run e2e in kind

mhenriks · mhenriks · commit f729b5db3bbd · 2025-11-25T11:22:52.000-05:00
Signed-off-by: Michael Henriksen &lt;mhenriks@redhat.com&gt;
diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml
@@ -20,12 +20,35 @@ jobs:
       - name: Install system dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils
+          sudo apt-get install -y qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils podman
+
+      - name: Prepare environment for kubevirtci
+        run: |
+          # Create audit log directory required by kind-1.34 provider
+          sudo mkdir -p /var/log/audit
+
+          # Ensure Docker is preferred over podman for kind
+          # Podman runs rootless by default and can't access /dev/kvm properly
+          # Docker runs as root and can access /dev/kvm with default permissions
+          sudo systemctl restart docker
+
+          # Temporarily make podman unavailable for kind by renaming it
+          # (cluster-sync will restore it for building/pushing images)
+          sudo mv /usr/bin/podman /usr/bin/podman.bak || true
+
+          # Verify Docker is working
+          docker version
 
       - name: Set up kubevirtci
         run: |
           make cluster-up
 
+      - name: Restore podman for image building
+        run: |
+          # Restore podman for cluster-sync to use for building/pushing images
+          sudo mv /usr/bin/podman.bak /usr/bin/podman 2>/dev/null || \
+            echo "::warning::Podman not restored (may not have been backed up)"
+
       - name: Build and deploy webhook
         run: |
           make cluster-sync
@@ -37,7 +60,7 @@ jobs:
       - name: Collect logs on failure
         if: failure()
         run: |
-          export KUBECONFIG=$(pwd)/_kubevirtci/_ci-configs/k8s-1.30/.kubeconfig
+          export KUBECONFIG=$(pwd)/_kubevirtci/_ci-configs/kind-1.34/.kubeconfig
           kubectl get pods -n kubevirt-rbac-webhook-system
           kubectl logs -n kubevirt-rbac-webhook-system -l control-plane=controller-manager --tail=100 || true
           kubectl get events -n kubevirt-rbac-webhook-system --sort-by='.lastTimestamp' || true
diff --git a/KUBEVIRTCI.md b/KUBEVIRTCI.md
@@ -11,6 +11,16 @@ This project uses [kubevirtci](https://github.com/kubevirt/kubevirtci) for devel
 
 ## Quick Start
 
+### Prerequisites
+
+- **Docker** (recommended) or Podman for running containers
+  - Docker is preferred for running the cluster (runs as root, better /dev/kvm access)
+  - Podman can be used for building/pushing images
+- Git (for cloning kubevirtci)
+- Make
+
+**Note:** If using both Docker and Podman, the scripts automatically use Docker for cluster operations and Podman for image building. This is optimal for hardware virtualization support.
+
 ### 1. Start kubevirtci Cluster
 
 ```bash
@@ -19,7 +29,7 @@ make cluster-up
 
 This will:
 - Clone kubevirtci (if not already present in `_kubevirtci/`)
-- Start a Kubernetes cluster with KubeVirt pre-installed
+- Start a Kubernetes cluster (kind-1.34) with KubeVirt pre-installed
 - Export KUBECONFIG for the cluster
 
 ### 2. Build and Deploy Webhook
@@ -92,7 +102,7 @@ Configuration is managed in `hack/config.sh`:
 - `IMAGE_REGISTRY`: Container registry (default: `localhost:5000`)
 - `IMAGE_NAME`: Image name (default: `kubevirt-rbac-webhook`)
 - `IMAGE_TAG`: Image tag (default: `devel`)
-- `KUBEVIRT_PROVIDER`: Kubernetes version (default: `k8s-1.34`)
+- `KUBEVIRT_PROVIDER`: Kubernetes version (default: `kind-1.34`)
 - `KUBEVIRTCI_VERSION`: kubevirtci version/tag (default: `2510141807-f21813f1`)
 
 ## Manual kubectl Access
@@ -114,7 +124,7 @@ _kubevirtci/cluster-up/kubectl.sh get pods -n kubevirt
 ### Alternative: Use kubectl directly with KUBECONFIG
 
 ```bash
-export KUBECONFIG=$(pwd)/_kubevirtci/_ci-configs/k8s-1.34/.kubeconfig
+export KUBECONFIG=$(pwd)/_kubevirtci/_ci-configs/kind-1.34/.kubeconfig
 kubectl get nodes
 kubectl get vms -A
 ```
@@ -228,4 +238,3 @@ The test suite supports these environment variables:
 
 - [kubevirtci GitHub](https://github.com/kubevirt/kubevirtci)
 - [KubeVirt Documentation](https://kubevirt.io/user-guide/)
-- [virt-template (reference implementation)](https://github.com/kubevirt/virt-template)
diff --git a/hack/cluster-down.sh b/hack/cluster-down.sh
@@ -4,10 +4,14 @@ set -e
 
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 source "${SCRIPT_DIR}/common.sh"
+source "${SCRIPT_DIR}/config.sh"
 
 main() {
     log_info "Stopping kubevirtci cluster..."
+
+    # Run kubevirtci's cluster-down
     kubevirtci::down
+
     log_info "Cluster stopped successfully"
 }
 
diff --git a/hack/cluster-sync.sh b/hack/cluster-sync.sh
@@ -18,18 +18,53 @@ main() {
 
     export KUBECONFIG=$(kubevirtci::kubeconfig)
 
-    # Get the registry port from kubevirtci
-    REGISTRY_PORT=$("${KUBEVIRTCI_ROOT}/cluster-up/cli.sh" ports registry)
-    REGISTRY_ADDR="localhost:${REGISTRY_PORT}"
-    log_info "Cluster registry: ${REGISTRY_ADDR}"
-
-    # Build and push the webhook image to kubevirtci registry
-    # Use podman with --tls-verify=false for HTTP registry (following virt-template pattern)
-    log_info "Building and pushing webhook image..."
-    (cd "${PROJECT_ROOT}" && \
-        make docker-build CONTAINER_TOOL=podman IMG="${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel" && \
-        podman push --tls-verify=false "${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel"
-    )
+    # Build and push image to cluster registry
+    # For kind providers, registry is on localhost:5000; for k8s-* providers, use cli.sh
+    if [[ "${KUBEVIRT_PROVIDER}" == kind-* ]]; then
+        log_info "Kind provider detected, using kubevirtci registry"
+
+        # For kind providers, kubevirtci creates a registry on localhost:5000
+        REGISTRY_ADDR="localhost:5000"
+        log_info "Cluster registry: ${REGISTRY_ADDR}"
+
+        # Build and push the webhook image to kubevirtci registry
+        # Prefer podman (has --tls-verify flag), fallback to docker
+        if command -v podman &> /dev/null; then
+            log_info "Building and pushing webhook image with podman..."
+            (cd "${PROJECT_ROOT}" && \
+                make docker-build CONTAINER_TOOL=podman IMG="${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel" && \
+                podman push --tls-verify=false "${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel"
+            )
+        else
+            log_info "Building and pushing webhook image with docker..."
+            # Docker requires insecure registry to be configured, but localhost:5000 is usually allowed by default
+            (cd "${PROJECT_ROOT}" && \
+                make docker-build CONTAINER_TOOL=docker IMG="${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel" && \
+                docker push "${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel"
+            )
+        fi
+
+        # Deploy using in-cluster registry name
+        DEPLOY_IMAGE="registry:5000/kubevirt-rbac-webhook:devel"
+    else
+        log_info "Using kubevirtci registry for k8s-* provider"
+
+        # Get the registry port from kubevirtci
+        REGISTRY_PORT=$("${KUBEVIRTCI_ROOT}/cluster-up/cli.sh" ports registry)
+        REGISTRY_ADDR="localhost:${REGISTRY_PORT}"
+        log_info "Cluster registry: ${REGISTRY_ADDR}"
+
+        # Build and push the webhook image to kubevirtci registry
+        # Use podman with --tls-verify=false for HTTP registry
+        log_info "Building and pushing webhook image..."
