Created attachment 1939992 [details] vm with memory conflict Created attachment 1939992 [details] vm with memory conflict Description of problem: When using instance type and setting "spec.template.spec.domain.resources.requests.memory" we get a "VM field conflicts" error. this prevents the use of other parameters of InstanceType that require those fields such as: "guestMappingPassthrough", "IOThreadsPolicy" EDIT: this bug will used to follow adding `guestMappingPassthrough` to the list of blocked instance type attributes Version-Release number of selected component (if applicable): 4.13 How reproducible: 100% Steps to Reproduce: 1. Create an InstanceType with "guestMappingPassthrough" + "IOThreadsPolicy" 2. Create a VM with the InstanceType Actual results: When trying to set "spec.template.spec.domain.resources.requests.memory": HTTP response body: b'{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"admission webhook \\"virtualmachine-validator.kubevirt.io\\" denied the request: VM field conflicts with selected Instancetype","reason":"Invalid","details":{"causes":[{"reason":"FieldValueInvalid","message":"VM field conflicts with selected Instancetype","field":"spec.template.spec.domain.resources.requests.memory"}]},"code":422}\n' When trying to set "guestMappingPassthrough" + "IOThreadsPolicy": HTTP response body: b'{"kind":"Status","apiVersion":"v1","metadata":{},"status":"Failure","message":"admission webhook \\"virtualmachine-validator.kubevirt.io\\" denied the request: spec.template.spec.domain.resources.requests.memory \'0\' must be equal to or larger than page size spec.template.spec.domain.hugepages.size \'1Gi\', spec.template.spec.domain.cpu.dedicatedCpuPlacement must be set to true when NUMA topology strategy is set in spec.template.spec.domain.cpu.numa.guestMappingPassthrough, Invalid IOThreadsPolicy (demi-io-thread-policy)","reason":"Invalid","details":{"causes":[{"reason":"FieldValueInvalid","message":"spec.template.spec.domain.resources.requests.memory \'0\' must be equal to or larger than page size spec.template.spec.domain.hugepages.size \'1Gi\'","field":"spec.template.spec.domain.resources.requests.memory"},{"reason":"FieldValueInvalid","message":"spec.template.spec.domain.cpu.dedicatedCpuPlacement must be set to true when NUMA topology strategy is set in spec.template.spec.domain.cpu.numa.guestMappingPassthrough","field":"spec.template.spec.domain.cpu.numa.guestMappingPassthrough"},{"reason":"FieldValueInvalid","message":"Invalid IOThreadsPolicy (demi-io-thread-policy)","field":"spec.template.spec.domain.ioThreadsPolicy"}]},"code":422}\n Expected results: VM is created Additional info:
Apologies for the delay! There are three separate validation failures here, one is an error in your test, the other two are valid IMHO: > { > "reason":"FieldValueInvalid", > "message":"spec.template.spec.domain.resources.requests.memory \\'0\\' must be equal to or larger than page size spec.template.spec.domain.hugepages.size \\'1Gi\\'", > "field":"spec.template.spec.domain.resources.requests.memory" > }, This is awkward as we actually apply the spec.domain.memory.guest value to spec.domain.resources.requests.memory in the VirtualMachineInstance mutation webhook [1] but the above failure is in the VirtualMachine validation webhook [2]. I'll write this up as a bug upstream and see what folks think about loosening this so it takes spec.domain.memory.guest into account. [1] https://github.com/kubevirt/kubevirt/blob/4366e522ef56ee0ffbc9f508ef30de4586d20fd3/pkg/virt-api/webhooks/mutating-webhook/mutators/vmi-mutator.go#L298-L300 [2] https://github.com/kubevirt/kubevirt/blob/4366e522ef56ee0ffbc9f508ef30de4586d20fd3/pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go#L1375-L1386 > { > "reason":"FieldValueInvalid", > "message":"spec.template.spec.domain.cpu.dedicatedCpuPlacement must be set to true when NUMA topology strategy is set in spec.template.spec.domain.cpu.numa.guestMappingPassthrough", > "field":"spec.template.spec.domain.cpu.numa.guestMappingPassthrough" > }, Okay we should likely add `guestMappingPassthrough` to the list of blocked instance type attributes [3] for now until resource request support is introduced allowing `dedicatedCpuPlacement` to be used. I'll use this bug to track that. [3] https://github.com/kubevirt/kubevirt/blob/4366e522ef56ee0ffbc9f508ef30de4586d20fd3/pkg/virt-api/webhooks/validating-webhook/admitters/instancetype-admitter.go#L120-L134 > { > "reason":"FieldValueInvalid", > "message":"Invalid IOThreadsPolicy (demi-io-thread-policy)", > "field":"spec.template.spec.domain.ioThreadsPolicy" > } This is an issue with your test, you need to use a valid IOThreadPolicy [4][5]. [4] https://github.com/kubevirt/kubevirt/blob/4366e522ef56ee0ffbc9f508ef30de4586d20fd3/pkg/virt-api/webhooks/validating-webhook/admitters/vmi-create-admitter.go#L68 [5] https://kubevirt.io/user-guide/virtual_machines/disks_and_volumes/#iothreads
(In reply to Lee Yarwood from comment #3) > > { > > "reason":"FieldValueInvalid", > > "message":"spec.template.spec.domain.resources.requests.memory \\'0\\' must be equal to or larger than page size spec.template.spec.domain.hugepages.size \\'1Gi\\'", > > "field":"spec.template.spec.domain.resources.requests.memory" > > }, > > This is awkward as we actually apply the spec.domain.memory.guest value to > spec.domain.resources.requests.memory in the VirtualMachineInstance mutation > webhook [1] but the above failure is in the VirtualMachine validation > webhook [2]. > > I'll write this up as a bug upstream and see what folks think about > loosening this so it takes spec.domain.memory.guest into account. > > [1] > https://github.com/kubevirt/kubevirt/blob/ > 4366e522ef56ee0ffbc9f508ef30de4586d20fd3/pkg/virt-api/webhooks/mutating- > webhook/mutators/vmi-mutator.go#L298-L300 > [2] > https://github.com/kubevirt/kubevirt/blob/ > 4366e522ef56ee0ffbc9f508ef30de4586d20fd3/pkg/virt-api/webhooks/validating- > webhook/admitters/vmi-create-admitter.go#L1375-L1386 I've written this up in the following upstream issue and PR: https://github.com/kubevirt/kubevirt/issues/9102 https://github.com/kubevirt/kubevirt/pull/9103 Roni, can you create a fresh RHBZ for this?
https://bugzilla.redhat.com/show_bug.cgi?id=2164590
Closing this bug as the info on it is misinterpreted, going to run the test to check "guestMappingPassthrough", in case it doesn't work will open a new bug
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Virtualization 4.13.0 Images security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:3205