Adding cloud-provider-kubevirt as a new package to SPECS

[sharath-srikanth-chellappa]

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• The toolchain has been rebuilt successfully (or no changes were made to it)
• The toolchain/worker package manifests are up-to-date
• Any updated packages successfully build (or no packages were changed)
• Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• All package sources are available
• cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• LICENSE-MAP files are up-to-date (./LICENSES-AND-NOTICES/SPECS/data/licenses.json, ./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md, ./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)
• All source files have up-to-date hashes in the *.signatures.json files
• sudo make go-tidy-all and sudo make go-test-coverage pass
• Documentation has been updated to match any changes to the build system
• Ready to merge

---

Summary

What does the PR accomplish, why was it needed?

Azure Local (Nexus) requires the functionality of creating a Kubernetes cluster inside a Kubevirt VM to run the workload cluster and managing this VM from the undercloud. In order to do this, they use a component called the cloud-provider-kubevirt (https://github.com/kubevirt/cloud-provider-kubevirt).

The KubeVirt cloud-provider allows a Kubernetes cluster running in KubeVirt VMs (tenant cluster) to interact with KubeVirt and Kubernetes (infrastructure cluster) to provision, manage and clean up resources.

We have been maintaining a local fork of this upstream repository on ADO (https://dev.azure.com/mariner-org/ECF/_git/cloud-provider-kubevirt) and this thread is to get the approvals to maintain this upstream repository as an RPM package and move away from maintaining a fork of the changes.

Justification to merge this package

1. Maintaining the code as part of AzL as opposed to having a local fork on ADO.
2. Regular security fixes through fasttrack branches.
3. Ability to publish golden container images to MCR as opposed to using marinerhciprod/marinerhcistaging.

Change Log

• Adding new SPEC file and signatures file for cloud-provider-kubevirt
• Adding Dockerfiles for building container images.

Does this affect the toolchain?

YES/NO

Associated issues

• #xxxx

Links to CVEs

• https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXX

Test Methodology

Validating the container image:

1. Successfully running buddy build pipeline for the new package (cloud-provider-kubevirt) - Pipelines - Run sharathsr+3.0+cloud-provider-kubevirt-new-package-2+cloud-provider-kubevirt+unknown
2. Successfully building new golden container images for the new package (cloud-provider-kubevirt) - Pipelines - Run 3.0.20250219-sharathsr-740307
3. Successfully running CAPKV tests on the LISA platform with the new cloud-provider-kubevirt container image being used as part of the tests - https://dev.azure.com/mariner-org/ECF/_build/results?buildId=744345&view=results
4. Successfully running bash based CAPKV tests with the new cloud-provider-kubevirt container image being used as part of the tests - https://dev.azure.com/mariner-org/ECF/_build/results?buildId=741510&view=results

Trivy Scan Results for the new container image

_acrafoimages.azurecr.io/base/cloud-provider-kubevirt:0.5.1-1-azl3.0.20250219-amd64 (azurelinux 3.0)

Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)_

[JocelynBerrendonner]

Approved, but please also take a look at the comment/question I left.

[sharath-srikanth-chellappa]

Golden Container image build: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=752308
CapKV Pipeline run with this new container image: https://dev.azure.com/mariner-org/ECF/_build/results?buildId=752451&view=results

[reubeno]

Why no debug package?

[sharath-srikanth-chellappa]

I was following -
https://github.com/microsoft/azurelinux/blob/3.0/SPECS/kubevirt/kubevirt.spec#L42

I am not sure what value needs to be given here.

[sharath-srikanth-chellappa]

Golden Container image build: https://dev.azure.com/mariner-org/mariner/_build/results?buildId=759855&view=results
CapKV Pipeline run with this new container image: https://dev.azure.com/mariner-org/ECF/_build/results?buildId=760116&view=results

[sharath-srikanth-chellappa]

Rebased on top of latest 3.0-dev (as of 3/27)