Skip to content

feat(kubevirt): move virt-handler to hostNetwork, bump 3p-kubevirt fork version#2174

Merged
yaroslavborbat merged 1 commit into
mainfrom
feat/virt-handler-to-hostnetwork
Apr 17, 2026
Merged

feat(kubevirt): move virt-handler to hostNetwork, bump 3p-kubevirt fork version#2174
yaroslavborbat merged 1 commit into
mainfrom
feat/virt-handler-to-hostnetwork

Conversation

@yaroslavborbat
Copy link
Copy Markdown
Member

@yaroslavborbat yaroslavborbat commented Mar 31, 2026
edited by Isteb4k
Loading

Description

Bumps the 3p-kubevirt fork version to include changes from deckhouse/3p-kubevirt#93 and updates Helm templates accordingly.

Changes in the kubevirt fork (3p-kubevirt#93):

  • virt-handler is moved to hostNetwork: true.
  • Metrics endpoints are protected with native Kubernetes authn/authz (RBAC) middleware — replaces the kube-rbac-proxy sidecar.
  • A kube-api-rewriter round tripper is added to virt-handler and virt-controller

Changes in Helm templates:

  • virt-handler DaemonSet is configured with hostNetwork: true via customizeComponents.patches.
  • Removed now-redundant kube-rbac-proxy sidecar for virt-handler, virt-controller, virt-api, virt-operator
  • Removed now-redundant kube-api-rewriter sidecar for virt-handler, virt-controller.
  • Added centralized port constants for all DaemonSets running with hostNetwork (virt-handler, vm-route-forge, virtualization-dra) — ports are chosen outside the KubeVirt live-migration range (4135–4199).

Why do we need it, and what problem does it solve?

Previously virt-handler ran without hostNetwork, which required a kube-rbac-proxy sidecar to secure the metrics endpoint. Moving to hostNetwork aligns virt-handler with the other node-level DaemonSets (vm-route-forge, virtualization-dra) and eliminates the extra sidecar. Native authn/authz middleware and the kube-api-rewriter round tripper built into the fork replace the proxy, reducing resource overhead and operational complexity.

What is the expected result?

  1. Deploy the module with the updated Helm templates.
  2. Verify virt-handler pods start with hostNetwork: true and no kube-rbac-proxy, kube-api-rewriter sidecar.
  3. Verify metrics are accessible and protected by RBAC.
  4. Verify live-migration still works (ports 4135–4199 are unaffected).

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: vm
type: fix
summary: "Optimized virtual machine migration: it now uses `hostNetwork`, allowing the host MTU to be used instead of the pod MTU."

@yaroslavborbat yaroslavborbat added this to the v1.8.0 milestone Mar 31, 2026
@yaroslavborbat yaroslavborbat force-pushed the feat/virt-handler-to-hostnetwork branch 4 times, most recently from 7685dbe to d20b1b3 Compare April 6, 2026 15:21
@yaroslavborbat yaroslavborbat force-pushed the feat/virt-handler-to-hostnetwork branch 3 times, most recently from 58d31a4 to 5f51f86 Compare April 14, 2026 13:50
@yaroslavborbat yaroslavborbat changed the base branch from main to fix/vm/prevent-negative-overheads April 14, 2026 13:50
Base automatically changed from fix/vm/prevent-negative-overheads to main April 14, 2026 13:58
@yaroslavborbat yaroslavborbat force-pushed the feat/virt-handler-to-hostnetwork branch 2 times, most recently from b57b1bb to eea451a Compare April 16, 2026 12:09
@yaroslavborbat yaroslavborbat changed the title bump feat(kubevirt): move virt-handler to hostNetwork, bump 3p-kubevirt fork version Apr 16, 2026
@yaroslavborbat yaroslavborbat marked this pull request as ready for review April 16, 2026 12:22
@yaroslavborbat yaroslavborbat force-pushed the feat/virt-handler-to-hostnetwork branch 5 times, most recently from 2af2b8f to 68b114d Compare April 17, 2026 11:51
@yaroslavborbat
feat(kubevirt): move virt-handler to hostNetwork, bump 3p-kubevirt fo…
13ed69b 
…rk version

Signed-off-by: Yaroslav Borbat <yaroslav.borbat@flant.com>
@yaroslavborbat yaroslavborbat force-pushed the feat/virt-handler-to-hostnetwork branch from 9c1bd91 to 13ed69b Compare April 17, 2026 12:11
@yaroslavborbat
Copy link
Copy Markdown
Member Author

yaroslavborbat commented Apr 17, 2026

deckhouse/deckhouse#19237

@yaroslavborbat yaroslavborbat merged commit cbcd0ed into main Apr 17, 2026
27 of 28 checks passed
@yaroslavborbat yaroslavborbat deleted the feat/virt-handler-to-hostnetwork branch April 17, 2026 13:52
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Apr 17, 2026
Merged
@deckhouse-BOaTswain deckhouse-BOaTswain mentioned this pull request Apr 23, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@diafour diafour diafour approved these changes

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer

@nevermarine nevermarine Awaiting requested review from nevermarine

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

Assignees

@yaroslavborbat yaroslavborbat

Labels

None yet

Projects

None yet

Milestone

v1.8.0

Development

Successfully merging this pull request may close these issues.

2 participants

@yaroslavborbat @diafour