SUSE-RU-2020:3047-1: moderate: Recommended update for kubevirt

sle-updates at sle-updates at
Tue Oct 27 11:15:19 MDT 2020

   SUSE Recommended Update: Recommended update for kubevirt

Announcement ID:    SUSE-RU-2020:3047-1
Rating:             moderate
References:         ECO-2411 ECO-2415 PM-1504 SLE-11089 SLE-15935 
Affected Products:
                    SUSE Linux Enterprise Module for Containers 15-SP2

   An update that has 0 recommended fixes and contains 5
   features can now be installed.


   This update for kubevirt fixes the following issues:

   This update ships kubevirt 0.34.0 control tools to SUSE Linux Enterprise
   15 SP2. (jsc#ECO-2411)

   Update to version 0.34.0:

   * Add mirrored dependencies to WORKSPACE
   * Mark networking conformance tests
   * restore backwards compatiblity with api group/version on
     DataVolumeTemplates spec
   * Revert "move all tests to use kv config"
   * Revert "update config message to specify which resource type it is using"
   * Revert "test usage of configmap configuration"
   * Revert "update build file"
   * Revert "convert postcopy tests to use KubeVirt CR"
   * Rework logic so it is easier to understand what is happening
   * Allow PVC as volume source with a DV populating the PVC. Before this was
     not allowed because we could not be sure that the PVC was fully
     populated. This commit checks the DV to ensure the PVC is fully
   * vmi, sriov: Enable to set the PCI address on a SRIOV iface
   * Don't discard bazel platform cache on virtctl cross-compilation
   * convert postcopy tests to use KubeVirt CR
   * remove using BeforeAll in vmi configuration tests
   * generated openapi spec
   * start prom server earlier in the virt-handler process so health check
     returns without EOF error
   * change kubevirt config type MemBalloon
   * dump kubevirt cr in ci artifacts
   * cpuRequest can not be type string since when the resource is patched it
     will fail to parse the units
   * change bool to pointer to know unset vs value set to false
   * update build file
   * test usage of configmap configuration
   * update config message to specify which resource type it is using
   * move all tests to use kv config
   * virt-launcher, Add mechanism to guard add/delete events channel
   * Generated artifacts
   * Add functional tests for missing subresource RBAC rules
   * Allow admins and editors of a namespace to [un]pause a VMI
   * Add dummy status to DataVolumeTemplate objects to maintain backwards
   * Add functional test to validate api compatiblity during update
   * changed migration test to use table
   * only log event if migration is stuck during post copy migration
   * change api from MigrationMode to AllowPostCopy
   * switch to post copy migration if not completed with in
   * update openapi spec
   * add NFS migration test with postcopy
   * remove vmiHasLocalStorage function
   * fix migration tests
   * remove reject postcopy for storage test
   * remove nested vmi migration configuration
   * change usePostCopy to migrationMode
   * move when mode is set
   * allow for postcopy migration
   * maybe fix flakes test
   * vendor in 1.23.5 CDI to hand golden namespace use case
   * Validate network interface name
   * tests, utils: Check events watcher type before casting
   * Add readiness and health probes to virt-handler
   * Removes unusable fields from vm DataVolumeTemplates
   * virt-launcher, Remove unneeded log
   * virt-launcher, Remove double domain event sending
   * virt-launcher, Fix Guest Agent updates causing an event handling deadlock
   * selinux: always build KubeVirt with selinux support
   * Run make generate
   * Adjust ceph-rook focus for e2e tests
   * wrong apiVersion used for VirtualMachineRestore owner references
   * update init container unit tests to validate container-disk pre-pull
   * add container disk images also as init containers in order to guarantee
     they are pulled before virt-launcher starts
   * add '--no-op' option to container-disk entry point for pre-pull logic
   * Make the nogo check pass
   * Make kubevirt compile with bazel 3.4.1
   * Update builder image to bazel 3.4.1
   * wait for vmi-killer pod to start before moving on
   * Document basic parallel-test execution needs
   * Integrate the junit merger into the parallel functest execution
   * Add a tool to merge partial junit results
   * Don't set the namespace in the VMI factory
   * Run most of the VMI lifecycle tests in parallel
   * Run kubectl related tests in parallel
   * Hugepages are limited, run the relevant tests not in parallel
   * Make version and vm-watch tests execute in parallel
   * Don't check terminating pods if they pick up config changes
   * Run container disk tests in parallel
   * Run expose tests in parallel
   * Run probe tests in parallel
   * Allow running VMI Preset tests in parallel
   * Run most of the cloud-init tests in parallel
   * Make subresource tests part of the parallel test suite
   * Adjust subresource access tests to new test service accounts
   * Reference the default namespace directly
   * Add a skip check for a migration tests if enough nodes are available
   * Make access tests parallel executable
   * More parallel tests
   * Resolve test-namespace name in the test
   * Allow VM tests to run in parallel
   * Allow console tests to run in parallel
   * Allow the headless service tests for VMIs to run in parallel
   * Allow tests in vmi_configuration_test to run in parallel
   * Make it possible to set the number of parallel executors
   * Increase slow test threashold to 60 seconds
   * Ensure that --skip and --focus flags are only passed onces
   * Change build environment to execute ginkgo in parallel
   * Let the ginkgo reporter log where it will dump artifacts
   * Split setup and teardown code between parallel and synchronized steps
   * Consume the ginkgo binary from the vendor folder
   * Mark all tests as have to be run in serial
   * fix typos
   * docs: Update for k8s-1.18 as default provider
   * Add option to log BIOS output to serial and use it to test for bootable
   * Migrate VMI when its pod is marked for eviction
   * Intercept evictions on virt-launcher pods
   * Support testing kubevirt on RHCOS
   * Update kubevirtci to latest commit
   * create tap device: add multiqueue support to netlink
   * set vmipod cpu request based on guest vcpus and cpu_allocation_ratio
   * allow to set a cpu allocation ratio in kubevirt config
   * Test IDs for Node Placement tests
   * only focus on tests that require rook-ceph for rook-ceph lane
   * When filtering or aggregating metrics around the state label, having it
     exposed as a human readable state makes it a lot easier to understand,
     and thus, easier to get the desirable information. This PR changes
     kubevirt_vmi_vcpu_seconds' state label to a human readable string
   * libvirt: disable PXE rom on interfaces with no boot order Except for
     virtio interfaces for which a rom is implicitely loaded
   * Keep conformance artifacts on the top level
   * tap device: use netlink instead of songgao's water lib
   * netlink: update vendor folder
   * bazel: update netlink dependency
   * Release func tests on every release
   * Add missing test ids
   * Fix sync of generated client-go to master
   * flaky pause test: make long-running process longer and quieter
   * switch virtiofs tests to use datavolume
   * test that vitriofs file written in the guest is present in the pod
   * functional test to verify that virtiofs is enabled
   * update generated files
   * virtiofs requires virt-launcher selinux policy changes
   * enable virtiofsd debug logs be setting by setting virtiofsdDebugLogs
   * handle filesystem virtiofs devices
   * vmis with virtiofs require memory backing shared access
   * allow CAP_SYS_ADMIN when the experimental virtiofs is required
   * add a filesystem device schema element
   * add a memorybacking access schema element
   * Adding feature gate for experimental virtiofs support
   * selinux: allow creating VMIs on nodes without selinux
