bump kubemacpool to v0.50.0-18-gcf11f30 (#2591)

kubevirt-bot · web-flow · RamLavi · web-flow · commit 53d48c17a70b · 2026-02-11T21:59:07.000Z
* bump kubemacpool to v0.50.0-18-gcf11f30 Signed-off-by: CNAO Bump Bot <noreply@github.com> * e2e/kubemacpool: Set monitoring lane env var Doing so tells CNAO to configure the monitoring components using the correct prometheus ns Signed-off-by: Ram Lavi <ralavi@redhat.com> * components/kubemacpool: Add monitoring objects Upstream kubemacpool added monitoring infrastructure [0][1][2]. - Adding the added objects, with configurable params that will be rendered on runtime by CNAO. - wrapping these objects by another param MonitoringAvailable that will be also rendered on realtime, so these objects will be deployed only then prometheus is installed on the cluster. [0] k8snetworkplumbingwg/kubemacpool#596 [1] k8snetworkplumbingwg/kubemacpool#587 [2] k8snetworkplumbingwg/kubemacpool#598 Assited-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Ram Lavi <ralavi@redhat.com> * components/kubemacpool: Templatize monitoring params for SA Upstream kubemacpool added monitoring infrastructure [0] with hardcoded prometheus-k8s service account and monitoring namespace in the RoleBinding subjects. For CNAO, these need to be configurable via template variables, consistent how CNAO already handles it. [0] k8snetworkplumbingwg/kubemacpool#596 Assited-by: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Ram Lavi <ralavi@redhat.com> --------- Signed-off-by: CNAO Bump Bot <noreply@github.com> Signed-off-by: Ram Lavi <ralavi@redhat.com> Co-authored-by: CNAO Bump Bot <noreply@github.com> Co-authored-by: Ram Lavi <ralavi@redhat.com>
diff --git a/automation/check-patch.e2e-kubemacpool-functests.sh b/automation/check-patch.e2e-kubemacpool-functests.sh
@@ -24,6 +24,7 @@ main() {
     cd ${TMP_PROJECT_PATH}
 
     export KUBEVIRT_NUM_NODES=${KUBEVIRT_NUM_NODES:-3}
+    export MONITORING_NAMESPACE="monitoring"
     # Spin-up ephemeral cluster with latest CNAO
     # this script also exports KUBECONFIG, and fetch $COMPONENT repository
     export CNAO_DEPLOY_KUBEVIRT=true
diff --git a/components.yaml b/components.yaml
@@ -13,10 +13,10 @@ components:
     metadata: v0.0.23
   kubemacpool:
     url: https://github.com/k8snetworkplumbingwg/kubemacpool
-    commit: 84e6a06b951c366ae17b72a374ed3db6c89c192e
+    commit: cf11f3007a69512945ee624ef70ceb8605bf81e4
     branch: main
     update-policy: latest
-    metadata: v0.50.0-14-g84e6a06
+    metadata: v0.50.0-18-gcf11f30
   kubevirt-ipam-controller:
     url: https://github.com/kubevirt/ipam-extensions
     commit: edebfda455fcc6316e690c22c5d6fa48f403d594
diff --git a/data/kubemacpool/kubemacpool-monitoring.yaml b/data/kubemacpool/kubemacpool-monitoring.yaml
@@ -0,0 +1,91 @@
+{{ if .MonitoringAvailable }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: kubemacpool-prometheus
+  namespace: '{{ .Namespace }}'
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - services
+  - endpoints
+  - pods
+  verbs:
+  - get
+  - list
+  - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubemacpool-prometheus
+  namespace: '{{ .Namespace }}'
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubemacpool-prometheus
+subjects:
+- kind: ServiceAccount
+  name: '{{ .MonitoringServiceAccount }}'
+  namespace: '{{ .MonitoringNamespace }}'
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    control-plane: mac-controller-manager
+    prometheus.kubemacpool.io: "true"
+  name: kubemacpool-metrics-service
+  namespace: '{{ .Namespace }}'
+spec:
+  ports:
+  - name: metrics
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    control-plane: mac-controller-manager
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  labels:
+    openshift.io/prometheus-rule-evaluation-scope: leaf-prometheus
+    prometheus.kubemacpool.io: "true"
+  name: kubemacpool-prometheus-rule
+  namespace: '{{ .Namespace }}'
+spec:
+  groups:
+  - name: alerts.rules
+    rules:
+    - alert: KubemacpoolMACCollisionDetected
+      annotations:
+        description: '{{ "{{" }} $value {{ "}}" }} MAC address(es) have collisions. Multiple running
+          objects are using the same MAC address.'
+        summary: MAC address collisions detected.
+      expr: count(kmp_mac_collisions > 1) > 0
+      for: 30s
+      labels:
+        operator_health_impact: warning
+        severity: warning
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    openshift.io/cluster-monitoring: "true"
+    prometheus.kubemacpool.io: "true"
+  name: kubemacpool-metrics-monitor
+  namespace: '{{ .Namespace }}'
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    port: metrics
+    scheme: https
+    tlsConfig:
+      insecureSkipVerify: true
+  selector:
+    matchLabels:
+      control-plane: mac-controller-manager
+{{ end }}
diff --git a/hack/components/bump-kubemacpool.sh b/hack/components/bump-kubemacpool.sh
@@ -22,6 +22,7 @@ echo 'Configure kustomize for CNAO templates and save the rendered manifest unde
 (
     cd ${KUBEMACPOOL_PATH}
     mkdir -p config/cnao
+    mkdir -p config/cnao-monitoring
 
     cat <<EOF > config/cnao/kustomization.yaml
 apiVersion: kustomize.config.k8s.io/v1beta1
@@ -65,6 +66,14 @@ patches:
     kind: Deployment
 EOF
 
+    cat <<EOF > config/cnao-monitoring/kustomization.yaml
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: "{{ .Namespace }}"
+bases:
+- ../monitoring
+EOF
+
     cat <<EOF > config/cnao/cnao_kubemacpool_manager_patch.yaml
 apiVersion: apps/v1
 kind: Deployment
@@ -177,6 +186,15 @@ rm kustomize.tar.gz
     ./kustomize build config/cnao | sed "s/'{{ toYaml \(.*\)}}'/{{ toYaml \1}}/;s/'{{ .RunAsNonRoot }}'/{{ .RunAsNonRoot }}/g;s/'{{ .RunAsUser }}'/{{ .RunAsUser }}/g"
 ) > data/kubemacpool/kubemacpool.yaml
 
+(
+    cd $KUBEMACPOOL_PATH
+    echo '{{ if .MonitoringAvailable }}'
+    ./kustomize build config/cnao-monitoring | sed "s/'{{ toYaml \(.*\)}}'/{{ toYaml \1}}/;s/'{{ .RunAsNonRoot }}'/{{ .RunAsNonRoot }}/g;s/'{{ .RunAsUser }}'/{{ .RunAsUser }}/g" \
+        | sed "s/  name: prometheus-k8s$/  name: '{{ .MonitoringServiceAccount }}'/;s/  namespace: monitoring$/  namespace: '{{ .MonitoringNamespace }}'/" \
+        | sed 's/{{ \$value }}/{{ "{{" }} \$value {{ "}}" }}/g'
+    echo '{{ end }}'
+) > data/kubemacpool/kubemacpool-monitoring.yaml
+
 echo 'Get kubemacpool image name and update it under CNAO'
 KUBEMACPOOL_TAG=$(git-utils::get_component_tag ${KUBEMACPOOL_PATH})
 KUBEMACPOOL_IMAGE=quay.io/kubevirt/kubemacpool
diff --git a/pkg/components/components.go b/pkg/components/components.go
@@ -36,7 +36,7 @@ const (
 	MultusDynamicNetworksImageDefault  = "ghcr.io/k8snetworkplumbingwg/multus-dynamic-networks-controller@sha256:2a2bb32c0ea8b232b3dbe81c0323a107e8b05f8cad06704fca2efd0d993a87be"
 	LinuxBridgeCniImageDefault         = "quay.io/kubevirt/cni-default-plugins@sha256:976a24392c2a096c38c2663d234b2d3131f5c24558889196d30b9ac1b6716788"
 	LinuxBridgeMarkerImageDefault      = "quay.io/kubevirt/bridge-marker@sha256:f9611ec10bb4aec44b0ec19f9b9d748a36255c089a1f59bc76e5fc37acc0fed2"
-	KubeMacPoolImageDefault            = "quay.io/kubevirt/kubemacpool@sha256:d1af879c0f2697118a829feab05b17d0ada816e9b55a70bb558d45ec03fb321d"
+	KubeMacPoolImageDefault            = "quay.io/kubevirt/kubemacpool@sha256:fbab0c16fa92aa60d5fe664c6c53763bd04c5667e7c58fcb59d938b5541eed8f"
 	OvsCniImageDefault                 = "ghcr.io/k8snetworkplumbingwg/ovs-cni-plugin@sha256:435f374b434b3bc70a5cfaba0011fdcf5f433d96b98b06d29306cbd8db3a8c21"
