crameleon/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: crameleon:main
Branches Tags
crameleon:main crameleon:py311 crameleon:3.5 crameleon:3.4 crameleon:3.3 crameleon:3.2 crameleon:kubectl-1.32.4 crameleon:devel suse-edge:3.5 suse-edge:main suse-edge:3.4 suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
pull from: crameleon:3.5
Branches Tags
crameleon:py311 crameleon:3.5 crameleon:main crameleon:3.4 crameleon:3.3 crameleon:3.2 crameleon:kubectl-1.32.4 crameleon:devel suse-edge:3.5 suse-edge:main suse-edge:3.4 suse-edge:3.3 suse-edge:3.2 suse-edge:devel

16 Commits
main ... 3.5

Author SHA256 Message Date
Denislav Prodanov
a138f3dbfa Merge pull request '[3.5.0] - UC 0.1.3' 
Reviewed-on: suse-edge/Factory#365
 2026-01-20 16:11:20 +01:00
Nicolas Belouin
f6b632eda6 Merge pull request 'Update release images with 3.5 pre release run' (#371) from nbelouin/Factory:backport-369 into 3.5 
Reviewed-on: suse-edge/Factory#371
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2026-01-20 09:12:37 +01:00
Nicolas Belouin
144486306c Update release images with 3.5 pre release run 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
(cherry picked from commit 99a05ea424)
 2026-01-19 16:26:11 +01:00
dbw7
cb4af76fa0 changes to EIB for v1.3.2 
Backport #364 - Squashed commits which were merged to main

changes to EIB for v1.3.2-rc0

(cherry picked from commit 90e12f7065)

change to official tag

(cherry picked from commit ccc1c66636)
 2026-01-19 09:47:29 +00:00
Steven Hardy
1c10c380e1 release-manifest: bump elemental-operator to 1.8.0 
The SCC elemental-register for SLM 6.2 is 1.8.0 so we should align the operator version

(cherry picked from commit 368609ca5c)
 2026-01-16 13:20:05 +00:00
Denislav Prodanov
e51cca16c3 Merge pull request '[3.5.0] - test upgrade controller rc1' (#358) 
Reviewed-on: suse-edge/Factory#358
 2026-01-15 13:59:29 +01:00
Steven Hardy
8db13413e7 metallb-chart: override frr-k8s kube-rbac-proxy tag 
The version we're building is 0.19.1 but the nested chart specifies
an older version

(cherry picked from commit eab4d9bbe3)
 2026-01-14 14:59:49 +01:00
Denislav Prodanov
1333cc401c Backport '[3.5.0] - update to new longhorn version' (#359) 
Reviewed-on: suse-edge/Factory#359
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2026-01-14 12:18:47 +01:00
Steven Hardy
25eaabb8d0 release-manifest: update cert-manager version 
According to https://cert-manager.io/docs/releases/ we need 1.19 for 1.34 support

(cherry picked from commit 1cd255c949)
 2026-01-12 10:06:47 +00:00
Steven Hardy
e339e83e5e rancher-turtles-providers: Add upstream version suffix 
Aligns with https://github.com/rancher/prime-charts/tree/dev-v2.13/charts/rancher-turtles-providers/108.0.1%2Bup0.25.1

(cherry picked from commit 184c9f74fa)
 2026-01-09 16:10:19 +00:00
Steven Hardy
de11400ba4 release-manifest: allow build on arm 
Although the upgrade controller flow isn't fully tested on ARM yet
it's useful to have the release manifest image available, for example
to enable developer automation which consumes the release manifest image.

(cherry picked from commit c0c01e7638)
 2026-01-09 16:10:03 +00:00
Steven Hardy
01db79b971 rancher-turtles: Remove rancher-turtles chart 
The rancher-turtles and rancher-turtles-airgap-resources charts
have been replaced by the rancher-integrated turtles in 2.13 and
the edge rancher-turtles-providers chart

(cherry picked from commit a6a3d2ac69)
 2026-01-09 16:09:43 +00:00
Steven Hardy
01d21108fc rancher-turtles-providers: tolerate existing namespaces 
On upgrade these namespaces may already exist as they are created by the
current rancher-turtles edge chart, so in this case skip namespace creation.

(cherry picked from commit 896f79e0f2)
 2026-01-09 16:09:19 +00:00
Antonio Alonso Alarcon
5dbf69e7d2 Adds operator-webhook-load-renewed-certs.patch to sriov-network-operator srpm 
(cherry picked from commit a164be3522)
 2025-12-24 01:33:32 +01:00
Antonio Alonso Alarcon
8833455709 Adds injector-webhook-load-renewed-certs.patch to network-resources-injector srpm 
(cherry picked from commit 417601ec1d)
 2025-12-24 01:32:46 +01:00
dprodanov4
5ca554f039 [3.5.0] - cutoff branch for 3.5 release 2025-12-23 14:28:47 +02:00
57 changed files with 201 additions and 20426 deletions
Expand all files Collapse all files

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:Factory"
PROJECT = "isv:SUSE:Edge:3.5"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "main"
BRANCH = "3.5"

5
_config
View File

@@ -71,11 +71,10 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: excludebuild:frr-image
BuildFlags: excludebuild:frr-k8s
BuildFlags: excludebuild:frr-k8s-image
# Upgrade controller
BuildFlags: excludebuild:release-manifest-image
BuildFlags: excludebuild:upgrade-controller
BuildFlags: excludebuild:upgrade-controller-image
BuildFlags: excludebuild:upgrade-controller-image
%endif
%endif

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.2
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.3.2-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -14,11 +14,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.3.1"
LABEL org.opencontainers.image.version="1.3.2"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.3.2-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

8
edge-image-builder/_service
View File

@@ -3,13 +3,17 @@
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.3.1</param>
<param name="revision">v1.3.2</param>
<!-- Uncomment and set this For Pre-Release Version -->
<!-- <param name="version">1.3.1</param> -->
<!-- <param name="version">1.3.2~rc0</param> -->
<!-- End Here -->
<!-- Uncomment and this for regular version -->
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<!-- End Here -->
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">

2
edge-image-builder/edge-image-builder.spec
View File

@@ -17,7 +17,7 @@
Name: edge-image-builder
Version: 1.3.1
Version: 1.3.2
Release: 0
Summary: Edge Image Builder
License: Apache-2.0

1
metallb-chart/values.yaml
View File

@@ -384,6 +384,7 @@ metallb-frr-k8s:
prometheus:
rbacProxy:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
tag: "0.19.1"
frrk8s:
image:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s"

39
network-resources-injector/injector-webhook-load-renewed-certs.patch Normal file
View File

@@ -0,0 +1,39 @@
diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
index 1c8f418..b21de81 100644
--- a/cmd/webhook/main.go
+++ b/cmd/webhook/main.go
@@ -121,7 +121,7 @@ func main() {
// initialize webhook with controlSwitches
webhook.SetControlSwitches(controlSwitches)
- //initialize webhook with cache
+ // initialize webhook with cache
netAnnotationCache := netcache.Create()
netAnnotationCache.Start()
webhook.SetNetAttachDefCache(netAnnotationCache)
@@ -192,11 +192,10 @@ func main() {
certUpdated := false
keyUpdated := false
+ watcher.Add(*cert)
+ watcher.Add(*key)
for {
- watcher.Add(*cert)
- watcher.Add(*key)
-
select {
case event, ok := <-watcher.Events:
if !ok {
@@ -209,9 +208,11 @@ func main() {
glog.V(2).Infof("modified file: %v", event.Name)
if event.Name == *cert {
certUpdated = true
+ watcher.Add(*cert)
}
if event.Name == *key {
keyUpdated = true
+ watcher.Add(*key)
}
if keyUpdated && certUpdated {
if err := keyPair.Reload(); err != nil {

3
network-resources-injector/network-resources-injector.spec
View File

@@ -24,6 +24,9 @@ License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/network-resources-injector
Source: %{name}-%{version}.tar
Source1: vendor.tar.gz
# Patch1 below backports changes from PR#187 (https://github.com/k8snetworkplumbingwg/network-resources-injector/pull/187);
# to be removed once bumping (>= v1.9.0 upstream)
Patch1: injector-webhook-load-renewed-certs.patch
BuildRequires: golang(API) = 1.24
ExcludeArch: s390
ExcludeArch: %{ix86}

10
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +0,0 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.7_up0.24.3
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.7_up0.24.3-%RELEASE%
apiVersion: v2
appVersion: 0.24.3
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.7+up0.24.3"

33
rancher-turtles-airgap-resources-chart/README.md
View File

@@ -1,33 +0,0 @@
# Deploy Rancher Turtles in airgapped scenarios
To simplify deployment of the suse-edge rancher-turtles wrapper chart in airgapped scenarios
this chart deploys the corresponding ConfigMap resources, as described in the
[Rancher Turtles Documentation](https://turtles.docs.rancher.com/getting-started/air-gapped-environment)
In addition to installing the chart, it will be necessary to adjust the rancher-turtles chart values:
```
cluster-api-operator:
cluster-api:
core:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"core\"}}"
rke2:
bootstrap:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"rke2-bootstrap\"}}"
controlPlane:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"rke2-control-plane\"}}"
metal3:
infrastructure:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"metal3\"}}"
ipam:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"metal3ipam\"}}"
fleet:
addon:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"fleet\"}}"
```

10
rancher-turtles-airgap-resources-chart/_service
View File

@@ -1,10 +0,0 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

65
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

899
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
View File

@@ -1,899 +0,0 @@
apiVersion: v1
data:
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: fleetaddonconfigs.addons.cluster.x-k8s.io
spec:
group: addons.cluster.x-k8s.io
names:
categories: []
kind: FleetAddonConfig
plural: fleetaddonconfigs
shortNames: []
singular: fleetaddonconfig
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
properties:
spec:
description: This provides a config for fleet addon functionality
properties:
cluster:
description: |-
Enable Cluster config funtionality.
This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels.
nullable: true
properties:
agentEnvVars:
description: '`AgentEnvVars` are extra environment variables to
be added to the agent deployment.'
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
nullable: true
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
nullable: true
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
nullable: true
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
nullable: true
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
nullable: true
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
nullable: true
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
nullable: true
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
nullable: true
type: string
divisor:
description: Specifies the output format of the
exposed resources, defaults to "1"
nullable: true
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
nullable: true
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the Secret or its key
must be defined
nullable: true
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
nullable: true
type: array
agentNamespace:
description: Namespace selection for the fleet agent
nullable: true
type: string
agentTolerations:
description: Agent taint toleration settings for every cluster
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
nullable: true
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
nullable: true
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
nullable: true
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
nullable: true
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
nullable: true
type: string
type: object
nullable: true
type: array
applyClassGroup:
description: Apply a `ClusterGroup` for a `ClusterClass` referenced
from a different namespace.
nullable: true
type: boolean
hostNetwork:
description: 'Host network allows to deploy agent configuration
using hostNetwork: true setting which eludes dependency on the
CNI configuration for the cluster.'
nullable: true
type: boolean
namespaceSelector:
description: Namespace label selector. If set, only clusters in
the namespace matching label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
naming:
description: Naming settings for the fleet cluster
nullable: true
properties:
prefix:
description: Specify a prefix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
suffix:
description: Specify a suffix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
type: object
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
selector:
description: Cluster label selector. If set, only clusters matching
label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
required:
- namespaceSelector
- selector
type: object
clusterClass:
description: |-
Enable clusterClass controller functionality.
This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name.
nullable: true
properties:
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
type: object
config:
nullable: true
properties:
bootstrapLocalCluster:
description: Enable auto-installation of a fleet agent in the
local cluster.
nullable: true
type: boolean
featureGates:
description: feature gates controlling experimental features
nullable: true
properties:
configMap:
description: '`FeaturesConfigMap` references a `ConfigMap`
where to apply feature flags. If a `ConfigMap` is referenced,
the controller will update it instead of upgrading the Fleet
chart.'
nullable: true
properties:
ref:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
experimentalHelmOps:
description: Enables experimental Helm operations support.
type: boolean
experimentalOciStorage:
description: Enables experimental OCI storage support.
type: boolean
required:
- experimentalHelmOps
- experimentalOciStorage
type: object
server:
description: fleet server url configuration options
nullable: true
oneOf:
- required:
- inferLocal
- required:
- custom
properties:
custom:
properties:
apiServerCaConfigRef:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
apiServerUrl:
nullable: true
type: string
type: object
inferLocal:
type: boolean
type: object
type: object
install:
nullable: true
oneOf:
- required:
- followLatest
- required:
- version
properties:
followLatest:
description: Follow the latest version of the chart on install
type: boolean
version:
description: Use specific version to install
type: string
type: object
type: object
status:
nullable: true
properties:
conditions:
description: conditions represents the observations of a Fleet addon
current state.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
installedVersion:
nullable: true
type: string
type: object
required:
- spec
title: FleetAddonConfigValidated
type: object
x-kubernetes-validations:
- rule: self.metadata.name == 'fleet-addon-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-leader-election-role
namespace: caapf-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-role
rules:
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- fleetaddonconfigs
- fleetaddonconfigs/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- get
- watch
- create
- patch
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- patch
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
- clusterctl.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusterclasses
verbs:
- get
- list
- watch
- patch
- apiGroups:
- fleet.cattle.io
resources:
- clusters
- clustergroups
- clusterregistrationtokens
- bundlenamespacemappings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- fleet.cattle.io
resources:
- bundlenamespacemappings
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: caapf-manager-role
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: caapf-helm-manager
labels:
cluster.x-k8s.io/fleet-addon-registration: "true"
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-controller-manager
namespace: caapf-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
spec:
containers:
- image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.11.0
imagePullPolicy: IfNotPresent
name: manager
ports:
- containerPort: 8443
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
- args:
- --helm-install
image: ghcr.io/rancher/cluster-api-addon-provider-fleet:v0.11.0
name: helm-manager
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: helm-kubeconfig
readOnly: true
serviceAccountName: caapf-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: helm-kubeconfig
secret:
secretName: caapf-helm-manager
metadata: |
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
- major: 0
minor: 11
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.11.0
namespace: rancher-turtles-system
labels:
provider-components: fleet

1038
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3-ipam.yaml
View File

File diff suppressed because it is too large Load Diff

3624
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

File diff suppressed because it is too large Load Diff

2844
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

File diff suppressed because it is too large Load Diff

4880
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

File diff suppressed because it is too large Load Diff

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +0,0 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.18.1
digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
generated: "2025-06-30T13:10:01.066923702Z"

27
rancher-turtles-chart/Chart.yaml
View File

@@ -1,27 +0,0 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.7_up0.24.3
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.7_up0.24.3-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
catalog.cattle.io/kube-version: '>= 1.31.4-0 < 1.34.0-0'
catalog.cattle.io/namespace: rancher-turtles-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.12.3-0 < 2.13.0-0'
catalog.cattle.io/release-name: rancher-turtles
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.24.3
description: Rancher Turtles is an extension to Rancher that brings full Cluster API
integration to Rancher.
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
keywords:
- rancher
- cluster-api
- capi
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.7+up0.24.3"

5
rancher-turtles-chart/README.md
View File

@@ -1,5 +0,0 @@
# Rancher Turtles Chart
This chart installs Rancher Turtles using Helm.
Checkout the [documentation](https://turtles.docs.rancher.com) for further information.

