Merge pull request 'Backport LACP fix to 3.3' (#290 ) from nbelouin/Factory:IPA_Driver_33 into 3.3

Reviewed-on: suse-edge/Factory#290 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Bump metal3-chart version
2025-10-30 09:34:21 +01:00 · 2025-10-29 14:08:27 +01:00 · 2025-10-29 14:08:27 +01:00 · 2025-10-29 14:08:27 +01:00 · 2025-10-29 14:08:27 +01:00 · 2025-10-29 14:08:27 +01:00
167 changed files with 4966 additions and 2893 deletions
--- a/.gitea/workflows/check_manifest.yaml
+++ b/.gitea/workflows/check_manifest.yaml
@@ -0,0 +1,23 @@
 name: Check Release Manifest Local Charts Versions
 on:
  pull_request:
      branches-ignore:
      - "devel"
 jobs:
  sync-pr-project:
    name: "Check Release Manifest Local Charts Versions"
    runs-on: tumbleweed
    steps:
        # Waiting on PR to get merged for support in upstream action/checkout action
      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
        name: Checkout repository
        with:
          object-format: 'sha256'
      - name: Setup dependencies
        run: |
          zypper in -y python3-ruamel.yaml
      - name: Check release manifest
        run: |
          python3 .obs/manifest-check.py --check
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,3 @@
 */.osc
 */__pycache__
 .venv/
 .idea/
--- a/.obs/common.py
+++ b/.obs/common.py
@@ -1,3 +1,3 @@
-PROJECT = "isv:SUSE:Edge:Factory:Devel"
+PROJECT = "isv:SUSE:Edge:3.3"
 REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
-BRANCH = "devel"
+BRANCH = "3.3"
--- a/.obs/manifest-check.py
+++ b/.obs/manifest-check.py
@@ -0,0 +1,84 @@
 #!/usr/bin/python3
 import ruamel.yaml
 import pathlib
 import argparse
 import sys
 yaml = ruamel.yaml.YAML()
 def get_chart_version(chart_name: str) -> str:
    with open(f"./{chart_name}-chart/Chart.yaml") as f:
        chart = yaml.load(f)
        return chart["version"]
 def get_charts(chart):
    if not chart["chart"].startswith("%%CHART_REPO%%"):
        # Not a locally managed chart
        return {}
    chart_name = chart["chart"][len("%%CHART_REPO%%/%%CHART_PREFIX%%"):]
    charts = { chart_name: chart["version"] }
    for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
        charts.update(get_charts(child_chart))
    return charts
 def get_charts_list():
    with open("./release-manifest-image/release_manifest.yaml") as f:
        manifest = yaml.load(f)
    charts = {}
    for chart in manifest["spec"]["components"]["workloads"]["helm"]:
        charts.update(get_charts(chart))
    return charts
 def check_charts(fix: bool) -> bool:
    success = True
    charts = get_charts_list()
    to_fix = {}
    for chart in charts:
        expected_version = get_chart_version(chart)
        if expected_version != charts[chart]:
            success = False
            to_fix[f'%%CHART_REPO%%/%%CHART_PREFIX%%{chart}'] = expected_version
            print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
    if fix and not success:
        fix_charts(to_fix)
        return True
    return success
 def fix_charts(to_fix):
    manifest_path = pathlib.Path("./release-manifest-image/release_manifest.yaml")
    manifest = yaml.load(manifest_path)
    yaml.indent(mapping=2, sequence=4, offset=2)
    yaml.width = 4096
    for chart_index, chart in enumerate(manifest["spec"]["components"]["workloads"]["helm"]):
        changed = False
        if chart["chart"] in to_fix.keys():
            changed = True
            chart["version"] = to_fix[chart["chart"]]
        for subchart_index, subchart in enumerate(chart.get("addonCharts", [])):
            if subchart["chart"] in to_fix.keys():
                changed = True
                subchart["version"] = to_fix[subchart["chart"]]
                chart["addonCharts"][subchart_index] = subchart
        for subchart_index, subchart in enumerate(chart.get("dependencyCharts", [])):
            if subchart["chart"] in to_fix.keys():
                changed = True
                subchart["version"] = to_fix[subchart["chart"]]
                chart["dependencyCharts"][subchart_index] = subchart
        if changed:
            manifest["spec"]["components"]["workloads"]["helm"][chart_index] = chart
    yaml.dump(manifest, manifest_path)
 def main():
    print("Checking charts versions in release manifest")
    parser = argparse.ArgumentParser()
    parser.add_argument('-c', '--check', action='store_true')
    args = parser.parse_args()
    if not check_charts(not args.check):
        sys.exit(1)
    else:
        print("All local charts in release manifest are using the right version")
 if __name__ == "__main__":
    main()
--- a/.obs/trigger_package.py
+++ b/.obs/trigger_package.py
@@ -1,65 +0,0 @@
 import xml.etree.ElementTree as ET
 import subprocess
 from sync_packages import get_local_packages
 from common import PROJECT
 def get_service_repo(package):
    with open(f"{package}/_service") as service:
        root = ET.parse(service).getroot()
        for service in root.findall("service"):
            if service.get("mode") in ["manual", "disabled"]:
                continue
            if service.get("name") not in ["obs_scm", "tar_scm"]:
                continue
            ref = service.find("param[@name='revision']").text
            repo = service.find("param[@name='url']").text
            return (repo, ref)
    return None
 def get_remote_ref(project, package):
    files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
    for filename in files:
        if filename.startswith("_service") and filename.endswith(".obsinfo"):
            obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
            for line in obsinfo:
                if line.startswith("commit:"):
                    return line.split(':')[-1].strip()
 def get_upstream_ref(repo, ref):
    refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
    refpath = ref.split('/')
    best = None
    for rref in refs:
        value = rref.split('\t')
        (sha, name) = (value[0].strip(), value[1].strip())
        namepath = name.split('/')
        if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
            if name.endswith(ref) and best is None:
                best = sha
            if name.endswith("^{}"):
                best = sha
    return best
 def trigger_service(project, package):
    subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
 def main():
    packages = get_local_packages()
    for package in packages:
        try:
            (repo, ref) = get_service_repo(package)
            print(f"{package} uses {repo} at {ref}")
        except: # Package is not using server side scm service
            continue
        remote_ref = get_remote_ref(PROJECT, package)
        upstream_ref = get_upstream_ref(repo, ref)
        if upstream_ref != remote_ref:
            print(f"\t{package} needs a refresh")
            print(f"\tOBS ref is {remote_ref}")
            print(f"\tgit ref is {upstream_ref}")
            trigger_service(PROJECT, package)
 if __name__ == "__main__":
    main()
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,10 @@
 repos:
  - repo: local
    hooks:
      - id: check-manifest
        name: "Check release-manifest"
        entry: python3 .obs/manifest-check.py
        language: python
        additional_dependencies: ['ruamel.yaml']
        pass_filenames: false
        always_run: true
--- a/9
+++ b/9
@@ -109,6 +109,11 @@ BuildFlags: onlybuild:release-manifest-image
    # Publish multi-arch container images only once all archs have been built
    PublishFlags: archsync
    # skopeo and umoci are used by build scripts to list packages
    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
 %endif
 %if "%_repository" == "images"
    # skopeo and umoci are used by build scripts to list packages
    Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
@@ -123,6 +128,8 @@ BuildFlags: onlybuild:release-manifest-image
    BuildFlags: dockerarg:SLE_VERSION=16.0
    BuildFlags: onlybuild:kiwi-builder-image
    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
    # Publish multi-arch container images only once all archs have been built
    PublishFlags: archsync
@@ -140,8 +147,10 @@ BuildFlags: onlybuild:release-manifest-image
    %endif
 %else
    %if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
      BuildFlags: excludebuild:kiwi-builder-image
    %endif
 %endif
--- a/3
+++ b/3
@@ -23,6 +23,9 @@
    <disable/>
    <enable repository="charts"/>
    <enable repository="test_manifest_images"/>
    {%- if for_release %}
    <enable repository="releasecharts"/>
    {%- endif %}
  </build>
  <publish>
    <disable repository="phantomcharts"/>
--- a/akri-dashboard-extension-chart/Chart.yaml
+++ b/akri-dashboard-extension-chart/Chart.yaml
@@ -1,6 +1,6 @@
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
+#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
+#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -10,13 +10,13 @@ annotations:
  catalog.cattle.io/ui-component: plugins
  catalog.cattle.io/display-name: Akri
  catalog.cattle.io/rancher-version: '>= 2.11.0-0'
-  catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
+  catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
  catalog.cattle.io/kube-version: '>= v1.26.0-0'
 apiVersion: v2
-appVersion: 303.0.1+up1.3.0
+appVersion: 303.0.2+up1.3.1
 description: 'SUSE Edge: Akri extension for Rancher Dashboard'
 name: akri-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.1+up1.3.0"
+version: "%%CHART_MAJOR%%.0.2+up1.3.1"
 icon: >-
  https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
--- a/akri-dashboard-extension-chart/templates/cr.yaml
+++ b/akri-dashboard-extension-chart/templates/cr.yaml
@@ -8,7 +8,7 @@ spec:
  plugin:
    name: {{ include "extension-server.fullname" . }}
    version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.2+up1.3.1
    noCache: {{ .Values.plugin.noCache }}
    noAuth: {{ .Values.plugin.noAuth }}
    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
--- a/akri-dashboard-extension-chart/values.yaml
+++ b/akri-dashboard-extension-chart/values.yaml
@@ -8,5 +8,5 @@ plugin:
  metadata:
    catalog.cattle.io/display-name: Akri
    catalog.cattle.io/rancher-version: ">= 2.11.0-0"
-    catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
    catalog.cattle.io/kube-version: ">= v1.26.0-0"
--- a/baremetal-operator-image/Dockerfile
+++ b/baremetal-operator-image/Dockerfile
@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,6 +29,8 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 COPY bmo-run /usr/bin/bmo-run
 RUN chmod +x /usr/bin/bmo-run
 RUN groupadd -r -g 11000 bmo
 RUN useradd -u 11000 -g 11000 bmo
-ENTRYPOINT [ "/usr/bin/baremetal-operator" ]
+ENTRYPOINT [ "/usr/bin/bmo-run" ]
--- a/baremetal-operator-image/bmo-run
+++ b/baremetal-operator-image/bmo-run
@@ -0,0 +1,12 @@
 #!/bin/bash
 export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
 export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
 if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
    # shellcheck disable=SC2034
    inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
        kill $(pgrep baremetal-opera)
    done &
 fi
 exec /usr/bin/baremetal-operator $@
--- a/cdi-chart/Chart.yaml
+++ b/cdi-chart/Chart.yaml
@@ -1,9 +1,9 @@
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
-#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
 apiVersion: v2
-appVersion: 1.60.1
+appVersion: 1.61.0
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.4.0"
+version: "%%CHART_MAJOR%%.0.0+up0.5.0"
--- a/cdi-chart/templates/cdi-operator.yaml
+++ b/cdi-chart/templates/cdi-operator.yaml
@@ -606,17 +606,7 @@ spec:
        prometheus.cdi.kubevirt.io: "true"
    spec:
      affinity:
-        podAffinity:
+{{- .Values.deployment.affinity | toYaml | nindent 8 }}
          preferredDuringSchedulingIgnoredDuringExecution:
            - podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: cdi.kubevirt.io
                      operator: In
                      values:
                        - cdi-operator
                topologyKey: kubernetes.io/hostname
              weight: 1
      containers:
        - env:
            - name: DEPLOY_CLUSTER_RESOURCES
@@ -650,9 +640,7 @@ spec:
              name: metrics
              protocol: TCP
          resources:
-            requests:
+{{- .Values.deployment.resources | toYaml | nindent 12 }}
              cpu: 100m
              memory: 150Mi
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
@@ -661,6 +649,8 @@ spec:
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
      nodeSelector:
        kubernetes.io/os: linux
      securityContext:
--- a/cdi-chart/values.yaml
+++ b/cdi-chart/values.yaml
@@ -1,5 +1,5 @@
 deployment:
-  version: 1.60.1-150600.3.9.1
+  version: 1.61.0-150600.3.12.1
  operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
  controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
  importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,6 +8,22 @@ deployment:
  uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
  uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
  pullPolicy: IfNotPresent
  affinity:
    podAffinity:
      preferredDuringSchedulingIgnoredDuringExecution:
        - podAffinityTerm:
            labelSelector:
              matchExpressions:
                - key: cdi.kubevirt.io
                  operator: In
                  values:
                    - cdi-operator
            topologyKey: kubernetes.io/hostname
          weight: 1
  resources:
    requests:
      cpu: 100m
      memory: 150Mi
 cdi:
  config:
--- a/edge-build-checks/20-helm-images
+++ b/edge-build-checks/20-helm-images
@@ -8,6 +8,7 @@ import pprint
 AUTHORIZED_REPOS = [
    "registry.suse.com/suse/sles/",
    "registry.suse.com/rancher",
    "registry.rancher.com",
 ]
--- a/edge-image-builder-image/Dockerfile
+++ b/edge-image-builder-image/Dockerfile
@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
+LABEL org.opencontainers.image.version="1.2.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/edge-image-builder-image/_service
+++ b/edge-image-builder-image/_service
@@ -1,10 +1,5 @@
 <services>
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service name="replace_using_package_version" mode="buildtime">
      <param name="file">Dockerfile</param>
      <param name="regex">%PACKAGE_VERSION%</param>
      <param name="package">edge-image-builder</param>
    </service>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Dockerfile</param>
    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
--- a/edge-image-builder/_service
+++ b/edge-image-builder/_service
@@ -1,12 +1,15 @@
 <services>
  <service name="obs_scm">
    <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
    <param name="versionformat">@PARENT_TAG@_%h.%ad</param>
    <param name="scm">git</param>
    <param name="exclude">.git</param>
-    <param name="revision">main</param>
+    <param name="revision">v1.2.1</param>
-    <param name="versionrewrite-pattern">v(.*)</param>
+    <!-- Uncomment and set this For Pre-Release Version -->
-    <param name="versionrewrite-replacement">\1</param>
+    <!-- <param name="version">1.2.0~rc1</param> -->
    <!-- Uncomment and this for regular version -->
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
    <param name="versionrewrite-replacement">\1.\2.\3</param>
    <param name="changesgenerate">enable</param>
  </service>
  <service mode="buildtime" name="tar">
--- a/edge-image-builder/edge-image-builder.spec
+++ b/edge-image-builder/edge-image-builder.spec
@@ -17,7 +17,7 @@
 Name:           edge-image-builder
-Version:        0
+Version:        1.2.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0
--- a/ironic-ipa-downloader-image/Dockerfile
+++ b/ironic-ipa-downloader-image/Dockerfile
@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -19,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.3"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -34,8 +33,6 @@ LABEL com.suse.release-stage="released"
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
 RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
 RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
--- a/ironic-ipa-downloader-image/Dockerfile.aarch64
+++ b/ironic-ipa-downloader-image/Dockerfile.aarch64
@@ -0,0 +1,43 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8
 #!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
 RUN cp /usr/bin/getopt /installroot/
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.ironic
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
 LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
 RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
 COPY get-resource.sh /usr/local/bin/get-resource.sh
 RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh
--- a/ironic-ipa-downloader-image/Dockerfile.x86_64
+++ b/ironic-ipa-downloader-image/Dockerfile.x86_64
@@ -0,0 +1,43 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8
 #!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
 RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
 RUN cp /usr/bin/getopt /installroot/
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.ironic
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
 LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
 LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
 LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
 LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
 RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
 COPY get-resource.sh /usr/local/bin/get-resource.sh
 RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh
--- a/ironic-ipa-downloader-image/_multibuild
+++ b/ironic-ipa-downloader-image/_multibuild
@@ -0,0 +1,4 @@
 <multibuild>
  <flavor>x86_64</flavor>
  <flavor>aarch64</flavor>
 </multibuild>
--- a/ironic-ipa-downloader-image/_service
+++ b/ironic-ipa-downloader-image/_service
@@ -2,6 +2,8 @@
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service mode="buildtime" name="docker_label_helper"/>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Dockerfile.aarch64</param>
    <param name="file">Dockerfile.x86_64</param>
    <param name="file">Dockerfile</param>
    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
--- a/ironic-ipa-downloader-image/get-resource.sh
+++ b/ironic-ipa-downloader-image/get-resource.sh
@@ -6,6 +6,8 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
 export https_proxy=${https_proxy:-$HTTPS_PROXY}
 export no_proxy=${no_proxy:-$NO_PROXY}
 IMAGES_BASE_PATH="/srv/tftpboot/openstack-ironic-image"
 if [ -d "/tmp/ironic-certificates" ]; then
  sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
  if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
@@ -26,11 +28,15 @@ if [ -z "${IPA_BASEURI}" ]; then
  IMAGE_CHANGED=1
  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
  mkdir -p /shared/html/images
-  cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
+  if [ -f ${IMAGES_BASE_PATH}/initrd-x86_64.zst ]; then
-  cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
+    cp ${IMAGES_BASE_PATH}/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
  fi
  # Use arm64 as destination for iPXE compatibility
-  cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
+  if [ -f ${IMAGES_BASE_PATH}/initrd-aarch64.zst ]; then
-  cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
+    cp ${IMAGES_BASE_PATH}/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
  fi
  cp /tmp/images.sha256 /shared/images.sha256
 else
--- a/ironic-ipa-ramdisk/config.sh
+++ b/ironic-ipa-ramdisk/config.sh
@@ -13,15 +13,10 @@ echo "Configure image: [$kiwi_iname]..."
 #------------------------------------------
 baseSetupBuildDay
 #======================================
 # Mount system filesystems
 #--------------------------------------
 #baseMount
 #==========================================
 # remove unneded kernel files
 #------------------------------------------
-suseStripKernel
+#suseStripKernel
 baseStripLocales en_US.utf-8 C.utf8
 #======================================
@@ -39,12 +34,8 @@ suseImportBuildKey
 #--------------------------------------
 baseInsertService openstack-ironic-python-agent
 baseInsertService suse-ironic-image-setup
 baseInsertService suse-network-setup
 baseInsertService sshd
 baseInsertService NetworkManager
 #suseInsertService sshd
 #suseInsertService openstack-ironic-python-agent
 #suseInsertService suse-ironic-image-setup
 echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
 baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
@@ -64,42 +55,7 @@ sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/l
 #------------------------------------------
 echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
 #==========================================
 # remove package docs and manuals
 #------------------------------------------
 #baseStripDocs
 #baseStripMans
 #baseStripInfos
 #======================================
 # only basic version of vim is
 # installed; no syntax highlighting
 #--------------------------------------
 sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
 #======================================
 # Remove yast if not in use
 #--------------------------------------
 #suseRemoveYaST
 #======================================
 # Remove package manager
 #--------------------------------------
 #suseStripPackager
 #rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
 #======================================
 # Umount kernel filesystems
 #--------------------------------------
 #baseCleanMount
 ln -s /sbin/init /init
 #==========================================
 # umount
 #------------------------------------------
 umount /proc >/dev/null 2>&1
 exit 0
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
@@ -12,6 +12,7 @@
        <locale>en_US</locale>
        <packagemanager>zypper</packagemanager>
        <rpm-check-signatures>false</rpm-check-signatures>
        <rpm-excludedocs>true</rpm-excludedocs>
        <timezone>UTC</timezone>
        <version>1.0.0</version> 
    </preferences>	
@@ -27,68 +28,6 @@
      <source path="dir:///.build.binaries"/>
    </repository>
    <drivers>
        <file name="crypto/*"/>
        <file name="drivers/acpi/*"/>
        <file name="drivers/acpi/dock.ko"/>
        <file name="drivers/ata/*"/>
        <file name="drivers/block/brd.ko"/>
        <file name="drivers/block/cciss.ko"/>
        <file name="drivers/block/loop.ko"/>
        <file name="drivers/block/virtio_blk.ko"/>
        <file name="drivers/cdrom/*"/>
        <file name="drivers/char/hw_random/virtio-rng.ko"/>
        <file name="drivers/char/lp.ko"/>
        <file name="drivers/char/ipmi/*"/>
        <file name="drivers/firmware/iscsi_ibft.ko"/>
        <file name="drivers/firmware/edd.ko"/>
        <file name="drivers/gpu/drm/*"/>
        <file name="drivers/hid/*"/>
        <file name="drivers/hv/*"/>
        <file name="drivers/hwmon/*"/>
        <file name="drivers/ide/*"/>
        <file name="drivers/input/keyboard/*"/>
        <file name="drivers/input/mouse/*"/>
        <file name="drivers/md/*"/>
        <file name="drivers/message/fusion/*"/>
        <file name="drivers/misc/hpilo.ko"/>
        <file name="drivers/net/*"/>
        <file name="drivers/parport/*"/>
        <file name="drivers/scsi/*"/>
        <file name="drivers/staging/hv/*"/>
        <file name="drivers/target/*"/>
        <file name="drivers/thermal/*"/>
        <file name="drivers/usb/*"/>
        <file name="drivers/virtio/*"/>
        <file name="fs/binfmt_aout.ko"/>
        <file name="fs/binfmt_misc.ko"/>
        <file name="fs/overlayfs/*"/>
        <file name="fs/btrfs/*"/>
        <file name="fs/exportfs/*"/>
        <file name="fs/ext4/*"/>
        <file name="fs/fat/*"/>
        <file name="fs/fuse/*"/>
        <file name="fs/hfs/*"/>
        <file name="fs/jbd2/*"/>
        <file name="fs/nfs/*"/>
        <file name="fs/mbcache.ko"/>
        <file name="fs/nls/nls_cp437.ko"/>
        <file name="fs/nls/nls_iso8859-1.ko"/>
        <file name="fs/nls/nls_utf8.ko"/>
        <file name="fs/quota_v1.ko"/>
        <file name="fs/quota_v2.ko"/>
        <file name="fs/squashfs/*"/>
        <file name="fs/udf/*"/>
        <file name="fs/vfat/*"/>
        <file name="fs/xfs/*"/>
        <file name="fs/isofs/*"/>
        <file name="lib/crc-t10dif.ko"/>
        <file name="lib/crc16.ko"/>
        <file name="lib/libcrc32c.ko"/>
        <file name="lib/zlib_deflate/zlib_deflate.ko"/>
        <file name="net/packet/*"/>
    </drivers>
    <packages type="delete">
        <package name="gpg2"/>
        <package name="libcairo2"/>
@@ -102,62 +41,23 @@
        <package name="libxcb-render0"/>
        <package name="libxcb-shm0"/>
        <package name="libxcb1"/>
-        <package name="plymouth"/>
+        <package name="kernel-firmware-amdgpu"/>
-        <package name="plymouth-branding-SLE"/>
+        <package name="kernel-firmware-ath10k"/>
-    </packages>
+        <package name="kernel-firmware-ath11k"/>
-
+        <package name="kernel-firmware-ath12k"/>
-    <packages type="image">
+        <package name="kernel-firmware-atheros"/>
-        <package name="checkmedia"/>
+        <package name="kernel-firmware-bluetooth"/>
-        <package name="plymouth-branding-SLE"/>
+        <package name="kernel-firmware-brcm"/>
-        <package name="plymouth-dracut"/>
+        <package name="kernel-firmware-i915"/>
-        <package name="plymouth-theme-bgrt"/>
+        <package name="kernel-firmware-iwlwifi"/>
-        <package name="grub2-branding-SLE"/>
+        <package name="kernel-firmware-media"/>
-        <package name="iputils"/>
+        <package name="kernel-firmware-nvidia"/>
-        <package name="vim"/>
+        <package name="kernel-firmware-qcom"/>
-        <package name="grub2"/>
+        <package name="kernel-firmware-radeon"/>
-        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="kernel-firmware-realtek"/>
-        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="kernel-firmware-sound"/>
-        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="kernel-firmware-ti"/>
-        <package name="syslinux" arch="x86_64"/>
+        <package name="kernel-firmware-ueagle"/>
        <package name="lvm2"/>
        <package name="plymouth"/>
        <package name="fontconfig"/>
        <package name="fonts-config"/>
        <package name="openssh"/>
        <package name="iproute2"/>
        <package name="which"/>
        <package name="kernel-firmware"/>
        <package name="kernel-default"/>
        <package name="NetworkManager"/>
        <package name="nm-configurator"/>
        <package name="timezone"/>
        <package name="haveged"/>
        <!-- ironic-python-agent specific -->
        <package name="openstack-ironic-python-agent"/>
        <package name="hdparm"/>
        <package name="qemu-tools"/>
        <package name="python311-proliantutils"/>
        <package name="lshw"/>
        <package name="dmidecode"/>
        <package name="efibootmgr"/>
        <package name="gptfdisk"/>
        <package name="open-iscsi"/>
        <package name="hwinfo"/>
        <package name="ipmitool"/>
        <package name="iputils"/>
        <package name="lvm2"/>
        <package name="net-tools"/>
        <package name="ntp"/>
        <package name="parted"/>
        <package name="psmisc"/>
        <package name="timezone"/>
        <package name="which"/>
        <package name="kbd"/>
    </packages>
    <packages type="kis">
        <package name="dracut-kiwi-oem-repart"/>
        <package name="dracut-kiwi-oem-dump"/>
    </packages>
    <packages type="bootstrap">
@@ -167,5 +67,50 @@
        <package name="cracklib-dict-full"/>
        <package name="ca-certificates"/>
        <package name="sles-release"/>
        <package name="checkmedia"/>
        <package name="fontconfig"/>
        <package name="fonts-config"/>
        <package name="grub2-arm64-efi" arch="aarch64"/>
        <package name="grub2-branding-SLE"/>
        <package name="grub2-i386-pc" arch="x86_64"/>
        <package name="grub2-x86_64-efi" arch="x86_64"/>
        <package name="grub2"/>
        <package name="iproute2"/>
        <package name="iputils"/>
        <package name="kernel-default"/>
        <package name="kernel-firmware-all"/>
        <package name="lvm2"/>
        <package name="NetworkManager"/>
        <package name="nm-configurator"/>
        <package name="openssh"/>
        <package name="timezone"/>
        <package name="which"/>
        <!-- ironic-python-agent specific -->
        <package name="dmidecode"/>
        <package name="efibootmgr"/>
        <package name="gptfdisk"/>
        <package name="hdparm"/>
        <package name="hwinfo"/>
        <package name="ipmitool"/>
        <package name="iputils"/>
        <package name="kbd"/>
        <package name="lshw"/>
        <package name="lvm2"/>
        <package name="net-tools"/>
        <package name="ntp"/>
        <package name="open-iscsi"/>
        <package name="openstack-ironic-python-agent"/>
        <package name="parted"/>
        <package name="psmisc"/>
        <package name="python311-proliantutils"/>
        <package name="qemu-tools"/>
        <package name="timezone"/>
        <package name="which"/>
    </packages>
    <packages type="kis">
        <package name="dracut-kiwi-oem-repart"/>
        <package name="dracut-kiwi-oem-dump"/>
    </packages> 
 </image>
--- a/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
+++ b/ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
@@ -19,7 +19,7 @@
 Name:           ironic-ipa-ramdisk
-Version:        3.0.3
+Version:        3.0.7
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
@@ -27,7 +27,7 @@ Group:          System/Management
 URL:            https://github.com/SUSE-Cloud/
 Source0:        config.sh
 Source10:       ironic-ipa-ramdisk.kiwi
-Source20:       root.tar.bz2
+Source20:       root
 BuildRequires:  -post-build-checks
 BuildRequires:  bash
@@ -38,7 +38,7 @@ BuildArch:      noarch
 BuildRequires:  checkmedia
 BuildRequires:  acl
-BuildRequires:  ca-certificates
+BuildRequires:  ca-certificates-mozilla-prebuilt
 BuildRequires:  cracklib-dict-full
 BuildRequires:  cron
 BuildRequires:  dbus-1
@@ -62,7 +62,7 @@ BuildRequires:  ipmitool
 BuildRequires:  iproute2
 BuildRequires:  iputils
 BuildRequires:  kernel-default
-BuildRequires:  kernel-firmware
+BuildRequires:  kernel-firmware-all
 BuildRequires:  lvm2
 BuildRequires:  net-tools
 BuildRequires:  ntp
@@ -123,13 +123,13 @@ Kernel and ramdisk image for use with Metal3
 For %{_arch}
 %prep
-mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
+mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/img
 cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
 cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
-tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
+cp -ar %{SOURCE20} /tmp/openstack-ironic-image/root
 %build
 if ! which kiwi; then
--- a/ironic-ipa-ramdisk/root.tar.bz2
+++ b/ironic-ipa-ramdisk/root.tar.bz2
--- a/ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf
+++ b/ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf
@@ -0,0 +1,24 @@
 # WARNING: This file has been modified by the diskimage-builder
 # dhcp-all-interfaces element as this machine is likely running
 # a ramdisk or needs to attempt auto-configuration on all interfaces.
 [main]
 # This makes sense even with dhcp on all interfaces in the event
 # that the configuration has been or is being supplied via external means.
 ignore-carrier=*
 # Use dhclient as was done previously to the Centos8/RHEL8 RPM defaults.
 # This is because dhclient shuts the interface down after a retry attempt
 # which allows the link state to reset with some switches, which may be
 # important for the ramdisk to recover networking.
 dhcp=dhclient
 [connection]
 # Keep retrying, this is important for this important espescialy for
 # ramdisks in environments where varying switch configurations may
 # cause traffic to be blocked or intermittent connectivity failures
 # such as those at an edge site may cause issues.
 autoconnect-retries=-1
 # Set the timeout. Diskimage-builder dhcp-all-interfaces has a 30
 # second default. NetworkManager, by default, is 45 seconds.
 # In some cases where ramdisks are in use, 60 seconds is advisable.
 ipv4.dhcp-timeout=30
 ipv6.dhcp-timeout=30
--- a/ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d
+++ b/ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d
@@ -0,0 +1 @@
 ironic-python-agent/ironic-python-agent.conf.d
--- a/ironic-ipa-ramdisk/root/etc/issue
+++ b/ironic-ipa-ramdisk/root/etc/issue
@@ -0,0 +1 @@
 SUSE Ironic Python Agent Ramdisk - terminal \l
--- a/ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf
+++ b/ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf
@@ -0,0 +1,2 @@
 # avoid problems with multiple network interfaces
 net.ipv4.conf.all.rp_filter=0
--- a/ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf
+++ b/ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf
@@ -0,0 +1,7 @@
 [Unit]
 #WantsMountsFor=/mnt/ipa
 After=mnt-ipa.mount
 Wants=mnt-ipa.mount
 [Service]
 ExecStartPre=-/usr/local/bin/suse-network-setup.sh
--- a/ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount
+++ b/ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount
@@ -0,0 +1,7 @@
 [Unit]
 Description=config-2 rom consumed by IPA for networking configuration
 [Mount]
 What=/dev/ipa
 Where=/mnt/ipa
 TimeoutSec=30
--- a/ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service
+++ b/ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service
@@ -0,0 +1,12 @@
 [Unit]
 Description=Setup ironic-python-agent image
 After=getty.target
 [Service]
 Type=oneshot
 ExecStart=/usr/local/bin/suse-ironic-image-setup.sh
 StandardOutput=journal+console
 RemainAfterExit=true
 [Install]
 WantedBy=multi-user.target
--- a/ironic-ipa-ramdisk/root/etc/systemd/system/systemd-udevd.service.d/ordering.conf
+++ b/ironic-ipa-ramdisk/root/etc/systemd/system/systemd-udevd.service.d/ordering.conf
@@ -0,0 +1,3 @@
 [Unit]
 Before=local-fs.target
 WantedBy=local-fs.target
--- a/ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2.rules
+++ b/ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2.rules
@@ -0,0 +1 @@
 ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa"
--- a/ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh
+++ b/ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh
@@ -0,0 +1,52 @@
 #!/bin/sh
 PARAMS=$(</proc/cmdline)
 # find vfloppy device (based on IPA code)
 VMEDIA_DEVICE=$(find /dev/disk/by-label -iname ir-vfd-dev)
 # read params from vmedia and prepend them to params from kernel cmdline
 if [[ -b "$VMEDIA_DEVICE" ]]; then
  VMEDIA_MOUNT=$(mktemp -d)
  if mount -o loop $VMEDIA_DEVICE $VMEDIA_MOUNT; then
    # parameters.txt has one param per line, reformat to match cmdline
    VMEDIA_PARAMS=$(cat $VMEDIA_MOUNT/parameters.txt | tr '\n' ' ')
    umount $VMEDIA_MOUNT
    PARAMS="$VMEDIA_PARAMS $PARAMS"
  fi
  rmdir $VMEDIA_MOUNT
 fi
 # resize /tmp
 if [[ $PARAMS =~ suse.tmpsize=([^ ]+) ]]; then
  echo "Resizing /tmp to ${BASH_REMATCH[1]}..."
  mount -o remount,size=${BASH_REMATCH[1]} /tmp
 fi
 # deploy authorized sshkey from kernel command line
 if [[ $PARAMS =~ sshkey=\"([^\"]+)\" ]]; then
  echo "Adding authorized SSH key..."
  (umask 077 ; mkdir -p /root/.ssh)
  echo "${BASH_REMATCH[1]}" >> /root/.ssh/authorized_keys
 fi
 # Inject certs
 if [[ $PARAMS =~ tls.enabled=(true|True) ]]; then
  cp /etc/ironic-python-agent.d/ca-certs/* /etc/pki/trust/anchors/
  cp /etc/ironic-python-agent.d/ca-certs/* /usr/share/pki/trust/anchors/
  update-ca-certificates
 fi
 # autologin root on given console (default tty1) if suse.autologin or coreos.autologin is enabled
 if [[ $PARAMS =~ (suse|coreos)\.autologin=?([^ ]*) ]]; then
  tty="${BASH_REMATCH[2]:-tty1}"
  echo "Enabling autologin on $tty..."
  systemctl stop getty@$tty
  systemctl disable getty@$tty
  systemctl start autologin@$tty
 fi
 # Append to /etc/hosts
 # hosts.append=1.2.3.4_foo,4.5.6.7_foo2
 if [[ $PARAMS =~ hosts.append=([^ ]+) ]]; then
  HOSTS=${BASH_REMATCH[1]}
  echo "Appending to hosts ${HOSTS}..."
  for h in ${HOSTS/,/ }; do
    echo "${h/_/ }" >> /etc/hosts
  done
  cat /etc/hosts
 fi
--- a/ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh
+++ b/ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh
@@ -0,0 +1,24 @@
 #!/bin/bash
 set -eux
 # Inspired by/based on glean-early.sh
 # https://opendev.org/opendev/glean/src/branch/master/glean/init/glean-early.sh
 # NOTE(TheJulia): We care about iso images, and would expect lower case as a
 # result. In the case of VFAT partitions, they would be upper case.
 PATH=/bin:/usr/bin:/sbin:/usr/sbin
 NETWORK_DATA_FILE="/mnt/ipa/openstack/latest/network_data.json"
 if [ ! -f "${NETWORK_DATA_FILE}" ]; then
 	echo "No network_data.json found, skipping network configuration"
 	exit 1
 fi
 mkdir -p /tmp/nmc/{desired,generated}
 cp ${NETWORK_DATA_FILE} /tmp/nmc/desired/_all.yaml
 nmc generate --config-dir /tmp/nmc/desired --output-dir /tmp/nmc/generated
 nmc apply --config-dir /tmp/nmc/generated
--- a/ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh
+++ b/ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh
@@ -0,0 +1,23 @@
 #!/bin/bash
 set -eux
 PATH=/bin:/usr/bin:/sbin:/usr/sbin
 # Transform the ID from the drive being considered to lower case
 device_publisher_id=$(echo ${ID_FS_PUBLISHER_ID} | tr '[A-Z]' '[a-z]')
 # Retrieve the publisher ID from the command line and convert to lower case
 cmdline_publisher_id=""
 if grep -q "ir_pub_id" /proc/cmdline; then
    cmdline_publisher_id=$(cat /proc/cmdline | sed -e 's/^.*ir_pub_id=//' -e 's/ .*$//')
 fi
 # Is this the filesystem we are looking for?
 if [[ "${cmdline_publisher_id}" == "${device_publisher_id}" ]]; then
 	# It is the device we are looking for, return success
 	exit 0
 else
 	# Not a match, return failure
 	exit 1
 fi
--- a/kiwi-builder-image/Dockerfile
+++ b/kiwi-builder-image/Dockerfile
@@ -1,6 +1,7 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
 # Base image version, should match the tag above
 ARG KIWIVERSION="10.2.12"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
@@ -10,11 +11,11 @@ ARG KIWIVERSION
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
 LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%kiwi_version%%"
+LABEL org.opencontainers.image.version="${KIWIVERSION}"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:${KIWIVERSION}.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -23,9 +24,6 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 # help the build service understand the need for python3-kiwi
 RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
 # Copy build script into image and make it executable
 ADD build-image.sh /usr/bin/build-image
 RUN chmod a+x /usr/bin/build-image
--- a/kiwi-builder-image/_service
+++ b/kiwi-builder-image/_service
@@ -1,15 +1,9 @@
 <services>
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service name="docker_label_helper" mode="buildtime"/>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">README</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
    <param name="var">IMG_REPO</param>
    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
  </service>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Dockerfile</param>
    <param name="file">README</param>
    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
    <param name="var">IMG_PREFIX</param>
    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
@@ -17,14 +11,4 @@
    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
    <param name="var">SUPPORT_LEVEL</param>
  </service>
  <service mode="buildtime" name="replace_using_package_version">
    <param name="file">Dockerfile</param>
    <param name="regex">%%kiwi_version%%</param>
    <param name="package">python3-kiwi</param>
  </service>
  <service mode="buildtime" name="replace_using_package_version">
    <param name="file">README</param>
    <param name="regex">%%kiwi_version%%</param>
    <param name="package">python3-kiwi</param>
  </service>
 </services>
--- a/kubectl-image/Dockerfile
+++ b/kubectl-image/Dockerfile
@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -16,11 +16,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.30.3"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
--- a/kubectl/kubectl.spec
+++ b/kubectl/kubectl.spec
@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 Name: kubectl
-Version: 1.30.3
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
@@ -12,7 +12,7 @@ Group: admin
 Packager: Kubernetes Authors <dev@kubernetes.io>
 License: Apache-2.0
 URL: https://kubernetes.io
-Source0: kubectl_%{version}.orig.tar.gz
+Source0: %{name}_%{version}.orig.tar.gz
 %description
 %{summary}.
--- a/kubectl/kubectl_1.30.3.orig.tar.gz
+++ b/kubectl/kubectl_1.30.3.orig.tar.gz
--- a/kubectl/kubectl_1.32.4.orig.tar.gz
+++ b/kubectl/kubectl_1.32.4.orig.tar.gz
--- a/kubevirt-dashboard-extension-chart/Chart.yaml
+++ b/kubevirt-dashboard-extension-chart/Chart.yaml
@@ -1,6 +1,6 @@
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1
+#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1
+#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -10,13 +10,13 @@ annotations:
  catalog.cattle.io/ui-component: plugins
  catalog.cattle.io/display-name: KubeVirt
  catalog.cattle.io/rancher-version: '>= 2.11.0-0'
-  catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
+  catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
  catalog.cattle.io/kube-version: '>= v1.26.0-0'
 apiVersion: v2
-appVersion: 303.0.1+up1.3.1
+appVersion: 303.0.2+up1.3.2
 description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
 name: kubevirt-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.1+up1.3.1"
+version: "%%CHART_MAJOR%%.0.2+up1.3.2"
 icon: >-
  https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
--- a/kubevirt-dashboard-extension-chart/templates/cr.yaml
+++ b/kubevirt-dashboard-extension-chart/templates/cr.yaml
@@ -8,7 +8,7 @@ spec:
  plugin:
    name: {{ include "extension-server.fullname" . }}
    version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.1
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.2+up1.3.2
    noCache: {{ .Values.plugin.noCache }}
    noAuth: {{ .Values.plugin.noAuth }}
    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
--- a/kubevirt-dashboard-extension-chart/values.yaml
+++ b/kubevirt-dashboard-extension-chart/values.yaml
@@ -8,5 +8,5 @@ plugin:
  metadata:
    catalog.cattle.io/display-name: KubeVirt
    catalog.cattle.io/rancher-version: ">= 2.11.0-0"
-    catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
    catalog.cattle.io/kube-version: ">= v1.26.0-0"
--- a/metal3-chart/Chart.yaml
+++ b/metal3-chart/Chart.yaml
@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.7
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.7-%RELEASE%
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.11.7
 dependencies:
 - alias: metal3-baremetal-operator
  name: baremetal-operator
  repository: file://./charts/baremetal-operator
-  version: 0.9.1
+  version: 0.9.2
 - alias: metal3-ironic
  name: ironic
  repository: file://./charts/ironic
-  version: 0.10.0
+  version: 0.10.6
 - alias: metal3-mariadb
  condition: global.enable_mariadb
  name: mariadb
  repository: file://./charts/mariadb
-  version: 0.5.4
+  version: 0.6.0
 - alias: metal3-media
  condition: global.enable_metal3_media_server
  name: media
  repository: file://./charts/media
-  version: 0.6.1
+  version: 0.6.2
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.2+up0.11.0"
+version: "%%CHART_MAJOR%%.0.8+up0.11.7"
--- a/metal3-chart/charts/baremetal-operator/Chart.yaml
+++ b/metal3-chart/charts/baremetal-operator/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.9.1
+version: 0.9.2
--- a/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
@@ -10,14 +10,15 @@
 apiVersion: v1
 data:
  IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
  # Switch VMedia to HTTP if enable_vmedia_tls is false
  {{- if and $enableTLS $enableVMediaTLS }}
    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
    {{- $protocol = "https" }}
  RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
  {{- else }}
    {{- $protocol = "http" }}
  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
  {{- end }}
  CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
  DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
--- a/metal3-chart/charts/baremetal-operator/templates/configmap.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/configmap.yaml
@@ -1,19 +0,0 @@
 apiVersion: v1
 data:
  controller_manager_config.yaml: |
    apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
    kind: ControllerManagerConfig
    health:
      healthProbeBindAddress: :9440
    metrics:
      bindAddress: 127.0.0.1:8085
    webhook:
      port: 9443
    leaderElection:
      leaderElect: true
      resourceName: a9498140.metal3.io
 kind: ConfigMap
 metadata:
  name: baremetal-operator-manager-config
  labels:
    {{- include "baremetal-operator.labels" . | nindent 4 }}
--- a/metal3-chart/charts/baremetal-operator/templates/deployment.yaml
+++ b/metal3-chart/charts/baremetal-operator/templates/deployment.yaml
@@ -17,6 +17,8 @@ spec:
      control-plane: controller-manager
  template:
    metadata:
      annotations:
        checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
      labels:
        {{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
        control-plane: controller-manager
--- a/metal3-chart/charts/baremetal-operator/values.yaml
+++ b/metal3-chart/charts/baremetal-operator/values.yaml
@@ -22,15 +22,13 @@ global:
  # Comment this out when pinning the baremetal-operator container to a specfic host.
  nodeSelector: {}
  enable_tls: false
 replicaCount: 1
 images:
  baremetalOperator:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
    pullPolicy: IfNotPresent
-    tag: "0.9.1"
+    tag: "0.9.1.1"
 imagePullSecrets: []
 nameOverride: "manger"
--- a/metal3-chart/charts/ironic/Chart.yaml
+++ b/metal3-chart/charts/ironic/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.10.0
+version: 0.10.6
--- a/metal3-chart/charts/ironic/templates/deployment.yaml
+++ b/metal3-chart/charts/ironic/templates/deployment.yaml
@@ -14,8 +14,9 @@ spec:
    type: Recreate
  template:
    metadata:
      {{- with .Values.podAnnotations }}
      annotations:
        checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        {{- with .Values.podAnnotations }}
          {{- toYaml . | nindent 8 }}
        {{- end }}
      labels:
--- a/metal3-chart/charts/ironic/values.yaml
+++ b/metal3-chart/charts/ironic/values.yaml
@@ -50,8 +50,6 @@ global:
  # Comment this out when pinning the pdns containers to a specfic host.
  nodeSelector: {}
  enable_tls: false
 replicaCount: 1
 images:
@@ -62,7 +60,7 @@ images:
  ironicIPADownloader:
    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
    pullPolicy: IfNotPresent
-    tag: 3.0.3
+    tag: 3.0.8
 nameOverride: ""
 fullnameOverride: ""
--- a/metal3-chart/charts/mariadb/Chart.yaml
+++ b/metal3-chart/charts/mariadb/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 10.6.7
+appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.5.4
+version: 0.6.0
--- a/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml
+++ b/metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml
@@ -0,0 +1,13 @@
 apiVersion: v1
 kind: ConfigMap 
 metadata:
  name: mariadb-config
  labels:
    {{- include "mariadb.labels" . | nindent 4 }}
 data:
  ironic.conf: |
    [mariadb]
    max_connections 64
    max_heap_table_size 1M
    innodb_buffer_pool_size 5M
    innodb_log_buffer_size 512K
--- a/metal3-chart/charts/mariadb/templates/configmap.yaml
+++ b/metal3-chart/charts/mariadb/templates/configmap.yaml
@@ -5,4 +5,7 @@ metadata:
  labels:
    {{- include "mariadb.labels" . | nindent 4 }}
 data:
-  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
+  MARIADB_USER: ironic
  MARIADB_RANDOM_ROOT_PASSWORD: "yes"
  MARIADB_DATABASE: ironic
  MARIADB_AUTO_UPGRADE: "yes"
--- a/metal3-chart/charts/mariadb/templates/deployment.yaml
+++ b/metal3-chart/charts/mariadb/templates/deployment.yaml
@@ -25,23 +25,50 @@ spec:
      serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      initContainers:
      # This would run during entrypoint if run as root
      - name: set-volume-owners
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        securityContext:
            runAsUser: 0
            allowPrivilegeEscalation: true
            capabilities:
              drop:
              - ALL
              add:
              - CHOWN
              - FOWNER
              - DAC_OVERRIDE
            seccompProfile:
              type: RuntimeDefault
        volumeMounts:
          - name: mariadb-conf
            mountPath: /etc/mysql/conf.d
          - name: mariadb-run
            mountPath: /run/mysql
          {{- $volmounts }}
        command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
        env:
          - name: DATADIR
            value: /var/lib/mysql
          - name: SOCKET
            value: /run/mysql/mysql.sock
      containers:
      - name: mariadb
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        imagePullPolicy: {{ .Values.image.pullPolicy }}
        securityContext:
          {{- toYaml .Values.securityContext | nindent 12 }}
        envFrom:
          - configMapRef:
              name: mariadb-cm
        env:
          - name: MARIADB_PASSWORD
            valueFrom:
              secretKeyRef:
                key: password
                name: ironic-mariadb
          - name: RESTART_CONTAINER_CERTIFICATE_UPDATED
            valueFrom:
              configMapKeyRef:
                name: mariadb-cm
                key: RESTART_CONTAINER_CERTIFICATE_UPDATED
        lifecycle:
          preStop:
            exec:
@@ -52,9 +79,9 @@ spec:
        livenessProbe:
          exec:
            command:
-              - sh
+              - healthcheck.sh
-              - -c
+              - --connect
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - --innodb_initialized
          failureThreshold: 10
          initialDelaySeconds: 30
          periodSeconds: 30
@@ -67,19 +94,29 @@ spec:
        readinessProbe:
          exec:
            command:
-              - sh
+              - healthcheck.sh
-              - -c
+              - --connect
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - --innodb_initialized
          failureThreshold: 10
          initialDelaySeconds: 30
          periodSeconds: 30
          successThreshold: 1
          timeoutSeconds: 10
        volumeMounts:
            - name: mariadb-conf
              mountPath: /etc/mysql/conf.d
            - name: mariadb-run
              mountPath: /run/mysql
            {{- $volmounts }}
      {{- with .Values.global.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
      volumes:
        - name: mariadb-conf
          configMap:
            name: mariadb-config
        - name: mariadb-run
          emptyDir:
            sizeLimit: 20Mi
        {{- $volumes }}
--- a/metal3-chart/charts/mariadb/values.yaml
+++ b/metal3-chart/charts/mariadb/values.yaml
@@ -12,9 +12,9 @@ service:
    targetPort: 3306
 image:
-  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/suse/mariadb
+  repository: registry.suse.com/suse/mariadb
  pullPolicy: IfNotPresent
-  tag: 10.6.15.1
+  tag: 10.11
 nameOverride: ""
 fullnameOverride: ""
@@ -31,8 +31,8 @@ serviceAccount:
 podAnnotations: {}
 podSecurityContext:
-  runAsUser: 10060
+  runAsUser: 60
-  fsGroup: 10060
+  fsGroup: 60
 securityContext:
  allowPrivilegeEscalation: false
@@ -60,6 +60,7 @@ persistence:
 volumeMounts:
  - name: mariadb-data-volume
    mountPath: /var/lib/mysql
    subPath: data
 volumes:
  - name: mariadb-data-volume
--- a/metal3-chart/charts/media/Chart.yaml
+++ b/metal3-chart/charts/media/Chart.yaml
@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.1
+version: 0.6.2
--- a/metal3-chart/charts/media/values.yaml
+++ b/metal3-chart/charts/media/values.yaml
@@ -24,7 +24,7 @@ replicaCount: 1
 image:
  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
  pullPolicy: IfNotPresent
-  tag: 26.1.2.2
+  tag: 26.1.2.4
 imagePullSecrets: []
 nameOverride: ""
--- a/metal3-chart/values.yaml
+++ b/metal3-chart/values.yaml
@@ -115,8 +115,8 @@ metal3-mariadb:
  persistence:
    storageClass: ""
  image:
-    repository: "registry.suse.com/edge/mariadb"
+    repository: "registry.suse.com/suse/mariadb"
-    tag: "10.6.15.1"
+    tag: "10.11"
 #
 # Baremetal Operator
--- a/nm-configurator/_service
+++ b/nm-configurator/_service
@@ -3,7 +3,7 @@
    <param name="url">https://github.com/suse-edge/nm-configurator.git</param>
    <param name="versionformat">@PARENT_TAG@</param>
    <param name="scm">git</param>
-    <param name="revision">v0.3.2</param>
+    <param name="revision">v0.3.3</param>
    <param name="match-tag">*</param>
    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
    <param name="versionrewrite-replacement">\1</param>
--- a/nm-configurator/_servicedata
+++ b/nm-configurator/_servicedata
@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://github.com/suse-edge/nm-configurator.git</param>
-              <param name="changesrevision">747301ba15a28e758d1f06070dc7ff29a5e80242</param></service></servicedata>
+              <param name="changesrevision">4563857d761c6d83e4013721f68ec4ac5828a1a7</param></service></servicedata>
--- a/nm-configurator/nm-configurator-0.3.2.obscpio
+++ b/nm-configurator/nm-configurator-0.3.2.obscpio
--- a/nm-configurator/nm-configurator-0.3.3.obscpio
+++ b/nm-configurator/nm-configurator-0.3.3.obscpio
--- a/nm-configurator/nm-configurator.obsinfo
+++ b/nm-configurator/nm-configurator.obsinfo
@@ -1,4 +1,4 @@
 name: nm-configurator
-version: 0.3.2
+version: 0.3.3
-mtime: 1744218621
+mtime: 1748341626
-commit: 747301ba15a28e758d1f06070dc7ff29a5e80242
+commit: 4563857d761c6d83e4013721f68ec4ac5828a1a7
--- a/nm-configurator/vendor.tar.xz
+++ b/nm-configurator/vendor.tar.xz
--- a/rancher-turtles-airgap-resources-chart/Chart.yaml
+++ b/rancher-turtles-airgap-resources-chart/Chart.yaml
@@ -1,10 +1,10 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.17.0
+appVersion: 0.21.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.17.0"
+version: "%%CHART_MAJOR%%.0.5+up0.21.0"
--- a/rancher-turtles-airgap-resources-chart/_service
+++ b/rancher-turtles-airgap-resources-chart/_service
@@ -2,7 +2,7 @@
  <service mode="buildtime" name="kiwi_metainfo_helper"/>
  <service name="replace_using_env" mode="buildtime">
    <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
    <param name="var">CHART_PREFIX</param>
    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
    <param name="var">CHART_MAJOR</param>
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
@@ -1,11 +1,899 @@
 apiVersion: v1
 data:
-  components: Not Found
+  components: |
-  metadata: Not Found
+    apiVersion: v1
    kind: Namespace
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
        control-plane: controller-manager
      name: caapf-system
    ---
    apiVersion: apiextensions.k8s.io/v1
    kind: CustomResourceDefinition
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: fleetaddonconfigs.addons.cluster.x-k8s.io
    spec:
      group: addons.cluster.x-k8s.io
      names:
        categories: []
        kind: FleetAddonConfig
        plural: fleetaddonconfigs
        shortNames: []
        singular: fleetaddonconfig
      scope: Cluster
      versions:
      - additionalPrinterColumns: []
        name: v1alpha1
        schema:
          openAPIV3Schema:
            description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
            properties:
              spec:
                description: This provides a config for fleet addon functionality
                properties:
                  cluster:
                    description: |-
                      Enable Cluster config funtionality.
                      This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels.
                    nullable: true
                    properties:
                      agentEnvVars:
                        description: '`AgentEnvVars` are extra environment variables to
                          be added to the agent deployment.'
                        items:
                          description: EnvVar represents an environment variable present
                            in a Container.
                          properties:
                            name:
                              description: Name of the environment variable. Must be a
                                C_IDENTIFIER.
                              type: string
                            value:
                              description: 'Variable references $(VAR_NAME) are expanded
                                using the previously defined environment variables in
                                the container and any service environment variables. If
                                a variable cannot be resolved, the reference in the input
                                string will be unchanged. Double $$ are reduced to a single
                                $, which allows for escaping the $(VAR_NAME) syntax: i.e.
                                "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
                                Escaped references will never be expanded, regardless
                                of whether the variable exists or not. Defaults to "".'
                              nullable: true
                              type: string
                            valueFrom:
                              description: Source for the environment variable's value.
                                Cannot be used if value is not empty.
                              nullable: true
                              properties:
                                configMapKeyRef:
                                  description: Selects a key of a ConfigMap.
                                  nullable: true
                                  properties:
                                    key:
                                      description: The key to select.
                                      type: string
                                    name:
                                      description: 'Name of the referent. This field is
                                        effectively required, but due to backwards compatibility
                                        is allowed to be empty. Instances of this type
                                        with an empty value here are almost certainly
                                        wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                      nullable: true
                                      type: string
                                    optional:
                                      description: Specify whether the ConfigMap or its
                                        key must be defined
                                      nullable: true
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                                fieldRef:
                                  description: 'Selects a field of the pod: supports metadata.name,
                                    metadata.namespace, `metadata.labels[''<KEY>'']`,
                                    `metadata.annotations[''<KEY>'']`, spec.nodeName,
                                    spec.serviceAccountName, status.hostIP, status.podIP,
                                    status.podIPs.'
                                  nullable: true
                                  properties:
                                    apiVersion:
                                      description: Version of the schema the FieldPath
                                        is written in terms of, defaults to "v1".
                                      nullable: true
                                      type: string
                                    fieldPath:
                                      description: Path of the field to select in the
                                        specified API version.
                                      type: string
                                  required:
                                  - fieldPath
                                  type: object
                                resourceFieldRef:
                                  description: 'Selects a resource of the container: only
                                    resources limits and requests (limits.cpu, limits.memory,
                                    limits.ephemeral-storage, requests.cpu, requests.memory
                                    and requests.ephemeral-storage) are currently supported.'
                                  nullable: true
                                  properties:
                                    containerName:
                                      description: 'Container name: required for volumes,
                                        optional for env vars'
                                      nullable: true
                                      type: string
                                    divisor:
                                      description: Specifies the output format of the
                                        exposed resources, defaults to "1"
                                      nullable: true
                                      x-kubernetes-int-or-string: true
                                    resource:
                                      description: 'Required: resource to select'
                                      type: string
                                  required:
                                  - resource
                                  type: object
                                secretKeyRef:
                                  description: Selects a key of a secret in the pod's
                                    namespace
                                  nullable: true
                                  properties:
                                    key:
                                      description: The key of the secret to select from.  Must
                                        be a valid secret key.
                                      type: string
                                    name:
                                      description: 'Name of the referent. This field is
                                        effectively required, but due to backwards compatibility
                                        is allowed to be empty. Instances of this type
                                        with an empty value here are almost certainly
                                        wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                      nullable: true
                                      type: string
                                    optional:
                                      description: Specify whether the Secret or its key
                                        must be defined
                                      nullable: true
                                      type: boolean
                                  required:
                                  - key
                                  type: object
                              type: object
                          required:
                          - name
                          type: object
                        nullable: true
                        type: array
                      agentNamespace:
                        description: Namespace selection for the fleet agent
                        nullable: true
                        type: string
                      agentTolerations:
                        description: Agent taint toleration settings for every cluster
                        items:
                          description: The pod this Toleration is attached to tolerates
                            any taint that matches the triple <key,value,effect> using
                            the matching operator <operator>.
                          properties:
                            effect:
                              description: Effect indicates the taint effect to match.
                                Empty means match all taint effects. When specified, allowed
                                values are NoSchedule, PreferNoSchedule and NoExecute.
                              nullable: true
                              type: string
                            key:
                              description: Key is the taint key that the toleration applies
                                to. Empty means match all taint keys. If the key is empty,
                                operator must be Exists; this combination means to match
                                all values and all keys.
                              nullable: true
                              type: string
                            operator:
                              description: Operator represents a key's relationship to
                                the value. Valid operators are Exists and Equal. Defaults
                                to Equal. Exists is equivalent to wildcard for value,
                                so that a pod can tolerate all taints of a particular
                                category.
                              nullable: true
                              type: string
                            tolerationSeconds:
                              description: TolerationSeconds represents the period of
                                time the toleration (which must be of effect NoExecute,
                                otherwise this field is ignored) tolerates the taint.
                                By default, it is not set, which means tolerate the taint
                                forever (do not evict). Zero and negative values will
                                be treated as 0 (evict immediately) by the system.
                              format: int64
                              nullable: true
                              type: integer
                            value:
                              description: Value is the taint value the toleration matches
                                to. If the operator is Exists, the value should be empty,
                                otherwise just a regular string.
                              nullable: true
                              type: string
                          type: object
                        nullable: true
                        type: array
                      applyClassGroup:
                        description: Apply a `ClusterGroup` for a `ClusterClass` referenced
                          from a different namespace.
                        nullable: true
                        type: boolean
                      hostNetwork:
                        description: 'Host network allows to deploy agent configuration
                          using hostNetwork: true setting which eludes dependency on the
                          CNI configuration for the cluster.'
                        nullable: true
                        type: boolean
                      namespaceSelector:
                        description: Namespace label selector. If set, only clusters in
                          the namespace matching label selector will be imported.
                        properties:
                          matchExpressions:
                            description: matchExpressions is a list of label selector
                              requirements. The requirements are ANDed.
                            items:
                              description: A label selector requirement is a selector
                                that contains values, a key, and an operator that relates
                                the key and values.
                              properties:
                                key:
                                  description: key is the label key that the selector
                                    applies to.
                                  type: string
                                operator:
                                  description: operator represents a key's relationship
                                    to a set of values. Valid operators are In, NotIn,
                                    Exists and DoesNotExist.
                                  type: string
                                values:
                                  description: values is an array of string values. If
                                    the operator is In or NotIn, the values array must
                                    be non-empty. If the operator is Exists or DoesNotExist,
                                    the values array must be empty. This array is replaced
                                    during a strategic merge patch.
                                  items:
                                    type: string
                                  type: array
                              required:
                              - key
                              - operator
                              type: object
                            type: array
                          matchLabels:
                            additionalProperties:
                              type: string
                            description: matchLabels is a map of {key,value} pairs. A
                              single {key,value} in the matchLabels map is equivalent
                              to an element of matchExpressions, whose key field is "key",
                              the operator is "In", and the values array contains only
                              "value". The requirements are ANDed.
                            type: object
                        type: object
                      naming:
                        description: Naming settings for the fleet cluster
                        nullable: true
                        properties:
                          prefix:
                            description: Specify a prefix for the Cluster name, applied
                              to created Fleet cluster
                            nullable: true
                            type: string
                          suffix:
                            description: Specify a suffix for the Cluster name, applied
                              to created Fleet cluster
                            nullable: true
                            type: string
                        type: object
                      patchResource:
                        description: Allow to patch resources, maintaining the desired
                          state. If is not set, resources will only be re-created in case
                          of removal.
                        nullable: true
                        type: boolean
                      selector:
                        description: Cluster label selector. If set, only clusters matching
                          label selector will be imported.
                        properties:
                          matchExpressions:
                            description: matchExpressions is a list of label selector
                              requirements. The requirements are ANDed.
                            items:
                              description: A label selector requirement is a selector
                                that contains values, a key, and an operator that relates
                                the key and values.
                              properties:
                                key:
                                  description: key is the label key that the selector
                                    applies to.
                                  type: string
                                operator:
                                  description: operator represents a key's relationship
                                    to a set of values. Valid operators are In, NotIn,
                                    Exists and DoesNotExist.
                                  type: string
                                values:
                                  description: values is an array of string values. If
                                    the operator is In or NotIn, the values array must
                                    be non-empty. If the operator is Exists or DoesNotExist,
                                    the values array must be empty. This array is replaced
                                    during a strategic merge patch.
                                  items:
                                    type: string
                                  type: array
                              required:
                              - key
                              - operator
                              type: object
                            type: array
                          matchLabels:
                            additionalProperties:
                              type: string
                            description: matchLabels is a map of {key,value} pairs. A
                              single {key,value} in the matchLabels map is equivalent
                              to an element of matchExpressions, whose key field is "key",
                              the operator is "In", and the values array contains only
                              "value". The requirements are ANDed.
                            type: object
                        type: object
                      setOwnerReferences:
                        description: Setting to disable setting owner references on the
                          created resources
                        nullable: true
                        type: boolean
                    required:
                    - namespaceSelector
                    - selector
                    type: object
                  clusterClass:
                    description: |-
                      Enable clusterClass controller functionality.
                      This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name.
                    nullable: true
                    properties:
                      patchResource:
                        description: Allow to patch resources, maintaining the desired
                          state. If is not set, resources will only be re-created in case
                          of removal.
                        nullable: true
                        type: boolean
                      setOwnerReferences:
                        description: Setting to disable setting owner references on the
                          created resources
                        nullable: true
                        type: boolean
                    type: object
                  config:
                    nullable: true
                    properties:
                      bootstrapLocalCluster:
                        description: Enable auto-installation of a fleet agent in the
                          local cluster.
                        nullable: true
                        type: boolean
                      featureGates:
                        description: feature gates controlling experimental features
                        nullable: true
                        properties:
                          configMap:
                            description: '`FeaturesConfigMap` references a `ConfigMap`
                              where to apply feature flags. If a `ConfigMap` is referenced,
                              the controller will update it instead of upgrading the Fleet
                              chart.'
                            nullable: true
                            properties:
                              ref:
                                description: ObjectReference contains enough information
                                  to let you inspect or modify the referred object.
                                nullable: true
                                properties:
                                  apiVersion:
                                    description: API version of the referent.
                                    type: string
                                  fieldPath:
                                    description: 'If referring to a piece of an object
                                      instead of an entire object, this string should
                                      contain a valid JSON/Go field access statement,
                                      such as desiredState.manifest.containers[2]. For
                                      example, if the object reference is to a container
                                      within a pod, this would take on a value like: "spec.containers{name}"
                                      (where "name" refers to the name of the container
                                      that triggered the event) or if no container name
                                      is specified "spec.containers[2]" (container with
                                      index 2 in this pod). This syntax is chosen only
                                      to have some well-defined way of referencing a part
                                      of an object.'
                                    type: string
                                  kind:
                                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                                    type: string
                                  name:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                    type: string
                                  namespace:
                                    description: 'Namespace of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
                                    type: string
                                  resourceVersion:
                                    description: 'Specific resourceVersion to which this
                                      reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                                    type: string
                                  uid:
                                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                    type: string
                                type: object
                            type: object
                          experimentalHelmOps:
                            description: Enables experimental Helm operations support.
                            type: boolean
                          experimentalOciStorage:
                            description: Enables experimental OCI  storage support.
                            type: boolean
                        required:
                        - experimentalHelmOps
                        - experimentalOciStorage
                        type: object
                      server:
                        description: fleet server url configuration options
                        nullable: true
                        oneOf:
                        - required:
                          - inferLocal
                        - required:
                          - custom
                        properties:
                          custom:
                            properties:
                              apiServerCaConfigRef:
                                description: ObjectReference contains enough information
                                  to let you inspect or modify the referred object.
                                nullable: true
                                properties:
                                  apiVersion:
                                    description: API version of the referent.
                                    type: string
                                  fieldPath:
                                    description: 'If referring to a piece of an object
                                      instead of an entire object, this string should
                                      contain a valid JSON/Go field access statement,
                                      such as desiredState.manifest.containers[2]. For
                                      example, if the object reference is to a container
                                      within a pod, this would take on a value like: "spec.containers{name}"
                                      (where "name" refers to the name of the container
                                      that triggered the event) or if no container name
                                      is specified "spec.containers[2]" (container with
                                      index 2 in this pod). This syntax is chosen only
                                      to have some well-defined way of referencing a part
                                      of an object.'
                                    type: string
                                  kind:
                                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
                                    type: string
                                  name:
                                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
                                    type: string
                                  namespace:
                                    description: 'Namespace of the referent. More info:
                                      https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
                                    type: string
                                  resourceVersion:
                                    description: 'Specific resourceVersion to which this
                                      reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
                                    type: string
                                  uid:
                                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
                                    type: string
                                type: object
                              apiServerUrl:
                                nullable: true
                                type: string
                            type: object
                          inferLocal:
                            type: boolean
                        type: object
                    type: object
                  install:
                    nullable: true
                    oneOf:
                    - required:
                      - followLatest
                    - required:
                      - version
                    properties:
                      followLatest:
                        description: Follow the latest version of the chart on install
                        type: boolean
                      version:
                        description: Use specific version to install
                        type: string
                    type: object
                type: object
              status:
                nullable: true
                properties:
                  conditions:
                    description: conditions represents the observations of a Fleet addon
                      current state.
                    items:
                      description: Condition contains details for one aspect of the current
                        state of this API Resource.
                      properties:
                        lastTransitionTime:
                          description: lastTransitionTime is the last time the condition
                            transitioned from one status to another. This should be when
                            the underlying condition changed.  If that is not known, then
                            using the time when the API field changed is acceptable.
                          format: date-time
                          type: string
                        message:
                          description: message is a human readable message indicating
                            details about the transition. This may be an empty string.
                          type: string
                        observedGeneration:
                          description: observedGeneration represents the .metadata.generation
                            that the condition was set based upon. For instance, if .metadata.generation
                            is currently 12, but the .status.conditions[x].observedGeneration
                            is 9, the condition is out of date with respect to the current
                            state of the instance.
                          format: int64
                          type: integer
                        reason:
                          description: reason contains a programmatic identifier indicating
                            the reason for the condition's last transition. Producers
                            of specific condition types may define expected values and
                            meanings for this field, and whether the values are considered
                            a guaranteed API. The value should be a CamelCase string.
                            This field may not be empty.
                          type: string
                        status:
                          description: status of the condition, one of True, False, Unknown.
                          type: string
                        type:
                          description: type of condition in CamelCase or in foo.example.com/CamelCase.
                          type: string
                      required:
                      - lastTransitionTime
                      - message
                      - reason
                      - status
                      - type
                      type: object
                    type: array
                  installedVersion:
                    nullable: true
                    type: string
                type: object
            required:
            - spec
            title: FleetAddonConfigValidated
            type: object
            x-kubernetes-validations:
            - rule: self.metadata.name == 'fleet-addon-config'
        served: true
        storage: true
        subresources:
          status: {}
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: caapf-controller-manager
      namespace: caapf-system
    ---
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: caapf-helm-manager
      namespace: caapf-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: Role
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: caapf-leader-election-role
      namespace: caapf-system
    rules:
    - apiGroups:
      - ""
      resources:
      - configmaps
      verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
    - apiGroups:
      - coordination.k8s.io
      resources:
      - leases
      verbs:
      - get
      - list
      - watch
      - create
      - update
      - patch
      - delete
    - apiGroups:
      - ""
      resources:
      - events
      verbs:
      - create
      - patch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: caapf-manager-role
    rules:
    - apiGroups:
      - addons.cluster.x-k8s.io
      resources:
      - fleetaddonconfigs
      - fleetaddonconfigs/status
      verbs:
      - '*'
    - apiGroups:
      - ""
      resources:
      - namespaces
      verbs:
      - list
      - get
      - watch
      - create
      - patch
    - apiGroups:
      - events.k8s.io
      resources:
      - events
      verbs:
      - create
    - apiGroups:
      - ""
      resources:
      - secrets
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - configmaps
      verbs:
      - get
      - patch
      - list
      - watch
    - apiGroups:
      - ""
      resources:
      - endpoints
      verbs:
      - get
    - apiGroups:
      - apiextensions.k8s.io
      resources:
      - customresourcedefinitions
      verbs:
      - get
      - watch
    - apiGroups:
      - authentication.k8s.io
      resources:
      - tokenreviews
      verbs:
      - create
    - apiGroups:
      - authorization.k8s.io
      resources:
      - subjectaccessreviews
      verbs:
      - create
    - apiGroups:
      - bootstrap.cluster.x-k8s.io
      - clusterctl.cluster.x-k8s.io
      - controlplane.cluster.x-k8s.io
      - infrastructure.cluster.x-k8s.io
      resources:
      - '*'
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - cluster.x-k8s.io
      resources:
      - clusters
      - clusterclasses
      verbs:
      - get
      - list
      - watch
      - patch
    - apiGroups:
      - fleet.cattle.io
      resources:
      - clusters
      - clustergroups
      - clusterregistrationtokens
      - bundlenamespacemappings
      verbs:
      - create
      - get
      - list
      - patch
      - update
      - watch
    - apiGroups:
      - fleet.cattle.io
      resources:
      - bundlenamespacemappings
      verbs:
      - delete
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: caapf-helm-manager-rolebinding
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: caapf-helm-manager
      namespace: caapf-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
      name: caapf-manager-rolebinding
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: caapf-manager-role
    subjects:
    - kind: ServiceAccount
      name: caapf-controller-manager
      namespace: caapf-system
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      annotations:
        kubernetes.io/service-account.name: caapf-helm-manager
      labels:
        cluster.x-k8s.io/fleet-addon-registration: "true"
        cluster.x-k8s.io/provider: fleet
      name: caapf-helm-manager
      namespace: caapf-system
    type: kubernetes.io/service-account-token
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      labels:
        cluster.x-k8s.io/provider: fleet
        control-plane: controller-manager
      name: caapf-controller-manager
      namespace: caapf-system
    spec:
      replicas: 1
      selector:
        matchLabels:
          cluster.x-k8s.io/provider: fleet
          control-plane: controller-manager
      template:
        metadata:
          annotations:
            kubectl.kubernetes.io/default-container: manager
          labels:
            cluster.x-k8s.io/provider: fleet
            control-plane: controller-manager
        spec:
          containers:
          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0
            imagePullPolicy: IfNotPresent
            name: manager
            ports:
            - containerPort: 8443
              name: http
              protocol: TCP
            readinessProbe:
              httpGet:
                path: /health
                port: http
              initialDelaySeconds: 5
              periodSeconds: 5
            resources:
              limits:
                cpu: 100m
                memory: 150Mi
              requests:
                cpu: 100m
                memory: 100Mi
          - args:
            - --helm-install
            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0
            name: helm-manager
            resources:
              limits:
                cpu: 100m
                memory: 150Mi
              requests:
                cpu: 100m
                memory: 100Mi
            volumeMounts:
            - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
              name: helm-kubeconfig
              readOnly: true
          serviceAccountName: caapf-controller-manager
          terminationGracePeriodSeconds: 10
          volumes:
          - name: helm-kubeconfig
            secret:
              secretName: caapf-helm-manager
  metadata: |
    apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
    releaseSeries:
      - major: 0
        minor: 1
        contract: v1beta1
      - major: 0
        minor: 2
        contract: v1beta1
      - major: 0
        minor: 3
        contract: v1beta1
      - major: 0
        minor: 4
        contract: v1beta1
      - major: 0
        minor: 5
        contract: v1beta1
      - major: 0
        minor: 6
        contract: v1beta1
      - major: 0
        minor: 7
        contract: v1beta1
      - major: 0
        minor: 8
        contract: v1beta1
      - major: 0
        minor: 9
        contract: v1beta1
      - major: 0
        minor: 10
        contract: v1beta1
      - major: 0
        minor: 11
        contract: v1beta1
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v0.6.0
+  name: v0.11.0
  namespace: rancher-turtles-system
  labels:
    provider-components: fleet
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
@@ -3734,7 +3734,7 @@ data:
            envFrom:
            - configMapRef:
                name: capm3-capm3fasttrack-configmap
-            image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.3
+            image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.4
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -3820,7 +3820,7 @@ data:
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
-            image: quay.io/metal3-io/ip-address-manager:v1.9.4
+            image: quay.io/metal3-io/ip-address-manager:v1.9.5
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -4524,7 +4524,7 @@ data:
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v1.9.3
+  name: v1.9.4
  namespace: capm3-system
  labels:
    provider-components: metal3
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
@@ -22,7 +22,7 @@ data:
    metadata:
      annotations:
        cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
-        controller-gen.kubebuilder.io/version: v0.16.1
+        controller-gen.kubebuilder.io/version: v0.17.3
      labels:
        cluster.x-k8s.io/provider: bootstrap-rke2
        cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -985,6 +985,9 @@ data:
                      - path
                      type: object
                    type: array
                  gzipUserData:
                    description: GzipUserData specifies if the user data should be gzipped.
                    type: boolean
                  postRKE2Commands:
                    description: PostRKE2Commands specifies extra commands to run after
                      rke2 setup runs.
@@ -1218,7 +1221,7 @@ data:
    metadata:
      annotations:
        cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
-        controller-gen.kubebuilder.io/version: v0.16.1
+        controller-gen.kubebuilder.io/version: v0.17.3
      labels:
        cluster.x-k8s.io/provider: bootstrap-rke2
        cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2164,6 +2167,10 @@ data:
                              - path
                              type: object
                            type: array
                          gzipUserData:
                            description: GzipUserData specifies if the user data should
                              be gzipped.
                            type: boolean
                          postRKE2Commands:
                            description: PostRKE2Commands specifies extra commands to
                              run after rke2 setup runs.
@@ -2525,9 +2532,12 @@ data:
            - --leader-elect
            - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
            - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
            - --v=${CAPRKE2_DEBUG_LEVEL:=0}
            - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=true}
            - --concurrency=${CONCURRENCY_NUMBER:=10}
            command:
            - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.18.0
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -2750,10 +2760,28 @@ data:
      - major: 0
        minor: 12
        contract: v1beta1
      - major: 0
        minor: 13
        contract: v1beta1
      - major: 0
        minor: 14
        contract: v1beta1
      - major: 0
        minor: 15
        contract: v1beta1
      - major: 0
        minor: 16
        contract: v1beta1
      - major: 0
        minor: 17
        contract: v1beta1
      - major: 0
        minor: 18
        contract: v1beta1
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v0.12.0
+  name: v0.18.0
  namespace: rke2-bootstrap-system
  labels:
    provider-components: rke2-bootstrap
--- a/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
+++ b/rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
@@ -22,7 +22,7 @@ data:
    metadata:
      annotations:
        cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
-        controller-gen.kubebuilder.io/version: v0.16.1
+        controller-gen.kubebuilder.io/version: v0.17.3
      labels:
        cluster.x-k8s.io/provider: control-plane-rke2
        cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1624,6 +1624,9 @@ data:
                      - path
                      type: object
                    type: array
                  gzipUserData:
                    description: GzipUserData specifies if the user data should be gzipped.
                    type: boolean
                  infrastructureRef:
                    description: |-
                      InfrastructureRef is a required reference to a custom resource
@@ -1744,12 +1747,23 @@ data:
                              More info: http://kubernetes.io/docs/user-guide/labels
                            type: object
                        type: object
                      nodeDeletionTimeout:
                        description: |-
                          nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
                          hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
                          If no value is provided, the default value for this property of the Machine resource will be used.
                        type: string
                      nodeDrainTimeout:
                        description: |-
                          NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
                          The default value is 0, meaning that the node can be drained without any time limitations.
                          NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
                        type: string
                      nodeVolumeDetachTimeout:
                        description: |-
                          nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
                          to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
                        type: string
                    required:
                    - infrastructureRef
                    type: object
@@ -1974,6 +1988,54 @@ data:
                    - control-plane-endpoint
                    - ""
                    type: string
                  remediationStrategy:
                    description: remediationStrategy is the RemediationStrategy that controls
                      how control plane machine remediation happens.
                    properties:
                      maxRetry:
                        description: "maxRetry is the Max number of retries while attempting
                          to remediate an unhealthy machine.\nA retry happens when a machine
                          that was created as a replacement for an unhealthy machine also
                          fails.\nFor example, given a control plane with three machines
                          M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
                          M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
                          M1) has problems while bootstrapping it will become unhealthy,
                          and then be\n\tremediated; such operation is considered a retry,
                          remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
                          unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
                          could happen only after RetryPeriod from the previous retry.\nIf
                          a machine is marked as unhealthy after MinHealthyPeriod from
                          the previous remediation expired,\nthis is not considered a
                          retry anymore because the new issue is assumed unrelated from
                          the previous one.\n\nIf not set, the remedation will be retried
                          infinitely."
                        format: int32
                        type: integer
                      minHealthyPeriod:
                        description: "minHealthyPeriod defines the duration after which
                          RKE2ControlPlane will consider any failure to a machine unrelated\nfrom
                          the previous one. In this case the remediation is not considered
                          a retry anymore, and thus the retry\ncounter restarts from 0.
                          For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
                          become unhealthy; remediation happens, and M1-1 is created as
                          a replacement.\n\tIf M1-1 (replacement of M1) has problems within
                          the 1hr after the creation, also\n\tthis machine will be remediated
                          and this operation is considered a retry - a problem related\n\tto
                          the original issue happened to M1 -.\n\n\tIf instead the problem
                          on M1-1 is happening after MinHealthyPeriod expired, e.g. four
                          days after\n\tm1-1 has been created as a remediation of M1,
                          the problem on M1-1 is considered unrelated to\n\tthe original
                          issue happened to M1.\n\nIf not set, this value is defaulted
                          to 1h."
                        type: string
                      retryPeriod:
                        description: |-
                          retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
                          for an unhealthy machine (a retry).
                          If not set, a retry will happen immediately.
                        type: string
                    type: object
                  replicas:
                    description: Replicas is the number of replicas for the Control Plane.
                    format: int32
@@ -2185,9 +2247,15 @@ data:
                              - rke2-coredns
                              - rke2-ingress-nginx
                              - rke2-metrics-server
                              - rke2-snapshot-controller
                              - rke2-snapshot-controller-crd
                              - rke2-snapshot-validation-webhook
                              type: string
                            type: array
                        type: object
                      embeddedRegistry:
                        description: EmbeddedRegistry enables the embedded registry.
                        type: boolean
                      etcd:
                        description: Etcd defines optional custom configuration of ETCD.
                        properties:
@@ -2369,6 +2437,51 @@ data:
                              if value is false, ETCD metrics will NOT be exposed
                            type: boolean
                        type: object
                      externalDatastoreSecret:
                        description: |-
                          ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore.
                          The secret must contain a key named "endpoint" that contains the connection string for the external datastore.
                        properties:
                          apiVersion:
                            description: API version of the referent.
                            type: string
                          fieldPath:
                            description: |-
                              If referring to a piece of an object instead of an entire object, this string
                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
                              For example, if the object reference is to a container within a pod, this would take on a value like:
                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
                              the event) or if no container name is specified "spec.containers[2]" (container with
                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
                              referencing a part of an object.
                            type: string
                          kind:
                            description: |-
                              Kind of the referent.
                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                            type: string
                          name:
                            description: |-
                              Name of the referent.
                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                            type: string
                          namespace:
                            description: |-
                              Namespace of the referent.
                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
                            type: string
                          resourceVersion:
                            description: |-
                              Specific resourceVersion to which this reference is made, if any.
                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
                            type: string
                          uid:
                            description: |-
                              UID of the referent.
                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
                            type: string
                        type: object
                        x-kubernetes-map-type: atomic
                      kubeAPIServer:
                        description: KubeAPIServer defines optional custom configuration
                          of the Kube API Server.
@@ -2541,14 +2654,42 @@ data:
                    description: Initialized indicates the target cluster has completed
                      initialization.
                    type: boolean
                  lastRemediation:
                    description: lastRemediation stores info about last remediation performed.
                    properties:
                      machine:
                        description: machine is the machine name of the latest machine
                          being remediated.
                        maxLength: 253
                        minLength: 1
                        type: string
                      retryCount:
                        description: |-
                          retryCount used to keep track of remediation retry for the last remediated machine.
                          A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
                        type: integer
                      timestamp:
                        description: timestamp is when last remediation happened. It is
                          represented in RFC3339 form and is in UTC.
                        format: date-time
                        type: string
                    required:
                    - machine
                    - retryCount
                    - timestamp
                    type: object
                  observedGeneration:
                    description: ObservedGeneration is the latest generation observed
                      by the controller.
                    format: int64
                    type: integer
                  ready:
-                    description: Ready indicates the BootstrapData field is ready to be
+                    description: |-
-                      consumed.
+                      Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
                      to receive requests.
                      NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
                      The value of this field is never updated after provisioning is completed. Please use conditions
                      to check the operational state of the control plane.
                    type: boolean
                  readyReplicas:
                    description: ReadyReplicas is the number of replicas current attached
@@ -2589,7 +2730,7 @@ data:
    metadata:
      annotations:
        cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
-        controller-gen.kubebuilder.io/version: v0.16.1
+        controller-gen.kubebuilder.io/version: v0.17.3
      labels:
        cluster.x-k8s.io/provider: control-plane-rke2
        cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -3032,6 +3173,10 @@ data:
                              - path
                              type: object
                            type: array
                          gzipUserData:
                            description: GzipUserData specifies if the user data should
                              be gzipped.
                            type: boolean
                          infrastructureRef:
                            description: |-
                              InfrastructureRef is a required reference to a custom resource
@@ -3152,12 +3297,23 @@ data:
                                      More info: http://kubernetes.io/docs/user-guide/labels
                                    type: object
                                type: object
                              nodeDeletionTimeout:
                                description: |-
                                  nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
                                  hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
                                  If no value is provided, the default value for this property of the Machine resource will be used.
                                type: string
                              nodeDrainTimeout:
                                description: |-
                                  NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
                                  The default value is 0, meaning that the node can be drained without any time limitations.
                                  NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
                                type: string
                              nodeVolumeDetachTimeout:
                                description: |-
                                  nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
                                  to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
                                type: string
                            required:
                            - infrastructureRef
                            type: object
@@ -3384,6 +3540,57 @@ data:
                            - control-plane-endpoint
                            - ""
                            type: string
                          remediationStrategy:
                            description: remediationStrategy is the RemediationStrategy
                              that controls how control plane machine remediation happens.
                            properties:
                              maxRetry:
                                description: "maxRetry is the Max number of retries while
                                  attempting to remediate an unhealthy machine.\nA retry
                                  happens when a machine that was created as a replacement
                                  for an unhealthy machine also fails.\nFor example, given
                                  a control plane with three machines M1, M2, M3:\n\n\tM1
                                  become unhealthy; remediation happens, and M1-1 is created
                                  as a replacement.\n\tIf M1-1 (replacement of M1) has
                                  problems while bootstrapping it will become unhealthy,
                                  and then be\n\tremediated; such operation is considered
                                  a retry, remediation-retry #1.\n\tIf M1-2 (replacement
                                  of M1-1) becomes unhealthy, remediation-retry #2 will
                                  happen, etc.\n\nA retry could happen only after RetryPeriod
                                  from the previous retry.\nIf a machine is marked as
                                  unhealthy after MinHealthyPeriod from the previous remediation
                                  expired,\nthis is not considered a retry anymore because
                                  the new issue is assumed unrelated from the previous
                                  one.\n\nIf not set, the remedation will be retried infinitely."
                                format: int32
                                type: integer
                              minHealthyPeriod:
                                description: "minHealthyPeriod defines the duration after
                                  which RKE2ControlPlane will consider any failure to
                                  a machine unrelated\nfrom the previous one. In this
                                  case the remediation is not considered a retry anymore,
                                  and thus the retry\ncounter restarts from 0. For example,
                                  assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
                                  become unhealthy; remediation happens, and M1-1 is created
                                  as a replacement.\n\tIf M1-1 (replacement of M1) has
                                  problems within the 1hr after the creation, also\n\tthis
                                  machine will be remediated and this operation is considered
                                  a retry - a problem related\n\tto the original issue
                                  happened to M1 -.\n\n\tIf instead the problem on M1-1
                                  is happening after MinHealthyPeriod expired, e.g. four
                                  days after\n\tm1-1 has been created as a remediation
                                  of M1, the problem on M1-1 is considered unrelated to\n\tthe
                                  original issue happened to M1.\n\nIf not set, this value
                                  is defaulted to 1h."
                                type: string
                              retryPeriod:
                                description: |-
                                  retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
                                  for an unhealthy machine (a retry).
                                  If not set, a retry will happen immediately.
                                type: string
                            type: object
                          replicas:
                            description: Replicas is the number of replicas for the Control
                              Plane.
@@ -3601,9 +3808,15 @@ data:
                                      - rke2-coredns
                                      - rke2-ingress-nginx
                                      - rke2-metrics-server
                                      - rke2-snapshot-controller
                                      - rke2-snapshot-controller-crd
                                      - rke2-snapshot-validation-webhook
                                      type: string
                                    type: array
                                type: object
                              embeddedRegistry:
                                description: EmbeddedRegistry enables the embedded registry.
                                type: boolean
                              etcd:
                                description: Etcd defines optional custom configuration
                                  of ETCD.
@@ -3789,6 +4002,51 @@ data:
                                      if value is false, ETCD metrics will NOT be exposed
                                    type: boolean
                                type: object
                              externalDatastoreSecret:
                                description: |-
                                  ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore.
                                  The secret must contain a key named "endpoint" that contains the connection string for the external datastore.
                                properties:
                                  apiVersion:
                                    description: API version of the referent.
                                    type: string
                                  fieldPath:
                                    description: |-
                                      If referring to a piece of an object instead of an entire object, this string
                                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
                                      For example, if the object reference is to a container within a pod, this would take on a value like:
                                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
                                      the event) or if no container name is specified "spec.containers[2]" (container with
                                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                      referencing a part of an object.
                                    type: string
                                  kind:
                                    description: |-
                                      Kind of the referent.
                                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
                                    type: string
                                  name:
                                    description: |-
                                      Name of the referent.
                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
                                    type: string
                                  namespace:
                                    description: |-
                                      Namespace of the referent.
                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
                                    type: string
                                  resourceVersion:
                                    description: |-
                                      Specific resourceVersion to which this reference is made, if any.
                                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
                                    type: string
                                  uid:
                                    description: |-
                                      UID of the referent.
                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
                                    type: string
                                type: object
                                x-kubernetes-map-type: atomic
                              kubeAPIServer:
                                description: KubeAPIServer defines optional custom configuration
                                  of the Kube API Server.
@@ -3974,14 +4232,42 @@ data:
                    description: Initialized indicates the target cluster has completed
                      initialization.
                    type: boolean
                  lastRemediation:
                    description: lastRemediation stores info about last remediation performed.
                    properties:
                      machine:
                        description: machine is the machine name of the latest machine
                          being remediated.
                        maxLength: 253
                        minLength: 1
                        type: string
                      retryCount:
                        description: |-
                          retryCount used to keep track of remediation retry for the last remediated machine.
                          A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
                        type: integer
                      timestamp:
                        description: timestamp is when last remediation happened. It is
                          represented in RFC3339 form and is in UTC.
                        format: date-time
                        type: string
                    required:
                    - machine
                    - retryCount
                    - timestamp
                    type: object
                  observedGeneration:
                    description: ObservedGeneration is the latest generation observed
                      by the controller.
                    format: int64
                    type: integer
                  ready:
-                    description: Ready indicates the BootstrapData field is ready to be
+                    description: |-
-                      consumed.
+                      Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
                      to receive requests.
                      NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
                      The value of this field is never updated after provisioning is completed. Please use conditions
                      to check the operational state of the control plane.
                    type: boolean
                  readyReplicas:
                    description: ReadyReplicas is the number of replicas current attached
@@ -4097,6 +4383,14 @@ data:
      - patch
      - update
      - watch
    - apiGroups:
      - apiextensions.k8s.io
      resources:
      - customresourcedefinitions
      verbs:
      - get
      - list
      - watch
    - apiGroups:
      - authentication.k8s.io
      resources:
@@ -4248,6 +4542,8 @@ data:
            - --leader-elect
            - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
            - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
            - --v=${CAPRKE2_DEBUG_LEVEL:=0}
            - --concurrency=${CONCURRENCY_NUMBER:=10}
            command:
            - /manager
            env:
@@ -4263,7 +4559,7 @@ data:
              valueFrom:
                fieldRef:
                  fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.18.0
            imagePullPolicy: IfNotPresent
            livenessProbe:
              httpGet:
@@ -4493,10 +4789,28 @@ data:
      - major: 0
        minor: 12
        contract: v1beta1
      - major: 0
        minor: 13
        contract: v1beta1
      - major: 0
        minor: 14
        contract: v1beta1
      - major: 0
        minor: 15
        contract: v1beta1
      - major: 0
        minor: 16
        contract: v1beta1
      - major: 0
        minor: 17
        contract: v1beta1
      - major: 0
        minor: 18
        contract: v1beta1
 kind: ConfigMap
 metadata:
  creationTimestamp: null
-  name: v0.12.0
+  name: v0.18.0
  namespace: rke2-control-plane-system
  labels:
    provider-components: rke2-control-plane
--- a/rancher-turtles-chart/Chart.lock
+++ b/rancher-turtles-chart/Chart.lock
@@ -1,6 +1,6 @@
 dependencies:
 - name: cluster-api-operator
  repository: https://kubernetes-sigs.github.io/cluster-api-operator
-  version: 0.17.0
+  version: 0.18.1
-digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
+digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
-generated: "2025-02-27T10:39:03.203623466Z"
+generated: "2025-06-30T13:10:01.066923702Z"
--- a/rancher-turtles-chart/Chart.yaml
+++ b/rancher-turtles-chart/Chart.yaml
@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE%
 annotations:
  catalog.cattle.io/certified: rancher
  catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -7,17 +7,17 @@ annotations:
  catalog.cattle.io/namespace: rancher-turtles-system
  catalog.cattle.io/os: linux
  catalog.cattle.io/permits-os: linux
-  catalog.cattle.io/rancher-version: '>= 2.10.0-1'
+  catalog.cattle.io/rancher-version: '>= 2.11.0-1'
  catalog.cattle.io/release-name: rancher-turtles
  catalog.cattle.io/scope: management
  catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.17.0
+appVersion: 0.21.0
 dependencies:
 - condition: cluster-api-operator.enabled
  name: cluster-api-operator
  repository: file://./charts/cluster-api-operator
-  version: 0.17.0
+  version: 0.18.1
 description: Rancher Turtles is an extension to Rancher that brings full Cluster API
  integration to Rancher.
 home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.17.0"
+version: "%%CHART_MAJOR%%.0.5+up0.21.0"
--- a/rancher-turtles-chart/RELEASE_NOTES.md
+++ b/rancher-turtles-chart/RELEASE_NOTES.md
@@ -1,4 +1,6 @@
-gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
+## Changes since examples/v0.21.0
-  env:
+---
-    GH_TOKEN: ${{ github.token }}
+## :chart_with_upwards_trend: Overview
-: exit status 4
+
 _Thanks to all our contributors!_ 😊
--- a/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.17.0
+appVersion: 0.18.1
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.17.0
+version: 0.18.1
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
@@ -26,8 +26,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $addonNamespace }}
 ---
@@ -37,8 +39,10 @@ metadata:
  name: {{ $addonName }}
  namespace: {{ $addonNamespace }}
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}
 spec:
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
@@ -26,8 +26,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $bootstrapNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -36,8 +39,11 @@ metadata:
  name: {{ $bootstrapName }}
  namespace: {{ $bootstrapNamespace }}
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:
 {{- end}}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
@@ -26,8 +26,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $controlPlaneNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -36,8 +39,11 @@ metadata:
  name: {{ $controlPlaneName }}
  namespace: {{ $controlPlaneNamespace }}
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
 spec:
 {{- end}}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }}
+{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }}
 # Deploy core components if not specified
 {{- if not .Values.core }}
 ---
@@ -6,8 +6,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-system
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -16,8 +19,11 @@ metadata:
  name: cluster-api
  namespace: capi-system
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
  configSecret:
@@ -28,4 +34,3 @@ spec:
 {{- end }}
 {{- end }}
 {{- end }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
@@ -25,8 +25,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $coreNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -35,8 +38,10 @@ metadata:
  name: {{ $coreName }}
  namespace: {{ $coreNamespace }}
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
 spec:
@@ -45,8 +50,8 @@ spec:
  version: {{ $coreVersion }}
 {{- end }}
 {{- if $.Values.manager }}
  manager:
 {{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }}
  manager:
    featureGates:
    {{- range $key, $value := $.Values.manager.featureGates.core }}
      {{ $key }}: {{ $value }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
@@ -7,8 +7,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-kubeadm-bootstrap-system
 ---
@@ -18,8 +20,10 @@ metadata:
  name: kubeadm
  namespace: capi-kubeadm-bootstrap-system
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
@@ -37,8 +41,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: capi-kubeadm-control-plane-system
 ---
@@ -48,14 +54,16 @@ metadata:
  name: kubeadm
  namespace: capi-kubeadm-control-plane-system
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
 {{- if $.Values.manager }}
  manager:
 {{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
  manager:
    featureGates:
    {{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
      {{ $key }}: {{ $value }}
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
@@ -26,8 +26,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $infrastructureNamespace }}
 ---
@@ -37,8 +39,10 @@ metadata:
  name: {{ $infrastructureName }}
  namespace: {{ $infrastructureNamespace }}
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
@@ -47,8 +51,8 @@ spec:
  version: {{ $infrastructureVersion }}
 {{- end }}
 {{- if $.Values.manager }}
  manager:
 {{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }}
  manager:
 {{- range $key, $value := $.Values.manager.featureGates }}
  {{- if eq $key $infrastructureName }}
    featureGates:
--- a/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml
@@ -26,8 +26,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "1"
  name: {{ $ipamNamespace }}
 ---
@@ -37,8 +39,10 @@ metadata:
  name: {{ $ipamName }}
  namespace: {{ $ipamNamespace }}
  annotations:
    {{- if $.Values.enableHelmHook }}
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "2"
    {{- end }}
    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
@@ -47,8 +51,8 @@ spec:
  version: {{ $ipamVersion }}
 {{- end }}
 {{- if $.Values.manager }}
  manager:
 {{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
  manager:
 {{- range $key, $value := $.Values.manager.featureGates }}
  {{- if eq $key $ipamName }}
    featureGates:
--- a/rancher-turtles-chart/charts/cluster-api-operator/values.yaml
+++ b/rancher-turtles-chart/charts/cluster-api-operator/values.yaml
@@ -21,7 +21,7 @@ leaderElection:
 image:
  manager:
    repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.17.0
+    tag: v0.18.1
    pullPolicy: IfNotPresent
 env:
  manager: []
@@ -69,3 +69,4 @@ volumeMounts:
    - mountPath: /tmp/k8s-webhook-server/serving-certs
      name: cert
      readOnly: true
 enableHelmHook: true
--- a/rancher-turtles-chart/questions.yml
+++ b/rancher-turtles-chart/questions.yml
@@ -29,12 +29,6 @@ questions:
        description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
        label: "Enable RKE2 Provider"
        type: boolean
      - variable: rancherTurtles.features.addon-provider-fleet.enabled
        default: true
        description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles."
        type: boolean
        label: Seamless integration with Fleet and CAPI
        group: "Rancher Turtles Features Settings"
      - variable: rancherTurtles.features.agent-tls-mode.enabled
        default: false
        description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
@@ -42,7 +36,7 @@ questions:
        label: Enable Agent TLS Mode
        group: "Rancher Turtles Features Settings"
      - variable: rancherTurtles.kubectlImage
-        default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
+        default: "registry.suse.com/edge/3.3/kubectl:1.32.4"
        description: "Specify the image to use when running kubectl in jobs."
        type: string
        label: Kubectl Image
--- a/rancher-turtles-chart/templates/addon-provider-fleet.yaml
+++ b/rancher-turtles-chart/templates/addon-provider-fleet.yaml
@@ -1,5 +1,3 @@
 {{- if index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled" }}
 ---
 apiVersion: turtles-capi.cattle.io/v1alpha1
 kind: CAPIProvider
 metadata:
@@ -10,12 +8,6 @@ metadata:
    "helm.sh/hook-weight": "2"
 spec:
  type: addon
  deployment:
    containers:
    - name: manager
      imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
    - name: helm-manager
      imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
  additionalManifests:
    name: fleet-addon-config
    namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -35,10 +27,22 @@ data:
    metadata:
      name: fleet-addon-config
    spec:
      config:
        featureGates:
          configMap:
            ref:
              kind: ConfigMap
              apiVersion: v1
              name: rancher-config
              namespace: cattle-system
          experimentalOciStorage: true
          experimentalHelmOps: true
      clusterClass:
        patchResource: true
        setOwnerReferences: true
      cluster:
        agentNamespace: cattle-fleet-system
        applyClassGroup: true
        patchResource: true
        setOwnerReferences: true
        hostNetwork: true
@@ -54,4 +58,3 @@ data:
          matchExpressions:
            - key: cluster-api.cattle.io/disable-fleet-auto-import
              operator: DoesNotExist
 {{- end }}
--- a/rancher-turtles-chart/templates/deployment.yaml
+++ b/rancher-turtles-chart/templates/deployment.yaml
@@ -26,7 +26,7 @@ spec:
      containers:
      - args:
        - --leader-elect
-        - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
+        - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
        {{- range .Values.rancherTurtles.managerArguments }}
        - {{ . }}
        {{- end }}  
--- a/rancher-turtles-chart/templates/rancher-turtles-components.yaml
+++ b/rancher-turtles-chart/templates/rancher-turtles-components.yaml
@@ -3103,9 +3103,9 @@ spec:
            - message: Config secret namespace is always equal to the resource namespace
                and should not be set.
              rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)'
-            - message: One of fetchConfig url or selector should be set.
+            - message: One of fetchConfig oci, url or selector should be set.
-              rule: '!has(self.fetchConfig) || [has(self.fetchConfig.url), has(self.fetchConfig.selector)].exists_one(e,
+              rule: '!has(self.fetchConfig) || [has(self.fetchConfig.oci), has(self.fetchConfig.url),
-                e)'
+                has(self.fetchConfig.selector)].exists_one(e, e)'
          status:
            default: {}
            description: CAPIProviderStatus defines the observed state of CAPIProvider.
--- a/rancher-turtles-chart/values.schema.json
+++ b/rancher-turtles-chart/values.schema.json
@@ -0,0 +1,403 @@
 {
  "$schema": "http://json-schema.org/draft-07/schema#",
  "title": "Helm Chart Values Schema",
  "type": "object",
  "properties": {
    "turtlesUI": {
      "type": "object",
      "description": "Manages the UI component.",
      "properties": {
        "enabled": {
          "type": "boolean",
          "default": false,
          "description": "Turn UI on or off."
        },
        "version": {
          "type": "string",
          "default": "0.8.2",
          "description": "UI version to use."
        }
      }
    },
    "rancherTurtles": {
      "type": "object",
      "description": "Sets up the cluster management controller.",
      "properties": {
        "image": {
          "type": "string",
          "default": "controller",
          "description": "Controller container image."
        },
        "imageVersion": {
          "type": "string",
          "default": "v0.0.0",
          "description": "Image tag."
        },
        "imagePullPolicy": {
          "type": "string",
          "default": "IfNotPresent",
          "description": "Specify image pull policy."
        },
        "namespace": {
          "type": "string",
          "default": "rancher-turtles-system",
          "description": "Namespace for Turtles to run."
        },
        "managerArguments": {
          "type": "array",
          "default": [],
          "description": "Extra args for the controller.",
          "items": { "type": "string" }
        },
        "imagePullSecrets": {
          "type": "array",
          "default": [],
          "description": "Secrets for private registries.",
          "items": { "type": "string" }
        },
        "rancherInstalled": {
          "type": "boolean",
          "default": true,
          "description": "True if Rancher is already installed in the cluster."
        },
        "kubectlImage": {
          "type": "string",
          "default": "registry.k8s.io/kubernetes/kubectl:v1.30.0",
          "description": "Image for kubectl tasks."
        },
        "features": {
          "type": "object",
          "description": "Optional and experimental features.",
          "properties": {
            "day2operations": {
              "type": "object",
              "description": "Alpha feature.",
              "properties": {
                "enabled": {
                  "type": "boolean",
                  "default": false,
                  "description": "Turn on or off."
                },
                "image": {
                  "type": "string",
                  "default": "controller",
                  "description": "Image for day-2 ops."
                },
                "imageVersion": {
                  "type": "string",
                  "default": "v0.0.0",
                  "description": "Image tag."
                },
                "imagePullPolicy": {
                  "type": "string",
                  "default": "IfNotPresent",
                  "description": "Specify image pull policy."
                },
                "etcdBackupRestore": {
                  "type": "object",
                  "description": "Manages etcd backup/restore.",
                  "properties": {
                    "enabled": {
                      "type": "boolean",
                      "default": false,
                      "description": "Turn on (true) or off (false)."
                    }
                  }
                }
              }
            },
            "addon-provider-fleet": {
              "type": "object",
              "description": "Beta feature for fleet addons.",
              "properties": {
                "enabled": {
                  "type": "boolean",
                  "default": true,
                  "description": "Turn on or off."
                }
              }
            },
            "agent-tls-mode": {
              "type": "object",
              "description": "Alpha feature for agent TLS.",
              "properties": {
                "enabled": {
                  "type": "boolean",
                  "default": false,
                  "description": "Turn on or off."
                }
              }
            },
            "clusterclass-operations": {
              "type": "object",
              "description": "Alpha feature. Not ready for testing yet.",
              "properties": {
                "enabled": {
                  "type": "boolean",
                  "default": false,
                  "description": "Turn on or off."
                },
                "image": {
                  "type": "string",
                  "default": "controller",
                  "description": "Image for cluster class ops."
                },
                "imageVersion": {
                  "type": "string",
                  "default": "v0.0.0",
                  "description": "Image tag."
                },
                "imagePullPolicy": {
                  "type": "string",
                  "default": "IfNotPresent",
                  "description": "Pull policy."
                }
              }
            }
          }
        }
      }
    },
    "cluster-api-operator": {
      "type": "object",
      "description": "Manages Cluster API components.",
      "properties": {
        "enabled": {
          "type": "boolean",
          "default": true,
          "description": "Turn on or off."
        },
        "cert-manager": {
          "type": "object",
          "properties": {
            "enabled": {
              "type": "boolean",
              "default": false,
              "description": "Turn on or off."
            }
          }
        },
        "volumes": {
          "type": "array",
          "description": "Volumes for operator pods (certs, config).",
          "items": {
            "type": "object",
            "oneOf": [
              {
                "required": ["name", "secret"],
                "properties": {
                  "name": { "type": "string" },
                  "secret": {
                    "type": "object",
                    "properties": {
                      "defaultMode": {
                        "type": "integer",
                        "default": 420,
                        "description": "File permissions."
                      },
                      "secretName": {
                        "type": "string",
                        "default": "capi-operator-webhook-service-cert",
                        "description": "Secret for webhook certs."
                      }
                    }
                  }
                }
              },
              {
                "required": ["name", "configMap"],
                "properties": {
                  "name": { "type": "string" },
                  "configMap": {
                    "type": "object",
                    "properties": {
                      "name": {
                        "type": "string",
                        "default": "clusterctl-config",
                        "description": "ConfigMap for clusterctl."
                      }
                    }
                  }
                }
              }
            ]
          }
        },
        "image": {
          "type": "object",
          "properties": {
            "manager": {
              "type": "object",
              "properties": {
                "repository": {
                  "type": "string",
                  "default": "registry.rancher.com/rancher/cluster-api-operator",
                  "description": "Image repo."
                }
              }
            }
          }
        },
        "volumeMounts": {
          "type": "object",
          "properties": {
            "manager": {
              "type": "array",
              "description": "Mount volumes to pods.",
              "items": {
                "type": "object",
                "properties": {
                  "mountPath": { "type": "string" },
                  "name": { "type": "string" },
                  "readOnly": {
                    "type": "boolean",
                    "default": true,
                    "description": "Mount as read-only."
                  }
                }
              }
            }
          }
        },
        "resources": {
          "type": "object",
          "properties": {
            "manager": {
              "type": "object",
              "properties": {
                "limits": {
                  "type": "object",
                  "properties": {
                    "cpu": {
                      "type": "string",
                      "description": "CPU limit."
                    },
                    "memory": {
                      "type": "string",
                      "description": "Memory limit."
                    }
                  }
                },
                "requests": {
                  "type": "object",
                  "properties": {
                    "cpu": {
                      "type": "string",
                      "description": "CPU request."
                    },
                    "memory": {
                      "type": "string",
                      "description": "Memory request."
                    }
                  }
                }
              }
            }
          }
        },
        "cleanup": {
          "type": "boolean",
          "default": true,
          "description": "Enable cleanup tasks."
        },
        "cluster-api": {
          "type": "object",
          "description": "Cluster API component settings.",
          "properties": {
            "enabled": {
              "type": "boolean",
              "default": true,
              "description": "Turn on or off."
            },
            "configSecret": {
              "type": "object",
              "properties": {
                "name": {
                  "type": "string",
                  "default": "",
                  "description": "Custom secret name (if overriding)."
                },
                "defaultName": {
                  "type": "string",
                  "default": "capi-env-variables",
                  "description": "Default secret name."
                }
              }
            },
            "core": {
              "type": "object",
              "properties": {
                "namespace": {
                  "type": "string",
                  "default": "capi-system",
                  "description": "Core component namespace."
                },
                "imageUrl": {
                  "type": "string",
                  "default": "",
                  "description": "Custom image URL."
                },
                "fetchConfig": {
                  "type": "object",
                  "properties": {
                    "url": { "type": "string", "default": "" },
                    "selector": { "type": "string", "default": "" }
                  }
                }
              }
            },
            "rke2": {
              "type": "object",
              "properties": {
                "enabled": {
                  "type": "boolean",
                  "default": true,
                  "description": "Turn on or off."
                },
                "version": {
                  "type": "string",
                  "default": "",
                  "description": "RKE2 version."
                },
                "bootstrap": {
                  "type": "object",
                  "properties": {
                    "namespace": {
                      "type": "string",
                      "default": "rke2-bootstrap-system"
                    },
                    "imageUrl": { "type": "string", "default": "" },
                    "fetchConfig": {
                      "type": "object",
                      "properties": {
                        "url": { "type": "string", "default": "" },
                        "selector": { "type": "string", "default": "" }
                      }
                    }
                  }
                },
                "controlPlane": {
                  "type": "object",
                  "properties": {
                    "namespace": {
                      "type": "string",
                      "default": "rke2-control-plane-system"
                    },
                    "imageUrl": { "type": "string", "default": "" },
                    "fetchConfig": {
                      "type": "object",
                      "properties": {
                        "url": { "type": "string", "default": "" },
                        "selector": { "type": "string", "default": "" }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }
    }
  }
 }
--- a/Show More
+++ b/Show More
Author	SHA256	Message	Date
Nicolas Belouin	45343089f7	Merge pull request 'Backport LACP fix to 3.3' (#290 ) from nbelouin/Factory:IPA_Driver_33 into 3.3 Reviewed-on: suse-edge/Factory#290 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-10-30 09:34:21 +01:00
Nicolas Belouin	3aae51cfae	Bump metal3-chart version Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-10-29 14:08:27 +01:00
Nicolas Belouin	75cc915112	fix(ironic-ipa-downloader-image): Remove duplicate file in image Remove the initramfs and kernel being copied twice in the image Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-10-29 14:08:27 +01:00
Nicolas Belouin	ad45235c74	Remove kernel modules filter Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `28f7c4b074`)	2025-10-29 14:08:27 +01:00
Nicolas Belouin	947493ce38	Update versions for metal3-chart Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `5cbf832b02`)	2025-10-29 14:08:27 +01:00
Nicolas Belouin	6e914e78fd	Fix upgrade issue Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `7cf1b8ea26`)	2025-10-29 14:08:27 +01:00
Nicolas Belouin	9c481c528a	Bump mariadb chart Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `83b44c9bc7`)	2025-10-29 14:08:27 +01:00
Denislav Prodanov	b784e686ce	Merge pull request '[3.3.3] - bump release manifest versions' (#283 ) from dprodanov/Factory:3.3.3 into 3.3 Reviewed-on: suse-edge/Factory#283 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-10-10 12:38:22 +02:00
dprodanov4	c82b927ab8	[3.3.3] - bump release manifest versions	2025-10-10 12:53:20 +03:00
Denislav Prodanov	c79a6c5dcc	Merge pull request 'created 3.3.3 RM' (#265 ) from dprodanov/Factory:3.3.3 into 3.3 Reviewed-on: suse-edge/Factory#265 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-09-11 09:49:08 +02:00
Denislav Prodanov	04e92de18a	created 3.3.3 RM	2025-09-11 10:19:33 +03:00
Denislav Prodanov	1d8d3b3924	Merge pull request 'changed the entry point for pre-commit to call the script from the venv' (#249 ) from backport-pre-commit-fix into 3.3 Reviewed-on: suse-edge/Factory#249 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-08-29 11:38:33 +02:00
Denislav Prodanov	019c3da9db	changed the entry point for pre-commit to call the script from the venv	2025-08-29 10:54:43 +02:00
Denislav Prodanov	6029137fb3	Merge pull request '[3.3.2] - fixed neuvector version' (#242 ) from dprodanov/Factory:3.3.2-fix into 3.3 Reviewed-on: suse-edge/Factory#242 Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>	2025-08-20 12:03:04 +02:00
Denislav Prodanov	51b4330cab	[3.3.2] - fixed neuvector version	2025-08-20 12:25:17 +03:00
Denislav Prodanov	8596d9328b	Update release-manifest-image/release_manifest.yaml	2025-08-05 14:45:43 +02:00
Denislav Prodanov	7649db04b8	Merge pull request 'create release manifest for 3.3.2' (#227 ) from dprodanov/Factory:3.3.2 into 3.3 Reviewed-on: suse-edge/Factory#227 Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>	2025-08-05 10:47:51 +02:00
Denislav Prodanov	47ad45bfab	create release manifest for 3.3.2	2025-08-05 10:15:01 +03:00
Nicolas Belouin	4fdcb0ecb7	Merge pull request '[3.3] Add pre-commit to update release manifest' (#219 ) from nbelouin/Factory:backport-precommit-3.3 into 3.3 Reviewed-on: suse-edge/Factory#219 Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org> Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-07-31 08:36:19 +02:00
Nicolas Belouin	7723e20aa0	Add pre-commit to update release manifest Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `c3f1be5640`) Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-07-31 08:35:01 +02:00
Steven Hardy	4434e36b70	release-manifest: Update rancher-turtles versions (cherry picked from commit `d45c9764a4`)	2025-07-29 18:15:47 +03:00
Steven Hardy	2f235ceb1a	rancher-turtles-airgap-resources: Update to 0.21.0 Updates to align with rancher-turtles chart This also overides the RKE2 provider version to 0.18.0 so we can consume recent fixes, in particular rancher/cluster-api-provider-rke2#684 (cherry picked from commit `efd8bf1075`)	2025-07-29 18:14:53 +03:00
Steven Hardy	8816f3b054	rancher-turtles: Update 0.21.0 Also update CAPI operator and CAPM3 versions This also overides the RKE2 provider version to 0.18.0 so we can consume recent fixes, in particular rancher/cluster-api-provider-rke2#684 (cherry picked from commit `892400cea7`)	2025-07-29 18:14:41 +03:00
Denislav Prodanov	453f3564aa	Merge pull request 'kiwi-builder-image: Remove failure if package version mismatch' (#190 ) from backport/kiwi-builder-image into 3.3 Reviewed-on: suse-edge/Factory#190 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-06-10 16:44:33 +02:00
Denislav Prodanov	421b511d19	kiwi-builder-image: Remove failure if package version mismatch Remove the automatic failure if repo package and base image are mismatched. This is needed to prevent automation from failing when updated base image doesn't exists. Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-06-10 16:35:45 +02:00
Denislav Prodanov	1f1e6eae55	Merge pull request 'Fix issues with config and meta when releasing' (#191 ) from backport/config-issues into 3.3 Reviewed-on: suse-edge/Factory#191 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-06-10 16:24:03 +02:00
Denislav Prodanov	d32507597f	Fix issues with config and meta when releasing Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-06-10 16:22:51 +02:00
Denislav Prodanov	eaa7dad6f6	Merge pull request '[3.3.1] - bump turtles airgap version to align with the other turtle chart version' (#189 ) from backport/turtles-airgap into 3.3 Reviewed-on: suse-edge/Factory#189 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-06-10 13:24:34 +02:00
Denislav Prodanov	9b502acd83	[3.3.1] - bump turtles airgap version to align with the other turtle chart version	2025-06-10 13:19:21 +02:00
Denislav Prodanov	49894ba16d	Merge pull request 'bump uc and turtles version as a follow up of the kubectl image bump' (#186 ) from bump-charts into 3.3 Reviewed-on: suse-edge/Factory#186 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-06-10 12:30:40 +02:00
Denislav Prodanov	43d5ffa2bd	Merge pull request 'create new kubectl image' (#187 ) from kubectl-bump into 3.3 Reviewed-on: suse-edge/Factory#187 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-06-10 12:30:02 +02:00
Denislav Prodanov	13b4cd50e2	create new kubectl image	2025-06-10 11:37:24 +02:00
Denislav Prodanov	93f5662ace	bump uc and turtles version as a follow up of the kubectl image bump	2025-06-10 11:22:05 +02:00
Denislav Prodanov	a7284b5d35	Merge pull request 'release-manifest: fix version' (#182 ) from dprodanov/Factory:release-manifest-version into 3.3 Reviewed-on: suse-edge/Factory#182 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org> Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-06-10 10:18:55 +02:00
Denislav Prodanov	312688449c	release-manifest: fix version	2025-06-10 11:02:47 +03:00
dbw7	cfc89b579d	EIB updates for 1.2.1	2025-06-09 13:57:45 -04:00
Steven Hardy	a089bf30e4	release-manifest: update rancher-turtles version (cherry picked from commit `f92f3600e6`)	2025-06-06 14:28:29 +01:00
Steven Hardy	6dc2406148	rancher-turtles-airgap-resources: Updates for 0.20.0 To align with https://github.com/suse-edge/charts/pull/221 (cherry picked from commit `e379d5df4e`)	2025-06-06 14:28:13 +01:00
Steven Hardy	1928a4cc98	rancher-turtles-chart: Updates for 0.20.0 To align with https://github.com/suse-edge/charts/pull/221 (cherry picked from commit `346d6137fe`)	2025-06-06 14:27:52 +01:00
Steven Hardy	5c48860dcd	release-manifest: 3.3.1 version bumps Updates to consume the latest patch releases from Rancher, RKE2/k3s and Neuvector (cherry picked from commit `9dc5ba4c52`)	2025-06-06 13:42:07 +01:00
Nicolas Belouin	2f6c9b294c	Merge pull request '[3.3] Metal3: fix BMO restart issues and NMC fix' (#170 ) from nbelouin/Factory:backport-metal3-fixes into 3.3 Reviewed-on: suse-edge/Factory#170 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-06-06 14:20:37 +02:00
Nicolas Belouin	cfad38ccb4	Fix metal3 chart issues Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `ec7da715f4`)	2025-06-05 08:41:35 +02:00
Nicolas Belouin	1872e09bdf	metal3-chart: fixup remove forgotten file Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `1ad6c99257`)	2025-06-05 08:41:35 +02:00
Steven Hardy	d15eb56f43	Bump EIB tag to 1.2.0.1 Follow up to #166 which bumped NMC and the related IPA downloader image, we also need to bump EIB since it also consumes the updated NMC version (cherry picked from commit `12e91c2102`)	2025-06-05 08:41:35 +02:00
Nicolas Belouin	c97db6d3a3	Bump ipa ramdisk version for nm-config fix Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `bdaa422813`)	2025-06-03 15:07:22 +02:00
Nicolas Belouin	fbdab3228e	Bump nm-configurator to 0.3.3 Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `c25bf622bc`)	2025-06-03 15:07:22 +02:00
Nicolas Belouin	e6f27f3ecc	Add annotations to force rollout of pods on config change Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `629e96dded`)	2025-06-03 15:07:22 +02:00
Nicolas Belouin	4fab8da5d5	Add bmo inotify hook Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `c190a1c800`)	2025-06-03 15:07:22 +02:00
Denislav Prodanov	1583758ffa	Merge pull request 'fix typo in network-operator' (#163 ) from dprodanov-patch-1 into 3.3 Reviewed-on: suse-edge/Factory#163 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-20 15:38:41 +02:00
Denislav Prodanov	9cf01c4934	fix typo in network-operator	2025-05-20 15:37:57 +02:00
Denislav Prodanov	5c9ab033b3	Merge pull request 'release-manifest-image: Update NeuVector Extension to 2.1.3' (#161 ) from dprodanov-patch-1 into 3.3 Reviewed-on: suse-edge/Factory#161 Reviewed-by: Jiří Tomášek <jtomasek@noreply.src.opensuse.org>	2025-05-20 10:04:00 +02:00
Denislav Prodanov	8138909378	release-manifest-image: Update NeuVector Extension to 2.1.3 Chart: https://github.com/rancher/ui-plugin-charts/blob/main/charts/neuvector-ui-ext/2.1.3/Chart.yaml Release: https://github.com/neuvector/manager-ext/releases/tag/neuvector-ui-ext-2.1.3	2025-05-20 09:56:13 +02:00
Nicolas Belouin	e55661d20b	Merge pull request '[3.3.0] Fix rancher turtles airgap chart prefix' (#159 ) from nbelouin/Factory:fix_airgap_prefix_3.3 into 3.3 Reviewed-on: suse-edge/Factory#159 Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>	2025-05-16 14:06:54 +02:00
Nicolas Belouin	7ba1026bf5	Fix rancher turtles airgap chart prefix Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com> (cherry picked from commit `c37782e077`)	2025-05-16 13:14:44 +02:00
Denislav Prodanov	5b6a86f405	Update .obs/common.py	2025-05-16 10:41:06 +02:00
Nicolas Belouin	71257047ed	Merge pull request 'Fix udev rule in IPA image and bump the metal3 chart to 0.11.3' (#157 ) from mchiappero/Factory:metal3-0.11.3 into main Reviewed-on: suse-edge/Factory#157 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-16 09:56:06 +02:00
Marco Chiappero	477a4e15eb	metal3-chart: bump version to include IPA image 3.0.6 Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-05-16 07:22:27 +00:00
Marco Chiappero	be0d25d8f7	ironic-ipa-downloader-image: update to the latest 3.0.6 image Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-05-15 16:35:30 +00:00
Marco Chiappero	70a42948aa	ironic-ipa-ramdisk: make sure the udev rule is also matched on changes Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-05-15 16:31:13 +00:00
Nicolas Belouin	fb0f99ee20	Merge pull request 'add a tool to check local charts version in release manifest' (#149 ) from nbelouin/Factory:check_manifest into main Reviewed-on: suse-edge/Factory#149 Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>	2025-05-15 16:59:56 +02:00
Nicolas Belouin	cc8d3fe431	add a tool to check local charts version in release manifest Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-15 16:50:32 +02:00
Nicolas Belouin	4ee8e8c6f2	Merge pull request 'akri-dashboard-extension-chart: update to version 303.0.2+up1.3.1' (#156 ) from jtomasek/Factory:akri-dashboard-extension-chart-303.0.2+up1.3.1 into main Reviewed-on: suse-edge/Factory#156 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-15 16:47:54 +02:00
Nicolas Belouin	79268b8e71	Merge pull request 'kubevirt-dashboard-extension-chart: update to version 303.0.2+up1.3.2' (#155 ) from jtomasek/Factory:kubevirt-dashboard-extension-chart-303.0.2+up1.3.2 into main Reviewed-on: suse-edge/Factory#155 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-15 16:10:53 +02:00
Jiri Tomasek	d5e487518a	akri-dashboard-extension-chart: update to version 303.0.2+up1.3.1	2025-05-15 14:35:35 +02:00
Denislav Prodanov	a7d128b8c4	updated sriov images	2025-05-15 14:06:32 +02:00
Jiri Tomasek	d97b554f8c	kubevirt-dashboard-extension-chart: update to version 303.0.2+up1.3.2	2025-05-15 13:27:08 +02:00
Steven	1ca6ea51ea	release-manifest-image: update rancher-turtles version	2025-05-15 12:05:06 +03:00
Steven	c9b9e2223b	rancher-turtles-airgap-resources-chart: align with 0.8.1	2025-05-15 11:55:40 +03:00
Steven	027df1b35c	rancher-turtles-chart: Updates to align with 0.8.1 Align with https://github.com/suse-edge/charts/pull/214 so we can consume the RKE2 provider bugfix	2025-05-15 11:40:30 +03:00
Danial Bekhit	e7448eeb1c	Merge pull request 'Update to official EIB v1.2.0 tag' (#151 ) from dbekhit/Factory:main into main Reviewed-on: suse-edge/Factory#151 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-13 17:34:14 +02:00
dbw7	fb4d399f0f	update to official EIB v1.2.0 tag	2025-05-13 10:35:41 -04:00
Nicolas Belouin	f47b6df822	Merge pull request 'Reduce the size of the IPA ramfs' (#147 ) from nbelouin/Factory:ipa-explode-rootfs into main Reviewed-on: suse-edge/Factory#147 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org> Reviewed-by: Marco Chiappero <mchiappero@noreply.src.opensuse.org>	2025-05-13 14:13:00 +02:00
Nicolas Belouin	4e3f1b61fd	Use up to date rootfs Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-13 11:13:24 +02:00
Nicolas Belouin	df60bb2ed3	Fix get-resource.sh for single arch images Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-12 13:52:00 +02:00
Steven Hardy	3a654b9826	rancher-turtles: updates for 0.19.0	2025-05-09 18:25:21 +01:00
Nicolas Belouin	15e4de98a7	Bump versions Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-09 16:06:28 +02:00
Steven Hardy	fe8d0ba120	rancher-turtles-airgap-resources: Updates for 0.19.0	2025-05-09 15:05:52 +01:00
Nicolas Belouin	0b431c75e2	Try reduce image size Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-09 16:01:04 +02:00
Nicolas Belouin	a59e253ecd	Try exploding the tarball Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-09 16:01:02 +02:00
Nicolas Belouin	b28f7a5817	Merge pull request 'Update the metal3-chart to fix the IPA ramdisk with multiple config-2 drives' (#145 ) from mchiappero/Factory:metal3_0.11.1 into main Reviewed-on: suse-edge/Factory#145 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org> Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-09 15:58:42 +02:00
Marco Chiappero	c6b78eb569	Update metal3-chart to leverage IPA downloader 3.0.4 Change the version of the metal3-chart include the latest IPA fixes, and update the release manifest accordingly. Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-05-09 12:18:07 +00:00
Marco Chiappero	8f7747415c	Update the IPA ramdisk and downloader to 3.0.4 Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>	2025-05-09 12:17:44 +00:00
Denislav Prodanov	e5ba38d02f	Merge pull request '[3.3.0] - update sriov chart' (#148 ) from dprodanov/Factory:sriov-update into main Reviewed-on: suse-edge/Factory#148 Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>	2025-05-09 11:52:57 +02:00
Denislav Prodanov	f221cf4b37	[3.3.0] - update sriov chart	2025-05-09 12:29:17 +03:00
Nicolas Belouin	f42ac11716	Merge pull request 'Do a multibuild for IPA image so we also have lighter single architecture images' (#130 ) from nbelouin/Factory:ipa-multibuild into main Reviewed-on: suse-edge/Factory#130 Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>	2025-05-09 10:18:34 +02:00
Denislav Prodanov	08ef2fe86f	Merge pull request '[3.3.0] - update cdi version' (#144 ) from dprodanov/Factory:cdi-update into main Reviewed-on: suse-edge/Factory#144 Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>	2025-05-08 10:38:32 +02:00
Denislav Prodanov	ad221cd94e	Merge pull request '[3.3.0] - update kubevirt and sriov in release-manifest' (#143 ) from dprodanov/Factory:release-manifest-update into main Reviewed-on: suse-edge/Factory#143 Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>	2025-05-08 10:38:26 +02:00
Denislav Prodanov	81a856e586	Merge pull request '[3.3.0] - update sriov to 1.5.0' (#142 ) from dprodanov/Factory:sriov-1-5-0 into main Reviewed-on: suse-edge/Factory#142 Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>	2025-05-08 10:38:09 +02:00
Denislav Prodanov	3c9ebbd7ef	[3.3.0] - update sriov to 1.5.0	2025-05-08 10:47:37 +03:00
Denislav Prodanov	03018e5cd1	[3.3.0] - update cdi version	2025-05-07 20:03:45 +03:00
Denislav Prodanov	e91096e13e	[3.3.0] - update kubevirt and sriov in release-manifest	2025-05-07 19:44:16 +03:00
Nicolas Belouin	93f3abfeb5	Do a multibuild for IPA image so we also have lighter single architecture images Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>	2025-05-07 14:33:32 +02:00
Steven Hardy	2c4991cb24	Update versions for 3.3 Rancher prime 2.11.1 was released, so align with that and updated Longhorn/Neuvector/Elemental and Metal3 charts	2025-05-06 15:34:15 +01:00
		`@@ -0,0 +1 @@`
							`ironic-python-agent/ironic-python-agent.conf.d`
		`@@ -0,0 +1 @@`
							`SUSE Ironic Python Agent Ramdisk - terminal \l`
		`@@ -0,0 +1,2 @@`
							`# avoid problems with multiple network interfaces`
							`net.ipv4.conf.all.rp_filter=0`
		`@@ -0,0 +1 @@`
							`ACTION=="add\|change", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa"`