v1.8.0
This release follows v1.7.0 and consists of 106 changes, leading to 2785 files changed, 157309 insertions(+), 210405 deletions(-).
The source code and selected binaries are available for download at: https://github.com/kubevirt/hyperconverged-cluster-operator/releases/tag/v1.8.0.
The primary release artifact of hyperconverged-cluster-operator is the git tree. The release tag is
signed and can be verified using git tag -v v1.8.0
.
Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.
Notable changes
hyperconverged-cluster-operator - v1.8.0
- [PR #2216][kubevirt-bot] Consume fresher opm tool
- [PR #2209][kubevirt-bot] Add ConsolePlugin to HCO watch list
- [PR #2185][hco-bot] Bump CDI to v1.55.2
- [PR #2180][tiraboschi] Avoid omitempty on WorkloadUpdateMethods
- [PR #2181][tiraboschi] Avoid omitempty on WorkloadUpdateMethods
- [PR #2178][hco-bot] Bump CDI to v1.55.1
- [PR #2173][hco-bot] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.12.0
- [PR #2166][hco-bot] Bump SSP to v0.16.2
- [PR #2165][kubevirt-bot] Make caches for TlsSecurityProfile on HCO and APIServer independent
- [PR #2157][hco-bot] Bump NETWORK_ADDONS to v0.79.1
- [PR #2158][kubevirt-bot] Safely consume TLSSecurityProfile from APIServer CR
- [PR #2141][kubevirt-bot] artifacts-server: fix single stack compatibility
- [PR #2093][tiraboschi] Enable PSA FG on Kubevirt
- [PR #2135][tiraboschi] Revert PSA FG on Kubevirt
- [PR #2093][tiraboschi] Enable PSA FG on Kubevirt
- [PR #2131][kubevirt-bot] Periodically refresh APIServer CR in memory
- [PR #2107][hco-bot] Bump CDI to v1.55.0
- [PR #2118][tiraboschi] Build with golang 1.19 to align with OCP 4.12
- [PR #2108][machadovilaca] Validate TLS Security Profiles have required HTTP/2 cipher
- [PR #2117][hco-bot] Bump KUBEVIRT to v0.58.0
- [PR #2106][hco-bot] Bump TTO to v0.4.1
- [PR #2089][tiraboschi] Propagate TLSSecurityProfile to Kubevirt
- [PR #2100][hco-bot] Bump NETWORK_ADDONS to v0.79.0
- [PR #2099][hco-bot] Bump KUBEVIRT to v0.58.0-rc.0
- [PR #2096][hco-bot] Update configmaps of dashboards
- [PR #2094][tiraboschi] Bump golang dependencies
- [PR #2093][tiraboschi] Enable PSA FG on Kubevirt
- [PR #2084][hco-bot] Bump KUBEVIRT to v0.57.1
- [PR #2083][hco-bot] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.12.0-3
- [PR #2081][hco-bot] Bump NETWORK_ADDONS to v0.78.0
- [PR #2074][tiraboschi] Propagate TLSSecurityProfile to CDI
- [PR #2079][tiraboschi] Propagate TLSSecurityProfile to SSP
- [PR #2078][hco-bot] Bump SSP to v0.16.1
- [PR #2067][ormergi] Remove deprecated SR-IOV live migration feature gate
- [PR #2076][hco-bot] Bump HPP to v0.14.0
- [PR #2051][tiraboschi] Expose the webhook with configured TLS config
- [PR #2073][hco-bot] Bump KUBEVIRT to v0.57.0-rc.0
- [PR #2069][CJCShadowsan] Removed unneccessary maintenance line in deploy.sh after refactoring removed maintenance from HCO.
- [PR #2065][hco-bot] Bump CDI to v1.54.0
- [PR #2064][hco-bot] Update component graphs from the nightly job
- [PR #2059][akalenyu] Enable the VMExport feature gate for kubevirt
- [PR #2061][hco-bot] Bump HPPO to v0.14.0
- [PR #2043][iholder101] Remove deprecated live migration feature gate
- [PR #2056][nunnatsa] Bump Kubevirt to version v0.56.0
- [PR #2054][orenc1] migrate to FBC in index image workflows.
- [PR #2055][hco-bot] Bump CDI to v1.53.1
- [PR #2052][hco-bot] Bump CDI to v1.53.0
- [PR #2053][hco-bot] Bump SSP to v0.16.0
- [PR #2047][hco-bot] Update Image Digests
- [PR #2040][orenc1] fix ocp4-moderate-routes-protected-by-tls compliance check fail.
- [PR #2036][tiraboschi] Comply with OCP/OKD 4.11 and 4.12 Pod Security Standards
- [PR #2035][hco-bot] Bump CDI to v1.52.0
- [PR #2034][hco-bot] Bump KUBEVIRT to v0.55.0
- [PR #2031][hco-bot] Bump KUBEVIRT to v0.55.0-rc.0
- [PR #2020][hco-bot] Bump CDI to v1.51.0
- [PR #2016][hco-bot] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.11.0
- [PR #2011][nunnatsa] Fix sw crash
- [PR #2008][nunnatsa] Fix BZ 2097465
- [PR #2004][tiraboschi] Expose a knob to let the user tune default CPU model
- [PR #1995][nunnatsa] Fix BZ-2080547
- [PR #1999][hco-bot] Bump KUBEVIRT to v0.54.0
- [PR #1987][nunnatsa] Fix BZ 2091309
- [PR #1972][Barakmor1] moving the ServiceMonitor object from the monitoring namespace to HCO's namespace
- [PR #1985][hco-bot] Bump CDI to v1.50.0
- [PR #1982][hco-bot] Bump NETWORK_ADDONS to v0.77.0
- [PR #1981][hco-bot] Bump KUBEVIRT to v0.54.0-rc.0
kubevirt: v0.53.2 -> v0.58.0
- [PR #8463][Barakmor1] Improve metrics documentation
- [PR #8282][akrejcir] Improves instancetype and preference controller revisions. This is a backwards incompatible change and introduces a new v1alpha2 api for instancetype and preferences.
- [PR #8272][jean-edouard] No more empty section in the kubevirt-cr manifest
- [PR #8536][qinqon] Don't show a failure if ConfigDrive cloud init has UserDataSecretRef and not NetworkDataSecretRef
- [PR #8375][xpivarc] Virtiofs can be used with Nonroot feature gate
- [PR #8465][rmohr] Add a vnc screenshot REST endpoint and a "virtctl vnc screenshot" command for UI and script integration
- [PR #8418][alromeros] Enable automatic token generation for VirtualMachineExport objects
- [PR #8488][0xFelix] virtctl: Be less verbose when using the local ssh client
- [PR #8396][alicefr] Add group flag for setting the gid and fsgroup in guestfs
- [PR #8476][iholder101] Allow setting virt-operator log verbosity through Kubevirt CR
- [PR #8366][rthallisey] Move KubeVirt to a 15 week release cadence
- [PR #8479][arnongilboa] Enable DataVolume GC by default in cluster-deploy
- [PR #8474][vasiliy-ul] Fixed migration failure of VMs with containerdisks on systems with containerd
- [PR #8316][ShellyKa13] Fix possible race when deleting unready vmsnapshot and the vm remaining frozen
- [PR #8436][xpivarc] Kubevirt is able to run with restricted Pod Security Standard enabled with an automatic escalation of namespace privileges.
- [PR #8197][alromeros] Add vmexport command to virtctl
- [PR #8252][fossedihelm] Add
tlsConfiguration
to Kubevirt Configuration - [PR #8431][rmohr] Fix shadow status updates and periodic status updates on VMs, performed by the snapshot controller
- [PR #8359][iholder101] [Bugfix]: HyperV Reenlightenment VMIs should be able to start when TSC Frequency is not exposed
- [PR #8330][jean-edouard] Important: If you use docker with SELinux enabled, set the
DockerSELinuxMCSWorkaround
feature gate before upgrading - [PR #8401][machadovilaca] Rename metrics to follow the naming convention
- [PR #8129][mlhnono68] Fixes virtctl to support connection to clusters proxied by RANCHER or having special paths
- [PR #8337][0xFelix] virtctl's native SSH client is now useable in the Windows console without workarounds
- [PR #8257][awels] VirtualMachineExport now supports VM export source type.
- [PR #8367][vladikr] fix the guest memory conversion by setting it to resources.requests.memory when guest memory is not explicitly provided
- [PR #7990][ormergi] Deprecate SR-IOV live migration feature gate.
- [PR #8069][lyarwood] The VirtualMachineInstancePreset resource has been deprecated ahead of removal in a future release. Users should instead use the VirtualMachineInstancetype and VirtualMachinePreference resources to encapsulate any shared resource or preferences characteristics shared by their VirtualMachines.
- [PR #8326][0xFelix] virtctl: Do not log wrapped ssh command by default
- [PR #8325][rhrazdil] Enable route_localnet sysctl option for masquerade binding at virt-handler
- [PR #8159][acardace] Add support for USB disks
- [PR #8006][lyarwood]
AutoattachInputDevice
has been added toDevices
allowing anInput
device to be automatically attached to aVirtualMachine
on start up.PreferredAutoattachInputDevice
has also been added toDevicePreferences
allowing users to control this behaviour with a set of preferences. - [PR #8134][arnongilboa] Support DataVolume garbage collection
- [PR #8157][StefanKro] TrilioVault for Kubernetes now supports KubeVirt for backup and recovery.
- [PR #8273][alaypatel07] add server-side validations for spec.topologySpreadConstraints during object creation
- [PR #8049][alicefr] Set RunAsNonRoot as default for the guestfs pod
- [PR #8107][awels] Allow VirtualMachineSnapshot as a VirtualMachineExport source
- [PR #7846][janeczku] Added support for configuring topology spread constraints for virtual machines.
- [PR #8215][alaypatel07] support validation for spec.affinity fields during vmi creation
- [PR #8071][oshoval] Relax networkInterfaceMultiqueue semantics: multi queue will configure only what it can (virtio interfaces).
- [PR #7549][akrejcir] Added new API subresources to expand instancetype and preference.
- [PR #7599][iholder101] Introduce a mechanism to abort non-running migrations - fixes "Unable to cancel live-migration if virt-launcher pod in pending state" bug
- [PR #8027][alaypatel07] Wait deletion to succeed all the way till objects are finalized in perfscale tests
- [PR #8198][rmohr] Improve path handling for non-root virt-launcher workloads
- [PR #8136][iholder101] Fix cgroups unit tests: mock out underlying runc cgroup manager
- [PR #8047][iholder101] Deprecate live migration feature gate
- [PR #7986][iholder101] [Bug-fix]: Windows VM with WSL2 guest fails to migrate
- [PR #7814][machadovilaca] Add VMI filesystem usage metrics
- [PR #7849][AlonaKaplan] [TECH PREVIEW] Introducing passt - a new approach to user-mode networking for virtual machines
- [PR #7991][ShellyKa13] Virtctl memory dump with create flag to create a new pvc
- [PR #8039][lyarwood] The flavor API and associated CRDs of
VirtualMachine{Flavor,ClusterFlavor}
are renamed to instancetype andVirtualMachine{Instancetype,ClusterInstancetype}
. - [PR #8112][AlonaKaplan] Changing the default of
virtctl expose
ip-family
parameter to be empty value instead of IPv4. - [PR #8073][orenc1] Bump runc to v1.1.2
- [PR #8092][Barakmor1] Bump the version of emicklei/go-restful from 2.15.0 to 2.16.0
- [PR #8053][alromeros] [Bug-fix]: Fix mechanism to fetch fs overhead when CDI resource has a different name
- [PR #8035][0xFelix] Add option to wrap local scp client to scp command
- [PR #7981][lyarwood] Conflicts will now be raised when using flavors if the
VirtualMachine
defines anyCPU
orMemory
resource requests. - [PR #8068][awels] Set cache mode to match regular disks on hotplugged disks.
- [PR #7336][iholder101] Introduce clone CRD, controller and API
- [PR #7791][iholder101] Introduction of an initial deprecation policy
- [PR #7875][lyarwood]
ControllerRevisions
of anyVirtualMachineFlavorSpec
orVirtualMachinePreferenceSpec
are stored during the initial start of aVirtualMachine
and used for subsequent restarts ensuring changes to the originalVirtualMachineFlavor
orVirtualMachinePreference
do not modify theVirtualMachine
and theVirtualMachineInstance
it creates. - [PR #8011][fossedihelm] Increase virt-launcher memory overhead
- [PR #7963][qinqon] Bump alpine_with_test_tooling
- [PR #7881][ShellyKa13] Enable memory dump to be included in VMSnapshot
- [PR #7926][qinqon] tests: Move main clean function to global AfterEach and create a VM per each infra_test.go Entry.
- [PR #7845][janeczku] Fixed a bug that caused
make generate
to fail when API code comments contain backticks. (#7844, @janeczku) - [PR #7932][marceloamaral] Addition of kubevirt_vmi_migration_phase_transition_time_from_creation_seconds metric to monitor how long it takes to transition a VMI Migration object to a specific phase from creation time.
- [PR #7879][marceloamaral] Faster VM phase transitions thanks to an increased virt-controller QPS/Burst
- [PR #7807][acardace] make cloud-init 'instance-id' persistent across reboots
- [PR #7928][iholder101] bugfix: node-labeller now removes "host-model-cpu.node.kubevirt.io/" and "host-model-required-features.node.kubevirt.io/" prefixes
- [PR #7841][jean-edouard] Non-root VMs will now migrate to root VMs after a cluster disables non-root.
- [PR #7933][akalenyu] BugFix: Fix vm restore in case of restore size bigger then PVC requested size
- [PR #7919][lyarwood] Device preferences are now applied to any default network interfaces or missing volume disks added to a
VirtualMachineInstance
at runtime. - [PR #7910][qinqon] tests: Create the expected readiness probe instead of liveness
- [PR #7732][acardace] Prevent virt-handler from starting a migration twice
- [PR #7594][alicefr] Enable to run libguestfs-tools pod to run as noroot user
- [PR #7811][raspbeep] User now gets information about the type of commands which the guest agent does not support.
- [PR #7590][awels] VMExport allows filesystem PVCs to be exported as either disks or directories.
- [PR #7683][alicefr] Add --command and --local-ssh-opts" options to virtctl ssh to execute remote command using local ssh method
- [PR #7757][orenc1] new alert for excessive number of VMI migrations in a period of time.
- [PR #7517][ShellyKa13] Add virtctl Memory Dump command
- [PR #7801][VirrageS] Empty (
nil
values) ofAddress
andDriver
fields in XML will be omitted. - [PR #7475][raspbeep] Adds the reason of a live-migration failure to a recorded event in case EvictionStrategy is set but live-migration is blocked due to its limitations.
- [PR #7739][fossedihelm] Allow
virtualmachines/migrate
subresource to admin/edit users - [PR #7618][lyarwood] The requirement to define a
Disk
orFilesystem
for eachVolume
associated with aVirtualMachine
has been removed. AnyVolumes
without aDisk
orFilesystem
defined will have aDisk
defined within theVirtualMachineInstance
at runtime. - [PR #7529][xpivarc] NoReadyVirtController and NoReadyVirtOperator should be properly fired.
- [PR #7465][machadovilaca] Add metrics for migrations and respective phases
- [PR #7592][akalenyu] BugFix: virtctl guestfs incorrectly assumes image name
containerized-data-importer: v1.49.0 -> v1.55.2
- [PR #2500][kubevirt-bot] BugFix: Use golang 1.18.8 for building binaries
- [PR #2489][kubevirt-bot] BugFix: update golang to 1.18.8
- [PR #2471][kubevirt-bot] BugFix: TopoLVM profile missing defaults
- [PR #2469][kubevirt-bot] BugFix: Priority of CDI SecurityContextConstraints is too high
- [PR #2459][kubevirt-bot] Add DataImportCron CronJobs Proxy support
- [PR #2452][kubevirt-bot] Add DataVolume garbage collection support for DataImportCron and DataSource
- [PR #2421][arnongilboa] Enable DataVolume garbage collection by default
- [PR #2410][mhenriks] Support Restricted PSA for worker pods
- [PR #2420][mrnold] VDDK: Add a check for the target disk in the parent backing file of the root snapshot
- [PR #2416][arnongilboa] Garbage collect a DataVolume only if RBAC allows to update its owner finalizers
- [PR #2397][Longchuanzheng] BugFix: Pass annotations from DV to PVC when smart cloning.
- [PR #2375][ShellyKa13] Fix clone datavolume with populated target PVC without source
- [PR #2364][akalenyu] Status reporting for CSI & Smart clones with WFFC storage
- [PR #2381][arnongilboa] Update DataSource LastTransitionTime when populated source PVC is updated
- [PR #2368][maya-r] Fix failure to resize when the request image size is specified in milli- scale.
- [PR #2380][arnongilboa] Use container image name in server as-is to support restricted security context
- [PR #2379][PendaGTP] Added pxd.portworx.com provisioner and volume mode block to openstorage and portworx provisionners
- [PR #2371][akalenyu] BugFix: Config controller lists routes and ingresses at cluster level instead of just in CDI namespace
- [PR #2374][orenc1] fix ocp4-moderate-routes-protected-by-tls compliance check fail for cdi-uploadproxy.
- [PR #2335][alromeros] Improve error handling when pod creation fails
- [PR #2351][mhenriks] NBDKit no longer used for .gz or .xz files
- [PR #2332][akalenyu] Cluster administrators can set TLS profiles for CDI's externally-facing components
- [PR #2331][awels] BugFix: drop all capabilities and set priviledgeEscalation: false on pods
- [PR #2350][awels] Update golang version to 1.18.3
- [PR #2310][maya-r] Improve testsuite code quality by splitting tests/utils.go into files with meaningful names
- [PR #2299][brybacki] BUG: Correct validation of source size when cloning
- [PR #2306][alromeros] Allow creating clones without source PVC
- [PR #2316][arnongilboa] Update DataImportCron CronJob if needed due to upgrade
- [PR #2279][maya-r] Allow running all makefile targets without docker installed, using podman/buildah
- [PR #2222][alromeros] Make size optional when cloning using Storage API
- [PR #2297][maya-r] Fix regression where the testsuite cannot be run if the importer image is built with an older base image (like centos 8)
- [PR #2233][arnongilboa] Garbage Collect Completed DataVolumes
- [PR #2276][ShellyKa13] Fix smart clone not updating request size if already got the requested size so expansion is not required
- [PR #2277][awels] BugFix: Modified CDICloneStrategy strings to be correct type
cluster-network-addons-operator: v0.76.1 -> v0.79.1
- [PR #1457][kubevirt-bot] Resolve audit warnings.
- [PR #1454][kubevirt-bot] bump kubemacpool to v0.39.1
- [PR #1453][kubevirt-bot] bump ovs-cni to v0.29.2
- [PR #1423][kubevirt-bot] bump macvtap-cni to v0.9.0
- [PR #1420][kubevirt-bot] bump ovs-cni to v0.28.0
- [PR #1406][kubevirt-bot] bump multus to v3.9.1
- [PR #1401][qinqon] Fix operator pod and container security context for k8s-1.25
- [PR #1403][kubevirt-bot] bump bridge-marker to 0.10.0
- [PR #1402][kubevirt-bot] bump ovs-cni to v0.27.2
- [PR #1400][kubevirt-bot] bump kubemacpool to v0.39.0
- [PR #1390][kubevirt-bot] bump ovs-cni to v0.27.1
- [PR #1387][kubevirt-bot] bump multus to v3.9
- [PR #1382][kubevirt-bot] bump macvtap-cni to v0.8.0
- [PR #1379][kubevirt-bot] bump ovs-cni to v0.27.0
- [PR #1332][maiqueb] Add the required attributes to comply with the openshift SCC API.
- [PR #1363][kubevirt-bot] bump ovs-cni to v0.26.2
- [PR #1292][rhrazdil] Block CNV upgrade if still using CNAO to deploy nmstate
ssp-operator: v0.15.0 -> v0.16.2
- [PR #439][kubevirt-bot] Rename metrics to follow Prometheus naming conventions
- [PR #435][kubevirt-bot] Update common-templates bundle to v0.24.1
- [PR #422][kubevirt-bot] Update common-templates bundle to v0.24.0
- [PR #420][kubevirt-bot] Operator properly handles missing CRDs.
- [PR #415][kubevirt-bot] SSP-Operator now supports TLS configuration through the SSP CR
- [PR #390][ksimon1] Update common-templates bundle to v0.23.4
- [PR #387][ksimon1] Update common-templates bundle to v0.23.3
- [PR #367][ksimon1] Update common-templates bundle to v0.23.2
- [PR #355][0xFelix] Allow creating DataImportCrons in custom namespaces
- [PR #354][ksimon1] Update common-templates bundle to v0.23.1
tekton-tasks-operator: v0.3.0 -> v0.4.1
- [PR #91][ksimon1] Update tekton tasks bundle to v0.12.1
- [PR #89][ksimon1] Update tekton tasks bundle to v0.12.0
- [PR #80][ksimon1] Update tekton tasks bundle to v0.11.0
- [PR #43][ksimon1] Update tekton tasks bundle to v0.9.2
hostpath-provisioner-operator: v0.13.0 -> v0.14.0
- [PR #243][maya-r] Use buildah and podman, enable building multi-arch manifests
- [PR #242][akalenyu] Cluster administrators can make crypto-related TLS configuration changes on HPP's webhook server
- [PR #234][awels] BugFix: Cleanup cleanup jobs when node selector changes.
hostpath-provisioner: v0.13.0 -> v0.14.0
vm-import-operator:
Not updated
Contributors
11 people contributed to this HCO release:
- 24 Simone Tiraboschi [email protected]
- 18 Nahshon Unna Tsameret [email protected]
- 11 Oren Cohen [email protected]
- 4 João Vilaça [email protected]
- 3 Assaf Admi [email protected]
- 1 Felix Matouschek [email protected]
- 1 Barakmor1 [email protected]
- 1 akalenyu [email protected]
- 1 Itamar Holder [email protected]
- 1 Or Mergi [email protected]
- 1 Chris Coates [email protected]
Additional Resources
- Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
- Slack: https://kubernetes.slack.com/messages/virtualization
- An easy to use demo: https://github.com/kubevirt/demo
- [How to contribute][contributing]
- [License][license]
Contributing: https://github.com/kubevirt/hyperconverged-cluster-operator/blob/main/CONTRIBUTING.md
License: https://github.com/kubevirt/hyperconverged-cluster-operator/blob/main/LICENSE