amorgante/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: amorgante:devel
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
pull from: amorgante:multi-arch-ipa
Branches Tags
amorgante:main amorgante:3.2 amorgante:multi-arch-ipa amorgante:devel suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

7 Commits
devel ... multi-arch

Author SHA256 Message Date
Nicolas Belouin
8543583e4d Install both ramdisks in the ipa downloader 
- Make the different ipa-ramdisk packages installable side by side
- Clean the ipa-downloader Dockerfile from what seems to be unneeded
- Get both images in
- Use zstd instead of xz for better speed
- Check sums before redoing certs integration
- Add value to metal3 chart to select between architectures
- Get the two ESP available as well

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-03-05 15:00:19 +01:00
Nicolas Belouin
c744e56218 Merge pull request 'Ironic dependency is located in different project when in internal obs' (#82) from nbelouin/Factory:ironic-meta into main 
Reviewed-on: suse-edge/Factory#82
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-02-28 12:36:10 +01:00
Nicolas Belouin
0cb039a9df Ironic dependency is located in different project when in internal obs 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-26 10:36:10 +01:00
Steven Hardy
eff9a9b0c5 rancher-turtles-chart: Update to 0.16.0 
Align with https://github.com/suse-edge/charts/pull/186
 2025-02-25 15:31:46 +01:00
Steven Hardy
8d336f380b rancher-turtles-airgap-resources-chart: Update to 0.16.0 
Align with https://github.com/suse-edge/charts/pull/186
 2025-02-25 15:31:46 +01:00
Nicolas Belouin
5947d531ab Merge pull request 'Add scheduled workflow for devel branch' (#80) from nbelouin/Factory:trigger-devel-refresh into main 
Reviewed-on: suse-edge/Factory#80
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:08:57 +01:00
Nicolas Belouin
15362e9536 Add scheduled workflow for devel branch 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 13:26:41 +01:00
40 changed files with 2416 additions and 1236 deletions
Expand all files Collapse all files

30
.gitea/workflows/trigger_devel.yaml Normal file
View File

@@ -0,0 +1,30 @@
name: Trigger Devel Packages
on:
schedule:
- cron: "@daily"
jobs:
sync-pr-project:
name: "Trigger source services for devel packages that changed"
runs-on: tumbleweed
steps:
- name: Setup OSC
run: |
mkdir -p ~/.config/osc
cat >~/.config/osc/oscrc <<'EOF'
[general]
apiurl = https://api.opensuse.org
[https://api.opensuse.org]
user=${{ vars.OBS_USERNAME }}
pass=${{ secrets.OBS_PASSWORD }}
EOF
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py

1
.obs/render_meta.py
View File

@@ -8,6 +8,7 @@ def render(base_project, subproject, internal, scm_url=None):
context = { context = {
"base_project": subproject == "", "base_project": subproject == "",
"title": f"SUSE Edge {version} {subproject}".rstrip(), "title": f"SUSE Edge {version} {subproject}".rstrip(),
"ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
} }
if subproject == "ToTest": if subproject == "ToTest":
context["project"] = f"{base_project}:ToTest" context["project"] = f"{base_project}:ToTest"

4
_config
View File

@@ -87,6 +87,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:metallb-controller-image BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif %endif
%endif %endif
@@ -113,6 +114,9 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard" %if "%_repository" == "standard"
# for build openstack-ironic-image # for build openstack-ironic-image
BuildFlags: allowrootforbuild BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif %endif
# Enable reproducible builds # Enable reproducible builds

2
_meta
View File

@@ -47,7 +47,7 @@
{%- if release_project is defined and not for_release %} {%- if release_project is defined and not for_release %}
<releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/> <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
{%- endif %} {%- endif %}
<path project="Cloud:OpenStack:2024.2" repository="15.6"/> <path project="{{ ironic_base }}:2024.2" repository="15.6"/>
<path project="SUSE:SLE-15-SP6:Update" repository="standard"/> <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
<arch>x86_64</arch> <arch>x86_64</arch>
<arch>aarch64</arch> <arch>aarch64</arch>

13
ironic-image/Dockerfile
View File

@@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
#!ArchExclusiveLine: x86_64 RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
WORKDIR /tmp WORKDIR /tmp
COPY prepare-efi.sh /bin/ COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\ cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY ironic.conf.j2 /etc/ironic/ COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/ COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

2
ironic-image/configure-ironic.sh
View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi fi
fi fi
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel" export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs" export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh # ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot boot

2
ironic-image/ironic.conf.j2
View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should # Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds. # be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160 send_sensor_data_interval = 160
bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp.img bootloader = http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
verify_step_priority_override = management.clear_job_queue:90 verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database # We don't use this feature, and it creates an additional load on the database
node_history = False node_history = False

51
ironic-image/prepare-efi.sh
View File

@@ -2,41 +2,26 @@
set -euxo pipefail set -euxo pipefail
ARCH=$(uname -m) declare -A efi_arch=(
DEST=${2:-/tmp/esp.img} ["x86_64"]="X64"
OS=${1:-sles} ["aarch64"]="AA64"
)
if [ $ARCH = "aarch64" ]; then for arch in "${!efi_arch[@]}"; do
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi DEST=/tmp/esp-${arch}.img
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
dd bs=1024 count=6400 if=/dev/zero of=$DEST dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

2
ironic-image/runhttpd
View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount # Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img cp /tmp/uefi_esp*.img /shared/html/
# Render the core httpd config # Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

14
ironic-ipa-downloader-image/Dockerfile
View File

@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/ COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN cp /usr/bin/getopt /installroot/ RUN cp /usr/bin/getopt /installroot/
FROM micro AS final FROM micro AS final
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot / COPY --from=base /installroot /
RUN cp /getopt /usr/bin/ RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user # configure non-root user
COPY configure-nonroot.sh /bin/ COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

68
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY} export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY} export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=1
else
CERTS_CHANGED=0
fi
fi
# Which image should we use # Which image should we use
if [ -z "${IPA_BASEURI}" ]; then if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${CERTS_CHANGED:-1}" = "1" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=0
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else else
FILENAME=ironic-python-agent FILENAME=ironic-python-agent
FILENAME_EXT=.tar FILENAME_EXT=.tar
@@ -25,47 +46,56 @@ else
# If we have a CACHEURL and nothing has yet been downloaded # If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache # get header info from the cache
ls -l ls -l
if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi fi
# Download the most recent version of IPA # Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd $TMPDIR cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers . curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already # curl didn't download anything because we have the ETag already
# but we don't have it in the images directory # but we don't have it in the images directory
# Its in the cache, go get it # Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
mv /shared/html/images/$FFILENAME.headers . mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME" curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi fi
else else
cd $TMPDIR cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
fi fi
if [ -s $FFILENAME ] ; then if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r") ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd - cd -
chmod 755 $TMPDIR chmod 755 "$TMPDIR"
mv $TMPDIR $FILENAME-$ETAG mv "$TMPDIR" "$FILENAME-$ETAG"
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
IMAGE_CHANGED=0
else else
rm -rf $TMPDIR rm -rf "$TMPDIR"
fi fi
fi fi
if [ -d "/tmp/ironic-certificates" ]; then if [ "${CERTS_CHANGED:-1}" = "0" ] || [ "${IMAGE_CHANGED:-1}" = "0" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/ cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?> <?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-301"> <image schemaversion="7.4" name="openstack-ironic-image">
<description type="system"> <description type="system">
<author>Cloud developers</author> <author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact> <contact>cloud-devel@suse.de</contact>

6
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR cd $TDIR
gzip -9 -f initrdtmp zstd initrdtmp -o initrd-%{_arch}.zst
INITRDGZ=`ls *.gz | head -1` INITRD=`ls *.zst | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image* ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1` KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

6
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,6 +5,7 @@
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1 apiVersion: v1
data: data:
@@ -19,8 +20,9 @@ data:
{{- $protocol = "http" }} {{- $protocol = "http" }}
{{- end }} {{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images" CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel" DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs" DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
kind: ConfigMap kind: ConfigMap
metadata: metadata:
name: baremetal-operator-ironic name: baremetal-operator-ironic

6
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,6 +12,7 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }} {{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }} DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -39,8 +40,9 @@ data:
{{- end }} {{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }} IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }} IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }} IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}" ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

3
metal3-chart/values.yaml
View File

@@ -63,6 +63,9 @@ global:
# Name for the MariaDB service # Name for the MariaDB service
databaseServiceName: metal3-mariadb databaseServiceName: metal3-mariadb
# Architecture for deployed nodes (either x86_64 or arm64)
deployArchitecture: x86_64
# In a multi-node cluster use the node selector to ensure the pods # In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP # all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the # and /opt/media exist. Uncomment the nodeSelector and update the

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.14.1 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
apiVersion: v2 apiVersion: v2
appVersion: 0.14.1 appVersion: 0.16.0
description: Rancher Turtles utility chart for airgap scenarios description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/ home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources name: rancher-turtles-airgap-resources
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up0.14.1" version: "%%CHART_MAJOR%%.0.0+up0.16.0"

7
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

1424
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

File diff suppressed because it is too large Load Diff

46
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
cluster.x-k8s.io/provider: bootstrap-rke2 cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,7 +154,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -300,7 +299,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -439,7 +437,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -495,7 +492,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -582,20 +578,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty. This field may be empty.
type: string type: string
severity: severity:
description: |- description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: Status of the condition, one of True, False, Unknown. description: status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase. type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -742,7 +738,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -893,7 +888,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1029,7 +1023,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1085,7 +1078,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1172,20 +1164,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty. This field may be empty.
type: string type: string
severity: severity:
description: |- description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: Status of the condition, one of True, False, Unknown. description: status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase. type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -1226,7 +1218,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
cluster.x-k8s.io/provider: bootstrap-rke2 cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1369,7 +1361,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1523,7 +1514,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1664,7 +1654,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1720,7 +1709,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1920,7 +1908,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2079,7 +2066,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2217,7 +2203,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2273,7 +2258,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2543,7 +2527,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command: command:
- /manager - /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.9.0 image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -2757,10 +2741,16 @@ data:
- major: 0 - major: 0
minor: 9 minor: 9
contract: v1beta1 contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v0.9.0 name: v0.11.0
namespace: rke2-bootstrap-system namespace: rke2-bootstrap-system
labels: labels:
provider-components: rke2-bootstrap provider-components: rke2-bootstrap

90
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -154,7 +154,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -300,7 +299,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -418,7 +416,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -464,7 +461,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -537,7 +533,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -593,7 +588,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -727,7 +721,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -804,7 +797,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -935,7 +927,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -980,6 +971,7 @@ data:
description: |- description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -993,7 +985,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1024,7 +1015,6 @@ data:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
required: required:
- endpoint - endpoint
- s3CredentialSecret
type: object type: object
scheduleCron: scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron description: 'ScheduleCron Snapshot interval time in cron
@@ -1201,20 +1191,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty. This field may be empty.
type: string type: string
severity: severity:
description: |- description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: Status of the condition, one of True, False, Unknown. description: status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase. type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -1387,7 +1377,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1538,7 +1527,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1640,6 +1628,7 @@ data:
description: |- description: |-
InfrastructureRef is a required reference to a custom resource InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider. offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -1653,7 +1642,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1704,7 +1692,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1742,7 +1729,7 @@ data:
additionalProperties: additionalProperties:
type: string type: string
description: |- description: |-
Annotations is an unstructured key value map stored with a resource that may be annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects. queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations More info: http://kubernetes.io/docs/user-guide/annotations
@@ -1783,7 +1770,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1817,6 +1803,7 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations. The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string type: string
postRKE2Commands: postRKE2Commands:
description: PostRKE2Commands specifies extra commands to run after description: PostRKE2Commands specifies extra commands to run after
@@ -1856,7 +1843,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -1912,7 +1898,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2043,7 +2028,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2120,7 +2104,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2251,7 +2234,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2296,6 +2278,7 @@ data:
description: |- description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -2309,7 +2292,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2340,7 +2322,6 @@ data:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
required: required:
- endpoint - endpoint
- s3CredentialSecret
type: object type: object
scheduleCron: scheduleCron:
description: 'ScheduleCron Snapshot interval time in cron description: 'ScheduleCron Snapshot interval time in cron
@@ -2490,7 +2471,6 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string type: string
required: required:
- infrastructureRef
- rolloutStrategy - rolloutStrategy
type: object type: object
status: status:
@@ -2524,20 +2504,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty. This field may be empty.
type: string type: string
severity: severity:
description: |- description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: Status of the condition, one of True, False, Unknown. description: status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase. type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -2609,7 +2589,7 @@ data:
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
cluster.x-k8s.io/provider: control-plane-rke2 cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2796,7 +2776,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -2955,7 +2934,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3058,6 +3036,7 @@ data:
description: |- description: |-
InfrastructureRef is a required reference to a custom resource InfrastructureRef is a required reference to a custom resource
offered by an infrastructure provider. offered by an infrastructure provider.
This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -3071,7 +3050,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3122,7 +3100,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3160,7 +3137,7 @@ data:
additionalProperties: additionalProperties:
type: string type: string
description: |- description: |-
Annotations is an unstructured key value map stored with a resource that may be annotations is an unstructured key value map stored with a resource that may be
set by external tools to store and retrieve arbitrary metadata. They are not set by external tools to store and retrieve arbitrary metadata. They are not
queryable and should be preserved when modifying objects. queryable and should be preserved when modifying objects.
More info: http://kubernetes.io/docs/user-guide/annotations More info: http://kubernetes.io/docs/user-guide/annotations
@@ -3201,7 +3178,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3235,6 +3211,7 @@ data:
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations. The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
type: string type: string
postRKE2Commands: postRKE2Commands:
description: PostRKE2Commands specifies extra commands to description: PostRKE2Commands specifies extra commands to
@@ -3275,7 +3252,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3331,7 +3307,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3466,7 +3441,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3545,7 +3519,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3679,7 +3652,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3724,6 +3696,7 @@ data:
description: |- description: |-
S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
If empty, the controller will default to IAM authentication
properties: properties:
apiVersion: apiVersion:
description: API version of the referent. description: API version of the referent.
@@ -3737,7 +3710,6 @@ data:
the event) or if no container name is specified "spec.containers[2]" (container with the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object. referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string type: string
kind: kind:
description: |- description: |-
@@ -3768,7 +3740,6 @@ data:
x-kubernetes-map-type: atomic x-kubernetes-map-type: atomic
required: required:
- endpoint - endpoint
- s3CredentialSecret
type: object type: object
scheduleCron: scheduleCron:
description: 'ScheduleCron Snapshot interval time description: 'ScheduleCron Snapshot interval time
@@ -3927,7 +3898,6 @@ data:
pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
type: string type: string
required: required:
- infrastructureRef
- rolloutStrategy - rolloutStrategy
type: object type: object
required: required:
@@ -3967,20 +3937,20 @@ data:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty. This field may be empty.
type: string type: string
severity: severity:
description: |- description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: Status of the condition, one of True, False, Unknown. description: status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase. type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -4293,7 +4263,7 @@ data:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.uid fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.9.0 image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -4348,7 +4318,7 @@ data:
volumes: volumes:
- name: cert - name: cert
secret: secret:
secretName: rke2-control-plane-webhook-service-cert secretName: rke2-controlplane-webhook-service-cert
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1
kind: Certificate kind: Certificate
@@ -4364,7 +4334,7 @@ data:
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: rke2-control-plane-selfsigned-issuer name: rke2-control-plane-selfsigned-issuer
secretName: rke2-control-plane-webhook-service-cert secretName: rke2-controlplane-webhook-service-cert
subject: subject:
organizations: organizations:
- Rancher by SUSE - Rancher by SUSE
@@ -4514,10 +4484,16 @@ data:
- major: 0 - major: 0
minor: 9 minor: 9
contract: v1beta1 contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v0.9.0 name: v0.11.0
namespace: rke2-control-plane-system namespace: rke2-control-plane-system
labels: labels:
provider-components: rke2-control-plane provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cluster-api-operator - name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.14.0 version: 0.16.0
digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4 digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
generated: "2024-12-03T09:34:12.871417074Z" generated: "2025-01-30T10:14:58.692942399Z"

8
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.14.1-%RELEASE% #!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
annotations: annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,7 +12,7 @@ annotations:
catalog.cattle.io/scope: management catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool catalog.cattle.io/type: cluster-tool
apiVersion: v2 apiVersion: v2
appVersion: 0.14.1 appVersion: 0.16.0
dependencies: dependencies:
- condition: cluster-api-operator.enabled - condition: cluster-api-operator.enabled
name: cluster-api-operator name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning - provisioning
name: rancher-turtles name: rancher-turtles
type: application type: application
version: "%%CHART_MAJOR%%.0.0+up0.14.1" version: "%%CHART_MAJOR%%.0.0+up0.16.0"

112
rancher-turtles-chart/questions.yml
View File

@@ -1,78 +1,44 @@
namespace: rancher-turtles-system namespace: rancher-turtles-system
questions: questions:
- variable: rancherTurtles.features.default - variable: rancherTurtles.features.default
default: "false" default: "false"
description: "Customize install settings" description: "Customize install settings"
label: Customize install settings label: Customize install settings
type: boolean
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: "Enable Cert Manager"
- variable: rancherTurtles.features.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
show_subquestion_if: true show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions: subquestions:
- variable: rancherTurtles.features.cluster-api-operator.kubectlImage - variable: cluster-api-operator.cert-manager.enabled
default: "rancher/kubectl:v1.30.3" default: false
description: "Specify the image to use when cleaning up the Cluster API Operator manifests" type: boolean
type: string description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
label: Cleanup Image label: "Enable Cert Manager"
group: "CAPI Operator cleanup settings" - variable: rancherTurtles.cluster-api-operator.cleanup
- variable: rancherTurtles.features.rancher-webhook.cleanup default: true
default: true description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
description: "Specify that the Rancher embedded cluster api webhooks should be removed" type: boolean
type: boolean label: Cleanup CAPI Operator installation
label: Cleanup Rancher Embedded CAPI Webhooks group: "CAPI Operator cleanup settings"
group: "Rancher webhook cleanup settings" - variable: cluster-api-operator.cluster-api.rke2.enabled
show_subquestion_if: true default: "true"
subquestions: description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
- variable: rancherTurtles.features.rancher-webhook.kubectlImage label: "Enable RKE2 Provider"
default: "rancher/kubectl:v1.30.3" type: boolean
description: "Specify the image to use when cleaning up the webhooks" - variable: rancherTurtles.features.addon-provider-fleet.enabled
type: string default: false
label: Webhook Cleanup Image description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
group: "Rancher webhook cleanup settings" type: boolean
- variable: rancherTurtles.features.rancher-kubeconfigs.label label: Seamless integration with Fleet and CAPI
default: false group: "Rancher Turtles Features Settings"
description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels" - variable: rancherTurtles.features.agent-tls-mode.enabled
type: boolean default: false
label: Label Rancher Kubeconfigs description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
group: "Rancher Turtles Features Settings" type: boolean
- variable: rancherTurtles.features.managementv3-cluster.enabled label: Enable Agent TLS Mode
default: true group: "Rancher Turtles Features Settings"
description: "Use v3/management cluster manifest for import, instead of v1/provisioning" - variable: rancherTurtles.kubectlImage
type: boolean default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
label: Use management v3 cluster manifest description: "Specify the image to use when running kubectl in jobs"
group: "Rancher Turtles Features Settings" type: string
- variable: rancherTurtles.features.managementv3-cluster-migration.enabled label: Kubectl Image
default: false group: "Rancher Turtles Features Settings"
description: "Automatically migrate between provisioning and management clusters on upgrade"
type: boolean
label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
group: "Rancher Turtles Features Settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.propagate-labels.enabled
default: false
description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
type: boolean
label: Propagate CAPI Labels
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"

7
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -35,10 +35,17 @@ data:
cluster: cluster:
patchResource: true patchResource: true
setOwnerReferences: true setOwnerReferences: true
hostNetwork: true
selector: selector:
matchLabels: matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true" cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
namespaceSelector: namespaceSelector:
matchLabels: matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true" cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
{{- end }} {{- end }}

4
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} {{- if index .Values "rancherTurtles" "rancherInstalled" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -55,7 +55,7 @@ spec:
serviceAccountName: pre-upgrade-job serviceAccountName: pre-upgrade-job
containers: containers:
- name: rancher-clusterctl-configmap-cleanup - name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args: args:
- delete - delete
- configmap - configmap

6
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers: containers:
- args: - args:
- --leader-elect - --leader-elect
- --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}} - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }} {{- range .Values.rancherTurtles.managerArguments }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -67,10 +67,10 @@ spec:
resources: resources:
limits: limits:
cpu: 500m cpu: 500m
memory: 128Mi memory: 256Mi
requests: requests:
cpu: 10m cpu: 10m
memory: 64Mi memory: 128Mi
serviceAccountName: rancher-turtles-manager serviceAccountName: rancher-turtles-manager
terminationGracePeriodSeconds: 10 terminationGracePeriodSeconds: 10
tolerations: tolerations:

2
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@@ -22,7 +22,7 @@ metadata:
spec: spec:
providers: providers:
- name: metal3 - name: metal3
url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml" url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml"
type: InfrastructureProvider type: InfrastructureProvider
--- ---
apiVersion: turtles-capi.cattle.io/v1alpha1 apiVersion: turtles-capi.cattle.io/v1alpha1

18
rancher-turtles-chart/templates/post-delete-job.yaml
View File

@@ -1,4 +1,4 @@
{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }} {{- if index .Values "cluster-api-operator" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
@@ -41,7 +41,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: post-delete-job name: post-delete-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: post-delete-job-delete-webhooks name: post-delete-job-delete-webhooks
@@ -62,7 +62,7 @@ spec:
serviceAccountName: post-delete-job serviceAccountName: post-delete-job
containers: containers:
- name: cluster-api-operator-mutatingwebhook-cleanup - name: cluster-api-operator-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -90,7 +90,7 @@ spec:
serviceAccountName: post-delete-job serviceAccountName: post-delete-job
containers: containers:
- name: cluster-api-operator-validatingwebhook-cleanup - name: cluster-api-operator-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -119,7 +119,7 @@ spec:
restartPolicy: Never restartPolicy: Never
containers: containers:
- name: delete-capi-controller-manager - name: delete-capi-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -128,7 +128,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }} - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-capi-kubeadm-bootstrap-controller-manager - name: delete-capi-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -137,7 +137,7 @@ spec:
- capi-kubeadm-bootstrap-system - capi-kubeadm-bootstrap-system
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-capi-kubeadm-control-plane-controller-manager - name: delete-capi-kubeadm-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -146,7 +146,7 @@ spec:
- capi-kubeadm-control-plane-system - capi-kubeadm-control-plane-system
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-rke2-kubeadm-bootstrap-controller-manager - name: delete-rke2-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete
@@ -155,7 +155,7 @@ spec:
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }} - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
- --ignore-not-found=true - --ignore-not-found=true
- name: delete-rke2-control-plane-controller-manager - name: delete-rke2-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"] command: ["kubectl"]
args: args:
- delete - delete

20
rancher-turtles-chart/templates/post-upgrade-job.yaml
View File

@@ -1,10 +1,9 @@
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: post-upgrade-job name: post-upgrade-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": post-upgrade "helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
@@ -24,13 +23,6 @@ rules:
verbs: verbs:
- list - list
- delete - delete
- apiGroups:
- management.cattle.io
resources:
- clusters
verbs:
- list
- delete
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding kind: ClusterRoleBinding
@@ -42,7 +34,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: post-upgrade-job name: post-upgrade-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: post-upgrade-job-delete-clusters name: post-upgrade-job-delete-clusters
@@ -52,6 +44,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: post-upgrade-delete-clusters name: post-upgrade-delete-clusters
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": post-upgrade "helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@@ -62,17 +55,12 @@ spec:
serviceAccountName: post-upgrade-job serviceAccountName: post-upgrade-job
containers: containers:
- name: post-upgrade-delete-clusters - name: post-upgrade-delete-clusters
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args: args:
- delete - delete
{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
- clusters.provisioning.cattle.io - clusters.provisioning.cattle.io
{{- else }}
- clusters.management.cattle.io
{{- end }}
- --selector=cluster-api.cattle.io/owned - --selector=cluster-api.cattle.io/owned
- -A - -A
- --ignore-not-found=true - --ignore-not-found=true
- --wait - --wait
restartPolicy: OnFailure restartPolicy: OnFailure
{{- end }}

10
rancher-turtles-chart/templates/pre-delete-job.yaml
View File

@@ -1,10 +1,10 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} {{- if index .Values "rancherTurtles" "rancherInstalled" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: pre-delete-job name: pre-delete-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-delete "helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2" "helm.sh/hook-weight": "-2"
@@ -35,7 +35,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: pre-delete-job name: pre-delete-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: pre-delete-job-delete-capiproviders name: pre-delete-job-delete-capiproviders
@@ -45,7 +45,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: rancher-capiprovider-cleanup name: rancher-capiprovider-cleanup
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-delete "helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-1" "helm.sh/hook-weight": "-1"
@@ -56,7 +56,7 @@ spec:
serviceAccountName: pre-delete-job serviceAccountName: pre-delete-job
containers: containers:
- name: rancher-capiprovider-cleanup - name: rancher-capiprovider-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args: args:
- delete - delete
- capiproviders - capiproviders

14
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@@ -1,4 +1,3 @@
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
{{- if index .Values "rancherTurtles" "rancherInstalled"}} {{- if index .Values "rancherTurtles" "rancherInstalled"}}
--- ---
apiVersion: management.cattle.io/v3 apiVersion: management.cattle.io/v3
@@ -11,14 +10,13 @@ metadata:
spec: spec:
value: false value: false
{{- end }} {{- end }}
{{- end }} {{- if index .Values "rancherTurtles" "rancherInstalled" }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
name: pre-install-job name: pre-install-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
@@ -49,7 +47,7 @@ metadata:
subjects: subjects:
- kind: ServiceAccount - kind: ServiceAccount
name: pre-install-job name: pre-install-job
namespace: rancher-turtles-system namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef: roleRef:
kind: ClusterRole kind: ClusterRole
name: pre-install-job-delete-webhooks name: pre-install-job-delete-webhooks
@@ -59,6 +57,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: rancher-mutatingwebhook-cleanup name: rancher-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@@ -69,7 +68,7 @@ spec:
serviceAccountName: pre-install-job serviceAccountName: pre-install-job
containers: containers:
- name: rancher-mutatingwebhook-cleanup - name: rancher-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args: args:
- delete - delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io - mutatingwebhookconfigurations.admissionregistration.k8s.io
@@ -81,6 +80,7 @@ apiVersion: batch/v1
kind: Job kind: Job
metadata: metadata:
name: rancher-validatingwebhook-cleanup name: rancher-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations: annotations:
"helm.sh/hook": pre-install "helm.sh/hook": pre-install
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
@@ -91,7 +91,7 @@ spec:
serviceAccountName: pre-install-job serviceAccountName: pre-install-job
containers: containers:
- name: rancher-validatingwebhook-cleanup - name: rancher-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }} image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args: args:
- delete - delete
- validatingwebhookconfigurations.admissionregistration.k8s.io - validatingwebhookconfigurations.admissionregistration.k8s.io

337
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

File diff suppressed because it is too large Load Diff

90
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
View File

@@ -4,7 +4,7 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
turtles-capi.cattle.io: etcd-restore turtles-capi.cattle.io: etcd-restore
name: etcdmachinesnapshots.turtles-capi.cattle.io name: etcdmachinesnapshots.turtles-capi.cattle.io
@@ -116,7 +116,7 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
turtles-capi.cattle.io: etcd-restore turtles-capi.cattle.io: etcd-restore
name: etcdsnapshotrestores.turtles-capi.cattle.io name: etcdsnapshotrestores.turtles-capi.cattle.io
@@ -195,20 +195,20 @@ spec:
description: |- description: |-
The reason for the condition's last transition in CamelCase. The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API. The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty. This field may be empty.
type: string type: string
severity: severity:
description: |- description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly. understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False. The Severity field MUST be set only when Status=False.
type: string type: string
status: status:
description: Status of the condition, one of True, False, Unknown. description: status of the condition, one of True, False, Unknown.
type: string type: string
type: type:
description: |- description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase. type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important. can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string type: string
@@ -235,7 +235,7 @@ kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.16.1
labels: labels:
turtles-capi.cattle.io: etcd-restore turtles-capi.cattle.io: etcd-restore
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
@@ -438,29 +438,7 @@ rules:
- cluster.x-k8s.io - cluster.x-k8s.io
resources: resources:
- clusters - clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters/status - clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines - machines
verbs: verbs:
- create - create
@@ -499,57 +477,7 @@ rules:
- turtles-capi.cattle.io - turtles-capi.cattle.io
resources: resources:
- etcdmachinesnapshots - etcdmachinesnapshots
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores - etcdsnapshotrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs - rke2etcdmachinesnapshotconfigs
verbs: verbs:
- create - create
@@ -562,12 +490,16 @@ rules:
- apiGroups: - apiGroups:
- turtles-capi.cattle.io - turtles-capi.cattle.io
resources: resources:
- etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers - rke2etcdmachinesnapshotconfigs/finalizers
verbs: verbs:
- update - update
- apiGroups: - apiGroups:
- turtles-capi.cattle.io - turtles-capi.cattle.io
resources: resources:
- etcdmachinesnapshots/status
- etcdsnapshotrestores/status
- rke2etcdmachinesnapshotconfigs/status - rke2etcdmachinesnapshotconfigs/status
verbs: verbs:
- get - get

38
rancher-turtles-chart/values.yaml
View File

@@ -1,35 +1,24 @@
rancherTurtles: rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.14.1 imageVersion: v0.16.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system namespace: rancher-turtles-system
managerArguments: [] managerArguments: []
imagePullSecrets: [] imagePullSecrets: []
rancherInstalled: true rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
features: features:
cluster-api-operator:
cleanup: true
kubectlImage: rancher/kubectl:v1.30.3
embedded-capi:
disabled: false
rancher-webhook:
cleanup: false
kubectlImage: rancher/kubectl:v1.30.3
rancher-kubeconfigs:
label: false
managementv3-cluster:
enabled: true
managementv3-cluster-migration:
enabled: false
propagate-labels:
enabled: false
etcd-snapshot-restore: etcd-snapshot-restore:
enabled: false enabled: false
image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.14.1 imageVersion: v0.16.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
# beta feature, see documentation for more information on feature stages
addon-provider-fleet: addon-provider-fleet:
enabled: false enabled: false
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
cluster-api-operator: cluster-api-operator:
enabled: true enabled: true
cert-manager: cert-manager:
@@ -53,6 +42,7 @@ cluster-api-operator:
- mountPath: /config - mountPath: /config
name: clusterctl-config name: clusterctl-config
readOnly: true readOnly: true
cleanup: true
cluster-api: cluster-api:
enabled: true enabled: true
configSecret: configSecret:
@@ -60,30 +50,34 @@ cluster-api-operator:
defaultName: capi-env-variables defaultName: capi-env-variables
core: core:
namespace: capi-system namespace: capi-system
imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
rke2: rke2:
enabled: true enabled: true
version: ""
bootstrap: bootstrap:
namespace: rke2-bootstrap-system namespace: rke2-bootstrap-system
imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
controlPlane: controlPlane:
namespace: rke2-control-plane-system namespace: rke2-control-plane-system
imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
metal3: metal3:
enabled: true enabled: true
version: "v1.8.2" version: "v1.9.2"
infrastructure: infrastructure:
namespace: capm3-system namespace: capm3-system
imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-controller:v1.8.2" imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
ipam: ipam:
namespace: capm3-system namespace: capm3-system
imageUrl: "registry.rancher.com/rancher/cluster-api-metal3-ipam-controller:v1.8.1" imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"

BIN
shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm Normal file
View File

Binary file not shown.

BIN
shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm Normal file
View File

Binary file not shown.

1099
shim-noarch/shim.changes Normal file
View File

File diff suppressed because it is too large Load Diff

90
shim-noarch/shim.spec Normal file
View File

@@ -0,0 +1,90 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%undefine _debuginfo_subpackages
%undefine _build_create_debug
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
Name: shim
Version: 15.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: shim-15.7-150300.4.16.1.x86_64.rpm
Source1: shim-15.7-150300.4.16.1.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package aarch64
Provides: shim(aarch64)
Group: System/Boot
Summary: UEFI shim loader
%package x86_64
Provides: shim(x86_64)
Group: System/Boot
Summary: UEFI shim loader
%description aarch64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%description x86_64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/aarch64
%{sysefibasedir}/aarch64/shim.efi
%{sysefibasedir}/aarch64/shim-*.efi
%{sysefibasedir}/aarch64/shim-*.der
%{sysefibasedir}/aarch64/MokManager.efi
%{sysefibasedir}/aarch64/fallback.efi
%files x86_64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/x86_64
%{sysefibasedir}/x86_64/shim.efi
%{sysefibasedir}/x86_64/shim-*.efi
%{sysefibasedir}/x86_64/shim-*.der
%{sysefibasedir}/x86_64/MokManager.efi
%{sysefibasedir}/x86_64/fallback.efi
%changelog