do not deploy virtualization if moduleconfig is not valid

Signed-off-by: Yaroslav Borbat <[email protected]>

Author: yaroslavborbat

hooks/module_config_validator.py

@@ -30,6 +30,7 @@ class ModuleConfigValidateHook(Hook):
     def __init__(self, module_name: str):
         self.module_name = module_name
         self.queue = f"/modules/{self.module_name}/{self.SNAPSHOT_MODULE_CONFIG}"
+        self.path = "virtualization.internal.ready"
 
     def generate_config(self) -> dict:
         """executeHookOnEvent is empty because we need only execute at module start."""
@@ -86,16 +87,28 @@ def r(ctx: hook.Context):
                 .get("filterResult", {})
                 .get("cidrs", [])
             ]
-            self.check_overlaps_cidrs(cidrs)
+
+            try:
+                self.check_overlaps_cidrs(cidrs)
+            except ValueError as e:
+                print(f"ERROR: {e}")
+
+                self.set_value(self.path, ctx.values, False)
 
             node_addresses: list[IPv4Address] = [
                 ip_address(addr["address"])
                 for snap in ctx.snapshots.get(self.SNAPSHOT_NODES, [])
                 for addr in (snap.get("filterResult", {}).get("addresses") or [])
                 if addr.get("type") in {"InternalIP", "ExternalIP"}
             ]
-            self.check_node_addresses_overlap(cidrs, node_addresses)
 
+            try:
+                self.check_node_addresses_overlap(cidrs, node_addresses)
+            except ValueError as e:
+                print(f"ERROR: {e}")
+                self.set_value(self.path, ctx.values, False)
+
+            self.set_value(self.path, ctx.values, True)
         return r
 
 

openapi/values.yaml

@@ -122,3 +122,6 @@ properties:
         properties:
           nodeCount:
             type: integer
+      ready:
+        type: boolean
+        default: false

templates/admission-policy.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- $kubeVersion := .Values.global.discovery.kubernetesVersion }}
 {{- $apiVersion := "" }}
 {{- if semverCompare ">=1.30.0" $kubeVersion }}
@@ -69,3 +70,4 @@ spec:
     namespaceSelector: {}
     objectSelector: {}
 {{- end }}
+{{- end }}

templates/cdi/cdi-apiserver/vpa.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
@@ -24,3 +25,4 @@ spec:
         cpu: 100m
         memory: 150Mi
 {{- end }}
+{{- end }}

templates/cdi/cdi-deployment/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -12,3 +13,4 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: d8:rbac-proxy 
+{{- end }}

templates/cdi/cdi-deployment/vpa.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
@@ -24,3 +25,4 @@ spec:
         cpu: 100m
         memory: 150Mi
 {{- end }}
+{{- end }}

templates/cdi/cdi-operator/configmap.yaml

@@ -1,7 +1,9 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: cdi-operator-leader-election-helper
   namespace: d8-{{ .Chart.Name }}
   {{- include "helm_lib_module_labels" (list .) | nindent 2 }}
+{{- end }}

templates/cdi/cdi-operator/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- $priorityClassName := include "priorityClassName" . }}
 
 {{- define "cdi_images" -}}
@@ -123,3 +124,4 @@ spec:
       serviceAccountName: cdi-operator
       volumes:
       {{- include "kube_api_rewriter.kubeconfig_volume" . | nindent 6 }}
+{{- end }}

templates/cdi/cdi-operator/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -595,3 +596,4 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: d8:rbac-proxy
+{{- end }}

templates/cdi/config.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- $nodeSelectorSystem := index (include "helm_lib_node_selector" (tuple . "system") | fromYaml) "nodeSelector" | default (dict) | toJson }}
 {{- $nodeSelectorMaster := index (include "helm_lib_node_selector" (tuple . "master") | fromYaml) "nodeSelector" | default (dict) | toJson }}
 {{- $tolerationsSystem := index (include "helm_lib_tolerations" (tuple . "system") | fromYaml) "tolerations" | default (list) | toJson }}
@@ -156,3 +157,4 @@ spec:
   workload:
     nodeSelector:
       kubernetes.io/os: linux
+{{- end }}

templates/cdi/service-monitor.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "operator-prometheus-crd") }}
 ---
 apiVersion: monitoring.coreos.com/v1
@@ -36,3 +37,4 @@ spec:
     matchLabels:
       prometheus.cdi.internal.virtualization.deckhouse.io: "true"
 {{- end }}
+{{- end }}

templates/certificate.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if eq (include "helm_lib_module_https_mode" .) "CertManager" }}
 ---
 apiVersion: cert-manager.io/v1
@@ -15,4 +16,4 @@ spec:
   issuerRef:
     name: {{ include "helm_lib_module_https_cert_manager_cluster_issuer_name" . }}
     kind: ClusterIssuer
-{{- end }}
+{{- end }}{{- end }}

templates/custom-certificate.yaml

@@ -1 +1,3 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- include "helm_lib_module_https_copy_custom_certificate" (list . "d8-virtualization" "ingress-tls") -}}
+{{- end }}

templates/dvcr/ nodegroupconfiguration.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if ne (dig "dvcr" "serviceIP" "" .Values.virtualization.internal) "" }}
 ---
     {{- $ca := printf "%s" .Values.virtualization.internal.dvcr.cert.ca }}
@@ -54,3 +55,4 @@ spec:
               endpoint = ["https://{{ $endpoint }}"]
     EOF
 {{- end }}
+{{- end }}

templates/dvcr/configmap.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -26,4 +27,4 @@ data:
       storagedriver:
         enabled: true
         interval: 10s
-        threshold: 3
+        threshold: 3{{- end }}

templates/dvcr/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- $priorityClassName := include "priorityClassName" . }}
 {{- define "dvcr_resources" }}
 cpu: 50m
@@ -108,3 +109,4 @@ spec:
       {{- include "helm_lib_tolerations" (tuple . "system") | nindent 6 }}
       {{- include "helm_lib_module_pod_security_context_run_as_user_deckhouse_with_writable_fs" . | nindent 6 }}
       serviceAccountName: dvcr
+{{- end }}

templates/dvcr/pvc.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if eq .Values.virtualization.dvcr.storage.type "PersistentVolumeClaim" }}
 {{- $storageClassName := dig "storageClassName" "" .Values.virtualization.dvcr.storage.persistentVolumeClaim }}
 kind: PersistentVolumeClaim
@@ -16,3 +17,4 @@ spec:
   storageClassName: {{ $storageClassName }}
   {{- end }}
 {{- end }}
+{{- end }}

templates/dvcr/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -20,4 +21,4 @@ subjects:
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: d8:rbac-proxy
+  name: d8:rbac-proxy{{- end }}

templates/dvcr/secret.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if ne (dig "dvcr" "serviceIP" "" .Values.virtualization.internal) "" }}
 ---
 apiVersion: v1
@@ -54,3 +55,4 @@ data:
   s3SecretKey: {{ .Values.virtualization.dvcr.storage.objectStorage.s3.secretKey | quote }}
   {{- end }}
 {{- end }}
+{{- end }}

templates/dvcr/service-monitor.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "operator-prometheus-crd") }}
 ---
 apiVersion: monitoring.coreos.com/v1
@@ -24,3 +25,4 @@ spec:
       app: "dvcr"
 
 {{- end }}
+{{- end }}

templates/dvcr/svc.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 apiVersion: v1
 kind: Service
 metadata:
@@ -17,4 +18,4 @@ spec:
       targetPort: https-metrics
   selector:
     app: dvcr
-  
+  {{- end }}

templates/kube-api-rewriter/cm-kubeconfig-local.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: v1
 kind: ConfigMap
@@ -18,3 +19,4 @@ data:
           cluster: kube-api-rewriter
         name: kube-api-rewriter
     current-context: kube-api-rewriter
+{{- end }}

