Skip to content

feat(module): add migration disable tls annotation support#2198

Merged
danilrwx merged 2 commits into
mainfrom
feat/module/tls-annotations
Apr 10, 2026
Merged

feat(module): add migration disable tls annotation support#2198
danilrwx merged 2 commits into
mainfrom
feat/module/tls-annotations

Conversation

@danilrwx
Copy link
Copy Markdown
Contributor

@danilrwx danilrwx commented Apr 9, 2026
edited
Loading

Description

Add support for enabling and disabling KubeVirt live migration TLS via a temporary annotation on ModuleConfig/virtualization.

The change introduces parsing of the virtualization.deckhouse.io/disable-tls annotation in the module hook, stores the effective value in internal module values, passes it to the rendered KubeVirt migration configuration, and propagates it to the migration configuration injected into KVVMI status.

Why do we need it, and what problem does it solve?

KubeVirt already supports live migration TLS control through DisableTLS, but the virtualization module had no way to toggle it.

For now we do not want to add a public field to ModuleConfig.spec, so the setting is exposed through a temporary annotation on ModuleConfig/virtualization. This allows turning migration TLS on and off without introducing the final API shape prematurely.

What is the expected result?

  1. Add annotation virtualization.deckhouse.io/disable-tls: "true" to ModuleConfig/virtualization.
  2. Ensure the rendered KubeVirt migration configuration contains disableTLS: true.
  3. Start a VM live migration and verify the resulting KVVMI migration configuration reflects DisableTLS=true.
  4. Change the annotation to "false" or remove it and verify the default behavior is restored.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: module
type: feature
summary: Add temporary ModuleConfig annotation to control KubeVirt live migration DisableTLS setting.
impact_level: low

@danilrwx
feat(module): add migration disable tls annotation support
af59bbc 
Signed-off-by: Daniil Antoshin <daniil.antoshin@flant.com>
@danilrwx danilrwx marked this pull request as ready for review April 9, 2026 11:06
@danilrwx danilrwx added this to the v1.8.0 milestone Apr 9, 2026
@danilrwx
fix(core): restore staticcheck nolint in vm class handler
c654feb 
Signed-off-by: Daniil Antoshin <daniil.antoshin@flant.com>
@danilrwx danilrwx requested a review from LopatinDmitr April 9, 2026 15:05
@danilrwx danilrwx merged commit a98ea43 into main Apr 10, 2026
26 of 28 checks passed
@danilrwx danilrwx deleted the feat/module/tls-annotations branch April 10, 2026 09:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LopatinDmitr LopatinDmitr LopatinDmitr approved these changes

@yaroslavborbat yaroslavborbat Awaiting requested review from yaroslavborbat yaroslavborbat is a code owner

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

@fl64 fl64 Awaiting requested review from fl64 fl64 is a code owner

@prismagod prismagod Awaiting requested review from prismagod prismagod is a code owner

@goganat goganat Awaiting requested review from goganat goganat is a code owner

Assignees

@danilrwx danilrwx

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@danilrwx @LopatinDmitr