dprodanov/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: dprodanov:3.3
Branches Tags
dprodanov:main dprodanov:kube-rbac-proxy-bump dprodanov:3.3 dprodanov:3.2 dprodanov:devel suse-edge:3.3 suse-edge:main suse-edge:dprodanov-patch-1 suse-edge:update-eib suse-edge:devel suse-edge:3.2
..
compare: suse-edge:devel
Branches Tags
suse-edge:3.3 suse-edge:main suse-edge:dprodanov-patch-1 suse-edge:update-eib suse-edge:devel suse-edge:3.2 dprodanov:main dprodanov:kube-rbac-proxy-bump dprodanov:3.3 dprodanov:3.2 dprodanov:devel

17 Commits
3.3 ... devel

Author SHA256 Message Date
Nicolas Belouin
b1dfe698ff Merge pull request 'update-devel' (#141) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#141
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-05-07 10:19:14 +02:00
Nicolas Belouin
9581e030ce Merge branch 'main' into update-devel 2025-05-06 16:04:05 +02:00
Nicolas Belouin
76036c2dd8 Merge pull request 'update-devel' (#81) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#81
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:37:18 +01:00
Nicolas Belouin
0c6db5d5cc Merge branch 'main' into devel 2025-02-25 14:32:32 +01:00
Nicolas Belouin
0b03d14cee Merge pull request 'Add a script to trigger refresh on packages that need one' (#79) from nbelouin/Factory:devel-trigger into devel 
Reviewed-on: suse-edge/Factory#79
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 13:10:39 +01:00
Nicolas Belouin
9f2dc045e9 Add a script to trigger refresh on packages that need one 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 11:35:43 +01:00
Denislav Prodanov
f90f614746 update eib image to use package version 2025-01-31 14:59:32 +02:00
Denislav Prodanov
35f06da226 Update edge-image-builder/_service 2025-01-29 09:52:25 +01:00
Denislav Prodanov
8dd6d7d9d7 Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:54:58 +01:00
Denislav Prodanov
f9c5a29a9f Update edge-image-builder/_service 2025-01-28 13:54:39 +01:00
Denislav Prodanov
1b83b54b58 Update edge-image-builder/_service 2025-01-28 13:47:41 +01:00
Denislav Prodanov
c6b64a252f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:43:23 +01:00
Denislav Prodanov
689c80ffcc Update edge-image-builder/_service 2025-01-28 13:39:56 +01:00
Denislav Prodanov
d8745fe060 Update edge-image-builder/_service 2025-01-28 13:35:25 +01:00
Denislav Prodanov
9e39bdcf7f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:30:15 +01:00
Denislav Prodanov
9e376ffb74 Update edge-image-builder/_service 2025-01-28 13:29:50 +01:00
Denislav Prodanov
0fc166ff06 Add _config 2025-01-28 11:37:52 +01:00
118 changed files with 2613 additions and 4445 deletions
Expand all files Collapse all files

23
.gitea/workflows/check_manifest.yaml
View File

@@ -1,23 +0,0 @@
name: Check Release Manifest Local Charts Versions
on:
pull_request:
branches-ignore:
- "devel"
jobs:
sync-pr-project:
name: "Check Release Manifest Local Charts Versions"
runs-on: tumbleweed
steps:
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: Setup dependencies
run: |
zypper in -y python3-PyYAML
- name: Check release manifest
run: |
python3 .obs/manifest-check.py

1
.gitignore vendored
View File

@@ -1,3 +1,4 @@
*/.osc
*/__pycache__
.venv/
.idea/

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:3.3"
PROJECT = "isv:SUSE:Edge:Factory:Devel"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "3.3"
BRANCH = "devel"

45
.obs/manifest-check.py
View File

@@ -1,45 +0,0 @@
#!/usr/bin/python3
import yaml
import sys
def get_chart_version(chart_name: str) -> str:
with open(f"./{chart_name}-chart/Chart.yaml") as f:
chart = yaml.safe_load(f)
return chart["version"]
def get_charts(chart):
if not chart["chart"].startswith("%%CHART_REPO%%"):
# Not a locally managed chart
return {}
chart_name = chart["chart"][len("%%CHART_REPO%%/%%CHART_PREFIX%%"):]
charts = { chart_name: chart["version"] }
for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
charts.update(get_charts(child_chart))
return charts
def get_charts_list():
with open("./release-manifest-image/release_manifest.yaml") as f:
manifest = yaml.safe_load(f)
charts = {}
for chart in manifest["spec"]["components"]["workloads"]["helm"]:
charts.update(get_charts(chart))
return charts
def main():
print("Checking charts versions in release manifest")
success = True
charts = get_charts_list()
for chart in charts:
expected_version = get_chart_version(chart)
if expected_version != charts[chart]:
success = False
print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
if not success:
sys.exit(1)
else:
print("All local charts in release manifest are using the right version")
if __name__ == "__main__":
main()

65
.obs/trigger_package.py Normal file
View File

@@ -0,0 +1,65 @@
import xml.etree.ElementTree as ET
import subprocess
from sync_packages import get_local_packages
from common import PROJECT
def get_service_repo(package):
with open(f"{package}/_service") as service:
root = ET.parse(service).getroot()
for service in root.findall("service"):
if service.get("mode") in ["manual", "disabled"]:
continue
if service.get("name") not in ["obs_scm", "tar_scm"]:
continue
ref = service.find("param[@name='revision']").text
repo = service.find("param[@name='url']").text
return (repo, ref)
return None
def get_remote_ref(project, package):
files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
for filename in files:
if filename.startswith("_service") and filename.endswith(".obsinfo"):
obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
for line in obsinfo:
if line.startswith("commit:"):
return line.split(':')[-1].strip()
def get_upstream_ref(repo, ref):
refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
refpath = ref.split('/')
best = None
for rref in refs:
value = rref.split('\t')
(sha, name) = (value[0].strip(), value[1].strip())
namepath = name.split('/')
if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
if name.endswith(ref) and best is None:
best = sha
if name.endswith("^{}"):
best = sha
return best
def trigger_service(project, package):
subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
def main():
packages = get_local_packages()
for package in packages:
try:
(repo, ref) = get_service_repo(package)
print(f"{package} uses {repo} at {ref}")
except: # Package is not using server side scm service
continue
remote_ref = get_remote_ref(PROJECT, package)
upstream_ref = get_upstream_ref(repo, ref)
if upstream_ref != remote_ref:
print(f"\t{package} needs a refresh")
print(f"\tOBS ref is {remote_ref}")
print(f"\tgit ref is {upstream_ref}")
trigger_service(PROJECT, package)
if __name__ == "__main__":
main()

12
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -10,13 +10,13 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 303.0.2+up1.3.1
appVersion: 303.0.1+up1.3.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.2+up1.3.1"
version: "%%CHART_MAJOR%%.0.1+up1.3.0"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

2
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.2+up1.3.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
akri-dashboard-extension-chart/values.yaml
View File

@@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

8
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.61.0
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
version: "%%CHART_MAJOR%%.0.0+up0.4.0"

18
cdi-chart/templates/cdi-operator.yaml
View File

@@ -606,7 +606,17 @@ spec:
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
@@ -640,7 +650,9 @@ spec:
name: metrics
protocol: TCP
resources:
{{- .Values.deployment.resources | toYaml | nindent 12 }}
requests:
cpu: 100m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -649,8 +661,6 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
securityContext:

