Skip to content

bump #2174

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
yaroslavborbat wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

bump #2174

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e05e20a
bump
yaroslavborbat Mar 31, 2026
63c832b
rbac
yaroslavborbat Apr 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/components/versions.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ firmware:
libvirt: v10.9.0
edk2: stable202411
core:
3p-kubevirt: v1.6.2-v12n.20
3p-kubevirt: feat/virt-handler-to-hostnetwork # v1.6.2-v12n.20
3p-containerized-data-importer: v1.60.3-v12n.17
distribution: 2.8.3
package:
Expand Down
11 changes: 11 additions & 0 deletions images/kube-api-rewriter/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,17 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/cespare/xxhash/v2 v2.3.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.12.2 // indirect
github.com/fsnotify/fsnotify v1.9.0 // indirect
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
github.com/go-logr/logr v1.4.3 // indirect
github.com/go-openapi/jsonpointer v0.21.1 // indirect
github.com/go-openapi/jsonreference v0.21.0 // indirect
github.com/go-openapi/swag v0.23.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/google/gnostic-models v0.6.9 // indirect
github.com/google/go-cmp v0.7.0 // indirect
github.com/google/uuid v1.6.0 // indirect
github.com/josephburnett/jd v1.9.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
Expand All @@ -25,6 +30,7 @@ require (
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/prometheus/client_golang v1.23.0 // indirect
github.com/prometheus/client_model v0.6.2 // indirect
github.com/prometheus/common v0.65.0 // indirect
Expand All @@ -43,13 +49,16 @@ require (
golang.org/x/text v0.27.0 // indirect
golang.org/x/time v0.12.0 // indirect
google.golang.org/protobuf v1.36.6 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/api v0.33.3 // indirect
k8s.io/apimachinery v0.33.3 // indirect
k8s.io/apiserver v0.33.3 // indirect
k8s.io/client-go v0.33.3 // indirect
k8s.io/klog/v2 v2.130.1 // indirect
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff // indirect
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect
sigs.k8s.io/controller-runtime v0.21.0 // indirect
sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect
Expand All @@ -64,3 +73,5 @@ replace (
golang.org/x/net => golang.org/x/net v0.40.0 // CVE-2025-22870, CVE-2025-22872
golang.org/x/oauth2 => golang.org/x/oauth2 v0.27.0 // CVE-2025-22868
)

replace github.com/deckhouse/kube-api-rewriter => github.com/yaroslavborbat/kube-api-rewriter v0.0.0-20260402203155-ce012e9b14c8 // feat/auth-rbac-middleware
16 changes: 8 additions & 8 deletions images/kube-api-rewriter/go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/deckhouse/kube-api-rewriter v0.1.2 h1:FQiVAbj73Sm5MmTvuA73wFM8mHQkJlq9oDlHLNw2Yy8=
github.com/deckhouse/kube-api-rewriter v0.1.2/go.mod h1:tZFw2byvVh4C0D/RxAAgp2x929yTUv9+sN2zZy59hNE=
github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU=
github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU=
Expand All @@ -30,8 +28,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v
github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo=
github.com/google/gnostic-models v0.7.0/go.mod h1:whL5G0m6dmc5cPxKc5bdKdEN3UjI7OUGxBlw57miDrQ=
github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw=
github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8=
Expand Down Expand Up @@ -104,6 +102,8 @@ github.com/tidwall/sjson v1.2.5 h1:kLy8mja+1c9jlljvWTlSazM7cKDRfJuR/bOJhcY5NcY=
github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6jwd28=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/yaroslavborbat/kube-api-rewriter v0.0.0-20260402203155-ce012e9b14c8 h1:2sMKqgWgX9O80bAfJHmgw81EIBpfw4PxUH1uf6vU/d0=
github.com/yaroslavborbat/kube-api-rewriter v0.0.0-20260402203155-ce012e9b14c8/go.mod h1:6xreNakzKpoQ6btk+tViQ1F3QFRksDR7vHGNysoIymQ=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
Expand Down Expand Up @@ -190,12 +190,14 @@ k8s.io/api v0.33.3 h1:SRd5t//hhkI1buzxb288fy2xvjubstenEKL9K51KBI8=
k8s.io/api v0.33.3/go.mod h1:01Y/iLUjNBM3TAvypct7DIj0M0NIZc+PzAHCIo0CYGE=
k8s.io/apimachinery v0.33.3 h1:4ZSrmNa0c/ZpZJhAgRdcsFcZOw1PQU1bALVQ0B3I5LA=
k8s.io/apimachinery v0.33.3/go.mod h1:BHW0YOu7n22fFv/JkYOEfkUYNRN0fj0BlvMFWA7b+SM=
k8s.io/apiserver v0.33.3 h1:Wv0hGc+QFdMJB4ZSiHrCgN3zL3QRatu56+rpccKC3J4=
k8s.io/apiserver v0.33.3/go.mod h1:05632ifFEe6TxwjdAIrwINHWE2hLwyADFk5mBsQa15E=
k8s.io/client-go v0.33.3 h1:M5AfDnKfYmVJif92ngN532gFqakcGi6RvaOF16efrpA=
k8s.io/client-go v0.33.3/go.mod h1:luqKBQggEf3shbxHY4uVENAxrDISLOarxpTKMiUuujg=
k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA=
k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts=
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff h1:/usPimJzUKKu+m+TE36gUyGcf03XZEP0ZIKgKj35LS4=
k8s.io/kube-openapi v0.0.0-20250318190949-c8a335a9a2ff/go.mod h1:5jIi+8yX4RIb8wk3XwBo5Pq2ccx4FP10ohkbSKCZoK8=
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y=
k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/controller-runtime v0.21.0 h1:CYfjpEuicjUecRk+KAeyYh+ouUBn4llGyDYytIGcJS8=
Expand All @@ -207,8 +209,6 @@ sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
sigs.k8s.io/structured-merge-diff/v4 v4.7.0 h1:qPeWmscJcXP0snki5IYF79Z8xrl8ETFxgMd7wez1XkI=
sigs.k8s.io/structured-merge-diff/v4 v4.7.0/go.mod h1:dDy58f92j70zLsuZVuUX5Wp9vtxXpaZnkPGWeqDfCps=
sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=
1 change: 1 addition & 0 deletions images/virt-artifact/werf.inc.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
final: false
fromImage: builder/src
fromCacheVersion: "012" # TODO: DELETE ME
secrets:
- id: SOURCE_REPO
value: {{ $.SOURCE_REPO }}
Expand Down
47 changes: 47 additions & 0 deletions templates/_hostnetwork_ports.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{{- /*
Port constants for DaemonSets running with hostNetwork: true.

