From 8d3324f958c84c2a716a25f9c6e84ebab0dd0378 Mon Sep 17 00:00:00 2001
From: Timofei Larkin <lllamnyp@gmail.com>
Date: Mon, 7 Jul 2025 17:21:47 +0300
Subject: [PATCH 1/2] [kubevirt-csi] Update Role of CSI controller

Following a [recent update](https://github.com/kubevirt/csi-driver/commit/0171916b01c857b091063170fdf52434ae5eeddc),
the KubeVirt CSI controller now needs new permissions to manage volumes
for tenant k8s clusters.

Signed-off-by: Timofei Larkin <lllamnyp@gmail.com>
---
 packages/apps/kubernetes/Chart.yaml                    |  2 +-
 .../templates/csi/infra-cluster-service-account.yaml   | 10 ++++++++--
 packages/apps/versions_map                             |  3 ++-
 .../system/kubevirt-csi-node/templates/deploy.yaml     |  2 +-
 packages/system/kubevirt-csi-node/values.yaml          |  2 ++
 5 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/packages/apps/kubernetes/Chart.yaml b/packages/apps/kubernetes/Chart.yaml
index a832ade1..6a954b51 100644
--- a/packages/apps/kubernetes/Chart.yaml
+++ b/packages/apps/kubernetes/Chart.yaml
@@ -16,7 +16,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.25.0
+version: 0.25.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml b/packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml
index d70ea04a..bbd6ff09 100644
--- a/packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml
+++ b/packages/apps/kubernetes/templates/csi/infra-cluster-service-account.yaml
@@ -13,11 +13,17 @@ rules:
   resources: ["datavolumes"]
   verbs: ["get", "create", "delete"]
 - apiGroups: ["kubevirt.io"]
-  resources: ["virtualmachineinstances"]
+  resources: ["virtualmachineinstances", "virtualmachines"]
   verbs: ["list", "get"]
 - apiGroups: ["subresources.kubevirt.io"]
-  resources: ["virtualmachineinstances/addvolume", "virtualmachineinstances/removevolume"]
+  resources: ["virtualmachines/addvolume", "virtualmachines/removevolume"]
   verbs: ["update"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+  resources: ["volumesnapshots"]
+  verbs: ["get", "create", "delete"]
+- apiGroups: [""]
+  resources: ["persistentvolumeclaims"]
+  verbs: ["get", "patch"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
diff --git a/packages/apps/versions_map b/packages/apps/versions_map
index 6372e513..7ec2a91f 100644
--- a/packages/apps/versions_map
+++ b/packages/apps/versions_map
@@ -54,7 +54,8 @@ kafka 0.7.0 6358fd7a
 kafka 0.7.1 4369b031
 kafka 0.8.0 HEAD
 kubernetes 0.24.0 62cb694d
-kubernetes 0.25.0 HEAD
+kubernetes 0.25.0 70f82667
+kubernetes 0.25.1 HEAD
 mysql 0.1.0 263e47be
 mysql 0.2.0 c24a103f
 mysql 0.3.0 53f2365e
diff --git a/packages/system/kubevirt-csi-node/templates/deploy.yaml b/packages/system/kubevirt-csi-node/templates/deploy.yaml
index 714c0fbf..bed710d9 100644
--- a/packages/system/kubevirt-csi-node/templates/deploy.yaml
+++ b/packages/system/kubevirt-csi-node/templates/deploy.yaml
@@ -163,7 +163,7 @@ spec:
             privileged: true
             allowPrivilegeEscalation: true
           imagePullPolicy: Always
-          image: ghcr.io/kvaps/test:kubevirt-csi-driver
+          image: {{ .Values.csiDriver.image }}
           args:
             - "--endpoint=unix:/csi/csi.sock"
             - "--node-name=$(KUBE_NODE_NAME)"
diff --git a/packages/system/kubevirt-csi-node/values.yaml b/packages/system/kubevirt-csi-node/values.yaml
index 99aa3822..957a428c 100644
--- a/packages/system/kubevirt-csi-node/values.yaml
+++ b/packages/system/kubevirt-csi-node/values.yaml
@@ -1 +1,3 @@
 storageClass: replicated
+csiDriver:
+  image: ghcr.io/cozystack/cozystack/kubevirt-csi-driver:0.25.0@sha256:445c2727b04ac68595b43c988ff17b3d69a7b22b0644fde3b10c65b47a7bc036

From d200017f74e5df5ab17d232cc201a614c1316717 Mon Sep 17 00:00:00 2001
From: Andrei Kvapil <kvapss@gmail.com>
Date: Tue, 8 Jul 2025 09:19:03 +0300
Subject: [PATCH 2/2] Automatically set image for kubevirt-csi-node

Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
---
 packages/apps/kubernetes/Makefile | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/apps/kubernetes/Makefile b/packages/apps/kubernetes/Makefile
index 190a5b0d..82ca4e8b 100644
--- a/packages/apps/kubernetes/Makefile
+++ b/packages/apps/kubernetes/Makefile
@@ -64,6 +64,8 @@ image-kubevirt-csi-driver:
 		--load=$(LOAD)
 	echo "$(REGISTRY)/kubevirt-csi-driver:$(call settag,$(KUBERNETES_PKG_TAG))@$$(yq e '."containerimage.digest"' images/kubevirt-csi-driver.json -o json -r)" \
 		> images/kubevirt-csi-driver.tag
+	IMAGE=$$(cat images/kubevirt-csi-driver.tag) \
+		yq -i '.csiDriver.image = strenv(IMAGE)' ../../system/kubevirt-csi-node/values.yaml
 	rm -f images/kubevirt-csi-driver.json