18
cdi-chart/values.yaml
View File

@@ -1,5 +1,5 @@
deployment:
version: 1.61.0-150600.3.12.1
version: 1.60.1-150600.3.9.1
operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,22 +8,6 @@ deployment:
uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
pullPolicy: IfNotPresent
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 100m
memory: 150Mi
cdi:
config:

1
edge-build-checks/20-helm-images
View File

@@ -8,7 +8,6 @@ import pprint
AUTHORIZED_REPOS = [
"registry.suse.com/suse/sles/",
"registry.suse.com/rancher",
"registry.rancher.com",
]

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.2.0"
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@@ -1,5 +1,10 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%PACKAGE_VERSION%</param>
<param name="package">edge-image-builder</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

11
edge-image-builder/_service
View File

@@ -1,15 +1,12 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@_%h.%ad</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.2.0</param>
<!-- Uncomment and set this For Pre-Release Version -->
<!-- <param name="version">1.2.0~rc1</param> -->
<!-- Uncomment and this for regular version -->
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="revision">main</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">

2
edge-image-builder/edge-image-builder.spec
View File

@@ -17,7 +17,7 @@
Name: edge-image-builder
Version: 1.2.0
Version: 0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0

9
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,7 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.6
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -18,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

45
ironic-ipa-downloader-image/Dockerfile.aarch64
View File

@@ -1,45 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.6
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.6-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

45
ironic-ipa-downloader-image/Dockerfile.x86_64
View File

@@ -1,45 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.6
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.6-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

4
ironic-ipa-downloader-image/_multibuild
View File

@@ -1,4 +0,0 @@
<multibuild>
<flavor>x86_64</flavor>
<flavor>aarch64</flavor>
</multibuild>

2
ironic-ipa-downloader-image/_service
View File

@@ -2,8 +2,6 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile.aarch64</param>
<param name="file">Dockerfile.x86_64</param>
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>

4
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -26,15 +26,11 @@ if [ -z "${IPA_BASEURI}" ]; then
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
if [ -f /tmp/initrd-x86_64.zst ]; then
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
fi
# Use arm64 as destination for iPXE compatibility
if [ -f /tmp/initrd-aarch64.zst ]; then
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
fi
cp /tmp/images.sha256 /shared/images.sha256
else

44
ironic-ipa-ramdisk/config.sh
View File

@@ -13,6 +13,11 @@ echo "Configure image: [$kiwi_iname]..."
#------------------------------------------
baseSetupBuildDay
#======================================
# Mount system filesystems
#--------------------------------------
#baseMount
#==========================================
# remove unneded kernel files
#------------------------------------------
@@ -34,8 +39,12 @@ suseImportBuildKey
#--------------------------------------
baseInsertService openstack-ironic-python-agent
baseInsertService suse-ironic-image-setup
baseInsertService suse-network-setup
baseInsertService sshd
baseInsertService NetworkManager
#suseInsertService sshd
#suseInsertService openstack-ironic-python-agent
#suseInsertService suse-ironic-image-setup
echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
@@ -55,7 +64,42 @@ sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/l
#------------------------------------------
echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
#==========================================
# remove package docs and manuals
#------------------------------------------
#baseStripDocs
#baseStripMans
#baseStripInfos
#======================================
# only basic version of vim is
# installed; no syntax highlighting
#--------------------------------------
sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
#======================================
# Remove yast if not in use
#--------------------------------------
#suseRemoveYaST
#======================================
# Remove package manager
#--------------------------------------
#suseStripPackager
#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
#======================================
# Umount kernel filesystems
#--------------------------------------
#baseCleanMount
ln -s /sbin/init /init
#==========================================
# umount
#------------------------------------------
umount /proc >/dev/null 2>&1
exit 0

119
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -12,7 +12,6 @@
<locale>en_US</locale>
<packagemanager>zypper</packagemanager>
<rpm-check-signatures>false</rpm-check-signatures>
<rpm-excludedocs>true</rpm-excludedocs>
<timezone>UTC</timezone>
<version>1.0.0</version>
</preferences>
@@ -103,23 +102,62 @@
<package name="libxcb-render0"/>
<package name="libxcb-shm0"/>
<package name="libxcb1"/>
<package name="kernel-firmware-amdgpu"/>
<package name="kernel-firmware-ath10k"/>
<package name="kernel-firmware-ath11k"/>
<package name="kernel-firmware-ath12k"/>
<package name="kernel-firmware-atheros"/>
<package name="kernel-firmware-bluetooth"/>
<package name="kernel-firmware-brcm"/>
<package name="kernel-firmware-i915"/>
<package name="kernel-firmware-iwlwifi"/>
<package name="kernel-firmware-media"/>
<package name="kernel-firmware-nvidia"/>
<package name="kernel-firmware-qcom"/>
<package name="kernel-firmware-radeon"/>
<package name="kernel-firmware-realtek"/>
<package name="kernel-firmware-sound"/>
<package name="kernel-firmware-ti"/>
<package name="kernel-firmware-ueagle"/>
<package name="plymouth"/>
<package name="plymouth-branding-SLE"/>
</packages>
<packages type="image">
<package name="checkmedia"/>
<package name="plymouth-branding-SLE"/>
<package name="plymouth-dracut"/>
<package name="plymouth-theme-bgrt"/>
<package name="grub2-branding-SLE"/>
<package name="iputils"/>
<package name="vim"/>
<package name="grub2"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="syslinux" arch="x86_64"/>
<package name="lvm2"/>
<package name="plymouth"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="openssh"/>
<package name="iproute2"/>
<package name="which"/>
<package name="kernel-firmware"/>
<package name="kernel-default"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="timezone"/>
<package name="haveged"/>
<!-- ironic-python-agent specific -->
<package name="openstack-ironic-python-agent"/>
<package name="hdparm"/>
<package name="qemu-tools"/>
<package name="python311-proliantutils"/>
<package name="lshw"/>
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="open-iscsi"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="timezone"/>
<package name="which"/>
<package name="kbd"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="bootstrap">
@@ -129,50 +167,5 @@
<package name="cracklib-dict-full"/>
<package name="ca-certificates"/>
<package name="sles-release"/>
<package name="checkmedia"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-branding-SLE"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2"/>
<package name="iproute2"/>
<package name="iputils"/>
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
<package name="lvm2"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="openssh"/>
<package name="timezone"/>
<package name="which"/>
<!-- ironic-python-agent specific -->
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="hdparm"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="kbd"/>
<package name="lshw"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="open-iscsi"/>
<package name="openstack-ironic-python-agent"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="python311-proliantutils"/>
<package name="qemu-tools"/>
<package name="timezone"/>
<package name="which"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
</image>

12
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.6
Version: 3.0.3
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -27,7 +27,7 @@ Group: System/Management
URL: https://github.com/SUSE-Cloud/
Source0: config.sh
Source10: ironic-ipa-ramdisk.kiwi
Source20: root
Source20: root.tar.bz2
BuildRequires: -post-build-checks
BuildRequires: bash
@@ -38,7 +38,7 @@ BuildArch: noarch
BuildRequires: checkmedia
BuildRequires: acl
BuildRequires: ca-certificates-mozilla-prebuilt
BuildRequires: ca-certificates
BuildRequires: cracklib-dict-full
BuildRequires: cron
BuildRequires: dbus-1
@@ -62,7 +62,7 @@ BuildRequires: ipmitool
BuildRequires: iproute2
BuildRequires: iputils
BuildRequires: kernel-default
BuildRequires: kernel-firmware-all
BuildRequires: kernel-firmware
BuildRequires: lvm2
BuildRequires: net-tools
BuildRequires: ntp
@@ -123,13 +123,13 @@ Kernel and ramdisk image for use with Metal3
For %{_arch}
%prep
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/img
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
cp -ar %{SOURCE20} /tmp/openstack-ironic-image/root
tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
%build
if ! which kiwi; then

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

24
ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf
View File

@@ -1,24 +0,0 @@
# WARNING: This file has been modified by the diskimage-builder
# dhcp-all-interfaces element as this machine is likely running
# a ramdisk or needs to attempt auto-configuration on all interfaces.
[main]
# This makes sense even with dhcp on all interfaces in the event
# that the configuration has been or is being supplied via external means.
ignore-carrier=*
# Use dhclient as was done previously to the Centos8/RHEL8 RPM defaults.
# This is because dhclient shuts the interface down after a retry attempt
# which allows the link state to reset with some switches, which may be
# important for the ramdisk to recover networking.
dhcp=dhclient
[connection]
# Keep retrying, this is important for this important espescialy for
# ramdisks in environments where varying switch configurations may
# cause traffic to be blocked or intermittent connectivity failures
# such as those at an edge site may cause issues.
autoconnect-retries=-1
# Set the timeout. Diskimage-builder dhcp-all-interfaces has a 30
# second default. NetworkManager, by default, is 45 seconds.
# In some cases where ramdisks are in use, 60 seconds is advisable.
ipv4.dhcp-timeout=30
ipv6.dhcp-timeout=30

1
ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d
View File

@@ -1 +0,0 @@
ironic-python-agent/ironic-python-agent.conf.d

1
ironic-ipa-ramdisk/root/etc/issue
View File

@@ -1 +0,0 @@
SUSE Ironic Python Agent Ramdisk - terminal \l

2
ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf
View File

@@ -1,2 +0,0 @@
# avoid problems with multiple network interfaces
net.ipv4.conf.all.rp_filter=0

7
ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf
View File

@@ -1,7 +0,0 @@
[Unit]
#WantsMountsFor=/mnt/ipa
After=mnt-ipa.mount
Wants=mnt-ipa.mount
[Service]
ExecStartPre=-/usr/local/bin/suse-network-setup.sh

7
ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount
View File

@@ -1,7 +0,0 @@
[Unit]
Description=config-2 rom consumed by IPA for networking configuration
[Mount]
What=/dev/ipa
Where=/mnt/ipa
TimeoutSec=30

12
ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Setup ironic-python-agent image
After=getty.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/suse-ironic-image-setup.sh
StandardOutput=journal+console
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

3
ironic-ipa-ramdisk/root/etc/systemd/system/systemd-udevd.service.d/ordering.conf
View File

@@ -1,3 +0,0 @@
[Unit]
Before=local-fs.target
WantedBy=local-fs.target

1
ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2.rules
View File

@@ -1 +0,0 @@
ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa"

52
ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh
View File

@@ -1,52 +0,0 @@
#!/bin/sh
PARAMS=$(</proc/cmdline)
# find vfloppy device (based on IPA code)
VMEDIA_DEVICE=$(find /dev/disk/by-label -iname ir-vfd-dev)
# read params from vmedia and prepend them to params from kernel cmdline
if [[ -b "$VMEDIA_DEVICE" ]]; then
VMEDIA_MOUNT=$(mktemp -d)
if mount -o loop $VMEDIA_DEVICE $VMEDIA_MOUNT; then
# parameters.txt has one param per line, reformat to match cmdline
VMEDIA_PARAMS=$(cat $VMEDIA_MOUNT/parameters.txt | tr '\n' ' ')
umount $VMEDIA_MOUNT
PARAMS="$VMEDIA_PARAMS $PARAMS"
fi
rmdir $VMEDIA_MOUNT
fi
# resize /tmp
if [[ $PARAMS =~ suse.tmpsize=([^ ]+) ]]; then
echo "Resizing /tmp to ${BASH_REMATCH[1]}..."
mount -o remount,size=${BASH_REMATCH[1]} /tmp
fi
# deploy authorized sshkey from kernel command line
if [[ $PARAMS =~ sshkey=\"([^\"]+)\" ]]; then
echo "Adding authorized SSH key..."
(umask 077 ; mkdir -p /root/.ssh)
echo "${BASH_REMATCH[1]}" >> /root/.ssh/authorized_keys
fi
# Inject certs
if [[ $PARAMS =~ tls.enabled=(true|True) ]]; then
cp /etc/ironic-python-agent.d/ca-certs/* /etc/pki/trust/anchors/
cp /etc/ironic-python-agent.d/ca-certs/* /usr/share/pki/trust/anchors/
update-ca-certificates
fi
# autologin root on given console (default tty1) if suse.autologin or coreos.autologin is enabled
if [[ $PARAMS =~ (suse|coreos)\.autologin=?([^ ]*) ]]; then
tty="${BASH_REMATCH[2]:-tty1}"
echo "Enabling autologin on $tty..."
systemctl stop getty@$tty
systemctl disable getty@$tty
systemctl start autologin@$tty
fi
# Append to /etc/hosts
# hosts.append=1.2.3.4_foo,4.5.6.7_foo2
if [[ $PARAMS =~ hosts.append=([^ ]+) ]]; then
HOSTS=${BASH_REMATCH[1]}
echo "Appending to hosts ${HOSTS}..."
for h in ${HOSTS/,/ }; do
echo "${h/_/ }" >> /etc/hosts
done
cat /etc/hosts
fi

24
ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh
View File

@@ -1,24 +0,0 @@
#!/bin/bash
set -eux
# Inspired by/based on glean-early.sh
# https://opendev.org/opendev/glean/src/branch/master/glean/init/glean-early.sh
# NOTE(TheJulia): We care about iso images, and would expect lower case as a
# result. In the case of VFAT partitions, they would be upper case.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NETWORK_DATA_FILE="/mnt/ipa/openstack/latest/network_data.json"
if [ ! -f "${NETWORK_DATA_FILE}" ]; then
echo "No network_data.json found, skipping network configuration"
exit 1
fi
mkdir -p /tmp/nmc/{desired,generated}
cp ${NETWORK_DATA_FILE} /tmp/nmc/desired/_all.yaml
nmc generate --config-dir /tmp/nmc/desired --output-dir /tmp/nmc/generated
nmc apply --config-dir /tmp/nmc/generated

23
ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh
View File

@@ -1,23 +0,0 @@
#!/bin/bash
set -eux
PATH=/bin:/usr/bin:/sbin:/usr/sbin
# Transform the ID from the drive being considered to lower case
device_publisher_id=$(echo ${ID_FS_PUBLISHER_ID} | tr '[A-Z]' '[a-z]')
# Retrieve the publisher ID from the command line and convert to lower case
cmdline_publisher_id=""
if grep -q "ir_pub_id" /proc/cmdline; then
cmdline_publisher_id=$(cat /proc/cmdline | sed -e 's/^.*ir_pub_id=//' -e 's/ .*$//')
fi
# Is this the filesystem we are looking for?
if [[ "${cmdline_publisher_id}" == "${device_publisher_id}" ]]; then
# It is the device we are looking for, return success
exit 0
else
# Not a match, return failure
exit 1
fi

12
kubevirt-dashboard-extension-chart/Chart.yaml
View File

@@ -1,6 +1,6 @@
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -10,13 +10,13 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 303.0.2+up1.3.2
appVersion: 303.0.1+up1.3.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.2+up1.3.2"
version: "%%CHART_MAJOR%%.0.1+up1.3.1"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

2
kubevirt-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.2+up1.3.2
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
kubevirt-dashboard-extension-chart/values.yaml
View File

@@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

10
metal3-chart/Chart.yaml
View File

@@ -1,7 +1,7 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
apiVersion: v2
appVersion: 0.11.3
appVersion: 0.11.0
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.10.3
version: 0.10.0
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.5+up0.11.3"
version: "%%CHART_MAJOR%%.0.2+up0.11.0"

2
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -22,6 +22,8 @@ global:
# Comment this out when pinning the baremetal-operator container to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.10.3
version: 0.10.0

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -50,6 +50,8 @@ global:
# Comment this out when pinning the pdns containers to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:
@@ -60,7 +62,7 @@ images:
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.6
tag: 3.0.3
nameOverride: ""
fullnameOverride: ""

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
apiVersion: v2
appVersion: 0.19.0
appVersion: 0.17.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.2+up0.19.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

2
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

871
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
View File

@@ -1,876 +1,11 @@
apiVersion: v1
data:
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: fleetaddonconfigs.addons.cluster.x-k8s.io
spec:
group: addons.cluster.x-k8s.io
names:
categories: []
kind: FleetAddonConfig
plural: fleetaddonconfigs
shortNames: []
singular: fleetaddonconfig
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
properties:
spec:
description: This provides a config for fleet addon functionality
properties:
cluster:
description: |-
Enable Cluster config funtionality.
This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the ClusterClass will be added to the Fleet Cluster labels.
nullable: true
properties:
agentEnvVars:
description: AgentEnvVars are extra environment variables to be
added to the agent deployment.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
nullable: true
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
nullable: true
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
nullable: true
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
nullable: true
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
nullable: true
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
nullable: true
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
nullable: true
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
nullable: true
type: string
divisor:
description: Specifies the output format of the
exposed resources, defaults to "1"
nullable: true
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
nullable: true
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the Secret or its key
must be defined
nullable: true
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
nullable: true
type: array
agentNamespace:
description: Namespace selection for the fleet agent
nullable: true
type: string
agentTolerations:
description: Agent taint toleration settings for every cluster
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
nullable: true
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
nullable: true
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
nullable: true
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
nullable: true
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
nullable: true
type: string
type: object
nullable: true
type: array
applyClassGroup:
description: Apply a ClusterGroup for a ClusterClass referenced
from a different namespace.
nullable: true
type: boolean
hostNetwork:
description: 'Host network allows to deploy agent configuration
using hostNetwork: true setting which eludes dependency on the
CNI configuration for the cluster.'
nullable: true
type: boolean
namespaceSelector:
description: Namespace label selector. If set, only clusters in
the namespace matching label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
naming:
description: Naming settings for the fleet cluster
nullable: true
properties:
prefix:
description: Specify a prefix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
suffix:
description: Specify a suffix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
type: object
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
selector:
description: Cluster label selector. If set, only clusters matching
label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
required:
- namespaceSelector
- selector
type: object
clusterClass:
description: |-
Enable clusterClass controller functionality.
This will create Fleet ClusterGroups for each ClusterClaster with the same name.
nullable: true
properties:
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
type: object
config:
nullable: true
properties:
featureGates:
description: feature gates controlling experimental features
nullable: true
properties:
configMap:
description: FeaturesConfigMap references a ConfigMap where
to apply feature flags. If a ConfigMap is referenced, the
controller will update it instead of upgrading the Fleet
chart.
nullable: true
properties:
ref:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
experimentalHelmOps:
description: Enables experimental Helm operations support.
type: boolean
experimentalOciStorage:
description: Enables experimental OCI storage support.
type: boolean
required:
- experimentalHelmOps
- experimentalOciStorage
type: object
server:
description: fleet server url configuration options
nullable: true
oneOf:
- required:
- inferLocal
- required:
- custom
properties:
custom:
properties:
apiServerCaConfigRef:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
apiServerUrl:
nullable: true
type: string
type: object
inferLocal:
type: boolean
type: object
type: object
install:
nullable: true
oneOf:
- required:
- followLatest
- required:
- version
properties:
followLatest:
description: Follow the latest version of the chart on install
type: boolean
version:
description: Use specific version to install
type: string
type: object
type: object
x-kubernetes-validations: []
status:
nullable: true
properties:
conditions:
description: conditions represents the observations of a Fleet addon
current state.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
installedVersion:
nullable: true
type: string
type: object
required:
- spec
title: FleetAddonConfig_kube_validation
type: object
x-kubernetes-validations:
- rule: self.metadata.name == 'fleet-addon-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-leader-election-role
namespace: caapf-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-role
rules:
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- fleetaddonconfigs
- fleetaddonconfigs/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- patch
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
- clusterctl.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusterclasses
verbs:
- get
- list
- watch
- patch
- apiGroups:
- fleet.cattle.io
resources:
- clusters
- clustergroups
- clusterregistrationtokens
- bundlenamespacemappings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- fleet.cattle.io
resources:
- bundlenamespacemappings
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: caapf-manager-role
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: caapf-helm-manager
labels:
cluster.x-k8s.io/fleet-addon-registration: "true"
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-controller-manager
namespace: caapf-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
spec:
containers:
- image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
imagePullPolicy: IfNotPresent
name: manager
ports:
- containerPort: 8443
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
- args:
- --helm-install
image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
name: helm-manager
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: helm-kubeconfig
readOnly: true
serviceAccountName: caapf-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: helm-kubeconfig
secret:
secretName: caapf-helm-manager
metadata: |
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
components: Not Found
metadata: Not Found
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.8.1
name: v0.6.0
namespace: rancher-turtles-system
labels:
provider-components: fleet

19
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1218,7 +1218,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2525,11 +2525,9 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.15.1
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2752,19 +2750,10 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.15.1
name: v0.12.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

223
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1744,23 +1744,12 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -1985,54 +1974,6 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy that controls
how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while attempting
to remediate an unhealthy machine.\nA retry happens when a machine
that was created as a replacement for an unhealthy machine also
fails.\nFor example, given a control plane with three machines
M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
M1) has problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered a retry,
remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
could happen only after RetryPeriod from the previous retry.\nIf
a machine is marked as unhealthy after MinHealthyPeriod from
the previous remediation expired,\nthis is not considered a
retry anymore because the new issue is assumed unrelated from
the previous one.\n\nIf not set, the remedation will be retried
infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after which
RKE2ControlPlane will consider any failure to a machine unrelated\nfrom
the previous one. In this case the remediation is not considered
a retry anymore, and thus the retry\ncounter restarts from 0.
For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created as
a replacement.\n\tIf M1-1 (replacement of M1) has problems within
the 1hr after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem related\n\tto
the original issue happened to M1 -.\n\n\tIf instead the problem
on M1-1 is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation of M1,
the problem on M1-1 is considered unrelated to\n\tthe original
issue happened to M1.\n\nIf not set, this value is defaulted
to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control Plane.
format: int32
@@ -2244,15 +2185,9 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
@@ -2606,42 +2541,14 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -2682,7 +2589,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -3245,23 +3152,12 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -3488,57 +3384,6 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy
that controls how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while
attempting to remediate an unhealthy machine.\nA retry
happens when a machine that was created as a replacement
for an unhealthy machine also fails.\nFor example, given
a control plane with three machines M1, M2, M3:\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered
a retry, remediation-retry #1.\n\tIf M1-2 (replacement
of M1-1) becomes unhealthy, remediation-retry #2 will
happen, etc.\n\nA retry could happen only after RetryPeriod
from the previous retry.\nIf a machine is marked as
unhealthy after MinHealthyPeriod from the previous remediation
expired,\nthis is not considered a retry anymore because
the new issue is assumed unrelated from the previous
one.\n\nIf not set, the remedation will be retried infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after
which RKE2ControlPlane will consider any failure to
a machine unrelated\nfrom the previous one. In this
case the remediation is not considered a retry anymore,
and thus the retry\ncounter restarts from 0. For example,
assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems within the 1hr after the creation, also\n\tthis
machine will be remediated and this operation is considered
a retry - a problem related\n\tto the original issue
happened to M1 -.\n\n\tIf instead the problem on M1-1
is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation
of M1, the problem on M1-1 is considered unrelated to\n\tthe
original issue happened to M1.\n\nIf not set, this value
is defaulted to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control
Plane.
@@ -3756,15 +3601,9 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration
of ETCD.
@@ -4135,42 +3974,14 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -4286,14 +4097,6 @@ data:
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
@@ -4445,7 +4248,6 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
env:
@@ -4461,7 +4263,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.15.1
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4691,19 +4493,10 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.15.1
name: v0.12.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.18.1
digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
generated: "2025-04-29T09:14:10.14953774Z"
version: 0.17.0
digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
generated: "2025-02-27T10:39:03.203623466Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -7,12 +7,12 @@ annotations:
catalog.cattle.io/namespace: rancher-turtles-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.11.0-1'
catalog.cattle.io/rancher-version: '>= 2.10.0-1'
catalog.cattle.io/release-name: rancher-turtles
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.19.0
appVersion: 0.17.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.2+up0.19.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

18
rancher-turtles-chart/RELEASE_NOTES.md
View File

@@ -1,14 +1,4 @@
## Changes since v0.19.0-rc.1
---
## :chart_with_upwards_trend: Overview
- 4 new commits merged
:book: Additionally, there has been 1 contribution to our documentation and book. (#1325)
## :question: Sort these by hand
- chart: Add helm chart values validation (#1320)
- Dependency: Revert dependency bumps (#1328)
- MULTIPLE_AREAS[documentation|azure]: Use predictable resourceGroup for AKS nodes (#1327)
_Thanks to all our contributors!_ 😊
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
env:
GH_TOKEN: ${{ github.token }}
: exit status 4

16
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -13,9 +13,9 @@ spec:
deployment:
containers:
- name: manager
imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
- name: helm-manager
imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -35,22 +35,10 @@ data:
metadata:
name: fleet-addon-config
spec:
config:
featureGates:
configMap:
ref:
kind: ConfigMap
apiVersion: v1
name: rancher-config
namespace: cattle-system
experimentalOciStorage: true
experimentalHelmOps: true
clusterClass:
patchResource: true
setOwnerReferences: true
cluster:
agentNamespace: cattle-fleet-system
applyClassGroup: true
patchResource: true
setOwnerReferences: true
hostNetwork: true

367
rancher-turtles-chart/values.schema.json
View File

@@ -1,367 +0,0 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Helm Chart Values Schema",
"type": "object",
"properties": {
"turtlesUI": {
"type": "object",
"description": "Manages the UI component.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn UI on or off."
},
"version": {
"type": "string",
"default": "0.8.2",
"description": "UI version to use."
}
}
},
"rancherTurtles": {
"type": "object",
"description": "Sets up the cluster management controller.",
"properties": {
"image": {
"type": "string",
"default": "controller",
"description": "Controller container image."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"namespace": {
"type": "string",
"default": "rancher-turtles-system",
"description": "Namespace for Turtles to run."
},
"managerArguments": {
"type": "array",
"default": [],
"description": "Extra args for the controller.",
"items": { "type": "string" }
},
"imagePullSecrets": {
"type": "array",
"default": [],
"description": "Secrets for private registries.",
"items": { "type": "string" }
},
"rancherInstalled": {
"type": "boolean",
"default": true,
"description": "True if Rancher is already installed in the cluster."
},
"kubectlImage": {
"type": "string",
"default": "registry.k8s.io/kubernetes/kubectl:v1.30.0",
"description": "Image for kubectl tasks."
},
"features": {
"type": "object",
"description": "Optional and experimental features.",
"properties": {
"day2operations": {
"type": "object",
"description": "Alpha feature.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for day-2 ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"etcdBackupRestore": {
"type": "object",
"description": "Manages etcd backup/restore.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on (true) or off (false)."
}
}
}
}
},
"addon-provider-fleet": {
"type": "object",
"description": "Beta feature for fleet addons.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
}
}
},
"agent-tls-mode": {
"type": "object",
"description": "Alpha feature for agent TLS.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"clusterclass-operations": {
"type": "object",
"description": "Alpha feature. Not ready for testing yet.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for cluster class ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Pull policy."
}
}
}
}
}
}
},
"cluster-api-operator": {
"type": "object",
"description": "Manages Cluster API components.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"cert-manager": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"volumes": {
"type": "array",
"description": "Volumes for operator pods (certs, config).",
"items": {
"type": "object",
"oneOf": [
{
"required": ["name", "secret"],
"properties": {
"name": { "type": "string" },
"secret": {
"type": "object",
"properties": {
"defaultMode": {
"type": "integer",
"default": 420,
"description": "File permissions."
},
"secretName": {
"type": "string",
"default": "capi-operator-webhook-service-cert",
"description": "Secret for webhook certs."
}
}
}
}
},
{
"required": ["name", "configMap"],
"properties": {
"name": { "type": "string" },
"configMap": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "clusterctl-config",
"description": "ConfigMap for clusterctl."
}
}
}
}
}
]
}
},
"image": {
"type": "object",
"properties": {
"manager": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"default": "registry.rancher.com/rancher/cluster-api-operator",
"description": "Image repo."
}
}
}
}
},
"volumeMounts": {
"type": "object",
"properties": {
"manager": {
"type": "array",
"description": "Mount volumes to pods.",
"items": {
"type": "object",
"properties": {
"mountPath": { "type": "string" },
"name": { "type": "string" },
"readOnly": {
"type": "boolean",
"default": true,
"description": "Mount as read-only."
}
}
}
}
}
},
"cleanup": {
"type": "boolean",
"default": true,
"description": "Enable cleanup tasks."
},
"cluster-api": {
"type": "object",
"description": "Cluster API component settings.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"configSecret": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "",
"description": "Custom secret name (if overriding)."
},
"defaultName": {
"type": "string",
"default": "capi-env-variables",
"description": "Default secret name."
}
}
},
"core": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "capi-system",
"description": "Core component namespace."
},
"imageUrl": {
"type": "string",
"default": "",
"description": "Custom image URL."
},
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"rke2": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"version": {
"type": "string",
"default": "",
"description": "RKE2 version."
},
"bootstrap": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-bootstrap-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"controlPlane": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-control-plane-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
}
}
}
}
}
}
}
}
}

83
rancher-turtles-chart/values.yaml
View File

@@ -1,152 +1,83 @@
# turtlesUI: Manages the UI component.
turtlesUI:
# enabled: Turn UI on or off.
enabled: false
# version: UI version to use.
version: 0.8.2
# rancherTurtles: Sets up the cluster management controller.
version: v0.8.2
rancherTurtles:
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
# namespace: Select namespace for Turtles to run.
namespace: rancher-turtles-system
# managerArguments: Extra args for the controller.
managerArguments: []
# imagePullSecrets: Secrets for private registries.
imagePullSecrets: []
# rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
rancherInstalled: false
# kubectlImage: Image for kubectl tasks.
kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3"
# features: Optional and experimental features.
features:
# day2operations: Alpha feature.
day2operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
# etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
etcdBackupRestore:
# enabled: Turn on (true) or off (false).
enabled: false
# addon-provider-fleet: Beta feature for fleet addons.
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
# enabled: Turn on or off.
enabled: true
# agent-tls-mode: Alpha feature for agent TLS.
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
# enabled: Turn on or off.
enabled: false
# clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
clusterclass-operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
# cluster-api-operator: Manages Cluster API components.
cluster-api-operator:
# enabled: Turn on or off.
enabled: true
# cert-manager: Cert-manager integration.
cert-manager:
# enabled: Turn on or off.
enabled: false
# volumes: Volumes for operator pods (certs, config).
volumes:
- name: cert
secret:
# defaultMode: File permissions.
defaultMode: 420
# secretName: Secret for webhook certs.
secretName: capi-operator-webhook-service-cert
- name: clusterctl-config
configMap:
# name: ConfigMap for clusterctl.
name: clusterctl-config
# image: registry.rancher.com/rancher/rancher/turtles
image:
manager:
# repository: Image repo.
repository: registry.rancher.com/rancher/cluster-api-operator
# volumeMounts: Mount volumes to pods.
volumeMounts:
manager:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
# readOnly: Mount as read-only.
readOnly: true
- mountPath: /config
name: clusterctl-config
# readOnly: Mount as read-only.
readOnly: true
# cleanup: Enable cleanup tasks.
cleanup: true
# cluster-api: Cluster API component settings.
cluster-api:
# enabled: Turn on or off.
enabled: true
# configSecret: Secret for Cluster API config.
configSecret:
# name: Custom secret name (if overriding).
name: ""
# defaultName: Default secret name.
defaultName: capi-env-variables
# core: Core Cluster API settings.
core:
# namespace: Core component namespace.
namespace: capi-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# rke2: RKE2 provider settings.
rke2:
# enabled: Turn on or off.
enabled: true
# version: RKE2 version.
version: "v0.15.1"
# bootstrap: RKE2 bootstrap provider.
version: ""
bootstrap:
# namespace: Bootstrap namespace.
namespace: rke2-bootstrap-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# controlPlane: RKE2 control plane provider.
controlPlane:
# namespace: Control plane namespace.
namespace: rke2-control-plane-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
metal3:
enabled: true

72
release-manifest-image/release_manifest.yaml
View File

@@ -7,7 +7,7 @@ spec:
components:
kubernetes:
k3s:
version: v1.32.3+k3s1
version: v1.32.2+k3s1
coreComponents:
- name: traefik-crd
version: 34.2.1+up34.2.0
@@ -31,13 +31,13 @@ spec:
image: rancher/mirrored-metrics-server:v0.7.2
type: Deployment
rke2:
version: v1.32.3+rke2r1
version: v1.32.2+rke2r1
coreComponents:
- name: rke2-cilium
version: 1.17.100
version: 1.17.000
type: HelmChart
- name: rke2-canal
version: v3.29.2-build2025030601
version: v3.29.2-build2025021800
type: HelmChart
- name: rke2-calico-crd
version: v3.29.101
@@ -46,10 +46,10 @@ spec:
version: v3.29.200
type: HelmChart
- name: rke2-coredns
version: 1.39.100
version: 1.36.102
type: HelmChart
- name: rke2-ingress-nginx
version: 4.12.100
version: 4.12.005
type: HelmChart
- name: rke2-metrics-server
version: 3.12.200
@@ -89,46 +89,46 @@ spec:
- prettyName: Rancher
releaseName: rancher
chart: rancher
version: 2.11.1
repository: https://charts.rancher.com/server-charts/prime
version: 2.11.0-alpha11
repository: https://releases.rancher.com/server-charts/alpha
values:
postDelete:
enabled: false
- prettyName: Longhorn
releaseName: longhorn
chart: longhorn
version: 106.2.0+up1.8.1
version: 105.1.1+up1.7.3
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: longhorn-crd
chart: longhorn-crd
version: 106.2.0+up1.8.1
version: 105.1.1+up1.7.3
repository: https://charts.rancher.io
- prettyName: MetalLB
releaseName: metallb
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metallb"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%metallb
version: %%CHART_MAJOR%%.0.0+up0.14.9
- prettyName: CDI
releaseName: cdi
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%cdi"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%cdi
version: %%CHART_MAJOR%%.0.0+up0.4.0
- prettyName: KubeVirt
releaseName: kubevirt
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt
version: %%CHART_MAJOR%%.0.0+up0.4.0
addonCharts:
- releaseName: kubevirt-dashboard-extension
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension"
version: "%%CHART_MAJOR%%.0.2+up1.3.2"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension
version: %%CHART_MAJOR%%.0.1+up1.3.1
- prettyName: NeuVector
releaseName: neuvector
chart: neuvector
version: 106.0.0+up2.8.5
version: 105.0.1+up2.8.4
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: neuvector-crd
chart: neuvector-crd
version: 106.0.0+up2.8.5
version: 105.0.1+up2.8.4
repository: https://charts.rancher.io
addonCharts:
- releaseName: neuvector-ui-ext
@@ -137,16 +137,16 @@ spec:
version: 2.0.1
- prettyName: EndpointCopierOperator
releaseName: endpoint-copier-operator
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator
version: %%CHART_MAJOR%%.0.0+up0.2.1
- prettyName: Elemental
releaseName: elemental-operator
chart: oci://registry.suse.com/rancher/elemental-operator-chart
version: 1.6.8
version: 1.6.5
dependencyCharts:
- releaseName: elemental-operator-crds
chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
version: 1.6.8
version: 1.6.5
addonCharts:
- releaseName: elemental
chart: elemental
@@ -154,25 +154,25 @@ spec:
version: 3.0.0
- prettyName: SRIOV
releaseName: sriov-network-operator
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator"
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator
version: %%CHART_MAJOR%%.0.0+up1.4.0
dependencyCharts:
- releaseName: sriov-crd
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd"
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd
version: %%CHART_MAJOR%%.0.0+up1.4.0
- prettyName: Akri
releaseName: akri
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri"
version: "%%CHART_MAJOR%%.0.0+up0.12.20"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri
version: %%CHART_MAJOR%%.0.0+up0.12.20
addonCharts:
- releaseName: akri-dashboard-extension
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension"
version: "%%CHART_MAJOR%%.0.2+up1.3.1"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension
version: %%CHART_MAJOR%%.0.1+up1.3.0
- prettyName: Metal3
releaseName: metal3
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
version: "%%CHART_MAJOR%%.0.5+up0.11.3"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%metal3
version: %%CHART_MAJOR%%.0.0+up0.10.0
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
version: "%%CHART_MAJOR%%.0.2+up0.19.0"
chart: %%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles
version: %%CHART_MAJOR%%.0.0+up0.17.0

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0
annotations:
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator
name: sriov-crd
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: "%%CHART_MAJOR%%.0.0+up1.4.0"

4
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml
View File

@@ -81,10 +81,6 @@ spec:
description: external_ids field in the Interface table
in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface table
in OVSDB
type: integer
options:
additionalProperties:
type: string

26
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml
View File

@@ -102,10 +102,6 @@ spec:
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
@@ -178,15 +174,6 @@ spec:
- pciAddress
type: object
type: array
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
@@ -241,10 +228,6 @@ spec:
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
@@ -352,15 +335,6 @@ spec:
type: string
syncStatus:
type: string
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
type: object
served: true

6
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -111,12 +111,6 @@ spec:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string
type: object
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of

8
sriov-network-operator-chart/.checks_helm.yaml
View File

@@ -1,2 +1,10 @@
extra_apis:
- k8s.cni.cncf.io/v1/NetworkAttachmentDefinition
image_exceptions:
- rancher/hardened-sriov-network-operator
- rancher/hardened-sriov-network-config-daemon
- rancher/hardened-sriov-cni
- rancher/hardened-ib-sriov-cni
- rancher/hardened-sriov-network-device-plugin
- rancher/hardened-sriov-network-resources-injector
- rancher/hardened-sriov-network-webhook

18
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,16 +1,16 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0
annotations:
catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.5.0
catalog.cattle.io/upstream-version: 1.4.0
apiVersion: v2
appVersion: v1.5.0
appVersion: v1.4.0
dependencies:
- condition: sriov-nfd.enabled
- condition: sriov-nfd.enabled
name: sriov-nfd
repository: file://./charts/sriov-nfd
version: 0.15.7
@@ -19,10 +19,10 @@ description: SR-IOV network operator configures and manages SR-IOV networks in t
home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords:
- sriov
kubeVersion: '>= 1.24.0-0'
- sriov
kubeVersion: '>= 1.16.0-0'
name: sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application
version: "%%CHART_MAJOR%%.0.2+up1.5.0"
version: "%%CHART_MAJOR%%.0.0+up1.4.0"

12
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo
```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator
```
#### Deploy from project sources
@@ -51,7 +51,7 @@ $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --se
$ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator
# Install Operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator-chart
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator
# View deployed resources
$ kubectl -n sriov-network-operator get pods
@@ -123,16 +123,10 @@ This section contains general parameters that apply to both the operator and dae
| Name | Type | Default | description |
| ---- | ---- | ------- | ----------- |
| `sriovOperatorConfig.deploy` | bool | `false` | deploy SriovOperatorConfig custom resource |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node selectors for sriov-network-config-daemon |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node slectors for sriov-network-config-daemon |
| `sriovOperatorConfig.logLevel` | int | `2` | log level for both operator and sriov-network-config-daemon |
| `sriovOperatorConfig.disableDrain` | bool | `false` | disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason |
| `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` |
| `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable |
**Note**
When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node.
Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode.
### Images parameters

5
sriov-network-operator-chart/app-README.md
View File

@@ -4,9 +4,10 @@ This chart is based on the upstream [k8snetworkplumbingwg/sriov-network-operator
The chart installs the following components:
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
- SR-IOV Operator - An operator that helps provision and configure the SR-IOV CNI plugin and SR-IOV Device plugin
- SR-IOV Network Config Daemon - A Daemon deployed by the Operator that discovers SR-IOV NICs on each node
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

8
sriov-network-operator-chart/charts/sriov-nfd/Chart.yaml
View File

@@ -4,11 +4,11 @@ description: Detects hardware features available on each node in a Kubernetes cl
and advertises those features using node labels
home: https://github.com/kubernetes-sigs/node-feature-discovery
keywords:
- feature-discovery
- feature-detection
- node-labels
- feature-discovery
- feature-detection
- node-labels
name: sriov-nfd
sources:
- https://github.com/kubernetes-sigs/node-feature-discovery
- https://github.com/kubernetes-sigs/node-feature-discovery
type: application
version: 0.15.7

8
sriov-network-operator-chart/charts/sriov-nfd/templates/cert-manager-issuer.yaml
View File

@@ -1,8 +1,8 @@
{{- if .Values.tls.certManager }}
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
# See https://cert-manager.io/docs/configuration/selfsigned/#bootstrapping-ca-issuers
# - Create a self signed issuer
# - Use this to create a CA cert
# - Use this to now create a CA issuer
---
apiVersion: cert-manager.io/v1
kind: Issuer

24
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrole.yaml
View File

@@ -6,7 +6,7 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- ""
resources:
- nodes
@@ -16,7 +16,7 @@ rules:
- patch
- update
- list
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
@@ -25,13 +25,13 @@ rules:
- get
- list
- watch
- apiGroups:
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- apiGroups:
- coordination.k8s.io
resources:
- leases
@@ -51,26 +51,26 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- apiGroups:
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- apiGroups:
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
@@ -89,27 +89,27 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- apiGroups:
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- apiGroups:
- apiGroups:
- topology.node.k8s.io
resources:
- noderesourcetopologies
verbs:
- delete
- list
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures

6
sriov-network-operator-chart/charts/sriov-nfd/templates/clusterrolebinding.yaml
View File

@@ -10,7 +10,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.master.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
@@ -28,7 +28,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-topology-updater
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.topologyUpdater.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}
@@ -46,7 +46,7 @@ roleRef:
kind: ClusterRole
name: {{ include "node-feature-discovery.fullname" . }}-gc
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.gc.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

4
sriov-network-operator-chart/charts/sriov-nfd/templates/role.yaml
View File

@@ -7,7 +7,7 @@ metadata:
labels:
{{- include "node-feature-discovery.labels" . | nindent 4 }}
rules:
- apiGroups:
- apiGroups:
- nfd.k8s-sigs.io
resources:
- nodefeatures
@@ -15,7 +15,7 @@ rules:
- create
- get
- update
- apiGroups:
- apiGroups:
- ""
resources:
- pods

3
sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml
View File

@@ -11,7 +11,8 @@ roleRef:
kind: Role
name: {{ include "node-feature-discovery.fullname" . }}-worker
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

6
sriov-network-operator-chart/charts/sriov-nfd/values.yaml
View File

@@ -3,7 +3,7 @@ image:
# This should be set to 'IfNotPresent' for released version
pullPolicy: IfNotPresent
# tag, if defined will use the given image tag, else Chart.AppVersion will be used
tag: v0.15.7-build20250425
tag: v0.15.7-build20241113
imagePullSecrets: []
nameOverride: ""
@@ -376,7 +376,7 @@ worker:
# matchFeatures:
# - feature: kernel.config
# matchName: {op: In, value: ["SWAP", "X86", "ARM"]}
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
### <NFD-WORKER-CONF-END-DO-NOT-REMOVE>
metricsPort: 8081
daemonsetAnnotations: {}
@@ -439,7 +439,7 @@ topologyUpdater:
# node1: [cpu]
# node2: [memory, example/deviceA]
# *: [hugepages-2Mi]
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
### <NFD-TOPOLOGY-UPDATER-CONF-END-DO-NOT-REMOVE>
enable: false
createCRDs: false

1
sriov-network-operator-chart/templates/_webhook-certs.tpl
View File

@@ -28,3 +28,4 @@ tls.key: {{ $cert.Key | b64enc }}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}

1
sriov-network-operator-chart/templates/certmanagercerts.yaml
View File

@@ -38,3 +38,4 @@ spec:
privateKey:
rotationPolicy: Always
{{- end -}}

12
sriov-network-operator-chart/templates/clusterrole.yaml
View File

@@ -49,6 +49,12 @@ rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
- apiGroups: [ "config.openshift.io" ]
resources: [ "infrastructures" ]
verbs: [ "get", "list", "watch" ]
@@ -61,7 +67,7 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-admin: "true"
{{- end }}
rules:
- apiGroups:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
@@ -78,7 +84,7 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-edit: "true"
{{- end }}
rules:
- apiGroups:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'
@@ -95,7 +101,7 @@ metadata:
rbac.authorization.k8s.io/aggregate-to-view: "true"
{{- end }}
rules:
- apiGroups:
- apiGroups:
- sriovnetwork.openshift.io
resources:
- '*'

4
sriov-network-operator-chart/templates/configmap.yaml
View File

@@ -20,11 +20,8 @@ data:
Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889"
Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889"
Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889"
Intel_ice_Columbiaville_E810-XXV_BACKPLANE: "8086 1599 1889"
Intel_ice_Columbiaville_E810: "8086 1591 1889"
Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"
@@ -33,7 +30,6 @@ data:
Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e"
Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e"
Nvidia_mlx5_ConnectX-7: "15b3 1021 101e"
Nvidia_mlx5_ConnectX-8: "15b3 1023 101e"
Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e"
Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e"
Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc"

2
sriov-network-operator-chart/templates/operator.yaml
View File

@@ -95,8 +95,6 @@ spec:
value: {{ .Values.operator.cniBinPath }}
- name: CLUSTER_TYPE
value: {{ .Values.operator.clusterType }}
- name: STALE_NODE_STATE_CLEANUP_DELAY_MINUTES
value: "{{ .Values.operator.staleNodeStateCleanupDelayMinutes }}"
{{- if .Values.operator.admissionControllers.enabled }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME
value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}

33
sriov-network-operator-chart/templates/pre-delete-webooks.yaml
View File

@@ -1,33 +0,0 @@
# The following job will be used as Helm pre-delete hook. It executes a small go-client binary
# which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects
# e.g. mutating/validating webhooks, within operator's recoinciling loop and
# preventing operator cluster object remainings while using helm uninstall
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "sriov-network-operator.fullname" . }}-pre-delete-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
spec:
template:
spec:
serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: cleanup
image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
command:
- sriov-network-operator-config-cleanup
args:
- --namespace
- {{ .Release.Namespace }}
restartPolicy: Never
backoffLimit: 2

14
sriov-network-operator-chart/templates/role.yaml
View File

@@ -32,12 +32,9 @@ rules:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- create
- update
- delete
- apiGroups:
- apps
resourceNames:
@@ -82,10 +79,13 @@ rules:
resources:
- pods
verbs:
- "get"
- "list"
- "watch"
- "delete"
- '*'
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- '*'
- apiGroups:
- sriovnetwork.openshift.io
resources:

2
sriov-network-operator-chart/templates/rolebinding.yaml
View File

@@ -36,7 +36,7 @@ metadata:
name: operator-webhook-sa
namespace: {{ .Release.Namespace }}
subjects:
- kind: ServiceAccount
- kind: ServiceAccount
name: operator-webhook-sa
roleRef:
kind: Role

1
sriov-network-operator-chart/templates/secrets.yaml
View File

@@ -17,3 +17,4 @@ metadata:
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }}
{{- end }}

4
sriov-network-operator-chart/templates/sriovoperatorconfig.yaml
View File

@@ -14,8 +14,4 @@ spec:
logLevel: {{ .Values.sriovOperatorConfig.logLevel }}
disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }}
configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }}
{{- with .Values.sriovOperatorConfig.featureGates }}
featureGates:
{{- range $k, $v := .}}{{printf "%s: %t" $k $v | nindent 4 }}{{ end }}
{{- end }}
{{ end }}

4
sriov-network-operator-chart/templates/validate-install-crd.yaml
View File

@@ -16,5 +16,5 @@
# {{- if (eq $exists false) -}}
# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
# {{- end -}}
# {{- end -}}
#{{- end -}}
# {{- end -}}
#{{- end -}}

36
sriov-network-operator-chart/values.yaml
View File

@@ -30,10 +30,6 @@ operator:
resourcePrefix: "rancher.io"
cniBinPath: "/opt/cni/bin"
clusterType: "kubernetes"
# minimal amount of time (in minutes) the operator will wait before removing
# stale SriovNetworkNodeState objects (objects that doesn't match node with the daemon)
# "0" means no extra delay, in this case the CR will be removed by the next reconcilation cycle (may take up to 5 minutes)
staleNodeStateCleanupDelayMinutes: "30"
admissionControllers:
enabled: false
certificates:
@@ -85,7 +81,7 @@ operator:
sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values
deploy: true
# node selectors for sriov-network-config-daemon
# node slectors for sriov-network-config-daemon
configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
# log level for both operator and sriov-network-config-daemon
logLevel: 2
@@ -94,33 +90,31 @@ sriovOperatorConfig:
disableDrain: false
# sriov-network-config-daemon configuration mode. either "daemon" or "systemd"
configurationMode: daemon
# feature gates to enable/disable
featureGates: {}
# Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"']
supportedExtraNICs: []
# Image URIs for sriov-network-operator components
images:
operator:
repository: registry.suse.com/rancher/hardened-sriov-network-operator
tag: v1.5.0-build20250425
repository: rancher/hardened-sriov-network-operator
tag: v1.4.0-build20241113
sriovConfigDaemon:
repository: registry.suse.com/rancher/hardened-sriov-network-config-daemon
tag: v1.5.0-build20250425
repository: rancher/hardened-sriov-network-config-daemon
tag: v1.4.0-build20241113
sriovCni:
repository: registry.suse.com/rancher/hardened-sriov-cni
tag: v2.9.0-build20250425
repository: rancher/hardened-sriov-cni
tag: v2.8.1-build20241113
ibSriovCni:
repository: registry.suse.com/rancher/hardened-ib-sriov-cni
tag: v1.2.1-build20250425
repository: rancher/hardened-ib-sriov-cni
tag: v1.1.1-build20241113
sriovDevicePlugin:
repository: registry.suse.com/rancher/hardened-sriov-network-device-plugin
tag: v3.9.0-build20250425
repository: rancher/hardened-sriov-network-device-plugin
tag: v3.8.0-build20241114
resourcesInjector:
repository: registry.suse.com/rancher/hardened-sriov-network-resources-injector
tag: v1.7.1-build20250425
repository: rancher/hardened-sriov-network-resources-injector
tag: v1.6.0-build20241113
webhook:
repository: registry.suse.com/rancher/hardened-sriov-network-webhook
tag: v1.5.0-build20250425
repository: rancher/hardened-sriov-network-webhook
tag: v1.4.0-build20241113
imagePullSecrets: []
extraDeploy: []
global: