Skip to content

feat(network): bind live migration to a dedicated SystemNetwork#2222

Draft
loktev-d wants to merge 15 commits into
mainfrom
feat/network/dedicated-migration-network
Draft

feat(network): bind live migration to a dedicated SystemNetwork#2222
loktev-d wants to merge 15 commits into
mainfrom
feat/network/dedicated-migration-network

Conversation

@loktev-d
Copy link
Copy Markdown
Contributor

@loktev-d loktev-d commented Apr 15, 2026
edited
Loading

Description

Adds:

  • liveMigration.systemNetworkName ModuleConfig field. When set, VM live-migration traffic is routed over the per-node interfaces of a SystemNetwork CR from the SDN instead of the default node network.
  • migrationiface controller resolves the per-node kernel interface name and writes it onto each Node as the annotation virtualization.deckhouse.io/migration-iface. virt-handler reads that annotation at startup and binds its migration proxy to the SystemNetwork's per-node IP.
  • ModuleConfig validator to check if SystemNetwork added to liveMigration.systemNetworkName exists.
  • New reason for VMOP if migration network is unavailable on nodes.

Why do we need it, and what problem does it solve?

Live-migration traffic competes with workload traffic on the default node network so we need to give ability to dedicate a separate VLAN to it.

What is the expected result?

Prerequisites: sdn module enabled with a configured SystemNetwork.

Steps:

  1. Create or identify a SystemNetwork providing IPs on every VM node
  2. Set the field on the virtualization ModuleConfig: 
    kubectl patch mc virtualization --type=merge \
  -p '{"spec":{"settings":{"liveMigration":{"systemNetworkName":"migration"}}}}'
  3. Wait for Node annotations virtualization.deckhouse.io/migration-iface
  4. Trigger a live migration of any VM
  5. Confirm: 
    kubectl get internalvirtualizationvirtualmachineinstance -n <ns> <vm> -o jsonpath='{.status.migrationState.targetNodeAddress}'
# Expect: an IP from the SystemNetwork pool, NOT the node's primary IP.

Negative paths:

  • liveMigration.systemNetworkName unset -> VMOP fails.
  • featuregates.SDN disabled -> controller does not register.
  • sdn CRDs missing -> unstructured watches log a one-line warning and the reconciler treats every Node as "no annotation needed".

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: network
type: feature
summary: bind live migration to a dedicated SystemNetwork

loktev-d added 2 commits April 9, 2026 16:58
@loktev-d
wip
3510cb0 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
wip
a0cf148 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
wip
71791dd 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d loktev-d marked this pull request as draft April 15, 2026 17:10
loktev-d and others added 10 commits April 15, 2026 21:49
@loktev-d
wip
636b32d 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
fix linter errors
8d8c85b 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
Merge branch 'main' into feat/network/dedicated-migration-network
820a034
@loktev-d
change 3p-kubevirt version
a5e2439 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
add nodenetworkinterfaces to rbac
562fb56 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
add cache for unstructured
202872f 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
add fromCacheVersion
78a0c7a 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
refactor, add validation for mc and vmop condition
b8674ad 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
Merge branch 'main' into feat/network/dedicated-migration-network
30dde0c 
Signed-off-by: Daniil Loktev <70405899+loktev-d@users.noreply.github.com>
@loktev-d
fix rbac
ef8b0f0 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d loktev-d added this to the v1.9.0 milestone May 14, 2026
loktev-d added 2 commits May 14, 2026 11:38
@loktev-d
add unit tests
7df370a 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
@loktev-d
add e2e test
5112adc 
Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@fl64 fl64 Awaiting requested review from fl64 fl64 is a code owner

@prismagod prismagod Awaiting requested review from prismagod prismagod is a code owner

@goganat goganat Awaiting requested review from goganat goganat is a code owner

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer will be requested when the pull request is marked ready for review universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine will be requested when the pull request is marked ready for review nevermarine is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@loktev-d loktev-d

Labels

None yet

Projects

None yet

Milestone

v1.9.0

Development

Successfully merging this pull request may close these issues.

1 participant

@loktev-d