+        (cd "${PROJECT_ROOT}" && \
+            make docker-build CONTAINER_TOOL=podman IMG="${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel" && \
+            podman push --tls-verify=false "${REGISTRY_ADDR}/kubevirt-rbac-webhook:devel"
+        )
+
+        # Deploy using in-cluster registry name
+        DEPLOY_IMAGE="registry:5000/kubevirt-rbac-webhook:devel"
+    fi
 
     # Check and install cert-manager if needed
     if ! kubevirtci::kubectl get crd certificates.cert-manager.io &>/dev/null; then
@@ -39,13 +74,13 @@ main() {
         log_info "cert-manager installed successfully"
     fi
 
-    # Undeploy old version (following virt-template pattern for clean reinstall)
+    # Undeploy old version for clean reinstall
     log_info "Cleaning up previous deployment..."
     (cd "${PROJECT_ROOT}" && make undeploy || true)
 
-    # Deploy the webhook (using in-cluster registry name)
+    # Deploy the webhook
     log_info "Deploying webhook to cluster..."
-    (cd "${PROJECT_ROOT}" && make deploy IMG="registry:5000/kubevirt-rbac-webhook:devel")
+    (cd "${PROJECT_ROOT}" && make deploy IMG="${DEPLOY_IMAGE}")
 
     # Wait for webhook to be ready
     log_info "Waiting for webhook deployment to be ready..."
diff --git a/hack/cluster-up.sh b/hack/cluster-up.sh
@@ -14,7 +14,7 @@ main() {
 
     # Change to kubevirtci directory and start cluster
     log_info "Starting kubevirtci cluster..."
-    export KUBEVIRT_PROVIDER=${KUBEVIRT_PROVIDER:-k8s-1.34}
+    export KUBEVIRT_PROVIDER=${KUBEVIRT_PROVIDER:-kind-1.34}
     export KUBEVIRTCI_PATH="${KUBEVIRTCI_ROOT}/cluster-up/"
     export KUBEVIRTCI_CLUSTER_PATH="${KUBEVIRTCI_ROOT}/cluster-up/cluster"
     log_info "Using provider: ${KUBEVIRT_PROVIDER}"
@@ -28,10 +28,41 @@ main() {
 
     # Wait for cluster to be ready
     log_info "Waiting for cluster to be ready (this may take a few minutes)..."
-    kubevirtci::kubectl wait --for=condition=Ready nodes --all --timeout=10m || {
+    if ! kubevirtci::kubectl wait --for=condition=Ready nodes --all --timeout=10m; then
         log_error "Cluster nodes did not become ready"
+        log_error "Collecting cluster diagnostic information..."
+
+        echo "====== Cluster Info ======"
+        kubevirtci::kubectl cluster-info || true
+
+        echo "====== Node Status ======"
+        kubevirtci::kubectl get nodes -o wide || true
+        kubevirtci::kubectl describe nodes || true
+
+        echo "====== System Pods ======"
+        kubevirtci::kubectl get pods -A || true
+
         exit 1
-    }
+    fi
+
+    # Check if nested virtualization is available
+    log_info "Checking virtualization support..."