   * examples, vmi-masquerade: correct userData script
   * tests: change hostdisk tmp path to /var/provision
   * Bump kubevirtci to start testing k8s-1.19 provider
   * Fix ACPI doc string
   * Add functest for KVM hidden
   * Support hiding KVM MSR from guest
   * add snapshot APIGroup to aggregate cluster rules
   * tests, networkpolicy: Add ports 80/81 tier1 http tests
   * tests, vmi_servers: Add `HTTPServer.Start` and `TCPServer.Start` method
     to bypass LoggedIn
   * Bring openapi spec in sync
   * Fix logical error in affinity copy logic
   * Add optional validation marker for new fields
   * Update functional tests to match new object layout
   * Fix unit tests for new object layout
   * Fix injectPlacementMetadata to accept ComponentConfig objects
   * Generated Artifacts
   * Introduce ComponentConfig to contain NodePlacement
   * Functional tests exercising placement logic
   * Unit tests to ensure correctness of injectPlacementMetadata
   * Merge Affinity, Tolerations and NodeSelectors from NodePlacement to
   * Generated artifacts
   * Define NodePlacement for workloads and infra
   * Port NodePlacement from HCO
   * tests, libvmi: Add ports to InterfaceDeviceWithMasqueradeBinding
   * Add conformance automation and manifest publishing
   * SELinux: merge .cil policies and add a lot of comments
   * vnc: use generic VNC client on comments
   * vnc: remove unused FLAG const
   * tests: re-enable couple of certificate functests
   * network, tests: check IPv6 probes on dual stack network configs
   * probes, tests: provide a TCP/HTTP server running on an helper pod
   * network, tests: move the HTTP/TCP server creation to a separate file
   * probes, tests: create ready/not ready asserter functions
   * probes, tests: encapsulate VMI creation into a function
   * probes, tests: have probe creation helpers
   * tests, network: correct the string length
   * probes, tests: exclusively use cirros VMIs on the probes tests
   * network, tests: delete the leaked Jobs on the test tear down
   * network, tests: ping first, then connect on helloWorld jobs
   * network, tests: use assert / failed connectivity checks
   * network, tests: add dual stack masquerade binding service tests
   * network, tests: prepare for multiple binding / dual stack configs
   * network, tests: move services functests to dedicated module
   * tests, libvmi: provide a minimal CirrOS VMI via the libvmi factory
   * fmt updates
   * Adjust timelines and verbage to reflect feedback
   * Fix release scripts git email and name variables
   * New release documentation
   * Replace outdated release announce script with new tool
   * dual-stack, tests: actively check the cluster for dual stack conf
   * dual stack, tests: check if the cluster is dual stack
   * Add creation of bazelrc for running unnested in prow
   * virt-chroot: use sysfs node for getenforce instead of less-reliable
   * selinux: print reason why getting launcher context failed
   * network, tests: add a flag to skip a test asserting dual stack conf
   * Addressed comments
   * fix virtctl image-upload ignoring custom storage class
   * Add unit tests for Service patching
   * use informer for VirtualMachineRestores in restore webhook
   * staticcheck updates
   * don't allow creation of a VirtualMachineRestore if on is in progress
   * make VirtualMachineRestores owned by VM
   * wait for PVCs created from snapshots to be bound if not
   * Correctly check VM run strategy
   * check running/runstrategy before restoring and one additional functional
   * tighten up functional tests
   * initial functional tests for VM restore
   * restore controller generate events on completion and error
   * updates from rebase
   * add source UID to VMSnapshot status and verify source matches target
     when restoring
   * fix apiGroup handling
   * VM sestore webhook
   * restore unit tests
   * restore controller implementation
   * snapshot controller waits for no VMIs or pods using PVCs
   * add VirtualMachineRestore type and CRD
