From d4a8a32fbcc8aae42e9981ac883748e4348dbbe1 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Thu, 12 Mar 2026 10:29:43 +0300 Subject: [PATCH 01/15] wip Signed-off-by: Daniil Loktev --- templates/kubevirt/kubevirt.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/templates/kubevirt/kubevirt.yaml b/templates/kubevirt/kubevirt.yaml index c57f981ce2..1b374931fb 100644 --- a/templates/kubevirt/kubevirt.yaml +++ b/templates/kubevirt/kubevirt.yaml @@ -54,7 +54,6 @@ spec: - HotplugVolumes - Snapshot - ExpandDisks - - Root - CPUManager - Sidecar - VolumeSnapshotDataSource From 9597ee1bd45eeaa8779b9294d8d64e94aac11fd5 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Thu, 12 Mar 2026 11:48:08 +0300 Subject: [PATCH 02/15] wip Signed-off-by: Daniil Loktev --- images/virt-launcher/werf.inc.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index d238443408..8926586d46 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -392,6 +392,9 @@ shell: echo "Create symlink for run -> var/run " ln -s var/run run + - | + setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor + # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories. # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt. - | From 770f1958775a81c4ebcd7dd7709edf4998f7c1fc Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Thu, 12 Mar 2026 16:32:17 +0300 Subject: [PATCH 03/15] wip Signed-off-by: Daniil Loktev --- build/components/versions.yml | 2 +- images/virt-launcher/werf.inc.yaml | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/build/components/versions.yml b/build/components/versions.yml index 74fb184558..0da9757136 100644 --- a/build/components/versions.yml +++ b/build/components/versions.yml @@ -3,7 +3,7 @@ firmware: libvirt: v10.9.0 edk2: stable202411 core: - 3p-kubevirt: v1.6.2-v12n.13 + 3p-kubevirt: feat/vm/rootless-virt-launcher 3p-containerized-data-importer: v1.60.3-v12n.16 distribution: 2.8.3 package: diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index 8926586d46..d238443408 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -392,9 +392,6 @@ shell: echo "Create symlink for run -> var/run " ln -s var/run run - - | - setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor - # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories. # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt. - | From ae8f81c8885a438709004e263bce6d6544cf829d Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Thu, 12 Mar 2026 17:14:35 +0300 Subject: [PATCH 04/15] wip Signed-off-by: Daniil Loktev --- images/virt-artifact/werf.inc.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 45e1112e8d..dd8a43e51d 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -9,6 +9,7 @@ image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact final: false fromImage: builder/src +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" secrets: - id: SOURCE_REPO value: {{ $.SOURCE_REPO }} @@ -44,6 +45,7 @@ packages: image: {{ .ModuleNamePrefix }}{{ .ImageName }} final: false fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }} +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" mount: - fromPath: ~/go-pkg-cache to: /go/pkg From 85284e8835dd24686143619073f79d3fac88e877 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Thu, 12 Mar 2026 18:02:17 +0300 Subject: [PATCH 05/15] wip Signed-off-by: Daniil Loktev --- images/virt-launcher/werf.inc.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index d238443408..8926586d46 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -392,6 +392,9 @@ shell: echo "Create symlink for run -> var/run " ln -s var/run run + - | + setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor + # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories. # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt. - | From 8910b80e25dc7d8d4c84d7abe08d06cb2643ebd8 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Thu, 12 Mar 2026 19:00:34 +0300 Subject: [PATCH 06/15] wip Signed-off-by: Daniil Loktev --- images/virt-launcher/werf.inc.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index 8926586d46..d238443408 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -392,9 +392,6 @@ shell: echo "Create symlink for run -> var/run " ln -s var/run run - - | - setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor - # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories. # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt. - | From b3a85a3c9b60a2e0fdf4e2cb76311f18021faa96 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Tue, 24 Mar 2026 15:51:05 +0300 Subject: [PATCH 07/15] wip Signed-off-by: Daniil Loktev --- images/virt-artifact/werf.inc.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index dd8a43e51d..45e1112e8d 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -9,7 +9,6 @@ image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact final: false fromImage: builder/src -fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" secrets: - id: SOURCE_REPO value: {{ $.SOURCE_REPO }} @@ -45,7 +44,6 @@ packages: image: {{ .ModuleNamePrefix }}{{ .ImageName }} final: false fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }} -fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" mount: - fromPath: ~/go-pkg-cache to: /go/pkg From 495317d98897c539a5a1d45685aa1e107754b9b7 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Tue, 24 Mar 2026 16:02:25 +0300 Subject: [PATCH 08/15] wip Signed-off-by: Daniil Loktev --- images/virt-launcher/werf.inc.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index d238443408..8926586d46 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -392,6 +392,9 @@ shell: echo "Create symlink for run -> var/run " ln -s var/run run + - | + setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor + # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories. # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt. - | From 34b867b581f22dfd4e5adcee6472906cd5a018aa Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Tue, 24 Mar 2026 16:30:13 +0300 Subject: [PATCH 09/15] wip Signed-off-by: Daniil Loktev --- images/virt-launcher/werf.inc.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index 8926586d46..d0515d50ab 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -2,6 +2,7 @@ image: {{ .ModuleNamePrefix }}{{ .ImageName }} final: true fromImage: {{ .ModuleNamePrefix }}distroless +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" git: {{- include "image mount points" . }} import: @@ -139,6 +140,7 @@ packages: image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries final: false fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" git: # Add qemu and virtqemud configs - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs From 97345741e3ed0b5d3ab918dd04aaf1af8cfe489a Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Sat, 28 Mar 2026 01:43:35 +0300 Subject: [PATCH 10/15] wip Signed-off-by: Daniil Loktev --- images/virt-launcher/werf.inc.yaml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index d0515d50ab..e3a3221af9 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -10,10 +10,6 @@ import: add: /relocate to: / after: install - - image: tools/tini-v0.19.0 - add: /usr/bin/tini - to: /usr/bin/tini - after: install imageSpec: config: user: 0 @@ -160,6 +156,10 @@ git: includePaths: - nsswitch.conf import: +- image: tools/tini-v0.19.0 + add: /usr/bin/tini + to: /relocate/usr/bin/tini + before: setup # Libvirt and QEMU libraries and binaries - image: {{ .ModuleNamePrefix }}packages/libvirt add: /libvirt @@ -396,6 +396,7 @@ shell: - | setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor + setcap cap_net_bind_service=+ep /relocate/usr/bin/tini # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories. # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt. From 06c5fe8611ba12c6e0e1a537dd879a320d73280e Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Mon, 30 Mar 2026 18:09:57 +0300 Subject: [PATCH 11/15] wip Signed-off-by: Daniil Loktev --- build/components/versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/components/versions.yml b/build/components/versions.yml index beb156da4b..70581327f4 100644 --- a/build/components/versions.yml +++ b/build/components/versions.yml @@ -3,7 +3,7 @@ firmware: libvirt: v10.9.0 edk2: stable202411 core: - 3p-kubevirt: v1.6.2-v12n.16 + 3p-kubevirt: feat/vm/rootless-virt-launcher 3p-containerized-data-importer: v1.60.3-v12n.16 distribution: 2.8.3 package: From b44b96f34dacfc988b7f925c6530008d62299b5a Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Mon, 30 Mar 2026 19:03:36 +0300 Subject: [PATCH 12/15] fix linter errors Signed-off-by: Daniil Loktev --- build/components/versions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/components/versions.yml b/build/components/versions.yml index 70581327f4..0da9757136 100644 --- a/build/components/versions.yml +++ b/build/components/versions.yml @@ -3,7 +3,7 @@ firmware: libvirt: v10.9.0 edk2: stable202411 core: - 3p-kubevirt: feat/vm/rootless-virt-launcher + 3p-kubevirt: feat/vm/rootless-virt-launcher 3p-containerized-data-importer: v1.60.3-v12n.16 distribution: 2.8.3 package: From fec4f96382bf9ebf3d3c2518cfb95c4f2e08bb30 Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Tue, 31 Mar 2026 15:30:03 +0300 Subject: [PATCH 13/15] replace 107:107 with deckhouse:deckhouse Signed-off-by: Daniil Loktev --- images/dvcr-artifact/pkg/registry/registry.go | 8 ++++---- images/virt-artifact/werf.inc.yaml | 4 ++-- images/virt-handler/werf.inc.yaml | 8 ++++---- images/virt-launcher/configs/qemu.conf | 4 ++-- images/virt-launcher/werf.inc.yaml | 8 ++++---- .../pkg/common/annotations/annotations.go | 4 ++-- images/virtualization-artifact/pkg/common/pod/pod.go | 4 ++-- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/images/dvcr-artifact/pkg/registry/registry.go b/images/dvcr-artifact/pkg/registry/registry.go index 9c6da2f747..3f33fa406f 100644 --- a/images/dvcr-artifact/pkg/registry/registry.go +++ b/images/dvcr-artifact/pkg/registry/registry.go @@ -202,8 +202,8 @@ func (p DataProcessor) inspectAndStreamSourceImage( dirHeader := &tar.Header{ Name: "disk", Mode: 0o755, - Uid: 107, - Gid: 107, + Uid: 64535, + Gid: 64535, AccessTime: now, ChangeTime: now, Typeflag: tar.TypeDir, @@ -217,8 +217,8 @@ func (p DataProcessor) inspectAndStreamSourceImage( Name: imagePath, Size: int64(sourceImageSize), Mode: 0o644, - Uid: 107, - Gid: 107, + Uid: 64535, + Gid: 64535, AccessTime: now, ChangeTime: now, Typeflag: tar.TypeReg, diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 45e1112e8d..fe18563bd3 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -98,7 +98,7 @@ shell: - echo "Create group file" - | GROUP_FILE=/kubevirt-config-files/group - echo "qemu:x:107:" > $GROUP_FILE + echo "deckhouse:x:64535:" > $GROUP_FILE echo "root:x:0:" >> $GROUP_FILE echo "nonroot-user:x:1001:" >> $GROUP_FILE chmod 0644 $GROUP_FILE @@ -106,7 +106,7 @@ shell: - echo "Create passwd file" - | PASSWD_FILE=/kubevirt-config-files/passwd - echo "qemu:x:107:107:user:/home/qemu:/bin/bash" > $PASSWD_FILE + echo "deckhouse:x:64535:64535:deckhouse:/home/deckhouse:/sbin/nologin" > $PASSWD_FILE echo "root:x:0:0:root:/root:/bin/bash" >> $PASSWD_FILE echo "nonroot-user:x:1001:1001::/home/nonroot-user:/bin/bash" >> $PASSWD_FILE chmod 0644 $PASSWD_FILE diff --git a/images/virt-handler/werf.inc.yaml b/images/virt-handler/werf.inc.yaml index 3db87a474a..b11943d675 100644 --- a/images/virt-handler/werf.inc.yaml +++ b/images/virt-handler/werf.inc.yaml @@ -113,8 +113,8 @@ shell: echo "root:x:0:" >> /relocate/etc/group echo "root:x:::::::" >> /relocate/etc/shadow - echo "qemu:x:107:107::/home/qemu:/bin/bash" >> /relocate/etc/passwd - echo "qemu:x:107:" >> /relocate/etc/group - mkdir -p /relocate/home/qemu - chown -R 107:107 /relocate/home/qemu + echo "deckhouse:x:64535:64535:deckhouse:/home/deckhouse:/sbin/nologin" >> /relocate/etc/passwd + echo "deckhouse:x:64535:" >> /relocate/etc/group + mkdir -p /relocate/home/deckhouse + chown -R 64535:64535 /relocate/home/deckhouse diff --git a/images/virt-launcher/configs/qemu.conf b/images/virt-launcher/configs/qemu.conf index 4e4c59e393..5cd16dadef 100644 --- a/images/virt-launcher/configs/qemu.conf +++ b/images/virt-launcher/configs/qemu.conf @@ -2,8 +2,8 @@ stdio_handler = "logd" vnc_listen = "0.0.0.0" vnc_tls = 0 vnc_sasl = 0 -user = "qemu" -group = "qemu" +user = "deckhouse" +group = "deckhouse" dynamic_ownership = 1 remember_owner = 0 namespaces = [ ] diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml index e3a3221af9..ecb1514fe7 100644 --- a/images/virt-launcher/werf.inc.yaml +++ b/images/virt-launcher/werf.inc.yaml @@ -327,10 +327,10 @@ shell: echo "root:x:0:" >> /relocate/etc/group echo "root:x:::::::" >> /relocate/etc/shadow - echo "qemu:x:107:107::/home/qemu:/bin/bash" >> /relocate/etc/passwd - echo "qemu:x:107:" >> /relocate/etc/group - mkdir -p /relocate/home/qemu - chown -R 107:107 /relocate/home/qemu + echo "deckhouse:x:64535:64535:deckhouse:/home/deckhouse:/sbin/nologin" >> /relocate/etc/passwd + echo "deckhouse:x:64535:" >> /relocate/etc/group + mkdir -p /relocate/home/deckhouse + chown -R 64535:64535 /relocate/home/deckhouse - | echo "Create symlinks for OVMF" diff --git a/images/virtualization-artifact/pkg/common/annotations/annotations.go b/images/virtualization-artifact/pkg/common/annotations/annotations.go index c70c6542cb..f89899d6bc 100644 --- a/images/virtualization-artifact/pkg/common/annotations/annotations.go +++ b/images/virtualization-artifact/pkg/common/annotations/annotations.go @@ -227,9 +227,9 @@ const ( AnnUSBIPAddress = "usb.virtualization.deckhouse.io/usbip-address" // DefaultUSBDeviceGroup is the default device group ID for USB devices. - DefaultUSBDeviceGroup = "107" + DefaultUSBDeviceGroup = "64535" // DefaultUSBDeviceUser is the default device user ID for USB devices. - DefaultUSBDeviceUser = "107" + DefaultUSBDeviceUser = "64535" ) // AddAnnotation adds an annotation to an object diff --git a/images/virtualization-artifact/pkg/common/pod/pod.go b/images/virtualization-artifact/pkg/common/pod/pod.go index f7836d4c57..1c10b6bd85 100644 --- a/images/virtualization-artifact/pkg/common/pod/pod.go +++ b/images/virtualization-artifact/pkg/common/pod/pod.go @@ -108,8 +108,8 @@ func IsPodComplete(pod *corev1.Pod) bool { return pod != nil && pod.Status.Phase == corev1.PodSucceeded } -// QemuSubGID is the gid used as the qemu group in fsGroup -const QemuSubGID = int64(107) +// QemuSubGID is the gid used as the deckhouse group in fsGroup +const QemuSubGID = int64(64535) // SetRestrictedSecurityContext sets the pod security params to be compatible with restricted PSA func SetRestrictedSecurityContext(podSpec *corev1.PodSpec) { From f261c427a209ced843eadfff2b04cbff2f58479f Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Wed, 1 Apr 2026 11:12:13 +0300 Subject: [PATCH 14/15] wip Signed-off-by: Daniil Loktev --- images/dvcr-artifact/werf.inc.yaml | 1 + images/virt-artifact/werf.inc.yaml | 1 + images/virt-handler/werf.inc.yaml | 2 ++ 3 files changed, 4 insertions(+) diff --git a/images/dvcr-artifact/werf.inc.yaml b/images/dvcr-artifact/werf.inc.yaml index 0cc0e9928f..447d97a4d7 100644 --- a/images/dvcr-artifact/werf.inc.yaml +++ b/images/dvcr-artifact/werf.inc.yaml @@ -24,6 +24,7 @@ packages: image: {{ .ModuleNamePrefix }}{{ .ImageName }}-builder final: false fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }} +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" secrets: - id: GOPROXY value: {{ .GOPROXY }} diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index fe18563bd3..70dad0ff6c 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -44,6 +44,7 @@ packages: image: {{ .ModuleNamePrefix }}{{ .ImageName }} final: false fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.24" "builder/golang-alt-svace-1.24" }} +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" mount: - fromPath: ~/go-pkg-cache to: /go/pkg diff --git a/images/virt-handler/werf.inc.yaml b/images/virt-handler/werf.inc.yaml index b11943d675..7b65fdddc5 100644 --- a/images/virt-handler/werf.inc.yaml +++ b/images/virt-handler/werf.inc.yaml @@ -1,6 +1,7 @@ --- image: {{ .ModuleNamePrefix }}{{ .ImageName }} fromImage: {{ .ModuleNamePrefix }}distroless +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" git: {{- include "image mount points" . }} import: @@ -81,6 +82,7 @@ packages: image: {{ .ModuleNamePrefix }}{{ .ImageName }}-bins final: false fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" import: - image: tools/util-linux add: / From 9ddf149cb487efc0536e884a866b55f136b5aced Mon Sep 17 00:00:00 2001 From: Daniil Loktev Date: Wed, 1 Apr 2026 19:48:22 +0300 Subject: [PATCH 15/15] wip Signed-off-by: Daniil Loktev --- images/virt-artifact/werf.inc.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 70dad0ff6c..82051aa1d0 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -9,6 +9,7 @@ image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact final: false fromImage: builder/src +fromCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" secrets: - id: SOURCE_REPO value: {{ $.SOURCE_REPO }}