+    if [ -e /dev/kvm ]; then
+        if [ -r /dev/kvm ] && [ -w /dev/kvm ]; then
+            log_info "✓ /dev/kvm is accessible"
+            log_info "   KubeVirt will use hardware acceleration (fast)"
+        else
+            log_warn "⚠ /dev/kvm exists but not accessible"
+            log_warn "   Software emulation will be used (slower)"
+            log_warn "   For Docker: Should work as-is (runs as root)"
+            log_warn "   For rootless podman: Consider using Docker instead"
+        fi
+    else
+        log_warn "⚠ /dev/kvm NOT available"
+        log_warn "   Software emulation will be automatically enabled (VERY SLOW)"
+        log_warn "   For CI: This is expected and acceptable for basic testing"
+        log_warn "   For local dev: Enable virtualization in BIOS and kernel modules"
+    fi
 
     # Install KubeVirt if not present
     log_info "Checking for KubeVirt installation..."
@@ -45,15 +76,82 @@ main() {
         # Install KubeVirt operator
         kubevirtci::kubectl create -f "https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-operator.yaml"
 
+        # Wait for operator to be ready
+        log_info "Waiting for KubeVirt operator to be ready..."
+        kubevirtci::kubectl wait --for=condition=Available -n kubevirt deployment/virt-operator --timeout=5m
+
         # Install KubeVirt CR
         kubevirtci::kubectl create -f "https://github.com/kubevirt/kubevirt/releases/download/${KUBEVIRT_VERSION}/kubevirt-cr.yaml"
 
+        # Enable software emulation if /dev/kvm is not available or not accessible
+        NEED_EMULATION=false
+        if [ ! -e /dev/kvm ]; then
+            log_warn "/dev/kvm does not exist - emulation required"
+            NEED_EMULATION=true
+        elif [ ! -r /dev/kvm ] || [ ! -w /dev/kvm ]; then
+            log_warn "/dev/kvm exists but is not accessible - emulation may be required"
+            NEED_EMULATION=true
+        fi
+
+        if [ "$NEED_EMULATION" = true ]; then
+            log_warn "Enabling software emulation in KubeVirt"
+            log_warn "This will make VMs run VERY slowly - only suitable for basic testing"
+
+            # Patch the KubeVirt CR to enable software emulation
+            kubevirtci::kubectl patch kubevirt kubevirt -n kubevirt --type=merge -p '{"spec":{"configuration":{"developerConfiguration":{"useEmulation":true}}}}'
+        else
+            log_info "Hardware acceleration available - KubeVirt will use /dev/kvm"
+        fi
+
         # Wait for KubeVirt to be ready
         log_info "Waiting for KubeVirt to be ready (this may take several minutes)..."
-        kubevirtci::kubectl wait --for=condition=Available -n kubevirt kv/kubevirt --timeout=10m || {
-            log_error "KubeVirt deployment failed"
+        if ! kubevirtci::kubectl wait --for=condition=Available -n kubevirt kv/kubevirt --timeout=10m; then
+            log_error "KubeVirt deployment timed out or failed"
+            log_error "Collecting diagnostic information..."
+
+            echo "====== KubeVirt Resource Status ======"
+            kubevirtci::kubectl get kv -n kubevirt -o yaml || true
+
+            echo "====== KubeVirt Pods Status ======"
+            kubevirtci::kubectl get pods -n kubevirt -o wide || true
+
+            echo "====== KubeVirt Pods with Restart Counts ======"
+            kubevirtci::kubectl get pods -n kubevirt -o custom-columns=NAME:.metadata.name,STATUS:.status.phase,RESTARTS:.status.containerStatuses[*].restartCount,READY:.status.containerStatuses[*].ready || true
+
+            echo "====== KubeVirt DaemonSets (virt-handler) ======"
+            kubevirtci::kubectl get daemonsets -n kubevirt -o wide || true
+            kubevirtci::kubectl describe daemonsets -n kubevirt virt-handler || true
+
+            echo "====== KubeVirt Events ======"
+            kubevirtci::kubectl get events -n kubevirt --sort-by='.lastTimestamp' || true
+
+            echo "====== KubeVirt Operator Logs ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-operator --tail=100 || true
+            echo "====== KubeVirt Operator Previous Logs (if crash-looping) ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-operator --previous --tail=50 2>/dev/null || echo "No previous operator logs"
+
+            echo "====== KubeVirt API Logs ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-api --tail=50 || true
+            echo "====== KubeVirt API Previous Logs (if crash-looping) ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-api --previous --tail=50 2>/dev/null || echo "No previous API logs"
+
+            echo "====== KubeVirt Controller Logs ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-controller --tail=50 || true
+            echo "====== KubeVirt Controller Previous Logs (if crash-looping) ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-controller --previous --tail=50 2>/dev/null || echo "No previous controller logs"
+
+            echo "====== KubeVirt Handler Logs (DaemonSet - runs on nodes) ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-handler --tail=100 --all-containers=true || true
+
+            echo "====== KubeVirt Handler Previous Logs (if crash-looping) ======"
+            kubevirtci::kubectl logs -n kubevirt -l kubevirt.io=virt-handler --previous --tail=100 --all-containers=true 2>/dev/null || echo "No previous logs available (pods may not have restarted yet)"
+
+            echo "====== Node Status ======"
+            kubevirtci::kubectl get nodes -o wide || true
+            kubevirtci::kubectl describe nodes || true
+
             exit 1
-        }
+        fi
 
         log_info "KubeVirt installed successfully"
     else
@@ -72,6 +170,14 @@ main() {
 
     if ! kubevirtci::kubectl get crd virtualmachines.kubevirt.io &>/dev/null; then
         log_error "KubeVirt CRDs not found after installation!"
+        log_error "Collecting CRD diagnostic information..."
+
+        echo "====== All CRDs ======"
+        kubevirtci::kubectl get crds | grep -i kubevirt || true
+
+        echo "====== KubeVirt Namespace Status ======"
+        kubevirtci::kubectl get all -n kubevirt || true
+
         exit 1
     fi
 
diff --git a/hack/common.sh b/hack/common.sh
@@ -1,7 +1,6 @@
 #!/usr/bin/env bash
 
 # kubevirtci integration utilities
-# Based on patterns from kubevirt/virt-template
 
 set -e
 
@@ -48,7 +47,7 @@ kubevirtci::up() {
     kubevirtci::install
 
     # Set the provider
-    export KUBEVIRT_PROVIDER=${KUBEVIRT_PROVIDER:-k8s-1.30}
+    export KUBEVIRT_PROVIDER=${KUBEVIRT_PROVIDER:-kind-1.34}
 
     # Run cluster-up from kubevirtci root directory
     (cd "${KUBEVIRTCI_ROOT}" && make cluster-up)
@@ -69,7 +68,7 @@ kubevirtci::down() {
 }
 
 kubevirtci::kubeconfig() {
-    local provider=${KUBEVIRT_PROVIDER:-k8s-1.34}
+    local provider=${KUBEVIRT_PROVIDER:-kind-1.34}
     echo "${KUBEVIRTCI_ROOT}/_ci-configs/${provider}/.kubeconfig"
 }
 
@@ -82,10 +81,18 @@ kubevirtci::ssh() {
     "${KUBEVIRTCI_ROOT}/cluster-up/ssh.sh" "$@"
 }
 
-# Get the dynamic cluster registry port
+# Get the cluster registry address
 kubevirtci::registry() {
-    local port=$("${KUBEVIRTCI_ROOT}/cluster-up/cli.sh" ports registry)
-    echo "localhost:${port}"
+    local provider=${KUBEVIRT_PROVIDER:-kind-1.34}
+
+    # For kind providers, kubevirtci creates a registry on localhost:5000
+    if [[ "${provider}" == kind-* ]]; then
+        echo "localhost:5000"
+    else
+        # For k8s-* providers, use cli.sh to get dynamic port
+        local port=$("${KUBEVIRTCI_ROOT}/cluster-up/cli.sh" ports registry)
+        echo "localhost:${port}"
+    fi
 }
 
 # Check if cluster is running
diff --git a/hack/config.sh b/hack/config.sh
