Bug 2229164

Summary: Bridge NAD should set "preserveDefaultVlan": false
Product: Container Native Virtualization (CNV) Reporter: Petr Horáček <phoracek>
Component: DocumentationAssignee: Shikha Jhala <sjhala>
Status: CLOSED CURRENTRELEASE QA Contact: Yossi Segev <ysegev>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.12.5CC: ysegev
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-30 20:28:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Petr Horáček 2023-08-04 13:57:14 UTC 
Document URL: 
https://docs.openshift.com/container-platform/4.13/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.html#virt-creating-linux-bridge-nad-cli_virt-attaching-vm-multiple-networks

Section Number and Name: 
Creating a Linux bridge network attachment definition in the CLI

Describe the issue: 
Due to https://bugzilla.redhat.com/show_bug.cgi?id=2179333, any VM connected to a VLAN through a bridge CNI NAD is also connected to the native VLAN 1. This is unintended. We should make sure our users set `"preserveDefaultVlan": false` to prevent this from happening.

Suggestions for improvement: 
Change the current example:
  apiVersion: "k8s.cni.cncf.io/v1"
  kind: NetworkAttachmentDefinition
  metadata:
    name: <bridge-network> 
    annotations:
      k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/<bridge-interface> 
  spec:
    config: '{
      "cniVersion": "0.3.1",
      "name": "<bridge-network>", 
      "type": "cnv-bridge", 
      "bridge": "<bridge-interface>", 
      "macspoofchk": true, 
      "vlan": 1 
    }'
To:
  apiVersion: "k8s.cni.cncf.io/v1"
  kind: NetworkAttachmentDefinition
  metadata:
    name: <bridge-network> 
    annotations:
      k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/<bridge-interface> 
  spec:
    config: '{
      "cniVersion": "0.3.1",
      "name": "<bridge-network>", 
      "type": "cnv-bridge", 
      "bridge": "<bridge-interface>", 
      "macspoofchk": true, 
      "vlan": 1,
      "preserveDefaultVlan": false
    }'

Additional information: 
This should be changed on all releases starting with 4.12.
The backend bug where this new attribute was introduced: https://bugzilla.redhat.com/show_bug.cgi?id=2179333
Comment 1 Shikha Jhala 2023-08-15 19:41:50 UTC 
@phoracek PR is ready for your review: https://github.com/openshift/openshift-docs/pull/63552. Thanks.
Comment 2 Shikha Jhala 2023-08-22 13:24:01 UTC 
Thank you @ysegev for reviewing the PR. Can you please move the bug to Verified status? Thank you.
Comment 3 Shikha Jhala 2023-08-30 17:35:06 UTC 
PR is merged. Moving status to Release Pending.
Comment 4 Shikha Jhala 2023-08-30 20:28:15 UTC 
The changes are now live on the customer-facing site: https://docs.openshift.com/container-platform/4.13/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.html#virt-creating-linux-bridge-nad-cli_virt-attaching-vm-multiple-networks