kubevirt/hyperconverged-cluster-operator v1.18.0 on GitHub

This release follows v1.17.1 and consists of 184 changes, leading to 3028 files changed, 282264 insertions(+), 106584 deletions(-).

The source code and selected binaries are available for download at: https://github.com/kubevirt/hyperconverged-cluster-operator/releases/tag/v1.18.0.

The primary release artifact of hyperconverged-cluster-operator is the git tree. The release tag is
signed and can be verified using git tag -v v1.18.0.

Pre-built containers are published on Quay and can be viewed at: https://quay.io/kubevirt/.

Notice: this version introduces the new v1 API version for the HyperConverged custom resource. This API version is not backward compatible. This version contains a conversion webhook so the v1beta1 api version is still usable. However, Kubernetes behavior when having two version, is to use the latest one if not specified, and that may break things.

It is required to use the full versioned type name when working with v1beta1. For example, in yaml files, this is part of the file (in the apiVersion filed. But when reading, patching or editing from command line, it should be used similar to this:

oc get hyperconvergeds.v1beta1.hco.kubevirt.io -n kubevirt-hyperconverged kubevirt-hyperconverged -o yaml

Notable changes

hyperconverged-cluster-operator - v1.18.0

[PR #4349][hco-bot] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.22.1
[PR #4343][kubevirt-bot] Set the default architecture in the KubeVirt CR
[PR #4339][kubevirt-bot] Label HCP worker nodes with node-role.kubevirt.io/control-plane rather than node-role.kubernetes.io/control-plane
[PR #4334][hco-bot] Bump AAQ to v1.8.0
[PR #4331][nunnatsa] fix CNV-90394: many resources are not deleted when deleting
[PR #4322][nunnatsa] fix CNV-90394: many resources are not deleted when deleting
[PR #4332][nunnatsa] Bump HPP and HPPO to v0.25.2
[PR #4320][hco-bot] Bump KUBEVIRT to v1.8.4
[PR #4280][hco-bot] Bump MIGRATION_OPERATOR to v0.2.0
[PR #4279][hco-bot] Bump AUTOPILOT to v0.0.10
[PR #4275][hco-bot] Bump WASP_AGENT to v1.2.2
[PR #4265][hco-bot] Bump MIGRATION_CONTROLLER to v0.2.2
[PR #4233][hco-bot] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.22.1-rc.0
[PR #4222][kubevirt-bot] HCO now supports setting ChangedBlockTrackingLabelSelectors for controlling CBT opt-in for VMs
[PR #4217][nunnatsa] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.22.0
[PR #4210][kubevirt-bot] Fix bug in the validatingAdmissionPolicy and API v1
[PR #4207][hco-bot] Bump VIRT_TEMPLATE to v0.1.8
[PR #4193][lyarwood] Enable the KubeVirt PCINUMAAwareTopology feature gate when the deployAIE annotation is set on the HyperConverged CR
[PR #4190][hco-bot] Bump HPP to v0.25.0
[PR #4064][frenzyfriday] Always enable LiveUpdateNADRef
[PR #4187][hco-bot] Bump KUBEVIRT to v1.8.2
[PR #4185][hco-bot] Bump AUTOPILOT to v0.0.9
[PR #4184][hco-bot] Bump MIGRATION_CONTROLLER to v0.2.1
[PR #4171][nunnatsa] Fix the perses controller
[PR #4183][hco-bot] Bump HPPO to v0.25.1
[PR #4180][hco-bot] Bump INFLIGHT_OPERATIONS to v0.0.6
[PR #4172][lyarwood] Fix iommufd-device-plugin SCC to allow projected volumes for service account token mounts
[PR #4170][hco-bot] Bump HPPO to v0.25.0
[PR #4165][orenc1] Add ipStackType to kubevirt-ui-features ConfigMap
[PR #4141][lyarwood] Deploy iommufd-device-plugin DaemonSet alongside the AIE webhook to provide IOMMUFD file descriptors for GPU/PCI passthrough on modern kernels
[PR #4162][hco-bot] Bump INFLIGHT_OPERATIONS to v0.0.5
[PR #4154][hco-bot] Bump CDI to v1.65.0
[PR #4153][hco-bot] Bump AIE_WEBHOOK to v1.1.0
[PR #4151][hco-bot] Bump NETWORK_ADDONS to v0.102.0
[PR #4147][hco-bot] Bump KUBEVIRT to v1.8.1
[PR #4096][mansam] Onboard InFlightOperations
[PR #4144][hco-bot] Bump MIGRATION_OPERATOR to v0.2.0-rc.1
[PR #4143][nunnatsa] Avoid DataImportCron leftovers
[PR #4111][enp0s3] wasp-agent: rollback upon existance of OCP swap annotation
[PR #4142][hco-bot] Bump KUBEVIRT to v1.8.0
[PR #4139][hco-bot] Bump NETWORK_ADDONS to v0.102.0-rc-0
