Chore/remove cdi#2394
Draft
Isteb4k wants to merge 20 commits into
Draft
Conversation
# Conflicts: # build/components/versions.yml
…f config The `importPackageImages` template emits entries that belong to the `import:` section (they reference other images, not git sources). They were being appended directly after the `git:` block, producing config where each `- image:` / `before:` entry was parsed as an extra field of the git mount, causing werf to reject it with `unknown fields: image, before`. Co-authored-by: Cursor <[email protected]>
…ixture After the CDI-as-operator removal, the disk importer is provided by the standalone `virtual-disk-importer` image. Its camelCase name `virtualDiskImporter` is referenced from `templates/virtualization-controller/_helpers.tpl` via `helm_lib_module_image`, so the kubeconform fixture must define a digest for it. Without it, `helm template` fails with `Image virtualization.virtualDiskImporter has no digest`. Co-authored-by: Cursor <[email protected]>
…DI cleanup The CDI removal commit added a `replace` directive in images/virtualization-artifact/go.mod that pointed at a vendored copy of the upstream API package under images/cdi-artifact/containerized-data-importer/staging/..., but the follow-up cleanup removed that entire `staging/` tree. As a result `go mod download` (and every downstream `go build`/`go test`) failed with: open .../staging/.../containerized-data-importer-api/go.mod: no such file or directory. Drop the dangling local replace so we resolve kubevirt.io/containerized-data-importer-api v1.63.1 from the Go module proxy, and restore the `fmt` import in cmd/virtualization-controller that was accidentally dropped alongside the temporary debug print removed by the same commit (the file still uses fmt.Sprintf). Co-authored-by: Cursor <[email protected]>
The changes that removed CDI and refactored VirtualDisk data sources to
the step-based pattern left a number of issues that golangci-lint v2.11
catches. Fix them in one pass:
- Drop unused helpers in pkg/controller/vd/internal/source/sources.go
(setPhaseCondition*, getNodePlacement, retryPeriod,
setQuotaExceededPhaseCondition, isStorageClassWFFC, the unused
SupplementsCleaner / CleanUpSupplements / Cleaner). The step pattern
handles these cases internally now.
- Drop the unused DiskService.isImmediateBindingMode helper.
- Auto-fix the gci/gofumpt/QF1008 issues in service/errors.go,
storageprofile/storageprofile_controller.go, and the new VirtualDisk
source tests.
- Replace the deprecated reconcile.Result.Requeue with RequeueAfter in
Create{Importer,Uploader}Step, WaitForPVCImportStep, and the matching
*_test.go assertions.
- Simplify VirtualImage reconcilePVCImportFromDVCR (its bool-result was
always true) and inline the call sites in vi http/registry/upload.
- Cleanup gocritic findings in vd internal watchers (unlambda Pod
watcher map func, singleCaseSwitch -> if in PVC watcher).
- test/e2e: drop the dangling local replace of
containerized-data-importer-api (the staging tree was removed) so
typecheck succeeds, and lowercase a few error strings in observer
predicates flagged by ST1005.
Co-authored-by: Cursor <[email protected]>
…ub to drop CVEs Trivy reports five github.com/docker/docker CVEs against the cdi-importer binary (CVE-2026-34040, CVE-2026-33997, CVE-2026-41567, CVE-2026-42306, CVE-2026-41568). docker/docker is only pulled into CDI transitively via github.com/containers/image/v5/manifest, which uses exactly one symbol — github.com/docker/docker/api/types/versions — for manifest version comparison. Mirror the workaround already in place in deckhouse/3p-containerized-data-importer: keep a minimal staging/src/github.com/docker/docker stub that only provides api/types/versions and an empty registry package, and replace the upstream module with it. go mod tidy correspondingly prunes the otel/grpc/genproto/containerd transitive dependencies that were only brought in by the full docker/docker module. Co-authored-by: Cursor <[email protected]>
The mocks regenerated in the previous chat were produced with a different moq version that aliased k8s.io/api/storage/v1 as storagev1. moq v0.5.3 (pinned in Taskfile.init.yaml) leaves the import unaliased and uses *v1.StorageClass throughout, which is what the "check auto-generated files are up-to-date" CI step expects. Run `task controller:dev:gogenerate` and commit the resulting diff. Co-authored-by: Cursor <[email protected]>
Move the vendored CDI importer code from images/cdi-artifact/containerized-data-importer/ one level up to images/cdi-artifact/ to remove the redundant nested directory. The former unpack-bundle.sh and .gitignore tailored for the wrapper layout are no longer needed. Werf and mount-point paths are updated to point at the flattened tree. Co-authored-by: Cursor <[email protected]>
cdi-importer now emits kubevirt_cdi_import_progress_total covering
both internal phases: TransferScratch (download from DVCR to the
scratch PVC) maps to 0-49% and qemu-img Convert (scratch to target
PVC) maps to 50-100%.
The virtualization-controller picks up both registry_progress and
kubevirt_cdi_import_progress_total metrics and applies a per-source
scale when computing vd/vi progress:
- ObjectRef CVI/VI imports (cdi-importer is the sole pipeline)
surface raw 0-100%.
- HTTP, Registry and Upload imports (DVCR-fed) surface cdi-importer
progress as 50-100%, after the dvcr-importer/uploader phase has
already filled 0-50%.
WaitForPVCImportStep now requeues every 2 seconds while an import is
in progress so disk/image status reflects up-to-date percentages.
Co-authored-by: Cursor <[email protected]>
After the importer pod name was shortened to "d8v-<prefix>-importer-<uid>"
both the dvcr-importer Pod (started by importer_service.go for HTTP,
Registry and Upload sources) and the cdi-importer Pod (started by
disk_import_service.go to copy from DVCR to the target PVC) ended up
sharing the same name via sup.ImporterPod().
The collision caused EnsureSupplementPVCImport to fetch the already
Completed dvcr-importer Pod, treat it as the cdi-importer Pod, observe
phase Succeeded and call cleanupPVCImport on it. cleanupPVCImport
deletes the pod by name, but the dvcr-importer Pod still carries the
vi-/vd-protection finalizer, so it was stuck in Terminating and the
controller looped on "Waiting for supplements to be terminated".
Introduce a separate name template ("d8v-<prefix>-pvc-importer-<uid>")
and a new Generator.PVCImporterPod() helper. Switch the disk-import
service to use it so the two phases never share a Pod name.
Co-authored-by: Cursor <[email protected]>
DiskService.CleanUpSupplements built a bare target PVC (no annotations) and passed it to cleanupPVCImport. cleanupPVCImport read the pod name from target.Annotations[AnnPVCImportPod] and fell back to target.Name when the annotation was empty - i.e. it tried to delete a pod sharing the target PVC's name. The actual cdi-importer pod is named d8v-<prefix>-pvc-importer-<uid>, so the delete was a silent no-op and the pod survived VD cleanup. The orphan pod kept its volume mount on the target PVC, which prevented kubernetes.io/pvc-protection from finalising the PVC and in turn blocked the vd-cleanup finalizer, leaving deleted VirtualDisks stuck in Terminating forever. Thread the supplements.Generator through cleanupPVCImport and use sup.PVCImporterPod() as the fallback pod name so cleanup targets the correct pod whether or not the target PVC carries the AnnPVCImportPod annotation. Co-authored-by: Cursor <[email protected]>
…rvice.Protect
The OwnerReference and the {vd,vi}-protection finalizer that disk import PVCs
need to participate in the controller-driven cleanup must be present from the
moment the PVC is created. Previously the finalizer was added later via
DiskService.Protect, opening a window where a PVC could be deleted before the
controller had stamped its protection on it.
Move the finalizer next to the OwnerReference inside StartPVCImport,
StartSupplementPVCImport and makePVCCloneTarget so every disk import target PVC
carries them at creation. Drop DiskService.Protect entirely along with all of
its callers in the VD ready step and the VI source handlers (http, registry,
upload, object_ref*, sources). Regenerate the VD source mocks and update the
VD source unit tests so they stop wiring the now-removed ProtectFunc.
Co-authored-by: Cursor <[email protected]>
The dvcr-importer and uploader pods are already created with the resource-quota-overrides.deckhouse.io/ignore=true label so they don't get charged against namespace quotas. Apply the same label, at creation time, to the scratch PVC and the cdi-importer pod that DiskService spawns to populate target PVCs. Co-authored-by: Cursor <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Why do we need it, and what problem does it solve?
What is the expected result?
Checklist
Changelog entries