Description of problem: Add support for configuring Root FeartureGate via HCO CR Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.$ oc get hyperconverged kubevirt-hyperconverged -n openshift-cnv -o yaml | grep -A 8 "featureGates" 2. 3. Actual results: featureGates: deployKubeSecondaryDNS: false deployTektonTaskResources: false enableCommonBootImageImport: true nonRoot: true Expected results: featureGates: deployKubeSecondaryDNS: false deployTektonTaskResources: false enableCommonBootImageImport: true Root: False Additional info: The default value for root is expected to be false
This is being request due to the following PR, https://github.com/kubevirt/kubevirt/pull/8563
I see that the NonRoot FG is still there (although deprecated): https://github.com/kubevirt/kubevirt/blob/release-0.59/pkg/virt-config/feature-gates.go#L48 Being us already in BlockerOnly phase and being this a user facing change we will keep the current API for 4.13 (NonRoot FG with default=true) and we will properly expose the new one (Root FG with default=false) with a conversion on upgrades only for 4.14.
Verified against CNV-v4.14.0.rhel9-894: root featuregate is now available and configurable via hco: =========[cloud-user@ocp-ipi-executor-xl ~]$ oc get kubevirt kubevirt-kubevirt-hyperconverged -n openshift-cnv -o json | jq ".spec.configuration.developerConfiguration.featureGates" [ "DataVolumes", "SRIOV", "CPUManager", "CPUNodeDiscovery", "Snapshot", "HotplugVolumes", "ExpandDisks", "GPU", "HostDevices", "DownwardMetrics", "NUMA", "VMExport", "DisableCustomSELinuxPolicy", "KubevirtSeccompProfile", "HotplugNICs", "VMPersistentState", "WithHostModelCPU", "HypervStrictCheck" ] [cloud-user@ocp-ipi-executor-xl ~]$ oc get hco kubevirt-hyperconverged -n openshift-cnv -o json | jq ".spec.featureGates" { "deployKubeSecondaryDNS": false, "deployTektonTaskResources": false, "disableMDevConfiguration": false, "enableCommonBootImageImport": true, "persistentReservation": false, "root": false, "withHostPassthroughCPU": false } [cloud-user@ocp-ipi-executor-xl ~]$ oc edit hco kubevirt-hyperconverged -n openshift-cnv hyperconverged.hco.kubevirt.io/kubevirt-hyperconverged edited [cloud-user@ocp-ipi-executor-xl ~]$ oc get kubevirt kubevirt-kubevirt-hyperconverged -n openshift-cnv -o json | jq ".spec.configuration.developerConfiguration.featureGates" [ "DataVolumes", "SRIOV", "CPUManager", "CPUNodeDiscovery", "Snapshot", "HotplugVolumes", "ExpandDisks", "GPU", "HostDevices", "DownwardMetrics", "NUMA", "VMExport", "DisableCustomSELinuxPolicy", "KubevirtSeccompProfile", "HotplugNICs", "VMPersistentState", "WithHostModelCPU", "HypervStrictCheck", "Root" ] [cloud-user@ocp-ipi-executor-xl ~]$ oc get hco kubevirt-hyperconverged -n openshift-cnv -o json | jq ".spec.featureGates" { "deployKubeSecondaryDNS": false, "deployTektonTaskResources": false, "disableMDevConfiguration": false, "enableCommonBootImageImport": true, "persistentReservation": false, "root": true, "withHostPassthroughCPU": false } [cloud-user@ocp-ipi-executor-xl ~]$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Important: OpenShift Virtualization 4.14.0 Images security and bug fix update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2023:6817