From ab5eae3fbca38837023bbfbb4780c119c0c39c81 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Wed, 9 Jul 2025 18:57:08 +0200 Subject: [PATCH] [kubevirt] Update KubeVirt v1.5.2 Signed-off-by: Andrei Kvapil --- .../templates/kubevirt-operator.yaml | 103 ++++++++++++++---- 1 file changed, 82 insertions(+), 21 deletions(-) diff --git a/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml b/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml index aa170001..b6761454 100644 --- a/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml +++ b/packages/system/kubevirt-operator/templates/kubevirt-operator.yaml @@ -594,6 +594,13 @@ spec: If set to true, migrations will still start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB triggers. Defaults to false type: boolean + allowWorkloadDisruption: + description: |- + AllowWorkloadDisruption indicates that the migration shouldn't be + canceled after acceptableCompletionTime is exceeded. Instead, if + permitted, migration will be switched to post-copy or the VMI will be + paused to allow the migration to complete + type: boolean bandwidthPerMigration: anyOf: - type: integer @@ -606,8 +613,8 @@ spec: completionTimeoutPerGiB: description: |- CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. - If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, - the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150 + If the timeout is reached, the migration will be either paused, switched + to post-copy or cancelled depending on other settings. Defaults to 150 format: int64 type: integer disableTLS: @@ -965,17 +972,17 @@ spec: type: object type: object vmRolloutStrategy: - description: VMRolloutStrategy defines how changes to a VM object - propagate to its VMI + description: |- + VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory, + tolerations, and affinity, are propagated from a VM to its VMI. enum: - Stage - LiveUpdate nullable: true type: string vmStateStorageClass: - description: |- - VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. - The storage class must support RWX in filesystem mode. + description: VMStateStorageClass is the name of the storage class + to use for the PVCs created to preserve VM state, like TPM. type: string webhookConfiguration: description: |- @@ -3851,6 +3858,13 @@ spec: If set to true, migrations will still start in pre-copy, but switch to post-copy when CompletionTimeoutPerGiB triggers. Defaults to false type: boolean + allowWorkloadDisruption: + description: |- + AllowWorkloadDisruption indicates that the migration shouldn't be + canceled after acceptableCompletionTime is exceeded. Instead, if + permitted, migration will be switched to post-copy or the VMI will be + paused to allow the migration to complete + type: boolean bandwidthPerMigration: anyOf: - type: integer @@ -3863,8 +3877,8 @@ spec: completionTimeoutPerGiB: description: |- CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take. - If a live-migration takes longer to migrate than this value multiplied by the size of the VMI, - the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150 + If the timeout is reached, the migration will be either paused, switched + to post-copy or cancelled depending on other settings. Defaults to 150 format: int64 type: integer disableTLS: @@ -4222,17 +4236,17 @@ spec: type: object type: object vmRolloutStrategy: - description: VMRolloutStrategy defines how changes to a VM object - propagate to its VMI + description: |- + VMRolloutStrategy defines how live-updatable fields, like CPU sockets, memory, + tolerations, and affinity, are propagated from a VM to its VMI. enum: - Stage - LiveUpdate nullable: true type: string vmStateStorageClass: - description: |- - VMStateStorageClass is the name of the storage class to use for the PVCs created to preserve VM state, like TPM. - The storage class must support RWX in filesystem mode. + description: VMStateStorageClass is the name of the storage class + to use for the PVCs created to preserve VM state, like TPM. type: string webhookConfiguration: description: |- @@ -7141,6 +7155,7 @@ rules: resources: - virtualmachinesnapshots - virtualmachinesnapshots/status + - virtualmachinesnapshots/finalizers - virtualmachinesnapshotcontents - virtualmachinesnapshotcontents/status - virtualmachinesnapshotcontents/finalizers @@ -7193,15 +7208,18 @@ rules: - kubevirt.io resources: - virtualmachines/finalizers + - virtualmachineinstances/finalizers verbs: - update - apiGroups: - subresources.kubevirt.io resources: + - virtualmachines/stop - virtualmachineinstances/addvolume - virtualmachineinstances/removevolume - virtualmachineinstances/freeze - virtualmachineinstances/unfreeze + - virtualmachineinstances/reset - virtualmachineinstances/softreboot - virtualmachineinstances/sev/setupsession - virtualmachineinstances/sev/injectlaunchsecret @@ -7305,6 +7323,14 @@ rules: verbs: - list - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - get + - delete - apiGroups: - kubevirt.io resources: @@ -7416,6 +7442,7 @@ rules: - virtualmachineinstances/freeze - virtualmachineinstances/unfreeze - virtualmachineinstances/softreboot + - virtualmachineinstances/reset - virtualmachineinstances/sev/setupsession - virtualmachineinstances/sev/injectlaunchsecret verbs: @@ -7435,7 +7462,6 @@ rules: - virtualmachines/restart - virtualmachines/addvolume - virtualmachines/removevolume - - virtualmachines/migrate - virtualmachines/memorydump verbs: - update @@ -7452,7 +7478,6 @@ rules: - virtualmachineinstances - virtualmachineinstancepresets - virtualmachineinstancereplicasets - - virtualmachineinstancemigrations verbs: - get - delete @@ -7462,6 +7487,14 @@ rules: - list - watch - deletecollection +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch - apiGroups: - snapshot.kubevirt.io resources: @@ -7565,6 +7598,7 @@ rules: - virtualmachineinstances/freeze - virtualmachineinstances/unfreeze - virtualmachineinstances/softreboot + - virtualmachineinstances/reset - virtualmachineinstances/sev/setupsession - virtualmachineinstances/sev/injectlaunchsecret verbs: @@ -7584,7 +7618,6 @@ rules: - virtualmachines/restart - virtualmachines/addvolume - virtualmachines/removevolume - - virtualmachines/migrate - virtualmachines/memorydump verbs: - update @@ -7601,7 +7634,6 @@ rules: - virtualmachineinstances - virtualmachineinstancepresets - virtualmachineinstancereplicasets - - virtualmachineinstancemigrations verbs: - get - delete @@ -7610,6 +7642,14 @@ rules: - patch - list - watch +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - get + - list + - watch - apiGroups: - snapshot.kubevirt.io resources: @@ -7788,6 +7828,25 @@ rules: - get - list - watch +- apiGroups: + - subresources.kubevirt.io + resources: + - virtualmachines/migrate + verbs: + - update +- apiGroups: + - kubevirt.io + resources: + - virtualmachineinstancemigrations + verbs: + - get + - delete + - create + - update + - patch + - list + - watch + - deletecollection - apiGroups: - authentication.k8s.io resources: @@ -7833,6 +7892,8 @@ spec: type: RollingUpdate template: metadata: + annotations: + openshift.io/required-scc: restricted-v2 labels: kubevirt.io: virt-operator name: virt-operator @@ -7861,14 +7922,14 @@ spec: - virt-operator env: - name: VIRT_OPERATOR_IMAGE - value: quay.io/kubevirt/virt-operator:v1.4.0 + value: quay.io/kubevirt/virt-operator:v1.5.2 - name: WATCH_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - name: KUBEVIRT_VERSION - value: v1.4.0 - image: quay.io/kubevirt/virt-operator:v1.4.0 + value: v1.5.2 + image: quay.io/kubevirt/virt-operator:v1.5.2 imagePullPolicy: IfNotPresent name: virt-operator ports: