Validate kubevirt plugin

This PR introduces validation logic to ensure that the kubevirt-velero-plugin is properly enabled and configured in the Velero deployment. The plugin is essential for enabling backup and restore operations for KubeVirt-managed VirtualMachines (VMs), DataVolumes (DVs), PersistentVolumeClaims (PVCs), and associated resources.

Signed-off-by: pruthvitd <[email protected]>

Author: pruthvitd

internal/controller/drplacementcontrol_controller.go

@@ -1368,9 +1368,6 @@ func (r *DRPlacementControlReconciler) updateResourceCondition(
 		ProtectedPVCs:   extractProtectedPVCNames(vrg),
 	}
 
-	drpc.Status.ResourceConditions.Conditions = assignConditionsWithConflictCheck(
-		vrgs, vrg, VRGConditionTypeNoClusterDataConflict)
-
 	if vrg.Status.PVCGroups != nil {
 		drpc.Status.ResourceConditions.ResourceMeta.PVCGroups = vrg.Status.PVCGroups
 	}
@@ -1385,7 +1382,7 @@ func (r *DRPlacementControlReconciler) updateResourceCondition(
 		drpc.Status.LastKubeObjectProtectionTime = &vrg.Status.KubeObjectProtection.CaptureToRecoverFrom.EndTime
 	}
 
-	updateDRPCProtectedCondition(drpc, vrg, clusterName)
+	updateDRPCProtectedCondition(drpc, vrg, clusterName, vrgs)
 }
 
 // getVRG retrieves a VRG either from the provided map or fetches it from the managed cluster/S3 store.
@@ -1446,85 +1443,6 @@ func extractProtectedPVCNames(vrg *rmn.VolumeReplicationGroup) []string {
 	return protectedPVCs
 }
 
-// findConflictCondition selects the appropriate condition from VRGs based on the conflict type.
-func findConflictCondition(vrgs map[string]*rmn.VolumeReplicationGroup, conflictType string) *metav1.Condition {
-	var selectedCondition *metav1.Condition
-
-	for _, vrg := range vrgs {
-		condition := meta.FindStatusCondition(vrg.Status.Conditions, conflictType)
-		if condition != nil && condition.Status == metav1.ConditionFalse {
-			// Prioritize primary VRG's condition if available
-			if isVRGPrimary(vrg) {
-				return condition // Exit early if primary VRG condition is found
-			}
-
-			// Assign the first non-primary VRG's condition if no primary found yet
-			if selectedCondition == nil {
-				selectedCondition = condition
-			}
-		}
-	}
-
-	return selectedCondition
-}
-
-// assignConditionsWithConflictCheck assigns conditions from a given VRG while prioritizing conflict conditions.
-func assignConditionsWithConflictCheck(vrgs map[string]*rmn.VolumeReplicationGroup,
-	vrg *rmn.VolumeReplicationGroup, conflictType string,
-) []metav1.Condition {
-	conditions := &vrg.Status.Conditions
-	conflictCondition := findConflictCondition(vrgs, conflictType)
-
-	// Ensure the conflict condition is present in the conditions list
-	if conflictCondition != nil {
-		setConflictStatusCondition(conditions, *conflictCondition)
-	}
-
-	return *conditions
-}
-
-func setConflictStatusCondition(existingConditions *[]metav1.Condition,
-	newCondition metav1.Condition,
-) metav1.Condition {
-	if existingConditions == nil {
-		existingConditions = &[]metav1.Condition{}
-	}
-
-	existingCondition := rmnutil.FindCondition(*existingConditions, newCondition.Type)
-	if existingCondition == nil {
-		newCondition.LastTransitionTime = metav1.NewTime(time.Now())
-		*existingConditions = append(*existingConditions, newCondition)
-
-		return newCondition
-	}
-
-	if existingCondition.Status != newCondition.Status ||
-		existingCondition.Reason != newCondition.Reason {
-		existingCondition.Status = newCondition.Status
-		existingCondition.Reason = newCondition.Reason
-		existingCondition.LastTransitionTime = metav1.NewTime(time.Now())
-	}
-
-	defaultValue := "none"
-	if newCondition.Reason == "" {
-		newCondition.Reason = defaultValue
-	}
-
-	if newCondition.Message == "" {
-		newCondition.Message = defaultValue
-	}
-
-	existingCondition.Reason = newCondition.Reason
-	existingCondition.Message = newCondition.Message
-	// TODO: Why not update lastTranTime if the above change?
-
-	if existingCondition.ObservedGeneration != newCondition.ObservedGeneration {
-		existingCondition.LastTransitionTime = metav1.NewTime(time.Now())
-	}
-
-	return *existingCondition
-}
-
 // clusterForVRGStatus determines which cluster's VRG should be inspected for status updates to DRPC
 func (r *DRPlacementControlReconciler) clusterForVRGStatus(
 	drpc *rmn.DRPlacementControl, userPlacement client.Object, log logr.Logger,

