Bug 2136534 - Not possible to specify a TTL on VMExports
Summary: Not possible to specify a TTL on VMExports
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Storage
Version: 4.12.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ---
: 4.12.0
Assignee: Alex Kalenyuk
QA Contact: Jenia Peimer
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-10-20 14:23 UTC by Alex Kalenyuk
Modified: 2023-01-24 13:41 UTC (History)
2 users (show)

Fixed In Version: CNV v4.12.0-641
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-01-24 13:41:30 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github kubevirt kubevirt pull 8521 0 None Merged Add TTL field for VMExport objects 2022-11-02 10:17:16 UTC
Github kubevirt user-guide pull 614 0 None open VMExport TTL documentation 2022-11-03 12:33:27 UTC
Red Hat Issue Tracker CNV-21969 0 None None None 2022-10-27 12:13:34 UTC
Red Hat Product Errata RHSA-2023:0408 0 None None None 2023-01-24 13:41:41 UTC

Description Alex Kalenyuk 2022-10-20 14:23:06 UTC 
Description of problem:
For various reasons (security being one), users should be able to specify a TTL for the VMExport objects

Version-Release number of selected component (if applicable):
CNV 4.12.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:
No mechanism to specify a TTL

Expected results:
TTL supported

Additional info:
Comment 1 Jenia Peimer 2022-11-03 12:00:36 UTC 
Verified on CNV-v4.12.0-665

Create a VM and stop it:

$ oc create -f vm-ocs.yaml 
virtualmachine.kubevirt.io/vm-cirros-source-ocs created

$ oc get vm -A
NAMESPACE   NAME                   AGE   STATUS    READY
default     vm-cirros-source-ocs   28s   Running   True

$ virtctl stop vm-cirros-source-ocs
VM vm-cirros-source-ocs was scheduled to stop


Create a token:

$ cat token.yaml 
apiVersion: v1
kind: Secret
metadata:
    name: virt-export-token
data:
    token: bXl0b2tlbg==

$ oc create -f token.yaml 
secret/virt-export-token created


Create VMExport with ttlDuration:

$ cat vmexport-vm-ttl.yaml 
apiVersion: export.kubevirt.io/v1alpha1
kind: VirtualMachineExport
metadata:
    name: export-vm-object
spec:
    source:
        apiGroup: "kubevirt.io"
        kind: VirtualMachine
        name: vm-cirros-source-ocs
    tokenSecretRef: virt-export-token
    ttlDuration: 2m

$ oc create -f vmexport-vm-ttl.yaml
virtualmachineexport.export.kubevirt.io/export-vm-object created

$ oc get vmexport
NAME               SOURCEKIND       SOURCENAME             PHASE
export-vm-object   VirtualMachine   vm-cirros-source-ocs   Ready


Wait for 2 minutes:

$ oc get pods -w
NAME                           READY   STATUS    RESTARTS   AGE
virt-export-export-vm-object   1/1     Running   0          78s
virt-export-export-vm-object   0/1     Completed   0          2m
virt-export-export-vm-object   0/1     Terminating   0          2m
virt-export-export-vm-object   0/1     Terminating   0          2m2s
virt-export-export-vm-object   0/1     Terminating   0          2m2s
virt-export-export-vm-object   0/1     Terminating   0          2m2s

$ oc get pods
No resources found in default namespace.

$ oc get vmexport 
No resources found in default namespace.
Comment 2 Jenia Peimer 2022-11-03 12:06:41 UTC 
We also need to mention the TTL feature in kubevirt user-guide 
https://kubevirt.io/user-guide/operations/export_api/#export-api
Comment 3 Jenia Peimer 2022-11-03 12:33:27 UTC 
Thanks @akalenyu for the quick response with the user-guide PR: 
https://github.com/kubevirt/user-guide/pull/614
Comment 7 errata-xmlrpc 2023-01-24 13:41:30 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: OpenShift Virtualization 4.12.0 Images security update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2023:0408
Note You need to log in before you can comment on or make changes to this bug.