059a7c1b29 to your computer and use it in GitHub Desktop.
Download ZIP
microshift + kubevirt + multus failure scenario
Raw
README.md

Pursuant to microshift SCC bug chasing on Kubernetes #kubevirt-dev slack thread

  1. Install Fedora 35 Server on kvm device equipped VM
  2. Configure with br0 interface connected to local network
  3. Install Kubevirt dependencies and deploy vm:
##################################################################################
# Install Microshift

sudo dnf copr enable -y @redhat-et/microshift
sudo dnf module enable -y cri-o:1.21
sudo dnf install -y firewalld kernel-modules kubernetes-client helm dracut-squash squashfs-tools squashfuse fuse jq
sudo dnf install -y firewalld kubernetes-client helm jq cri-o cri-tools microshift tmux NetworkManager-tui
sudo systemctl enable --now crio
sudo systemctl enable --now microshift
sudo systemctl disable firewalld

curl --output /tmp/virtctl -L https://github.com/kubevirt/kubevirt/releases/download/$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases/latest | awk -F '[",]' '/tag_name/{print $4}')/virtctl-$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases/latest | awk -F '[",]' '/tag_name/{print $4}')-linux-amd64
sudo install -o root -g root -m 0755 /tmp/virtctl /usr/local/bin/virtctl

sudo grubby --update-kernel=ALL --args 'selinux=0 intel_iommu=on iommu=pt rd.driver.pre=vfio-pci pci=realloc'

mkdir -p ~/.kube
touch ~/.kube/config
chmod 600 ~/.kube/config
sudo cat /var/lib/microshift/resources/kubeadmin/kubeconfig > ~/.kube/config 
sudo ln -s /usr/bin/kubectl /usr/bin/k
kubectl get po -A

sudo shutdown -r now

##################################################################################
# Install Kubevirt

# Cert Manager (dependency for kubevirt webhook)
helm repo add jetstack https://charts.jetstack.io; helm repo update
helm upgrade --install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set installCRDs=true

# Kubevirt
curl -sL https://github.com/kubevirt/kubevirt/releases/download/$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases/latest | awk -F '[",]' '/tag_name/{print $4}')/kubevirt-operator.yaml | kubectl apply -f -
curl -sL https://github.com/kubevirt/kubevirt/releases/download/$(curl -s https://api.github.com/repos/kubevirt/kubevirt/releases/latest | awk -F '[",]' '/tag_name/{print $4}')/kubevirt-cr.yaml | kubectl apply -f -
cat <<EOF | kubectl apply -f -
---
apiVersion: kubevirt.io/v1
kind: KubeVirt
metadata:
  name: kubevirt
  namespace: kubevirt
spec:
  configuration:
    developerConfiguration: 
      featureGates:
        - LiveMigration
        - DataVolumes
        - ExpandDisks
        - ExperimentalIgnitionSupport
        - Sidecar
        - HostDevices
        - Snapshot
        - HotplugVolumes
        - ExperimentalVirtiofsSupport
        - GPU
EOF

watch kubectl get po -A
kubectl -n kubevirt wait kv kubevirt --for condition=Available

##################################################################################
# Install Multus - Fail method A - Mutually exclusive with method B

kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/v0.77.0/namespace.yaml
kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/v0.77.0/network-addons-config.crd.yaml
kubectl apply -f https://github.com/kubevirt/cluster-network-addons-operator/releases/download/v0.77.0/operator.yaml

cat <<EOF | kubectl apply -f -
---
apiVersion: networkaddonsoperator.network.kubevirt.io/v1
kind: NetworkAddonsConfig
metadata:
  name: cluster
spec:
  imagePullPolicy: IfNotPresent
  multus: {}
EOF

kubectl describe networkaddonsconfig cluster
 
##################################################################################
# Install Multus - Fail method B - Mutually exclusive with method A

kubectl apply -f https://raw.githubusercontent.com/k8snetworkplumbingwg/multus-cni/master/deployments/multus-daemonset-thick-plugin.yml
kubectl get pods --all-namespaces | grep -i multus
kubectl logs -n kube-system kube-multus-ds-zqbnz

##################################################################################
# Configure net-attach-def

cat <<EOF | kubectl apply -f -
apiVersion: k8s.cni.cncf.io/v1
kind: NetworkAttachmentDefinition
metadata:
  name: nadbr0
spec:
  config: '{"cniVersion":"0.3.1","name":"br0","plugins":[{"type":"bridge","bridge":"br0","ipam":{}},{"type":"tuning"}]}'
EOF
kubectl get net-attach-def -oyaml