[PR #4054][lyarwood] Add AIE (Accelerated Infrastructure Enablement) webhook support as an HCO-managed operand. Enable via the hco.kubevirt.io/deployAIEWebhook annotation on the HyperConverged CR. Configure launcher image replacement rules by editing the kubevirt-aie-launcher-config ConfigMap directly.
[PR #4124][nunnatsa] Fix endpoints when TLS min version is 1.3
[PR #4120][nunnatsa] Set the TLS configurations in the MigController CR
[PR #4116][hco-bot] Bump MIGRATION_OPERATOR to v0.2.0-rc.0
[PR #4113][nunnatsa] * rename spec.storage.storageWorkloads => spec.storage.workloadResourceRequirements
[PR #4112][hco-bot] Bump KUBEVIRT to v1.8.0-rc.1
[PR #4108][nunnatsa] Complete the refactoring of API v1
[PR #4100][nunnatsa] V1 API: Group the virtualization configuration fields under the new spec.virtualization field
[PR #4056][mhenriks] Add ContainerPathVolumes feature gate
[PR #4098][hco-bot] Bump AUTOPILOT to v0.0.8
[PR #4095][nunnatsa] API v1: refactor node placement
[PR #4074][orenc1] Add an option to opt-out from kubevirt RBAC aggregation through HCO CR
[PR #4089][Barakmor1] Add missing GuestEffectiveResources counting config for aaq
[PR #4080][orenc1] Expose HypervisorConfigurations to HyperConveged CR
[PR #4087][hco-bot] Update component graphs from the nightly job
[PR #4079][nunnatsa] Refactor the feature gate structure in API v1
[PR #4086][hco-bot] Bump AUTOPILOT to v0.0.6
[PR #4081][hco-bot] Bump KUBEVIRT to v1.8.0-rc.0
[PR #4071][nunnatsa] The following field were dropped from v1 API, as they are deprecated in v1beta1:
[PR #4066][tiraboschi] Onboard virt-platform-autopilot
[PR #4063][nunnatsa] Added a conversion webhook to allow using v1 and v1beta1 simultaneously
[PR #4046][nunnatsa] Introduce the new API version v1
[PR #4050][nirdothan] Conditionally enable the PasstBinding feature gate.
[PR #4048][hco-bot] Bump NODE_DRIVER_REG to v2.16.0
[PR #4043][hco-bot] Bump CSI_SNAPSHOT to v8.5.0
[PR #4041][hco-bot] Bump LIVENESS_PROBE to v2.18.0
[PR #4037][nunnatsa] Set the TLSSecurityprofile field in the AAQ CR
[PR #4039][hco-bot] Bump NETWORK_ADDONS to v0.101.2
[PR #4030][hco-bot] Update component graphs from the nightly job
[PR #4020][ShellyKa13] Expose UtilityVolumes and IncrementalBackup feature gates in HCO
[PR #4036][avlitman] revert changing cluster:vmi_request_cpu_cores:sum recording rule name to cluster:kubevirt_hco_vmi_request_cpu_cores:sum
[PR #4033][hco-bot] Bump AAQ to v1.8.0-alpha.0
[PR #4026][avlitman] kubevirt_hyperconverged_operator_health_status is deprecated in favor of cluster:kubevirt_hco_operator_health_status:count, in order to comply with the recording rules naming conventions.
[PR #4016][awels] Decentralized live migration feature gate default is now true
[PR #4015][orenc1] Support Two Node + Arbiter cluster configuration
[PR #4010][nunnatsa] Set the TLS security profile in the apiserver-proxy
[PR #4007][nunnatsa] Don't use the deprecated KubeVirt's DisableMDEVConfiguration feature gate. Use the spec.configuration.mediatedDevicesConfiguration.enabled field instead.
[PR #4006][nunnatsa] Don't set the MuliArchitecture FG in the KV CR
[PR #4005][hco-bot] Bump KUBEVIRT to v1.8.0-beta.0
[PR #4004][hco-bot] Bump MIGRATION_CONTROLLER to v0.1.0
[PR #4003][hco-bot] Bump MIGRATION_OPERATOR to v0.1.0
[PR #4000][hco-bot] Bump KUBEVIRT_CONSOLE_PLUGIN to v4.21.0
[PR #3998][hco-bot] Bump KUBEVIRT to v1.8.0-alpha.0
[PR #3993][nunnatsa] Bump KUBEVIRT_CONSOLE_PROXY to v0.0.11
[PR #3984][hco-bot] Bump AAQ to v1.7.0
[PR #3936][Ronilerr] Refactor metrics docs
[PR #3965][hco-bot] Bump MIGRATION_OPERATOR to v0.0.14
[PR #3962][hco-bot] Bump SSP to v0.25.0
[PR #3953][orenc1] Use dedicated service accounts for UI pods
[PR #3961][hco-bot] Bump MIGRATION_CONTROLLER to v0.0.3
[PR #3957][hco-bot] Bump NETWORK_ADDONS to v0.101.1
[PR #3954][tiraboschi] Correctly detect obsolete descheduler profile
[PR #3946][nunnatsa] Fix issue with validating admission policy
[PR #3835][sradco] Add a Node Memory Overview Perses Dashboard
[PR #3933][nunnatsa] Bump HCO to 1.18

kubevirt: v1.7.1 -> v1.8.4

[PR #17987][Ronilerr] Adding missing metrics, recording rules and alerts for virt components
[PR #17962][UdayYendva] Bump github.com/moby/spdystream from v0.5.0 to v0.5.1 to address CVE-2026-35469 (GHSA-pc3f-x583-g7j2).
[PR #18059][kubevirt-bot] Use --expand-cpu-features and --supported-cpu-features in node-labeller for
[PR #18031][SamAlber] Fixed a gRPC connection leak in virt-handler's GetLauncherClient that caused unbounded memory growth, socket accumulation, and goroutine leaks when multiple controllers raced to create connections for the same VMI.
[PR #17988][kubevirt-bot] Fix symlink traversal in VMExport dir handler
[PR #17876][nirdothan] Fixed VMI status reporting the pod's IPv6 address instead of the guest's when using bridge binding on a network with IPv6 IPAM.
[PR #17660][kubevirt-bot] Updated virt-template to v0.1.8
[PR #17745][kubevirt-bot] Fixed virt-controller DRA claim rendering for GPU/HostDevice resources by preserving per-device claim/request tuples (including shared claim names with different requests).
[PR #17863][fossedihelm] Fixed multi-device VFIO passthrough VMs failing to start with "cannot limit locked memory" by scaling virt-handler's memlock rlimit to account for per-device memory locking, matching libvirt's calculation introduced in v8.7.0.
[PR #17823][kubevirt-bot] Fix VirtualMachineStuckOnNode and VMCannotBeEvicted alerts failing during live migration due to duplicate kubevirt_vmi_info series
[PR #17727][mhenriks] Gate PCI topology on machine type, not just architecture
[PR #17761][kubevirt-bot] Bug fix: virt-operator error messages no longer dump entire resource structs via %+v, preventing the KubeVirt CR from exceeding the etcd 3MB object size limit when resource creation fails
[PR #17658][dshchedr] Fixed GuestPanicked event details for non-root virt-launcher
[PR #17765][kubevirt-bot] fix: cross-namespace live migration now works on IPv6 clusters
[PR #17738][kubevirt-bot] Fix VM with PCI hostdev failing to restart after hotplug block volume
[PR #17706][avlitman] multiple recording rules are deprecated in favor of new names, in order to comply with the recording rules naming conventions. kubevirt_vm_created_total recording rule and kubevirt_vm_created_by_pod_total metric are deprecated completely
[PR #17646][kubevirt-bot] Fixed virt-api truncating deep subresources (vnc/screenshot, sev/*, evacuate/cancel) when constructing SubjectAccessReviews, causing authorization checks against incorrect subresource names.
[PR #17631][kubevirt-bot] VEP-10: bug fixes for DRA Devices to align kubevirt implementation to KEP-5304
[PR #17590][sbiradar10] Bump google.golang.org/grpc to 1.79.3 to remediate CVE GHSA-p77j-4mvh-x3m3
[PR #17612][kubevirt-bot] Fix: GuestAgentPing liveness/readiness probes no longer cause Kubernetes to restart the virt-launcher pod when the guest agent is temporarily unreachable for a non-fault reason; suppression covers live migration (both pre-copy target and post-copy source) and any intentional or transient VM pause such as user pause, snapshot, save, or dump.
[PR #17525][kubevirt-bot] Remove vnc/screenshot from kubevirt.io:edit
[PR #17499][kubevirt-bot] Bug-fix: virt-handler now detects when domain-notify.sock is deleted and automatically restarts the notify server.
[PR #17465][kubevirt-bot] Fixed SMBIOS system information not being visible inside ARM64 guest VMs
[PR #17439][kubevirt-bot] fix hotplug volume status being stuck in Detaching phase
[PR #17346][kubevirt-bot] Fixed migration not reporting succeeded when doing compute migration after decentralized live migration
[PR #17443][kubevirt-bot] fix: VirtualMachineBackup printer columns (Type, CheckpointName) now display correctly in kubectl output
[PR #17436][akalenyu] fix: correctly handle source resolution for disks with a qcow2 overlay, preventing incorrect disk expansion and wrong cache/IO mode detection.
[PR #17376][kubevirt-bot] Bug fix: sync-controller healthz server and virt-exportserver now respect TLSConfiguration from the KubeVirt CR.
[PR #17428][kubevirt-bot] preserve annotation for restore pvc
[PR #17378][laxmi-333] Fix s390x VM creation failure caused by unsupported pcie-root-port controllers from v3 PCI topology changes
[PR #17373][kubevirt-bot] Fixes bug in Live NAD Ref Update feature where a VM with no interfaces/networks is unable to start when LiveNADRefUpdate FG is enabled.
[PR #17396][dankenigsberg] VMs with backend storage volume use and report the volume name as persistent-state-for-this-vm rather than trying to embed the vm name in the volume name.
[PR #17267][kubevirt-bot] bug-fix: restart virt-handler's domain-notify server on unexpected exit.
[PR #17236][kubevirt-bot] fix VMExport failure with long PVC names
[PR #17006][kubevirt-bot] BugFix: VMs requiring enlightenment are now able to be live migrated after a decentralized live migration
[PR #17145][kubevirt-bot] Fixed an infinite VMI status update loop between virt-controller and virt-handler that occurred when the VMI spec listed the primary network interface after a secondary one.
[PR #17058][mhenriks] Fix PCI address stability across upgrades with v3 hotplug port topology
[PR #17061][ShellyKa13] fix: Prevent stale VMI backup status update when reusing backup names
[PR #17075][kubevirt-bot] Handle migration during backup according to migration priority
[PR #17077][kubevirt-bot] VEP-10: Update DRA devices implementation to read from metadata file instead of VMI status
[PR #17017][kubevirt-bot] Expose Memory Overhead on VMI Status behind VmiMemoryOverheadReport feature gate
[PR #16952][kubevirt-bot] Allow disabling Velero hooks in virt-launcher via Annotation
[PR #17018][mresvanis] Add PCIe NUMA-aware topology placement for GPU and host devices behind the PCINUMAAwareTopology feature gate (Alpha). When enabled, devices are automatically placed on PCIe expander buses matching their NUMA affinity for improved performance.