120
rancher-turtles-chart/RELEASE_NOTES.md
View File

@@ -1,120 +0,0 @@
## Highlights
* REPLACE ME
## Deprecation Warning
REPLACE ME: A couple sentences describing the deprecation, including links to docs.
* [GitHub issue #REPLACE ME](REPLACE ME)
## Changes since v0.24.2
## :chart_with_upwards_trend: Overview
- 67 new commits merged
- 1 bug fixed 🐛
## :bug: Bug Fixes
- Build-and-release: Fix: wrong github token value in core capi workflow (#1829)
## :seedling: Others
- Build-and-release: Append target branch to backport PR title (#1768)
:book: Additionally, there have been 2 contributions to our documentation and book. (#1865, #1870)
## :question: Sort these by hand
- Build-and-release: [main] fix: org value not set in release workflow (#1758)
- Build-and-release: Add backport automation GitHub workflow (#1754)
- Build-and-release: Chore(deps): Bump actions/upload-artifact from 4 to 5 (#1839)
- Build-and-release: Chore(deps): Bump github/codeql-action from 3 to 4 (#1815)
- Build-and-release: Chore(deps): Bump rancher/aws-janitor from 0.2.0 to 0.3.0 (#1743)
- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.15 to 0.0.16 (#1833)
- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.16 to 0.0.18 (#1840)
- Build-and-release: Chore(deps): Bump rancherlabs/slsactl from 0.0.18 to 0.1.1 (#1856)
- Build-and-release: Chore(deps): Bump sigstore/cosign-installer from 3.10.0 to 4.0.0 (#1834)
- Build-and-release: Ci: Add attestation (#1730)
- Build-and-release: Ci: Add new release workflow (#1721)
- Build-and-release: CI: Fix release workflow (#1729)
- Build-and-release: Ci: Use digests instead of tags when signing images (#1728)
- Build-and-release: Cleanup release workflow and build action (#1755)
- Build-and-release: Docs: Add document for new release process (#1761)
- Build-and-release: Feat: adapt chart to use system default registry (#1711)
- Build-and-release: Fix secret path for backport automation (#1757)
- Build-and-release: Fix: Bump Go version to 1.24.9 (#1838)
- Build-and-release: Fix: update nested imageVersion in values.yaml (#1747)
- Build-and-release: Use bash in release-against-rancher.sh for pushd/popd support (#1760)
- Build-and-release: Use proper path for backport secrets (#1765)
- Caprke2: Providers: update CAPRKE2 to v0.21.1 (#1869)
- Certificates: [feat] cert-manager to wrangler conversion (#1794)
- Chart: Bump rancher-version in chart.yaml (#1785)
- Chart: Chore: Drop CAPRKE2 and CAAPF templates from rancher-turtles chart (#1789)
- Chart: Correct Providers release-name (#1813)
- Chart: Fix: Change `capi-system` namespace to `cattle-capi-system` (#1837)
- Chart: Fix: Change Turtles namespace to `cattle-turtles-system` (#1818)
- Chart: Fix: Set `securityContext` field to Turtles controller and hooks manifests (#1850)
- Chart: Remove Extension mentions from chart (#1871)
- Chart: Set kube-version to actual version in Chart.yaml (#1722)
- CI: Bump e2e to k8s 1.34 (#1872)
- CI: Feat: Install Turtles as system chart in dev-env (#1836)
- CI: Fix gitea ingress template (#1860)
- CI: Use Rancher v2.13 for e2e (#1843)
- CI: Wait for rancher-webhook before installing providers (#1846)
- CI: Wait for rancher-webhook when testing charts (#1853)
- Dependency: Bump kubernetes version to v1.32.x series (#1787)
- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 in /test in the testing-dependencies group (#1801)
- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.25.3 to 2.26.0 in the testing-dependencies group (#1802)
- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.1 in /test in the testing-dependencies group (#1842)
- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.26.0 to 2.27.1 in the testing-dependencies group (#1841)
- Dependency: Chore(deps): Bump github.com/onsi/ginkgo/v2 from 2.27.1 to 2.27.2 in the testing-dependencies group (#1857)
- Dependency: Chore(deps): Bump golang.org/x/text from 0.29.0 to 0.30.0 in the other-dependencies group (#1814)
- Dependency: Chore(deps): Bump sigs.k8s.io/kind from 0.29.0 to 0.30.0 in /test in the other-dependencies group across 1 directory (#1751)
- Fleet: Chart: enable optional fetchConfig for fleet provider (#1734)
- Installation: Add cluster indexed label to all CRDs (#1749)
- Installation: Add helm policy keep to installed providers (#1725)
- Installation: Chore cleanup turtles chart provider refs (#1821)
- Installation: Feat: add fetch capi manifest workflow for air gapped (#1805)
- Installation: Feat: remove embedded capi (#1793)
- Installation: Revert "Enable no-cert-manager by default" (#1792)
- Installation: Standratize helm chart values with other system charts (#1769)
- MISSING_AREA: Add check for externalFleet annotation (#1868)
- MULTIPLE_AREAS[ClusterClass/Capa]: Add EKS ClusterClass example and e2e test (#1712)
- MULTIPLE_AREAS[Installation/Chart]: Enable no-cert-manager by default (#1784)
- MULTIPLE_AREAS[Testing/Capz]: Ci: bump k8s to 1.34 for Azure tests (#1863)
- Operator: [fix] Remove unnecessary finalizer wrapper from CAPIProvider (#1810)
- Operator: Remove clusterclass-operations from values.yaml (#1800)
- Operator: Remove day2 and clusterclass operations code (#1783)
- Testing: Add gitea helpers back to e2e setup (#1851)
- Testing: Fix: Drop CAPRKE2 from expected set of default deployments (#1798)
- Testing: Print error in artifacts collection instead of failing the suite (#1717)
## Dependencies
### Added
- github.com/gkampitakis/ciinfo: [v0.3.2](https://github.com/gkampitakis/ciinfo/tree/v0.3.2)
- github.com/gkampitakis/go-diff: [v1.3.2](https://github.com/gkampitakis/go-diff/tree/v1.3.2)
- github.com/gkampitakis/go-snaps: [v0.5.15](https://github.com/gkampitakis/go-snaps/tree/v0.5.15)
- github.com/goccy/go-yaml: [v1.18.0](https://github.com/goccy/go-yaml/tree/v1.18.0)
- github.com/joshdk/go-junit: [v1.0.0](https://github.com/joshdk/go-junit/tree/v1.0.0)
- github.com/maruel/natural: [v1.1.1](https://github.com/maruel/natural/tree/v1.1.1)
- github.com/mfridman/tparse: [v0.18.0](https://github.com/mfridman/tparse/tree/v0.18.0)
- github.com/tidwall/gjson: [v1.18.0](https://github.com/tidwall/gjson/tree/v1.18.0)
- github.com/tidwall/match: [v1.1.1](https://github.com/tidwall/match/tree/v1.1.1)
- github.com/tidwall/pretty: [v1.2.1](https://github.com/tidwall/pretty/tree/v1.2.1)
- github.com/tidwall/sjson: [v1.2.5](https://github.com/tidwall/sjson/tree/v1.2.5)
### Changed
- github.com/onsi/ginkgo/v2: [v2.25.3 → v2.27.2](https://github.com/onsi/ginkgo/compare/v2.25.3...v2.27.2)
- github.com/rogpeppe/go-internal: [v1.12.0 → v1.13.1](https://github.com/rogpeppe/go-internal/compare/v1.12.0...v1.13.1)
- golang.org/x/crypto: v0.41.0 → v0.42.0
- golang.org/x/mod: v0.27.0 → v0.28.0
- golang.org/x/net: v0.43.0 → v0.44.0
- golang.org/x/sys: v0.35.0 → v0.36.0
- golang.org/x/telemetry: 1a19826 → aef8a43
- golang.org/x/term: v0.34.0 → v0.35.0
- golang.org/x/text: v0.29.0 → v0.30.0
- golang.org/x/tools: v0.36.0 → v0.37.0
- sigs.k8s.io/cluster-api: v1.10.5 → v1.10.6
### Removed
- github.com/prashantv/gostub: [v1.1.0](https://github.com/prashantv/gostub/tree/v1.1.0)
_Thanks to all our contributors!_ 😊

17
rancher-turtles-chart/_service
View File

@@ -1,17 +0,0 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">values.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>
</services>

5
rancher-turtles-chart/app-readme.md
View File

@@ -1,5 +0,0 @@
# Rancher Turtles - The Cluster API Extension for Rancher
Rancher Turtles brings enhanced integration of Cluster API with Rancher.
For more information, including a getting started guide, see the [official documentation](https://turtles.docs.rancher.com).

55
rancher-turtles-chart/questions.yml
View File

@@ -1,55 +0,0 @@
namespace: rancher-turtles-system
questions:
- variable: rancherTurtles.features.default
default: "false"
description: "Customize install settings"
label: Customize install settings
type: boolean
show_subquestion_if: true
group: "Rancher Turtles Extra Settings"
subquestions:
- variable: turtlesUI.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually."
label: "Install CAPI UI (Experimental)"
- variable: rancherTurtles.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed."
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
- variable: cluster-api-operator.cluster-api.rke2.enabled
default: "true"
description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
type: boolean
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.no-cert-manager.enabled
default: false
description: "[ALPHA] If enabled Turtles will remove cert-manager."
type: boolean
label: Remove cert-manager
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.3/kubectl:1.32.4"
description: "Specify the image to use when running kubectl in jobs."
type: string
label: Kubectl Image
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.day2operations.enabled
label: "Enable Day 2 Operations functionality in Rancher Turtles"
description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore."
type: boolean
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled
label: "Enable ETCD Backup and Restore"
description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles."
type: boolean
group: "ETCD Backup and Restore Settings"
show_if: "rancherTurtles.features.day2operations.enabled"

85
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -1,85 +0,0 @@
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: fleet
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
"helm.sh/resource-policy": keep
spec:
enableAutomaticUpdate: true
type: addon
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'
{{- if or (index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector") }}
fetchConfig:
{{- if index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url" }}
url: {{ index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "url" }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector" }}
selector: {{ index .Values "cluster-api-operator" "cluster-api" "fleet" "addon" "fetchConfig" "selector" }}
{{- end }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
"helm.sh/resource-policy": keep
data:
manifests: |-
apiVersion: addons.cluster.x-k8s.io/v1alpha1
kind: FleetAddonConfig
metadata:
name: fleet-addon-config
spec:
config:
featureGates:
configMap:
ref:
kind: ConfigMap
apiVersion: v1
name: rancher-config
namespace: cattle-system
experimentalOciStorage: true
experimentalHelmOps: true
clusterClass:
patchResource: true
setOwnerReferences: true
cluster:
agentNamespace: cattle-fleet-system
applyClassGroup: true
patchResource: true
setOwnerReferences: true
hostNetwork: true
selector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
namespaceSelector:
matchLabels:
cluster-api.cattle.io/rancher-auto-import: "true"
matchExpressions:
- key: cluster-api.cattle.io/disable-fleet-auto-import
operator: DoesNotExist
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: cappf-controller-psa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: fleet-controller-psa
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: {{ .Values.rancherTurtles.namespace }}

19
rancher-turtles-chart/templates/azure-rbac.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: caprke2-azure-aggregated-role
labels:
cluster.x-k8s.io/aggregate-to-capz-manager: "true"
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- rke2configs
verbs:
- create
- update
- delete
- get
- list
- patch
- watch

66
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml
View File

@@ -1,66 +0,0 @@
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-2"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pre-upgrade-job-delete-clusterctl-configmap
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-2"
rules:
- apiGroups: [""]
resources:
- configmaps
verbs:
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pre-upgrade-job-clusterctl-configmap-cleanup
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-2"
subjects:
- kind: ServiceAccount
name: pre-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-upgrade-job-delete-clusterctl-configmap
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-clusterctl-configmap-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-1"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: pre-upgrade-job
containers:
- name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- configmap
- --namespace={{ .Values.rancherTurtles.namespace }}
- clusterctl-config
- --ignore-not-found=true
restartPolicy: Never
{{- end }}

5
rancher-turtles-chart/templates/clusterctl-config.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: clusterctl-config
namespace: '{{ .Values.rancherTurtles.namespace }}'

85
rancher-turtles-chart/templates/core-provider.yaml
View File

@@ -1,85 +0,0 @@
{{- if index .Values "cluster-api-operator" "cluster-api" "enabled" }}
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
name: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: cluster-api
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
spec:
name: cluster-api
type: core
enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "core" "enableAutomaticUpdate" }}
{{- if index .Values "cluster-api-operator" "cluster-api" "core" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "core" "version" }}
{{- end }}
additionalManifests:
name: capi-additional-rbac-roles
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
configSecret:
{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
{{ else }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
{{- end }}
{{- if or (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector") }}
fetchConfig:
{{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
url: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "url" }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
selector: {{ index .Values "cluster-api-operator" "cluster-api" "core" "fetchConfig" "selector" }}
{{- end }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
deployment:
containers:
- name: manager
imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "core" "imageUrl" }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: capi-additional-rbac-roles
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
data:
manifests: |-
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: provisioning-rke-cattle-io
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
rules:
- apiGroups: ["rke.cattle.io"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: provisioning-rke-machine-cattle-io
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
rules:
- apiGroups: ["rke-machine.cattle.io"]
resources: ["*"]
verbs: ["*"]
{{- end }}

88
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -1,88 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: rancher-turtles-controller-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
spec:
{{- if .Values.rancherTurtles.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.rancherTurtles.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- args:
- --leader-elect
- --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}},no-cert-manager={{ index .Values "rancherTurtles" "features" "no-cert-manager" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}
command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if (contains "sha256:" .Values.rancherTurtles.imageVersion) }}
image: '{{ .Values.rancherTurtles.image }}@{{ .Values.rancherTurtles.imageVersion }}'
{{- else }}
image: '{{ .Values.rancherTurtles.image }}:{{ .Values.rancherTurtles.imageVersion }}'
{{- end}}
imagePullPolicy: '{{ .Values.rancherTurtles.imagePullPolicy }}'
livenessProbe:
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 300Mi
requests:
cpu: 10m
memory: 128Mi
{{- with .Values.rancherTurtles.volumeMounts.manager }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
serviceAccountName: rancher-turtles-manager
terminationGracePeriodSeconds: 10
{{- with .Values.rancherTurtles.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane

117
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@@ -1,117 +0,0 @@
{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "metal3" "enabled") }}
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
{{- $ipamnamespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
"helm.sh/resource-policy": keep
name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
{{- end }}
{{- if not (lookup "v1" "Namespace" "" $ipamnamespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
"helm.sh/resource-policy": keep
name: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: ClusterctlConfig
metadata:
name: clusterctl-config
namespace: rancher-turtles-system
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
spec:
providers:
- name: metal3
url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.10.2/infrastructure-components.yaml"
type: InfrastructureProvider
- name: metal3ipam
url: "https://github.com/rancher-sandbox/ip-address-manager/releases/v1.10.2/ipam-components.yaml"
type: IPAMProvider
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: metal3
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
"helm.sh/resource-policy": keep
spec:
name: metal3
type: infrastructure
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "version" }}
{{- end }}
configSecret:
{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
{{ else }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
{{- end }}
{{- if or (index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector") }}
fetchConfig:
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url" }}
url: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "url" }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector" }}
selector: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "fetchConfig" "selector" }}
{{- end }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }}
deployment:
containers:
- name: manager
imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "imageUrl" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: metal3ipam
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "namespace" }}
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
"helm.sh/resource-policy": keep
spec:
name: metal3ipam
type: ipam
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "version" }}
{{- end }}
configSecret:
{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
{{ else }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
{{- end }}
{{- if or (index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector") }}
fetchConfig:
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url" }}
url: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "url" }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector" }}
selector: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "fetchConfig" "selector" }}
{{- end }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }}
deployment:
containers:
- name: manager
imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "ipam" "imageUrl" }}
{{- end }}
{{- end }}

13
rancher-turtles-chart/templates/operator-crds.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles/aggregate-to-manager: "true"
name: rancher-turtles-operator-admin
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- '*'

166
rancher-turtles-chart/templates/post-delete-job.yaml
View File

@@ -1,166 +0,0 @@
{{- if index .Values "cluster-api-operator" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: post-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: post-delete-job-delete-webhooks
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "1"
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: post-delete-job-webhook-cleanup
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "1"
subjects:
- kind: ServiceAccount
name: post-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: post-delete-job-delete-webhooks
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: cluster-api-operator-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "2"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io
- capi-mutating-webhook-configuration
- capi-kubeadm-bootstrap-mutating-webhook-configuration
- capi-kubeadm-control-plane-mutating-webhook-configuration
- rke2-bootstrap-mutating-webhook-configuration
- rke2-control-plane-mutating-webhook-configuration
- --ignore-not-found=true
restartPolicy: Never
---
apiVersion: batch/v1
kind: Job
metadata:
name: cluster-api-operator-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "2"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: post-delete-job
containers:
- name: cluster-api-operator-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- validatingwebhookconfigurations.admissionregistration.k8s.io
- capi-validating-webhook-configuration
- capi-kubeadm-bootstrap-validating-webhook-configuration
- capi-kubeadm-control-plane-validating-webhook-configuration
- rke2-bootstrap-validating-webhook-configuration
- rke2-control-plane-validating-webhook-configuration
- --ignore-not-found=true
restartPolicy: Never
---
apiVersion: batch/v1
kind: Job
metadata:
name: cluster-api-operator-deployment-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-delete
"helm.sh/hook-weight": "2"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: post-delete-job
restartPolicy: Never
containers:
- name: delete-capi-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- deployments.apps/capi-controller-manager
- -n
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true
- name: delete-capi-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- deployments.apps/capi-kubeadm-bootstrap-controller-manager
- -n
- capi-kubeadm-bootstrap-system
- --ignore-not-found=true
- name: delete-capi-kubeadm-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- deployments.apps/capi-kubeadm-control-plane-controller-manager
- -n
- capi-kubeadm-control-plane-system
- --ignore-not-found=true
- name: delete-rke2-kubeadm-bootstrap-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- deployments.apps/rke2-bootstrap-controller-manager
- -n
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
- --ignore-not-found=true
- name: delete-rke2-control-plane-controller-manager
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
command: ["kubectl"]
args:
- delete
- deployments.apps/rke2-control-plane-controller-manager
- -n
- {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
- --ignore-not-found=true
{{- end }}

124
rancher-turtles-chart/templates/post-upgrade-job.yaml
View File

@@ -1,124 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: post-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: post-upgrade-job-delete-capi-operator-resources
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
rules:
- apiGroups:
- operator.cluster.x-k8s.io
resources:
- addonproviders
- bootstrapproviders
- controlplaneproviders
- coreproviders
- infrastructureproviders
- ipamproviders
- runtimeextensionproviders
verbs:
- get
- watch
- list
- delete
- patch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: post-upgrade-job-capi-operator-resources-cleanup
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
subjects:
- kind: ServiceAccount
name: post-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: post-upgrade-job-delete-capi-operator-resources
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ConfigMap
metadata:
name: cluster-api-operator-resources-cleanup-script
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "1"
data:
cleanup.sh: |
#!/usr/bin/env bash
set -euo pipefail
remove_finalizers_and_delete() {
local resource_type="$1"
if kubectl get crd $resource_type > /dev/null 2>&1; then
kubectl get $resource_type --all-namespaces --no-headers --ignore-not-found | awk '{print $1 " " $2}' | xargs -r -n2 bash -c 'kubectl patch '"${resource_type}"' "$1" -n "$0" --type merge -p "{\"metadata\":{\"finalizers\":null}}"'
kubectl delete $resource_type --all --all-namespaces
else
echo "Resource type $resource_type does not exist, skipping cleanup."
fi
}
resource_types=(
"addonproviders.operator.cluster.x-k8s.io"
"bootstrapproviders.operator.cluster.x-k8s.io"
"controlplaneproviders.operator.cluster.x-k8s.io"
"coreproviders.operator.cluster.x-k8s.io"
"infrastructureproviders.operator.cluster.x-k8s.io"
"ipamproviders.operator.cluster.x-k8s.io"
"runtimeextensionproviders.operator.cluster.x-k8s.io"
)
for resource_type in "${resource_types[@]}"; do
remove_finalizers_and_delete "$resource_type"
done
---
apiVersion: batch/v1
kind: Job
metadata:
name: cluster-api-operator-resources-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": post-upgrade
"helm.sh/hook-weight": "2"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: post-upgrade-job
containers:
- name: cluster-api-operator-resources-cleanup
image: {{ index .Values "rancherTurtles" "shellImage" }}
command: ["/bin/bash"]
args:
- "-c"
- "/scripts/cleanup.sh"
volumeMounts:
- name: script
mountPath: /scripts
volumes:
- name: script
configMap:
name: cluster-api-operator-resources-cleanup-script
defaultMode: 0777
restartPolicy: Never
---

69
rancher-turtles-chart/templates/pre-delete-job.yaml
View File

@@ -1,69 +0,0 @@
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pre-delete-job-delete-capiproviders
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2"
rules:
- apiGroups:
- turtles-capi.cattle.io
resources:
- capiproviders
verbs:
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pre-delete-job-capiprovider-cleanup
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-2"
subjects:
- kind: ServiceAccount
name: pre-delete-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-delete-job-delete-capiproviders
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-capiprovider-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "-1"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: pre-delete-job
containers:
- name: rancher-capiprovider-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- capiprovider
- cluster-api
- -n
- {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
- --ignore-not-found=true
- --cascade=foreground
restartPolicy: Never
{{- end }}

101
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@@ -1,101 +0,0 @@
{{- if index .Values "rancherTurtles" "rancherInstalled"}}
---
apiVersion: management.cattle.io/v3
kind: Feature
metadata:
name: embedded-cluster-api
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
spec:
value: false
{{- end }}
{{- if index .Values "rancherTurtles" "rancherInstalled" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-install-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pre-install-job-delete-webhooks
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
rules:
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pre-install-job-webhook-cleanup
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "1"
subjects:
- kind: ServiceAccount
name: pre-install-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-install-job-delete-webhooks
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-mutatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-mutatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- mutatingwebhookconfigurations.admissionregistration.k8s.io
- mutating-webhook-configuration
- --ignore-not-found=true
restartPolicy: Never
---
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-validatingwebhook-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": pre-install
"helm.sh/hook-weight": "2"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: pre-install-job
containers:
- name: rancher-validatingwebhook-cleanup
image: {{ index .Values "rancherTurtles" "kubectlImage" }}
args:
- delete
- validatingwebhookconfigurations.admissionregistration.k8s.io
- validating-webhook-configuration
- --ignore-not-found=true
restartPolicy: Never
{{- end }}

3583
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

File diff suppressed because it is too large Load Diff

793
rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml
View File

@@ -1,793 +0,0 @@
{{- if index .Values "rancherTurtles" "features" "clusterclass-operations" "enabled" }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: clusterclass
name: clusterupgradegroups.rollout.turtles-capi.cattle.io
spec:
group: rollout.turtles-capi.cattle.io
names:
kind: ClusterUpgradeGroup
listKind: ClusterUpgradeGroupList
plural: clusterupgradegroups
singular: clusterupgradegroup
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterUpgradeGroup is the Schema for the clusterupgrades API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterUpgradeGroupSpec defines the desired state of ClusterUpgradeGroup
properties:
className:
type: string
rolloutStrategy:
description: |-
RolloutStrategy controls the rollout of bundles, by defining
partitions, canaries and percentages for cluster availability.
properties:
rollingUpdate:
description: |-
Rolling update config params. Present only if
RolloutStrategyType = RollingUpdate.
properties:
maxFailures:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of failed attempts before skipping the update for a given
cluster.
x-kubernetes-int-or-string: true
maxRollouts:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of clusters that can be in update state (non-active) during a
rolling update.
x-kubernetes-int-or-string: true
rolloutDelay:
anyOf:
- type: integer
- type: string
description: The delay between subsequent cluster rollouts.
x-kubernetes-int-or-string: true
type: object
type:
description: |-
Type of rollout.
Default is RollingUpdate.
type: string
type: object
targets:
description: Targets refer to the clusters that should be upgraded.
items:
properties:
clusterGroup:
description: ClusterGroup to match a specific cluster group
by name.
nullable: true
type: string
clusterGroupSelector:
description: ClusterGroupSelector is a selector to match cluster
groups.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: |-
ClusterName to match a specific cluster by name that will be
selected
nullable: true
type: string
clusterSelector:
description: |-
ClusterSelector is a selector to match clusters. The structure is
the standard metav1.LabelSelector format. If clusterGroupSelector or
clusterGroup is specified, clusterSelector will be used only to
further refine the selection after clusterGroupSelector and
clusterGroup is evaluated.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
doNotDeploy:
description: DoNotDeploy if set to true, will not deploy to
this target.
type: boolean
name:
description: |-
Name of target. This value is largely for display and logging. If
not specified a default name of the format "target000" will be used
type: string
type: object
type: array
required:
- className
type: object
status:
description: ClusterUpgradeGroupStatus defines the observed state of ClusterUpgradeGroup
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: clusterclass
name: clusterupgrades.rollout.turtles-capi.cattle.io
spec:
group: rollout.turtles-capi.cattle.io
names:
kind: ClusterUpgrade
listKind: ClusterUpgradeList
plural: clusterupgrades
singular: clusterupgrade
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterUpgrade is the Schema for the clusterupgrades API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterUpgradeSpec defines the desired state of ClusterUpgrade
properties:
className:
type: string
rolloutStrategy:
description: |-
RolloutStrategy controls the rollout of bundles, by defining
partitions, canaries and percentages for cluster availability.
properties:
autoPartitionSize:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of how to automatically partition clusters if no
specific partitioning strategy is configured.
default: 25%
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of clusters that can be unavailable during an update
of a bundle. This follows the same basic approach as a deployment rollout
strategy. Once the number of clusters meets unavailable state update will be
paused. Default value is 100% which doesn't take effect on update.
default: 100%
x-kubernetes-int-or-string: true
maxUnavailablePartitions:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of cluster partitions that can be unavailable during
an update of a bundle.
default: 0
x-kubernetes-int-or-string: true
partitions:
description: |-
A list of definitions of partitions. If any target clusters do not match
the configuration they are added to partitions at the end following the
autoPartitionSize.
items:
description: Partition defines a separate rollout strategy for
a set of clusters.
properties:
clusterGroup:
description: A cluster group name to include in this partition
type: string
clusterGroupSelector:
description: Selector matching cluster group labels to include
in this partition
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: ClusterName is the name of a cluster to include
in this partition
type: string
clusterSelector:
description: Selector matching cluster labels to include
in this partition
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of clusters that can be unavailable in this
partition before this partition is treated as done.
default: 10%
x-kubernetes-int-or-string: true
name:
description: A user-friendly name given to the partition
used for Display (optional).
type: string
type: object
type: array
type: object
targets:
description: Targets refer to the clusters that should be upgraded.
items:
properties:
clusterGroup:
description: ClusterGroup to match a specific cluster group
by name.
nullable: true
type: string
clusterGroupSelector:
description: ClusterGroupSelector is a selector to match cluster
groups.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: |-
ClusterName to match a specific cluster by name that will be
selected
nullable: true
type: string
clusterSelector:
description: |-
ClusterSelector is a selector to match clusters. The structure is
the standard metav1.LabelSelector format. If clusterGroupSelector or
clusterGroup is specified, clusterSelector will be used only to
further refine the selection after clusterGroupSelector and
clusterGroup is evaluated.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
doNotDeploy:
description: DoNotDeploy if set to true, will not deploy to
this target.
type: boolean
name:
description: |-
Name of target. This value is largely for display and logging. If
not specified a default name of the format "target000" will be used
type: string
type: object
type: array
required:
- className
type: object
status:
description: ClusterUpgradeStatus defines the observed state of ClusterUpgrade
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-leader-election-role
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rancher-turtles/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager-role
rules:
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
- clusters
- clusters/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroups/status
verbs:
- get
- patch
- update
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroupss/finalizers
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-leader-election-rolebinding
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-clusterclass-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-clusterclass-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-controller-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
spec:
containers:
- args:
- --leader-elect
command:
- ./turtles-clusterclass-operations
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- $imageVersion := index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" -}}
{{- if contains "sha256:" $imageVersion }}
image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}@{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
{{- else }}
image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}:{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
{{- end }}
imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imagePullPolicy" }}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
serviceAccountName: rancher-turtles-clusterclass-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
{{- end }}

