feat(vm): validate hotplug CPU/memory limits and project quotas#2419
Open
eofff wants to merge 7 commits into
Open
feat(vm): validate hotplug CPU/memory limits and project quotas#2419eofff wants to merge 7 commits into
eofff wants to merge 7 commits into
Conversation
Signed-off-by: Valeriy Khorunzhin <valeriy.khorunzhin@flant.com>
added 2 commits
June 2, 2026 10:01
Signed-off-by: Valeriy Khorunzhin <valeriy.khorunzhin@flant.com>
Signed-off-by: Valeriy Khorunzhin <valeriy.khorunzhin@flant.com>
eofff
changed the title
diafour
requested changes
Jun 2, 2026
Member
diafour
left a comment
diafour
left a comment
There was a problem hiding this comment.
Also:
- changing memory.size and cpu.cores/cpu.coreFraction is not always a "hotplug", it may require reboot. Do we need this validation?
- It seems these validations are needed to prevent migration fails, so it only applicable for specific phases, e.g. no need to validate "Stopped" VMs.
…dators/hotplug_resources_validator.go Co-authored-by: Ivan Mikheykin <ivan.mikheykin@flant.com> Signed-off-by: Valeriy Khorunzhin <b1kapb999@gmail.com>
…dators/hotplug_resources_validator.go Co-authored-by: Ivan Mikheykin <ivan.mikheykin@flant.com> Signed-off-by: Valeriy Khorunzhin <b1kapb999@gmail.com>
Signed-off-by: Valeriy Khorunzhin <valeriy.khorunzhin@flant.com>
Signed-off-by: Valeriy Khorunzhin <valeriy.khorunzhin@flant.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Added
HotplugResourcesValidatorto VM webhook update validation pipeline.The new validator checks hotplug CPU/memory changes against platform limits and namespace
ResourceQuotaavailability (including migration-time double allocation).Why do we need it, and what problem does it solve?
Hotplug resource updates can exceed safe VM limits or project quotas, which may lead to failed operations during migration and unclear runtime failures.
This change rejects invalid updates early at admission time with explicit validation errors.
What is the expected result?
On VM update, changed hotplug CPU/memory values are validated to ensure:
128256GiResourceQuotalimits and migration-time requirementsInvalid updates are rejected with clear error messages; valid updates pass.
Checklist
Changelog entries