[PR #16986][kubevirt-bot] Use defined deployment number of replicas as base to fire low count alerts
[PR #16987][kubevirt-bot] Subtract non-schedulable nodes from kubevirt_allocatable_nodes
[PR #16993][frenzyfriday] Allows the user to update the NAD reference (networkName) of a network on a running VM through Live Migration.
[PR #16977][orenc1] Add a new config option to opt-out RBAC aggregation
[PR #16687][0xFelix] feat: virtctl gained new virt-template / VirtualMachineTemplate related commands (process, create and convert)
[PR #16662][mhenriks] VEP 165: Containerpath Volumes
[PR #16821][nirdothan] Remove network-attachment-definition get permissions from virt-controller ClusterRole conditioned by a feature gate.
[PR #16643][kwonkwonn] Bug-fix: Correctly detect CDI and Prometheus crds, preventing to misinterpret with different objects.
[PR #16528][Acedus] Fix: live-migration with CBT no longer fails on virtual disk size evaluation errors.
[PR #16426][Acedus] Handle CBT backup abort requests and failures
[PR #16582][lyarwood] Add initial CentOS Stream 10 build support with KUBEVIRT_CENTOS_STREAM_VERSION environment variable, these builds will be untested until v1.9.0 and beyond
[PR #16833][akalenyu] BugFix: storage migration fails with Google Cloud NetApp Volumes
[PR #16820][nirdothan] Support seamless migration with core passt binding (beta).
[PR #16655][0xFelix] Support for the deployment of virt-template through virt-operator was added (VEP76)
[PR #16666][iholder101] Expose guest panic as a Kubernetes event
[PR #16791][lyarwood] Bug fix: VIRT_*_IMAGE environment variable overrides on the virt-operator deployment are now correctly propagated to component deployments (virt-controller, virt-handler, etc.). Previously, changing these env vars had no effect due to the image values being excluded from the install strategy deployment ID hash.
[PR #16802][lyarwood] PrefixTargetName is now allowed as a VolumeNamePolicy for VirtualMachineClone
[PR #16778][Acedus] fix: domain job completion events would not be processed if the domain was paused due to an I/O error.
[PR #16579][MarSik] A VMI.spec.domain.rebootPolicy field can be used to control the method the domain uses to handle reboots originating from inside the VM. Either the hypervisor processes the reboot silently behind the scenes (default) or the user can opt-in to a more visible behavior, where the hypervisor terminates the domain and lets kubevirt to handle the restart according to the runStrategy rules.
[PR #16466][Ronilerr] Fix LowReadyVirtOperatorsCount use running instead of up and changing kubevirt_virt_operator_ready to use sum and * instead of count and +
[PR #16734][orelmisan] An admin can disable the NAD query logic and use network-resources-injector instead to have less API calls
[PR #16653][noamasu] Replaced QuiesceFailed with QuiesceTimeout indication and added 60s Velero pre-backup hook timeout to better handle Windows VSS limitations.
[PR #16642][orelmisan] Existing VMs that retain the legacy ordinal naming scheme for secondary interfaces are automatically upgraded without a reboot.
[PR #16448][ShellyKa13] Incremental backups supported after VM restart by redefining checkpoints metadata in libvirt
[PR #16621][akalenyu] BugFix: vmsnapshot: report volumes being deleted
[PR #16645][Ronilerr] Fix grammar mistakes
[PR #16370][iholder101] Feature gates can now become explicitly disabled using kv.spec.configuration.developerConfiguration.disabledFeatureGates.
[PR #16366][elliot-gustafsson] Let libvirt lookup the actual disk size if block device to ensure compatibility with encrypted disks.
[PR #16229][noamasu] Bugfix: Label memorydump-created PVCs to support CDI WebhookPvcRendering
[PR #16637][awels] BugFix: Decentralized live migration between volumes with different volumeModes now successfully completes
[PR #16705][kubevirt-bot] Updated common-instancetypes bundles to v1.6.0
[PR #16512][awels] Decentralized Live Migration now has a separate condition in VMI and VMIM to indicate any issues
[PR #16489][lyarwood] Add new PrefixTargetName VolumeRestorePolicy for VirtualMachineRestore that creates restored volume names using the format {targetVMName}-{volumeName}. This provides predictable, readable names while avoiding collisions when restoring snapshots to different target VMs.
[PR #16404][iholder101] Add missing "Direct" and "Extended" options to Hyperv TLBFlush
[PR #16491][lyarwood] virt-operator now configures client rate limiting (default: 200 QPS / 400 burst) to improve reconciliation performance when processing large numbers of objects. Rate limits can be customized via --client-qps and --client-burst flags or VIRT_OPERATOR_CLIENT_QPS and VIRT_OPERATOR_CLIENT_BURST environment variables.
[PR #16600][woojoong88] Fix block volume hotplug breaking autoattachVSOCK
[PR #15898][bgartzi] Network downward API network-info includes mac addresses
[PR #16558][fossedihelm] The MigrationPriorityQueue feature gate has been promoted from Alpha to Beta.
[PR #16585][Sreeja1725] Preserve VM Specific fields during update
[PR #16326][harshitgupta1337] Introduce HypervisorConfigurations field in the KubevirtConfiguration CRD.
[PR #16527][lukashes] Fixed missing object context in client-go log output after changing verbosity.
[PR #16510][ShellyKa13] Apply CBT to a hotplug volume
[PR #16212][Barakmor1] Add target-side premigration hook system
[PR #16511][Ronilerr] Refactor doc-generator
[PR #16498][lyarwood] Fix ResourceVersion conflicts in VM reconciliation when instancetype controller modifies Status. The instancetype controller now properly propagates ResourceVersion from PatchStatus responses, preventing conflicts in subsequent UpdateStatus calls.
[PR #16220][lyarwood] The DisableMDEVConfiguration feature gate is now deprecated ahead of removal in a future release in favour of a new kubevirt.spec.configuration.mediatedDevicesConfiguration.enabled configurable
[PR #16488][lyarwood] VirtualMachineClone API now includes VolumeNamePolicy field to control volume cloning behavior.
