Skip to content

fix(vm): skip template network sync for main-only VMs#2475

Open
LopatinDmitr wants to merge 4 commits into
release-1.9from
fix/vm/cond-conf-applyied-and-restart
Open

fix(vm): skip template network sync for main-only VMs#2475
LopatinDmitr wants to merge 4 commits into
release-1.9from
fix/vm/cond-conf-applyied-and-restart

Conversation

@LopatinDmitr

@LopatinDmitr LopatinDmitr commented Jun 10, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Skip the network template synchronization path for VirtualMachines that only use the implicit Main network.

The network hotplug reconciliation can detect a mismatch between the desired implicit default network and an existing KubeVirt VM template that does not explicitly contain spec.template.spec.domain.devices.interfaces / spec.template.spec.networks. For Main-only VMs this mismatch must not be reconciled into a running KubeVirt VM template, because materializing the implicit default network as an explicit template field creates a non-live-updatable diff for KubeVirt.

Why do we need it, and what problem does it solve?

After the network hotplug changes, SyncKvvmHandler can enter the networksOutOfSync -> applyNetworkReadinessSync -> updateKVVM path for a Main-only VM.

For such VMs, the running VMI already has the default pod network via KubeVirt defaulting, but the KubeVirt VM template may not explicitly contain it. Updating the template while the VM is running changes:

spec.template.spec.domain.devices.interfaces:
- name: default
  bridge: {}
  model: virtio
  acpiIndex: 1

spec.template.spec.networks:
- name: default
  pod: {}

Older virt-controller versions can see this [] -> [default] template diff during module rollout and set KubeVirt RestartRequired=True with a non-live-updatable field was changed in the template spec. DVP then exposes it as AwaitingRestartToApplyConfiguration=True with UnexpectedState.

The same path can also produce a misleading ConfigurationApplied=False message about waiting for SDN, even though Main-only VMs do not have additional SDN-managed interfaces to wait for.

This fix skips the out-of-sync network reconciliation and readiness/update path for Main-only VMs. VMs with additional networks still use the existing SDN readiness and hotplug flow.

What is the expected result?

  1. Create a VM without explicit spec.networks or with only the Main network.
  2. Roll out the virtualization module version that contains network hotplug changes.
  3. Verify that the VM does not get:
    • ConfigurationApplied=False with Waiting for SDN to configure network interfaces on the pod.
    • AwaitingRestartToApplyConfiguration=True caused by materializing the implicit default network in the KubeVirt VM template.
  4. Verify that VMs with additional networks still reconcile through the SDN readiness path.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: vm
type: fix
summary: Prevent Main-only virtual machines from requiring restart due to implicit default network template synchronization.

@LopatinDmitr LopatinDmitr changed the base branch from main to release-1.9 June 10, 2026 16:09
@LopatinDmitr LopatinDmitr self-assigned this Jun 10, 2026
@LopatinDmitr LopatinDmitr force-pushed the fix/vm/cond-conf-applyied-and-restart branch 2 times, most recently from f902ba4 to d736c8f Compare June 11, 2026 09:02
@LopatinDmitr LopatinDmitr changed the title Fix/vm/cond conf applyied and restart fix(network): skip template network sync for main-only VMs Jun 11, 2026
@LopatinDmitr LopatinDmitr added this to the v1.9.1 milestone Jun 11, 2026
@LopatinDmitr LopatinDmitr changed the title fix(network): skip template network sync for main-only VMs fix(vm): skip template network sync for main-only VMs Jun 11, 2026
@LopatinDmitr LopatinDmitr force-pushed the fix/vm/cond-conf-applyied-and-restart branch from d736c8f to b3e2806 Compare June 11, 2026 09:05
@LopatinDmitr LopatinDmitr marked this pull request as ready for review June 11, 2026 09:06
@LopatinDmitr LopatinDmitr force-pushed the fix/vm/cond-conf-applyied-and-restart branch 2 times, most recently from 4353a31 to 15ef072 Compare June 11, 2026 09:33
@LopatinDmitr LopatinDmitr changed the base branch from release-1.9 to main June 11, 2026 11:28
@LopatinDmitr LopatinDmitr changed the base branch from main to release-1.8 June 11, 2026 11:28
@LopatinDmitr LopatinDmitr changed the base branch from release-1.8 to release-1.9 June 11, 2026 11:31
@LopatinDmitr LopatinDmitr force-pushed the fix/vm/cond-conf-applyied-and-restart branch 3 times, most recently from 89bed4f to 3dd0628 Compare June 14, 2026 13:37
@LopatinDmitr
fix(vm): skip template network sync for main-only VMs
5657109 
Do not run the network template synchronization path for virtual machines that only use the implicit Main network.

The network hotplug reconciliation introduced a networksOutOfSync path that materialized the implicit default pod network in the KubeVirt VM template for already running VMs. Older virt-controller versions can observe that [] -> [default] template diff during module rollout and mark the VM with RestartRequired, which DVP then exposes as AwaitingRestartToApplyConfiguration. The same path also caused a misleading ConfigurationApplied=False message about waiting for SDN even though there are no additional SDN-managed networks.

Skip the out-of-sync network reconciliation and readiness/update path for Main-only VMs. Additional networks still use the existing SDN readiness flow.

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr
docs(network): explain implicit default network drift guard
47f01c5 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr force-pushed the fix/vm/cond-conf-applyied-and-restart branch from 3dd0628 to 47f01c5 Compare June 15, 2026 07:19
@LopatinDmitr
++ fix condition message
d26cc19 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr
++ fix message in event
526d691 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr requested a review from loktev-d June 15, 2026 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@diafour diafour Awaiting requested review from diafour

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer

@nevermarine nevermarine Awaiting requested review from nevermarine

@fl64 fl64 Awaiting requested review from fl64

@prismagod prismagod Awaiting requested review from prismagod

@goganat goganat Awaiting requested review from goganat

@loktev-d loktev-d Awaiting requested review from loktev-d

At least 1 approving review is required to merge this pull request.

Assignees

@LopatinDmitr LopatinDmitr

Labels

None yet

Projects

None yet

Milestone

v1.9.1

Development

Successfully merging this pull request may close these issues.

1 participant

@LopatinDmitr