passt: Fix docs

oshoval · oshoval · commit c9efb1c75a6a · 2025-09-15T14:45:19.000+03:00
Update docs about cni daemonSet.
Update outdated parts.

Signed-off-by: Or Shoval &lt;oshoval@redhat.com&gt;
diff --git a/docs/network/net_binding_plugins/passt.md b/docs/network/net_binding_plugins/passt.md
@@ -47,7 +47,7 @@ sysctl -w fs.file-max = 9223372036854775807
 > leading to memory overhead of up to 800 Mi.
 
 ## Passt network binding plugin
-[v1.1.0]
+[v1.6.0]
 
 The binding plugin replaces the experimental core passt binding implementation
 (including its API).
@@ -74,21 +74,59 @@ the passt plugin needs to:
 And in detail:
 
 ### Passt CNI deployment on nodes
-The CNI plugin binary can be retrieved directly from the kubevirt release
-assets (on GitHub) or to be built from its
-[sources](https://github.com/kubevirt/kubevirt/tree/release-1.1/cmd/cniplugins/passt-binding).
+Create the following DaemonSet:
 
-> **Note**: The kubevirt project uses Bazel to build the binaries and container images.
-> For more information in how to build the whole project, visit the developer
-> [getting started guide](https://github.com/kubevirt/kubevirt/blob/release-1.1/docs/getting-started.md).
-
-Once the binary is ready, you may rename it to a meaningful name
-(e.g. `kubevirt-passt-binding`).
-This name is used in the NetworkAttachmentDefinition configuration.
-
-Copy the binary to each node in your cluster.
-The location of the CNI plugins may vary between platforms and versions.
-One common path is `/opt/cni/bin/`.
+```yaml
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: passt-binding-cni
+  namespace: kubevirt
+  labels:
+    tier: node
+    app: passt-binding-cni
+spec:
+  selector:
+    matchLabels:
+      name: passt-binding-cni
+  updateStrategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 10%
+  template:
+    metadata:
+      labels:
+        name: passt-binding-cni
+        tier: node
+        app: passt-binding-cni
+      annotations:
+        description: passt-binding-cni installs 'passt binding' CNI on cluster nodes
+    spec:
+      priorityClassName: system-cluster-critical
+      containers:
+      - name: installer
+        image: quay.io/kubevirt/network-passt-binding-cni:v1.6.0
+        command: [ "/bin/sh", "-ce" ]
+        args:
+        - |
+          ls -la "/cni/kubevirt-passt-binding"
+          cp -f "/cni/kubevirt-passt-binding" "/opt/cni/bin"
+          echo "passt binding CNI plugin installation complete..sleep infinity"
+          sleep 2147483647
+        resources:
+          requests:
+            cpu: "10m"
+            memory: "15Mi"
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: cnibin
+          mountPath: /opt/cni/bin
+      volumes:
+      - name: cnibin
+        hostPath:
+          path: /opt/cni/bin
+```
 
 ### Passt NetworkAttachmentDefinition
 The configuration needed for passt is minimalistic:
@@ -97,11 +135,11 @@ The configuration needed for passt is minimalistic:
 apiVersion: "k8s.cni.cncf.io/v1"
 kind: NetworkAttachmentDefinition
 metadata:
-  name: netbindingpasst
+  name: primary-udn-kubevirt-binding
 spec:
   config: '{
             "cniVersion": "1.0.0",
-            "name": "netbindingpasst",
+            "name": "primary-udn-kubevirt-binding",
             "plugins": [
               {
                 "type": "kubevirt-passt-binding"
@@ -124,14 +162,12 @@ The relevant sidecar image needs to be accessible by the cluster and
 specified in the Kubevirt CR when registering the network binding plugin.
 
 ### Feature Gate
-If not already set, add the `NetworkBindingPlugins` FG.
+If not already set, add the `PasstIPStackMigration` Feature Gate.
 ```
-kubectl patch kubevirts -n kubevirt kubevirt --type=json -p='[{"op": "add", "path": "/spec/configuration/developerConfiguration/featureGates/-",   "value": "NetworkBindingPlugins"}]'
+kubectl patch kubevirt -n kubevirt kubevirt --type=merge -p='{"spec":{"configuration":{"developerConfiguration":{"featureGates":["PasstIPStackMigration"]}}}}'
 ```
 
-> **Note**: The specific passt plugin has no FG by its own. It is up to the cluster
-> admin to decide if the plugin is to be available in the cluster.
-> The passt binding is still in evaluation, use it with care.
+This Feature gate toggles calling of passt-repair for Passt seamless migration.
 
 ### Passt Registration
 As described in the [registration section](../../network/network_binding_plugins.md#register), passt binding plugin
@@ -142,12 +178,12 @@ To register the passt binding, patch the kubevirt CR as follows:
 kubectl patch kubevirts -n kubevirt kubevirt --type=json -p='[{"op": "add", "path": "/spec/configuration/network",   "value": {
             "binding": {
                 "passt": {
-                    "networkAttachmentDefinition": "default/netbindingpasst",
-                    "sidecarImage": "quay.io/kubevirt/network-passt-binding:20231205_29a16d5c9",
+                    "networkAttachmentDefinition": "default/primary-udn-kubevirt-binding",
+                    "sidecarImage": "quay.io/kubevirt/network-passt-binding:v1.6.0",
                     "migration": {},
                     "computeResourceOverhead": {
                       "requests": {
-                        "memory": "500Mi",
+                        "memory": "250Mi",
                       }
                     }
                 }
@@ -159,10 +195,14 @@ The NetworkAttachmentDefinition and sidecarImage values should correspond with t
 names used in the previous sections, [here](#passt-networkattachmentdefinition)
 and [here](#passt-sidecar-image).
 
-When using the plugin, additional memory overhead of `500Mi` will be requested for the compute container in the virt-launcher pod.
+When using the plugin, additional memory overhead of `250Mi` will be requested for the compute container in the virt-launcher pod.
 
 When the VM boots for the first time, Passt's internal DHCP server assigns an IP address to the guest with an "infinite" lease duration.
 
+**Note**: 
+> It is up to the cluster admin to decide if the plugin is to be available in the cluster.
+> The passt binding is still in evaluation, use it with care.
+
 **Note**:
 > During a live migration:
 > - The target pod is assigned a new IP address from the pod network, which is reflected in the VMI interfaces status.
@@ -222,7 +262,7 @@ spec:
       terminationGracePeriodSeconds: 0
       volumes:
       - containerDisk:
-          image: quay.io/kubevirt/fedora-with-test-tooling-container-disk:v1.1.0
+          image: quay.io/kubevirt/fedora-with-test-tooling-container-disk:v1.6.0
         name: containerdisk
       - cloudInitNoCloud:
           networkData: |