[PR #14661][oujonny] Add tolerations for unschedulable taints to hot-plug pods
[PR #15113][alromeros] Label memory-dump PVCs to support CDI WebhookPvcRendering
[PR #16463][akalenyu] BugFix: migration metrics missing
[PR #16024][Sreeja1725] Scale up KWOK performance test and add virt-controller queue metrics
[PR #16453][nirdothan] Macvtap core binding has been removed.
[PR #16456][orelmisan] The discontinued core SLIRP binding has been completely removed.
[PR #16329][dasionov] Prevent false restart-required conditions when the VM and corresponding VMI already share the same firmware UUID.
[PR #16429][Acedus] fix: DataVolumeTemplates with a sourceRef of a DataSource that points to another DataSource now correctly resolves the backing source.
[PR #15975][sradco] kubevirt_vmi_migration_data_total_bytes is deprecated in favor of kubevirt_vmi_migration_data_bytes_total, in order to comply with the metrics naming conventions.
[PR #15278][sradco] Report allocated CPU and memory requests as simplified metrics with source="guest_effective" label , showing final values after applying instance types, preferences, and hierarchy.```
[PR #16342][sradco] New VirtLauncherPodsStuckFailed alert
[PR #15237][sradco] The KubeVirtVMGuestMemoryPressure
[PR #16351][sradco] Fix bug in GuestFilesystemAlmostOutOfSpace, that fired for non relevant file system types.
[PR #16391][frenzyfriday] Limits the number of guest only interfaces reported on the VMI status to 10. This does not affect the interfaces specified on the spec.
[PR #16336][akalenyu] Maintenance: fix release branches potentially failing over identical remote images existing on nodes
[PR #16280][dsanatar] deprecate --persist flag from virtctl add/remove volume
[PR #16285][ShellyKa13] Add support for incremental VM backups
[PR #15815][dsanatar] Add Ephemeral Hotplug Volume Metric and Alert
[PR #16354][akalenyu] Maintenance: windows lane: W/A wrong nfs image SEEK_DATA impl
[PR #15992][Aseeef] * Fixed a bug in socket devices that resulted in clusters making use of the Persistent Reservations feature not properly updating their current health.
[PR #16355][Sreeja1725] Improve boolean flag formatting to parse it correctly.
[PR #16343][ShellyKa13] BugFix: Don't modify VMI CBT status when feature gate is disabled
[PR #16333][Acedus] fix: ensure VMI CBT state remains disabled when the VM has no CBT matcher.
[PR #16174][dominikholler] Update dependecy golang.org/x/crypto to v0.45.0
[PR #16242][orelmisan] Omit LLA from the status report when using masquerade binding.
[PR #16081][ShellyKa13] VMBackup: introduce new VM backup API
[PR #16173][dominikholler] Update dependecy github.com/opencontainers/selinux to v1.13.0
[PR #16060][dasionov] bugfix: prevent cross-vendor migrations
[PR #15821][SamAlber] Add event logging for pause and unpause VM operations to align with other VM lifecycle events such as reset
[PR #15868][frank-gen] VirtualMachinePool now correctly appends index to CloudInit secret references when appendIndexToSecretRefs: true is set, enabling unique cloud-init configurations for each VM in the pool.
[PR #15913][germag] The EnableVirtioFsConfigVolumes feature has graduated to GA and no longer requires the associated feature gate to be enabled.
[PR #15863][HarshithaMS005] Test Fix: make Alpine ISO mount checks architecture-agnostic
[PR #16122][dasionov] Document allowed values for spec.runStrategy.
[PR #16159][dsanatar] Don't use attachment pods marked for deletion for hotplug volume status updates.
[PR #15442][dsanatar] Allow VMExport with PVCs from Completed Pods
[PR #15949][xpivarc] Migration is using dedicated certificate for mTLS.
[PR #16049][fossedihelm] fix: KSM is enabled in case of node pressure within 3 minutes
[PR #15922][ShellyKa13] Introduce new API - UtilityVolumes - direct virt-launcher attachment mechanism
[PR #14892][xpivarc] kubevirt.io/cpumanager label is advertised for nodes capable of running dedicated VMs.
[PR #15694][Barakmor1] Allow migration when host model changes after libvirt upgrade.
[PR #15969][dsanatar] Add RestartRequired when detaching CD-ROMs from a running VM
[PR #15714][machadovilaca] Add GuestFilesystemAlmostOutOfSpace alerts
[PR #15957][xpivarc] Introduce a new subresource /evacuate/cancel and virtctl evacuate-cancel command to allow users to cancel the evacuation process for a VirtualMachineInstance (VMI). This clears the evacuationNodeName field in the VMI's status, stopping the automatic creation of migration resources and fully aborting the eviction cycle.
[PR #16023][lyarwood] The MultiArchitecture feature gate has been deprecated and is no longer used to determine if VirtualMachines with a differing architecture to the control plane should be rejected by the admission webhooks
[PR #15405][dasionov] Reject stop requests for paused VMIs. A paused VMI must be unpaused before it can be stopped.
[PR #15716][awels] A decentralized live migration failure is properly propagates between source and target
[PR #15374][xpivarc] NodeRestriction: Source of node update is now verified
[PR #16050][xpivarc] Bug fix: KubeVirt.spec.imagetag installation is working again
[PR #15968][sradco] Recording rule kubevirt_vmi_vcpu_count name changes to vmi:kubevirt_vmi_vcpu:count
[PR #15166][Sreeja1725] Introduce pool.kubevirt.io/v1beta1
[PR #15409][noamasu] VMSnapshot: add SourceIndications status field to list snapshot indications with descriptions for clearer meaning.
[PR #15934][jschintag] Promote IBM Secure Execution Feature to Beta stage.
[PR #15767][awels] BugFix: The migration limit was not accurately being used with decentralized live migrations
[PR #15970][jean-edouard] The KubevirtSeccompProfile feature is now in Beta
[PR #15960][Barakmor1] promote ImageVolume FG to Beta
[PR #15638][Sreeja1725] VMPool: Add support for auto-healing startegy
[PR #15604][Sreeja1725] VMpool: Add Scale-in strategy support with Proactive, opportunistic modes and statePreservation
[PR #15529][Yu-Jack] support v0.32.5 code generator

