feat(core): detect if kvm enabled

Signed-off-by: Pavel Tishkov <[email protected]>

Author: fl64

images/hooks/cmd/migrate-virthandler-kvm-node-labels/main.go

@@ -0,0 +1,96 @@
+/*
+Copyright 2025 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// The purpose of this hook is to prevent already launched virt-handler pods from flapping, since the node group configuration virtualization-detect-kvm.sh will be responsible for installing the label virtualization.deckhouse.io/kvm-enabled.
+
+package main
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/deckhouse/module-sdk/pkg"
+	"github.com/deckhouse/module-sdk/pkg/app"
+	"github.com/deckhouse/module-sdk/pkg/registry"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/utils/ptr"
+
+	"hooks/pkg/common"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+const (
+	nodesMetadataSnapshot     = "virthandler-nodes"
+	virtHandlerLabel          = "kubevirt.internal.virtualization.deckhouse.io/schedulable"
+	virtHandlerNodeLabelValue = "true"
+	kvmEnabledLabel           = "virtualization.deckhouse.io/kvm-enabled"
+	kvmEnabledLabelValue      = "true"
+	nodeJQFilter              = ".metadata"
+)
+
+var _ = registry.RegisterFunc(configDiscoveryService, handleVirtHandlerNodes)
+
+var configDiscoveryService = &pkg.HookConfig{
+	OnBeforeHelm: &pkg.OrderedConfig{Order: 1},
+	Kubernetes: []pkg.KubernetesConfig{
+		{
+			Name:       nodesMetadataSnapshot,
+			APIVersion: "v1",
+			Kind:       "Node",
+			JqFilter:   nodeJQFilter,
+			LabelSelector: &metav1.LabelSelector{
+				MatchLabels: map[string]string{
+					virtHandlerLabel: virtHandlerNodeLabelValue,
+				},
+			},
+			ExecuteHookOnSynchronization: ptr.To(false),
+			ExecuteHookOnEvents:          ptr.To(false),
+		},
+	},
+
+	Queue: fmt.Sprintf("modules/%s", common.MODULE_NAME),
+}
+
+func handleVirtHandlerNodes(_ context.Context, input *pkg.HookInput) error {
+	nodeMetadatas := input.Snapshots.Get(nodesMetadataSnapshot)
+	if len(nodeMetadatas) == 0 {
+		return nil
+	}
+
+	for _, nodeMetadata := range nodeMetadatas {
+		metadata := &metav1.ObjectMeta{}
+		if err := nodeMetadata.UnmarshalTo(metadata); err != nil {
+			input.Logger.Error(fmt.Sprintf("Failed to unmarshal node metadata %v", err))
+		}
+
+		_, ok := metadata.Labels[kvmEnabledLabel]
+		if ok {
+			continue
+		} else {
+			metadata.Labels[kvmEnabledLabel] = kvmEnabledLabelValue
+			nodePatch := v1.Node{}
+			nodePatch.ObjectMeta = *metadata
+			input.PatchCollector.PatchWithMerge(nodePatch, "v1", "Node", "", metadata.Name)
+		}
+	}
+
+	return nil
+}
+
+func main() {
+	app.Run()
+}

images/hooks/cmd/migrate-virthandler-kvm-node-labels/main_test.go

@@ -0,0 +1,219 @@
+/*
+Copyright 2025 Flant JSC
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package main
+
+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"os"
+	"testing"
+	"time"
+
+	"github.com/deckhouse/deckhouse/pkg/log"
+	"github.com/deckhouse/module-sdk/pkg"
+	"github.com/deckhouse/module-sdk/pkg/jq"
+	"github.com/deckhouse/module-sdk/testing/mock"
+	. "github.com/onsi/ginkgo"
+	. "github.com/onsi/gomega"
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"sigs.k8s.io/yaml"
+)
+
+func TestMigrateVirthandlerKVMLabels(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "Migrate virthandler KVM labels Suite")
+}
+
+var _ = Describe("Migrate virthandler KVM labels", func() {
+	err := os.Setenv("D8_IS_TESTS_ENVIRONMENT", "true")
+	Expect(err).ShouldNot(HaveOccurred())
+
+	const (
+		node1YAML = `
+---
+apiVersion: v1
+kind: Node
+metadata:
+  labels:
+    kubevirt.internal.virtualization.deckhouse.io/schedulable: "true"
+  name: node1
+`
+
+		node2YAML = `
+---
+apiVersion: v1
+kind: Node
+metadata:
+  labels:
+    kubevirt.internal.virtualization.deckhouse.io/schedulable: "true"
+    virtualization.deckhouse.io/kvm-enabled: "true"
+  name: node2
+`
+
+		node3YAML = `
+---
+apiVersion: v1
+kind: Node
+metadata:
+  labels:
+    kubevirt.internal.virtualization.deckhouse.io/schedulable: "true"
+    virtualization.deckhouse.io/kvm-enabled: "false"
+  name: node3
+`
+
+		node4YAML = `
+---
+apiVersion: v1
+kind: Node
+metadata:
+  labels:
+    kubevirt.internal.virtualization.deckhouse.io/schedulable: "true"
+  name: node6
+`
+	)
+
+	var (
+		snapshots      *mock.SnapshotsMock
+		values         *mock.PatchableValuesCollectorMock
+		patchCollector *mock.PatchCollectorMock
+		input          *pkg.HookInput
+		buf            *bytes.Buffer
+	)
+
+	filterResultNode1, err := nodeYamlToSnapshot(node1YAML)
+	if err != nil {
+		Expect(err).ShouldNot(HaveOccurred())
+	}
+
+	filterResultNode2, err := nodeYamlToSnapshot(node2YAML)
+	if err != nil {
+		Expect(err).ShouldNot(HaveOccurred())
+	}
+
+	filterResultNode3, err := nodeYamlToSnapshot(node3YAML)
+	if err != nil {
+		Expect(err).ShouldNot(HaveOccurred())
+	}
+
+	filterResultNode4, err := nodeYamlToSnapshot(node4YAML)
+	if err != nil {
+		Expect(err).ShouldNot(HaveOccurred())
+	}
+
+	BeforeEach(func() {
+		snapshots = mock.NewSnapshotsMock(GinkgoT())
+		values = mock.NewPatchableValuesCollectorMock(GinkgoT())
+		patchCollector = mock.NewPatchCollectorMock(GinkgoT())
+
+		buf = bytes.NewBuffer([]byte{})
+
+		input = &pkg.HookInput{
+			Values:    values,
+			Snapshots: snapshots,
+			Logger: log.NewLogger(log.Options{
+				Level:  log.LevelDebug.Level(),
+				Output: buf,
+				TimeFunc: func(_ time.Time) time.Time {
+					parsedTime, err := time.Parse(time.DateTime, "2006-01-02 15:04:05")
+					Expect(err).ShouldNot(HaveOccurred())
+					return parsedTime
+				},
+			}),
+			PatchCollector: patchCollector,
+		}
+	})
+
+	Context("Empty cluster", func() {
+		It("Hook must execute successfully", func() {
+			snapshots.GetMock.When(nodesMetadataSnapshot).Then(
+				[]pkg.Snapshot{},
+			)
+			err := handleVirtHandlerNodes(context.Background(), input)
+			Expect(err).ShouldNot(HaveOccurred())
+		})
+	})
+
+	Context("Four nodes but only two should be patched.", func() {
+		It("Hook must execute successfully", func() {
+
+			expectedVMLabels := map[string]map[string]string{
+				"node1": {
+					virtHandlerLabel: virtHandlerNodeLabelValue,
+				},
+				"node6": {
+					virtHandlerLabel: virtHandlerNodeLabelValue,
+				},
+			}
+
+			snapshots.GetMock.When(nodesMetadataSnapshot).Then(
+				[]pkg.Snapshot{
+					mock.NewSnapshotMock(GinkgoT()).UnmarshalToMock.Set(getNodeSnapshot(filterResultNode1)),
+					mock.NewSnapshotMock(GinkgoT()).UnmarshalToMock.Set(getNodeSnapshot(filterResultNode2)),
+					mock.NewSnapshotMock(GinkgoT()).UnmarshalToMock.Set(getNodeSnapshot(filterResultNode3)),
+					mock.NewSnapshotMock(GinkgoT()).UnmarshalToMock.Set(getNodeSnapshot(filterResultNode4)),
+				},
+			)
+
+			patchCollector.PatchWithMergeMock.Set(func(patch any, apiVersion, kind, namespace, name string, opts ...pkg.PatchCollectorOption) {
+				node, ok := patch.(v1.Node)
+				Expect(ok).To(BeTrue())
+				Expect(expectedVMLabels).To(HaveKey(name))
+				for k, v := range expectedVMLabels[name] {
+					Expect(node.Labels).Should(HaveKeyWithValue(k, v))
+				}
+				delete(expectedVMLabels, name)
+			})
+			err := handleVirtHandlerNodes(context.Background(), input)
+			Expect(err).ShouldNot(HaveOccurred())
+			Expect(expectedVMLabels).To(HaveLen(0))
+		})
+	})
+
+})
+
+func nodeYamlToSnapshot(manifest string) (string, error) {
+	node := new(v1.Node)
+	err := yaml.Unmarshal([]byte(manifest), node)
+	if err != nil {
+		return "", err
+	}
+
+	query, err := jq.NewQuery(nodeJQFilter)
+	if err != nil {
+		return "", err
+	}
+
+	filterResult, err := query.FilterObject(context.Background(), node)
+	if err != nil {
+		return "", err
+	}
+
+	return filterResult.String(), nil
+}
+
+func getNodeSnapshot(nodeManifest string) func(v any) (err error) {
+	return func(v any) (err error) {
+		rt := v.(*metav1.ObjectMeta)
+		if err := json.Unmarshal([]byte(nodeManifest), rt); err != nil {
+			return err
+		}
+
+		return nil
+	}
+}

images/hooks/go.mod

@@ -8,13 +8,15 @@ require (
 	github.com/deckhouse/deckhouse/pkg/log v0.0.0-20250424095005-9ab587d01d7a
 	github.com/deckhouse/module-sdk v0.2.2
 	github.com/deckhouse/virtualization/api v0.15.0
+	github.com/onsi/ginkgo v1.16.4
 	github.com/onsi/ginkgo/v2 v2.17.1
 	github.com/onsi/gomega v1.32.0
 	github.com/tidwall/gjson v1.14.4
 	golang.org/x/crypto v0.38.0
 	k8s.io/api v0.30.11
 	k8s.io/apimachinery v0.30.11
 	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8
+	sigs.k8s.io/yaml v1.4.0
 )
 
 require (
@@ -50,6 +52,8 @@ require (
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/itchyny/gojq v0.12.17 // indirect
+	github.com/itchyny/timefmt-go v0.1.6 // indirect
 	github.com/jmoiron/sqlx v1.3.5 // indirect
 	github.com/jonboulle/clockwork v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
@@ -60,6 +64,7 @@ require (
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/nxadm/tail v1.4.8 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/openshift/api v0.0.0-20230503133300-8bbcb7ca7183 // indirect
@@ -94,6 +99,7 @@ require (
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/protobuf v1.35.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.30.11 // indirect
@@ -106,7 +112,6 @@ require (
 	sigs.k8s.io/controller-runtime v0.18.7 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
-	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
 replace golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872

images/hooks/go.sum

@@ -204,11 +204,13 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8m
 github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw=
 github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/nxadm/tail v1.4.4/go.mod h1:kenIhsEOeOJmVchQTgglprH7qJGnHDVpk1VPCcaMI8A=
+github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE=
 github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU=
 github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
 github.com/onsi/ginkgo v1.12.1/go.mod h1:zj2OWP4+oCPe1qIXoGWkgMRwljMUYCdkwsT2108oapk=
 github.com/onsi/ginkgo v1.14.0/go.mod h1:iSB4RoI2tjJc9BBv4NKIKWKya62Rps+oPG/Lv9klQyY=
+github.com/onsi/ginkgo v1.16.4 h1:29JGrr5oVBm5ulCWet69zQkzWipVXIol6ygQUe/EzNc=
 github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vvnwo0=
 github.com/onsi/ginkgo/v2 v2.0.0/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
 github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8=
@@ -468,6 +470,7 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EV
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
 gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
 gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

images/hooks/werf.inc.yaml

@@ -35,3 +35,4 @@ shell:
   - go build -ldflags="-s -w" -o /hooks/generate-secret-for-dvcr ./cmd/generate-secret-for-dvcr
   - go build -ldflags="-s -w" -o /hooks/discovery-clusterip-service-for-dvcr ./cmd/discovery-clusterip-service-for-dvcr
   - go build -ldflags="-s -w" -o /hooks/discovery-workload-nodes ./cmd/discovery-workload-nodes
+  - go build -ldflags="-s -w" -o /hooks/migrate-virthandler-kvm-node-labels ./cmd/migrate-virthandler-kvm-node-labels