 	MacvtapCniImageDefault             = "quay.io/kubevirt/macvtap-cni@sha256:5266955a654a4cb4e425424ab274cf31e7a6deb3f340e3679a11d689bfa734d0"
 	KubeRbacProxyImageDefault          = "quay.io/brancz/kube-rbac-proxy@sha256:e6a323504999b2a4d2a6bf94f8580a050378eba0900fd31335cf9df5787d9a9b"
diff --git a/pkg/network/kubemacpool.go b/pkg/network/kubemacpool.go
@@ -101,6 +101,9 @@ func renderKubeMacPool(conf *cnao.NetworkAddonsConfigSpec, manifestDir string, c
 	data.Data["Namespace"] = os.Getenv("OPERAND_NAMESPACE")
 	data.Data["KubeMacPoolImage"] = os.Getenv("KUBEMACPOOL_IMAGE")
 	data.Data["KubeRbacProxyImage"] = os.Getenv("KUBE_RBAC_PROXY_IMAGE")
+	data.Data["MonitoringAvailable"] = clusterInfo.MonitoringAvailable
+	data.Data["MonitoringNamespace"] = monitoringNamespace()
+	data.Data["MonitoringServiceAccount"] = monitoringServiceAccount()
 	data.Data["ImagePullPolicy"] = conf.ImagePullPolicy
 	data.Data["RangeStart"] = conf.KubeMacPool.RangeStart
 	data.Data["RangeEnd"] = conf.KubeMacPool.RangeEnd
@@ -130,6 +133,20 @@ func renderKubeMacPool(conf *cnao.NetworkAddonsConfigSpec, manifestDir string, c
 	return objs, nil
 }
 
+func monitoringNamespace() string {
+	if ns := os.Getenv("MONITORING_NAMESPACE"); ns != "" {
+		return ns
+	}
+	return "monitoring"
+}
+
+func monitoringServiceAccount() string {
+	if sa := os.Getenv("MONITORING_SERVICE_ACCOUNT"); sa != "" {
+		return sa
+	}
+	return "prometheus-k8s"
+}
+
 func generateRandomMacPrefix() ([]byte, error) {
 	suffix := make([]byte, 2)
 	_, err := rand.Read(suffix)
diff --git a/test/releases/99.0.0.go b/test/releases/99.0.0.go
@@ -42,7 +42,7 @@ func init() {
 				ParentName: "kubemacpool-mac-controller-manager",
 				ParentKind: "Deployment",
 				Name:       "manager",
-				Image:      "quay.io/kubevirt/kubemacpool@sha256:d1af879c0f2697118a829feab05b17d0ada816e9b55a70bb558d45ec03fb321d",
+				Image:      "quay.io/kubevirt/kubemacpool@sha256:fbab0c16fa92aa60d5fe664c6c53763bd04c5667e7c58fcb59d938b5541eed8f",
 			},
 			{
 				ParentName: "kubemacpool-mac-controller-manager",
@@ -54,7 +54,7 @@ func init() {
 				ParentName: "kubemacpool-cert-manager",
 				ParentKind: "Deployment",
 				Name:       "manager",
-				Image:      "quay.io/kubevirt/kubemacpool@sha256:d1af879c0f2697118a829feab05b17d0ada816e9b55a70bb558d45ec03fb321d",
+				Image:      "quay.io/kubevirt/kubemacpool@sha256:fbab0c16fa92aa60d5fe664c6c53763bd04c5667e7c58fcb59d938b5541eed8f",
 			},
 			{
 				ParentName: "ovs-cni-amd64",
