amorgante/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: amorgante:devel
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
pull from: amorgante:multi-arch-ipa
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

7 Commits
devel ... multi-arch

Author SHA256 Message Date
Nicolas Belouin
8543583e4d Install both ramdisks in the ipa downloader 
- Make the different ipa-ramdisk packages installable side by side
- Clean the ipa-downloader Dockerfile from what seems to be unneeded
- Get both images in
- Use zstd instead of xz for better speed
- Check sums before redoing certs integration
- Add value to metal3 chart to select between architectures
- Get the two ESP available as well

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-03-05 15:00:19 +01:00
Nicolas Belouin
c744e56218 Merge pull request 'Ironic dependency is located in different project when in internal obs' (#82) from nbelouin/Factory:ironic-meta into main 
Reviewed-on: suse-edge/Factory#82
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-02-28 12:36:10 +01:00
Nicolas Belouin
0cb039a9df Ironic dependency is located in different project when in internal obs 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-26 10:36:10 +01:00
Steven Hardy
eff9a9b0c5 rancher-turtles-chart: Update to 0.16.0 
Align with https://github.com/suse-edge/charts/pull/186
 2025-02-25 15:31:46 +01:00
Steven Hardy
8d336f380b rancher-turtles-airgap-resources-chart: Update to 0.16.0 
Align with https://github.com/suse-edge/charts/pull/186
 2025-02-25 15:31:46 +01:00
Nicolas Belouin
5947d531ab Merge pull request 'Add scheduled workflow for devel branch' (#80) from nbelouin/Factory:trigger-devel-refresh into main 
Reviewed-on: suse-edge/Factory#80
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:08:57 +01:00
Nicolas Belouin
15362e9536 Add scheduled workflow for devel branch 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 13:26:41 +01:00
40 changed files with 2416 additions and 1236 deletions
Expand all files Collapse all files

30
.gitea/workflows/trigger_devel.yaml Normal file
View File

@@ -0,0 +1,30 @@
name: Trigger Devel Packages
on:
schedule:
- cron: "@daily"
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

1
.obs/render_meta.py
View File

@@ -8,6 +8,7 @@ def render(base_project, subproject, internal, scm_url=None):
context = {
"base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(),
"ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
}
if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest"

4
_config
View File

@@ -87,6 +87,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif
%endif
@@ -113,6 +114,9 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif
# Enable reproducible builds

2
_meta
View File

@@ -47,7 +47,7 @@
{%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %}
<path project="Cloud:OpenStack:2024.2" repository="15.6"/>
<path project="{{ ironic_base }}:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch>
<arch>aarch64</arch>

13
ironic-image/Dockerfile
View File

@@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

2
ironic-image/configure-ironic.sh
View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi
fi
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot

2
ironic-image/ironic.conf.j2
View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database
node_history = False

51
ironic-image/prepare-efi.sh
View File

@@ -2,41 +2,26 @@
set -euxo pipefail
ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
declare -A efi_arch=(
["x86_64"]="X64"
["aarch64"]="AA64"
)
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
for arch in "${!efi_arch[@]}"; do
DEST=/tmp/esp-${arch}.img
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

2
ironic-image/runhttpd
View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
cp /tmp/uefi_esp*.img /shared/html/
# Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

14
ironic-ipa-downloader-image/Dockerfile
View File

@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

68
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=1
else
CERTS_CHANGED=0
fi
fi
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${CERTS_CHANGED:-1}" = "1" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=0
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -25,47 +46,56 @@ else
# If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache
ls -l
if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi
# Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already
# but we don't have it in the images directory
# Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi
else
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
fi
if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd -
chmod 755 $TMPDIR
mv $TMPDIR $FILENAME-$ETAG
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
chmod 755 "$TMPDIR"
mv "$TMPDIR" "$FILENAME-$ETAG"
ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
IMAGE_CHANGED=0
else
rm -rf $TMPDIR
rm -rf "$TMPDIR"
fi
fi
if [ -d "/tmp/ironic-certificates" ]; then
if [ "${CERTS_CHANGED:-1}" = "0" ] || [ "${IMAGE_CHANGED:-1}" = "0" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-301">
<image schemaversion="7.4" name="openstack-ironic-image">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>

6
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR
gzip -9 -f initrdtmp
INITRDGZ=`ls *.gz | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
zstd initrdtmp -o initrd-%{_arch}.zst
INITRD=`ls *.zst | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

6
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,6 +5,7 @@
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1
data:
@@ -19,8 +20,9 @@ data:
{{- $protocol = "http" }}
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
kind: ConfigMap
metadata:
name: baremetal-operator-ironic

6
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,6 +12,7 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -39,8 +40,9 @@ data:
{{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

3
metal3-chart/values.yaml
View File

@@ -63,6 +63,9 @@ global:
# Name for the MariaDB service
databaseServiceName: metal3-mariadb
# Architecture for deployed nodes (either x86_64 or arm64)
deployArchitecture: x86_64
# In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
apiVersion: v2
appVersion: 0.14.1
appVersion: 0.16.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.0+up0.14.1"
version: "%%CHART_MAJOR%%.0.0+up0.16.0"

7
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

1424
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

File diff suppressed because it is too large Load Diff

46
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,7 +154,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -300,7 +299,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -439,7 +437,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -495,7 +492,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -582,20 +578,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -742,7 +738,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -893,7 +888,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1029,7 +1023,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1085,7 +1078,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1172,20 +1164,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -1226,7 +1218,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1369,7 +1361,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1523,7 +1514,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1664,7 +1654,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1720,7 +1709,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1920,7 +1908,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2079,7 +2066,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2217,7 +2203,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2273,7 +2258,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2543,7 +2527,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2757,10 +2741,16 @@ data:
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.9.0
name: v0.11.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

90
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,7 +154,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -300,7 +299,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -418,7 +416,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -464,7 +461,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -537,7 +533,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -593,7 +588,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -727,7 +721,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -804,7 +797,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -935,7 +927,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -980,6 +971,7 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@@ -993,7 +985,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1024,7 +1015,6 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
@@ -1201,20 +1191,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -1387,7 +1377,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1538,7 +1527,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1640,6 +1628,7 @@ data:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties:
apiVersion:
description: API version of the referent.
@@ -1653,7 +1642,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1704,7 +1692,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1742,7 +1729,7 @@ data:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
@@ -1783,7 +1770,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1817,6 +1803,7 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after
@@ -1856,7 +1843,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -1912,7 +1898,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2043,7 +2028,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2120,7 +2104,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2251,7 +2234,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2296,6 +2278,7 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@@ -2309,7 +2292,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2340,7 +2322,6 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron
@@ -2490,7 +2471,6 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
status:
@@ -2524,20 +2504,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -2609,7 +2589,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2796,7 +2776,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -2955,7 +2934,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3058,6 +3036,7 @@ data:
description: |-
InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties:
apiVersion:
description: API version of the referent.
@@ -3071,7 +3050,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3122,7 +3100,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3160,7 +3137,7 @@ data:
additionalProperties:
type: string
description: |-
Annotations is an unstructured key value map stored with a resource that may be
annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations
@@ -3201,7 +3178,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3235,6 +3211,7 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string
postRKE2Commands:
description: PostRKE2Commands specifies extra commands to
@@ -3275,7 +3252,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3331,7 +3307,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3466,7 +3441,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3545,7 +3519,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3679,7 +3652,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3724,6 +3696,7 @@ data:
description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties:
apiVersion:
description: API version of the referent.
@@ -3737,7 +3710,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
@@ -3768,7 +3740,6 @@ data:
x-kubernetes-map-type: atomic
required:
- endpoint
- s3CredentialSecret
type: object
scheduleCron:
description: 'ScheduleCron Snapshot interval time
@@ -3927,7 +3898,6 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string
required:
- infrastructureRef
- rolloutStrategy
type: object
required:
@@ -3967,20 +3937,20 @@ data:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -4293,7 +4263,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.9.0
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4348,7 +4318,7 @@ data:
volumes:
- name: cert
secret:
secretName: rke2-control-plane-webhook-service-cert
secretName: rke2-controlplane-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
@@ -4364,7 +4334,7 @@ data:
issuerRef:
kind: Issuer
name: rke2-control-plane-selfsigned-issuer
secretName: rke2-control-plane-webhook-service-cert
secretName: rke2-controlplane-webhook-service-cert
subject:
organizations:
- Rancher by SUSE
@@ -4514,10 +4484,16 @@ data:
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.9.0
name: v0.11.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.14.0
digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
generated: "2024-12-03T09:34:12.871417074Z"
version: 0.16.0
digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
generated: "2025-01-30T10:14:58.692942399Z"

8
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,7 +12,7 @@ annotations:
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.14.1
appVersion: 0.16.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.14.1"
version: "%%CHART_MAJOR%%.0.0+up0.16.0"

112
rancher-turtles-chart/questions.yml
View File

@@ -1,78 +1,44 @@
namespace: rancher-turtles-system
questions:
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
type: boolean
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.features.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: rancherTurtles.features.cluster-api-operator.kubectlImage
default: "rancher/kubectl:v1.30.3"
description: "Specify the image to use when cleaning up the Cluster API Operator manifests"
type: string
label: Cleanup Image
group: "CAPI Operator cleanup settings"
- variable: rancherTurtles.features.rancher-webhook.cleanup
default: true
description: "Specify that the Rancher embedded cluster api webhooks should be removed"
type: boolean
label: Cleanup Rancher Embedded CAPI Webhooks
group: "Rancher webhook cleanup settings"
show_subquestion_if: true
subquestions:
- variable: rancherTurtles.features.rancher-webhook.kubectlImage
default: "rancher/kubectl:v1.30.3"
description: "Specify the image to use when cleaning up the webhooks"
type: string
label: Webhook Cleanup Image
group: "Rancher webhook cleanup settings"
- variable: rancherTurtles.features.rancher-kubeconfigs.label
default: false
description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels"
type: boolean
label: Label Rancher Kubeconfigs
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.managementv3-cluster.enabled
default: true
description: "Use v3/management cluster manifest for import, instead of v1/provisioning"
type: boolean
label: Use management v3 cluster manifest
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.managementv3-cluster-migration.enabled
default: false
description: "Automatically migrate between provisioning and management clusters on upgrade"
type: boolean
label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.propagate-labels.enabled
default: false
description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
type: boolean
label: Propagate CAPI Labels
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
type: boolean
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
description: "Specify the image to use when running kubectl in jobs"
type: string
label: Kubectl Image
group: "Rancher Turtles Features Settings"

7
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -35,10 +35,17 @@ data:
cluster:
patchResource: true
setOwnerReferences: true
hostNetwork: true
selector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
namespaceSelector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
{{- end }}

4
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
@@ -55,7 +55,7 @@ spec:
serviceAccountName: pre-upgrade-job
containers:
- name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- configmap

6
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers:
- args:
- --leader-elect
- --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}
@@ -67,10 +67,10 @@ spec:
resources:
limits:
cpu: 500m
memory: 128Mi
memory: 256Mi
requests:
cpu: 10m
memory: 64Mi
memory: 128Mi
serviceAccountName: rancher-turtles-manager
terminationGracePeriodSeconds: 10
tolerations:

2
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@@ -22,7 +22,7 @@ metadata:
spec:
providers:
- name: metal3
url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml"
type: InfrastructureProvider
---
apiVersion: turtles-capi.cattle.io/v1alpha1

18
rancher-turtles-chart/templates/post-delete-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }}
{{- if index .Values "cluster-api-operator" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
@@ -41,7 +41,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: post-delete-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: post-delete-job-delete-webhooks
@@ -62,7 +62,7 @@ spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -90,7 +90,7 @@ spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -119,7 +119,7 @@ spec:
restartPolicy: Never
containers:
- name: delete-capi-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -128,7 +128,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true
- name: delete-capi-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -137,7 +137,7 @@ spec:
- capi-kubeadm-bootstrap-system
- --ignore-not-found=true
- name: delete-capi-kubeadm-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -146,7 +146,7 @@ spec:
- capi-kubeadm-control-plane-system
- --ignore-not-found=true
- name: delete-rke2-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
@@ -155,7 +155,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
- --ignore-not-found=true
- name: delete-rke2-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete

20
rancher-turtles-chart/templates/post-upgrade-job.yaml
View File

@@ -1,10 +1,9 @@
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: post-upgrade-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
@@ -24,13 +23,6 @@ rules:
verbs:
- list
- delete
- apiGroups:
- management.cattle.io
resources:
- clusters
verbs:
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
@@ -42,7 +34,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: post-upgrade-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: post-upgrade-job-delete-clusters
@@ -52,6 +44,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: post-upgrade-delete-clusters
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2"
@@ -62,17 +55,12 @@ spec:
serviceAccountName: post-upgrade-job
containers:
- name: post-upgrade-delete-clusters
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
- clusters.provisioning.cattle.io
{{- else }}
- clusters.management.cattle.io
{{- end }}
- --selector=cluster-api.cattle.io/owned
- -A
- --ignore-not-found=true
- --wait
restartPolicy: OnFailure
{{- end }}

10
rancher-turtles-chart/templates/pre-delete-job.yaml
View File

@@ -1,10 +1,10 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-delete-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2"
@@ -35,7 +35,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: pre-delete-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-delete-job-delete-capiproviders
@@ -45,7 +45,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-capiprovider-cleanup
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-1"
@@ -56,7 +56,7 @@ spec:
serviceAccountName: pre-delete-job
containers:
- name: rancher-capiprovider-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- capiproviders

14
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@@ -1,4 +1,3 @@
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
{{- if index .Values "rancherTurtles" "rancherInstalled"}}
---
apiVersion: management.cattle.io/v3
@@ -11,14 +10,13 @@ metadata:
spec:
value: false
{{- end }}
{{- end }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-install-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
@@ -49,7 +47,7 @@ metadata:
subjects:
- kind: ServiceAccount
name: pre-install-job
namespace: rancher-turtles-system
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-install-job-delete-webhooks
@@ -59,6 +57,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
@@ -69,7 +68,7 @@ spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io
@@ -81,6 +80,7 @@ apiVersion: batch/v1
kind: Job
metadata:
name: rancher-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
@@ -91,7 +91,7 @@ spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- validatingwebhookconfigurations.admissionregistration.k8s.io

337
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

File diff suppressed because it is too large Load Diff

90
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
View File

@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdmachinesnapshots.turtles-capi.cattle.io
@@ -116,7 +116,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdsnapshotrestores.turtles-capi.cattle.io
@@ -195,20 +195,20 @@ spec:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
This field may be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
@@ -235,7 +235,7 @@ kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
@@ -438,29 +438,7 @@ rules:
- cluster.x-k8s.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
verbs:
- create
@@ -499,57 +477,7 @@ rules:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs
verbs:
- create
@@ -562,12 +490,16 @@ rules:
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
- etcdsnapshotrestores/status
- rke2etcdmachinesnapshotconfigs/status
verbs:
- get

38
rancher-turtles-chart/values.yaml
View File

@@ -1,35 +1,24 @@
rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.14.1
imageVersion: v0.16.0
imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system
managerArguments: []
imagePullSecrets: []
rancherInstalled: true
rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
features:
cluster-api-operator:
cleanup: true
kubectlImage: rancher/kubectl:v1.30.3
embedded-capi:
disabled: false
rancher-webhook:
cleanup: false
kubectlImage: rancher/kubectl:v1.30.3
rancher-kubeconfigs:
label: false
managementv3-cluster:
enabled: true
managementv3-cluster-migration:
enabled: false
propagate-labels:
enabled: false
etcd-snapshot-restore:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.14.1
imageVersion: v0.16.0
imagePullPolicy: IfNotPresent
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
enabled: false
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
cluster-api-operator:
enabled: true
cert-manager:
@@ -53,6 +42,7 @@ cluster-api-operator:
- mountPath: /config
name: clusterctl-config
readOnly: true
cleanup: true
cluster-api:
enabled: true
configSecret:
@@ -60,30 +50,34 @@ cluster-api-operator:
defaultName: capi-env-variables
core:
namespace: capi-system
imageUrl: ""
fetchConfig:
url: ""
selector: ""
rke2:
enabled: true
version: ""
bootstrap:
namespace: rke2-bootstrap-system
imageUrl: ""
fetchConfig:
url: ""
selector: ""
controlPlane:
namespace: rke2-control-plane-system
imageUrl: ""
fetchConfig:
url: ""
selector: ""
metal3:
enabled: true
version: "v1.8.2"
version: "v1.9.2"
infrastructure:
namespace: capm3-system
imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-controller:v1.8.2"
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
fetchConfig:
url: ""
selector: ""
ipam:
namespace: capm3-system
imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-ipam-controller:v1.8.1"
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"

BIN
shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm Normal file
View File

Binary file not shown.

BIN
shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm Normal file
View File

Binary file not shown.

1099
shim-noarch/shim.changes Normal file
View File

File diff suppressed because it is too large Load Diff

90
shim-noarch/shim.spec Normal file
View File

@@ -0,0 +1,90 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%undefine _debuginfo_subpackages
%undefine _build_create_debug
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
Name: shim
Version: 15.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: shim-15.7-150300.4.16.1.x86_64.rpm
Source1: shim-15.7-150300.4.16.1.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package aarch64
Provides: shim(aarch64)
Group: System/Boot
Summary: UEFI shim loader
%package x86_64
Provides: shim(x86_64)
Group: System/Boot
Summary: UEFI shim loader
%description aarch64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%description x86_64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/aarch64
%{sysefibasedir}/aarch64/shim.efi
%{sysefibasedir}/aarch64/shim-*.efi
%{sysefibasedir}/aarch64/shim-*.der
%{sysefibasedir}/aarch64/MokManager.efi
%{sysefibasedir}/aarch64/fallback.efi
%files x86_64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/x86_64
%{sysefibasedir}/x86_64/shim.efi
%{sysefibasedir}/x86_64/shim-*.efi
%{sysefibasedir}/x86_64/shim-*.der
%{sysefibasedir}/x86_64/MokManager.efi
%{sysefibasedir}/x86_64/fallback.efi
%changelog