internal/controller/protected_condition.go

@@ -5,11 +5,13 @@ package controllers
 
 import (
 	"fmt"
+	"time"
 
 	"k8s.io/apimachinery/pkg/api/meta"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	rmn "github.com/ramendr/ramen/api/v1alpha1"
+	rmnutil "github.com/ramendr/ramen/internal/controller/util"
 )
 
 func updateProtectedConditionUnknown(drpc *rmn.DRPlacementControl, clusterName string) {
@@ -29,16 +31,17 @@ func updateDRPCProtectedCondition(
 	drpc *rmn.DRPlacementControl,
 	vrg *rmn.VolumeReplicationGroup,
 	clusterName string,
+	vrgs map[string]*rmn.VolumeReplicationGroup,
 ) {
 	if updateVRGClusterDataReady(drpc, vrg, clusterName) {
 		return
 	}
 
-	if updateDRPCProtectedForReplicationState(drpc, vrg, clusterName) {
+	if updateDRPCProtectedForReplicationState(drpc, vrg, clusterName, vrgs) {
 		return
 	}
 
-	if updateVRGNoClusterDataConflict(drpc, vrg, clusterName) {
+	if updateVRGNoClusterDataConflict(drpc, vrg, vrgs) {
 		return
 	}
 
@@ -65,13 +68,19 @@ func updateDRPCProtectedForReplicationState(
 	drpc *rmn.DRPlacementControl,
 	vrg *rmn.VolumeReplicationGroup,
 	clusterName string,
+	vrgs map[string]*rmn.VolumeReplicationGroup,
 ) bool {
+	var fromCluster string
+
+	drpc.Status.ResourceConditions.Conditions, fromCluster = mergeVRGsConditions(
+		vrgs, vrg, VRGConditionTypeDataReady)
+
 	switch vrg.Spec.ReplicationState {
 	case rmn.Primary:
-		return updateVRGDataReadyAsPrimary(drpc, vrg, clusterName) ||
+		return updateVRGDataReadyAsPrimary(drpc, vrg, fromCluster) ||
 			updateVRGDataProtectedAsPrimary(drpc, vrg, clusterName)
 	case rmn.Secondary:
-		return updateVRGDataReadyAsSecondary(drpc, vrg, clusterName) ||
+		return updateVRGDataReadyAsSecondary(drpc, vrg, fromCluster) ||
 			updateVRGDataProtectedAsSecondary(drpc, vrg, clusterName)
 	}
 
@@ -186,8 +195,13 @@ func updateVRGDataProtectedAsPrimary(drpc *rmn.DRPlacementControl,
 //   - Returns a bool that is true if status was updated, and false otherwise
 func updateVRGNoClusterDataConflict(drpc *rmn.DRPlacementControl,
 	vrg *rmn.VolumeReplicationGroup,
-	clusterName string,
+	vrgs map[string]*rmn.VolumeReplicationGroup,
 ) bool {
+	var clusterName string
+
+	drpc.Status.ResourceConditions.Conditions, clusterName = mergeVRGsConditions(
+		vrgs, vrg, VRGConditionTypeNoClusterDataConflict)
+
 	return genericUpdateProtectedForCondition(drpc, vrg, clusterName, VRGConditionTypeNoClusterDataConflict,
 		"workload data protection", "checking for workload data conflict", "conflicting workload data")
 }
@@ -306,3 +320,87 @@ func updateMiscVRGStatus(drpc *rmn.DRPlacementControl,
 
 	return !updated
 }
+
+// findConflictCondition selects the appropriate condition from VRGs based on the conflict type.
+func findConflictCondition(vrgs map[string]*rmn.VolumeReplicationGroup,
+	conflictType string,
+) (*metav1.Condition, string) {
+	var selectedCondition *metav1.Condition
+
+	var clusterName string
+
+	for _, vrg := range vrgs {
+		condition := meta.FindStatusCondition(vrg.Status.Conditions, conflictType)
+		if condition != nil && condition.Status == metav1.ConditionFalse {
+			// Prioritize primary VRG's condition if available
+			clusterName = vrg.GetAnnotations()[DestinationClusterAnnotationKey]
+			if isVRGPrimary(vrg) {
+				return condition, clusterName // Exit early if primary VRG condition is found
+			}
+
+			// Assign the first non-primary VRG's condition if no primary found yet
+			if selectedCondition == nil {
+				selectedCondition = condition
+			}
+		}
+	}
+
+	return selectedCondition, clusterName
+}
+
+// mergeVRGsConditions assigns conditions from a given VRG while prioritizing conflict conditions.
+func mergeVRGsConditions(vrgs map[string]*rmn.VolumeReplicationGroup,
+	vrg *rmn.VolumeReplicationGroup, conflictType string,
+) ([]metav1.Condition, string) {
+	conditions := &vrg.Status.Conditions
+	conflictCondition, clusterName := findConflictCondition(vrgs, conflictType)
+
+	// Ensure the conflict condition is present in the conditions list
+	if conflictCondition != nil {
+		setConflictStatusCondition(conditions, *conflictCondition)
+	}
+
+	return *conditions, clusterName
+}
+
+func setConflictStatusCondition(existingConditions *[]metav1.Condition,
+	newCondition metav1.Condition,
+) metav1.Condition {
+	if existingConditions == nil {
+		existingConditions = &[]metav1.Condition{}
+	}
+
+	existingCondition := rmnutil.FindCondition(*existingConditions, newCondition.Type)
+	if existingCondition == nil {
+		newCondition.LastTransitionTime = metav1.NewTime(time.Now())
+		*existingConditions = append(*existingConditions, newCondition)
+
+		return newCondition
+	}
+
+	if existingCondition.Status != newCondition.Status ||
+		existingCondition.Reason != newCondition.Reason {
+		existingCondition.Status = newCondition.Status
+		existingCondition.Reason = newCondition.Reason
+		existingCondition.LastTransitionTime = metav1.NewTime(time.Now())
+	}
+
+	defaultValue := "none"
+	if newCondition.Reason == "" {
+		newCondition.Reason = defaultValue
+	}
+
+	if newCondition.Message == "" {
+		newCondition.Message = defaultValue
+	}
+
+	existingCondition.Reason = newCondition.Reason
+	existingCondition.Message = newCondition.Message
+	// TODO: Why not update lastTranTime if the above change?
+
+	if existingCondition.ObservedGeneration != newCondition.ObservedGeneration {
+		existingCondition.LastTransitionTime = metav1.NewTime(time.Now())
+	}
+
+	return *existingCondition
+}

internal/controller/vrg_recipe.go

@@ -13,6 +13,8 @@ import (
 
 	"github.com/go-logr/logr"
 	recipev1 "github.com/ramendr/recipe/api/v1alpha1"
+	appsv1 "k8s.io/api/apps/v1"
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
@@ -28,9 +30,11 @@ import (
 )
 
 const (
-	WorkflowAnyError       = "any-error"
-	WorkflowEssentialError = "essential-error"
-	WorkflowFullError      = "full-error"
+	WorkflowAnyError         = "any-error"
+	WorkflowEssentialError   = "essential-error"
+	WorkflowFullError        = "full-error"
+	veleroDeployment         = "velero"
+	kubevirtVeleroPluginName = "kubevirt-velero-plugin"
 )
 
 func captureWorkflowDefault(vrg ramen.VolumeReplicationGroup, ramenConfig ramen.RamenConfig) []kubeobjects.CaptureSpec {
@@ -166,6 +170,10 @@ func RecipeElementsGet(ctx context.Context, reader client.Reader, vrg ramen.Volu
 		return recipeElements, fmt.Errorf("recipe %v namespaces validation error: %w", recipeNamespacedName.String(), err)
 	}
 
+	if err := recipeVMBackupValidate(ctx, reader, ramenConfig, log); err != nil {
+		return recipeElements, fmt.Errorf("recipe %v VM backup validation error: %w", recipeNamespacedName.String(), err)
+	}
+
 	return recipeElements, nil
 }
 
@@ -191,6 +199,7 @@ func isRecipeReconcileToStop(parameters map[string][]string) bool {
 
 func getRecipeParameters(vrg ramen.VolumeReplicationGroup, ramenConfig ramen.RamenConfig) map[string][]string {
 	parameters := vrg.Spec.KubeObjectProtection.RecipeParameters
+
 	if vrg.Spec.KubeObjectProtection.RecipeRef.Namespace == RamenOperandsNamespace(ramenConfig) &&
 		vrg.Spec.KubeObjectProtection.RecipeRef.Name == recipecore.VMRecipeName {
 		parameters["VM_NAMESPACE"] = append(parameters["VM_NAMESPACE"], *vrg.Spec.ProtectedNamespaces...)
@@ -330,6 +339,87 @@ func recipeNamespacesValidate(recipeElements util.RecipeElements, vrg ramen.Volu
 	return nil
 }
 
+// If VM protection is requested, Velero and the kubevirt plugin must be present,
+// unless an alternate supported solution is configured.
+func recipeVMBackupValidate(ctx context.Context, reader client.Reader,
+	ramenConfig ramen.RamenConfig, log logr.Logger,
+) error {
+	if !isVirtualMachineCRDInstalled(ctx, reader, log) {
+		return nil
+	}
+
+	if ramenConfig.KubeObjectProtection.VeleroNamespaceName != "" ||
+		len(ramenConfig.KubeObjectProtection.VeleroNamespaceName) > 0 {
+		if isKubeVirtEnabled(ctx, reader, ramenConfig, log) {
+			return nil
+		}
+
+		return fmt.Errorf("kubevirt plugin is disabled, hence VM resources backup/restore might not succeed")
+	}
+
+	log.Info("Skipping kubevirt-plugin validation as Velero is not configured;" +
+		"VM protection requires Velero and the kubevirt plugin unless an alternate supported solution is in place.")
+
+	return nil
+}
+
+// isVirtualMachineCRDInstalled checks if the KubeVirt VirtualMachine CRD exists
+func isVirtualMachineCRDInstalled(ctx context.Context, reader client.Reader, log logr.Logger) bool {
+	var vmCRD apiextensionsv1.CustomResourceDefinition
+
+	crdName := "virtualmachines.kubevirt.io"
+
+	err := reader.Get(ctx, client.ObjectKey{Name: crdName}, &vmCRD)
+	if err != nil {
+		log.Error(err, "VirtualMachine CRD not found; skipping kubevirt-velero-plugin validation")
+
+		return false
+	}
+
+	log.Info(fmt.Sprintf("VirtualMachine CRD found: %s", vmCRD.Name))
+
+	return true
+}
+
+func isKubeVirtEnabled(ctx context.Context, reader client.Reader,
+	ramenConfig ramen.RamenConfig, log logr.Logger,
+) bool {
+	// Read Velero deployment and check if kubevirt plugin is enabled
+	var veleroDeploy appsv1.Deployment
+
+	veleroLookUpKey := types.NamespacedName{
+		Name:      veleroDeployment,
+		Namespace: ramenConfig.KubeObjectProtection.VeleroNamespaceName,
+	}
+	// Fetch the Velero deployment
+	if err := reader.Get(ctx, veleroLookUpKey, &veleroDeploy); err != nil {
+		log.Error(err, "failed to get Velero deployment")
+
+		return false
+	}
+
+	// Go through InitContainers to check if kubevirt plugin is enabled
+	initContainers := veleroDeploy.Spec.Template.Spec.InitContainers
+
+	initContainerNames := make([]string, 0, len(initContainers))
+
+	for i := range initContainers {
+		if strings.Contains(initContainers[i].Name, kubevirtVeleroPluginName) {
+			log.Info("kubevirt is enabled")
+
+			return true
+		}
+
+		initContainerNames = append(initContainerNames, initContainers[i].Name)
+	}
+
+	log.Info(fmt.Sprintf("InitContainers were [%v]; '%s' init-container not found in the list",
+		initContainerNames, kubevirtVeleroPluginName))
+	log.Info("kubevirt is not enabled")
+
+	return false
+}
+
 func recipeNamespaceNames(recipeElements util.RecipeElements) sets.Set[string] {
 	namespaceNames := make(sets.Set[string], 0)