|
2 | 2 |
|
3 | 3 | ## Meaning |
4 | 4 |
|
5 | | -When running on a heterogeneous cluster, a cluster with nodes of different |
6 | | -architectures, the DataImportCronTemplates (DICTs; also known as golden |
7 | | -images), in the hyperconverged cluster operator (HCO) should be annotated with |
8 | | -the `ssp.kubevirt.io/dict.architectures` annotation, where the value is the |
9 | | -list of the architectures supported by the image, that is defined in each DICT. |
| 5 | +When running on a heterogeneous cluster, the DataImportCronTemplate objects |
| 6 | +(DICTs; also known as golden images) in the hyperconverged cluster operator |
| 7 | +(HCO) must be annotated with the `ssp.kubevirt.io/dict.architectures` |
| 8 | +annotation, where the value is the list of the architectures supported by the |
| 9 | +image that is defined in each DICT. |
10 | 10 |
|
11 | | -For pre-defined DICTs, this annotation is already set, but for custom DICTs |
12 | | -(user defined DICTs), this annotation must be set by the user in the |
13 | | -HyperConverged custom resource (CR). |
| 11 | +For pre-defined DICTs, this annotation is already set. For custom DICTs |
| 12 | +(user-defined DICTs), this annotation must be set by the user in the |
| 13 | +`HyperConverged` custom resource (CR). |
14 | 14 |
|
15 | 15 | For each DICT, if the `ssp.kubevirt.io/dict.architectures` annotation is |
16 | | -missing, Then HCO will trigger the `HCOGoldenImageWithNoArchitectureAnnotation` |
| 16 | +missing, HCO triggers the `HCOGoldenImageWithNoArchitectureAnnotation` |
17 | 17 | alert for this specific DICT. |
18 | 18 |
|
19 | | -> **Note:** This alert is only triggered, if the `enableMultiArchBootImageImport` |
20 | | -> feature gate is enabled in the HyperConverged CR. |
| 19 | +> **Note:** This alert only triggers if the `enableMultiArchBootImageImport` |
| 20 | +> feature gate is enabled in the `HyperConverged` CR. |
21 | 21 |
|
22 | 22 | ## Impact |
23 | 23 |
|
24 | | -When this alert is triggered, it means that the golden image created for this |
25 | | -DICT, is with undefined architecture. There is a risk that when this image |
26 | | -will be used as a boot image for a virtual machine, and the virtual machine |
27 | | -will be scheduled on a node with a CPU architecture different than the image |
28 | | -architecture,the virtual machine will fail to start. |
| 24 | +This alert triggers when the golden image created for this DICT does not have a |
| 25 | +defined architecture. If this image is used as a boot image for a virtual |
| 26 | +machine (VM), and the VM will is scheduled on a node with a CPU architecture |
| 27 | +different than the image architecture, the VM fails to start. |
29 | 28 |
|
30 | 29 | ## Diagnosis |
31 | 30 |
|
32 | | -Read the HyperConverged CR: |
| 31 | +1. Read the `HyperConverged` CR: |
33 | 32 |
|
34 | 33 | ```bash |
35 | | - # Get the namespace of the HyperConverged CR |
36 | | -$ NAMESPACE="$(kubectl get hyperconverged -A --no-headers | awk '{print $1}')" |
37 | | - |
38 | | -#Read the HyperConverged CR |
39 | | -$ kubectl get hyperconverged -n "${NAMESPACE}" -o yaml |
| 34 | + # Get the namespace of the HyperConverged CR |
| 35 | + $ NAMESPACE="$(oc get hyperconverged -A --no-headers | awk '{print $1}')" |
| 36 | + |
| 37 | + # Read the HyperConverged CR |
| 38 | + $ oc get hyperconverged -n "${NAMESPACE}" -o yaml |
40 | 39 | ``` |
41 | 40 |
|
42 | | -Go over the output of the command. If there are DICT objects under the |
43 | | -`spec.dataImportCronTemplates` field in the HyperConverged CR, then for each |
44 | | -one of them, check if the `ssp.kubevirt.io/dict.architectures` annotation is |
45 | | -set. If the annotation is not set, then this alert is triggered. |
| 41 | +2. If this command lists any DICT objects under the |
| 42 | +`spec.dataImportCronTemplates` field in the `HyperConverged` CR, check whether |
| 43 | +the `ssp.kubevirt.io/dict.architectures` annotation is set for each of them. If |
| 44 | +the annotation is not set, then this alert is triggered. |
46 | 45 |
|
47 | 46 | Below is an example for a HyperConverged CR with a valid DICT with the |
48 | | -`ssp.kubevirt.io/dict.architectures` annotation set: |
49 | | -```yaml |
50 | | -apiVersion: hco.kubevirt.io/v1beta1 |
51 | | -kind: HyperConverged |
52 | | -... |
53 | | -spec: |
| 47 | + `ssp.kubevirt.io/dict.architectures` annotation set: |
| 48 | + ```yaml |
| 49 | + apiVersion: hco.kubevirt.io/v1beta1 |
| 50 | + kind: HyperConverged |
| 51 | + ... |
| 52 | + spec: |
54 | 53 | ... |
55 | | - dataImportCronTemplates: |
56 | | - - metadata: |
57 | | - annotations: |
| 54 | + dataImportCronTemplates: |
| 55 | + - metadata: |
| 56 | + annotations: |
| 57 | + ... |
| 58 | + ssp.kubevirt.io/dict.architectures: amd64 |
| 59 | + name: the-name-of-the-dict |
| 60 | + spec: |
58 | 61 | ... |
59 | | - ssp.kubevirt.io/dict.architectures: amd64 |
60 | | - name: the-name-of-the-dict |
61 | | - spec: |
62 | | - ... |
63 | 62 | ``` |
64 | 63 |
|
65 | | -The `status.nodeInfo.workloadsArchitectures` shows the list of architectures |
66 | | -that are supported by the cluster. |
| 64 | +The `status.nodeInfo.workloadsArchitectures` field in the `HyperConverged` CR |
| 65 | +shows the list of architectures that are supported by the cluster. |
67 | 66 |
|
68 | | -User-defined DICTs are defined in the HyperConverged CR, in the |
| 67 | +User-defined DICTs are defined in the `HyperConverged` CR, in the |
69 | 68 | `spec.dataImportCronTemplates` field. |
70 | 69 |
|
71 | 70 | ## Mitigation |
72 | | -First, check what architectures are supported by the image. You can use the |
73 | | -following command: |
| 71 | + |
| 72 | +1. Check what architectures are supported by the image: |
74 | 73 |
|
75 | 74 | ```bash |
76 | 75 | $ podman manifest inspect your-registry/your-image:latest |
77 | 76 | ``` |
78 | 77 |
|
79 | | -See here for |
80 | | -the [podman manifest inspect documentation](https://docs.podman.io/en/latest/markdown/podman-manifest-inspect.1.html). |
| 78 | +For details, see the |
| 79 | +[podman manifest inspect documentation](https://docs.podman.io/en/latest/markdown/podman-manifest-inspect.1.html). |
81 | 80 |
|
82 | | -If the image is multi architecture manifest (fat manifest), it will include the |
| 81 | +If the image is a multi-architecture manifest ("fat manifest"), it includes the |
83 | 82 | `manifests` field, which is a list of architectures supported by the image. If |
84 | | -the image is not a multi architecture manifest, you will need to find out what |
| 83 | +the image is not a multi-architecture manifest, you need to find out what |
85 | 84 | is its architecture. |
86 | 85 |
|
87 | | -Then, edit the HyperConverged CR, to add the missing `ssp.kubevirt.io/dict.architectures` |
88 | | -annotation. |
| 86 | +2. Edit the `HyperConverged` CR to add the missing |
| 87 | +`ssp.kubevirt.io/dict.architectures` annotation. |
89 | 88 |
|
90 | | -The format of the annotation is a comma-separated list of architectures; |
91 | | -e.g., `amd64,arm64,s390x`. |
| 89 | +The format of the annotation is a comma-separated list of architectures, |
| 90 | +for example: `amd64,arm64,s390x`. |
92 | 91 |
|
93 | | -If the image does not support any of the architectures supported by the |
94 | | -cluster, you will need to either rebuild the image for one or more of |
95 | | -the architectures supported by the cluster, or remove the DICT from the |
96 | | -HyperConverged CR. |
| 92 | +3. If the image does not support any of the architectures supported by the |
| 93 | +cluster, rebuild the image for one or more of the architectures supported |
| 94 | +by the cluster, or remove the DICT from the `HyperConverged` CR. |
97 | 95 |
|
98 | | -Find some more information about building multi-architecture images, see the |
| 96 | +For more information about building multi-architecture images, see the |
99 | 97 | [podman documentation](https://docs.podman.io/en/latest/markdown/podman-manifest-create.1.html). |
100 | 98 |
|
101 | 99 | <!--DS: If you cannot resolve the issue, log in to the |
|
0 commit comments