From 52e89fa8a2610bf4b15d5b253ec936285d6c124b Mon Sep 17 00:00:00 2001 From: Dmitry Lopatin Date: Wed, 27 May 2026 19:28:13 +0300 Subject: [PATCH 1/6] feat: add support new network plugin Signed-off-by: Dmitry Lopatin --- build/components/versions.yml | 2 +- images/virt-artifact/werf.inc.yaml | 12 ++++++++++++ images/virt-handler/werf.inc.yaml | 6 ++++++ .../pkg/controller/kvbuilder/kvvm.go | 10 +++++++++- templates/kubevirt/kubevirt.yaml | 5 +++++ 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/build/components/versions.yml b/build/components/versions.yml index 73b02b11e0..512ffd8f97 100644 --- a/build/components/versions.yml +++ b/build/components/versions.yml @@ -3,7 +3,7 @@ firmware: libvirt: v10.9.0 edk2: stable202411 core: - 3p-kubevirt: v1.6.2-v12n.50 + 3p-kubevirt: feat/vm/disable-tap-veth-bridge 3p-containerized-data-importer: v1.60.3-v12n.20 distribution: 2.8.3 package: diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 0d75ebb629..3eff6cb5ad 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -13,8 +13,10 @@ secrets: - id: SOURCE_REPO value: {{ $.SOURCE_REPO }} shell: + installCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" install: - | + echo "$date --------- new ---- 123456789 " echo "Git clone {{ $gitRepoName }} repository..." git clone --depth=1 $(cat /run/secrets/SOURCE_REPO)/{{ $gitRepoUrl }} --branch {{ $tag }} /src/kubevirt @@ -28,6 +30,8 @@ altPackages: - pkg-config - libtool - gcc-c++ +- clang +- libbpf-devel packages: - libmnl - ncurses @@ -113,6 +117,7 @@ shell: - export GOOS=linux - export GOARCH=amd64 - export CGO_ENABLED=0 + - export BPF_CLANG=clang - echo ============== Build container-disk =================== {{- $_ := set $ "ProjectName" (list .ImageName "container-disk" | join "/") }} @@ -201,6 +206,13 @@ shell: - | {{- include "image-build.build" (set $ "BuildCommand" `go build -ldflags="-s -w" -o /kubevirt-binaries/sidecars ./cmd/sidecars/`) | nindent 6 }} + - echo ============== Build bpf_bridge.o ===================== + {{- $_ := set $ "ProjectName" (list $.ImageName "bpf-bridge-obj" | join "/") }} + - mkdir -p /kubevirt-binaries/network-bpf-bridge-binding-assets + - | + {{- include "image-build.build" (set $ "BuildCommand" `clang -O2 -g -target bpf -I/usr/include -c ./pkg/network/bpfbridge/bpf/bpf_bridge.c -o /kubevirt-binaries/network-bpf-bridge-binding-assets/bpf_bridge.o`) | nindent 6 }} + - echo "Built bpf object:" && ls -l /kubevirt-binaries/network-bpf-bridge-binding-assets/ && file /kubevirt-binaries/network-bpf-bridge-binding-assets/bpf_bridge.o || true + - echo ============== Build virtctl ========================== {{- $_ := set $ "ProjectName" (list .ImageName "virtctl" | join "/") }} - | diff --git a/images/virt-handler/werf.inc.yaml b/images/virt-handler/werf.inc.yaml index 760e013749..be325737b8 100644 --- a/images/virt-handler/werf.inc.yaml +++ b/images/virt-handler/werf.inc.yaml @@ -31,6 +31,12 @@ import: after: install includePaths: - .version +- image: {{ .ModuleNamePrefix }}virt-artifact + add: /kubevirt-binaries/network-bpf-bridge-binding-assets/ + to: /usr/share/network-bpf-bridge-binding + after: install + includePaths: + - bpf_bridge.o - image: {{ .ModuleNamePrefix }}virt-artifact add: /kubevirt/cmd/{{ .ImageName }}/ to: /etc diff --git a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go index c03765de14..0d94cdb388 100644 --- a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go +++ b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go @@ -94,6 +94,10 @@ func DefaultOptions(current *v1alpha2.VirtualMachine) KVVMOptions { } } +func (b *KVVM) Options() KVVMOptions { + return b.opts +} + func NewEmptyKVVM(name types.NamespacedName, opts KVVMOptions) *KVVM { return &KVVM{ opts: opts, @@ -811,7 +815,11 @@ func (b *KVVM) SetNetworkInterface(name, macAddress string, acpiIndex int) { Model: devPreset.InterfaceModel, ACPIIndex: acpiIndex, } - iface.Bridge = &virtv1.InterfaceBridge{} + if name == "default" { + iface.Binding = &virtv1.PluginBinding{Name: "bpfbridge"} + } else { + iface.Bridge = &virtv1.InterfaceBridge{} + } if macAddress != "" { iface.MacAddress = macAddress } diff --git a/templates/kubevirt/kubevirt.yaml b/templates/kubevirt/kubevirt.yaml index 01d4228c8c..1d774a9c47 100644 --- a/templates/kubevirt/kubevirt.yaml +++ b/templates/kubevirt/kubevirt.yaml @@ -39,6 +39,11 @@ spec: {{- end }} evictionStrategy: LiveMigrate vmRolloutStrategy: LiveUpdate + network: + binding: + bpfbridge: + domainAttachmentType: tap + migration: {} developerConfiguration: logVerbosity: virtLauncher: {{ $logVerbosity }} From 67062472fb22a73f11f1e56ecb9802d3ca15e4e6 Mon Sep 17 00:00:00 2001 From: MaxiHunter Date: Thu, 28 May 2026 17:10:12 +0300 Subject: [PATCH 2/6] Build commit Signed-off-by: Maksim Garmonov Signed-off-by: Dmitry Lopatin --- images/virt-artifact/werf.inc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 3eff6cb5ad..773a81cb2b 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -16,7 +16,7 @@ shell: installCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" install: - | - echo "$date --------- new ---- 123456789 " + echo "$date --------- new ----- 123456789987 " echo "Git clone {{ $gitRepoName }} repository..." git clone --depth=1 $(cat /run/secrets/SOURCE_REPO)/{{ $gitRepoUrl }} --branch {{ $tag }} /src/kubevirt From 771a4a6a0fe90ba8ce94c28627e1993a36b40a2e Mon Sep 17 00:00:00 2001 From: Dmitry Lopatin Date: Sun, 7 Jun 2026 21:03:46 +0300 Subject: [PATCH 3/6] feat: add support new network plugin Signed-off-by: Dmitry Lopatin --- .../pkg/controller/kvbuilder/kvvm.go | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go index 0d94cdb388..a33c670f52 100644 --- a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go +++ b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go @@ -814,12 +814,9 @@ func (b *KVVM) SetNetworkInterface(name, macAddress string, acpiIndex int) { Name: name, Model: devPreset.InterfaceModel, ACPIIndex: acpiIndex, + Binding: &virtv1.PluginBinding{Name: "bpfbridge"}, } - if name == "default" { - iface.Binding = &virtv1.PluginBinding{Name: "bpfbridge"} - } else { - iface.Bridge = &virtv1.InterfaceBridge{} - } + if macAddress != "" { iface.MacAddress = macAddress } From d0e069a0aa6aa02b6e607e6a80474452c7486f88 Mon Sep 17 00:00:00 2001 From: Dmitry Lopatin Date: Sun, 7 Jun 2026 21:47:56 +0300 Subject: [PATCH 4/6] wip Signed-off-by: Dmitry Lopatin --- images/virt-artifact/werf.inc.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 773a81cb2b..435de27d9b 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -16,7 +16,7 @@ shell: installCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" install: - | - echo "$date --------- new ----- 123456789987 " + echo "$date --------- new ----- 1234567899876543210 " echo "Git clone {{ $gitRepoName }} repository..." git clone --depth=1 $(cat /run/secrets/SOURCE_REPO)/{{ $gitRepoUrl }} --branch {{ $tag }} /src/kubevirt From dce64781acee369cc554fbf180b0861974ef791c Mon Sep 17 00:00:00 2001 From: Dmitry Lopatin Date: Tue, 23 Jun 2026 15:22:25 +0300 Subject: [PATCH 5/6] feat: add support new network plugin Signed-off-by: Dmitry Lopatin --- .../pkg/common/annotations/annotations.go | 2 ++ .../virtualization-artifact/pkg/controller/kvbuilder/kvvm.go | 4 ---- .../pkg/controller/vm/internal/sync_kvvm.go | 4 +++- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/images/virtualization-artifact/pkg/common/annotations/annotations.go b/images/virtualization-artifact/pkg/common/annotations/annotations.go index b72fa48663..2d3ab4e336 100644 --- a/images/virtualization-artifact/pkg/common/annotations/annotations.go +++ b/images/virtualization-artifact/pkg/common/annotations/annotations.go @@ -209,6 +209,8 @@ const ( AnnNetworksSpec = "network.deckhouse.io/networks-spec" // AnnNetworksStatus is the annotation for view current network configuration into Pod. AnnNetworksStatus = "network.deckhouse.io/networks-status" + // AnnTapProvisionByDVPSupported is the annotation that indicates DVP supports TAP provision for the Pod. + AnnTapProvisionByDVPSupported = "network.deckhouse.io/tap-provision-by-dvp-supported" // AnnVirtualDiskOriginalAnnotations is the annotation for storing original VirtualDisk annotations. AnnVirtualDiskOriginalAnnotations = AnnAPIGroupV + "/vd-original-annotations" diff --git a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go index a33c670f52..9a6d31f2e7 100644 --- a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go +++ b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm.go @@ -94,10 +94,6 @@ func DefaultOptions(current *v1alpha2.VirtualMachine) KVVMOptions { } } -func (b *KVVM) Options() KVVMOptions { - return b.opts -} - func NewEmptyKVVM(name types.NamespacedName, opts KVVMOptions) *KVVM { return &KVVM{ opts: opts, diff --git a/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go b/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go index 373fce051d..4d36535bf2 100644 --- a/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go +++ b/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go @@ -1182,7 +1182,8 @@ func (h *SyncKvvmHandler) patchPodNetworkAnnotation(ctx context.Context, s state return nil, fmt.Errorf("failed to serialize network spec: %w", err) } - if pod.Annotations[annotations.AnnNetworksSpec] == networkConfigStr { + if pod.Annotations[annotations.AnnNetworksSpec] == networkConfigStr && + pod.Annotations[annotations.AnnTapProvisionByDVPSupported] == "" { return desired, nil } @@ -1191,6 +1192,7 @@ func (h *SyncKvvmHandler) patchPodNetworkAnnotation(ctx context.Context, s state pod.Annotations = make(map[string]string) } pod.Annotations[annotations.AnnNetworksSpec] = networkConfigStr + pod.Annotations[annotations.AnnTapProvisionByDVPSupported] = "" if err := h.client.Patch(ctx, pod, patch); err != nil { return nil, fmt.Errorf("failed to patch pod %s network annotation: %w", pod.Name, err) } From 9d20d010e2bea822edcdeab33bc76906471d6670 Mon Sep 17 00:00:00 2001 From: Dmitry Lopatin Date: Tue, 23 Jun 2026 20:15:19 +0300 Subject: [PATCH 6/6] fix Signed-off-by: Dmitry Lopatin --- images/virt-artifact/werf.inc.yaml | 4 +--- .../pkg/controller/kvbuilder/kvvm_utils.go | 1 + .../pkg/controller/vm/internal/sync_kvvm.go | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml index 435de27d9b..37fd89dfed 100644 --- a/images/virt-artifact/werf.inc.yaml +++ b/images/virt-artifact/werf.inc.yaml @@ -13,10 +13,9 @@ secrets: - id: SOURCE_REPO value: {{ $.SOURCE_REPO }} shell: - installCacheVersion: "{{ now | date "Mon Jan 2 15:04:05 MST 2006" }}" install: - | - echo "$date --------- new ----- 1234567899876543210 " + echo "rebuild 93" echo "Git clone {{ $gitRepoName }} repository..." git clone --depth=1 $(cat /run/secrets/SOURCE_REPO)/{{ $gitRepoUrl }} --branch {{ $tag }} /src/kubevirt @@ -211,7 +210,6 @@ shell: - mkdir -p /kubevirt-binaries/network-bpf-bridge-binding-assets - | {{- include "image-build.build" (set $ "BuildCommand" `clang -O2 -g -target bpf -I/usr/include -c ./pkg/network/bpfbridge/bpf/bpf_bridge.c -o /kubevirt-binaries/network-bpf-bridge-binding-assets/bpf_bridge.o`) | nindent 6 }} - - echo "Built bpf object:" && ls -l /kubevirt-binaries/network-bpf-bridge-binding-assets/ && file /kubevirt-binaries/network-bpf-bridge-binding-assets/bpf_bridge.o || true - echo ============== Build virtctl ========================== {{- $_ := set $ "ProjectName" (list .ImageName "virtctl" | join "/") }} diff --git a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm_utils.go b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm_utils.go index 1a8d899961..ee09d8a717 100644 --- a/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm_utils.go +++ b/images/virtualization-artifact/pkg/controller/kvbuilder/kvvm_utils.go @@ -653,5 +653,6 @@ func setNetworksAnnotation(kvvm *KVVM, networkSpec network.InterfaceSpecList) er return err } kvvm.SetKVVMIAnnotation(annotations.AnnNetworksSpec, networkConfigStr) + kvvm.SetKVVMIAnnotation(annotations.AnnTapProvisionByDVPSupported, "true") return nil } diff --git a/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go b/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go index 4d36535bf2..74d075f740 100644 --- a/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go +++ b/images/virtualization-artifact/pkg/controller/vm/internal/sync_kvvm.go @@ -1183,7 +1183,7 @@ func (h *SyncKvvmHandler) patchPodNetworkAnnotation(ctx context.Context, s state } if pod.Annotations[annotations.AnnNetworksSpec] == networkConfigStr && - pod.Annotations[annotations.AnnTapProvisionByDVPSupported] == "" { + pod.Annotations[annotations.AnnTapProvisionByDVPSupported] == "true" { return desired, nil } @@ -1192,7 +1192,7 @@ func (h *SyncKvvmHandler) patchPodNetworkAnnotation(ctx context.Context, s state pod.Annotations = make(map[string]string) } pod.Annotations[annotations.AnnNetworksSpec] = networkConfigStr - pod.Annotations[annotations.AnnTapProvisionByDVPSupported] = "" + pod.Annotations[annotations.AnnTapProvisionByDVPSupported] = "true" if err := h.client.Patch(ctx, pod, patch); err != nil { return nil, fmt.Errorf("failed to patch pod %s network annotation: %w", pod.Name, err) }