Skip to content

fix(vm): skip template network sync for main-only VMs#2484

Open
LopatinDmitr wants to merge 4 commits into
mainfrom
fix/vm/cond-conf-applyied-and-restart-main
Open

fix(vm): skip template network sync for main-only VMs#2484
LopatinDmitr wants to merge 4 commits into
mainfrom
fix/vm/cond-conf-applyied-and-restart-main

Conversation

@LopatinDmitr

@LopatinDmitr LopatinDmitr commented Jun 13, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Skip the network template synchronization path for VirtualMachines that only use the implicit Main network.

The network hotplug reconciliation can detect a mismatch between the desired implicit default network and an existing KubeVirt VM template that does not explicitly contain spec.template.spec.domain.devices.interfaces / spec.template.spec.networks. For Main-only VMs this mismatch must not be reconciled into a running KubeVirt VM template, because materializing the implicit default network as an explicit template field creates a non-live-updatable diff for KubeVirt.

Why do we need it, and what problem does it solve?

After the network hotplug changes, SyncKvvmHandler can enter the networksOutOfSync -> applyNetworkReadinessSync -> updateKVVM path for a Main-only VM.

For such VMs, the running VMI already has the default pod network via KubeVirt defaulting, but the KubeVirt VM template may not explicitly contain it. Updating the template while the VM is running changes:

spec.template.spec.domain.devices.interfaces:
- name: default
  bridge: {}
  model: virtio
  acpiIndex: 1

spec.template.spec.networks:
- name: default
  pod: {}

Older virt-controller versions can see this [] -> [default] template diff during module rollout and set KubeVirt RestartRequired=True with a non-live-updatable field was changed in the template spec. DVP then exposes it as AwaitingRestartToApplyConfiguration=True with UnexpectedState.

The same path can also produce a misleading ConfigurationApplied=False message about waiting for SDN, even though Main-only VMs do not have additional SDN-managed interfaces to wait for.

This fix skips the out-of-sync network reconciliation and readiness/update path for Main-only VMs. VMs with additional networks still use the existing SDN readiness and hotplug flow.

What is the expected result?

  1. Create a VM without explicit spec.networks or with only the Main network.
  2. Roll out the virtualization module version that contains network hotplug changes.
  3. Verify that the VM does not get:
    • ConfigurationApplied=False with Waiting for SDN to configure network interfaces on the pod.
    • AwaitingRestartToApplyConfiguration=True caused by materializing the implicit default network in the KubeVirt VM template.
  4. Verify that VMs with additional networks still reconcile through the SDN readiness path.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: vm
type: fix
summary: Prevent Main-only virtual machines from requiring restart due to implicit default network template synchronization.

@LopatinDmitr LopatinDmitr changed the title fix(network): skip template network sync for main-only VMs fix(vm): skip template network sync for main-only VMs Jun 13, 2026
@LopatinDmitr LopatinDmitr added this to the v1.10.0 milestone Jun 13, 2026
@LopatinDmitr LopatinDmitr marked this pull request as ready for review June 13, 2026 09:37
@LopatinDmitr
fix(network): skip template network sync for main-only VMs
bc588e3 
Do not run the network template synchronization path for virtual machines that only use the implicit Main network.

The network hotplug reconciliation introduced a networksOutOfSync path that materialized the implicit default pod network in the KubeVirt VM template for already running VMs. Older virt-controller versions can observe that [] -> [default] template diff during module rollout and mark the VM with RestartRequired, which DVP then exposes as AwaitingRestartToApplyConfiguration. The same path also caused a misleading ConfigurationApplied=False message about waiting for SDN even though there are no additional SDN-managed networks.

Skip the out-of-sync network reconciliation and readiness/update path for Main-only VMs. Additional networks still use the existing SDN readiness flow.

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr
docs(network): explain implicit default network drift guard
f66a2bf 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr force-pushed the fix/vm/cond-conf-applyied-and-restart-main branch from ee89bbf to f66a2bf Compare June 15, 2026 07:12
@LopatinDmitr
++ fix condition message
28ebd1b 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr
++ fix message in event
a03e915 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr requested a review from loktev-d June 15, 2026 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@loktev-d loktev-d Awaiting requested review from loktev-d

At least 1 approving review is required to merge this pull request.

Assignees

@LopatinDmitr LopatinDmitr

Labels

None yet

Projects

None yet

Milestone

v1.10.0

Development

Successfully merging this pull request may close these issues.

1 participant

@LopatinDmitr