   * remove include/excludeVolumes
   * update VirtualMachineRestoreStatus object to include timestamp and error
   * add VirtualMachineRestore type and CRD
   * Fix overloaded 'v1.Patch' api field
   * Prevent delete and replace of service endpoints with ClusterIP == ""
   * Fix validation for self-signed cert and addressed comments
   * Add support for camel-case spellings of "userdata" and "networkdata"
   * tests, net: Add dual-stack checks for post migration connectivity
   * tests, net: Remove post migration connectivity workaround
   * Enhance operator functional tests to validate pods are torn down after
     kv cr is deleted
   * test: set = false for k8s 1.16
   * Add annotation
   * Unit tests to validate finalizer functionality on kubevirt objects
   * Restore ability to set finalizer on kubevirt objects
   * Unit tests to verify operator injected labels remain consistent
   * Restores operator managed by label for backwards/forwards compability
     during updates
   * Add mhenriks to approvers/reviewers list
   * introduce retryOnConflict to certificate infra test
   * tests, Make network policy tests dual stack compatible
   * make generate after git rebase
   * Workaround for a not accessible CDI dependency
   * Update cdi in client-go and manifests/testing to v 1.21
   * Run make deps-update
   * Bumped CDI version to 1.21.0
   * virt-api: allow update of VM metadata and status during VM rename process
   * Rename option --allow-intermediate-certificates to --externally-name
   * Add unit test for cert-manager
   * Add option to allow client's intermediate certs to be used in building
     up the chain of trust in cert validation for virt-handler and virt-api
   * Add options to allow users to configure certificate and key file paths
     for virt-handler, virt-controller and virt-api to accommodate varying
     rules around certificate validation.
   * Limit CriticalAddonsOnly taint to a single compute
   * Add test-id's for VMI migration and lifecycle testcases
   * Add event for vmi failed render
   * test, masquerade: Add dual stack vmi to vmi ping
   * tests, Fix Network Policy Flakiness
   * tests, Add waitForNetworkPolicyDeletion
   * tests, Add skipNetworkPolicyRunningOnKindInfra for NetworkPolicy tests
   * tests, Remove SkipIfNotUseNetworkPolicy
   * tests, expecter: Centralize expecter helpers under expecter.go and
   * Add unit tests for to make sure it won't accidentally break passing
     monitorNamespace and monitorServiceAccount parameters
   * add test_id to functional test
   * add openapi listType=atomic to patches
   * add func test for custom patches
   * add custom patches to kubevirt resources on creation
   * Fix issues of using default monitorNamespace and monitorServiceAccounta
     when those properities are not assigned
   * update: fixing and adding unit tests
   * test: add reserved hugepages
   * tests, skip migration fail test on kind ipv6 provider
   * test: add test for source in memorybacking
   * Add source in memorybacking
   * Set NUMA to use memfd
   * virt-operator: on update, roll over daemonsets first, then controllers
   * virt-operator: fix a copy-paste error
   * Add functional test for custom-port flag
   * Make use of stdout cleaner
   * Added functional test
   * Add option to run only VNC Proxy in virtctl
   * Keep a single go_test_default rule
   * Document on how to use the conformance tests
   * Add the first conformance test
   * Add wrapper binary for conformance tests
   * Detect the kubevirt install namespace dynamically
   * Fix issues that virt-operator cannot extract MonitorNamespace and
     MonitorServiceAccount from JSON.
   * tests, network: Test connectivity pre/post migration
   * tests, job: Convert WaitForJobTo* to a non-assert version.
   * Generate deepcopy for NUMA
   * add a NUMA schema element
   * Removal of unnecessary output
   * Added e2e test for unused memory metric
   * Fix virtctl build for linux-amd64
   * Adds new metric kubevirt_vmi_memory_unused_bytes

