jtomasek/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: jtomasek:akri-dashboard-extension-chart-303.0.1+up1.3.0
Branches Tags
jtomasek:main jtomasek:remove-tags-extensions jtomasek:akri-dashboard-extension-chart-303.0.2+up1.3.1 jtomasek:kubevirt-dashboard-extension-chart-303.0.2+up1.3.2 jtomasek:kubevirt-extension-chart-ui-extension-version-fix jtomasek:kubevirt-dashboard-extension-chart-303.0.1+up1.3.1 jtomasek:akri-dashboard-extension-chart-303.0.1+up1.3.0 jtomasek:kubevirt-dashboard-extension-chart-303.0.1+up1.3.0 jtomasek:kubevirt-dashboard-extension-v1.2.0 jtomasek:akri-dashboard-extension-v1.2.0 suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
...
pull from: jtomasek:kubevirt-extension-chart-ui-extension-version-fix
Branches Tags
jtomasek:remove-tags-extensions jtomasek:akri-dashboard-extension-chart-303.0.2+up1.3.1 jtomasek:kubevirt-dashboard-extension-chart-303.0.2+up1.3.2 jtomasek:kubevirt-extension-chart-ui-extension-version-fix jtomasek:kubevirt-dashboard-extension-chart-303.0.1+up1.3.1 jtomasek:akri-dashboard-extension-chart-303.0.1+up1.3.0 jtomasek:kubevirt-dashboard-extension-chart-303.0.1+up1.3.0 jtomasek:kubevirt-dashboard-extension-v1.2.0 jtomasek:akri-dashboard-extension-v1.2.0 jtomasek:main suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

55 Commits
akri-dashb ... kubevirt-e

Author SHA256 Message Date
Jiri Tomasek
7d64ce65d1 Lower the requirement in ui-extensions-version annotation 
To enable compatibility with Rancher 2.11.1
 2025-05-15 11:51:24 +02:00
Steven
1ca6ea51ea release-manifest-image: update rancher-turtles version 2025-05-15 12:05:06 +03:00
Steven
c9b9e2223b rancher-turtles-airgap-resources-chart: align with 0.8.1 2025-05-15 11:55:40 +03:00
Steven
027df1b35c rancher-turtles-chart: Updates to align with 0.8.1 
Align with https://github.com/suse-edge/charts/pull/214 so we can
consume the RKE2 provider bugfix
 2025-05-15 11:40:30 +03:00
Danial Bekhit
e7448eeb1c Merge pull request 'Update to official EIB v1.2.0 tag' (#151) from dbekhit/Factory:main into main 
Reviewed-on: suse-edge/Factory#151
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-05-13 17:34:14 +02:00
dbw7
fb4d399f0f update to official EIB v1.2.0 tag 2025-05-13 10:35:41 -04:00
Nicolas Belouin
f47b6df822 Merge pull request 'Reduce the size of the IPA ramfs' (#147) from nbelouin/Factory:ipa-explode-rootfs into main 
Reviewed-on: suse-edge/Factory#147
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Marco Chiappero <mchiappero@noreply.src.opensuse.org>
 2025-05-13 14:13:00 +02:00
Nicolas Belouin
4e3f1b61fd Use up to date rootfs 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-13 11:13:24 +02:00
Nicolas Belouin
df60bb2ed3 Fix get-resource.sh for single arch images 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-12 13:52:00 +02:00
Steven Hardy
3a654b9826 rancher-turtles: updates for 0.19.0 2025-05-09 18:25:21 +01:00
Nicolas Belouin
15e4de98a7 Bump versions 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-09 16:06:28 +02:00
Steven Hardy
fe8d0ba120 rancher-turtles-airgap-resources: Updates for 0.19.0 2025-05-09 15:05:52 +01:00
Nicolas Belouin
0b431c75e2 Try reduce image size 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-09 16:01:04 +02:00
Nicolas Belouin
a59e253ecd Try exploding the tarball 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-09 16:01:02 +02:00
Nicolas Belouin
b28f7a5817 Merge pull request 'Update the metal3-chart to fix the IPA ramdisk with multiple config-2 drives' (#145) from mchiappero/Factory:metal3_0.11.1 into main 
Reviewed-on: suse-edge/Factory#145
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-05-09 15:58:42 +02:00
Marco Chiappero
c6b78eb569 Update metal3-chart to leverage IPA downloader 3.0.4 
Change the version of the metal3-chart include the latest IPA fixes,
and update the release manifest accordingly.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-05-09 12:18:07 +00:00
Marco Chiappero
8f7747415c Update the IPA ramdisk and downloader to 3.0.4 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-05-09 12:17:44 +00:00
Denislav Prodanov
e5ba38d02f Merge pull request '[3.3.0] - update sriov chart' (#148) from dprodanov/Factory:sriov-update into main 
Reviewed-on: suse-edge/Factory#148
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-05-09 11:52:57 +02:00
Denislav Prodanov
f221cf4b37 [3.3.0] - update sriov chart 2025-05-09 12:29:17 +03:00
Nicolas Belouin
f42ac11716 Merge pull request 'Do a multibuild for IPA image so we also have lighter single architecture images' (#130) from nbelouin/Factory:ipa-multibuild into main 
Reviewed-on: suse-edge/Factory#130
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-05-09 10:18:34 +02:00
Denislav Prodanov
08ef2fe86f Merge pull request '[3.3.0] - update cdi version' (#144) from dprodanov/Factory:cdi-update into main 
Reviewed-on: suse-edge/Factory#144
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2025-05-08 10:38:32 +02:00
Denislav Prodanov
ad221cd94e Merge pull request '[3.3.0] - update kubevirt and sriov in release-manifest' (#143) from dprodanov/Factory:release-manifest-update into main 
Reviewed-on: suse-edge/Factory#143
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2025-05-08 10:38:26 +02:00
Denislav Prodanov
81a856e586 Merge pull request '[3.3.0] - update sriov to 1.5.0' (#142) from dprodanov/Factory:sriov-1-5-0 into main 
Reviewed-on: suse-edge/Factory#142
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2025-05-08 10:38:09 +02:00
Denislav Prodanov
3c9ebbd7ef [3.3.0] - update sriov to 1.5.0 2025-05-08 10:47:37 +03:00
Denislav Prodanov
03018e5cd1 [3.3.0] - update cdi version 2025-05-07 20:03:45 +03:00
Denislav Prodanov
e91096e13e [3.3.0] - update kubevirt and sriov in release-manifest 2025-05-07 19:44:16 +03:00
Nicolas Belouin
93f3abfeb5 Do a multibuild for IPA image so we also have lighter single architecture images 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-07 14:33:32 +02:00
Steven Hardy
2c4991cb24 Update versions for 3.3 
Rancher prime 2.11.1 was released, so align with that and
updated Longhorn/Neuvector/Elemental and Metal3 charts
 2025-05-06 15:34:15 +01:00
Nicolas Belouin
e71339ae00 Merge pull request 'Updates for EIB 1.2.0-rc1' (#126) from dbekhit/Factory:main into main 
Reviewed-on: suse-edge/Factory#126
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
 2025-05-06 14:36:44 +02:00
Nicolas Belouin
f32718b5e4 Merge pull request 'Enable kubectl image on aarch64' (#140) from nbelouin/Factory:kubect-aarch64 into main 
Reviewed-on: suse-edge/Factory#140
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
 2025-05-06 14:33:40 +02:00
Nicolas Belouin
c81f5057ce Enable kubectl image on aarch64 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-06 14:18:52 +02:00
Nicolas Belouin
6b8109c772 Merge pull request 'Remove extra slash in image reference' (#139) from nbelouin/Factory:fix-slash-typo into main 
Reviewed-on: suse-edge/Factory#139
Reviewed-by: Fatih Degirmenci <fdegirmenci@noreply.src.opensuse.org>
 2025-05-06 14:10:04 +02:00
Nicolas Belouin
8b383c15fa Remove extra slash in image reference 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-06 13:39:45 +02:00
Nicolas Belouin
2013caec19 Merge pull request 'Add checks (lint) for helm charts and images' (#128) from nbelouin/Factory:lint into main 
Reviewed-on: suse-edge/Factory#128
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-05-06 10:00:12 +02:00
dbw7
4259b167fd update to v1.2.0-rc1 2025-05-02 11:16:43 -04:00
Nicolas Belouin
652fc553b9 Remove -chart suffixes 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-04-30 16:42:54 +02:00
Nicolas Belouin
1048591769 Fix charts and images 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-04-30 16:42:54 +02:00
Nicolas Belouin
8a9717c266 Add initial checks 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-04-30 16:42:54 +02:00
Nicolas Belouin
49405f41f9 EIB v1.2.0-rc0 needs golang 1.124 2025-04-30 16:26:27 +02:00
Nicolas Belouin
be29dbba41 Fix the _service file to use the defined pre-release version 2025-04-30 16:26:27 +02:00
dbw7
a2c817259f modify '-' to '~' 2025-04-30 16:26:27 +02:00
dbw7
dfe4892f4c changes for EIB 1.2.0-rc0 2025-04-30 16:26:27 +02:00
Nicolas Belouin
ef68dbfd92 Merge pull request 'Fix some issue with dependency projects ordering, make _config only build wanted packages' (#137) from nbelouin/Factory:fix-meta-config into main 
Reviewed-on: suse-edge/Factory#137
Reviewed-by: Denislav Prodanov <dprodanov@noreply.src.opensuse.org>
 2025-04-30 15:27:09 +02:00
Nicolas Belouin
6c1db68da8 Fix some issue with dependency projects ordering, make _config only build wanted packages 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-04-30 14:51:17 +02:00
Jiri Tomasek
376ec896fe Add kubevirt-dashboard-extension-chart version 303.0.1+up1.3.1 2025-04-29 17:41:05 +02:00
Rhys Oxenham
a473d935f9 Merge pull request 'Add support for uEFI aarch64 images without rpi config as default' (#135) from roxenham/Factory:aarch64-uefi into main 
Reviewed-on: suse-edge/Factory#135
Reviewed-by: Alberto Morgante Medina <amorgante@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-04-29 16:33:27 +02:00
Rhys Oxenham
27aa096244 Add support for uEFI aarch64 images without rpi config as default 
Previously, the default model for aarch64 raw disk images assumes that
you're deploying on Raspberry Pi, and not standard aarch64 systems. This
meant that all raw disk images were built with RPi firmware, and an MBR
boot record, which made it incompatible with systems that require uEFI/GPT
compatibility, especially with Edge Image Builder and Metal3/CAPI deployment
usage.

This PR introduces the following changes:

* Introduces new `Default-RPi` and `Base-RPi` profiles for compatibility with RPi users
* Forces `Base` and `Base-RT` profiles to use GPT based images (not MBR)
* Introduces a new `Base-RT-RPi` profile for kernel-rt on RPi (with MBR)
* Removes Raspberry Pi firmware packages from anything other than RPi profiles
* Modifies the `editbootinstall_rpi.sh` script to support container builds
* Adds policycoreutils-python-utils to the list of packages (for semanage)

See: https://bugzilla.suse.com/show_bug.cgi?id=1240619
 2025-04-29 14:54:54 +01:00
Jiri Tomasek
3f968b0a06 Add akri-dashboard-extension-chart version 303.0.1+up1.3.0 2025-04-29 15:18:11 +02:00
Steven Hardy
481d7e90b4 Merge pull request 'update kiwi-builder to use kiwi version as build macro' (#129) from dirkmueller/Factory:main into main 
Reviewed-on: suse-edge/Factory#129
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-04-28 16:08:49 +02:00
Dirk Müller
cb70d25886 Remove MAINTAINER statement 
this is deprecated and already in oci.authors
 2025-04-23 19:10:50 +02:00
Dirk Müller
04937b90b7 build the kiwi-image in an images_16.0 repository 2025-04-23 19:10:50 +02:00
Dirk Müller
ef256bc1d7 make version mismatches fatal 2025-04-23 19:10:50 +02:00
Dirk Müller
437b0fdc41 update README as well 
Although this file seems to be unused?
 2025-04-23 19:10:50 +02:00
Dirk Müller
0dbc0f8b52 Ensure kiwi versions and build tags actually align 2025-04-23 19:10:47 +02:00
Dirk Müller
3adc816d98 Remove no longer necessary workaround 2025-04-22 17:58:10 +02:00
158 changed files with 5685 additions and 2621 deletions
Expand all files Collapse all files

47
_config
View File

@@ -23,6 +23,7 @@ Macros:
Macros:
%img_repo registry.suse.com/edge
%chart_repo oci://registry.suse.com/edge
%chart_prefix charts/
%manifest_repo registry.suse.com/edge
%support_level l3
:Macros
@@ -40,6 +41,7 @@ Macros:
%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
%chart_prefix %(echo "")
:Macros
%endif
@@ -58,7 +60,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kiwi-builder-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
@@ -70,7 +72,9 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:baremetal-operator
BuildFlags: onlybuild:baremetal-operator-image
BuildFlags: onlybuild:ca-certificates-suse
BuildFlags: onlybuild:container-build-checks
BuildFlags: onlybuild:crudini
BuildFlags: onlybuild:edge-build-checks
BuildFlags: onlybuild:edge-image-builder
BuildFlags: onlybuild:edge-image-builder-image
BuildFlags: onlybuild:endpoint-copier-operator
@@ -81,7 +85,8 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:kiwi-builder-image
BuildFlags: onlybuild:kubectl
BuildFlags: onlybuild:kubectl-image
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
BuildFlags: onlybuild:metallb
@@ -103,13 +108,51 @@ BuildFlags: onlybuild:release-manifest-image
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# skopeo and umoci are used by build scripts to list packages
Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
%endif
%if "%_repository" == "images_16.0"
Prefer: container:sles15-image
Type: docker
BuildEngine: podman
Repotype: none
Patterntype: none
BuildFlags: dockerarg:SLE_VERSION=16.0
BuildFlags: onlybuild:kiwi-builder-image
# Publish multi-arch container images only once all archs have been built
PublishFlags: archsync
# Exclude the images selected by the aarch64 section
%ifarch aarch64
BuildFlags: excludebuild:baremetal-operator-image
BuildFlags: excludebuild:edge-image-builder-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kubectl-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
%endif
%else
BuildFlags: excludebuild:kiwi-builder-image
%endif
%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
Type: helm
Repotype: helm
Patterntype: none
Required: perl-YAML-LibYAML
# include edge-build-checks here
Support: edge-build-checks
%endif
%if "%_repository" == "standard"

14
_meta
View File

@@ -31,14 +31,20 @@
<arch>x86_64</arch>
</repository>
{%- endif %}
{%- for repository in ["images", "test_manifest_images"] %}
{%- for repository in ["images", "images_16.0", "test_manifest_images"] %}
<repository name="{{ repository }}">
{%- if release_project is defined and repository == "images" %}
{%- if release_project is defined and repository != "test_manifest_images" %}
<releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
{%- endif %}
<path project="SUSE:Registry" repository="standard"/>
<path project="SUSE:CA" repository="SLE_15_SP6"/>
<path project="{{ project }}" repository="standard"/>
{%- if repository == "images_16.0" %}
<path project="SUSE:CA" repository="16.0"/>
<path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
<path project="SUSE:SLFO:Main:Build" repository="standard"/>
{%- else %}
<path project="SUSE:CA" repository="SLE_15_SP6"/>
<path project="{{ project }}" repository="standard"/>
{%- endif %}
<arch>x86_64</arch>
<arch>aarch64</arch>
</repository>

4
akri-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20
#!BuildTag: %%CHART_PREFIX%%akri:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
annotations:
catalog.cattle.io/display-name: Akri
apiVersion: v2

4
akri-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

2
akri-chart/values.yaml
View File

@@ -853,7 +853,7 @@ webhookConfiguration:
pullPolicy: Always
certImage:
# reference is the webhook-certgen image reference
reference: registry.k8s.io/ingress-nginx/kube-webhook-certgen
reference: registry.rancher.com/rancher/mirrored-ingress-nginx-kube-webhook-certgen
# tag is the webhook-certgen image tag
tag: v1.1.1
# pullPolicy is the webhook-certgen pull policy

21
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,21 +1,22 @@
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0
#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri
catalog.cattle.io/kube-version: ">= v1.26.0-0"
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 302.0.0+up1.2.1
appVersion: 303.0.1+up1.3.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
version: "%%CHART_MAJOR%%.0.1+up1.3.0"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

4
akri-dashboard-extension-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

4
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/303.0.1+up1.3.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

4
akri-dashboard-extension-chart/values.yaml
View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

8
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
apiVersion: v2
appVersion: 1.60.1
appVersion: 1.61.0
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"

4
cdi-chart/_service
View File

@@ -2,8 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

2
cdi-chart/crds/cdi.yaml
View File

@@ -5079,4 +5079,4 @@ spec:
type: object
served: true
storage: true
subresources: {}
subresources: {}

2
cdi-chart/templates/NOTES.txt
View File

@@ -1,2 +1,2 @@
Verify that all CDI components are installed correctly:
kubectl get all -n {{ .Release.Namespace }}
kubectl get all -n {{ .Release.Namespace }}

2
cdi-chart/templates/_helpers.tpl
View File

@@ -59,4 +59,4 @@ Create the name of the service account to use
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- end }}

2
cdi-chart/templates/_hooks.tpl
View File

@@ -44,4 +44,4 @@
{{/* CRD uninstalling hook name */}}
{{- define "cdi.crdUninstallHook.name" -}}
{{ include "cdi.fullname" . }}-crd-uninstall
{{- end }}
{{- end }}

20
cdi-chart/templates/cdi-operator.yaml
View File

@@ -606,17 +606,7 @@ spec:
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
@@ -650,9 +640,7 @@ spec:
name: metrics
protocol: TCP
resources:
requests:
cpu: 100m
memory: 150Mi
{{- .Values.deployment.resources | toYaml | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -661,6 +649,8 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
securityContext:
@@ -668,4 +658,4 @@ spec:
serviceAccountName: cdi-operator
tolerations:
- key: CriticalAddonsOnly
operator: Exists
operator: Exists

2
cdi-chart/templates/cdi-uninstall-hooks.yaml
View File

@@ -66,4 +66,4 @@ spec:
- deployments/cdi-apiserver
- deployments/cdi-deployment
- deployments/cdi-uploadproxy
- --timeout=60s
- --timeout=60s

2
cdi-chart/templates/cdi.yaml
View File

@@ -18,4 +18,4 @@ spec:
{{- with .Values.cdi.workload }}
workload:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

2
cdi-chart/templates/crd-uninstall-hooks.yaml
View File

@@ -52,4 +52,4 @@ spec:
- customresourcedefinitions
- cdis.cdi.kubevirt.io
securityContext:
{{- toYaml .Values.hookSecurityContext | nindent 12 }}
{{- toYaml .Values.hookSecurityContext | nindent 12 }}

2
cdi-chart/templates/crd-upgrade-hooks.yaml
View File

@@ -77,4 +77,4 @@ spec:
name: cdi-crd-manifest
items:
- key: crd
path: crd.yaml
path: crd.yaml

2
cdi-chart/templates/namespace-hooks.yaml
View File

@@ -53,4 +53,4 @@ spec:
- label
- namespace
- {{ .Release.Namespace }}
- cdi.kubevirt.io=
- cdi.kubevirt.io=

22
cdi-chart/values.yaml
View File

@@ -1,5 +1,5 @@
deployment:
version: 1.60.1-150600.3.9.1
version: 1.61.0-150600.3.12.1
operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,6 +8,22 @@ deployment:
uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
pullPolicy: IfNotPresent
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 100m
memory: 150Mi
cdi:
config:
@@ -25,7 +41,7 @@ cdi:
nodeSelector:
kubernetes.io/os: linux
hookImage: rancher/kubectl:v1.30.2
hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
hookRestartPolicy: OnFailure
hookSecurityContext:
seccompProfile:
@@ -35,4 +51,4 @@ hookSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
- ALL

23
container-build-checks/.gitattributes vendored Normal file
View File

@@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

39
container-build-checks/0001-Allow-slash-prefixes-in-registry.patch Normal file
View File

@@ -0,0 +1,39 @@
From 982cfa8500250c9704448880a779ade06cc8f976 Mon Sep 17 00:00:00 2001
From: Nicolas Belouin <nicolas.belouin@suse.com>
Date: Thu, 3 Apr 2025 16:53:49 +0200
Subject: [PATCH] Allow slash prefixes in registry
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
---
container-build-checks.py | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/container-build-checks.py b/container-build-checks.py
index b8c873c..d862f33 100755
--- a/container-build-checks.py
+++ b/container-build-checks.py
@@ -82,13 +82,17 @@ def verify_reference(image, result, value):
return
(registry, repo, tag) = reference_match.groups()
- allowed_registries: list[str] = config["General"].getlist("Registry")
- if len(allowed_registries) and registry not in allowed_registries:
+ raw_allowed_registries: list[str] = config["General"].getlist("Registry")
+ allowed_registries: dict[str, str] = {v[0]: v[2] for v in map(lambda a: a.partition("/"), raw_allowed_registries)}
+
+ if len(allowed_registries) and (registry not in allowed_registries.keys() or not repo.startswith(allowed_registries[registry])):
result.warn(
f"The org.opensuse.reference label ({value}) does not use an "
- f"allowed registry: {','.join(allowed_registries)}")
+ f"allowed registry: {','.join(raw_allowed_registries)}")
+
+ prefix = allowed_registries[registry]
- if f"{repo}:{tag}" not in image.containerinfo["tags"]:
+ if f"{repo[len(prefix)+1:]}:{tag}" not in image.containerinfo["tags"]:
tags = ", ".join(image.containerinfo["tags"])
result.warn(f"The org.opensuse.reference label ({value}) does not refer to an existing tag ({tags})")
elif "release" in image.containerinfo and image.containerinfo["release"] not in tag:
--
2.49.0

4
container-build-checks/SUSE.conf Normal file
View File

@@ -0,0 +1,4 @@
[General]
Vendor=com.suse
Registry=registry.suse.com
Registry+=dp.apps.rancher.io

15
container-build-checks/_service Normal file
View File

@@ -0,0 +1,15 @@
<services>
<service mode="manual" name="obs_scm">
<param name="url">https://github.com/openSUSE/container-build-checks.git</param>
<param name="scm">git</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="manual" name="set_version" />
<service mode="buildtime" name="tar">
<param name="obsinfo">container-build-checks.obsinfo</param>
</service>
<service mode="buildtime" name="recompress">
<param name="file">*.tar</param>
<param name="compression">xz</param>
</service>
</services>

4
container-build-checks/_servicedata Normal file
View File

@@ -0,0 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openSUSE/container-build-checks.git</param>
<param name="changesrevision">412e7f60c08221a549b0f00dfcc4bee7694193ab</param></service></servicedata>

BIN
container-build-checks/container-build-checks-1723452932.412e7f6.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

101
container-build-checks/container-build-checks.changes Normal file
View File

@@ -0,0 +1,101 @@
-------------------------------------------------------------------
Mon Aug 12 11:33:57 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- Update to version 1723452932.412e7f6:
* add test for missing substitutions
* Reject labels that are missing a substitution
-------------------------------------------------------------------
Mon Jul 22 13:43:57 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update SUSE.conf: allow dp.rancher.apps.io
-------------------------------------------------------------------
Mon Jul 22 13:08:23 UTC 2024 - Fabian Vogt <fvogt@suse.com>
- Switch _service to mode="manual"
- Update to version 1721653643.19092fe:
* Use generic name for the python setup step
* Allow specifying more than one registry
* Use Pathlib for resolving containerinfo
* Switch to test Python 3.11
-------------------------------------------------------------------
Fri Apr 28 09:23:53 UTC 2023 - Fabian Vogt <fvogt@suse.com>
- Update to version 1682595397.5ce6d2f:
* Handle OCI style images as well
* Makefile: Add missing dependency of broken-derived on proper-base
* GitHub workflow: Update action versions
* GitHub workflow: Test python 3.6 and 3.10
-------------------------------------------------------------------
Mon Aug 8 11:37:19 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Make the URL point to GitHub
-------------------------------------------------------------------
Thu Jul 7 13:42:05 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- openSUSE.conf: Allow bci/* as prefix
-------------------------------------------------------------------
Wed Apr 20 14:26:26 UTC 2022 - Fabian Vogt <fvogt@suse.com>
- Update to version 1650464301.a198cf9:
* Detect and treat local builds specially
-------------------------------------------------------------------
Mon Mar 7 09:23:46 UTC 2022 - Silvio Moioli <moio@suse.com>
- Adding Uyuni prefix for https://www.uyuni-project.org/
-------------------------------------------------------------------
Thu Feb 03 07:44:23 UTC 2022 - fvogt@suse.com
- Update to version 1643874076.3d0e13c:
* Avoid crash on local builds
-------------------------------------------------------------------
Tue Dec 14 13:49:12 UTC 2021 - fvogt@suse.com
- Update to version 1639489705.a4c5a3ab2a75:
* Don't error out when the release field is empty
* Add simple gitpod configuration
-------------------------------------------------------------------
Tue Jun 1 09:06:12 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Drop obsolete Requires: grep jq
-------------------------------------------------------------------
Fri May 28 13:57:34 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622209785.4616f4f:
* README.md: Point badge to new location
-------------------------------------------------------------------
Fri May 28 12:47:42 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622204213.c8ecb9f:
* Add options to allow and block specific tags
-------------------------------------------------------------------
Thu May 27 15:09:59 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Update to version 1622127842.b548dd8:
* Update README.md
* Add README.md
* Add broken-derived test
* Verify prefix of the image specific label prefix
* Add some comments in the Makefile
* Always check the tag used in org.opensuse.reference
* Add github workflow
* Use bash explicitly
* Make lint
* Less noise in Makefile
-------------------------------------------------------------------
Fri Apr 30 10:04:09 UTC 2021 - Fabian Vogt <fvogt@suse.com>
- Initial commit

4
container-build-checks/container-build-checks.obsinfo Normal file
View File

@@ -0,0 +1,4 @@
name: container-build-checks
version: 1723452932.412e7f6
mtime: 1723452932
commit: 412e7f60c08221a549b0f00dfcc4bee7694193ab

95
container-build-checks/container-build-checks.spec Normal file
View File

@@ -0,0 +1,95 @@
#
# spec file for package container-build-checks
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: container-build-checks
Version: 1723452932.412e7f6
Release: 0
Summary: Scripts to validate built container images
License: GPL-2.0-or-later
Group: Development/Tools/Building
URL: https://github.com/openSUSE/container-build-checks
Patch0: 0001-Allow-slash-prefixes-in-registry.patch
Source0: %{name}-%{version}.tar.xz
Source1: openSUSE.conf
Source2: SUSE.conf
Requires: %{name}-vendor
BuildArch: noarch
%package vendor-openSUSE
Summary: openSUSE configuration for %{name}
Group: Development/Tools/Building
Requires: %{name} = %{version}
Provides: %{name}-vendor
Conflicts: %{name}-vendor
%description vendor-openSUSE
openSUSE configuration for %{name}
%package vendor-SUSE
Summary: SUSE configuration for %{name}
Group: Development/Tools/Building
Requires: %{name} = %{version}
Provides: %{name}-vendor
Conflicts: %{name}-vendor
%description vendor-SUSE
SUSE configuration for %{name}
%package strict
Summary: Strict configuration for %{name}
Group: Development/Tools/Building
%description strict
Strict configuration for %{name}
%description
This tool checks that built container images conform to the openSUSE container
image policies (https://en.opensuse.org/Building_derived_containers).
%prep
%autosetup -p1
%build
%make_build
%install
%make_install
mkdir -p %{buildroot}%{_datadir}/container-build-checks/
install -m0644 %{SOURCE1} %{buildroot}%{_datadir}/container-build-checks/openSUSE.conf
install -m0644 %{SOURCE2} %{buildroot}%{_datadir}/container-build-checks/SUSE.conf
echo -e "[General]\nFatalWarnings=true" > %{buildroot}%{_datadir}/container-build-checks/strict.conf
%files
#%doc README
%license LICENSE
%dir %{_datadir}/container-build-checks
%dir %{_prefix}/lib/build/
%dir %{_prefix}/lib/build/post-build-checks/
%{_prefix}/lib/build/post-build-checks/container-build-checks
%files vendor-openSUSE
%{_datadir}/container-build-checks/openSUSE.conf
%files vendor-SUSE
%{_datadir}/container-build-checks/SUSE.conf
%files strict
%{_datadir}/container-build-checks/strict.conf
%changelog

10
container-build-checks/openSUSE.conf Normal file
View File

@@ -0,0 +1,10 @@
[General]
Vendor=org.opensuse
Registry=registry.opensuse.org
[Tags]
# To avoid conflicts with other stuff on the registry and
# avoid ambiguities with images on other registries.
Allowed+=opensuse/*,kubic/*,kubevirt/*,uyuni/*,bci/*
# Those are images, not available as namespaces
Blocked+=opensuse/tumbleweed/*,opensuse/leap/*

12
edge-build-checks/10-helm-lint Normal file
View File

@@ -0,0 +1,12 @@
#!/bin/bash
HELM="/usr/bin/helm"
TOPDIR=/usr/src/packages/HELM
failed=0
if [ -x $HELM ]; then
$HELM lint "$TOPDIR"/*.tgz
failed=$?
fi
exit $failed

158
edge-build-checks/20-helm-images Normal file
View File

@@ -0,0 +1,158 @@
#!/usr/bin/python3
import os
import glob
import subprocess
import yaml
import sys
import pprint
AUTHORIZED_REPOS = [
"registry.suse.com/suse/sles/",
"registry.rancher.com",
]
EXTRA_CONFIG = None
class CheckResult:
"""Class to track count of issues"""
def __init__(self):
self.hints = 0
self.warnings = 0
self.errors = 0
def hint(self, msg):
print(f"Hint: {msg}")
self.hints += 1
def warn(self, msg):
print(f"Warning: {msg}")
self.warnings += 1
def error(self, msg):
print(f"Error: {msg}")
self.errors += 1
def tarballs():
"""Return a list of .helminfo files to check."""
if "BUILD_ROOT" not in os.environ:
# Not running in an OBS build container
return glob.glob("*.tgz")
# Running in an OBS build container
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
if os.path.isdir(buildroot + "/.build.packages"):
topdir = "/.build.packages"
if os.path.islink(buildroot + "/.build.packages"):
topdir = "/" + os.readlink(buildroot + "/.build.packages")
return glob.glob(f"{buildroot}{topdir}/HELM/*.tgz")
def get_extra_config():
global EXTRA_CONFIG
if EXTRA_CONFIG is not None:
return EXTRA_CONFIG
if "BUILD_ROOT" not in os.environ:
file_path = "./.checks_helm.yaml"
else:
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
file_path = f"{buildroot}{topdir}/SOURCES/.checks_helm.yaml"
try:
with open(file_path) as config_file:
EXTRA_CONFIG = yaml.safe_load(config_file)
if EXTRA_CONFIG is None: # No document in stream
EXTRA_CONFIG = {}
except OSError:
EXTRA_CONFIG = {}
return EXTRA_CONFIG
def get_extra_params():
config = get_extra_config()
args = []
for api in config.get('extra_apis', []):
args.extend(['-a', api])
return args
def is_exception(image):
config = get_extra_config()
exceptions = config.get('image_exceptions', [])
(namespace, _, _) = image.partition(':')
return namespace in exceptions
def get_template(tarball_path):
raw_templates = subprocess.check_output(
[
"helm",
"template",
tarball_path,
] + get_extra_params()
).decode()
return yaml.safe_load_all(raw_templates)
def extract_key(key, var):
if hasattr(var, "items"): # hasattr(var,'items') for python 3
for k, v in var.items(): # var.items() for python 3
if k == key:
yield v
if isinstance(v, dict):
for result in extract_key(key, v):
yield result
elif isinstance(v, list):
for d in v:
for result in extract_key(key, d):
yield result
def check_template(result, template):
if template["kind"] not in [
"Pod",
"Deployment",
"StatefulSet",
"DaemonSet",
"ReplicaSet",
"Job",
"CronJob",
]:
return
for image in extract_key("image", template):
if not image.startswith(tuple(AUTHORIZED_REPOS)) and not is_exception(image):
result.error(f"{image} is not from authorized source")
pass
def main():
result = CheckResult()
img_repo = subprocess.check_output(
[
"rpm",
"--macros=/root/.rpmmacros",
"-E",
"%{?img_repo}",
]
).strip()
if img_repo:
result.hint(f"Adding '{img_repo.decode()}' to authorized repo")
AUTHORIZED_REPOS.append(img_repo.decode())
else:
result.warn("img_repo macro not defined, will not add extra authorized repo")
for tarball in tarballs():
print(f"Looking at {tarball}")
for template in get_template(tarball):
if template: # Exclude empty templates
check_template(result, template)
ret = 0
if result.errors > 0:
print("Fatal errors found.")
ret = 1
sys.exit(ret)
if __name__ == "__main__":
main()

92
edge-build-checks/20-helm-tags Normal file
View File

@@ -0,0 +1,92 @@
#!/usr/bin/python3
import json
import os
import glob
import sys
import re
class CheckResult:
"""Class to track count of issues"""
def __init__(self):
self.hints = 0
self.warnings = 0
self.errors = 0
def hint(self, msg):
print(f"Hint: {msg}")
self.hints += 1
def warn(self, msg):
print(f"Warning: {msg}")
self.warnings += 1
def error(self, msg):
print(f"Error: {msg}")
self.errors += 1
TAG_RE = re.compile(r"(.*\/)?([^:]+):([^:]+)")
def check_tags(helminfo, result):
release_tag_found = False
version_tag_found = False
for tag in helminfo["tags"]:
(tag_prefix, tag_name, tag_version) = TAG_RE.fullmatch(tag).groups()
if tag_name != helminfo.get("name"):
result.warn(
f"Tag ({tag}) doesn't use the chart name ({helminfo.get('name')})"
)
if "release" in helminfo and helminfo["release"] in tag_version:
release_tag_found = True
if tag_version.replace("_", "+") == helminfo["version"]:
version_tag_found = True
if not release_tag_found:
result.error(
"None of the tags are unique to a specific build of the image.\n"
+ "Make sure that at least one tag contains the release."
)
if not version_tag_found:
result.error(
"None of the tags is the equivalent of the chart's version.\n"
+ "Make sure that one of the tag is the chart version."
)
def helminfos():
"""Return a list of .helminfo files to check."""
if "BUILD_ROOT" not in os.environ:
# Not running in an OBS build container
return glob.glob("*.helminfo")
# Running in an OBS build container
buildroot = os.environ["BUILD_ROOT"]
topdir = "/usr/src/packages"
if os.path.isdir(buildroot + "/.build.packages"):
topdir = "/.build.packages"
if os.path.islink(buildroot + "/.build.packages"):
topdir = "/" + os.readlink(buildroot + "/.build.packages")
return glob.glob(f"{buildroot}{topdir}/HELM/*.helminfo")
def main():
result = CheckResult()
for helminfo in helminfos():
print(f"Looking at {helminfo}")
with open(helminfo, "rb") as cifile:
ci_dict = json.load(cifile)
check_tags(ci_dict, result)
ret = 0
if result.errors > 0:
print("Fatal errors found.")
ret = 1
sys.exit(ret)
if __name__ == "__main__":
main()

340
edge-build-checks/COPYING Normal file
View File

@@ -0,0 +1,340 @@
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Library General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
convey the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Also add information on how to contact you by electronic and paper mail.
If the program is interactive, make it output a short notice like this
when it starts in an interactive mode:
Gnomovision version 69, Copyright (C) year name of author
Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, the commands you use may
be called something other than `show w' and `show c'; they could even be
mouse-clicks or menu items--whatever suits your program.
You should also get your employer (if you work as a programmer) or your
school, if any, to sign a "copyright disclaimer" for the program, if
necessary. Here is a sample; alter the names:
Yoyodyne, Inc., hereby disclaims all copyright interest in the program
`Gnomovision' (which makes passes at compilers) written by James Hacker.
<signature of Ty Coon>, 1 April 1989
Ty Coon, President of Vice
This General Public License does not permit incorporating your program into
proprietary programs. If your program is a subroutine library, you may
consider it more useful to permit linking proprietary applications with the
library. If this is what you want to do, use the GNU Library General
Public License instead of this License.

6
edge-build-checks/SUSE-Edge.conf Normal file
View File

@@ -0,0 +1,6 @@
[General]
Vendor=com.suse
Registry=%%IMG_REPO%%
[Tags]
Allowed=%%IMG_PREFIX%%*

9
edge-build-checks/_service Normal file
View File

@@ -0,0 +1,9 @@
<services>
<service name="replace_using_env" mode="buildtime">
<param name="file">SUSE-Edge.conf</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
</services>

59
edge-build-checks/edge-build-checks.spec Normal file
View File

@@ -0,0 +1,59 @@
#
# spec file for package edge-build-checks
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: edge-build-checks
Summary: post checks for build after charts and images are created
License: GPL-2.0-or-later
Group: Development/Tools/Building
Version: 0.0.1
Release: 0
Source0: COPYING
Source1: 20-helm-images
Source2: 10-helm-lint
Source3: SUSE-Edge.conf
Source4: 20-helm-tags
BuildArch: noarch
Requires: container-build-checks
Requires: python3-PyYAML
Provides: container-build-checks-vendor
%description
some scripts to check for problems in edge related helm charts and images after their creation
in OBS.
%prep
cp %{SOURCE0} .
%build
%define _lto_cflags %{nil}
# nothing to do
%install
install -d $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE1} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE2} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -m 755 %{SOURCE4} $RPM_BUILD_ROOT/usr/lib/build/post-build-checks
install -d %{buildroot}%{_datadir}/container-build-checks
install -m 644 %{SOURCE3} %{buildroot}%{_datadir}/container-build-checks/SUSE-Edge.conf
%files
%license COPYING
%{_datadir}/container-build-checks
/usr/lib/build
%changelog

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="1.1.0"
LABEL org.opencontainers.image.version="1.2.0"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@@ -7,8 +7,8 @@
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="file">artifacts.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
<param name="var">CHART_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
@@ -17,4 +17,3 @@
<param name="var">CHART_MAJOR</param>
</service>
</services>

8
edge-image-builder-image/artifacts.yaml
View File

@@ -1,10 +1,10 @@
metallb:
chart: metallb-chart
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
chart: metallb
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.14.9"
endpoint-copier-operator:
chart: endpoint-copier-operator-chart
repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
chart: endpoint-copier-operator
repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
version: "%%CHART_MAJOR%%.0.0+up0.2.1"
kubernetes:
k3s:

7
edge-image-builder/_service
View File

@@ -1,10 +1,13 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">v1.1.0</param>
<param name="revision">v1.2.0</param>
<!-- Uncomment and set this For Pre-Release Version -->
<!-- <param name="version">1.2.0~rc1</param> -->
<!-- Uncomment and this for regular version -->
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>

4
edge-image-builder/edge-image-builder.spec
View File

@@ -17,14 +17,14 @@
Name: edge-image-builder
Version: 1.1.0
Version: 1.2.0
Release: 0
Summary: Edge Image Builder
License: Apache-2.0
URL: https://github.com/suse-edge/edge-image-builder
Source: edge-image-builder-%{version}.tar
Source1: vendor.tar.gz
BuildRequires: golang(API) go1.22
BuildRequires: golang(API) go1.24
BuildRequires: golang-packaging
BuildRequires: gpgme-devel
BuildRequires: device-mapper-devel

4
endpoint-copier-operator-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
apiVersion: v2
appVersion: v0.2.0
description: A Helm chart for Kubernetes

4
endpoint-copier-operator-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

9
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,7 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.5
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.5-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -19,11 +18,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.version="3.0.5"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.5-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

45
ironic-ipa-downloader-image/Dockerfile.aarch64 Normal file
View File

@@ -0,0 +1,45 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.5
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.5-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.5"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.5-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

45
ironic-ipa-downloader-image/Dockerfile.x86_64 Normal file
View File

@@ -0,0 +1,45 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.5
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.5-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.5"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.5-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

4
ironic-ipa-downloader-image/_multibuild Normal file
View File

@@ -0,0 +1,4 @@
<multibuild>
<flavor>x86_64</flavor>
<flavor>aarch64</flavor>
</multibuild>

2
ironic-ipa-downloader-image/_service
View File

@@ -2,6 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile.aarch64</param>
<param name="file">Dockerfile.x86_64</param>
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>

12
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -26,11 +26,15 @@ if [ -z "${IPA_BASEURI}" ]; then
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
if [ -f /tmp/initrd-x86_64.zst ]; then
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
fi
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
if [ -f /tmp/initrd-aarch64.zst ]; then
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
fi
cp /tmp/images.sha256 /shared/images.sha256
else

44
ironic-ipa-ramdisk/config.sh
View File

@@ -13,11 +13,6 @@ echo "Configure image: [$kiwi_iname]..."
#------------------------------------------
baseSetupBuildDay
#======================================
# Mount system filesystems
#--------------------------------------
#baseMount
#==========================================
# remove unneded kernel files
#------------------------------------------
@@ -39,12 +34,8 @@ suseImportBuildKey
#--------------------------------------
baseInsertService openstack-ironic-python-agent
baseInsertService suse-ironic-image-setup
baseInsertService suse-network-setup
baseInsertService sshd
baseInsertService NetworkManager
#suseInsertService sshd
#suseInsertService openstack-ironic-python-agent
#suseInsertService suse-ironic-image-setup
echo 'DEFAULT_TIMEZONE="UTC"' >> /etc/sysconfig/clock
baseUpdateSysConfig /etc/sysconfig/clock HWCLOCK "-u"
@@ -64,42 +55,7 @@ sed -E 's/^(ExecStart=.*\/agetty).*(--noclear.*)/\1 \2 --autologin root/' /usr/l
#------------------------------------------
echo 'tmpfs /tmp tmpfs size=3G 0 0' >> /etc/fstab
#==========================================
# remove package docs and manuals
#------------------------------------------
#baseStripDocs
#baseStripMans
#baseStripInfos
#======================================
# only basic version of vim is
# installed; no syntax highlighting
#--------------------------------------
sed -i -e's/^syntax on/" syntax on/' /etc/vimrc
#======================================
# Remove yast if not in use
#--------------------------------------
#suseRemoveYaST
#======================================
# Remove package manager
#--------------------------------------
#suseStripPackager
#rm -f usr/lib/perl5/*/*/auto/Encode/??/??.so # 9MB
#======================================
# Umount kernel filesystems
#--------------------------------------
#baseCleanMount
ln -s /sbin/init /init
#==========================================
# umount
#------------------------------------------
umount /proc >/dev/null 2>&1
exit 0

119
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -12,6 +12,7 @@
<locale>en_US</locale>
<packagemanager>zypper</packagemanager>
<rpm-check-signatures>false</rpm-check-signatures>
<rpm-excludedocs>true</rpm-excludedocs>
<timezone>UTC</timezone>
<version>1.0.0</version>
</preferences>
@@ -102,64 +103,25 @@
<package name="libxcb-render0"/>
<package name="libxcb-shm0"/>
<package name="libxcb1"/>
<package name="plymouth"/>
<package name="plymouth-branding-SLE"/>
<package name="kernel-firmware-amdgpu"/>
<package name="kernel-firmware-ath10k"/>
<package name="kernel-firmware-ath11k"/>
<package name="kernel-firmware-ath12k"/>
<package name="kernel-firmware-atheros"/>
<package name="kernel-firmware-bluetooth"/>
<package name="kernel-firmware-brcm"/>
<package name="kernel-firmware-i915"/>
<package name="kernel-firmware-iwlwifi"/>
<package name="kernel-firmware-media"/>
<package name="kernel-firmware-nvidia"/>
<package name="kernel-firmware-qcom"/>
<package name="kernel-firmware-radeon"/>
<package name="kernel-firmware-realtek"/>
<package name="kernel-firmware-sound"/>
<package name="kernel-firmware-ti"/>
<package name="kernel-firmware-ueagle"/>
</packages>
<packages type="image">
<package name="checkmedia"/>
<package name="plymouth-branding-SLE"/>
<package name="plymouth-dracut"/>
<package name="plymouth-theme-bgrt"/>
<package name="grub2-branding-SLE"/>
<package name="iputils"/>
<package name="vim"/>
<package name="grub2"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="syslinux" arch="x86_64"/>
<package name="lvm2"/>
<package name="plymouth"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="openssh"/>
<package name="iproute2"/>
<package name="which"/>
<package name="kernel-firmware"/>
<package name="kernel-default"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="timezone"/>
<package name="haveged"/>
<!-- ironic-python-agent specific -->
<package name="openstack-ironic-python-agent"/>
<package name="hdparm"/>
<package name="qemu-tools"/>
<package name="python311-proliantutils"/>
<package name="lshw"/>
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="open-iscsi"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="timezone"/>
<package name="which"/>
<package name="kbd"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="bootstrap">
<package name="glibc-locale"/>
<package name="udev"/>
@@ -167,5 +129,50 @@
<package name="cracklib-dict-full"/>
<package name="ca-certificates"/>
<package name="sles-release"/>
<package name="checkmedia"/>
<package name="fontconfig"/>
<package name="fonts-config"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-branding-SLE"/>
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2"/>
<package name="iproute2"/>
<package name="iputils"/>
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
<package name="lvm2"/>
<package name="NetworkManager"/>
<package name="nm-configurator"/>
<package name="openssh"/>
<package name="timezone"/>
<package name="which"/>
<!-- ironic-python-agent specific -->
<package name="dmidecode"/>
<package name="efibootmgr"/>
<package name="gptfdisk"/>
<package name="hdparm"/>
<package name="hwinfo"/>
<package name="ipmitool"/>
<package name="iputils"/>
<package name="kbd"/>
<package name="lshw"/>
<package name="lvm2"/>
<package name="net-tools"/>
<package name="ntp"/>
<package name="open-iscsi"/>
<package name="openstack-ironic-python-agent"/>
<package name="parted"/>
<package name="psmisc"/>
<package name="python311-proliantutils"/>
<package name="qemu-tools"/>
<package name="timezone"/>
<package name="which"/>
</packages>
<packages type="kis">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
</image>

12
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.3
Version: 3.0.5
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -27,7 +27,7 @@ Group: System/Management
URL: https://github.com/SUSE-Cloud/
Source0: config.sh
Source10: ironic-ipa-ramdisk.kiwi
Source20: root.tar.bz2
Source20: root
BuildRequires: -post-build-checks
BuildRequires: bash
@@ -38,7 +38,7 @@ BuildArch: noarch
BuildRequires: checkmedia
BuildRequires: acl
BuildRequires: ca-certificates
BuildRequires: ca-certificates-mozilla-prebuilt
BuildRequires: cracklib-dict-full
BuildRequires: cron
BuildRequires: dbus-1
@@ -62,7 +62,7 @@ BuildRequires: ipmitool
BuildRequires: iproute2
BuildRequires: iputils
BuildRequires: kernel-default
BuildRequires: kernel-firmware
BuildRequires: kernel-firmware-all
BuildRequires: lvm2
BuildRequires: net-tools
BuildRequires: ntp
@@ -123,13 +123,13 @@ Kernel and ramdisk image for use with Metal3
For %{_arch}
%prep
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/root /tmp/openstack-ironic-image/img
mkdir -p /tmp/openstack-ironic-image/build /tmp/openstack-ironic-image/img
cp -a %{SOURCE0} /tmp/openstack-ironic-image/config.sh
cp -a %{SOURCE10} /tmp/openstack-ironic-image/config.kiwi
tar -xC /tmp/openstack-ironic-image/root -f %{SOURCE20}
cp -ar %{SOURCE20} /tmp/openstack-ironic-image/root
%build
if ! which kiwi; then

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

24
ironic-ipa-ramdisk/root/etc/NetworkManager/conf.d/00-main.conf Normal file
View File

@@ -0,0 +1,24 @@
# WARNING: This file has been modified by the diskimage-builder
# dhcp-all-interfaces element as this machine is likely running
# a ramdisk or needs to attempt auto-configuration on all interfaces.
[main]
# This makes sense even with dhcp on all interfaces in the event
# that the configuration has been or is being supplied via external means.
ignore-carrier=*
# Use dhclient as was done previously to the Centos8/RHEL8 RPM defaults.
# This is because dhclient shuts the interface down after a retry attempt
# which allows the link state to reset with some switches, which may be
# important for the ramdisk to recover networking.
dhcp=dhclient
[connection]
# Keep retrying, this is important for this important espescialy for
# ramdisks in environments where varying switch configurations may
# cause traffic to be blocked or intermittent connectivity failures
# such as those at an edge site may cause issues.
autoconnect-retries=-1
# Set the timeout. Diskimage-builder dhcp-all-interfaces has a 30
# second default. NetworkManager, by default, is 45 seconds.
# In some cases where ramdisks are in use, 60 seconds is advisable.
ipv4.dhcp-timeout=30
ipv6.dhcp-timeout=30

1
ironic-ipa-ramdisk/root/etc/ironic-python-agent.conf.d Symbolic link
View File

@@ -0,0 +1 @@
ironic-python-agent/ironic-python-agent.conf.d

1
ironic-ipa-ramdisk/root/etc/issue Normal file
View File

@@ -0,0 +1 @@
SUSE Ironic Python Agent Ramdisk - terminal \l

2
ironic-ipa-ramdisk/root/etc/sysctl.d/98-rp_filter.conf Normal file
View File

@@ -0,0 +1,2 @@
# avoid problems with multiple network interfaces
net.ipv4.conf.all.rp_filter=0

7
ironic-ipa-ramdisk/root/etc/systemd/system/NetworkManager.service.d/nmc.conf Normal file
View File

@@ -0,0 +1,7 @@
[Unit]
#WantsMountsFor=/mnt/ipa
After=mnt-ipa.mount
Wants=mnt-ipa.mount
[Service]
ExecStartPre=-/usr/local/bin/suse-network-setup.sh

7
ironic-ipa-ramdisk/root/etc/systemd/system/mnt-ipa.mount Normal file
View File

@@ -0,0 +1,7 @@
[Unit]
Description=config-2 rom consumed by IPA for networking configuration
[Mount]
What=/dev/ipa
Where=/mnt/ipa
TimeoutSec=60

12
ironic-ipa-ramdisk/root/etc/systemd/system/suse-ironic-image-setup.service Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Setup ironic-python-agent image
After=getty.target
[Service]
Type=oneshot
ExecStart=/usr/local/bin/suse-ironic-image-setup.sh
StandardOutput=journal+console
RemainAfterExit=true
[Install]
WantedBy=multi-user.target

1
ironic-ipa-ramdisk/root/etc/udev/rules.d/61-config2-ipa.rules Normal file
View File

@@ -0,0 +1 @@
ACTION=="add", SUBSYSTEM=="block", ENV{ID_FS_LABEL}=="config-2", ENV{ID_FS_PUBLISHER_ID}=="?*", PROGRAM="/usr/local/bin/suse-test-config-2.sh", SYMLINK+="ipa ipa-config-2"

52
ironic-ipa-ramdisk/root/usr/local/bin/suse-ironic-image-setup.sh Executable file
View File

@@ -0,0 +1,52 @@
#!/bin/sh
PARAMS=$(</proc/cmdline)
# find vfloppy device (based on IPA code)
VMEDIA_DEVICE=$(find /dev/disk/by-label -iname ir-vfd-dev)
# read params from vmedia and prepend them to params from kernel cmdline
if [[ -b "$VMEDIA_DEVICE" ]]; then
VMEDIA_MOUNT=$(mktemp -d)
if mount -o loop $VMEDIA_DEVICE $VMEDIA_MOUNT; then
# parameters.txt has one param per line, reformat to match cmdline
VMEDIA_PARAMS=$(cat $VMEDIA_MOUNT/parameters.txt | tr '\n' ' ')
umount $VMEDIA_MOUNT
PARAMS="$VMEDIA_PARAMS $PARAMS"
fi
rmdir $VMEDIA_MOUNT
fi
# resize /tmp
if [[ $PARAMS =~ suse.tmpsize=([^ ]+) ]]; then
echo "Resizing /tmp to ${BASH_REMATCH[1]}..."
mount -o remount,size=${BASH_REMATCH[1]} /tmp
fi
# deploy authorized sshkey from kernel command line
if [[ $PARAMS =~ sshkey=\"([^\"]+)\" ]]; then
echo "Adding authorized SSH key..."
(umask 077 ; mkdir -p /root/.ssh)
echo "${BASH_REMATCH[1]}" >> /root/.ssh/authorized_keys
fi
# Inject certs
if [[ $PARAMS =~ tls.enabled=(true|True) ]]; then
cp /etc/ironic-python-agent.d/ca-certs/* /etc/pki/trust/anchors/
cp /etc/ironic-python-agent.d/ca-certs/* /usr/share/pki/trust/anchors/
update-ca-certificates
fi
# autologin root on given console (default tty1) if suse.autologin or coreos.autologin is enabled
if [[ $PARAMS =~ (suse|coreos)\.autologin=?([^ ]*) ]]; then
tty="${BASH_REMATCH[2]:-tty1}"
echo "Enabling autologin on $tty..."
systemctl stop getty@$tty
systemctl disable getty@$tty
systemctl start autologin@$tty
fi
# Append to /etc/hosts
# hosts.append=1.2.3.4_foo,4.5.6.7_foo2
if [[ $PARAMS =~ hosts.append=([^ ]+) ]]; then
HOSTS=${BASH_REMATCH[1]}
echo "Appending to hosts ${HOSTS}..."
for h in ${HOSTS/,/ }; do
echo "${h/_/ }" >> /etc/hosts
done
cat /etc/hosts
fi

24
ironic-ipa-ramdisk/root/usr/local/bin/suse-network-setup.sh Executable file
View File

@@ -0,0 +1,24 @@
#!/bin/bash
set -eux
# Inspired by/based on glean-early.sh
# https://opendev.org/opendev/glean/src/branch/master/glean/init/glean-early.sh
# NOTE(TheJulia): We care about iso images, and would expect lower case as a
# result. In the case of VFAT partitions, they would be upper case.
PATH=/bin:/usr/bin:/sbin:/usr/sbin
NETWORK_DATA_FILE="/mnt/ipa/openstack/latest/network_data.json"
if [ ! -f "${NETWORK_DATA_FILE}" ]; then
echo "No network_data.json found, skipping network configuration"
exit 1
fi
mkdir -p /tmp/nmc/{desired,generated}
cp ${NETWORK_DATA_FILE} /tmp/nmc/desired/_all.yaml
nmc generate --config-dir /tmp/nmc/desired --output-dir /tmp/nmc/generated
nmc apply --config-dir /tmp/nmc/generated

23
ironic-ipa-ramdisk/root/usr/local/bin/suse-test-config-2.sh Executable file
View File

@@ -0,0 +1,23 @@
#!/bin/bash
set -eux
PATH=/bin:/usr/bin:/sbin:/usr/sbin
# Transform the ID from the drive being considered to lower case
device_publisher_id=$(echo ${ID_FS_PUBLISHER_ID} | tr '[A-Z]' '[a-z]')
# Retrieve the publisher ID from the command line and convert to lower case
cmdline_publisher_id=""
if grep -q "ir_pub_id" /proc/cmdline; then
cmdline_publisher_id=$(cat /proc/cmdline | sed -e 's/^.*ir_pub_id=//' -e 's/ .*$//')
fi
# Is this the filesystem we are looking for?
if [[ "${cmdline_publisher_id}" == "${device_publisher_id}" ]]; then
# It is the device we are looking for, return success
exit 0
else
# Not a match, return failure
exit 1
fi

21
kiwi-builder-image/Dockerfile
View File

@@ -1,18 +1,20 @@
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1-%RELEASE%
FROM registry.suse.com/bci/kiwi:10.1.16
MAINTAINER SUSE LLC (https://www.suse.com/)
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0
ARG KIWIVERSION="10.2.12"
FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
ARG KIWIVERSION
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.akri
# labelprefix=com.suse.application.kiwi
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.version="%%kiwi_version%%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.1"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -21,8 +23,8 @@ LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
# Configure Kiwi to use kpartx
RUN echo -e "mapper:\n - part_mapper: kpartx" > /etc/kiwi.yml
# help the build service understand the need for python3-kiwi
RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
# Copy build script into image and make it executable
ADD build-image.sh /usr/bin/build-image
@@ -33,3 +35,4 @@ RUN mkdir -p /micro-sdk/defs
ADD SL-Micro.kiwi /micro-sdk/defs
ADD SL-Micro.kiwi.4096 /micro-sdk/defs
ADD config.sh /micro-sdk/defs
ADD editbootinstall_rpi.sh /micro-sdk/defs

24
kiwi-builder-image/README
View File

@@ -8,7 +8,7 @@ Please ensure that you're running this on a registered SUSE Linux Micro 6.1 syst
Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0
Make a local output directory (where the images will reside):
@@ -16,40 +16,40 @@ Make a local output directory (where the images will reside):
Then, to build a standard "Base" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image
To build a "Base" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-SelfInstall
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-SelfInstall
Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default
To build a "Default" SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-RT
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall -b
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image -p Default-SelfInstall -b
# mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.0 build-image
All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/
SLE-Micro.x86_64-6.1.changes
SLE-Micro.x86_64-6.1.packages
SLE-Micro.x86_64-6.1.raw
SLE-Micro.x86_64-6.1.verified
SL-Micro.x86_64-6.1.changes
SL-Micro.x86_64-6.1.packages
SL-Micro.x86_64-6.1.raw
SL-Micro.x86_64-6.1.verified
build
kiwi.result
kiwi.result.json

72
kiwi-builder-image/SL-Micro.kiwi
View File

@@ -30,12 +30,18 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
@@ -145,10 +151,18 @@
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
@@ -165,6 +179,10 @@
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
@@ -380,7 +398,7 @@
</type>
</preferences>
<preferences profiles="rpi,aarch64-rt">
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
@@ -420,6 +438,46 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
@@ -891,6 +949,7 @@
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -919,6 +978,7 @@
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -989,11 +1049,11 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
@@ -1008,15 +1068,17 @@
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="wireless-regdb"/>

72
kiwi-builder-image/SL-Micro.kiwi.4096
View File

@@ -30,12 +30,18 @@
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64" description="Raw disk for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-rpi" description="Raw disk for aarch64 with RT kernel on Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
<requires profile="bootloader"/>
</profile>
@@ -145,10 +151,18 @@
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64"/>
</profile>
<profile name="Default-RPi" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64"/>
</profile>
<profile name="Base-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
@@ -165,6 +179,10 @@
<requires profile="container-host"/>
<requires profile="aarch64-rt"/>
</profile>
<profile name="Base-RT-RPi" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-rpi"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-rt-self_install"/>
@@ -386,7 +404,7 @@
</type>
</preferences>
<preferences profiles="rpi,aarch64-rt">
<preferences profiles="rpi,aarch64-rt-rpi">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
@@ -426,6 +444,46 @@
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64,aarch64-rt">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install,aarch64-rt-self_install">
<version>6.1</version>
<packagemanager>zypper</packagemanager>
@@ -899,6 +957,7 @@
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -927,6 +986,7 @@
<package name="patterns-container-runtime_podman"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="policycoreutils-python-utils"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
@@ -997,11 +1057,11 @@
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
@@ -1016,15 +1076,17 @@
<packages type="image" profiles="s390-fcp">
<package name="multipath-tools"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-rpi,aarch64-rt-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="wireless-regdb"/>

11
kiwi-builder-image/_service
View File

@@ -1,5 +1,6 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="docker_label_helper" mode="buildtime"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">README</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
@@ -16,4 +17,14 @@
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
<service mode="buildtime" name="replace_using_package_version">
<param name="file">Dockerfile</param>
<param name="regex">%%kiwi_version%%</param>
<param name="package">python3-kiwi</param>
</service>
<service mode="buildtime" name="replace_using_package_version">
<param name="file">README</param>
<param name="regex">%%kiwi_version%%</param>
<param name="package">python3-kiwi</param>
</service>
</services>

15
kiwi-builder-image/build-image.sh
View File

@@ -34,12 +34,15 @@ usage(){
Usage: ${0} [-p <profile>] [-b]
Profile Options (-p):
* Base: RAW Disk Image with podman
* Base-SelfInstall: SelfInstall ISO with podman
* Default: RAW Disk Image with podman and kvm
* Default-SelfInstall: SelfInstall ISO with podman and kvm
* Base-RT: RAW Disk Image with kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
* Default: RAW Disk Image with default packages (incl. Podman & KVM)
* Default-SelfInstall: SelfInstall ISO with default packages
* Default-RPi: RAW Disk Image for Raspberry Pi (aarch64 only with MBR)
* Base: RAW Disk Image with reduced package set (no KVM)
* Base-SelfInstall: SelfInstall ISO with reduced packages
* Base-RT: RAW Disk Image with reduced packages and kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with reduced packages and kernel-rt
* Base-RT-RPi: RAW Disk image for Raspberry Pi with kernel-rt (aarch64 only with MBR)
* Base-RPi: RAW Disk Image for Raspberry Pi with reduced packages (aarch64 only with MBR)
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.

47
kiwi-builder-image/editbootinstall_rpi.sh Normal file
View File

@@ -0,0 +1,47 @@
#!/bin/bash
set -euxo pipefail
diskname=$1
devname="$2"
loopname="${devname%*p?}"
loopdev=/dev/${loopname#/dev/*}
if [ ! -f $loopdev ]; then loopdev=/dev/${loopdev#/dev/mapper/}; fi
#==========================================
# copy Raspberry Pi firmware to EFI partition
#------------------------------------------
echo "RPi EFI system, installing firmware on ESP"
mkdir -p ./mnt-pi
mount ${loopname}p1 ./mnt-pi
( cd boot/vc; tar c . ) | ( cd ./mnt-pi/; tar x )
umount ./mnt-pi
rmdir ./mnt-pi
#==========================================
# Change partition label type to MBR
#------------------------------------------
#
# The target system doesn't support GPT, so let's move it to
# MBR partition layout instead.
#
# Also make sure to set the ESP partition to type 0xc so that
# broken firmware (Rpi) detects it as FAT.
#
# Use tabs, "<<-" strips tabs, but no other whitespace!
cat > gdisk.tmp <<-'EOF'
x
r
g
t
1
c
w
y
EOF
dd if=$loopdev of=mbrid.bin bs=1 skip=440 count=4
gdisk $loopdev < gdisk.tmp
dd of=$loopdev if=mbrid.bin bs=1 seek=440 count=4
rm -f mbrid.bin
rm -f gdisk.tmp

4
kubevirt-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt:%%CHART_MAJOR%%.0.0_up0.5.0
apiVersion: v2
appVersion: 1.4.0
description: A Helm chart for KubeVirt

4
kubevirt-chart/_service
View File

@@ -2,8 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

2
kubevirt-chart/values.yaml
View File

@@ -40,7 +40,7 @@ kubevirt:
monitorAccount: ""
monitorNamespace: ""
hookImage: rancher/kubectl:v1.30.2
hookImage: registry.rancher.com/rancher/kubectl:v1.30.10
hookRestartPolicy: OnFailure
hookSecurityContext:
seccompProfile:

18
kubevirt-dashboard-extension-chart/Chart.yaml
View File

@@ -1,22 +1,22 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1
#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.1_up1.3.1-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= 2.10.0-0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: '>= 2.11.0-0'
catalog.cattle.io/ui-extensions-version: '>= 3.0.2 < 4.0.0'
catalog.cattle.io/kube-version: '>= v1.26.0-0'
apiVersion: v2
appVersion: 302.0.0+up1.2.1
appVersion: 303.0.1+up1.3.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
version: "%%CHART_MAJOR%%.0.1+up1.3.1"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

4
kubevirt-dashboard-extension-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

4
kubevirt-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/302.0.0+up1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

4
kubevirt-dashboard-extension-chart/values.yaml
View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
catalog.cattle.io/rancher-version: ">= 2.11.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

10
metal3-chart/Chart.yaml
View File

@@ -1,7 +1,7 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.4_up0.11.2
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.4_up0.11.2-%RELEASE%
apiVersion: v2
appVersion: 0.11.0
appVersion: 0.11.2
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.10.0
version: 0.10.2
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.2+up0.11.0"
version: "%%CHART_MAJOR%%.0.4+up0.11.2"

4
metal3-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.10.0
version: 0.10.2

2
metal3-chart/charts/ironic/values.yaml
View File

@@ -60,7 +60,7 @@ images:
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.3
tag: 3.0.5
nameOverride: ""
fullnameOverride: ""

4
metallb-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9
#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9
#!BuildTag: %%CHART_PREFIX%%metallb:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
apiVersion: v2
appVersion: v0.14.9
dependencies:

4
metallb-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
apiVersion: v2
appVersion: 0.17.0
appVersion: 0.19.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.0+up0.17.0"
version: "%%CHART_MAJOR%%.0.2+up0.19.0"

4
rancher-turtles-airgap-resources-chart/_service
View File

@@ -2,8 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

2
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

871
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
View File

@@ -1,11 +1,876 @@
apiVersion: v1
data:
components: Not Found
metadata: Not Found
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: fleetaddonconfigs.addons.cluster.x-k8s.io
spec:
group: addons.cluster.x-k8s.io
names:
categories: []
kind: FleetAddonConfig
plural: fleetaddonconfigs
shortNames: []
singular: fleetaddonconfig
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
properties:
spec:
description: This provides a config for fleet addon functionality
properties:
cluster:
description: |-
Enable Cluster config funtionality.
This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the ClusterClass will be added to the Fleet Cluster labels.
nullable: true
properties:
agentEnvVars:
description: AgentEnvVars are extra environment variables to be
added to the agent deployment.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
nullable: true
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
nullable: true
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
nullable: true
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
nullable: true
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
nullable: true
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
nullable: true
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
nullable: true
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
nullable: true
type: string
divisor:
description: Specifies the output format of the
exposed resources, defaults to "1"
nullable: true
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
nullable: true
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the Secret or its key
must be defined
nullable: true
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
nullable: true
type: array
agentNamespace:
description: Namespace selection for the fleet agent
nullable: true
type: string
agentTolerations:
description: Agent taint toleration settings for every cluster
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
nullable: true
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
nullable: true
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
nullable: true
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
nullable: true
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
nullable: true
type: string
type: object
nullable: true
type: array
applyClassGroup:
description: Apply a ClusterGroup for a ClusterClass referenced
from a different namespace.
nullable: true
type: boolean
hostNetwork:
description: 'Host network allows to deploy agent configuration
using hostNetwork: true setting which eludes dependency on the
CNI configuration for the cluster.'
nullable: true
type: boolean
namespaceSelector:
description: Namespace label selector. If set, only clusters in
the namespace matching label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
naming:
description: Naming settings for the fleet cluster
nullable: true
properties:
prefix:
description: Specify a prefix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
suffix:
description: Specify a suffix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
type: object
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
selector:
description: Cluster label selector. If set, only clusters matching
label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
required:
- namespaceSelector
- selector
type: object
clusterClass:
description: |-
Enable clusterClass controller functionality.
This will create Fleet ClusterGroups for each ClusterClaster with the same name.
nullable: true
properties:
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
type: object
config:
nullable: true
properties:
featureGates:
description: feature gates controlling experimental features
nullable: true
properties:
configMap:
description: FeaturesConfigMap references a ConfigMap where
to apply feature flags. If a ConfigMap is referenced, the
controller will update it instead of upgrading the Fleet
chart.
nullable: true
properties:
ref:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
experimentalHelmOps:
description: Enables experimental Helm operations support.
type: boolean
experimentalOciStorage:
description: Enables experimental OCI storage support.
type: boolean
required:
- experimentalHelmOps
- experimentalOciStorage
type: object
server:
description: fleet server url configuration options
nullable: true
oneOf:
- required:
- inferLocal
- required:
- custom
properties:
custom:
properties:
apiServerCaConfigRef:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
apiServerUrl:
nullable: true
type: string
type: object
inferLocal:
type: boolean
type: object
type: object
install:
nullable: true
oneOf:
- required:
- followLatest
- required:
- version
properties:
followLatest:
description: Follow the latest version of the chart on install
type: boolean
version:
description: Use specific version to install
type: string
type: object
type: object
x-kubernetes-validations: []
status:
nullable: true
properties:
conditions:
description: conditions represents the observations of a Fleet addon
current state.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
installedVersion:
nullable: true
type: string
type: object
required:
- spec
title: FleetAddonConfig_kube_validation
type: object
x-kubernetes-validations:
- rule: self.metadata.name == 'fleet-addon-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-leader-election-role
namespace: caapf-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-role
rules:
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- fleetaddonconfigs
- fleetaddonconfigs/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- patch
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
- clusterctl.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusterclasses
verbs:
- get
- list
- watch
- patch
- apiGroups:
- fleet.cattle.io
resources:
- clusters
- clustergroups
- clusterregistrationtokens
- bundlenamespacemappings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- fleet.cattle.io
resources:
- bundlenamespacemappings
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: caapf-manager-role
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: caapf-helm-manager
labels:
cluster.x-k8s.io/fleet-addon-registration: "true"
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-controller-manager
namespace: caapf-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
spec:
containers:
- image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
imagePullPolicy: IfNotPresent
name: manager
ports:
- containerPort: 8443
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
- args:
- --helm-install
image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
name: helm-manager
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: helm-kubeconfig
readOnly: true
serviceAccountName: caapf-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: helm-kubeconfig
secret:
secretName: caapf-helm-manager
metadata: |
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.6.0
name: v0.8.1
namespace: rancher-turtles-system
labels:
provider-components: fleet

19
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.17.3
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1218,7 +1218,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.17.3
labels:
cluster.x-k8s.io/provider: bootstrap-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2525,9 +2525,11 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.15.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2750,10 +2752,19 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.12.0
name: v0.15.1
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

223
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -22,7 +22,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.17.3
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1744,12 +1744,23 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -1974,6 +1985,54 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy that controls
how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while attempting
to remediate an unhealthy machine.\nA retry happens when a machine
that was created as a replacement for an unhealthy machine also
fails.\nFor example, given a control plane with three machines
M1, M2, M3:\n\n\tM1 become unhealthy; remediation happens, and
M1-1 is created as a replacement.\n\tIf M1-1 (replacement of
M1) has problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered a retry,
remediation-retry #1.\n\tIf M1-2 (replacement of M1-1) becomes
unhealthy, remediation-retry #2 will happen, etc.\n\nA retry
could happen only after RetryPeriod from the previous retry.\nIf
a machine is marked as unhealthy after MinHealthyPeriod from
the previous remediation expired,\nthis is not considered a
retry anymore because the new issue is assumed unrelated from
the previous one.\n\nIf not set, the remedation will be retried
infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after which
RKE2ControlPlane will consider any failure to a machine unrelated\nfrom
the previous one. In this case the remediation is not considered
a retry anymore, and thus the retry\ncounter restarts from 0.
For example, assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created as
a replacement.\n\tIf M1-1 (replacement of M1) has problems within
the 1hr after the creation, also\n\tthis machine will be remediated
and this operation is considered a retry - a problem related\n\tto
the original issue happened to M1 -.\n\n\tIf instead the problem
on M1-1 is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation of M1,
the problem on M1-1 is considered unrelated to\n\tthe original
issue happened to M1.\n\nIf not set, this value is defaulted
to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control Plane.
format: int32
@@ -2185,9 +2244,15 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
@@ -2541,14 +2606,42 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -2589,7 +2682,7 @@ data:
metadata:
annotations:
cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
controller-gen.kubebuilder.io/version: v0.17.3
labels:
cluster.x-k8s.io/provider: control-plane-rke2
cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -3152,12 +3245,23 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -3384,6 +3488,57 @@ data:
- control-plane-endpoint
- ""
type: string
remediationStrategy:
description: remediationStrategy is the RemediationStrategy
that controls how control plane machine remediation happens.
properties:
maxRetry:
description: "maxRetry is the Max number of retries while
attempting to remediate an unhealthy machine.\nA retry
happens when a machine that was created as a replacement
for an unhealthy machine also fails.\nFor example, given
a control plane with three machines M1, M2, M3:\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems while bootstrapping it will become unhealthy,
and then be\n\tremediated; such operation is considered
a retry, remediation-retry #1.\n\tIf M1-2 (replacement
of M1-1) becomes unhealthy, remediation-retry #2 will
happen, etc.\n\nA retry could happen only after RetryPeriod
from the previous retry.\nIf a machine is marked as
unhealthy after MinHealthyPeriod from the previous remediation
expired,\nthis is not considered a retry anymore because
the new issue is assumed unrelated from the previous
one.\n\nIf not set, the remedation will be retried infinitely."
format: int32
type: integer
minHealthyPeriod:
description: "minHealthyPeriod defines the duration after
which RKE2ControlPlane will consider any failure to
a machine unrelated\nfrom the previous one. In this
case the remediation is not considered a retry anymore,
and thus the retry\ncounter restarts from 0. For example,
assuming MinHealthyPeriod is set to 1h (default)\n\n\tM1
become unhealthy; remediation happens, and M1-1 is created
as a replacement.\n\tIf M1-1 (replacement of M1) has
problems within the 1hr after the creation, also\n\tthis
machine will be remediated and this operation is considered
a retry - a problem related\n\tto the original issue
happened to M1 -.\n\n\tIf instead the problem on M1-1
is happening after MinHealthyPeriod expired, e.g. four
days after\n\tm1-1 has been created as a remediation
of M1, the problem on M1-1 is considered unrelated to\n\tthe
original issue happened to M1.\n\nIf not set, this value
is defaulted to 1h."
type: string
retryPeriod:
description: |-
retryPeriod is the duration that RKE2ControlPlane should wait before remediating a machine being created as a replacement
for an unhealthy machine (a retry).
If not set, a retry will happen immediately.
type: string
type: object
replicas:
description: Replicas is the number of replicas for the Control
Plane.
@@ -3601,9 +3756,15 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration
of ETCD.
@@ -3974,14 +4135,42 @@ data:
description: Initialized indicates the target cluster has completed
initialization.
type: boolean
lastRemediation:
description: lastRemediation stores info about last remediation performed.
properties:
machine:
description: machine is the machine name of the latest machine
being remediated.
maxLength: 253
minLength: 1
type: string
retryCount:
description: |-
retryCount used to keep track of remediation retry for the last remediated machine.
A retry happens when a machine that was created as a replacement for an unhealthy machine also fails.
type: integer
timestamp:
description: timestamp is when last remediation happened. It is
represented in RFC3339 form and is in UTC.
format: date-time
type: string
required:
- machine
- retryCount
- timestamp
type: object
observedGeneration:
description: ObservedGeneration is the latest generation observed
by the controller.
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -4097,6 +4286,14 @@ data:
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- authentication.k8s.io
resources:
@@ -4248,6 +4445,7 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --v=${CAPRKE2_DEBUG_LEVEL:=0}
command:
- /manager
env:
@@ -4263,7 +4461,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.15.1
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4493,10 +4691,19 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
- major: 0
minor: 15
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.12.0
name: v0.15.1
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.17.0
digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
generated: "2025-02-27T10:39:03.203623466Z"
version: 0.18.1
digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
generated: "2025-04-29T09:14:10.14953774Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -7,12 +7,12 @@ annotations:
catalog.cattle.io/namespace: rancher-turtles-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.10.0-1'
catalog.cattle.io/rancher-version: '>= 2.11.0-1'
catalog.cattle.io/release-name: rancher-turtles
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.17.0
appVersion: 0.19.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.17.0"
version: "%%CHART_MAJOR%%.0.2+up0.19.0"

18
rancher-turtles-chart/RELEASE_NOTES.md
View File

@@ -1,4 +1,14 @@
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
env:
GH_TOKEN: ${{ github.token }}
: exit status 4
## Changes since v0.19.0-rc.1
---
## :chart_with_upwards_trend: Overview
- 4 new commits merged
:book: Additionally, there has been 1 contribution to our documentation and book. (#1325)
## :question: Sort these by hand
- chart: Add helm chart values validation (#1320)
- Dependency: Revert dependency bumps (#1328)
- MULTIPLE_AREAS[documentation|azure]: Use predictable resourceGroup for AKS nodes (#1327)
_Thanks to all our contributors!_ 😊

4
rancher-turtles-chart/_service
View File

@@ -9,8 +9,8 @@
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
<param name="var">CHART_PREFIX</param>
<param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
<param name="var">CHART_MAJOR</param>
</service>

16
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -13,9 +13,9 @@ spec:
deployment:
containers:
- name: manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
- name: helm-manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -35,10 +35,22 @@ data:
metadata:
name: fleet-addon-config
spec:
config:
featureGates:
configMap:
ref:
kind: ConfigMap
apiVersion: v1
name: rancher-config
namespace: cattle-system
experimentalOciStorage: true
experimentalHelmOps: true
clusterClass:
patchResource: true
setOwnerReferences: true
cluster:
agentNamespace: cattle-fleet-system
applyClassGroup: true
patchResource: true
setOwnerReferences: true
hostNetwork: true

367
rancher-turtles-chart/values.schema.json Normal file
View File

@@ -0,0 +1,367 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Helm Chart Values Schema",
"type": "object",
"properties": {
"turtlesUI": {
"type": "object",
"description": "Manages the UI component.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn UI on or off."
},
"version": {
"type": "string",
"default": "0.8.2",
"description": "UI version to use."
}
}
},
"rancherTurtles": {
"type": "object",
"description": "Sets up the cluster management controller.",
"properties": {
"image": {
"type": "string",
"default": "controller",
"description": "Controller container image."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"namespace": {
"type": "string",
"default": "rancher-turtles-system",
"description": "Namespace for Turtles to run."
},
"managerArguments": {
"type": "array",
"default": [],
"description": "Extra args for the controller.",
"items": { "type": "string" }
},
"imagePullSecrets": {
"type": "array",
"default": [],
"description": "Secrets for private registries.",
"items": { "type": "string" }
},
"rancherInstalled": {
"type": "boolean",
"default": true,
"description": "True if Rancher is already installed in the cluster."
},
"kubectlImage": {
"type": "string",
"default": "registry.k8s.io/kubernetes/kubectl:v1.30.0",
"description": "Image for kubectl tasks."
},
"features": {
"type": "object",
"description": "Optional and experimental features.",
"properties": {
"day2operations": {
"type": "object",
"description": "Alpha feature.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for day-2 ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"etcdBackupRestore": {
"type": "object",
"description": "Manages etcd backup/restore.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on (true) or off (false)."
}
}
}
}
},
"addon-provider-fleet": {
"type": "object",
"description": "Beta feature for fleet addons.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
}
}
},
"agent-tls-mode": {
"type": "object",
"description": "Alpha feature for agent TLS.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"clusterclass-operations": {
"type": "object",
"description": "Alpha feature. Not ready for testing yet.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for cluster class ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Pull policy."
}
}
}
}
}
}
},
"cluster-api-operator": {
"type": "object",
"description": "Manages Cluster API components.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"cert-manager": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"volumes": {
"type": "array",
"description": "Volumes for operator pods (certs, config).",
"items": {
"type": "object",
"oneOf": [
{
"required": ["name", "secret"],
"properties": {
"name": { "type": "string" },
"secret": {
"type": "object",
"properties": {
"defaultMode": {
"type": "integer",
"default": 420,
"description": "File permissions."
},
"secretName": {
"type": "string",
"default": "capi-operator-webhook-service-cert",
"description": "Secret for webhook certs."
}
}
}
}
},
{
"required": ["name", "configMap"],
"properties": {
"name": { "type": "string" },
"configMap": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "clusterctl-config",
"description": "ConfigMap for clusterctl."
}
}
}
}
}
]
}
},
"image": {
"type": "object",
"properties": {
"manager": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"default": "registry.rancher.com/rancher/cluster-api-operator",
"description": "Image repo."
}
}
}
}
},
"volumeMounts": {
"type": "object",
"properties": {
"manager": {
"type": "array",
"description": "Mount volumes to pods.",
"items": {
"type": "object",
"properties": {
"mountPath": { "type": "string" },
"name": { "type": "string" },
"readOnly": {
"type": "boolean",
"default": true,
"description": "Mount as read-only."
}
}
}
}
}
},
"cleanup": {
"type": "boolean",
"default": true,
"description": "Enable cleanup tasks."
},
"cluster-api": {
"type": "object",
"description": "Cluster API component settings.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"configSecret": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "",
"description": "Custom secret name (if overriding)."
},
"defaultName": {
"type": "string",
"default": "capi-env-variables",
"description": "Default secret name."
}
}
},
"core": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "capi-system",
"description": "Core component namespace."
},
"imageUrl": {
"type": "string",
"default": "",
"description": "Custom image URL."
},
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"rke2": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"version": {
"type": "string",
"default": "",
"description": "RKE2 version."
},
"bootstrap": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-bootstrap-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"controlPlane": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-control-plane-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
}
}
}
}
}
}
}
}
}

85
rancher-turtles-chart/values.yaml
View File

@@ -1,83 +1,152 @@
# turtlesUI: Manages the UI component.
turtlesUI:
# enabled: Turn UI on or off.
enabled: false
version: v0.8.2
# version: UI version to use.
version: 0.8.2
# rancherTurtles: Sets up the cluster management controller.
rancherTurtles:
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# namespace: Select namespace for Turtles to run.
namespace: rancher-turtles-system
# managerArguments: Extra args for the controller.
managerArguments: []
# imagePullSecrets: Secrets for private registries.
imagePullSecrets: []
# rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
# kubectlImage: Image for kubectl tasks.
kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3"
# features: Optional and experimental features.
features:
# day2operations: Alpha feature.
day2operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
etcdBackupRestore:
# enabled: Turn on (true) or off (false).
enabled: false
# beta feature, see documentation for more information on feature stages
# addon-provider-fleet: Beta feature for fleet addons.
addon-provider-fleet:
# enabled: Turn on or off.
enabled: true
# alpha feature, see documentation for more information on feature stages
# agent-tls-mode: Alpha feature for agent TLS.
agent-tls-mode:
# enabled: Turn on or off.
enabled: false
# clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
clusterclass-operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# cluster-api-operator: Manages Cluster API components.
cluster-api-operator:
# enabled: Turn on or off.
enabled: true
# cert-manager: Cert-manager integration.
cert-manager:
# enabled: Turn on or off.
enabled: false
# volumes: Volumes for operator pods (certs, config).
volumes:
- name: cert
secret:
# defaultMode: File permissions.
defaultMode: 420
# secretName: Secret for webhook certs.
secretName: capi-operator-webhook-service-cert
- name: clusterctl-config
configMap:
# name: ConfigMap for clusterctl.
name: clusterctl-config
# image: registry.rancher.com/rancher/rancher/turtles
image:
manager:
# repository: Image repo.
repository: registry.rancher.com/rancher/cluster-api-operator
# volumeMounts: Mount volumes to pods.
volumeMounts:
manager:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
# readOnly: Mount as read-only.
readOnly: true
- mountPath: /config
name: clusterctl-config
# readOnly: Mount as read-only.
readOnly: true
# cleanup: Enable cleanup tasks.
cleanup: true
# cluster-api: Cluster API component settings.
cluster-api:
# enabled: Turn on or off.
enabled: true
# configSecret: Secret for Cluster API config.
configSecret:
# name: Custom secret name (if overriding).
name: ""
# defaultName: Default secret name.
defaultName: capi-env-variables
# core: Core Cluster API settings.
core:
# namespace: Core component namespace.
namespace: capi-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# rke2: RKE2 provider settings.
rke2:
# enabled: Turn on or off.
enabled: true
version: ""
# version: RKE2 version.
version: "v0.15.1"
# bootstrap: RKE2 bootstrap provider.
bootstrap:
# namespace: Bootstrap namespace.
namespace: rke2-bootstrap-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# controlPlane: RKE2 control plane provider.
controlPlane:
# namespace: Control plane namespace.
namespace: rke2-control-plane-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
metal3:
enabled: true

Some files were not shown because too many files have changed in this diff Show More