##################################################################################
# Deploy simple pod network NAT Virtual Machine (working)
kubectl apply -f https://gist.githubusercontent.com/usrbinkat/500a2d7314d938f6582f36059a7c1b29/raw/f6ccbce3461424531a23c70fd55002521b0104ac/virtualmachine-jammy-pod-nat.yml
kubectl get events -w
virtctl console jammy
kubectl delete vm jammy

watch kubectl get po -A


##################################################################################
# Deploy multus bridged network NAT Virtual Machine (failing)

# Create user ssh key credential secret
ls ~/.ssh/id_rsa.pub >/dev/null || ssh-keygen
kubectl create secret generic kubevirt-sshpubkey-kc2user --from-file=key1=$HOME/.ssh/id_rsa.pub --dry-run=client -oyaml | kubectl apply -f -

# Deploy VM
kubectl apply -f https://gist.githubusercontent.com/usrbinkat/500a2d7314d938f6582f36059a7c1b29/raw/f6ccbce3461424531a23c70fd55002521b0104ac/virtualmachine-jammy-multus-bridge.yml
kubectl get events -w
... truncated ...
Warning   SyncFailed                virtualmachineinstance/jammy    failed to configure vmi network: setup failed, err: failed plugging phase1 at nic 'net1': Link not found
... truncated ...
Raw
fedora-microshift-vm.yaml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: fedora-microshift
namespace: default
labels:
app: kargo
spec:
dataVolumeTemplates:
- metadata:
creationTimestamp: null
name: fedora-microshift-volume-vda-root
namespace: default
spec:
pvc:
accessModes:
- ReadWriteOnce
resources:
limits:
storage: 32G
requests:
storage: 32G
storageClassName: microk8s-hostpath
source:
registry:
url: docker://docker.io/containercraft/fedora:35
running: true
template:
metadata:
creationTimestamp: null
spec:
accessCredentials:
- sshPublicKey:
propagationMethod:
qemuGuestAgent:
users:
- kc2user
source:
secret:
secretName: kubevirt-sshpubkey-kc2user
domain:
clock:
timer: {}
utc: {}
cpu:
cores: 1
model: host-passthrough
sockets: 1
threads: 6
devices:
autoattachGraphicsDevice: true
autoattachPodInterface: false
autoattachSerialConsole: true
disks:
- bootOrder: 1
disk:
bus: virtio
name: fedora-microshift-disk-vda-root
- disk:
bus: virtio
name: cloudinitdisk
interfaces:
- bridge: {}
model: virtio
name: enp1s0
networkInterfaceMultiqueue: false
rng: {}
machine:
type: q35
resources:
limits:
memory: 6G
requests:
devices.kubevirt.io/kvm: "1"
memory: 6G
hostname: fedora-microshift
networks:
- multus:
networkName: nadbr0
name: enp1s0
terminationGracePeriodSeconds: 0
volumes:
- name: fedora-microshift-disk-vda-root
dataVolume:
name: fedora-microshift-volume-vda-root
- name: cloudinitdisk
cloudInitNoCloud:
networkData: |
version: 2
bridges:
br0:
dhcp4: true
dhcp6: true
dhcp-identifier: mac
interfaces:
- enp1s0
- eth0
ethernets:
eth0:
dhcp4: false
dhcp6: false
enp1s0:
dhcp4: false
dhcp6: false
userData: |
#cloud-config
hostname: fedora-microshift
ssh_pwauth: true
disable_root: true
chpasswd:
list: |
kc2user:kc2user
expire: False
users:
- name: kc2user
shell: /bin/bash
lock_passwd: false
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo,libvirt,microshift,docker,ssl-cert
growpart:
mode: auto
devices: ['/']
ignore_growroot_disabled: true
package_upgrade: true
runcmd:
- "mkdir -p /home/kc2user/.ssh"
- "chown -R kc2user:kc2user /home/kc2user/.ssh"
- "mkdir -p /home/kc2user/.kube"
- "systemctl enable --now qemu-guest-agent"
- "systemctl restart qemu-guest-agent"
- "sudo dnf module enable -y cri-o:1.21"
- "sudo dnf install -y cri-o cri-tools"
- "systemctl enable --now crio"
- "sudo dnf copr enable -y @redhat-et/microshift"
- "sudo dnf install -y microshift"
- "sudo systemctl enable microshift --now"
- "sudo cat /var/lib/microshift/resources/kubeadmin/kubeconfig > /home/kc2user/.kube/config"
- "chown -R kc2user:kc2user /home/kc2user/.kube"
- "screenfetch"
Raw
virtualmachine-jammy-multus-bridge.yml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: jammy
labels:
os/flavor: ubuntu
os/release: jammy
spec:
running: true
template:
spec:
hostname: jammy
domain:
clock:
utc: {}
timer: {}
cpu:
threads: 2
model: host-passthrough
devices:
rng: {}
autoattachSerialConsole: true
autoattachGraphicsDevice: false
autoattachPodInterface: false
disks:
- name: jammy-disk-vda-root
bootOrder: 1
disk:
bus: virtio
- name: cloudinitdisk
disk:
bus: virtio
interfaces:
- name: enp1s0
model: virtio
bridge: {}
features:
acpi:
enabled: true
smm:
enabled: true
firmware:
bootloader:
efi:
secureBoot: true
machine:
type: q35
resources:
requests:
memory: 2G
devices.kubevirt.io/kvm: "1"
terminationGracePeriodSeconds: 0
networks:
- name: enp1s0
multus:
networkName: nadbr0
accessCredentials:
- sshPublicKey:
source:
secret:
secretName: kubevirt-sshpubkey-kc2user
propagationMethod:
qemuGuestAgent:
users:
- "kc2user"
volumes:
- name: jammy-disk-vda-root
containerDisk:
image: docker.io/containercraft/ubuntu:22.04
imagePullPolicy: IfNotPresent
- name: cloudinitdisk
cloudInitNoCloud:
networkData: |
version: 2
ethernets:
enp1s0:
dhcp4: true
dhcp6: true
dhcp-identifier: mac
userData: |
#cloud-config
ssh_pwauth: true
chpasswd:
list: |
kc2user:kc2user
expire: False
users:
- name: kc2user
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo,wheel,lxd,microk8s,xrdp,docker,ssl-cert
package_upgrade: true
packages:
- docker.io
runcmd:
- "snap remove lxd"
- "apt-get remove -y --allow-remove-essential apport apport-gtk python3-apport python3-problem-report shim-signed apport-symptoms python3-systemd ansible"
- "su -l kc2user -c 'gsettings set org.gnome.desktop.interface gtk-theme Yaru-dark'"
- "ip a s"
Raw
virtualmachine-jammy-pod-nat.yml
apiVersion: kubevirt.io/v1
kind: VirtualMachine
metadata:
name: jammy
labels:
os/flavor: ubuntu
os/release: jammy
spec:
running: true
template:
spec:
hostname: jammy
domain:
clock:
utc: {}
timer: {}
cpu:
threads: 2
model: host-passthrough
devices:
rng: {}
autoattachSerialConsole: true
autoattachGraphicsDevice: false
autoattachPodInterface: false
disks:
- name: jammy-disk-vda-root
bootOrder: 1
disk:
bus: virtio
- name: cloudinitdisk
disk:
bus: virtio
interfaces:
- name: enp1s0
model: virtio
bridge: {}
features:
acpi:
enabled: true
smm:
enabled: true
firmware:
bootloader:
efi:
secureBoot: true
machine:
type: q35
resources:
requests:
memory: 2G
devices.kubevirt.io/kvm: "1"
terminationGracePeriodSeconds: 0
networks:
- name: enp1s0
pod: {}
accessCredentials:
- sshPublicKey:
source:
secret:
secretName: kubevirt-sshpubkey-kc2user
propagationMethod:
qemuGuestAgent:
users:
- "kc2user"
volumes:
- name: jammy-disk-vda-root
containerDisk:
image: docker.io/containercraft/ubuntu:22.04
imagePullPolicy: IfNotPresent
- name: cloudinitdisk
cloudInitNoCloud:
networkData: |
version: 2
ethernets:
enp1s0:
dhcp4: true
dhcp6: true
dhcp-identifier: mac
userData: |
#cloud-config
ssh_pwauth: true
chpasswd:
list: |
kc2user:kc2user
expire: False
users:
- name: kc2user
shell: /bin/bash
sudo: ['ALL=(ALL) NOPASSWD:ALL']
groups: sudo,wheel,lxd,microk8s,xrdp,docker,ssl-cert
package_upgrade: true
packages:
- docker.io
runcmd:
- "snap remove lxd"
- "ip a s"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment