Bug 2229164 - Bridge NAD should set "preserveDefaultVlan": false
Summary: Bridge NAD should set "preserveDefaultVlan": false
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Container Native Virtualization (CNV)
Classification: Red Hat
Component: Documentation
Version: 4.12.5
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: ---
Assignee: Shikha Jhala
QA Contact: Yossi Segev
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-08-04 13:57 UTC by Petr Horáček
Modified: 2023-08-30 20:28 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-30 20:28:15 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CNV-31769 0 None None None 2023-08-04 13:57:49 UTC

Description Petr Horáček 2023-08-04 13:57:14 UTC 
Document URL: 
https://docs.openshift.com/container-platform/4.13/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.html#virt-creating-linux-bridge-nad-cli_virt-attaching-vm-multiple-networks

Section Number and Name: 
Creating a Linux bridge network attachment definition in the CLI

Describe the issue: 
Due to https://bugzilla.redhat.com/show_bug.cgi?id=2179333, any VM connected to a VLAN through a bridge CNI NAD is also connected to the native VLAN 1. This is unintended. We should make sure our users set `"preserveDefaultVlan": false` to prevent this from happening.

Suggestions for improvement: 
Change the current example:
  apiVersion: "k8s.cni.cncf.io/v1"
  kind: NetworkAttachmentDefinition
  metadata:
    name: <bridge-network> 
    annotations:
      k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/<bridge-interface> 
  spec:
    config: '{
      "cniVersion": "0.3.1",
      "name": "<bridge-network>", 
      "type": "cnv-bridge", 
      "bridge": "<bridge-interface>", 
      "macspoofchk": true, 
      "vlan": 1 
    }'
To:
  apiVersion: "k8s.cni.cncf.io/v1"
  kind: NetworkAttachmentDefinition
  metadata:
    name: <bridge-network> 
    annotations:
      k8s.v1.cni.cncf.io/resourceName: bridge.network.kubevirt.io/<bridge-interface> 
  spec:
    config: '{
      "cniVersion": "0.3.1",
      "name": "<bridge-network>", 
      "type": "cnv-bridge", 
      "bridge": "<bridge-interface>", 
      "macspoofchk": true, 
      "vlan": 1,
      "preserveDefaultVlan": false
    }'

Additional information: 
This should be changed on all releases starting with 4.12.
The backend bug where this new attribute was introduced: https://bugzilla.redhat.com/show_bug.cgi?id=2179333
Comment 1 Shikha Jhala 2023-08-15 19:41:50 UTC 
@phoracek PR is ready for your review: https://github.com/openshift/openshift-docs/pull/63552. Thanks.
Comment 2 Shikha Jhala 2023-08-22 13:24:01 UTC 
Thank you @ysegev for reviewing the PR. Can you please move the bug to Verified status? Thank you.
Comment 3 Shikha Jhala 2023-08-30 17:35:06 UTC 
PR is merged. Moving status to Release Pending.
Comment 4 Shikha Jhala 2023-08-30 20:28:15 UTC 
The changes are now live on the customer-facing site: https://docs.openshift.com/container-platform/4.13/virt/virtual_machines/vm_networking/virt-attaching-vm-multiple-networks.html#virt-creating-linux-bridge-nad-cli_virt-attaching-vm-multiple-networks
Note You need to log in before you can comment on or make changes to this bug.