templates/kubevirt/kubevirt.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- $nodeSelectorSystem := index (include "helm_lib_node_selector" (tuple . "system") | fromYaml) "nodeSelector" | default (dict) | toJson }}
 {{- $nodeSelectorMaster := index (include "helm_lib_node_selector" (tuple . "master") | fromYaml) "nodeSelector" | default (dict) | toJson }}
 {{- $tolerationsSystem := index (include "helm_lib_tolerations" (tuple . "system") | fromYaml) "tolerations" | default (list) | toJson }}
@@ -278,3 +279,4 @@ env:
   workloadUpdateStrategy:
     workloadUpdateMethods:
       - LiveMigrate
+{{- end }}

templates/kubevirt/service-monitor.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "operator-prometheus-crd") }}
 ---
 apiVersion: monitoring.coreos.com/v1
@@ -233,3 +234,4 @@ spec:
       prometheus.kubevirt.internal.virtualization.deckhouse.io: "true"
 
 {{- end }}
+{{- end }}

templates/kubevirt/virt-api/vpa.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
@@ -24,3 +25,4 @@ spec:
         cpu: 20m
         memory: 250Mi
 {{- end }}
+{{- end }}

templates/kubevirt/virt-controller/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -12,3 +13,4 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: d8:rbac-proxy 
+{{- end }}

templates/kubevirt/virt-controller/vpa.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
@@ -24,3 +25,4 @@ spec:
         cpu: 20m
         memory: 400Mi
 {{- end }}
+{{- end }}

templates/kubevirt/virt-handler/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -12,3 +13,4 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: d8:rbac-proxy 
+{{- end }}

templates/kubevirt/virt-handler/vpa.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- if (.Values.global.enabledModules | has "vertical-pod-autoscaler-crd") }}
 ---
 apiVersion: autoscaling.k8s.io/v1
@@ -24,3 +25,4 @@ spec:
         cpu: 20m
         memory: 400Mi
 {{- end }}
+{{- end }}

templates/kubevirt/virt-operator/deployment.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- $priorityClassName := include "priorityClassName" . }}
 {{- define "kubevirt_images" -}}
 - name: VIRT_OPERATOR_IMAGE
@@ -163,3 +164,4 @@ spec:
         name: profile-data
       {{- include "kube_api_rewriter.kubeconfig_volume" . | nindent 6 }}
 
+{{- end }}

templates/kubevirt/virt-operator/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -1228,3 +1229,4 @@ subjects:
 - kind: ServiceAccount
   name: kubevirt-operator
   namespace: d8-{{ .Chart.Name }}
+{{- end }}

templates/monitoring.yaml

@@ -1,2 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 {{- include "helm_lib_grafana_dashboard_definitions" . }}
 {{- include "helm_lib_prometheus_rules" (list . "d8-virtualization") }}
+{{- end }}

templates/namespace.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -6,3 +7,4 @@ metadata:
   name: d8-{{ .Chart.Name }}
 ---
 {{- include "helm_lib_kube_rbac_proxy_ca_certificate" (list . (printf "d8-%s"  .Chart.Name)) }}
+{{- end }}

templates/nodegroupconfiguration-aio-max-nr.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 apiVersion: deckhouse.io/v1alpha1
 kind: NodeGroupConfiguration
 metadata:
@@ -54,3 +55,4 @@ spec:
     else
       exit 0
     fi
+{{- end }}

templates/nodegroupconfiguration-redos.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 apiVersion: deckhouse.io/v1alpha1
 kind: NodeGroupConfiguration
 metadata:
@@ -72,3 +73,4 @@ spec:
     else
       exit 0
     fi
+{{- end }}

templates/pre-delete-hook/job.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 apiVersion: batch/v1
 kind: Job
 metadata:
@@ -51,3 +52,4 @@ spec:
             memory: 150Mi
       {{- include "helm_lib_tolerations" (tuple . "any-node") | nindent 6 }}
       {{- include "helm_lib_module_pod_security_context_run_as_user_deckhouse" . | nindent 6 }}
+{{- end }}

templates/pre-delete-hook/rbac-for-us.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.virtualization.internal.ready }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -42,3 +43,4 @@ subjects:
   - kind: ServiceAccount
     name: virtualization-pre-delete-hook
     namespace: d8-{{ .Chart.Name }}
+{{- end }}