dprodanov/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

base: dprodanov:main
Branches Tags
dprodanov:main dprodanov:kube-rbac-proxy-bump dprodanov:3.3 dprodanov:3.2 dprodanov:devel suse-edge:main suse-edge:3.3 suse-edge:dprodanov-patch-1 suse-edge:update-eib suse-edge:devel suse-edge:3.2
..
compare: suse-edge:devel
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:dprodanov-patch-1 suse-edge:update-eib suse-edge:devel suse-edge:3.2 dprodanov:main dprodanov:kube-rbac-proxy-bump dprodanov:3.3 dprodanov:3.2 dprodanov:devel

17 Commits
main ... devel

Author SHA256 Message Date
Nicolas Belouin
b1dfe698ff Merge pull request 'update-devel' (#141) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#141
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-05-07 10:19:14 +02:00
Nicolas Belouin
9581e030ce Merge branch 'main' into update-devel 2025-05-06 16:04:05 +02:00
Nicolas Belouin
76036c2dd8 Merge pull request 'update-devel' (#81) from nbelouin/Factory:update-devel into devel 
Reviewed-on: suse-edge/Factory#81
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 15:37:18 +01:00
Nicolas Belouin
0c6db5d5cc Merge branch 'main' into devel 2025-02-25 14:32:32 +01:00
Nicolas Belouin
0b03d14cee Merge pull request 'Add a script to trigger refresh on packages that need one' (#79) from nbelouin/Factory:devel-trigger into devel 
Reviewed-on: suse-edge/Factory#79
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-02-25 13:10:39 +01:00
Nicolas Belouin
9f2dc045e9 Add a script to trigger refresh on packages that need one 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-02-25 11:35:43 +01:00
Denislav Prodanov
f90f614746 update eib image to use package version 2025-01-31 14:59:32 +02:00
Denislav Prodanov
35f06da226 Update edge-image-builder/_service 2025-01-29 09:52:25 +01:00
Denislav Prodanov
8dd6d7d9d7 Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:54:58 +01:00
Denislav Prodanov
f9c5a29a9f Update edge-image-builder/_service 2025-01-28 13:54:39 +01:00
Denislav Prodanov
1b83b54b58 Update edge-image-builder/_service 2025-01-28 13:47:41 +01:00
Denislav Prodanov
c6b64a252f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:43:23 +01:00
Denislav Prodanov
689c80ffcc Update edge-image-builder/_service 2025-01-28 13:39:56 +01:00
Denislav Prodanov
d8745fe060 Update edge-image-builder/_service 2025-01-28 13:35:25 +01:00
Denislav Prodanov
9e39bdcf7f Update edge-image-builder/edge-image-builder.spec 2025-01-28 13:30:15 +01:00
Denislav Prodanov
9e376ffb74 Update edge-image-builder/_service 2025-01-28 13:29:50 +01:00
Denislav Prodanov
0fc166ff06 Add _config 2025-01-28 11:37:52 +01:00
166 changed files with 2983 additions and 4710 deletions
Expand all files Collapse all files

23
.gitea/workflows/check_manifest.yaml
View File

@@ -1,23 +0,0 @@
name: Check Release Manifest Local Charts Versions
on:
pull_request:
branches-ignore:
- "devel"
jobs:
sync-pr-project:
name: "Check Release Manifest Local Charts Versions"
runs-on: tumbleweed
steps:
# Waiting on PR to get merged for support in upstream action/checkout action
- uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
name: Checkout repository
with:
object-format: 'sha256'
- name: Setup dependencies
run: |
zypper in -y python3-PyYAML
- name: Check release manifest
run: |
python3 .obs/manifest-check.py

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:Factory"
PROJECT = "isv:SUSE:Edge:Factory:Devel"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "main"
BRANCH = "devel"

45
.obs/manifest-check.py
View File

@@ -1,45 +0,0 @@
#!/usr/bin/python3
import yaml
import sys
def get_chart_version(chart_name: str) -> str:
with open(f"./{chart_name}-chart/Chart.yaml") as f:
chart = yaml.safe_load(f)
return chart["version"]
def get_charts(chart):
if not chart["chart"].startswith("%%CHART_REPO%%"):
# Not a locally managed chart
return {}
chart_name = chart["chart"][len("%%CHART_REPO%%/%%CHART_PREFIX%%"):]
charts = { chart_name: chart["version"] }
for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
charts.update(get_charts(child_chart))
return charts
def get_charts_list():
with open("./release-manifest-image/release_manifest.yaml") as f:
manifest = yaml.safe_load(f)
charts = {}
for chart in manifest["spec"]["components"]["workloads"]["helm"]:
charts.update(get_charts(chart))
return charts
def main():
print("Checking charts versions in release manifest")
success = True
charts = get_charts_list()
for chart in charts:
expected_version = get_chart_version(chart)
if expected_version != charts[chart]:
success = False
print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
if not success:
sys.exit(1)
else:
print("All local charts in release manifest are using the right version")
if __name__ == "__main__":
main()

65
.obs/trigger_package.py Normal file
View File

@@ -0,0 +1,65 @@
import xml.etree.ElementTree as ET
import subprocess
from sync_packages import get_local_packages
from common import PROJECT
def get_service_repo(package):
with open(f"{package}/_service") as service:
root = ET.parse(service).getroot()
for service in root.findall("service"):
if service.get("mode") in ["manual", "disabled"]:
continue
if service.get("name") not in ["obs_scm", "tar_scm"]:
continue
ref = service.find("param[@name='revision']").text
repo = service.find("param[@name='url']").text
return (repo, ref)
return None
def get_remote_ref(project, package):
files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
for filename in files:
if filename.startswith("_service") and filename.endswith(".obsinfo"):
obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
for line in obsinfo:
if line.startswith("commit:"):
return line.split(':')[-1].strip()
def get_upstream_ref(repo, ref):
refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
refpath = ref.split('/')
best = None
for rref in refs:
value = rref.split('\t')
(sha, name) = (value[0].strip(), value[1].strip())
namepath = name.split('/')
if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
if name.endswith(ref) and best is None:
best = sha
if name.endswith("^{}"):
best = sha
return best
def trigger_service(project, package):
subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
def main():
packages = get_local_packages()
for package in packages:
try:
(repo, ref) = get_service_repo(package)
print(f"{package} uses {repo} at {ref}")
except: # Package is not using server side scm service
continue
remote_ref = get_remote_ref(PROJECT, package)
upstream_ref = get_upstream_ref(repo, ref)
if upstream_ref != remote_ref:
print(f"\t{package} needs a refresh")
print(f"\tOBS ref is {remote_ref}")
print(f"\tgit ref is {upstream_ref}")
trigger_service(PROJECT, package)
if __name__ == "__main__":
main()

16
_config
View File

@@ -60,7 +60,6 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kiwi-builder-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
@@ -109,12 +108,7 @@ BuildFlags: onlybuild:release-manifest-image
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# skopeo and umoci are used by build scripts to list packages
Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
%endif
%if "%_repository" == "images"
# skopeo and umoci are used by build scripts to list packages
Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
@@ -128,8 +122,6 @@ BuildFlags: onlybuild:release-manifest-image
Patterntype: none
BuildFlags: dockerarg:SLE_VERSION=16.0
BuildFlags: onlybuild:kiwi-builder-image
Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
@@ -148,13 +140,7 @@ BuildFlags: onlybuild:release-manifest-image
%endif
%else
%if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
BuildFlags: excludebuild:kiwi-builder-image
%else
%ifarch aarch64
BuildFlags: onlybuild:kiwi-builder-image
%endif
%endif
BuildFlags: excludebuild:kiwi-builder-image
%endif

3
_meta
View File

@@ -23,9 +23,6 @@
<disable/>
<enable repository="charts"/>
<enable repository="test_manifest_images"/>
{%- if for_release %}
<enable repository="releasecharts"/>
{%- endif %}
</build>
<publish>
<disable repository="phantomcharts"/>

11
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,5 +1,6 @@
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -9,13 +10,13 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 303.0.2+up1.3.1
appVersion: 303.0.1+up1.3.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.2+up1.3.1"
version: "%%CHART_MAJOR%%.0.1+up1.3.0"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

2
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.2+up1.3.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
akri-dashboard-extension-chart/values.yaml
View File

@@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

12
baremetal-operator-image/Dockerfile
View File

@@ -1,13 +1,13 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%
#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,8 +29,6 @@ LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
COPY bmo-run /usr/bin/bmo-run
RUN chmod +x /usr/bin/bmo-run
RUN groupadd -r -g 11000 bmo
RUN useradd -u 11000 -g 11000 bmo
ENTRYPOINT [ "/usr/bin/bmo-run" ]
ENTRYPOINT [ "/usr/bin/baremetal-operator" ]

12
baremetal-operator-image/bmo-run
View File

@@ -1,12 +0,0 @@
#!/bin/bash
export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034
inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
kill $(pgrep baremetal-opera)
done &
fi
exec /usr/bin/baremetal-operator $@

8
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
apiVersion: v2
appVersion: 1.61.0
appVersion: 1.60.1
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.5.0"
version: "%%CHART_MAJOR%%.0.0+up0.4.0"

2
cdi-chart/crds/cdi.yaml
View File

@@ -5079,4 +5079,4 @@ spec:
type: object
served: true
storage: true
subresources: {}
subresources: {}

2
cdi-chart/templates/NOTES.txt
View File

@@ -1,2 +1,2 @@
Verify that all CDI components are installed correctly:
kubectl get all -n {{ .Release.Namespace }}
kubectl get all -n {{ .Release.Namespace }}

2
cdi-chart/templates/_helpers.tpl
View File

@@ -59,4 +59,4 @@ Create the name of the service account to use
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- end }}

2
cdi-chart/templates/_hooks.tpl
View File

@@ -44,4 +44,4 @@
{{/* CRD uninstalling hook name */}}
{{- define "cdi.crdUninstallHook.name" -}}
{{ include "cdi.fullname" . }}-crd-uninstall
{{- end }}
{{- end }}

20
cdi-chart/templates/cdi-operator.yaml
View File

@@ -606,7 +606,17 @@ spec:
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
@@ -640,7 +650,9 @@ spec:
name: metrics
protocol: TCP
resources:
{{- .Values.deployment.resources | toYaml | nindent 12 }}
requests:
cpu: 100m
memory: 150Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -649,8 +661,6 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
securityContext:
@@ -658,4 +668,4 @@ spec:
serviceAccountName: cdi-operator
tolerations:
- key: CriticalAddonsOnly
operator: Exists
operator: Exists

2
cdi-chart/templates/cdi-uninstall-hooks.yaml
View File

@@ -66,4 +66,4 @@ spec:
- deployments/cdi-apiserver
- deployments/cdi-deployment
- deployments/cdi-uploadproxy
- --timeout=60s
- --timeout=60s

2
cdi-chart/templates/cdi.yaml
View File

@@ -18,4 +18,4 @@ spec:
{{- with .Values.cdi.workload }}
workload:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
cdi-chart/templates/crd-uninstall-hooks.yaml
View File

@@ -52,4 +52,4 @@ spec:
- customresourcedefinitions
- cdis.cdi.kubevirt.io
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
{{- toYaml .Values.hookSecurityContext | nindent 12 }}

2
cdi-chart/templates/crd-upgrade-hooks.yaml
View File

@@ -77,4 +77,4 @@ spec:
name: cdi-crd-manifest
items:
- key: crd
path: crd.yaml
path: crd.yaml

2
cdi-chart/templates/namespace-hooks.yaml
View File

@@ -53,4 +53,4 @@ spec:
- label
- namespace
- {{ .Release.Namespace }}
- cdi.kubevirt.io=
- cdi.kubevirt.io=

20
cdi-chart/values.yaml
View File

@@ -1,5 +1,5 @@
deployment:
version: 1.61.0-150600.3.12.1
version: 1.60.1-150600.3.9.1
operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,22 +8,6 @@ deployment:
uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
pullPolicy: IfNotPresent
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 100m
memory: 150Mi
cdi:
config:
@@ -51,4 +35,4 @@ hookSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL

1
edge-build-checks/20-helm-images
View File

@@ -8,7 +8,6 @@ import pprint
AUTHORIZED_REPOS = [
"registry.suse.com/suse/sles/",
"registry.suse.com/rancher",
"registry.rancher.com",
]

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.2.1"
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@@ -1,5 +1,10 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%PACKAGE_VERSION%</param>
<param name="package">edge-image-builder</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

2
edge-image-builder-image/artifacts.yaml
View File

@@ -5,7 +5,7 @@ metallb:
endpoint-copier-operator:
chart: endpoint-copier-operator
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.1+up0.3.0"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
kubernetes:
k3s:
selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch

11
edge-image-builder/_service
View File

@@ -1,15 +1,12 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@_%h.%ad</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.2.1</param>
<!-- Uncomment and set this For Pre-Release Version -->
<!-- <param name="version">1.2.0~rc1</param> -->
<!-- Uncomment and this for regular version -->
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="revision">main</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">

2
edge-image-builder/edge-image-builder.spec
View File

@@ -17,7 +17,7 @@
Name: edge-image-builder
Version: 1.2.1
Version: 0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0

8
endpoint-copier-operator-chart/Chart.yaml
View File

@@ -1,8 +1,8 @@
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.1_up0.3.0
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.1_up0.3.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
apiVersion: v2
appVersion: v0.3.0
appVersion: v0.2.0
description: A Helm chart for Kubernetes
name: endpoint-copier-operator
type: application
version: "%%CHART_MAJOR%%.0.1+up0.3.0"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"

15
endpoint-copier-operator-chart/templates/deployment.yaml
View File

@@ -20,23 +20,8 @@ spec:
labels:
{{- include "endpoint-copier-operator.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.priorityClassName }}
priorityClassName: {{ .Values.priorityClassName }}
{{- end }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- command:
- /manager

4
endpoint-copier-operator-chart/templates/rbac/role.yaml
View File

@@ -7,9 +7,9 @@ metadata:
name: {{ include "endpoint-copier-operator.fullname" . }}
rules:
- apiGroups:
- "discovery.k8s.io"
- ""
resources:
- endpointslices
- endpoints
verbs:
- create
- delete

12
endpoint-copier-operator-chart/values.yaml
View File

@@ -8,7 +8,7 @@ image:
repository: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "0.3.0"
tag: "0.2.0"
nameOverride: "endpoint-copier-operator"
fullnameOverride: "endpoint-copier-operator"
@@ -29,8 +29,6 @@ podSecurityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: "system-cluster-critical"
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -39,11 +37,11 @@ securityContext:
resources:
limits:
cpu: 100m
memory: 64Mi
cpu: 500m
memory: 128Mi
requests:
cpu: 5m
memory: 32Mi
cpu: 10m
memory: 64Mi
autoscaling:
enabled: false

2
endpoint-copier-operator/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/endpoint-copier-operator</param>
<param name="scm">git</param>
<param name="revision">v0.3.0</param>
<param name="revision">v0.2.0</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

6
endpoint-copier-operator/endpoint-copier-operator.spec
View File

@@ -17,14 +17,14 @@
Name: endpoint-copier-operator
Version: 0.3.0
Release: 0.3.0
Version: 0.2.0
Release: 0.2.0
Summary: Implements a Kubernetes API for copying endpoint resources
License: Apache-2.0
URL: https://github.com/suse-edge/endpoint-copier-operator
Source: endpoint-copier-operator-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) = 1.24
BuildRequires: golang(API) = 1.20
ExcludeArch: s390
ExcludeArch: %{ix86}

57
ironic-image/inspector-apache.conf.j2 Normal file
View File

@@ -0,0 +1,57 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
{% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
Listen {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
<VirtualHost *:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
{% else %}
Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
<VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
{% endif %}
{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
ProxyPass "/" "unix:/shared/inspector.sock|http://127.0.0.1/"
ProxyPassReverse "/" "unix:/shared/inspector.sock|http://127.0.0.1/"
{% else %}
ProxyPass "/" "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
ProxyPassReverse "/" "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
{% endif %}
SetEnv APACHE_RUN_USER ironic-suse
SetEnv APACHE_RUN_GROUP ironic-suse
ErrorLog /dev/stdout
LogLevel debug
CustomLog /dev/stdout combined
SSLEngine On
SSLProtocol {{ env.IRONIC_SSL_PROTOCOL }}
SSLCertificateFile {{ env.IRONIC_INSPECTOR_CERT_FILE }}
SSLCertificateKeyFile {{ env.IRONIC_INSPECTOR_KEY_FILE }}
{% if "INSPECTOR_HTPASSWD" in env and env.INSPECTOR_HTPASSWD | length %}
<Location / >
AuthType Basic
AuthName "Restricted area"
AuthUserFile "/etc/ironic-inspector/htpasswd"
Require valid-user
</Location>
<Location ~ "^/(v1/?)?$" >
Require all granted
</Location>
<Location /v1/continue >
Require all granted
</Location>
{% endif %}
</VirtualHost>

68
ironic-image/ironic-inspector.conf.j2 Normal file
View File

@@ -0,0 +1,68 @@
[DEFAULT]
auth_strategy = noauth
debug = true
transport_url = fake://
use_stderr = true
{% if env.INSPECTOR_REVERSE_PROXY_SETUP == "true" %}
{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
listen_unix_socket = /shared/inspector.sock
# NOTE(dtantsur): this is not ideal, but since the socket is accessed from
# another container, we need to make it world-writeable.
listen_unix_socket_mode = 0666
{% else %}
listen_port = {{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}
listen_address = 127.0.0.1
{% endif %}
{% elif env.LISTEN_ALL_INTERFACES | lower == "true" %}
listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
listen_address = ::
{% else %}
listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
listen_address = {{ env.IRONIC_IP }}
{% endif %}
host = {{ env.IRONIC_IP }}
{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
use_ssl = true
{% endif %}
[database]
connection = sqlite:////var/lib/ironic-inspector/ironic-inspector.db
{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
[discovery]
enroll_node_driver = ipmi
{% endif %}
[ironic]
auth_type = none
endpoint_override = {{ env.IRONIC_BASE_URL }}
{% if env.IRONIC_TLS_SETUP == "true" %}
cafile = {{ env.IRONIC_CACERT_FILE }}
insecure = {{ env.IRONIC_INSECURE }}
{% endif %}
[processing]
add_ports = all
always_store_ramdisk_logs = true
keep_ports = present
{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
node_not_found_hook = enroll
{% endif %}
permit_active_introspection = true
power_off = false
processing_hooks = $default_processing_hooks,lldp_basic
ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk
store_data = database
[pxe_filter]
driver = noop
[service_catalog]
auth_type = none
endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
[ssl]
cert_file = {{ env.IRONIC_INSPECTOR_CERT_FILE }}
key_file = {{ env.IRONIC_INSPECTOR_KEY_FILE }}
{% endif %}

13
ironic-image/runironic-api Normal file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/bash
export IRONIC_DEPLOYMENT="API"
# shellcheck disable=SC1091
. /bin/configure-ironic.sh
export IRONIC_REVERSE_PROXY_SETUP=false
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < /tmp/httpd-ironic-api.conf.j2 > /etc/httpd/conf.d/ironic.conf
# shellcheck disable=SC1091
. /bin/runhttpd

20
ironic-image/runironic-conductor Normal file
View File

@@ -0,0 +1,20 @@
#!/usr/bin/bash
export IRONIC_DEPLOYMENT="Conductor"
# shellcheck disable=SC1091
. /bin/configure-ironic.sh
# Ramdisk logs
mkdir -p /shared/log/ironic/deploy
run_ironic_dbsync
if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034
inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
kill $(pgrep ironic)
done &
fi
exec /usr/bin/ironic-conductor

62
ironic-image/runironic-inspector Normal file
View File

@@ -0,0 +1,62 @@
#!/usr/bin/bash
set -euxo pipefail
CONFIG=/etc/ironic-inspector/ironic-inspector.conf
export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
# shellcheck disable=SC1091
. /bin/tls-common.sh
# shellcheck disable=SC1091
. /bin/ironic-common.sh
# shellcheck disable=SC1091
. /bin/auth-common.sh
if [[ "$USE_IRONIC_INSPECTOR" == "false" ]]; then
echo "FATAL: ironic-inspector is disabled via USE_IRONIC_INSPECTOR"
exit 1
fi
wait_for_interface_or_ip
IRONIC_INSPECTOR_PORT=${IRONIC_INSPECTOR_ACCESS_PORT}
if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]] && [[ "${IRONIC_INSPECTOR_PRIVATE_PORT}" != "unix" ]]; then
IRONIC_INSPECTOR_PORT=$IRONIC_INSPECTOR_PRIVATE_PORT
fi
else
export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
fi
export IRONIC_INSPECTOR_BASE_URL="${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_PORT}"
export IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"
build_j2_config()
{
local CONFIG_FILE="$1"
python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$CONFIG_FILE.j2"
}
# Merge with the original configuration file from the package.
build_j2_config "$CONFIG" | crudini --merge "$CONFIG"
configure_inspector_auth
configure_client_basic_auth ironic "${CONFIG}"
ironic-inspector-dbsync --config-file "${CONFIG}" upgrade
if [[ "$INSPECTOR_REVERSE_PROXY_SETUP" == "false" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
# shellcheck disable=SC2034
inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
kill $(pgrep ironic)
done &
fi
# Make sure ironic traffic bypasses any proxies
export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
# shellcheck disable=SC2086
exec /usr/bin/ironic-inspector

9
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,7 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -18,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

45
ironic-ipa-downloader-image/Dockerfile.aarch64
View File

@@ -1,45 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

45
ironic-ipa-downloader-image/Dockerfile.x86_64
View File

@@ -1,45 +0,0 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.6"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

4
ironic-ipa-downloader-image/_multibuild
View File

@@ -1,4 +0,0 @@
<multibuild>
<flavor>x86_64</flavor>
<flavor>aarch64</flavor>
</multibuild>

2
ironic-ipa-downloader-image/_service
View File

@@ -2,8 +2,6 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile.aarch64</param>
<param name="file">Dockerfile.x86_64</param>
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>

12
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -26,15 +26,11 @@ if [ -z "${IPA_BASEURI}" ]; then
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
if [ -f /tmp/initrd-x86_64.zst ]; then
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
fi
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
if [ -f /tmp/initrd-aarch64.zst ]; then
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
fi
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else

44
ironic-ipa-ramdisk/config.sh
View File

@@ -13,6 +13,11 @@ echo "Configure image: [$kiwi_iname]..."
#------------------------------------------
baseSetupBuildDay
#======================================
# Mount system filesystems
#--------------------------------------
#baseMount
#==========================================
# remove unneded kernel files
#------------------------------------------
@@ -34,8 +39,12 @@ suseImportBuildKey
#--------------------------------------
baseInsertService openstack-ironic-python-agent
baseInsertService suse-ironic-image-setup
baseInsertService suse-network-setup
baseInsertService sshd
baseInsertService NetworkManager
#suseInsertService sshd
#suseInsertService openstack-ironic-python-agent
#suseInsertService suse-ironic-image-setup
echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
@@ -55,7 +64,42 @@ sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/l
#------------------------------------------
echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
#==========================================
# remove package docs and manuals
#------------------------------------------
#baseStripDocs
#baseStripMans
#baseStripInfos
#======================================
# only basic version of vim is
# installed; no syntax highlighting
#--------------------------------------
sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
#======================================
# Remove yast if not in use
#--------------------------------------
#suseRemoveYaST
#======================================
# Remove package manager
#--------------------------------------
#suseStripPackager
#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
#======================================
# Umount kernel filesystems
#--------------------------------------
#baseCleanMount
ln -s /sbin/init /init
#==========================================
# umount
#------------------------------------------
umount /proc >/dev/null 2>&1
exit 0

119
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -12,7 +12,6 @@
<locale>en_US</locale>
<packagemanager>zypper</packagemanager>
<rpm-check-signatures>false</rpm-check-signatures>
<rpm-excludedocs>true</rpm-excludedocs>
<timezone>UTC</timezone>
<version>1.0.0</version>
</preferences>
@@ -103,25 +102,64 @@
<package name="libxcb-render0"/>
<package name="libxcb-shm0"/>
<package name="libxcb1"/>
<package name="kernel-firmware-amdgpu"/>
<package name="kernel-firmware-ath10k"/>
<package name="kernel-firmware-ath11k"/>
<package name="kernel-firmware-ath12k"/>
<package name="kernel-firmware-atheros"/>
<package name="kernel-firmware-bluetooth"/>
<package name="kernel-firmware-brcm"/>
<package name="kernel-firmware-i915"/>
<package name="kernel-firmware-iwlwifi"/>
<package name="kernel-firmware-media"/>
<package name="kernel-firmware-nvidia"/>
<package name="kernel-firmware-qcom"/>
<package name="kernel-firmware-radeon"/>
<package name="kernel-firmware-realtek"/>
<package name="kernel-firmware-sound"/>
<package name="kernel-firmware-ti"/>
<package name="kernel-firmware-ueagle"/>
<package name="plymouth"/>
<package name="plymouth-branding-SLE"/>
</packages>
<packages type="image">
<package name="checkmedia"/>
<package name="plymouth-branding-SLE"/>
<package name="plymouth-dracut"/>
<package name="plymouth-theme-bgrt"/>
<package name="grub2-branding-SLE"/>
<package name="iputils"/>
<package name="vim"/>
<package name="grub2"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="syslinux" arch="x86_64"/>
<package name="lvm2"/>
<package name="plymouth"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="openssh"/>
<package name="iproute2"/>
<package name="which"/>
<package name="kernel-firmware"/>
<package name="kernel-default"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="timezone"/>
<package name="haveged"/>
<!-- ironic-python-agent specific -->
<package name="openstack-ironic-python-agent"/>
<package name="hdparm"/>
<package name="qemu-tools"/>
<package name="python311-proliantutils"/>
<package name="lshw"/>
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="open-iscsi"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="timezone"/>
<package name="which"/>
<package name="kbd"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="bootstrap">
<package name="glibc-locale"/>
<package name="udev"/>
@@ -129,50 +167,5 @@
<package name="cracklib-dict-full"/>
<package name="ca-certificates"/>
<package name="sles-release"/>
<package name="checkmedia"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-branding-SLE"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2"/>
<package name="iproute2"/>
<package name="iputils"/>
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
<package name="lvm2"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="openssh"/>
<package name="timezone"/>
<package name="which"/>
<!-- ironic-python-agent specific -->
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="hdparm"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="kbd"/>
<package name="lshw"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="open-iscsi"/>
<package name="openstack-ironic-python-agent"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="python311-proliantutils"/>
<package name="qemu-tools"/>
<package name="timezone"/>
<package name="which"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
</image>

12
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.7
Version: 3.0.3
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -27,7 +27,7 @@ Group: System/Management
URL: https://github.com/SUSE-Cloud/
Source0: config.sh
Source10: ironic-ipa-ramdisk.kiwi
Source20: root
Source20: root.tar.bz2
BuildRequires: -post-build-checks
BuildRequires: bash
@@ -38,7 +38,7 @@ BuildArch: noarch
BuildRequires: checkmedia
BuildRequires: acl
BuildRequires: ca-certificates-mozilla-prebuilt
BuildRequires: ca-certificates
BuildRequires: cracklib-dict-full
BuildRequires: cron
BuildRequires: dbus-1
@@ -62,7 +62,7 @@ BuildRequires: ipmitool
BuildRequires: iproute2
BuildRequires: iputils
BuildRequires: kernel-default
BuildRequires: kernel-firmware-all
BuildRequires: kernel-firmware
BuildRequires: lvm2
BuildRequires: net-tools
BuildRequires: ntp
@@ -123,13 +123,13 @@ Kernel and ramdisk image for use with Metal3
For %{_arch}
%prep
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/img
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
cp -ar %{SOURCE20} /tmp/openstack-ironic-image/root
tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
%build
if ! which kiwi; then

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS) Normal file
View File

Binary file not shown.

24
ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf
View File

@@ -1,24 +0,0 @@
# WARNING: This file has been modified by the diskimage-builder
# dhcp-all-interfaces element as this machine is likely running
# a ramdisk or needs to attempt auto-configuration on all interfaces.
[main]
# This makes sense even with dhcp on all interfaces in the event
# that the configuration has been or is being supplied via external means.
ignore-carrier=*
# Use dhclient as was done previously to the Centos8/RHEL8 RPM defaults.
# This is because dhclient shuts the interface down after a retry attempt
# which allows the link state to reset with some switches, which may be
# important for the ramdisk to recover networking.
dhcp=dhclient
[connection]
# Keep retrying, this is important for this important espescialy for
# ramdisks in environments where varying switch configurations may
# cause traffic to be blocked or intermittent connectivity failures
# such as those at an edge site may cause issues.
autoconnect-retries=-1
# Set the timeout. Diskimage-builder dhcp-all-interfaces has a 30
# second default. NetworkManager, by default, is 45 seconds.
# In some cases where ramdisks are in use, 60 seconds is advisable.
ipv4.dhcp-timeout=30
ipv6.dhcp-timeout=30

1
ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d
View File

@@ -1 +0,0 @@
ironic-python-agent/ironic-python-agent.conf.d

1
ironic-ipa-ramdisk/root/etc/issue
View File

@@ -1 +0,0 @@
SUSE Ironic Python Agent Ramdisk - terminal \l

2
ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf
View File

@@ -1,2 +0,0 @@
# avoid problems with multiple network interfaces
net.ipv4.conf.all.rp_filter=0

7
ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf
View File

@@ -1,7 +0,0 @@
[Unit]
#WantsMountsFor=/mnt/ipa
After=mnt-ipa.mount
Wants=mnt-ipa.mount
[Service]
ExecStartPre=-/usr/local/bin/suse-network-setup.sh

7
ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount
View File

@@ -1,7 +0,0 @@
[Unit]
Description=config-2 rom consumed by IPA for networking configuration
[Mount]
What=/dev/ipa
Where=/mnt/ipa
TimeoutSec=30

12
ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service
View File

@@ -1,12 +0,0 @@
[Unit]
Description=Setup ironic-python-agent image
After=getty.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/suse-ironic-image-setup.sh
StandardOutput=journal+console
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

3
ironic-ipa-ramdisk/root/etc/systemd/system/systemd-udevd.service.d/ordering.conf
View File

@@ -1,3 +0,0 @@
[Unit]
Before=local-fs.target
WantedBy=local-fs.target

1
ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2.rules
View File

@@ -1 +0,0 @@
ACTION=="add|change", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa"

52
ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh
View File

@@ -1,52 +0,0 @@
#!/bin/sh
PARAMS=$(</proc/cmdline)
# find vfloppy device (based on IPA code)
VMEDIA_DEVICE=$(find /dev/disk/by-label -iname ir-vfd-dev)
# read params from vmedia and prepend them to params from kernel cmdline
if [[ -b "$VMEDIA_DEVICE" ]]; then
VMEDIA_MOUNT=$(mktemp -d)
if mount -o loop $VMEDIA_DEVICE $VMEDIA_MOUNT; then
# parameters.txt has one param per line, reformat to match cmdline
VMEDIA_PARAMS=$(cat $VMEDIA_MOUNT/parameters.txt | tr '\n' ' ')
umount $VMEDIA_MOUNT
PARAMS="$VMEDIA_PARAMS $PARAMS"
fi
rmdir $VMEDIA_MOUNT
fi
# resize /tmp
if [[ $PARAMS =~ suse.tmpsize=([^ ]+) ]]; then
echo "Resizing /tmp to ${BASH_REMATCH[1]}..."
mount -o remount,size=${BASH_REMATCH[1]} /tmp
fi
# deploy authorized sshkey from kernel command line
if [[ $PARAMS =~ sshkey=\"([^\"]+)\" ]]; then
echo "Adding authorized SSH key..."
(umask 077 ; mkdir -p /root/.ssh)
echo "${BASH_REMATCH[1]}" >> /root/.ssh/authorized_keys
fi
# Inject certs
if [[ $PARAMS =~ tls.enabled=(true|True) ]]; then
cp /etc/ironic-python-agent.d/ca-certs/* /etc/pki/trust/anchors/
cp /etc/ironic-python-agent.d/ca-certs/* /usr/share/pki/trust/anchors/
update-ca-certificates
fi
# autologin root on given console (default tty1) if suse.autologin or coreos.autologin is enabled
if [[ $PARAMS =~ (suse|coreos)\.autologin=?([^ ]*) ]]; then
tty="${BASH_REMATCH[2]:-tty1}"
echo "Enabling autologin on $tty..."
systemctl stop getty@$tty
systemctl disable getty@$tty
systemctl start autologin@$tty
fi
# Append to /etc/hosts
# hosts.append=1.2.3.4_foo,4.5.6.7_foo2
if [[ $PARAMS =~ hosts.append=([^ ]+) ]]; then
HOSTS=${BASH_REMATCH[1]}
echo "Appending to hosts ${HOSTS}..."
for h in ${HOSTS/,/ }; do
echo "${h/_/ }" >> /etc/hosts
done
cat /etc/hosts
fi

24
ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh
View File

@@ -1,24 +0,0 @@
#!/bin/bash
set -eux
# Inspired by/based on glean-early.sh
# https://opendev.org/opendev/glean/src/branch/master/glean/init/glean-early.sh
# NOTE(TheJulia): We care about iso images, and would expect lower case as a
# result. In the case of VFAT partitions, they would be upper case.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NETWORK_DATA_FILE="/mnt/ipa/openstack/latest/network_data.json"
if [ ! -f "${NETWORK_DATA_FILE}" ]; then
echo "No network_data.json found, skipping network configuration"
exit 1
fi
mkdir -p /tmp/nmc/{desired,generated}
cp ${NETWORK_DATA_FILE} /tmp/nmc/desired/_all.yaml
nmc generate --config-dir /tmp/nmc/desired --output-dir /tmp/nmc/generated
nmc apply --config-dir /tmp/nmc/generated

23
ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh
View File

@@ -1,23 +0,0 @@
#!/bin/bash
set -eux
PATH=/bin:/usr/bin:/sbin:/usr/sbin
# Transform the ID from the drive being considered to lower case
device_publisher_id=$(echo ${ID_FS_PUBLISHER_ID} | tr '[A-Z]' '[a-z]')
# Retrieve the publisher ID from the command line and convert to lower case
cmdline_publisher_id=""
if grep -q "ir_pub_id" /proc/cmdline; then
cmdline_publisher_id=$(cat /proc/cmdline | sed -e 's/^.*ir_pub_id=//' -e 's/ .*$//')
fi
# Is this the filesystem we are looking for?
if [[ "${cmdline_publisher_id}" == "${device_publisher_id}" ]]; then
# It is the device we are looking for, return success
exit 0
else
# Not a match, return failure
exit 1
fi

12
kiwi-builder-image/Dockerfile
View File

@@ -1,7 +1,6 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0
# Base image version, should match the tag above
ARG KIWIVERSION="10.2.12"
FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
ARG KIWIVERSION
@@ -11,11 +10,11 @@ ARG KIWIVERSION
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="${KIWIVERSION}"
LABEL org.opencontainers.image.version="%%kiwi_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:${KIWIVERSION}.0-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -24,6 +23,9 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
# help the build service understand the need for python3-kiwi
RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
# Copy build script into image and make it executable
ADD build-image.sh /usr/bin/build-image
RUN chmod a+x /usr/bin/build-image

18
kiwi-builder-image/_service
View File

@@ -2,8 +2,14 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="file">README</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
@@ -11,4 +17,14 @@
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
<service mode="buildtime" name="replace_using_package_version">
<param name="file">Dockerfile</param>
<param name="regex">%%kiwi_version%%</param>
<param name="package">python3-kiwi</param>
</service>
<service mode="buildtime" name="replace_using_package_version">
<param name="file">README</param>
<param name="regex">%%kiwi_version%%</param>
<param name="package">python3-kiwi</param>
</service>
</services>

8
kubectl-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -16,11 +16,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE kubectl image"
LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.32.4"
LABEL org.opencontainers.image.version="1.30.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

4
kubectl/kubectl.spec
View File

@@ -1,7 +1,7 @@
%global debug_package %{nil}
Name: kubectl
Version: 1.32.4
Version: 1.30.3
Release: 0
Summary: Command-line utility for interacting with a Kubernetes cluster
@@ -12,7 +12,7 @@ Group: admin
Packager: Kubernetes Authors <dev@kubernetes.io>
License: Apache-2.0
URL: https://kubernetes.io
Source0: %{name}_%{version}.orig.tar.gz
Source0: kubectl_%{version}.orig.tar.gz
%description
%{summary}.

BIN
kubectl/kubectl_1.30.3.orig.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
kubectl/kubectl_1.32.4.orig.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

11
kubevirt-dashboard-extension-chart/Chart.yaml
View File

@@ -1,5 +1,6 @@
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/namespace: cattle-ui-plugin-system
@@ -9,13 +10,13 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 303.0.2+up1.3.2
appVersion: 303.0.1+up1.3.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.2+up1.3.2"
version: "%%CHART_MAJOR%%.0.1+up1.3.1"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

2
kubevirt-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.2+up1.3.2
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
kubevirt-dashboard-extension-chart/values.yaml
View File

@@ -8,5 +8,5 @@ plugin:
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.2 < 4.0.0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

16
metal3-chart/Chart.yaml
View File

@@ -1,28 +1,28 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.6
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.6-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
apiVersion: v2
appVersion: 0.11.6
appVersion: 0.11.0
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
repository: file://./charts/baremetal-operator
version: 0.9.2
version: 0.9.1
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.10.5
version: 0.10.0
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
repository: file://./charts/mariadb
version: 0.6.0
version: 0.5.4
- alias: metal3-media
condition: global.enable_metal3_media_server
name: media
repository: file://./charts/media
version: 0.6.2
version: 0.6.1
description: A Helm chart that installs all of the dependencies needed for Metal3
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.8+up0.11.6"
version: "%%CHART_MAJOR%%.0.2+up0.11.0"

2
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 0.9.1
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.9.2
version: 0.9.1

3
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -10,15 +10,14 @@
apiVersion: v1
data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }}
{{- $protocol = "http" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"

19
metal3-chart/charts/baremetal-operator/templates/configmap.yaml Normal file
View File

@@ -0,0 +1,19 @@
apiVersion: v1
data:
controller_manager_config.yaml: |
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
kind: ControllerManagerConfig
health:
healthProbeBindAddress: :9440
metrics:
bindAddress: 127.0.0.1:8085
webhook:
port: 9443
leaderElection:
leaderElect: true
resourceName: a9498140.metal3.io
kind: ConfigMap
metadata:
name: baremetal-operator-manager-config
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}

2
metal3-chart/charts/baremetal-operator/templates/deployment.yaml
View File

@@ -17,8 +17,6 @@ spec:
control-plane: controller-manager
template:
metadata:
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
labels:
{{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
control-plane: controller-manager

4
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -22,13 +22,15 @@ global:
# Comment this out when pinning the baremetal-operator container to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:
baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent
tag: "0.9.1.1"
tag: "0.9.1"
imagePullSecrets: []
nameOverride: "manger"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.10.5
version: 0.10.0

7
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -14,11 +14,10 @@ spec:
type: Recreate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "ironic.selectorLabels" . | nindent 8 }}
spec:

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -50,6 +50,8 @@ global:
# Comment this out when pinning the pdns containers to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:
@@ -60,7 +62,7 @@ images:
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.7
tag: 3.0.3
nameOverride: ""
fullnameOverride: ""

4
metal3-chart/charts/mariadb/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: "10.11"
appVersion: 10.6.7
description: A Helm chart for MariaDB, used by Metal3
name: mariadb
type: application
version: 0.6.0
version: 0.5.4

13
metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-config
labels:
{{- include "mariadb.labels" . | nindent 4 }}
data:
ironic.conf: |
[mariadb]
max_connections 64
max_heap_table_size 1M
innodb_buffer_pool_size 5M
innodb_log_buffer_size 512K

5
metal3-chart/charts/mariadb/templates/configmap.yaml
View File

@@ -5,7 +5,4 @@ metadata:
labels:
{{- include "mariadb.labels" . | nindent 4 }}
data:
MARIADB_USER: ironic
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
MARIADB_DATABASE: ironic
MARIADB_AUTO_UPGRADE: "yes"
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"

59
metal3-chart/charts/mariadb/templates/deployment.yaml
View File

@@ -25,50 +25,23 @@ spec:
serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
# This would run during entrypoint if run as root
- name: set-volume-owners
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- CHOWN
- FOWNER
- DAC_OVERRIDE
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: mariadb-conf
mountPath: /etc/mysql/conf.d
- name: mariadb-run
mountPath: /run/mysql
{{- $volmounts }}
command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
env:
- name: DATADIR
value: /var/lib/mysql
- name: SOCKET
value: /run/mysql/mysql.sock
containers:
- name: mariadb
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
envFrom:
- configMapRef:
name: mariadb-cm
env:
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
- name: RESTART_CONTAINER_CERTIFICATE_UPDATED
valueFrom:
configMapKeyRef:
name: mariadb-cm
key: RESTART_CONTAINER_CERTIFICATE_UPDATED
lifecycle:
preStop:
exec:
@@ -79,9 +52,9 @@ spec:
livenessProbe:
exec:
command:
- healthcheck.sh
- --connect
- --innodb_initialized
- sh
- -c
- mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
@@ -94,29 +67,19 @@ spec:
readinessProbe:
exec:
command:
- healthcheck.sh
- --connect
- --innodb_initialized
- sh
- -c
- mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
- name: mariadb-conf
mountPath: /etc/mysql/conf.d
- name: mariadb-run
mountPath: /run/mysql
{{- $volmounts }}
{{- with .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: mariadb-conf
configMap:
name: mariadb-config
- name: mariadb-run
emptyDir:
sizeLimit: 20Mi
{{- $volumes }}

9
metal3-chart/charts/mariadb/values.yaml
View File

@@ -12,9 +12,9 @@ service:
targetPort: 3306
image:
repository: registry.suse.com/suse/mariadb
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/suse/mariadb
pullPolicy: IfNotPresent
tag: 10.11
tag: 10.6.15.1
nameOverride: ""
fullnameOverride: ""
@@ -31,8 +31,8 @@ serviceAccount:
podAnnotations: {}
podSecurityContext:
runAsUser: 60
fsGroup: 60
runAsUser: 10060
fsGroup: 10060
securityContext:
allowPrivilegeEscalation: false
@@ -60,7 +60,6 @@ persistence:
volumeMounts:
- name: mariadb-data-volume
mountPath: /var/lib/mysql
subPath: data
volumes:
- name: mariadb-data-volume

2
metal3-chart/charts/media/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 1.16.0
description: A Helm chart for Media, used by Metal3
name: media
type: application
version: 0.6.2
version: 0.6.1

2
metal3-chart/charts/media/values.yaml
View File

@@ -24,7 +24,7 @@ replicaCount: 1
image:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 26.1.2.4
tag: 26.1.2.2
imagePullSecrets: []
nameOverride: ""

4
metal3-chart/values.yaml
View File

@@ -115,8 +115,8 @@ metal3-mariadb:
persistence:
storageClass: ""
image:
repository: "registry.suse.com/suse/mariadb"
tag: "10.11"
repository: "registry.suse.com/edge/mariadb"
tag: "10.6.15.1"
#
# Baremetal Operator

2
nm-configurator/_service
View File

@@ -3,7 +3,7 @@
<param name="url">https://github.com/suse-edge/nm-configurator.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="revision">v0.3.3</param>
<param name="revision">v0.3.2</param>
<param name="match-tag">*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>

2
nm-configurator/_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/suse-edge/nm-configurator.git</param>
<param name="changesrevision">4563857d761c6d83e4013721f68ec4ac5828a1a7</param></service></servicedata>
<param name="changesrevision">747301ba15a28e758d1f06070dc7ff29a5e80242</param></service></servicedata>

BIN
nm-configurator/nm-configurator-0.3.2.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
nm-configurator/nm-configurator-0.3.3.obscpio (Stored with Git LFS)
View File

Binary file not shown.

6
nm-configurator/nm-configurator.obsinfo
View File

@@ -1,4 +1,4 @@
name: nm-configurator
version: 0.3.3
mtime: 1748341626
commit: 4563857d761c6d83e4013721f68ec4ac5828a1a7
version: 0.3.2
mtime: 1744218621
commit: 747301ba15a28e758d1f06070dc7ff29a5e80242

BIN
nm-configurator/vendor.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
apiVersion: v2
appVersion: 0.20.0
appVersion: 0.17.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.4+up0.20.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

2
rancher-turtles-airgap-resources-chart/_service
View File

@@ -2,7 +2,7 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>

2
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

895
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
View File

@@ -1,900 +1,11 @@
apiVersion: v1
data:
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: fleetaddonconfigs.addons.cluster.x-k8s.io
spec:
group: addons.cluster.x-k8s.io
names:
categories: []
kind: FleetAddonConfig
plural: fleetaddonconfigs
shortNames: []
singular: fleetaddonconfig
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
properties:
spec:
description: This provides a config for fleet addon functionality
properties:
cluster:
description: |-
Enable Cluster config funtionality.
This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels.
nullable: true
properties:
agentEnvVars:
description: '`AgentEnvVars` are extra environment variables to
be added to the agent deployment.'
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
nullable: true
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
nullable: true
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
nullable: true
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
nullable: true
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
nullable: true
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
nullable: true
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
nullable: true
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
nullable: true
type: string
divisor:
description: Specifies the output format of the
exposed resources, defaults to "1"
nullable: true
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
nullable: true
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the Secret or its key
must be defined
nullable: true
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
nullable: true
type: array
agentNamespace:
description: Namespace selection for the fleet agent
nullable: true
type: string
agentTolerations:
description: Agent taint toleration settings for every cluster
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
nullable: true
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
nullable: true
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
nullable: true
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
nullable: true
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
nullable: true
type: string
type: object
nullable: true
type: array
applyClassGroup:
description: Apply a `ClusterGroup` for a `ClusterClass` referenced
from a different namespace.
nullable: true
type: boolean
hostNetwork:
description: 'Host network allows to deploy agent configuration
using hostNetwork: true setting which eludes dependency on the
CNI configuration for the cluster.'
nullable: true
type: boolean
namespaceSelector:
description: Namespace label selector. If set, only clusters in
the namespace matching label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
naming:
description: Naming settings for the fleet cluster
nullable: true
properties:
prefix:
description: Specify a prefix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
suffix:
description: Specify a suffix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
type: object
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
selector:
description: Cluster label selector. If set, only clusters matching
label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
required:
- namespaceSelector
- selector
type: object
clusterClass:
description: |-
Enable clusterClass controller functionality.
This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name.
nullable: true
properties:
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
type: object
config:
nullable: true
properties:
bootstrapLocalCluster:
description: Enable auto-installation of a fleet agent in the
local cluster.
nullable: true
type: boolean
featureGates:
description: feature gates controlling experimental features
nullable: true
properties:
configMap:
description: '`FeaturesConfigMap` references a `ConfigMap`
where to apply feature flags. If a `ConfigMap` is referenced,
the controller will update it instead of upgrading the Fleet
chart.'
nullable: true
properties:
ref:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
experimentalHelmOps:
description: Enables experimental Helm operations support.
type: boolean
experimentalOciStorage:
description: Enables experimental OCI storage support.
type: boolean
required:
- experimentalHelmOps
- experimentalOciStorage
type: object
server:
description: fleet server url configuration options
nullable: true
oneOf:
- required:
- inferLocal
- required:
- custom
properties:
custom:
properties:
apiServerCaConfigRef:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
apiServerUrl:
nullable: true
type: string
type: object
inferLocal:
type: boolean
type: object
type: object
install:
nullable: true
oneOf:
- required:
- followLatest
- required:
- version
properties:
followLatest:
description: Follow the latest version of the chart on install
type: boolean
version:
description: Use specific version to install
type: string
type: object
type: object
status:
nullable: true
properties:
conditions:
description: conditions represents the observations of a Fleet addon
current state.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
installedVersion:
nullable: true
type: string
type: object
required:
- spec
title: FleetAddonConfigValidated
type: object
x-kubernetes-validations:
- rule: self.metadata.name == 'fleet-addon-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-leader-election-role
namespace: caapf-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-role
rules:
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- fleetaddonconfigs
- fleetaddonconfigs/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- patch
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
- clusterctl.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusterclasses
verbs:
- get
- list
- watch
- patch
- apiGroups:
- fleet.cattle.io
resources:
- clusters
- clustergroups
- clusterregistrationtokens
- bundlenamespacemappings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- fleet.cattle.io
resources:
- bundlenamespacemappings
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: caapf-manager-role
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: caapf-helm-manager
labels:
cluster.x-k8s.io/fleet-addon-registration: "true"
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-controller-manager
namespace: caapf-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
spec:
containers:
- image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
imagePullPolicy: IfNotPresent
name: manager
ports:
- containerPort: 8443
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
- args:
- --helm-install
image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
name: helm-manager
resources:
limits:
cpu: 100m
memory: 150Mi
requests:
cpu: 100m
memory: 100Mi
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: helm-kubeconfig
readOnly: true
serviceAccountName: caapf-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: helm-kubeconfig
secret:
secretName: caapf-helm-manager
metadata: |
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
- major: 0
minor: 9
contract: v1beta1
- major: 0
minor: 10
contract: v1beta1
components: Not Found
metadata: Not Found
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.10.0
name: v0.6.0
namespace: rancher-turtles-system
labels:
provider-components: fleet

22
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1218,7 +1218,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2525,11 +2525,9 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2752,22 +2750,10 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
- major: 0
minor: 16
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.16.1
name: v0.12.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

226
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1744,23 +1744,12 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -1985,54 +1974,6 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy that controls
how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while attempting
to remediate an unhealthy machine.\nA retry happens when a machine
that was created as a replacement for an unhealthy machine also
fails.\nFor example, given a control plane with three machines
M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
M1) has problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered a retry,
remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
could happen only after RetryPeriod from the previous retry.\nIf
a machine is marked as unhealthy after MinHealthyPeriod from
the previous remediation expired,\nthis is not considered a
retry anymore because the new issue is assumed unrelated from
the previous one.\n\nIf not set, the remedation will be retried
infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after which
RKE2ControlPlane will consider any failure to a machine unrelated\nfrom
the previous one. In this case the remediation is not considered
a retry anymore, and thus the retry\ncounter restarts from 0.
For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created as
a replacement.\n\tIf M1-1 (replacement of M1) has problems within
the 1hr after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem related\n\tto
the original issue happened to M1 -.\n\n\tIf instead the problem
on M1-1 is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation of M1,
the problem on M1-1 is considered unrelated to\n\tthe original
issue happened to M1.\n\nIf not set, this value is defaulted
to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control Plane.
format: int32
@@ -2244,15 +2185,9 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
@@ -2606,42 +2541,14 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -2682,7 +2589,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.17.3
controller-gen.kubebuilder.io/version: v0.16.1
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -3245,23 +3152,12 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -3488,57 +3384,6 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy
that controls how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while
attempting to remediate an unhealthy machine.\nA retry
happens when a machine that was created as a replacement
for an unhealthy machine also fails.\nFor example, given
a control plane with three machines M1, M2, M3:\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered
a retry, remediation-retry #1.\n\tIf M1-2 (replacement
of M1-1) becomes unhealthy, remediation-retry #2 will
happen, etc.\n\nA retry could happen only after RetryPeriod
from the previous retry.\nIf a machine is marked as
unhealthy after MinHealthyPeriod from the previous remediation
expired,\nthis is not considered a retry anymore because
the new issue is assumed unrelated from the previous
one.\n\nIf not set, the remedation will be retried infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after
which RKE2ControlPlane will consider any failure to
a machine unrelated\nfrom the previous one. In this
case the remediation is not considered a retry anymore,
and thus the retry\ncounter restarts from 0. For example,
assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems within the 1hr after the creation, also\n\tthis
machine will be remediated and this operation is considered
a retry - a problem related\n\tto the original issue
happened to M1 -.\n\n\tIf instead the problem on M1-1
is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation
of M1, the problem on M1-1 is considered unrelated to\n\tthe
original issue happened to M1.\n\nIf not set, this value
is defaulted to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control
Plane.
@@ -3756,15 +3601,9 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration
of ETCD.
@@ -4135,42 +3974,14 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
description: Ready indicates the BootstrapData field is ready to be
consumed.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -4286,14 +4097,6 @@ data:
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
@@ -4445,7 +4248,6 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
env:
@@ -4461,7 +4263,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4691,22 +4493,10 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
- major: 0
minor: 16
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.16.1
name: v0.12.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

Some files were not shown because too many files have changed in this diff Show More