Uploaded image for project: 'OpenShift Virtualization'
  1. OpenShift Virtualization
  2. CNV-31980

Add NoCloud propagation method support to access credentials API

XMLWordPrintable

    • access-credentials-no-cloud
    • Green
    • To Do
    • 0% To Do, 0% In Progress, 100% Done
    • dev-ready, qe-ready
    • Hide

      2024-01-08: QE work pending, add one test case in polarion for https://github.com/deckhouse/3p-kubevirt/blob/6c2262274c5a5e659c1dcb5fe7e77304ab95099c/tests/credentials_test.go#L350 and check d/s for changes ....

      Show
      2024-01-08: QE work pending, add one test case in polarion for https://github.com/deckhouse/3p-kubevirt/blob/6c2262274c5a5e659c1dcb5fe7e77304ab95099c/tests/credentials_test.go#L350 and check d/s for changes ....

      Goal

      The access credentials API [1] allows to inject SSH public keys into virtual machines.
      At the moment the supported propagation methods for this are cloud-init config drives and the QEMU guest agent. [2]

      It would be useful to add support for cloud-init NoCloud data sources to the access credentials API. This would allow the use of the more versatile and vendor neutral NoCloud data source, instead of being limited to the OpenStack orientated config drive.

      The config drive propagation method is using the OpenStack metadata format to inject SSH public keys. This format allows to set only a limited amount of parameters. [3,4]

      The NoCloud data source allows to supply SSH public keys as metadata too.
      However the NoCloud data source is more versatile and also allows to supply any option supported by the regular user data formats as vendor data provided by the hypervisor. [5]

      While as a first step this would allow to inject SSH public keys with NoCloud data sources too, this could allow to inject even more settings provided by the hypervisor (e.g. activation credentials) in the future.

      [1] https://kubevirt.io/api-reference/v1.0.0/definitions.html#_v1_accesscredential
      [2] https://kubevirt.io/api-reference/v1.0.0/definitions.html#_v1_sshpublickeyaccesscredentialpropagationmethod
      [3] https://cloudinit.readthedocs.io/en/latest/reference/datasources/configdrive.html
      [4] https://docs.openstack.org/nova/latest/user/metadata.html#openstack-format-metadata
      [5] https://cloudinit.readthedocs.io/en/latest/reference/datasources/nocloud.html

      User Stories

      • As a VM Owner, I want to inject SSH public keys into my VM with cloud-init using NoCloud datasources, so that I am able to use modern network formats in cloud-init too.

      Non-Requirements

      • Vendor-data support does not need to be added in this epic. Metadata is sufficient.

      Notes

      • See the upstream issue for a further explanation
      • This is motivated by the UI having to use older network formats because the access credentials API mandates the use of ConfigDrives as cloud-init datasource.
      • UI and docs should use only nocloud, but not configdrive anymorem we should check the epic

        There are no Sub-Tasks for this issue.

            fmatousc@redhat.com Felix Matouschek
            unassigned_jira unassigned
            Geetika Kapoor Geetika Kapoor
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: