Bump the metal3-chart and BMO subchart version

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>

.gitea/workflows/check_manifest.yaml

@@ -17,7 +17,7 @@ jobs:
           object-format: 'sha256'
       - name: Setup dependencies
         run: |
-          zypper in -y python3-PyYAML
+          zypper in -y python3-ruamel.yaml
       - name: Check release manifest
         run: |
-          python3 .obs/manifest-check.py
+          python3 .obs/manifest-check.py --check

.obs/manifest-check.py

@@ -1,11 +1,15 @@
 #!/usr/bin/python3
 
-import yaml
+import ruamel.yaml
+import pathlib
+import argparse
 import sys
 
+yaml = ruamel.yaml.YAML()
+
 def get_chart_version(chart_name: str) -> str:
     with open(f"./{chart_name}-chart/Chart.yaml") as f:
-        chart = yaml.safe_load(f)
+        chart = yaml.load(f)
         return chart["version"]
 
 def get_charts(chart):
@@ -21,22 +25,57 @@ def get_charts(chart):
 
 def get_charts_list():
     with open("./release-manifest-image/release_manifest.yaml") as f:
-        manifest = yaml.safe_load(f)
+        manifest = yaml.load(f)
     charts = {}
     for chart in manifest["spec"]["components"]["workloads"]["helm"]:
         charts.update(get_charts(chart))
     return charts
 
-def main():
+def check_charts(fix: bool) -> bool:
-    print("Checking charts versions in release manifest")
     success = True
     charts = get_charts_list()
+    to_fix = {}
     for chart in charts:
         expected_version = get_chart_version(chart)
         if expected_version != charts[chart]:
             success = False
+            to_fix[f'%%CHART_REPO%%/%%CHART_PREFIX%%{chart}'] = expected_version
             print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
-    if not success:
+    if fix and not success:
+        fix_charts(to_fix)
+        return True
+    return success
+
+def fix_charts(to_fix):
+    manifest_path = pathlib.Path("./release-manifest-image/release_manifest.yaml")
+    manifest = yaml.load(manifest_path)
+    yaml.indent(mapping=2, sequence=4, offset=2)
+    yaml.width = 4096
+    for chart_index, chart in enumerate(manifest["spec"]["components"]["workloads"]["helm"]):
+        changed = False
+        if chart["chart"] in to_fix.keys():
+            changed = True
+            chart["version"] = to_fix[chart["chart"]]
+        for subchart_index, subchart in enumerate(chart.get("addonCharts", [])):
+            if subchart["chart"] in to_fix.keys():
+                changed = True
+                subchart["version"] = to_fix[subchart["chart"]]
+                chart["addonCharts"][subchart_index] = subchart
+        for subchart_index, subchart in enumerate(chart.get("dependencyCharts", [])):
+            if subchart["chart"] in to_fix.keys():
+                changed = True
+                subchart["version"] = to_fix[subchart["chart"]]
+                chart["dependencyCharts"][subchart_index] = subchart
+        if changed:
+            manifest["spec"]["components"]["workloads"]["helm"][chart_index] = chart
+    yaml.dump(manifest, manifest_path)
+
+def main():
+    print("Checking charts versions in release manifest")
+    parser = argparse.ArgumentParser()
+    parser.add_argument('-c', '--check', action='store_true')
+    args = parser.parse_args()
+    if not check_charts(not args.check):
         sys.exit(1)
     else:
         print("All local charts in release manifest are using the right version")

.pre-commit-config.yaml

@@ -0,0 +1,10 @@
+repos:
+  - repo: local
+    hooks:
+      - id: check-manifest
+        name: "Check release-manifest"
+        entry: .obs/manifest-check.py
+        language: python
+        additional_dependencies: ['ruamel.yaml']
+        pass_filenames: false
+        always_run: true

_config

@@ -1,4 +1,5 @@
 Prefer: -libqpid-proton10 -python311-urllib3_1
+Prefer: -cargo1.58 -cargo1.57 cargo1.88
 
 Macros:
 %__python3 /usr/bin/python3.11
@@ -105,7 +106,7 @@ BuildFlags: onlybuild:release-manifest-image
     Patterntype: none
     BuildEngine: podman
     Prefer: sles-release
-    BuildFlags: dockerarg:SLE_VERSION=15.6
+    BuildFlags: dockerarg:SLE_VERSION=15.7
 
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync

_meta

@@ -45,7 +45,7 @@
       <path project="SUSE:SLFO:Products:SLES:16.0" repository="standard"/>
       <path project="SUSE:SLFO:Main:Build" repository="standard"/>
     {%- else %}
-      <path project="SUSE:CA" repository="SLE_15_SP6"/>
+      <path project="SUSE:CA" repository="SLE_15_SP7"/>
       <path project="{{ project }}" repository="standard"/>
     {%- endif %}
     <arch>x86_64</arch>
@@ -56,8 +56,8 @@
     {%- if release_project is defined and not for_release %}
     <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
     {%- endif %}
-    <path project="{{ ironic_base }}:2024.2" repository="15.6"/>
+    <path project="{{ ironic_base }}:2025.1" repository="15.7"/>
-    <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
+    <path project="SUSE:SLE-15-SP7:Update" repository="standard"/>
     <arch>x86_64</arch>
     <arch>aarch64</arch>
   </repository>

baremetal-operator-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
 #!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

edge-image-builder-image/Dockerfile

@@ -1,6 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:latest
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:latest-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
 MAINTAINER SUSE LLC (https://www.suse.com/)
@@ -15,11 +14,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.2.1"
+LABEL org.opencontainers.image.version="latest"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:latest-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

edge-image-builder/_service

@@ -3,11 +3,11 @@
     <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.2.1</param>
+    <param name="revision">1bfee6bb5bd0dc1ed18e2d09820750f9987c96c9</param>
     <!-- Uncomment and set this For Pre-Release Version -->
     <!-- <param name="version">1.2.0~rc1</param> -->
     <!-- Uncomment and this for regular version -->
-    <param name="versionformat">@PARENT_TAG@</param>
+    <param name="versionformat">%h</param>
     <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
     <param name="versionrewrite-replacement">\1.\2.\3</param>
     <param name="changesgenerate">enable</param>

edge-image-builder/edge-image-builder.spec

@@ -17,7 +17,7 @@
 
 
 Name:           edge-image-builder
-Version:        1.2.1
+Version:        latest
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0

endpoint-copier-operator-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%
 #!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator:%%endpoint-copier-operator_version%%-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

frr-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: MIT
 #!BuildTag: %%IMG_PREFIX%%frr:8.5.6
 #!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

frr-k8s-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
 #!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

ironic-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.5
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.5-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%
-#!BuildVersion: 15.6
 
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -20,11 +19,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
 
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
     fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 bind-utils procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic; \
     fi
     
 # DATABASE
@@ -42,8 +41,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="26.1.2.5"
+LABEL org.opencontainers.image.version="29.0.4.1"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:29.0.4.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-image/configure-nonroot.sh

@@ -45,10 +45,10 @@ chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /run
 
 # ironic and httpd related changes
 mkdir -p /etc/httpd/conf.d
-chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
-chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d
+chmod 2775 /etc/ironic /etc/httpd/conf /etc/httpd/conf.d /etc/httpd/conf.modules.d/
 #chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.d/*
-chmod 664 /etc/ironic/* /etc/httpd/conf/*
+chmod 664 /etc/ironic/* /etc/httpd/conf/* /etc/httpd/conf.modules.d/*
 
 chown -R "${IRONIC_USER}":"${IRONIC_GROUP}" /var/lib/ironic
 chmod 2775 /var/lib/ironic

ironic-image/ironic-config/apache2-ipxe.conf.j2

@@ -1,4 +1,5 @@
-Listen {{ env.IPXE_TLS_PORT }}
+Listen 0.0.0.0:{{ env.IPXE_TLS_PORT }}
+Listen [::]:{{ env.IPXE_TLS_PORT }}
 
 <VirtualHost *:{{ env.IPXE_TLS_PORT }}>
     ErrorLog /dev/stderr

ironic-image/ironic-config/apache2-vmedia.conf.j2

@@ -1,4 +1,5 @@
-Listen {{ env.VMEDIA_TLS_PORT }}
+Listen 0.0.0.0:{{ env.VMEDIA_TLS_PORT }}
+Listen [::]:{{ env.VMEDIA_TLS_PORT }}
 
 <VirtualHost *:{{ env.VMEDIA_TLS_PORT }}>
     ErrorLog /dev/stderr
@@ -10,13 +11,15 @@ Listen {{ env.VMEDIA_TLS_PORT }}
     SSLCertificateFile {{ env.IRONIC_VMEDIA_CERT_FILE }}
     SSLCertificateKeyFile {{ env.IRONIC_VMEDIA_KEY_FILE }}
 
-    <Directory ~ "/shared/html">
+    <Directory "/shared/html/">
-         Order deny,allow
+        Options Indexes FollowSymLinks
-         deny from all
+        AllowOverride None
+        Require all granted
     </Directory>
     <Directory ~ "/shared/html/(redfish|ilo)/">
-         Order allow,deny
+        Options Indexes FollowSymLinks
-         allow from all
+        AllowOverride None
+        Require all granted
     </Directory>
 </VirtualHost>
 

ironic-image/ironic-config/httpd-ironic-api.conf.j2

@@ -12,11 +12,21 @@
 
 
 {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.IRONIC_LISTEN_PORT }}
+Listen 0.0.0.0:{{ env.IRONIC_LISTEN_PORT }}
+Listen [::]:{{ env.IRONIC_LISTEN_PORT }}
  <VirtualHost *:{{ env.IRONIC_LISTEN_PORT }}>
 {% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}
+{% if env.ENABLE_IPV4 %}
- <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_LISTEN_PORT }}>
+Listen {{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}
+{% endif %}
+{% if env.ENABLE_IPV6 %}
+Listen [{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}
+{% endif %}
+{% if env.IRONIC_URL_HOSTNAME is defined and env.IRONIC_URL_HOSTNAME|length %}
+<VirtualHost {{ env.IRONIC_URL_HOSTNAME }}:{{ env.IRONIC_LISTEN_PORT }}>
+{% else %}
+<VirtualHost {% if env.ENABLE_IPV4 %}{{ env.IRONIC_IP }}:{{ env.IRONIC_LISTEN_PORT }}{% endif %} {% if env.ENABLE_IPV6 %}[{{ env.IRONIC_IPV6 }}]:{{ env.IRONIC_LISTEN_PORT }}{% endif %}>
+{% endif %}
 {% endif %}
 
     {% if env.IRONIC_PRIVATE_PORT == "unix" %}

ironic-image/ironic-config/httpd-modules.conf

@@ -17,4 +17,4 @@ LoadModule authn_core_module /usr/lib64/apache2/mod_authn_core.so
 LoadModule auth_basic_module /usr/lib64/apache2/mod_auth_basic.so
 LoadModule authn_file_module /usr/lib64/apache2/mod_authn_file.so
 LoadModule authz_user_module /usr/lib64/apache2/mod_authz_user.so
-LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so
+#LoadModule access_compat_module /usr/lib64/apache2/mod_access_compat.so

ironic-image/ironic-config/httpd.conf.j2

@@ -1,8 +1,14 @@
 ServerRoot {{ env.HTTPD_DIR }}
 {%- if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.HTTP_PORT }}
+Listen 0.0.0.0:{{ env.HTTP_PORT }}
+Listen [::]:{{ env.HTTP_PORT }}
 {% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}
+{% if env.ENABLE_IPV4 %}
+Listen {{ env.IRONIC_IP }}:{{ env.HTTP_PORT }}
+{% endif %}
+{% if env.ENABLE_IPV6 %}
+Listen [{{ env.IRONIC_IPV6 }}]:{{ env.HTTP_PORT }}
+{% endif %}
 {% endif %}
 Include /etc/httpd/conf.modules.d/*.conf
 User ironic-suse

ironic-image/ironic-config/ironic.conf.j2

@@ -25,7 +25,13 @@ rpc_transport = none
 use_stderr = true
 # NOTE(dtantsur): the default md5 is not compatible with FIPS mode
 hash_ring_algorithm = sha256
+{% if env.ENABLE_IPV4 %}
 my_ip = {{ env.IRONIC_IP }}
+{% endif %}
+{% if env.ENABLE_IPV6 %}
+my_ipv6 = {{ env.IRONIC_IPV6 }}
+{% endif %}
+
 host = {{ env.IRONIC_CONDUCTOR_HOST }}
 tempdir = {{ env.IRONIC_TMP_DATA_DIR }}
 
@@ -65,7 +71,7 @@ port = {{ env.IRONIC_PRIVATE_PORT }}
 {% endif %}
 public_endpoint = {{ env.IRONIC_BASE_URL }}
 {% else %}
-host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
+host_ip = {{ env.IRONIC_HOST_IP }}
 port = {{ env.IRONIC_LISTEN_PORT }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 enable_ssl_api = true
@@ -85,7 +91,11 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
+{% if env.VMEDIA_TLS_PORT %}
+bootloader = {{ env.IRONIC_HTTPS_VMEDIA_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
+{% else %}
 bootloader = {{ env.IRONIC_HTTP_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
+{% endif %}
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False
@@ -117,15 +127,15 @@ default_boot_option = local
 erase_devices_metadata_priority = 10
 erase_devices_priority = 0
 http_root = /shared/html/
-http_url = {{ env.IRONIC_HTTP_URL }}
+http_url = {% if env.VMEDIA_TLS_PORT %}{{ env.IRONIC_HTTPS_VMEDIA_URL }}{% else %}{{ env.IRONIC_HTTP_URL }}{% endif %}
 fast_track = {{ env.IRONIC_FAST_TRACK }}
 {% if env.IRONIC_BOOT_ISO_SOURCE %}
 ramdisk_image_download_source = {{ env.IRONIC_BOOT_ISO_SOURCE }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_HTTP_URL %}
 external_http_url = {{ env.IRONIC_EXTERNAL_HTTP_URL }}
-{% elif env.IRONIC_VMEDIA_TLS_SETUP == "true" %}
+{% elif env.VMEDIA_TLS_PORT %}
-external_http_url = https://{{ env.IRONIC_URL_HOST }}:{{ env.VMEDIA_TLS_PORT }}
+external_http_url = {{ env.IRONIC_HTTPS_VMEDIA_URL }}
 {% endif %}
 {% if env.IRONIC_EXTERNAL_CALLBACK_URL %}
 external_callback_url = {{ env.IRONIC_EXTERNAL_CALLBACK_URL }}
@@ -181,7 +191,7 @@ cipher_suite_versions = 3,17
 # containers are in host networking.
 auth_strategy = http_basic
 http_basic_auth_user_file = {{ env.IRONIC_RPC_HTPASSWD_FILE }}
-host_ip = {% if env.LISTEN_ALL_INTERFACES | lower == "true" %}::{% else %}{{ env.IRONIC_IP }}{% endif %}
+host_ip = {{ env.IRONIC_HOST_IP }}
 {% if env.IRONIC_TLS_SETUP == "true" %}
 use_ssl = true
 cafile = {{ env.IRONIC_CACERT_FILE }}

ironic-image/scripts/configure-ironic.sh

@@ -3,6 +3,7 @@
 set -euxo pipefail
 
 IRONIC_EXTERNAL_IP="${IRONIC_EXTERNAL_IP:-}"
+export VMEDIA_TLS_PORT="${VMEDIA_TLS_PORT:-}"
 
 # Define the VLAN interfaces to be included in introspection report, e.g.
 #   all - all VLANs on all interfaces using LLDP information
@@ -51,6 +52,18 @@ export IRONIC_IPA_COLLECTORS=${IRONIC_IPA_COLLECTORS:-default,logs}
 
 wait_for_interface_or_ip
 
+if [[ "$(echo "$LISTEN_ALL_INTERFACES" | tr '[:upper:]' '[:lower:]')" == "true" ]]; then
+export IRONIC_HOST_IP="::"
+elif [[ -n "${ENABLE_IPV6}" ]]; then
+export IRONIC_HOST_IP="$IRONIC_IPV6"
+else
+export IRONIC_HOST_IP="$IRONIC_IP"
+fi
+
+if [[ "${VMEDIA_TLS_PORT}" ]]; then
+   export IRONIC_HTTPS_VMEDIA_URL="https://${IRONIC_URL_HOST}:${VMEDIA_TLS_PORT}"
+fi
+
 # Hostname to use for the current conductor instance.
 export IRONIC_CONDUCTOR_HOST=${IRONIC_CONDUCTOR_HOST:-${IRONIC_URL_HOST}}
 
@@ -92,4 +105,11 @@ render_j2_config "/etc/ironic/ironic.conf.j2" \
 configure_json_rpc_auth
 
 # Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
+export NO_PROXY="${NO_PROXY:-}"
+
+if [[ -n "$IRONIC_IPV6" ]]; then
+export NO_PROXY="${NO_PROXY},${IRONIC_IPV6}"
+fi
+if [[ -n "$IRONIC_IP" ]]; then
+export NO_PROXY="${NO_PROXY},${IRONIC_IP}"
+fi

ironic-image/scripts/ironic-common.sh

@@ -5,9 +5,11 @@ set -euxo pipefail
 # Export IRONIC_IP to avoid needing to lean on IRONIC_URL_HOST for consumption in
 # e.g. dnsmasq configuration
 export IRONIC_IP="${IRONIC_IP:-}"
+IRONIC_IPV6="${IRONIC_IPV6:-}"
 PROVISIONING_INTERFACE="${PROVISIONING_INTERFACE:-}"
 PROVISIONING_IP="${PROVISIONING_IP:-}"
 PROVISIONING_MACS="${PROVISIONING_MACS:-}"
+IRONIC_URL_HOSTNAME="${IRONIC_URL_HOSTNAME:-}"
 IPXE_CUSTOM_FIRMWARE_DIR="${IPXE_CUSTOM_FIRMWARE_DIR:-/shared/custom_ipxe_firmware}"
 CUSTOM_CONFIG_DIR="${CUSTOM_CONFIG_DIR:-/conf}"
 CUSTOM_DATA_DIR="${CUSTOM_DATA_DIR:-/data}"
@@ -33,6 +35,85 @@ export LOCAL_DB_URI="sqlite:///${IRONIC_DB_DIR}/ironic.sqlite"
 
 export IRONIC_USE_MARIADB=${IRONIC_USE_MARIADB:-false}
 
+
+get_ip_of_hostname()
+{
+    if [[ "$#" -ne 2 ]]; then
+        echo "${FUNCNAME}: two parameters required, $# provided" >&2
+        return 1
+    fi
+
+    case $2 in
+        4)
+            QUERY="a";;
+        6)
+            QUERY="aaaa";;
+        *)
+            echo "${FUNCNAME}: the second parameter should be [a|aaaa] for A and AAAA records"
+            return 1;;
+    esac
+
+    local HOSTNAME=$1
+
+    echo $(nslookup -type=${QUERY} "${HOSTNAME}" | tail -n2 | grep -w "Address:" | cut -d " " -f2)
+}
+
+get_interface_of_ip()
+{
+    local IP_VERS=""
+
+    if [[ "$#" -gt 2 ]]; then
+        echo "${FUNCNAME}: too many parameters" >&2
+        return 1
+    fi
+
+    if [[ "$#" -eq 2 ]]; then
+        case $2 in
+        4|6)
+            local IP_VERS="-${2}"
+            ;;
+        *)
+            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
+            return 2
+            ;;
+        esac
+    fi
+
+    local IP_ADDR=$1
+
+    # Convert the address using ipcalc which strips out the subnet.
+    # For IPv6 addresses, this will give the short-form address
+    IP_ADDR="$(ipcalc "${IP_ADDR}" | grep "^Address:" | awk '{print $2}')"
+
+    echo $(ip ${IP_VERS} -br addr show scope global | grep -i " ${IP_ADDR}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')
+}
+
+get_ip_of_interface()
+{
+    local IP_VERS=""
+
+    if [[ "$#" -gt 2 ]]; then
+        echo "${FUNCNAME}: too many parameters" >&2
+        return 1
+    fi
+
+    if [[ "$#" -eq 2 ]]; then
+        case $2 in
+        4|6)
+            local IP_VERS="-${2}"
+            ;;
+        *)
+            echo "${FUNCNAME}: the second parameter should be [4|6] (or missing for both)" >&2
+            return 2
+            ;;
+        esac
+    fi
+
+    local IFACE=$1
+
+    echo $(ip ${IP_VERS} -br addr show scope global up dev ${IFACE} | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)
+}
+
 get_provisioning_interface()
 {
     if [[ -n "$PROVISIONING_INTERFACE" ]]; then
@@ -41,13 +122,7 @@ get_provisioning_interface()
         return
     fi
 
-    local interface="provisioning"
+    local interface=""
-
-    if [[ -n "${PROVISIONING_IP}" ]]; then
-        if ip -br addr show | grep -i " ${PROVISIONING_IP}/" &>/dev/null; then
-            interface="$(ip -br addr show | grep -i " ${PROVISIONING_IP}/" | cut -f 1 -d ' ' | cut -f 1 -d '@')"
-        fi
-    fi
 
     for mac in ${PROVISIONING_MACS//,/ }; do
         if ip -br link show up | grep -i "$mac" &>/dev/null; then
@@ -71,32 +146,111 @@ wait_for_interface_or_ip()
     # available on an interface, otherwise we look at $PROVISIONING_INTERFACE
     # for an IP
     if [[ -n "${PROVISIONING_IP}" ]]; then
-        # Convert the address using ipcalc which strips out the subnet.
+        local IFACE_OF_IP=""
-        # For IPv6 addresses, this will give the short-form address
+
-        IRONIC_IP="$(ipcalc "${PROVISIONING_IP}" | grep "^Address:" | awk '{print $2}')"
+        until [[ -n "$IFACE_OF_IP" ]]; do
-        export IRONIC_IP
+            echo "Waiting for ${PROVISIONING_IP} to be configured on an interface..."
-        until grep -F " ${IRONIC_IP}/" <(ip -br addr show); do
+            IFACE_OF_IP="$(get_interface_of_ip "${PROVISIONING_IP}")"
-            echo "Waiting for ${IRONIC_IP} to be configured on an interface"
             sleep 1
         done
+
+        echo "Found $PROVISIONING_IP on interface \"${IFACE_OF_IP}\"!"
+
+        export PROVISIONING_INTERFACE="$IFACE_OF_IP"
+	# If the IP contains a colon, then it's an IPv6 address
+        if [[ "$PROVISIONING_IP" =~ .*:.* ]]; then
+            export IRONIC_IPV6="$PROVISIONING_IP"
+            export IRONIC_IP=""
+        else
+            export IRONIC_IP="$PROVISIONING_IP"
+        fi
+    elif [[ -n "${IRONIC_IP}" ]]; then
+        if [[ "$IRONIC_IP" =~ .*:.* ]]; then
+            export IRONIC_IPV6="$IRONIC_IP"
+            export IRONIC_IP=""
+        fi
+    elif [[ -n "${PROVISIONING_INTERFACE}" ]]; then
+        until [[ -n "$IRONIC_IPV6" ]] || [[ -n "$IRONIC_IP" ]]; do
+            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured..."
+
+            IRONIC_IPV6="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 6)"
+            sleep 1
+
+            IRONIC_IP="$(get_ip_of_interface "${PROVISIONING_INTERFACE}" 4)"
+            sleep 1
+        done
+
+        if [[ -n "$IRONIC_IPV6" ]]; then
+            echo "Found $IRONIC_IPV6 on interface \"${PROVISIONING_INTERFACE}\"!"
+	    export IRONIC_IPV6
+        fi
+        if [[ -n "$IRONIC_IP" ]]; then
+            echo "Found $IRONIC_IP on interface \"${PROVISIONING_INTERFACE}\"!"
+	    export IRONIC_IP
+        fi
+    elif [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
+        local IPV6_IFACE=""
+        local IPV4_IFACE=""
+        
+        # we should get at least one IP address
+        until [[ -n "$IPV6_IFACE" ]] || [[ -n "$IPV4_IFACE" ]]; do
+            local IPV6_RECORD=""
+            local IPV4_RECORD=""
+
+            IPV6_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 6)"
+            IPV4_RECORD="$(get_ip_of_hostname "${IRONIC_URL_HOSTNAME}" 4)"
+
+            # We couldn't get any IP
+            if [[ -z "$IPV4_RECORD" ]] && [[ -z "$IPV6_RECORD" ]]; then
+                echo "${FUNCNAME}: no valid IP found for hostname ${IRONIC_URL_HOSTNAME}" >&2
+                return 1
+            fi
+
+            echo "Waiting for ${IPV6_RECORD} to be configured on an interface"
+            IPV6_IFACE="$(get_interface_of_ip "${IPV6_RECORD}" 6)"
+            sleep 1
+
+            echo "Waiting for ${IPV4_RECORD} to be configured on an interface"
+            IPV4_IFACE="$(get_interface_of_ip "${IPV4_RECORD}" 4)"
+            sleep 1
+        done
+
+        # Add some debugging output
+        if [[ -n "$IPV6_IFACE" ]]; then
+            echo "Found $IPV6_RECORD on interface \"${IPV6_IFACE}\"!"
+            export IRONIC_IPV6="$IPV6_RECORD"
+        fi
+        if [[ -n "$IPV4_IFACE" ]]; then
+            echo "Found $IPV4_RECORD on interface \"${IPV4_IFACE}\"!"
+            export IRONIC_IP="$IPV4_RECORD"
+        fi
+
+        # Make sure both IPs are asigned to the same interface
+        if [[ -n "$IPV6_IFACE" ]] && [[ -n "$IPV4_IFACE" ]] && [[ "$IPV6_IFACE" != "$IPV4_IFACE" ]]; then
+            echo "Warning, the IPv4 and IPv6 addresses from \"${HOSTNAME}\" are assigned to different " \
+            "interfaces (\"${IPV6_IFACE}\" and \"${IPV4_IFACE}\")" >&2
+        fi
+
     else
-        until [[ -n "$IRONIC_IP" ]]; do
+        echo "Cannot determine an interface or an IP for binding and creating URLs"
-            echo "Waiting for ${PROVISIONING_INTERFACE} interface to be configured"
+        return 1
-            IRONIC_IP="$(ip -br add show scope global up dev "${PROVISIONING_INTERFACE}" | awk '{print $3}' | sed -e 's%/.*%%' | head -n 1)"
-            export IRONIC_IP
-            sleep 1
-        done
     fi
 
-    # If the IP contains a colon, then it's an IPv6 address, and the HTTP
+    # Define the URLs based on the what we have found,
-    # host needs surrounding with brackets
+    # prioritize IPv6 for IRONIC_URL_HOST
-    if [[ "$IRONIC_IP" =~ .*:.* ]]; then
+    if [[ -n "$IRONIC_IP" ]]; then
-        export IPV=6
+        export ENABLE_IPV4=yes
-        export IRONIC_URL_HOST="[$IRONIC_IP]"
-    else
-        export IPV=4
         export IRONIC_URL_HOST="$IRONIC_IP"
     fi
+    if [[ -n "$IRONIC_IPV6" ]]; then
+        export ENABLE_IPV6=yes
+        export IRONIC_URL_HOST="[${IRONIC_IPV6}]" # The HTTP host needs surrounding with brackets
+    fi
+
+    # Once determined if we have IPv4 and/or IPv6, override the hostname if provided
+    if [[ -n "$IRONIC_URL_HOSTNAME" ]]; then
+        IRONIC_URL_HOST=$IRONIC_URL_HOSTNAME
+    fi
 
     # Avoid having to construct full URL multiple times while allowing
     # the override of IRONIC_HTTP_URL for environments in which IRONIC_IP

kube-rbac-proxy-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%
 #!BuildTag: %%IMG_PREFIX%%kube-rbac-proxy:%%kube-rbac-proxy_version%%-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

kubectl-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -16,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.32.4"
+LABEL org.opencontainers.image.version="1.33.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.32.4
+Version: 1.33.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 

metal3-chart/Chart.yaml

@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.9_up0.11.7
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.13_up0.12.3
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.9_up0.11.7-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.13_up0.12.3-%RELEASE%
 apiVersion: v2
-appVersion: 0.11.7
+appVersion: 0.12.3
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.9.2
+  version: 0.9.5
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.10.6
+  version: 0.11.2
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.6.0
+  version: 0.6.1
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.3
+  version: 0.6.5
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.9+up0.11.7"
+version: "%%CHART_MAJOR%%.0.13+up0.12.3"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.9.2
+version: 0.9.5

metal3-chart/charts/baremetal-operator/templates/_helpers.tpl

@@ -61,3 +61,19 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
+*/}}
+{{- define "baremetal-operator.ironicHttpHost" -}}
+{{- $hostIP := include "metal3.hostIP" . -}}
+{{- with .Values.global }}
+{{- if .provisioningHostname }}
+{{- .provisioningHostname }}
+{{- else if regexMatch ".*:.*" $hostIP}}
+{{- print "[" $hostIP "]" }}
+{{- else }}
+{{- $hostIP }}
+{{- end }}
+{{- end }}
+{{- end }}

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -1,10 +1,10 @@
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
   {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicIP := .Values.global.ironicIP | default "" }}
+  {{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
-  {{- $ironicApiHost := print $ironicIP ":6385" }}
+  {{- $ironicApiHost := print $ironicHost ":6385" }}
-  {{- $ironicBootHost := print $ironicIP ":6180" }}
+  {{- $ironicBootHost := print $ironicHost ":6180" }}
-  {{- $ironicCacheHost := print $ironicIP ":6180" }}
+  {{- $ironicCacheHost := print $ironicHost ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
 apiVersion: v1
@@ -12,8 +12,8 @@ data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
+    {{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
     {{- $protocol = "https" }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   {{- else }}
@@ -24,6 +24,10 @@ data:
   DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
   DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
   DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
+  {{- if .Values.baremetaloperator.externalHttpIPv6 }}
+  {{- $port := ternary .Values.global.vmediaTLSPort .Values.baremetaloperator.httpPort $enableVMediaTLS }}
+  IRONIC_EXTERNAL_URL_V6: "{{ $protocol }}://[{{ .Values.baremetaloperator.externalHttpIPv6 }}]:{{ $port }}"
+  {{- end }}
 kind: ConfigMap
 metadata:
   name: baremetal-operator-ironic

metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml

@@ -6,6 +6,7 @@ metadata:
     control-plane: controller-manager
   name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
   - name: https
     port: 8443

metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml

@@ -5,6 +5,7 @@ metadata:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
   name: {{ include "baremetal-operator.fullname" . }}-webhook-service
 spec:
+  ipFamilyPolicy: PreferDualStack
   ports:
   - port: 443
     targetPort: 9443

metal3-chart/charts/baremetal-operator/values.yaml

@@ -84,3 +84,8 @@ affinity: {}
 
 baremetaloperator:
   httpPort: "6180"
+
+  # IPv6 used for accessing the Ironic HTTP server for BMCs with an IPv6 only address.
+  # It should not be used in conjunction with 'provisioningHostname' unless BMCs do not
+  # support hostnames.
+  externalHttpIPv6: ""

metal3-chart/charts/ironic/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 26.1.2
+appVersion: 29.0.4
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.10.6
+version: 0.11.2

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -83,3 +83,50 @@ Get ironic CA volumeMounts
   readOnly: true
 {{- end }}
 {{- end }}
+
+{{/*
+Get the formatted "External" hostname or IP based URL
+*/}}
+{{- define "ironic.externalHttpUrl" }}
+{{- $host := ternary (include "metal3.hostIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }}
+{{- if regexMatch ".*:.*" $host }}
+{{- $host = print "[" $host "]" }}
+{{- end }}
+{{- $protocol := "http" }}
+{{- $port := "6180" }}
+{{- if .Values.global.enable_vmedia_tls }}
+{{- $protocol = "https" }}
+{{- $port = .Values.global.vmediaTLSPort | default "6185" }}
+{{- end }}
+{{- print $protocol "://" $host ":" $port }}
+{{- end }}
+
+{{/*
+Get the command to use for Liveness and Readiness probes
+*/}}
+{{- define "ironic.probeCommand" }}
+{{- $host := "127.0.0.1" }}
+{{- if eq .Values.listenOnAll false }}
+{{- $host = coalesce .Values.global.provisioningIP .Values.global.ironicIP .Values.global.provisioningHostname }}
+{{- if regexMatch ".*:.*" $host }}
+{{- $host = print "[" $host "]" }}
+{{- end }}
+{{- end }}
+{{- print "curl -sSfk https://" $host ":6385" }}
+{{- end }}
+
+{{/*
+Create the subjectAltNames section to be set on the Certificate
+*/}}
+{{- define "ironic.subjectAltNames" -}}
+{{- with .Values.global }}
+{{- if .provisioningHostname }}
+dnsNames:
+- {{ .provisioningHostname }}
+{{- end -}}
+{{- if or .ironicIP .provisioningIP }}
+ipAddresses:
+  - {{ coalesce .provisioningIP .ironicIP }}
+{{- end }}
+{{- end }}
+{{- end }}

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -6,8 +6,7 @@ metadata:
 spec:
   commonName: ironic-ca
   isCA: true
-  ipAddresses:
+  {{- include "ironic.subjectAltNames" . | indent 2 }}
-  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: selfsigned-issuer
@@ -19,8 +18,7 @@ metadata:
   name: ironic-cert
 spec:
   commonName: ironic-cert
-  ipAddresses:
+  {{- include "ironic.subjectAltNames" . | indent 2 }}
-  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer
@@ -33,8 +31,7 @@ metadata:
   name: ironic-vmedia-cert
 spec:
   commonName: ironic-vmedia-cert
-  ipAddresses:
+  {{- include "ironic.subjectAltNames" . | indent 2 }}
-  - {{ .Values.global.ironicIP }}
   issuerRef:
     kind: Issuer
     name: ca-issuer

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -5,16 +5,9 @@ metadata:
   labels:
     {{- include "ironic.labels" . | nindent 4 }}
 data:
-  {{- $enableTLS := .Values.global.enable_tls }}
-  {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
-  {{- $protocol := ternary "https" "http" $enableTLS }}
-  {{- $ironicIP := .Values.global.ironicIP | default "" }}
-  {{- $ironicBootHost := print $ironicIP ":6180" }}
-  {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
 
   {{- if  ( .Values.global.enable_dnsmasq ) }}
-  DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
   DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
   DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
   DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -24,29 +17,21 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  # Switch VMedia to HTTP if enable_vmedia_tls is false
+  IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
-  {{- if and $enableTLS $enableVMediaTLS }}
-    {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
-    {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
-    {{- $protocol = "https" }}
-  {{- else }}
-    {{- $protocol = "http" }}
-  {{- end }}
-  IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
   DEPLOY_ARCHITECTURE: {{ $deployArch }}
-  IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
   ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
   {{- if .Values.global.provisioningInterface }}
   PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
   {{- end }}
   {{- if .Values.global.provisioningIP }}
-  PROVISIONING_IP: {{ .Values.global.provisioningIP }}
+  PROVISIONING_IP: {{ include "metal3.hostIP" . }}
+  {{- else if .Values.global.ironicIP }}
+  IRONIC_IP: {{ include "metal3.hostIP" . }}
+  {{- else if .Values.global.provisioningHostname }}
+  IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
   {{- end }}
   IRONIC_FAST_TRACK: "true"
-  LISTEN_ALL_INTERFACES: "true"
+  LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
-  {{- if .Values.global.ironicIP }}
-  IRONIC_IP: {{ .Values.global.ironicIP }}
-  {{- end }}
   {{- if  ( .Values.global.enable_tls ) }}
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -42,7 +42,7 @@ spec:
             name: ironic
         livenessProbe:
           exec:
-            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
+            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -60,7 +60,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
+            command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30

metal3-chart/charts/ironic/templates/service.yaml

@@ -10,6 +10,7 @@ metadata:
   {{- end }}
 spec:
   type: {{ .Values.service.type }}
+  ipFamilyPolicy: PreferDualStack
   ports:
   {{- $enableTLS := .Values.global.enable_tls }}
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}

metal3-chart/charts/ironic/values.yaml

@@ -32,6 +32,12 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
+  # Fully Qualified Domain Name used by Ironic for both binding (to the
+  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
+  # media, also used by BMO. Note, this is the only way to enable a fully
+  # working dual-stack configuration.
+  provisioningHostname: ""
+
   # Whether the NIC names should be predictable or not
   predictableNicNames: "true"
 
@@ -52,11 +58,13 @@ global:
 
 replicaCount: 1
 
+listenOnAll: true
+
 images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 26.1.2.5
+    tag: 29.0.4.1
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent

metal3-chart/charts/mariadb/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.6.0
+version: 0.6.1

metal3-chart/charts/mariadb/templates/service.yaml

@@ -5,6 +5,7 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   selector:
     {{- include "mariadb.selectorLabels" . | nindent 4 }}

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.3
+version: 0.6.5

metal3-chart/charts/media/templates/service.yaml

@@ -5,6 +5,7 @@ metadata:
   labels:
     {{- include "media.labels" . | nindent 4 }}
 spec:
+  ipFamilyPolicy: PreferDualStack
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 26.1.2.5
+  tag: 29.0.4.1
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/templates/_helpers.tpl

@@ -60,3 +60,18 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+Produce the correct IP or hostname for Ironic provisioning
+*/}}
+{{- define "metal3.hostIP" -}}
+{{- with .Values.global }}
+{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
+{{  fail "Please provide either provisioningHostname or provisioningIP or ironicIP" }}
+{{- end }}
+{{- if and .provisioningIP .ironicIP }}
+{{  fail "Please provide either ironicIP or provisioningIP" }}
+{{- end }}
+{{- coalesce .provisioningIP .ironicIP }}
+{{- end }}
+{{- end }}

metal3-chart/values.yaml

@@ -60,6 +60,15 @@ global:
   # IP Address assigned to network interface on provisioning network
   provisioningIP: ""
 
+  # Fully Qualified Domain Name used by Ironic for both binding (to the 
+  # associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
+  # media, also used by BMO. Note, this is the only way to enable a fully
+  # working dual-stack configuration.
+  provisioningHostname: ""
+
+  # Hostname or IP for accessing the Ironic API server from a non-provisioning network
+  externalHttpHost: ""
+
   # Name for the MariaDB service
   databaseServiceName: metal3-mariadb
 

metallb-controller-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%metallb-controller:v%%metallb-controller_version%%
 #!BuildTag: %%IMG_PREFIX%%metallb-controller:v%%metallb-controller_version%%-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

metallb-speaker-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%metallb-speaker:v%%metallb-speaker_version%%
 #!BuildTag: %%IMG_PREFIX%%metallb-speaker:v%%metallb-speaker_version%%-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 

python-pyhelm3/_service

@@ -0,0 +1,3 @@
+<services>
+<service name="download_assets"></service>
+</services>

python-pyhelm3/pyhelm3.spec

@@ -0,0 +1,55 @@
+#
+# spec file for package python-pyhelm3
+#
+# Copyright (c) 2025 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+
+Name:           python-pyhelm3
+Version:        0.4.0
+Release:        0
+Summary:        Python library for managing Helm releases using Helm 3
+License:        Apache-2.0
+URL:            https://github.com/azimuth-cloud/pyhelm3
+#!RemoteAsset
+Source:         https://files.pythonhosted.org/packages/source/p/pyhelm3/pyhelm3-%{version}.tar.gz
+BuildRequires:  python-rpm-macros
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module setuptools >= 42}
+BuildRequires:  %{python_module setuptools_scm >= 3.4}
+BuildRequires:  %{python_module wheel}
+BuildRequires:  fdupes
+Requires:       %{python_module pydantic}
+Requires:       %{python_module PyYAML}
+BuildArch:      noarch
+%python_subpackages
+
+%description
+Python library for managing Helm releases using Helm 3.
+
+%prep
+%autosetup -p1 -n pyhelm3-%{version}
+
+%build
+%pyproject_wheel
+
+%install
+%pyproject_install
+%python_expand %fdupes %{buildroot}%{$python_sitelib}
+
+%files %{python_files}
+%doc README.md
+%license LICENSE
+%{python_sitelib}/pyhelm3
+%{python_sitelib}/pyhelm3-%{version}.dist-info
+
+%changelog

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.20.0
+appVersion: 0.21.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: "%%CHART_MAJOR%%.0.4+up0.20.0"
+version: "%%CHART_MAJOR%%.0.5+up0.21.0"

rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml

@@ -656,12 +656,8 @@ data:
       - list
       - get
       - watch
-    - apiGroups:
-      - ""
-      resources:
-      - namespaces
-      verbs:
       - create
+      - patch
     - apiGroups:
       - events.k8s.io
       resources:
@@ -817,7 +813,7 @@ data:
             control-plane: controller-manager
         spec:
           containers:
-          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
+          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0
             imagePullPolicy: IfNotPresent
             name: manager
             ports:
@@ -839,7 +835,7 @@ data:
                 memory: 100Mi
           - args:
             - --helm-install
-            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
+            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.11.0
             name: helm-manager
             resources:
               limits:
@@ -891,10 +887,13 @@ data:
       - major: 0
         minor: 10
         contract: v1beta1
+      - major: 0
+        minor: 11
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.10.0
+  name: v0.11.0
   namespace: rancher-turtles-system
   labels:
     provider-components: fleet

rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml

@@ -3734,7 +3734,7 @@ data:
             envFrom:
             - configMapRef:
                 name: capm3-capm3fasttrack-configmap
-            image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.3
+            image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.4
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -3820,7 +3820,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-            image: quay.io/metal3-io/ip-address-manager:v1.9.4
+            image: quay.io/metal3-io/ip-address-manager:v1.9.5
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4524,7 +4524,7 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v1.9.3
+  name: v1.9.4
   namespace: capm3-system
   labels:
     provider-components: metal3

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -985,6 +985,9 @@ data:
                       - path
                       type: object
                     type: array
+                  gzipUserData:
+                    description: GzipUserData specifies if the user data should be gzipped.
+                    type: boolean
                   postRKE2Commands:
                     description: PostRKE2Commands specifies extra commands to run after
                       rke2 setup runs.
@@ -2164,6 +2167,10 @@ data:
                               - path
                               type: object
                             type: array
+                          gzipUserData:
+                            description: GzipUserData specifies if the user data should
+                              be gzipped.
+                            type: boolean
                           postRKE2Commands:
                             description: PostRKE2Commands specifies extra commands to
                               run after rke2 setup runs.
@@ -2525,11 +2532,12 @@ data:
             - --leader-elect
             - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
-            - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
             - --v=${CAPRKE2_DEBUG_LEVEL:=0}
+            - --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true},ClusterTopology=${CLUSTER_TOPOLOGY:=true}
+            - --concurrency=${CONCURRENCY_NUMBER:=10}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.18.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2764,10 +2772,16 @@ data:
       - major: 0
         minor: 16
         contract: v1beta1
+      - major: 0
+        minor: 17
+        contract: v1beta1
+      - major: 0
+        minor: 18
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.16.1
+  name: v0.18.0
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -1624,6 +1624,9 @@ data:
                       - path
                       type: object
                     type: array
+                  gzipUserData:
+                    description: GzipUserData specifies if the user data should be gzipped.
+                    type: boolean
                   infrastructureRef:
                     description: |-
                       InfrastructureRef is a required reference to a custom resource
@@ -2434,6 +2437,51 @@ data:
                               if value is false, ETCD metrics will NOT be exposed
                             type: boolean
                         type: object
+                      externalDatastoreSecret:
+                        description: |-
+                          ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore.
+                          The secret must contain a key named "endpoint" that contains the connection string for the external datastore.
+                        properties:
+                          apiVersion:
+                            description: API version of the referent.
+                            type: string
+                          fieldPath:
+                            description: |-
+                              If referring to a piece of an object instead of an entire object, this string
+                              should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                              For example, if the object reference is to a container within a pod, this would take on a value like:
+                              "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                              the event) or if no container name is specified "spec.containers[2]" (container with
+                              index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                              referencing a part of an object.
+                            type: string
+                          kind:
+                            description: |-
+                              Kind of the referent.
+                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                            type: string
+                          name:
+                            description: |-
+                              Name of the referent.
+                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                            type: string
+                          namespace:
+                            description: |-
+                              Namespace of the referent.
+                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                            type: string
+                          resourceVersion:
+                            description: |-
+                              Specific resourceVersion to which this reference is made, if any.
+                              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                            type: string
+                          uid:
+                            description: |-
+                              UID of the referent.
+                              More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                            type: string
+                        type: object
+                        x-kubernetes-map-type: atomic
                       kubeAPIServer:
                         description: KubeAPIServer defines optional custom configuration
                           of the Kube API Server.
@@ -3125,6 +3173,10 @@ data:
                               - path
                               type: object
                             type: array
+                          gzipUserData:
+                            description: GzipUserData specifies if the user data should
+                              be gzipped.
+                            type: boolean
                           infrastructureRef:
                             description: |-
                               InfrastructureRef is a required reference to a custom resource
@@ -3950,6 +4002,51 @@ data:
                                       if value is false, ETCD metrics will NOT be exposed
                                     type: boolean
                                 type: object
+                              externalDatastoreSecret:
+                                description: |-
+                                  ExternalDatastoreSecret is a reference to a Secret that contains configuration about connecting to an external datastore.
+                                  The secret must contain a key named "endpoint" that contains the connection string for the external datastore.
+                                properties:
+                                  apiVersion:
+                                    description: API version of the referent.
+                                    type: string
+                                  fieldPath:
+                                    description: |-
+                                      If referring to a piece of an object instead of an entire object, this string
+                                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                                      For example, if the object reference is to a container within a pod, this would take on a value like:
+                                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                                      the event) or if no container name is specified "spec.containers[2]" (container with
+                                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                                      referencing a part of an object.
+                                    type: string
+                                  kind:
+                                    description: |-
+                                      Kind of the referent.
+                                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                                    type: string
+                                  name:
+                                    description: |-
+                                      Name of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                                    type: string
+                                  namespace:
+                                    description: |-
+                                      Namespace of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                                    type: string
+                                  resourceVersion:
+                                    description: |-
+                                      Specific resourceVersion to which this reference is made, if any.
+                                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                                    type: string
+                                  uid:
+                                    description: |-
+                                      UID of the referent.
+                                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
+                                    type: string
+                                type: object
+                                x-kubernetes-map-type: atomic
                               kubeAPIServer:
                                 description: KubeAPIServer defines optional custom configuration
                                   of the Kube API Server.
@@ -4446,6 +4543,7 @@ data:
             - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
             - --v=${CAPRKE2_DEBUG_LEVEL:=0}
+            - --concurrency=${CONCURRENCY_NUMBER:=10}
             command:
             - /manager
             env:
@@ -4461,7 +4559,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.18.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4703,10 +4801,16 @@ data:
       - major: 0
         minor: 16
         contract: v1beta1
+      - major: 0
+        minor: 17
+        contract: v1beta1
+      - major: 0
+        minor: 18
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.16.1
+  name: v0.18.0
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
   version: 0.18.1
 digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
-generated: "2025-05-29T09:13:16.863770955Z"
+generated: "2025-06-30T13:10:01.066923702Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.5_up0.21.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.20.0
+appVersion: 0.21.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
   repository: file://./charts/cluster-api-operator
-  version: 0.17.0
+  version: 0.18.1
 description: Rancher Turtles is an extension to Rancher that brings full Cluster API
   integration to Rancher.
 home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: "%%CHART_MAJOR%%.0.4+up0.20.0"
+version: "%%CHART_MAJOR%%.0.5+up0.21.0"

rancher-turtles-chart/RELEASE_NOTES.md

@@ -1,4 +1,4 @@
-## Changes since v0.20.0-rc.0
+## Changes since examples/v0.21.0
 ---
 ## :chart_with_upwards_trend: Overview
 

rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.17.0
+appVersion: 0.18.1
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.17.0
+version: 0.18.1

rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml

@@ -26,8 +26,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $addonNamespace }}
 ---
@@ -37,8 +39,10 @@ metadata:
   name: {{ $addonName }}
   namespace: {{ $addonNamespace }}
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml

@@ -26,8 +26,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "1"
   name: {{ $bootstrapNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -36,8 +39,11 @@ metadata:
   name: {{ $bootstrapName }}
   namespace: {{ $bootstrapNamespace }}
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:
 {{- end}}

rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml

@@ -26,8 +26,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "1"
   name: {{ $controlPlaneNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -36,8 +39,11 @@ metadata:
   name: {{ $controlPlaneName }}
   namespace: {{ $controlPlaneNamespace }}
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "2"
 {{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
 spec:
 {{- end}}

rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml

@@ -1,4 +1,4 @@
-{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure }}
+{{- if or .Values.addon .Values.bootstrap .Values.controlPlane .Values.infrastructure .Values.ipam }}
 # Deploy core components if not specified
 {{- if not .Values.core }}
 ---
@@ -6,8 +6,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "1"
   name: capi-system
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -16,8 +19,11 @@ metadata:
   name: cluster-api
   namespace: capi-system
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
   configSecret:
@@ -28,4 +34,3 @@ spec:
 {{- end }}
 {{- end }}
 {{- end }}
-

rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml

@@ -25,8 +25,11 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
+    "argocd.argoproj.io/sync-wave": "1"
   name: {{ $coreNamespace }}
 ---
 apiVersion: operator.cluster.x-k8s.io/v1alpha2
@@ -35,8 +38,10 @@ metadata:
   name: {{ $coreName }}
   namespace: {{ $coreNamespace }}
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
 spec:
@@ -45,8 +50,8 @@ spec:
   version: {{ $coreVersion }}
 {{- end }}
 {{- if $.Values.manager }}
-  manager:
 {{- if and $.Values.manager.featureGates $.Values.manager.featureGates.core }}
+  manager:
     featureGates:
     {{- range $key, $value := $.Values.manager.featureGates.core }}
       {{ $key }}: {{ $value }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml

@@ -7,8 +7,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-bootstrap-system
 ---
@@ -18,8 +20,10 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-bootstrap-system
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
@@ -37,8 +41,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-control-plane-system
 ---
@@ -48,14 +54,16 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-control-plane-system
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
 spec:
 {{- if $.Values.manager }}
-  manager:
 {{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
+  manager:
     featureGates:
     {{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
       {{ $key }}: {{ $value }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml

@@ -26,8 +26,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $infrastructureNamespace }}
 ---
@@ -37,8 +39,10 @@ metadata:
   name: {{ $infrastructureName }}
   namespace: {{ $infrastructureNamespace }}
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
@@ -47,8 +51,8 @@ spec:
   version: {{ $infrastructureVersion }}
 {{- end }}
 {{- if $.Values.manager }}
-  manager:
 {{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $infrastructureName) }}
+  manager:
 {{- range $key, $value := $.Values.manager.featureGates }}
   {{- if eq $key $infrastructureName }}
     featureGates:

rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml

@@ -26,8 +26,10 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $ipamNamespace }}
 ---
@@ -37,8 +39,10 @@ metadata:
   name: {{ $ipamName }}
   namespace: {{ $ipamNamespace }}
   annotations:
+    {{- if $.Values.enableHelmHook }}
     "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
+    {{- end }}
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
 spec:
@@ -47,8 +51,8 @@ spec:
   version: {{ $ipamVersion }}
 {{- end }}
 {{- if $.Values.manager }}
-  manager:
 {{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
+  manager:
 {{- range $key, $value := $.Values.manager.featureGates }}
   {{- if eq $key $ipamName }}
     featureGates:

rancher-turtles-chart/charts/cluster-api-operator/values.yaml

@@ -21,7 +21,7 @@ leaderElection:
 image:
   manager:
     repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.17.0
+    tag: v0.18.1
     pullPolicy: IfNotPresent
 env:
   manager: []
@@ -69,3 +69,4 @@ volumeMounts:
     - mountPath: /tmp/k8s-webhook-server/serving-certs
       name: cert
       readOnly: true
+enableHelmHook: true

rancher-turtles-chart/questions.yml

@@ -36,7 +36,7 @@ questions:
         label: Enable Agent TLS Mode
         group: "Rancher Turtles Features Settings"
       - variable: rancherTurtles.kubectlImage
-        default: "registry.suse.com/edge/3.2/kubectl:1.32.4"
+        default: "registry.suse.com/edge/3.3/kubectl:1.32.4"
         description: "Specify the image to use when running kubectl in jobs."
         type: string
         label: Kubectl Image

rancher-turtles-chart/values.yaml

@@ -9,8 +9,8 @@ turtlesUI:
 rancherTurtles:
   # image: registry.rancher.com/rancher/rancher/turtles
   image: registry.rancher.com/rancher/rancher/turtles
-  # imageVersion: v0.20.0
+  # imageVersion: v0.21.0
-  imageVersion: v0.20.0
+  imageVersion: v0.21.0
   # imagePullPolicy: IfNotPresent
   imagePullPolicy: IfNotPresent
   # namespace: Select namespace for Turtles to run.
@@ -22,7 +22,7 @@ rancherTurtles:
   # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
   rancherInstalled: false
   # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.33.4"
   # features: Optional and experimental features.
   features:
     # day2operations: Alpha feature.
@@ -31,8 +31,8 @@ rancherTurtles:
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.20.0
+      # imageVersion: v0.21.0
-      imageVersion: v0.20.0
+      imageVersion: v0.21.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
       # etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
@@ -49,8 +49,8 @@ rancherTurtles:
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.20.0
+      # imageVersion: v0.21.0
-      imageVersion: v0.20.0
+      imageVersion: v0.21.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
 
@@ -127,7 +127,7 @@ cluster-api-operator:
       # enabled: Turn on or off.
       enabled: true
       # version: RKE2 version.
-      version: "v0.16.1"
+      version: "v0.18.0"
       # bootstrap: RKE2 bootstrap provider.
       bootstrap:
         # namespace: Bootstrap namespace.
@@ -154,10 +154,10 @@ cluster-api-operator:
           selector: ""
     metal3:
       enabled: true
-      version: "v1.9.3"
+      version: "v1.9.4"
       infrastructure:
         namespace: capm3-system
-        imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3"
+        imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.4"
         fetchConfig:
           url: ""
           selector: ""

release-manifest-image/release_manifest.yaml

@@ -7,128 +7,128 @@ spec:
   components:
     kubernetes:
       k3s:
-        version: v1.32.4+k3s1
+        version: v1.33.3+k3s1
         coreComponents:
-        - name: traefik-crd
+          - name: traefik-crd
-          version: 34.2.1+up34.2.0
+            version: 34.2.1+up34.2.0
-          type: HelmChart
+            type: HelmChart
-        - name: traefik
+          - name: traefik
-          version: 34.2.1+up34.2.0
+            version: 34.2.1+up34.2.0
-          type: HelmChart
+            type: HelmChart
-        - name: local-path-provisioner
-          containers:
           - name: local-path-provisioner
-            image: rancher/local-path-provisioner:v0.0.31
+            containers:
-          type: Deployment
+              - name: local-path-provisioner
-        - name: coredns
+                image: rancher/local-path-provisioner:v0.0.31
-          containers:
+            type: Deployment
           - name: coredns
-            image: rancher/mirrored-coredns-coredns:1.12.1
+            containers:
-          type: Deployment
+              - name: coredns
-        - name: metrics-server
+                image: rancher/mirrored-coredns-coredns:1.12.1
-          containers:
+            type: Deployment
           - name: metrics-server
-            image: rancher/mirrored-metrics-server:v0.7.2
+            containers:
-          type: Deployment
+              - name: metrics-server
+                image: rancher/mirrored-metrics-server:v0.7.2
+            type: Deployment
       rke2:
-        version: v1.32.4+rke2r1
+        version: v1.33.3+rke2r1
         coreComponents:
-        - name: rke2-cilium
+          - name: rke2-cilium
-          version: 1.17.300
+            version: 1.17.600
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-canal
+          - name: rke2-canal
-          version: v3.29.3-build2025040801
+            version: v3.30.2-build2025071100
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-calico-crd
+          - name: rke2-calico-crd
-          version: v3.29.101
+            version: v3.30.100
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-calico
+          - name: rke2-calico
-          version: v3.29.300
+            version: v3.30.100
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-coredns
+          - name: rke2-coredns
-          version: 1.39.201
+            version: 1.42.302
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-ingress-nginx
+          - name: rke2-ingress-nginx
-          version: 4.12.101
+            version: 4.12.401
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-metrics-server
+          - name: rke2-metrics-server
-          version: 3.12.200
+            version: 3.12.203
-          type: HelmChart
+            type: HelmChart
-        - name: rancher-vsphere-csi
+          - name: rancher-vsphere-csi
-          version: 3.3.1-rancher900
+            version: 3.3.1-rancher1000
-          type: HelmChart
+            type: HelmChart
-        - name: rancher-vsphere-cpi
+          - name: rancher-vsphere-cpi
-          version: 1.10.000
+            version: 1.11.000
-          type: HelmChart
+            type: HelmChart
-        - name: harvester-cloud-provider
+          - name: harvester-cloud-provider
-          version: 0.2.900
+            version: 0.2.1000
-          type: HelmChart
+            type: HelmChart
-        - name: harvester-csi-driver
+          - name: harvester-csi-driver
-          version: 0.1.2300
+            version: 0.1.2400
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-snapshot-controller-crd
+          - name: rke2-snapshot-controller-crd
-          version: 4.0.002
+            version: 4.0.003
-          type: HelmChart
+            type: HelmChart
-        - name: rke2-snapshot-controller
+          - name: rke2-snapshot-controller
-          version: 4.0.002
+            version: 4.0.003
-          type: HelmChart
+            type: HelmChart
-        # Deprecated this empty chart addon can be removed in v1.34
+          # Deprecated this empty chart addon can be removed in v1.34
-        - name: rke2-snapshot-validation-webhook
+          - name: rke2-snapshot-validation-webhook
-          version: 0.0.0
+            version: 0.0.0
-          type: HelmChart
+            type: HelmChart
     operatingSystem:
-      version: "6.1"
+      version: '6.1'
-      zypperID: "SL-Micro"
+      zypperID: SL-Micro
-      cpeScheme: "cpe:/o:suse:sl-micro:6.1"
+      cpeScheme: cpe:/o:suse:sl-micro:6.1
-      prettyName: "SUSE Linux Micro 6.1"
+      prettyName: SUSE Linux Micro 6.1
       supportedArchs:
-        - "x86_64"
+        - x86_64
-        - "aarch64"
+        - aarch64
     workloads:
       helm:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.11.2
+          version: 2.12.1-alpha1
-          repository: https://charts.rancher.com/server-charts/prime
+          repository: https://releases.rancher.com/server-charts/alpha
           values:
             postDelete:
               enabled: false
         - prettyName: Longhorn
           releaseName: longhorn
           chart: longhorn
-          version: 106.2.0+up1.8.1
+          version: 106.2.1+up1.8.2
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: longhorn-crd
               chart: longhorn-crd
-              version: 106.2.0+up1.8.1
+              version: 106.2.1+up1.8.2
               repository: https://charts.rancher.io
         - prettyName: MetalLB
           releaseName: metallb
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metallb"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metallb'
-          version: "%%CHART_MAJOR%%.0.0+up0.14.9"
+          version: '%%CHART_MAJOR%%.0.0+up0.14.9'
         - prettyName: CDI
           releaseName: cdi
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%cdi"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%cdi'
-          version: "%%CHART_MAJOR%%.0.0+up0.5.0"
+          version: '%%CHART_MAJOR%%.0.0+up0.5.0'
         - prettyName: KubeVirt
           releaseName: kubevirt
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt'
-          version: "%%CHART_MAJOR%%.0.0+up0.5.0"
+          version: '%%CHART_MAJOR%%.0.0+up0.5.0'
           addonCharts:
             - releaseName: kubevirt-dashboard-extension
-              chart: "%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension"
+              chart: '%%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension'
-              version: "%%CHART_MAJOR%%.0.2+up1.3.2"
+              version: '%%CHART_MAJOR%%.0.2+up1.3.2'
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 106.0.1+up2.8.6
+          version: 107.0.0+up2.8.7
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 106.0.1+up2.8.6
+              version: 107.0.0+up2.8.7
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
@@ -137,16 +137,16 @@ spec:
               version: 2.1.3
         - prettyName: EndpointCopierOperator
           releaseName: endpoint-copier-operator
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator'
-          version: "%%CHART_MAJOR%%.0.1+up0.3.0"
+          version: '%%CHART_MAJOR%%.0.1+up0.3.0'
         - prettyName: Elemental
           releaseName: elemental-operator
           chart: oci://registry.suse.com/rancher/elemental-operator-chart
-          version: 1.6.8
+          version: 1.7.3
           dependencyCharts:
             - releaseName: elemental-operator-crds
               chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
-              version: 1.6.8
+              version: 1.7.3
           addonCharts:
             - releaseName: elemental
               chart: elemental
@@ -154,29 +154,29 @@ spec:
               version: 3.0.0
         - prettyName: SRIOV
           releaseName: sriov-network-operator
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator'
-          version: "%%CHART_MAJOR%%.0.2+up1.5.0"
+          version: '%%CHART_MAJOR%%.0.2+up1.5.0'
           dependencyCharts:
             - releaseName: sriov-crd
-              chart: "%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd"
+              chart: '%%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd'
-              version: "%%CHART_MAJOR%%.0.2+up1.5.0"
+              version: '%%CHART_MAJOR%%.0.2+up1.5.0'
         - prettyName: Akri
           releaseName: akri
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri'
-          version: "%%CHART_MAJOR%%.0.0+up0.12.20"
+          version: '%%CHART_MAJOR%%.0.0+up0.12.20'
           addonCharts:
             - releaseName: akri-dashboard-extension
-              chart: "%%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension"
+              chart: '%%CHART_REPO%%/%%CHART_PREFIX%%akri-dashboard-extension'
-              version: "%%CHART_MAJOR%%.0.2+up1.3.1"
+              version: '%%CHART_MAJOR%%.0.2+up1.3.1'
         - prettyName: Metal3
           releaseName: metal3
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%metal3'
-          version: "%%CHART_MAJOR%%.0.9+up0.11.7"
+          version: '%%CHART_MAJOR%%.0.13+up0.12.3'
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles'
-          version: "%%CHART_MAJOR%%.0.4+up0.20.0"
+          version: '%%CHART_MAJOR%%.0.5+up0.21.0'
         - prettyName: RancherTurtlesAirgapResources
           releaseName: rancher-turtles-airgap-resources
-          chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources"
+          chart: '%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles-airgap-resources'
-          version: "%%CHART_MAJOR%%.0.4+up0.20.0"
+          version: '%%CHART_MAJOR%%.0.5+up0.21.0'

upgrade-controller-chart/values.yaml

@@ -15,7 +15,7 @@ env:
     image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
   kubectl:
     image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.32.4
+    version: 1.33.4
 
 imagePullSecrets: []
 nameOverride: ""

upgrade-controller-image/Dockerfile

@@ -1,7 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
 #!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.1
 #!BuildTag: %%IMG_PREFIX%%upgrade-controller:0.1.1-%RELEASE%
-#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro