From 6731209f730e1806edde5066dd645036545220cf Mon Sep 17 00:00:00 2001 From: Fabian Wiesel Date: Tue, 10 Mar 2026 14:33:44 +0100 Subject: [PATCH 1/4] Missing helmify run --- charts/kvm-node-agent/crds/hypervisor-crd.yaml | 4 ++++ charts/kvm-node-agent/values.yaml | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/kvm-node-agent/crds/hypervisor-crd.yaml b/charts/kvm-node-agent/crds/hypervisor-crd.yaml index 0bb4608..469e131 100644 --- a/charts/kvm-node-agent/crds/hypervisor-crd.yaml +++ b/charts/kvm-node-agent/crds/hypervisor-crd.yaml @@ -458,6 +458,10 @@ spec: hardwareVendor: description: HardwareVendor type: string + kernelCommandLine: + description: KernelCommandLine contains the raw kernel boot parameters + from /proc/cmdline. + type: string kernelName: description: KernelName type: string diff --git a/charts/kvm-node-agent/values.yaml b/charts/kvm-node-agent/values.yaml index 4c7a130..647497a 100644 --- a/charts/kvm-node-agent/values.yaml +++ b/charts/kvm-node-agent/values.yaml @@ -4,7 +4,7 @@ controllerManager: runAsUser: 0 image: repository: busybox - tag: "1.37" + tag: "1.28" manager: args: - --health-probe-bind-address=:8081 From 52a8724d42413de86cfb9cc048e77417df4da1d9 Mon Sep 17 00:00:00 2001 From: Fabian Wiesel Date: Tue, 10 Mar 2026 14:30:58 +0100 Subject: [PATCH 2/4] fix: use request-scoped ctx in shutdown callback goroutine --- internal/systemd/systemd.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/internal/systemd/systemd.go b/internal/systemd/systemd.go index ea47b9f..e3efb18 100644 --- a/internal/systemd/systemd.go +++ b/internal/systemd/systemd.go @@ -162,7 +162,7 @@ func (s *SystemdConn) EnableShutdownInhibit(ctx context.Context, cb func(context log.Info("received shutdown signal", "signal", signal) // execute the shutdown callback - if err := cb(context.Background()); err != nil { + if err := cb(ctx); err != nil { log.Error(err, "failed to execute shutdown callback") } From 1005edd6b085ae0c1d328acb68b630e01d963ad6 Mon Sep 17 00:00:00 2001 From: Andrew Karpow Date: Tue, 10 Mar 2026 09:52:46 -0400 Subject: [PATCH 3/4] Bump busybox to 1.37 and rerun helmify --- charts/kvm-node-agent/values.yaml | 2 +- config/manager/manager.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/kvm-node-agent/values.yaml b/charts/kvm-node-agent/values.yaml index 647497a..4c7a130 100644 --- a/charts/kvm-node-agent/values.yaml +++ b/charts/kvm-node-agent/values.yaml @@ -4,7 +4,7 @@ controllerManager: runAsUser: 0 image: repository: busybox - tag: "1.28" + tag: "1.37" manager: args: - --health-probe-bind-address=:8081 diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index e8d0dcb..6d86e03 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -60,7 +60,7 @@ spec: - name: create-pki-dirs securityContext: runAsUser: 0 - image: busybox:1.28 + image: busybox:1.37 command: ['sh', '-c', 'cd /host && for i in etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki; do if [ -L ${i} ]; then rm ${i}; fi; done && mkdir -p etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki && chown 42438:42438 etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki && chmod 0755 etc/pki/CA etc/pki/libvirt etc/pki/qemu var/lib/libvirt/ch/pki'] volumeMounts: - mountPath: /host From 7c7ab45382643d77cb62f0081c327219b448ec81 Mon Sep 17 00:00:00 2001 From: Andrew Karpow Date: Tue, 10 Mar 2026 09:55:03 -0400 Subject: [PATCH 4/4] bump golang.org/x/net@v0.51.0 to mitigate govuln --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3056ca4..0945f96 100644 --- a/go.mod +++ b/go.mod @@ -90,7 +90,7 @@ require ( golang.org/x/crypto v0.48.0 // indirect golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 // indirect golang.org/x/mod v0.33.0 // indirect - golang.org/x/net v0.50.0 // indirect + golang.org/x/net v0.51.0 // indirect golang.org/x/oauth2 v0.34.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/sys v0.41.0 // indirect diff --git a/go.sum b/go.sum index 84ab979..5e1d282 100644 --- a/go.sum +++ b/go.sum @@ -221,8 +221,8 @@ golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93 h1:fQsdNF2N+/YewlRZiricy4P1i golang.org/x/exp v0.0.0-20251219203646-944ab1f22d93/go.mod h1:EPRbTFwzwjXj9NpYyyrvenVh9Y+GFeEvMNh7Xuz7xgU= golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8= golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w= -golang.org/x/net v0.50.0 h1:ucWh9eiCGyDR3vtzso0WMQinm2Dnt8cFMuQa9K33J60= -golang.org/x/net v0.50.0/go.mod h1:UgoSli3F/pBgdJBHCTc+tp3gmrU4XswgGRgtnwWTfyM= +golang.org/x/net v0.51.0 h1:94R/GTO7mt3/4wIKpcR5gkGmRLOuE/2hNGeWq/GBIFo= +golang.org/x/net v0.51.0/go.mod h1:aamm+2QF5ogm02fjy5Bb7CQ0WMt1/WVM7FtyaTLlA9Y= golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4=