containerized-data-importer: v1.64.0 -> v1.65.0

[PR #4010][halfcrazy] Add hash validation for DataVolume HTTP/HTTPS import sources.
[PR #4054][dsanatar] Inherit Storage Class for Scratch Space PVCs instead of using default sc
[PR #4061][noamasu] Snapshot clone no longer gets permanently stuck in CloneFromSnapshotSourceInProgress when the snapshot is not immediately ReadyToUse
[PR #4032][dsanatar] RWX Capability for HPP Overlay
[PR #4067][jholm117] Set EnableServiceLinks=false on CDI worker pods to prevent "argument list too long" failures in namespaces with many Services.
[PR #4056][Hazanel] CDI importer and uploader pods can now use a custom ServiceAccount by
[PR #4058][Acedus] GCE persistent disk StorageProfile now supports RWO Filesystem.
[PR #4052][akalenyu] Enhancement: use headless service for upload server
[PR #4044][arnongilboa] Add StorageProfile "Recognized" status condition, explaining if the provisioner or the storage class parameters are not recognized by CDI
[PR #4033][Acedus] fix: cdi-operator and cdi-deployment metrics-server now correctly inherit TLS options from the CDI TLSSecrutiyProfile.
[PR #4039][dsanatar] Fix cert collection to include pem certs
[PR #4046][akalenyu] BugFix: Use an uncached client for webhooks, cache only PVs with transform
[PR #4040][aglitke] Reduce DataVolume status update conflicts when multiple controllers act on the same resource by using patch instead of update
[PR #4038][avlitman] kubevirt_cdi_clone_pods_high_restart, kubevirt_cdi_import_pods_high_restart, kubevirt_cdi_upload_pods_high_restart and kubevirt_cdi_operator_up are deprecated in favor of cluster:kubevirt_cdi_clone_pods_high_restart:count, cluster:kubevirt_cdi_import_pods_high_restart:count, cluster:kubevirt_cdi_upload_pods_high_restart:count and cluster:kubevirt_cdi_operator_up:sum, in order to comply with the recording rules naming conventions.
[PR #3991][noamasu] Add provisioner-aware VolumeSnapshotClass selection and RWO access mode for DataImportCron
[PR #4008][akalenyu] Enhancement: Expose advised restore size for cron snapshot sources cdi.kubevirt.io/storage.import.advisedRestoreSize
[PR #4004][akalenyu] Maintenance: release-note tool refactored bash->go with added functionality
[PR #4005][Ronilerr] Refactor metrics docs
[PR #4009][mrnold] VDDK: Correctly check snapshot parent backing info for VirtualDiskFlatVer2BackingInfo and VirtualDiskRawDiskMappingVer1BackingInfo types.
[PR #3841][akalenyu] BugFix: unset namespace selector on webhooks to allow cloud provider mutation
[PR #3993][Acedus] Build CDI with Bazel 6.5.0 and Go 1.24.0

cluster-network-addons-operator: v0.101.2 -> v0.102.0

[PR #2655][kubevirt-bot] bump kubevirt-ipam-controller to v0.6.0
[PR #2648][ormergi] Bump golangci lint
[PR #2650][kubevirt-bot] bump kubemacpool to v0.50.0-33-g58057a2
[PR #2647][ormergi] CI: Add TLS compliance verification for all services deployed by the project.
[PR #2636][RamLavi] vendor: Bump go to 1.25
[PR #2642][kubevirt-bot] bump kubemacpool to v0.50.0-32-g0c32241
[PR #2594][isning] Added support for configuring spec.multusDynamicNetworks.hostCRISocketPath in the NetworkAddonsConfig API. This allowed the MultusDynamicNetworks plugin to work in clusters where the container runtime socket is located at a non-default path (for example, containerd installations or crio using custom socket locations).
[PR #2635][RamLavi] Remove kube-rbac-proxy image
[PR #2607][oshoval] Fixed stale deepcopy in the shared API package that could corrupt the informer cache.
[PR #1209][qinqon] Bump go deps:
[PR #2634][kubevirt-bot] bump kubemacpool to v0.50.0-27-g8eddc53
[PR #2630][kubevirt-bot] bump kubevirt-ipam-controller to v0.6.0-rc1
[PR #2615][ormergi] Wire kubevirt-ipam-contoller TLS settings to NetworkAddonsConfig TLSProfile
[PR #2625][kubevirt-bot] bump kubemacpool to v0.50.0-25-g5727cd1
[PR #2622][RamLavi] cnao: Replace kube-rbac-proxy with native TLS metrics serving
[PR #2613][RamLavi] components/Kubemacpool: Bump kube-rbac-proxy TLS
[PR #2623][kubevirt-bot] bump kubemacpool to v0.50.0-24-g0a04ee1
[PR #2621][kubevirt-bot] bump kubevirt-ipam-controller to v0.6.0-rc0
[PR #2618][RamLavi] Grant CNAO operator 'use' on managed SCCs
[PR #2616][kubevirt-bot] bump kubemacpool to v0.50.0-23-gf23ff7b
[PR #2602][RamLavi] Limit scope on CNAO operand SCCs to CNAO namespace
[PR #2609][qinqon] Align CNAO TLS profiles with OpenShift 4.22 (Mozilla TLS guidelines v5.7) and default to Modern (TLS 1.3)
[PR #2593][avlitman] kubevirt_cnao_cr_kubemacpool_aggregated, kubevirt_cnao_kubemacpool_manager_up and kubevirt_cnao_operator_up are deprecated in favor of cluster:kubevirt_cnao_cr_kubemacpool_deployed:sum, cluster:kubevirt_cnao_kubemacpool_manager_up:sum and cluster:kubevirt_cnao_operator_up:sum, in order to comply with the recording rules naming conventions.
[PR #2597][kubevirt-bot] bump multus to v4.2.4
[PR #2596][kubevirt-bot] bump kubevirt-ipam-controller to v0.5.0-rc0
[PR #2592][RamLavi] Dedup kubemacpool metric scraping
[PR #2591][kubevirt-bot] bump kubemacpool to v0.50.0-18-gcf11f30
[PR #2582][kubevirt-bot] bump kubemacpool to v0.50.0-14-g84e6a06
[PR #2577][kubevirt-bot] bump kubemacpool to v0.50.0-13-gbb19bc2
[PR #2511][RamLavi] Remove bin/user_setup script and add its content to a Dockerfile RUN command.
[PR #2543][Ronilerr] Refactor metrics docs
[PR #2552][kubevirt-bot] bump kubemacpool to v0.50.0-5-gddd51f2
[PR #2544][kubevirt-bot] bump macvtap-cni to v0.13.1
[PR #2551][kubevirt-bot] bump kubemacpool to v0.50.0-4-g947b83e
[PR #2528][RamLavi] Deprecate alert KubeMacPoolDuplicateMacsFound
[PR #2538][kubevirt-bot] bump bridge-marker to 0.13.0
[PR #2533][kubevirt-bot] bump kubemacpool to v0.49.0-21-g98628f1
[PR #2526][kubevirt-bot] bump kubemacpool to v0.49.0-20-g48cec85