   Update to version 0.33.0:

     * Enhance operator functional tests to validate pods are torn down after
       kv cr is deleted
     * Unit tests to validate finalizer functionality on kubevirt objects
     * Restore ability to set finalizer on kubevirt objects
     * Unit tests to verify operator injected labels remain consistent
     * Restores operator managed by label for backwards/forwards compability
       during updates
     * tests, migration: Validate dual stack VMI and Pod IP/s
     * tests, make primary_pod_network dual stack compatible
     * tests, Create ValidateVMIandPodIPMatch helper
     * Turn off modules for staging.
     * Fix verifying make targets
     * Give migration kill pods a name not based on their node name
     * Fix another flaky ertificate related unit test
     * Fix matching of Makefile vars to env for goveralls
     * Output what the new error is when an api violation occurs
     * tests: adapt test-id:4153 to dual-stack cluster
     * sriov-tests, checkMacAddress: remove sequential expecter cases
     * sriov tests: Add CNI version to sriov NAD
     * removeNamespaces: add informative failure reason
     * cancel cdi deployment on sriov-lane
     * remove version from go.mod
     * Use PingFromVMConsole for ipv6 instead of trace route
     * tests, make test 1780 dual stack compatible
     * refactor virtctl image-upload args
     * tests,libvmi: Append passed options
     * Rebase on Goveralls
     * Export -mod=vendor to always use vendor
     * Update ldflag to point to right package
     * Increase memory limit for iscsi pod
     * deps-update to reflect state after rebase
     * Fix test to properly work with TLS 1.3
     * Update kubevirt builder image to use go1.13.14
     * Add required dependencies for functest image build
     * Check if new api rule violation was added
     * Pin bazel for builder
     * selinux: relabel /dev/null to container_file_t
     * selinux, virt-handler: relabel the clone device
     * selinux, virt-chroot: provide a command to relabel files
     * Add gradle install for builder to reenable swagger
     * Set libvirt to virtmaint-sig/for-kubevirt 5.0.0
     * Update builder image to include new goveralls version, remove ppc64le
     * Move coverage from travis to prow
     * Support VMI scheme multi IPs list in case of dual stack
     * Improve stability of fedora VM's login expecter
     * tests: Use new image for sriov tests
     * tests/containerdisks: add fedora-extended image
     * kubevirt/BUILD.bazel: push to cluster registry
     * containerdisks/ WORKSPACE, BUILD.bazel: add new image
     * containerdisks: add doc about container-disk images
     * Unit test to veriy migration target is cleaned when VMI is deleted
     * Unit test to ensure an error is returned if multiple container disk
       directories for the same vmi exist
     * Add unit test to verify stale clients are handled during pre migration
       target setup
     * abort migration if the vmi is deleted or in the process of being
     * Add better logging to container disk mount/unmount
     * wait for virt-handler to come back online during migration fail func
       test case
     * ensure we detect the correct pod environment during isolation
       detection when migrating
     * ensure only we're mounting/unmounting the right pod's container disk
       during migration
     * gitignore: ignore files ending with ~
     * Ensures stale local data from failed migration target is cleaned
       before attempting to migrate again
     * Functional test to validate migration failures
     * Domain XML to be logged on info level
     * Fix the test default SMBIOS testcase
     * Add custom PCI tests
     * Fix bug in virtctl upload when using PVC without any annotations. In
       this case in code the annotations map is nil, and we attempted to set
       a value in that nil map causing a crash of virtctl.
     * Allow podman for normal build steps
     * Makefile: Control timestamp addition
     * Makefile: Add timestamps to make targets
     * Makefile: Use realpath instead of shell to calculate path
     * export local provider variables to the correct location
     * no need to verify the number of depoyed nodes for local provider
     * Use proper namespace in functional test
     * Fix doc string
     * Add --security-opt label:disable to bazel server version check On
       Fedora 32 with moby this fixes an selinux issue in the imega/jq
     * Fix tests binary release
     * tests: Add phoracek to approvers
     * create-tap: improve code readability
     * selinux: update the default launcher selinux type
     * create-tap: prevent FD leaking into the tap-maker
     * selinux: run virt-handler without categories
     * selinux: networking requires escalated selinuxLauncherType
     * selinux: create the tap device using launcher selinux label
     * create-tap: add a new cmd to virt-chroot
     * network: have the launcher pid for future tap device creation
     * Create tap devices w/ multi-queue support
     * masquerade/bridge binding: use pre-provisioned tap device
     * Create tap device on virt-handler
     * functests: Refactor VMI helpers
     * tests: Update the vmi instance after creation
     * tests: configureIPv6OnVMI remove unnecessary vmi parameter
     * tests, dual-stack: configure ipv6 on dual stack cluster vmi
     * Add all the missing test-ids
     * dual-stack: IsIpv6Enabled use podInterface addresses.
     * fix typo
     * Rename managed-by label to be literal
     * Don't add empty values to KubeVirtDeploymentConfig
     * Use more consistent config access function
     * Functional tests for product related labels
     * Add ProductName and Version labels to KubeVirt objects
     * Fix flaky certificate expiration unit test
     * tests, job: Rename RenderJob to NewJob and expose new args
     * Bump kubevirtci
     * tests, job: Use status condition to detect success/failure
     * use status updater to abstract enable/disable of VM status subresource
     * have to call UpdateStatus as well as Update otherwise status does not
       get updated, duh
     * UpdateStatus was not sufficient for certain snapshot controller updates
     * tests, console_test: use safe expect batcher
     * A low value of timeout in test setup causes failure in Azure.
     * Remove hidden `make generate` invocations
     * tests: change ping to use RetValue and PromptExpression
     * Test improvements: Use job instead of pod and fail fast while waiting
       for job.
     * tests: utils.RetValue no need to pass prompt
     * Remove domain label from VMI metrics
     * network: Add network-reviewers group
     * network: Move PodIP status test to network package
     * Fix clock timezone
     * set schedulable to true to test node-controller will respond to out of
       date heartbeat
     * add e2e test for virt-handler schedulable=false
     * virt-handler mark node as unschedulable until it is able to talk with
     * tests, ping: Extend the ping helper and generalize it
     * Check if the socket exists and not if the base directory exists
     * [virt-hanlder] test probing of cmd server socket
     * [virt-handler] test contanerDisk readiness checks
     * tests: [test_id:1778] remove redundant `sudo` and wait for prompt
     * tests: ExpectBatchWithValidatedSend error on BatchExpect other than
     * [virt-handler] wait for containerDisks to become ready
     * [virt-handler] let virt-handler probe for virt-launcher readiness
     * [virt-launcher] Replace --readiness-file logic with socket moving
     * [virt-controller] Remove readiness probes and --readiness-file flag
     * Remove exec readiness probe on the containerDisk container
     * tests, ping: Use tests.PingFromVMConsole directly
     * tests, ping: Move the ping helper to the tests package
     * Add test approvers
     * Let prow run make generate instead of travis
     * tests: avoid line wrap on fedora console
     * tests, Fix test 1780 of vmi_networking_test.go
     * Unit test for ensuring local cleanup of vmi does not occur on non
       finalized vmi
     * Do not perform local cleanup of vmi until vmi is in a finalized state
     * network: Add dedicated network tests module
     * Add support to configure vmi disk I/O mode options
     * Add openapi validatior unit tests
     * tests: Remove redundant string declarment in RetValue arguments
     * tests: Rename tests.Retcode to tests.RetValue
     * test: Fix flaky test for "A long running process"
     * test: Removing redundent \n send from test_id:1779
     * test: Fix falkiness in guest memory failing tests and skip failing one
     * tests: Add missing `\n` to expect.BSnd to test_id:1753
     * Shorten the release job exectuion time on travis
     * k8s-reporter: get all config-map
     * tests: `GenerateHelloWorldServer` use `ExpectBatchWithValidatedSend`
     * tests: Avoid squential expect.BExp in test_id:1778
     * tests: Remove un-needed \n send from "Checking console text" expecter
     * tests: using `Retcode` to check the result of "echo $?"
     * tests: Changing `retcode` to contain the prompt
     * tests: Using ExpectBatchWithValidatedSend instead of
     * test: Configure console on login
     * tests: Intorduce safe ExpectBatchWithValidatedSend
     * Bump kubevirtci to support dual stack on k8s-1.18
     * Let virt-operator roll out the status subresource activation
     * Enable the status subresource feature for the CRDs
     * Let virt-controller use the new UpdateStatus client functions
     * Make use of the /status subresource in the virt-api subresources
     * Add validation webhooks for /status updates
     * Add status updater helper functions
     * Add UpdateStatus and PatchStatus to the kubevirt client
     * vmiMetrics struct was recreated with better attributes
     * tests: Create containerdisk sub-package
     * tests: Create flags sub-package
     * Give the VM rename operation more time to create a new VM
     * Expose guest swap metrics
     * Use 'kill' instead of 'killall' for libvirtd in func test

   Update to version 0.32.0:

     * Shorten the release job exectuion time on travis
     * libvirt expects memory value in bytes to be provided with correct units
     * Bump kubevirtci
     * flaky-finder: fix leading pipe bug
     * tests: skip dmidecode tests on ipv6 lanes
     * code inspection changes
     * Add unit test to verify domain resync period
     * Add resync period for syncing domains in virt-handler from each
     * tests: fix string equality tests
     * tests, vmi_config: Fix expecter false positives In these tests,
       BExp-ecting "pass" always worked,   because the command line was
       matched. Splitting the word in 2 on the command line ensures   the
       match to happen (or not) in the result. Also removed unused 'fail'
     * virtctl cli error handling
     * Re-enabling test pointing to #2272

Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Containers 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2020-3047=1

Package List:

   - SUSE Linux Enterprise Module for Containers 15-SP2 (x86_64):



More information about the sle-updates mailing list