All three DaemonSets — virt-handler, vm-route-forge, virtualization-dra —
run with hostNetwork, so every bound port is exposed on the node's network
interfaces. Ports below are chosen outside the KubeVirt live-migration range
(4135-4199) and must not overlap with other well-known services on cluster nodes.

Port map:

virt-handler (kube-api-rewriter runs as its sidecar):
4135-4199 virt-handler: live-migration tunnels (KubeVirt migration range).
4100 virt-handler: healthz and Prometheus metrics (--port flag), kube-rbac-proxy implemented natively.
4101 virt-handler: Console server port (--console-server-port flag).
4102 kube-api-rewriter sidecar: Prometheus metrics (MONITORING_BIND_ADDRESS), bound to pod IP.
liveness and readiness probes (/proxy/healthz, /proxy/readyz).
4103 kube-api-rewriter sidecar: pprof (PPROF_BIND_ADDRESS), bound to pod IP, debug mode only.
4104 kube-api-rewriter sidecar: Kubernetes API proxy (CLIENT_PROXY_PORT),
virt-handler connects here instead of the real API server.

vm-route-forge:
4105 vm-route-forge: liveness and readiness probes (HEALTH_PROBE_BIND_ADDRESS).
4106 vm-route-forge: pprof (PPROF_BIND_ADDRESS), debug mode only.

virtualization-dra:
4107 virtualization-dra: gRPC liveness and readiness probes.
4280 virtualization-dra: USB/IP daemon (--usbipd-port flag).
*/ -}}

{{- /* virt-handler */ -}}
{{- define "virt_handler.migration_port_first" -}}4135{{- end -}}
{{- define "virt_handler.migration_port_last" -}}4199{{- end -}}

{{- define "virt_handler.port" -}}4100{{- end -}}
{{- define "virt_handler.console_server_port" -}}4101{{- end -}}
{{- define "virt_handler.rewriter_healthz_port" -}}4102{{- end -}}
{{- define "virt_handler.rewriter_monitoring_port" -}}4102{{- end -}}
{{- define "virt_handler.rewriter_pprof_port" -}}4103{{- end -}}
{{- define "virt_handler.rewriter_proxy_port" -}}4104{{- end -}}

{{- /* vm-route-forge */ -}}
{{- define "vm_route_forge.health_port" -}}4105{{- end -}}
{{- define "vm_route_forge.pprof_port" -}}4106{{- end -}}

{{- /* virtualization-dra */ -}}
{{- define "virtualization_dra.health_port" -}}4107{{- end -}}
{{- define "virtualization_dra.usbipd_port" -}}4280{{- end -}}
2 changes: 1 addition & 1 deletion templates/kube-api-rewriter/_customize_patch_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
{{- include "kube_api_rewriter.sidecar_container" (tuple $ctx $settings) | nindent 6 }}
- name: {{ $mainContainerName }}
env:
{{- include "kube_api_rewriter.kubeconfig_env" . | nindent 8 }}
{{- include "kube_api_rewriter.kubeconfig_env" (tuple $ctx $settings) | nindent 8 }}
volumeMounts:
{{- include "kube_api_rewriter.kubeconfig_volume_mount" . | nindent 8 }}
{{- end -}}
Expand Down
6 changes: 2 additions & 4 deletions templates/kube-api-rewriter/_settings.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,11 @@

{{- define "kube_api_rewriter.pprof_port" -}}8129{{- end -}}

{{- define "kube_api_rewriter.client_proxy_port" -}}23915{{- end -}}

{{- define "kube_api_rewriter.env" -}}
- name: LOG_LEVEL
value: {{ include "moduleLogLevel" . }}
{{- if eq (include "moduleLogLevel" .) "debug" }}
- name: PPROF_BIND_ADDRESS
value: ":{{ include "kube_api_rewriter.pprof_port" . }}"
{{- end }}
{{- end -}}

{{- define "kube_api_rewriter.resources" -}}
Expand Down
Loading
Loading