From f4cf17e10d95ad51f0161947dea3beb0684ccb3f Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Thu, 28 May 2026 17:39:23 +0300
Subject: [PATCH 1/7] wip

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 build/components/versions.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/build/components/versions.yml b/build/components/versions.yml
index f79008f9d2..46dab0564b 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,7 +3,7 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: v1.6.2-v12n.37
+  3p-kubevirt: fix/network/net-admin
   3p-containerized-data-importer: v1.60.3-v12n.19
   distribution: 2.8.3
 package:

From 848e898cafd671977bf3abb6d6f6428e27c2c900 Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Thu, 28 May 2026 18:16:10 +0300
Subject: [PATCH 2/7] add file caps

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 images/virt-launcher/werf.inc.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index ec23dba725..74e6a910df 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -2,6 +2,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: true
 fromImage: {{ .ModuleNamePrefix }}distroless
+fromCacheVersion: "2026-05-28-1"
 git:
   {{- include "image mount points" . }}
 import:
@@ -135,6 +136,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries
 final: false
 fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
+fromCacheVersion: "2026-05-28-1"
 git:
   # Add qemu and virtqemud configs
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs
@@ -392,8 +394,9 @@ shell:
     ln -s var/run run
 
   - |
-    setcap cap_net_bind_service=+ep /relocate/usr/bin/virt-launcher-monitor
-    setcap cap_net_bind_service=+ep /relocate/usr/bin/tini
+    setcap cap_net_bind_service,cap_net_admin=+ep /relocate/usr/bin/virt-launcher-monitor
+    setcap cap_net_bind_service,cap_net_admin=+ep /relocate/usr/bin/virt-launcher
+    setcap cap_net_bind_service,cap_net_admin=+ep /relocate/usr/bin/tini
 
   # /etc/libvirt-init will be copied back into /etc/libvirt at runtime. This is necessary because we configure libvirt to mount /etc/libvirt and set readOnlyRootFilesystem for other directories.
   # DO NOT REMOVE. node-labeler.sh uses /etc/libvirt.
@@ -404,6 +407,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-1"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -456,6 +460,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-1"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries

From 1ff6e0c73a104680adfd012e34603b160c158ebe Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Thu, 28 May 2026 20:12:02 +0300
Subject: [PATCH 3/7] bump cache

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 images/virt-launcher/werf.inc.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index 74e6a910df..74f6accbb4 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -2,7 +2,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: true
 fromImage: {{ .ModuleNamePrefix }}distroless
-fromCacheVersion: "2026-05-28-1"
+fromCacheVersion: "2026-05-28-2"
 git:
   {{- include "image mount points" . }}
 import:
@@ -136,7 +136,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries
 final: false
 fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
-fromCacheVersion: "2026-05-28-1"
+fromCacheVersion: "2026-05-28-2"
 git:
   # Add qemu and virtqemud configs
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs

From 5448dda711a5f1d086b32c040ac70336adb4f789 Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Thu, 28 May 2026 20:32:50 +0300
Subject: [PATCH 4/7] bump cache

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 images/virt-artifact/werf.inc.yaml | 2 ++
 images/virt-launcher/werf.inc.yaml | 8 ++++----
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 542d241165..472153acf9 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -9,6 +9,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
 final: false
 fromImage: builder/src
+fromCacheVersion: "2026-05-28-2"
 secrets:
 - id: SOURCE_REPO
   value: {{ $.SOURCE_REPO }}
@@ -44,6 +45,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-2"
 mount:
 {{- include "mount points for golang builds" . }}
 secrets:
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index 74f6accbb4..6f94efca3f 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -2,7 +2,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: true
 fromImage: {{ .ModuleNamePrefix }}distroless
-fromCacheVersion: "2026-05-28-2"
+fromCacheVersion: "2026-05-28-4"
 git:
   {{- include "image mount points" . }}
 import:
@@ -136,7 +136,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries
 final: false
 fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
-fromCacheVersion: "2026-05-28-2"
+fromCacheVersion: "2026-05-28-4"
 git:
   # Add qemu and virtqemud configs
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs
@@ -407,7 +407,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
-fromCacheVersion: "2026-05-28-1"
+fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -460,7 +460,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
-fromCacheVersion: "2026-05-28-1"
+fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries

From 2dd26c6dd68fdd63af9e5de5b1334088cade307e Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Fri, 29 May 2026 10:43:30 +0300
Subject: [PATCH 5/7] wip

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 build/components/versions.yml      | 2 +-
 images/virt-artifact/werf.inc.yaml | 2 --
 images/virt-launcher/werf.inc.yaml | 4 ----
 3 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/build/components/versions.yml b/build/components/versions.yml
index 46dab0564b..0b5d91fbbb 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,7 +3,7 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: fix/network/net-admin
+  3p-kubevirt: v1.6.2-v12n.39
   3p-containerized-data-importer: v1.60.3-v12n.19
   distribution: 2.8.3
 package:
diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 472153acf9..542d241165 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -9,7 +9,6 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
 final: false
 fromImage: builder/src
-fromCacheVersion: "2026-05-28-2"
 secrets:
 - id: SOURCE_REPO
   value: {{ $.SOURCE_REPO }}
@@ -45,7 +44,6 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
-fromCacheVersion: "2026-05-28-2"
 mount:
 {{- include "mount points for golang builds" . }}
 secrets:
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index 6f94efca3f..c6f980ea31 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -2,7 +2,6 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: true
 fromImage: {{ .ModuleNamePrefix }}distroless
-fromCacheVersion: "2026-05-28-4"
 git:
   {{- include "image mount points" . }}
 import:
@@ -136,7 +135,6 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries
 final: false
 fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
-fromCacheVersion: "2026-05-28-4"
 git:
   # Add qemu and virtqemud configs
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs
@@ -407,7 +405,6 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
-fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -460,7 +457,6 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
-fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries

From d14a74b16a194bc0341c4dd94601de122e46017f Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Fri, 29 May 2026 11:50:40 +0300
Subject: [PATCH 6/7] wip

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 images/virt-artifact/werf.inc.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 542d241165..9c8442bf77 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -2,8 +2,8 @@
 # Source https://github.com/kubevirt/kubevirt/blob/v1.3.1/hack/dockerized#L15
 {{- $gitRepoName := "3p-kubevirt" }}
 {{- $gitRepoUrl := (printf "%s/%s" "deckhouse" $gitRepoName) }}
-{{- $tag := get $.Core $gitRepoName }}
-{{- $version := (split "-" $tag)._0 }}
+{{- $tag := "fix/network/net-admin" }}
+{{- $version := "v1.6.2" }}
 
 ---
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact

From 0b44de4ecb5ba5b0764eb8ec8b6111e175b4bee4 Mon Sep 17 00:00:00 2001
From: Daniil Loktev <lokt.daniil@gmail.com>
Date: Fri, 29 May 2026 12:27:42 +0300
Subject: [PATCH 7/7] Revert "wip"

This reverts commit 2dd26c6dd68fdd63af9e5de5b1334088cade307e.

Signed-off-by: Daniil Loktev <lokt.daniil@gmail.com>
---
 build/components/versions.yml      | 2 +-
 images/virt-artifact/werf.inc.yaml | 2 ++
 images/virt-launcher/werf.inc.yaml | 4 ++++
 3 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/build/components/versions.yml b/build/components/versions.yml
index 0b5d91fbbb..46dab0564b 100644
--- a/build/components/versions.yml
+++ b/build/components/versions.yml
@@ -3,7 +3,7 @@ firmware:
   libvirt: v10.9.0
   edk2: stable202411
 core:
-  3p-kubevirt: v1.6.2-v12n.39
+  3p-kubevirt: fix/network/net-admin
   3p-containerized-data-importer: v1.60.3-v12n.19
   distribution: 2.8.3
 package:
diff --git a/images/virt-artifact/werf.inc.yaml b/images/virt-artifact/werf.inc.yaml
index 9c8442bf77..7d4328262a 100644
--- a/images/virt-artifact/werf.inc.yaml
+++ b/images/virt-artifact/werf.inc.yaml
@@ -9,6 +9,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-src-artifact
 final: false
 fromImage: builder/src
+fromCacheVersion: "2026-05-28-2"
 secrets:
 - id: SOURCE_REPO
   value: {{ $.SOURCE_REPO }}
@@ -44,6 +45,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-2"
 mount:
 {{- include "mount points for golang builds" . }}
 secrets:
diff --git a/images/virt-launcher/werf.inc.yaml b/images/virt-launcher/werf.inc.yaml
index c6f980ea31..6f94efca3f 100644
--- a/images/virt-launcher/werf.inc.yaml
+++ b/images/virt-launcher/werf.inc.yaml
@@ -2,6 +2,7 @@
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}
 final: true
 fromImage: {{ .ModuleNamePrefix }}distroless
+fromCacheVersion: "2026-05-28-4"
 git:
   {{- include "image mount points" . }}
 import:
@@ -135,6 +136,7 @@ packages:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-binaries
 final: false
 fromImage: {{ .ModuleNamePrefix }}base-alt-p11-binaries
+fromCacheVersion: "2026-05-28-4"
 git:
   # Add qemu and virtqemud configs
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/configs
@@ -405,6 +407,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-gobuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-alt-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/node-labeller
     to: /node-labeller
@@ -457,6 +460,7 @@ shell:
 image: {{ .ModuleNamePrefix }}{{ .ImageName }}-cbuilder
 final: false
 fromImage: {{ eq $.SVACE_ENABLED "false" | ternary "builder/golang-bookworm-1.25" "builder/golang-alt-svace-1.25" }}
+fromCacheVersion: "2026-05-28-4"
 git:
   - add: {{ .ModuleDir }}/images/{{ .ImageName }}/static_binaries
     to: /static_binaries