666
rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml
View File

@@ -1,666 +0,0 @@
{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: day2-operations
name: etcdmachinesnapshots.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: ETCDMachineSnapshot
listKind: ETCDMachineSnapshotList
plural: etcdmachinesnapshots
singular: etcdmachinesnapshot
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot
properties:
clusterName:
type: string
location:
type: string
machineName:
type: string
required:
- clusterName
type: object
x-kubernetes-validations:
- message: ETCD snapshot location can't be empty.
rule: size(self.clusterName)>0
status:
default: {}
description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
properties:
error:
type: string
phase:
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string
s3Snapshots:
items:
properties:
creationTime:
description: CreationTime is the timestamp when the snapshot
was taken by etcd.
format: date-time
type: string
location:
type: string
name:
type: string
required:
- location
- name
type: object
type: array
snapshotFileName:
type: string
snapshots:
items:
properties:
creationTime:
description: CreationTime is the timestamp when the snapshot
was taken by etcd.
format: date-time
type: string
location:
type: string
machineName:
type: string
name:
type: string
required:
- location
- machineName
- name
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: day2-operations
name: etcdsnapshotrestores.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: ETCDSnapshotRestore
listKind: ETCDSnapshotRestoreList
plural: etcdsnapshotrestores
singular: etcdsnapshotrestore
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
properties:
clusterName:
type: string
etcdMachineSnapshotName:
type: string
required:
- clusterName
- etcdMachineSnapshotName
type: object
x-kubernetes-validations:
- message: Cluster Name can't be empty.
rule: size(self.clusterName)>0
- message: ETCD machine snapshot name can't be empty.
rule: size(self.etcdMachineSnapshotName)>0
status:
default: {}
description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
properties:
conditions:
description: Conditions provide observations of the operational state
of a Cluster API resource.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This field may be empty.
maxLength: 10240
minLength: 1
type: string
reason:
description: |-
reason is the reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may be empty.
maxLength: 256
minLength: 1
type: string
severity:
description: |-
severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
maxLength: 32
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
maxLength: 256
minLength: 1
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
phase:
default: Pending
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: day2-operations
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: RKE2EtcdMachineSnapshotConfig
listKind: RKE2EtcdMachineSnapshotConfigList
plural: rke2etcdmachinesnapshotconfigs
singular: rke2etcdmachinesnapshotconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state
of RKE2EtcdMachineSnapshotConfig
properties:
local:
properties:
dataDir:
type: string
required:
- dataDir
type: object
s3:
properties:
bucket:
type: string
endpoint:
type: string
endpointCAsecret:
type: string
folder:
type: string
insecure:
type: boolean
region:
type: string
s3CredentialSecret:
type: string
skipSSLVerify:
type: boolean
type: object
required:
- local
- s3
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-leader-election-role
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rancher-turtles-exp/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles-exp/aggregate-to-manager: "true"
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- get
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- rke2configs
- rke2configs/finalizers
- rke2configs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
- machines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- management.cattle.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots
- etcdsnapshotrestores
- rke2etcdmachinesnapshotconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
- etcdsnapshotrestores/finalizers
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
- etcdsnapshotrestores/status
- rke2etcdmachinesnapshotconfigs/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-leader-election-rolebinding
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-day2-operations-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-day2-operations-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-day2-operations-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-day2-operations-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: v1
kind: Service
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
turtles-capi.cattle.io: day2-operations
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-serving-cert
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
dnsNames:
- rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
- rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
issuerRef:
kind: Issuer
name: rancher-turtles-day2-operations-selfsigned-issuer
secretName: rancher-turtles-day2-operations-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-selfsigned-issuer
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
name: systemagentrke2config.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configs
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
labels:
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
failurePolicy: Fail
matchPolicy: Equivalent
name: etcdmachinesnapshot.kb.io
rules:
- apiGroups:
- turtles-capi.cattle.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- etcdmachinesnapshots
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
failurePolicy: Fail
matchPolicy: Equivalent
name: etcdsnapshotrestore.kb.io
rules:
- apiGroups:
- turtles-capi.cattle.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- etcdsnapshotrestores
sideEffects: None
{{- end }}

106
rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml
View File

@@ -1,106 +0,0 @@
{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-controller-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
spec:
containers:
- args:
- --leader-elect
- --feature-gates=etcd-backup-restore={{ .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
command:
- ./turtles-day2-operations
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if (contains "sha256:" .Values.rancherTurtles.features.day2operations.imageVersion) }}
image: '{{ .Values.rancherTurtles.features.day2operations.image }}@{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
{{- else }}
image: '{{ .Values.rancherTurtles.features.day2operations.image }}:{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
{{- end }}
imagePullPolicy: '{{ .Values.rancherTurtles.features.day2operations.imagePullPolicy }}'
livenessProbe:
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
{{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
{{- end }}
serviceAccountName: rancher-turtles-day2-operations-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
{{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
- name: cert
secret:
secretName: rancher-turtles-day2-operations-webhook-service-cert
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
{{- end }}

52
rancher-turtles-chart/templates/rke2-bootstrap.yaml
View File

@@ -1,52 +0,0 @@
{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }}
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
"helm.sh/resource-policy": keep
name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: rke2-bootstrap
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
"helm.sh/resource-policy": keep
spec:
name: rke2
type: bootstrap
enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }}
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
{{- end }}
configSecret:
{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
{{ else }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
{{- end }}
{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector") }}
fetchConfig:
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }}
url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "url" }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }}
selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "fetchConfig" "selector" }}
{{- end }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }}
deployment:
containers:
- name: manager
imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "imageUrl" }}
{{- end }}
{{- end }}

52
rancher-turtles-chart/templates/rke2-controlplane.yaml
View File

@@ -1,52 +0,0 @@
{{- if and (index .Values "cluster-api-operator" "cluster-api" "enabled") (index .Values "cluster-api-operator" "cluster-api" "rke2" "enabled") }}
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "1"
"helm.sh/resource-policy": keep
name: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider
metadata:
name: rke2-control-plane
namespace: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "namespace" }}
annotations:
"helm.sh/hook": "post-install, post-upgrade"
"helm.sh/hook-weight": "2"
"helm.sh/resource-policy": keep
spec:
name: rke2
type: controlPlane
enableAutomaticUpdate: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "enableAutomaticUpdate" }}
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
{{- end }}
configSecret:
{{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}
{{ else }}
name: {{ index .Values "cluster-api-operator" "cluster-api" "configSecret" "defaultName" }}
{{- end }}
{{- if or (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url") (index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector") }}
fetchConfig:
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }}
url: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "url" }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }}
selector: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "fetchConfig" "selector" }}
{{- end }}
{{- end }}
{{- if index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }}
deployment:
containers:
- name: manager
imageUrl: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "controlPlane" "imageUrl" }}
{{- end }}
{{- end }}

16
rancher-turtles-chart/templates/ui-plugin.yaml
View File

@@ -1,16 +0,0 @@
{{- if and (index .Values "turtlesUI" "enabled") (index .Values "rancherTurtles" "rancherInstalled") }}
apiVersion: catalog.cattle.io/v1
kind: UIPlugin
metadata:
name: capi
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
plugin:
endpoint: https://raw.githubusercontent.com/rancher/capi-ui-extension/gh-pages/extensions/capi/{{ index .Values "turtlesUI" "version" | toString }}
name: capi
version: {{ index .Values "turtlesUI" "version" }}
metadata:
catalog.cattle.io/display-name: CAPI UI
catalog.cattle.io/experimental: "true"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
{{- end }}

332
rancher-turtles-chart/values.schema.json
View File

@@ -1,332 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Helm Chart Values Schema",
"type": "object",
"properties": {
"turtlesUI": {
"type": "object",
"description": "Manages the UI component.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn UI on or off."
},
"version": {
"type": "string",
"default": "0.8.2",
"description": "UI version to use."
}
}
},
"rancherTurtles": {
"type": "object",
"description": "Sets up the cluster management controller.",
"properties": {
"image": {
"type": "string",
"default": "controller",
"description": "Controller container image."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"namespace": {
"type": "string",
"default": "rancher-turtles-system",
"description": "Namespace for Turtles to run."
},
"managerArguments": {
"type": "array",
"default": [],
"description": "Extra args for the controller.",
"items": { "type": "string" }
},
"imagePullSecrets": {
"type": "array",
"default": [],
"description": "Secrets for private registries.",
"items": { "type": "string" }
},
"rancherInstalled": {
"type": "boolean",
"default": true,
"description": "True if Rancher is already installed in the cluster."
},
"kubectlImage": {
"type": "string",
"default": "registry.k8s.io/kubernetes/kubectl:v1.31.4",
"description": "Image for kubectl tasks."
},
"features": {
"type": "object",
"description": "Optional and experimental features.",
"properties": {
"day2operations": {
"type": "object",
"description": "Alpha feature.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for day-2 ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"etcdBackupRestore": {
"type": "object",
"description": "Manages etcd backup/restore.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on (true) or off (false)."
}
}
}
}
},
"addon-provider-fleet": {
"type": "object",
"description": "Beta feature for fleet addons.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
}
}
},
"agent-tls-mode": {
"type": "object",
"description": "Alpha feature for agent TLS.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"clusterclass-operations": {
"type": "object",
"description": "Alpha feature. Not ready for testing yet.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for cluster class ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Pull policy."
}
}
}
}
},
"volumes": {
"type": "array",
"description": "Volumes for controller pods.",
"items": {
"type": "object",
"required": [
"name",
"configMap"
],
"properties": {
"name": {
"type": "string"
},
"configMap": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "clusterctl-config",
"description": "ConfigMap for clusterctl."
}
}
}
}
}
},
"volumeMounts": {
"type": "object",
"properties": {
"manager": {
"type": "array",
"description": "Mount volumes to pods.",
"items": {
"type": "object",
"properties": {
"mountPath": { "type": "string" },
"name": { "type": "string" },
"readOnly": {
"type": "boolean",
"default": true,
"description": "Mount as read-only."
}
}
}
}
}
}
}
},
"cluster-api-operator": {
"type": "object",
"description": "Manages Cluster API components.",
"properties": {
"cleanup": {
"type": "boolean",
"default": true,
"description": "Enable cleanup tasks."
},
"cluster-api": {
"type": "object",
"description": "Cluster API component settings.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"configSecret": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "",
"description": "Custom secret name (if overriding)."
},
"defaultName": {
"type": "string",
"default": "capi-env-variables",
"description": "Default secret name."
}
}
},
"core": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "capi-system",
"description": "Core component namespace."
},
"imageUrl": {
"type": "string",
"default": "",
"description": "Custom image URL."
},
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
},
"enableAutomaticUpdates": {
"type": "boolean",
"default": true,
"description": "Allow the provider to update automatically when a new Turtles version is installed."
},
"version": {
"type": "string",
"default": "",
"description": "CAPI core provider version."
}
}
},
"rke2": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"version": {
"type": "string",
"default": "",
"description": "RKE2 version."
},
"enableAutomaticUpdates": {
"type": "boolean",
"default": true,
"description": "Allow the provider to update automatically when a new Turtles version is installed."
},
"bootstrap": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-bootstrap-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"controlPlane": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-control-plane-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
}
}
}
}
}
}
}
}
}

154
rancher-turtles-chart/values.yaml
View File

@@ -1,154 +0,0 @@
# turtlesUI: Manages the UI component.
turtlesUI:
# enabled: Turn UI on or off.
enabled: false
# version: UI version to use.
version: 0.8.2
# rancherTurtles: Sets up the cluster management controller.
rancherTurtles:
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.24.3
imageVersion: v0.24.3
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# namespace: Select namespace for Turtles to run.
namespace: rancher-turtles-system
# managerArguments: Extra args for the controller.
managerArguments: []
# imagePullSecrets: Secrets for private registries.
imagePullSecrets: []
# rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
rancherInstalled: false
# kubectlImage: Image for kubectl tasks.
kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.34.2"
# shellImage: Image for shell tasks.
shellImage: registry.rancher.com/rancher/kuberlr-kubectl:v5.0.0
# features: Optional and experimental features.
features:
# day2operations: Alpha feature.
day2operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.24.3
imageVersion: v0.24.3
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
etcdBackupRestore:
# enabled: Turn on (true) or off (false).
enabled: false
# agent-tls-mode: Beta feature for agent TLS.
agent-tls-mode:
# enabled: Turn on or off.
enabled: true
# no-cert-manager: Alpha feature for cert-manager removal.
no-cert-manager:
# enabled: Turn on or off.
enabled: false
# clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
clusterclass-operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.24.3
imageVersion: v0.24.3
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# volumes: Volumes for controller pods.
volumes:
- name: clusterctl-config
configMap:
name: clusterctl-config
# volumeMounts: Volume mounts for controller pods.
volumeMounts:
manager:
- mountPath: /config
name: clusterctl-config
# cluster-api-operator: Manages Cluster API components.
cluster-api-operator:
# cleanup: Enable cleanup tasks.
cleanup: true
# cluster-api: Cluster API component settings.
cluster-api:
# enabled: Turn on or off.
enabled: true
# configSecret: Secret for Cluster API config.
configSecret:
# name: Custom secret name (if overriding).
name: ""
# defaultName: Default secret name.
defaultName: capi-env-variables
# core: Core Cluster API settings.
core:
# namespace: Core component namespace.
namespace: capi-system
# version: Core ClusterAPI version.
version: ""
# enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed.
enableAutomaticUpdate: true
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# rke2: RKE2 provider settings.
rke2:
# enabled: Turn on or off.
enabled: true
# version: RKE2 version.
version: ""
# enableAutomaticUpdate: Allow the provider to update automatically when a new Turtles version is installed.
enableAutomaticUpdate: true
# bootstrap: RKE2 bootstrap provider.
bootstrap:
# namespace: Bootstrap namespace.
namespace: rke2-bootstrap-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# controlPlane: RKE2 control plane provider.
controlPlane:
# namespace: Control plane namespace.
namespace: rke2-control-plane-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
metal3:
enabled: true
version: "v1.10.2"
infrastructure:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2"
fetchConfig:
url: ""
selector: ""
ipam:
namespace: metal3-ipam-system
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.10.2"
fetchConfig:
url: ""
selector: ""
fleet:
addon:
fetchConfig:
url: ""
selector: ""

8
rancher-turtles-providers-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.3_up0.0.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.3_up0.0.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.4_up0.25.1
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-providers:%%CHART_MAJOR%%.0.4_up0.25.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles Providers for SUSE Edge
@@ -10,7 +10,7 @@ annotations:
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.0.0
appVersion: 0.25.1
description: This chart installs the Rancher Turtles providers for SUSE Edge.
home: https://turtles.docs.rancher.com/turtles/stable/en/overview/certified.html
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
@@ -21,4 +21,4 @@ keywords:
- provisioning
- provider
name: rancher-turtles-providers
version: "%%CHART_MAJOR%%.0.3+up0.0.0"
version: "%%CHART_MAJOR%%.0.4+up0.25.1"

3
rancher-turtles-providers-chart/templates/addon-fleet.yaml
View File

@@ -1,9 +1,12 @@
{{- if index .Values "providers" "addonFleet" "enabled" }}
{{- $namespace := index .Values "providers" "addonFleet" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ index .Values "providers" "addonFleet" "namespace" }}
{{- end }}
---
apiVersion: v1
kind: ConfigMap

3
rancher-turtles-providers-chart/templates/bootstrap-rke2.yaml
View File

@@ -1,9 +1,12 @@
{{- if index .Values "providers" "bootstrapRKE2" "enabled" }}
{{- $namespace := index .Values "providers" "bootstrapRKE2" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ index .Values "providers" "bootstrapRKE2" "namespace" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider

3
rancher-turtles-providers-chart/templates/controlplane-rke2.yaml
View File

@@ -1,9 +1,12 @@
{{- if index .Values "providers" "controlplaneRKE2" "enabled" }}
{{- $namespace := index .Values "providers" "controlplaneRKE2" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }}
---
apiVersion: v1
kind: Namespace
metadata:
name: {{ index .Values "providers" "controlplaneRKE2" "namespace" }}
{{- end }}
---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: CAPIProvider

100
release-manifest-image/release_images.yaml
View File

@@ -1,66 +1,68 @@
images:
- name: quay.io/jetstack/cert-manager-cainjector:v1.18.2
- name: quay.io/jetstack/cert-manager-cainjector:v1.18.2
- name: quay.io/jetstack/cert-manager-controller:v1.18.2
- name: quay.io/jetstack/cert-manager-webhook:v1.18.2
- name: registry.k8s.io/e2e-test-images/agnhost:2.39
- name: %%IMG_REPO%%/%%IMG_PREFIX%%akri-agent:v0.12.20
- name: %%IMG_REPO%%/%%IMG_PREFIX%%akri-controller:v0.12.20
- name: %%IMG_REPO%%/%%IMG_PREFIX%%akri-webhook-configuration:v0.12.20
- name: %%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:0.11.2.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator:0.3.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.3.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.10
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ironic:32.0.0.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller:v0.15.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker:v0.15.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%ib-sriov-cni:v1.3.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%network-resources-injector:v1.8.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%node-feature-discovery:v0.18.2
- name: registry.rancher.com/rancher/fleet-agent:v0.13.1
- name: registry.rancher.com/rancher/fleet:v0.13.1
- name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20250611
- name: registry.rancher.com/rancher/hardened-cni-plugins:v1.7.1-build20250611
- name: registry.rancher.com/rancher/hardened-coredns:v1.12.2-build20250611
- name: registry.rancher.com/rancher/hardened-etcd:v3.5.21-k3s1-build20250612
- name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20250704
- name: registry.rancher.com/rancher/hardened-kubernetes:v1.33.3-rke2r1-build20250716
- name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.1-build20250627
- name: registry.rancher.com/rancher/hardened-node-feature-discovery:v0.15.7-build20250425
- name: registry.rancher.com/rancher/klipper-helm:v0.9.8-build20250709
- name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.17.6
- name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.17.6
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-attacher:v4.9.0-20250709
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-node-driver-registrar:v2.14.0-20250709
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-provisioner:v5.3.0-20250709
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-resizer:v1.14.0-20250709
- name: registry.rancher.com/rancher/mirrored-longhornio-csi-snapshotter:v8.3.0-20250709
- name: registry.rancher.com/rancher/mirrored-longhornio-livenessprobe:v2.16.0-20250709
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-engine:v1.9.2
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-instance-manager:v1.9.2
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-manager:v1.9.2
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-share-manager:v1.9.2
- name: registry.rancher.com/rancher/mirrored-longhornio-longhorn-ui:v1.9.2
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-cni:v2.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-config-daemon:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-device-plugin:v3.10.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-manager:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%sriov-network-webhook:v1.6.0
- name: %%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.2
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-attacher:4.10.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-provisioner:5.3.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-resizer:1.14.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-external-snapshotter:8.4.0-8.9
- name: dp.apps.rancher.io/containers/kubernetes-csi-livenessprobe:2.17.0-8.8
- name: dp.apps.rancher.io/containers/kubernetes-csi-node-driver-registrar:2.15.0-8.8
- name: dp.apps.rancher.io/containers/longhorn-engine:1.10.1-1.16
- name: dp.apps.rancher.io/containers/longhorn-instance-manager:1.10.1-1.17
- name: dp.apps.rancher.io/containers/longhorn-manager:1.10.1-1.9
- name: dp.apps.rancher.io/containers/longhorn-share-manager:1.10.1-1.8
- name: dp.apps.rancher.io/containers/longhorn-ui:1.10.1-1.8
- name: quay.io/jetstack/cert-manager-cainjector:v1.19.2
- name: quay.io/jetstack/cert-manager-controller:v1.19.2
- name: quay.io/jetstack/cert-manager-webhook:v1.19.2
- name: registry.k8s.io/e2e-test-images/agnhost:2.39
- name: registry.rancher.com/rancher/cluster-api-controller:v1.10.6
- name: registry.rancher.com/rancher/fleet-agent:v0.14.1
- name: registry.rancher.com/rancher/fleet:v0.14.1
- name: registry.rancher.com/rancher/hardened-cluster-autoscaler:v1.10.2-build20251015
- name: registry.rancher.com/rancher/hardened-cni-plugins:v1.8.0-build20251014
- name: registry.rancher.com/rancher/hardened-coredns:v1.13.1-build20251015
- name: registry.rancher.com/rancher/hardened-etcd:v3.6.5-k3s1-build20251017
- name: registry.rancher.com/rancher/hardened-k8s-metrics-server:v0.8.0-build20251015
- name: registry.rancher.com/rancher/hardened-kubernetes:v1.34.2-rke2r1-build20251112
- name: registry.rancher.com/rancher/hardened-multus-cni:v4.2.3-build20251031
- name: registry.rancher.com/rancher/ip-address-manager:v1.10.4
- name: registry.rancher.com/rancher/klipper-helm:v0.9.10-build20251111
- name: registry.rancher.com/rancher/mirrored-cilium-cilium:v1.18.3
- name: registry.rancher.com/rancher/mirrored-cilium-operator-generic:v1.18.3
- name: registry.rancher.com/rancher/mirrored-sig-storage-snapshot-controller:v8.2.0
- name: registry.rancher.com/rancher/neuvector-compliance-config:1.0.9
- name: registry.rancher.com/rancher/neuvector-controller:5.4.8
- name: registry.rancher.com/rancher/neuvector-enforcer:5.4.8
- name: registry.rancher.com/rancher/nginx-ingress-controller:v1.12.4-hardened2
- name: registry.rancher.com/rancher/rancher-webhook:v0.8.1
- name: registry.rancher.com/rancher/rancher/turtles:v0.24.3
- name: registry.rancher.com/rancher/nginx-ingress-controller:v1.13.4-hardened1
- name: registry.rancher.com/rancher/rancher-webhook:v0.9.1
- name: registry.rancher.com/rancher/rancher:v2.13.1
- name: registry.rancher.com/rancher/rke2-cloud-provider:v1.33.1-0.20250516163953-99d91538b132-build20250612
- name: registry.rancher.com/rancher/scc-operator:v0.1.1
- name: registry.rancher.com/rancher/system-upgrade-controller:v0.16.0
- name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.11.0
- name: registry.suse.com/rancher/cluster-api-controller:v1.10.5
- name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.2
- name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.20.1
- name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.20.1
- name: registry.suse.com/rancher/elemental-operator:1.7.3
- name: registry.suse.com/rancher/ip-address-manager:v1.10.2
- name: registry.rancher.com/rancher/rke2-cloud-provider:v1.34.2-0.20251010190833-cf0d35a732d1-build20251017
- name: registry.rancher.com/rancher/scc-operator:v0.3.1
- name: registry.rancher.com/rancher/shell:v0.6.1
- name: registry.rancher.com/rancher/system-upgrade-controller:v0.17.0
- name: registry.rancher.com/rancher/turtles:v0.25.1
- name: registry.suse.com/rancher/cluster-api-addon-provider-fleet:v0.12.0
- name: registry.suse.com/rancher/cluster-api-provider-metal3:v1.10.4
- name: registry.suse.com/rancher/cluster-api-provider-rke2-bootstrap:v0.21.1
- name: registry.suse.com/rancher/cluster-api-provider-rke2-controlplane:v0.21.1
- name: registry.suse.com/rancher/elemental-operator:1.8.0
- name: registry.suse.com/suse/sles/15.7/cdi-apiserver:1.62.0-150700.9.3.1
- name: registry.suse.com/suse/sles/15.7/cdi-controller:1.62.0-150700.9.3.1
- name: registry.suse.com/suse/sles/15.7/cdi-operator:1.62.0-150700.9.3.1

29
release-manifest-image/release_manifest.yaml
View File

@@ -92,14 +92,9 @@ spec:
enabled: false
- prettyName: Longhorn
releaseName: longhorn
chart: longhorn
version: 108.1.0+up1.9.2
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: longhorn-crd
chart: longhorn-crd
version: 108.1.0+up1.9.2
repository: https://charts.rancher.io
chart: suse-storage
version: 1.10.1
repository: oci://dp.apps.rancher.io/charts
- prettyName: MetalLB
releaseName: metallb
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metallb'
@@ -138,11 +133,11 @@ spec:
- prettyName: Elemental
releaseName: elemental-operator
chart: oci://registry.suse.com/rancher/elemental-operator-chart
version: 1.7.3
version: 1.8.0
dependencyCharts:
- releaseName: elemental-operator-crds
chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
version: 1.7.3
version: 1.8.0
addonCharts:
- releaseName: elemental
chart: elemental
@@ -168,16 +163,12 @@ spec:
releaseName: metal3
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
version: '%%CHART_MAJOR%%.0.21+up0.13.0'
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'
version: '%%CHART_MAJOR%%.0.7+up0.24.3'
- prettyName: RancherTurtlesAirgapResources
releaseName: rancher-turtles-airgap-resources
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources'
version: '%%CHART_MAJOR%%.0.7+up0.24.3'
- prettyName: RancherTurtlesProviders
releaseName: rancher-turtles-providers
chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-providers'
version: '%%CHART_MAJOR%%.0.4+up0.25.1'
- prettyName: CertManager
releaseName: cert-manager
chart: cert-manager
version: 1.18.2
version: 1.19.2
repository: https://charts.jetstack.io

51
sriov-network-operator/operator-webhook-load-renewed-certs.patch Normal file
View File

@@ -0,0 +1,51 @@
diff --git a/cmd/webhook/start.go b/cmd/webhook/start.go
index c66d6c8b..23eaf928 100644
--- a/cmd/webhook/start.go
+++ b/cmd/webhook/start.go
@@ -25,14 +25,12 @@ var (
enableHTTP2 bool
)
-var (
- startCmd = &cobra.Command{
- Use: "start",
- Short: "Starts Webhook Daemon",
- Long: "Starts Webhook Daemon",
- Run: runStartCmd,
- }
-)
+var startCmd = &cobra.Command{
+ Use: "start",
+ Short: "Starts Webhook Daemon",
+ Long: "Starts Webhook Daemon",
+ Run: runStartCmd,
+}
// admitv1Func handles a v1 admission
type admitv1Func func(v1.AdmissionReview) *v1.AdmissionResponse
@@ -190,10 +188,10 @@ func runStartCmd(cmd *cobra.Command, args []string) {
certUpdated := false
keyUpdated := false
- for {
- watcher.Add(certFile)
- watcher.Add(keyFile)
+ watcher.Add(certFile)
+ watcher.Add(keyFile)
+ for {
select {
case event, ok := <-watcher.Events:
if !ok {
@@ -206,9 +204,11 @@ func runStartCmd(cmd *cobra.Command, args []string) {
setupLog.Info("modified file", "name", event.Name)
if event.Name == certFile {
certUpdated = true
+ watcher.Add(certFile)
}
if event.Name == keyFile {
keyUpdated = true
+ watcher.Add(keyFile)
}
if keyUpdated && certUpdated {
if err := keyPair.Reload(); err != nil {

3
sriov-network-operator/sriov-network-operator.spec
View File

@@ -24,6 +24,9 @@ License: Apache-2.0
URL: https://github.com/k8snetworkplumbingwg/sriov-network-operator
Source: sriov-network-operator-%{version}.tar
Source1: vendor.tar.gz
# Patch1 below backports changes from PR#946 (https://github.com/k8snetworkplumbingwg/sriov-network-operator/pull/946);
# to be removed once bumping (>= v1.7.0 upstrean)
Patch1: operator-webhook-load-renewed-certs.patch
BuildRequires: golang(API) = 1.23
ExcludeArch: s390
ExcludeArch: %{ix86}

10
upgrade-controller-chart/Chart.yaml
View File

@@ -1,13 +1,13 @@
#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.1_up0.1.1
#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.1_up0.1.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.3_up0.1.3
#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.3_up0.1.3-%RELEASE%
apiVersion: v2
appVersion: 0.1.1
appVersion: 0.1.3
dependencies:
- condition: crds.enabled
name: lifecycle-crds
repository: file://./charts/lifecycle-crds
version: 0.1.1
version: 0.1.3
description: A Helm chart for Upgrade Controller
name: upgrade-controller
type: application
version: "%%CHART_MAJOR%%.0.1+up0.1.1"
version: "%%CHART_MAJOR%%.0.3+up0.1.3"

8
upgrade-controller-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.1
#!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.3
#!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.3-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -15,11 +15,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Edge Upgrade Controller Container Image"
LABEL org.opencontainers.image.description="Edge Update Controller Image based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="0.1.1"
LABEL org.opencontainers.image.version="0.1.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%upgrade-controller:0.1.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
upgrade-controller/_service
View File

@@ -1,10 +1,13 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/upgrade-controller.git</param>
<!-- Uncomment and set this for regular version -->
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v0.1.1</param>
<param name="revision">v0.1.3</param>
<!-- Uncomment and set this For Pre-Release Version -->
<!-- <param name="version">0.1.3~rc2</param> -->
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>

4
upgrade-controller/upgrade-controller.spec
View File

@@ -17,14 +17,14 @@
Name: upgrade-controller
Version: 0.1.1
Version: 0.1.3
Release: 0
Summary: Upgrade Controller
License: Apache-2.0
URL: https://github.com/suse-edge/upgrade-controller
Source: upgrade-controller-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) go1.22
BuildRequires: golang(API) go1.25
BuildRequires: golang-packaging
%description