ssp-operator: v0.24.1 -> v0.25.0

[PR #1624][dominikholler] Update dependecy github.com/go-openapi/swag to v0.25.4
[PR #1619][dominikholler] Update dependecy cel.dev/expr to v0.25.1
[PR #1604][dominikholler] Update dependecy github.com/kubevirt/monitoring/pkg/metrics/parser to v0.0.0-20251102092204-7f098051a939
[PR #1591][dominikholler] Update dependecy github.com/onsi/ginkgo/v2 to v2.27.1
[PR #1586][dominikholler] Update dependecy github.com/google/pprof to v0.0.0-20251007162407-5df77e3f7d1d
[PR #1578][dominikholler] Update dependecy go.yaml.in/yaml/v2 to v3
[PR #1563][dominikholler] Update dependecy kubevirt.io/containerized-data-importer-api to v1.63.1
[PR #1543][dominikholler] Update dependecy github.com/kubevirt/monitoring/pkg/metrics/parser to v0.0.0-20250922142608-a4b5158834c7
[PR #1512][akrejcir] Create PodDisruptionBudget for template validator.
[PR #1513][akrejcir] Set SSP pod imagePullPolicy to IfNotPresent.
[PR #1485][akrejcir] fix: Creates reference DataSources also for custom DataImportCrons.
[PR #1470][0xFelix] Listen on separate ports for metrics and webhooks in template-validator.

hostpath-provisioner-operator: v0.24.0 -> v0.25.2

[PR #715][kubevirt-bot] fix device path comparison in mounter
[PR #700][kubevirt-bot] Daemonset now uses TLS for metrics
[PR #682][kubevirt-bot] remove unused snapshotPath API
[PR #673][dsanatar] fix snapshot path for csi overlay
[PR #663][dsanatar] update operator yaml to include storageclass rbac
[PR #653][dsanatar] Support for Overlay CSI
[PR #654][avlitman] kubevirt_hpp_operator_up is deprecated in favor of cluster:kubevirt_hpp_operator_up:sum, in order to comply with the recording rules naming conventions.
[PR #652][Ronilerr] Refactor metrics docs

hostpath-provisioner: v0.24.0 -> v0.25.2

[PR #513][kubevirt-bot] Add TLS for metrics on controller
[PR #483][dsanatar] Add support for Snapshot/Restore
[PR #484][avlitman] kubevirt_hpp_operator_up is deprecated in favor of cluster:kubevirt_hpp_operator_up:sum, in order to comply with the recording rules naming conventions.
[PR #482][Ronilerr] Refactor metrics docs

vm-import-operator:

Not updated

Contributors

22 people contributed to this HCO release:

48 Nahshon Unna Tsameret 60659093+nunnatsa@users.noreply.github.com
9 renovate[bot] 29139614+renovate[bot]@users.noreply.github.com
6 Oren Cohen ocohen@redhat.com
4 Lee Yarwood lyarwood@redhat.com
3 Simone Tiraboschi stirabos@redhat.com
3 Roni Rabinovitz rrabinov@redhat.com
2 Aviv Litman 64130977+avlitman@users.noreply.github.com
2 dsionov dsionov@redhat.com
2 Samuel Lucidi sam@samlucidi.com
2 Barak Mordehai 91669950+Barakmor1@users.noreply.github.com
1 João Vilaça machadovilaca@gmail.com
1 Ananya Banerjee anbanerj@redhat.com
1 Felix Matouschek fmatouschek@redhat.com
1 Ugo Palatucci upalatuc@redhat.com
1 Michael Henriksen mhenriks@redhat.com
1 Ramon Lobillo Mateos 62110535+rlobillo@users.noreply.github.com
1 Shelly Kagan skagan@redhat.com
1 dependabot[bot] 49699333+dependabot[bot]@users.noreply.github.com
1 Alexander Wels awels@redhat.com
1 Nir Dothan ndothan@redhat.com
1 ibezukh ibezukh@redhat.com
1 Shirly Radco sradco@redhat.com

Additional Resources

Mailing list: https://groups.google.com/forum/#!forum/kubevirt-dev
Slack: https://kubernetes.slack.com/messages/virtualization
An easy to use demo: https://github.com/kubevirt/demo
[How to contribute][contributing]
[License][license]

Contributing: https://github.com/kubevirt/hyperconverged-cluster-operator/blob/main/CONTRIBUTING.md

License: https://github.com/kubevirt/hyperconverged-cluster-operator/blob/main/LICENSE