rancher-turtles-chart: Update to 0.16.0

Align with https://github.com/suse-edge/charts/pull/186

.gitea/workflows/pr_project.yaml

@@ -0,0 +1,62 @@
+name: Build PR in OBS
+on:
+  pull_request_target:
+    types:
+      - opened
+      - reopened
+      - synchronize
+      - closed
+    branches-ignore:
+      - "devel"
+
+concurrency:
+  group: ${{ gitea.workflow }}-${{ gitea.ref }}
+  cancel-in-progress: true
+
+jobs:
+  sync-pr-project:
+    name: "Build PR in OBS"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          zypper in -y python3-jinja2
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+      - name: "[if PR is closed] Delete project in OBS"
+        run: |
+          if [ "${{ gitea.event.action }}" = "closed" ]; then
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          osc rdelete -f -r -m "PR closed" "${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          fi
+      - name: "Setup PR project in OBS"
+        env:
+          SCM_URL: ${{ gitea.event.pull_request.head.repo.clone_url }}#${{ gitea.head_ref }}
+        run: |
+          if [ "${{ gitea.event.action }}" != "closed" ]; then
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          python3 .obs/render_meta.py --pr ${{ gitea.event.number }} --scm-url "${SCM_URL}" | osc meta prj "${PROJECT}:Staging:PR-${{ gitea.event.number }}" -F -
+          echo "Project created ${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          echo "Follow build at: https://build.opensuse.org/project/monitor/${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          fi
+      - env:
+          GIT_SHA: ${{ gitea.event.pull_request.head.sha }}
+        name: "Wait for OBS to build the project"
+        run: |
+          if [ "${{ gitea.event.action }}" != "closed" ]; then
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          export OBS_PROJECT="${PROJECT}:Staging:PR-${{ gitea.event.number }}"
+          python3 .obs/wait_obs.py
+          fi

.gitea/workflows/sync_config.yaml

@@ -0,0 +1,35 @@
+name: Synchronize Project Config
+on:
+  push:
+    branches-ignore:
+      - "devel"
+    paths:
+      - "_config"
+      - ".gitea/workflows/sync_config.yaml"
+
+jobs:
+  sync-prjconf:
+    name: "Update prjconf in OBS"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+      - run: |
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          if [ "$(osc meta prjconf "${PROJECT}" | sha256sum)" != "$(cat _config | sha256sum)" ] ; then
+            osc meta prjconf "${PROJECT}" -F _config
+          fi

.gitea/workflows/sync_meta.yaml

@@ -0,0 +1,45 @@
+name: Synchronize Project Metadata
+on:
+  push:
+    branches-ignore:
+      - "devel"
+    paths:
+      - "*" # Will trigger on new directories and changes to files in root of repository
+      - ".gitea/workflows/sync_meta.yaml"
+      - ".obs/common.py"
+
+jobs:
+  sync-prj-meta:
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          zypper in -y python3-jinja2
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+      - name: "Update or create OBS Project"
+        run: |
+          PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+          set -o pipefail
+          if meta="$(osc meta prj "${PROJECT}" 2>/dev/null | sha256sum)"; then
+            new_meta="$(python3 .obs/render_meta.py)"
+            if [ "${meta}" != "$(echo "${new_meta}" | sha256sum)" ]; then
+              echo "${new_meta}" | osc meta prj "${PROJECT}" -F -
+            fi
+            python3 .obs/sync_packages.py
+          else
+            # Create the projects
+            bash .obs/create_projects.sh
+          fi

.gitea/workflows/trigger_devel.yaml

@@ -0,0 +1,30 @@
+name: Trigger Devel Packages
+on:
+  schedule:
+    - cron: "@daily"
+
+jobs:
+  sync-pr-project:
+    name: "Trigger source services for devel packages that changed"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+          ref: 'devel'
+      - name: "Trigger packages"
+        run: |
+          python3 .obs/trigger_package.py

.obs/add_package.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-import yaml
 import subprocess
 import argparse
 import os
@@ -7,30 +6,6 @@ import os.path
 
 from common import PROJECT, REPOSITORY, BRANCH
 
-def add_package_to_workflow(name: str):
-    modified = False
-    with open(".obs/workflows.yml", "r") as wf_file:
-        workflows = yaml.safe_load(wf_file)
-    if not any(
-        x
-        for x in workflows["staging_build"]["steps"]
-        if x["branch_package"]["source_package"] == name
-    ):
-        workflows["staging_build"]["steps"].append(
-            {
-                "branch_package": {
-                    "source_project": PROJECT,
-                    "target_project": f"{PROJECT}:Staging",
-                    "source_package": name,
-                }
-            }
-        )
-        modified = True
-    if modified:
-        with open(".obs/workflows.yml", "w") as wf_file:
-            yaml.dump(workflows, wf_file)
-
-
 def add_package_to_project(name: str):
     package_meta = f"""<package name="{name}" project="{PROJECT}">
   <title/>
@@ -53,7 +28,6 @@ def add_package(package_name: str):
         os.exit(1)
 
     add_package_to_project(package_name)
-    add_package_to_workflow(package_name)
 
 
 def main():
@@ -65,7 +39,7 @@ def main():
     add_package(args.package)
     
 
-    print("Package created in OBS, you can now push the modified workflow file")
+    print("Package created in OBS !")
 
 
 if __name__ == '__main__':

.obs/create_projects.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+show_help() {
+    echo "Usage: $(basename $0) [--internal]"
+    echo "options:"
+    echo "-h, --help       display this help and exit"
+    echo "-i, --internal   create project as internal"
+    exit 0
+}
+
+while [[ "$#" -gt 0 ]]; do
+    case $1 in
+        -h|--help) show_help;;
+        -i|--internal) internal="--internal" ;;
+        *) echo "Unknown parameter passed: $1";show_help ;;
+    esac
+    shift
+done
+
+PROJECT="$(grep PROJECT .obs/common.py | sed 's/PROJECT = "\(.*\)"/\1/')"
+EXTRA_OSC_ARGS=""
+if [ -n "$internal" ]; then
+    PROJECT="ISV${PROJECT:3}"
+    EXTRA_OSC_ARGS="-A https://api.suse.de"
+
+    python3 .obs/render_meta.py ${internal} Snapshot | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:Snapshot" -F -
+    osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:Snapshot" -F _config
+fi
+
+python3 .obs/render_meta.py ${internal} ToTest | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}:ToTest" -F -
+python3 .obs/render_meta.py ${internal} | osc ${EXTRA_OSC_ARGS} meta prj "${PROJECT}" -F -
+osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}:ToTest" -F _config
+osc ${EXTRA_OSC_ARGS} meta prjconf "${PROJECT}" -F _config
+
+if [ -z "$internal" ]; then
+    python3 .obs/sync_packages.py
+fi

.obs/delete_package.py

@@ -1,5 +1,4 @@
 #!/usr/bin/env python3
-import yaml
 import subprocess
 import argparse
 import os
@@ -8,18 +7,6 @@ import os.path
 from common import PROJECT
 
 
-def delete_package_from_workflow(name: str):
-    with open(".obs/workflows.yml", "r") as wf_file:
-        workflows = yaml.safe_load(wf_file)
-    workflows["staging_build"]["steps"] = [
-        x
-        for x in workflows["staging_build"]["steps"]
-        if x["branch_package"]["source_package"] != name
-    ]
-    with open(".obs/workflows.yml", "w") as wf_file:
-        yaml.dump(workflows, wf_file)
-
-
 def delete_package_from_project(name: str):
     p = subprocess.run(["osc", "rdelete", PROJECT, name, "-m \"Deleted via delete_package.py\"" ], stdout=subprocess.PIPE)
     print(p.stdout)
@@ -33,7 +20,6 @@ def delete_package(package_name: str):
         os.exit(1)
 
     delete_package_from_project(package_name)
-    delete_package_from_workflow(package_name)
 
 
 def main():

.obs/render_meta.py

@@ -0,0 +1,62 @@
+import argparse
+
+from jinja2 import Template
+from common import PROJECT
+
+def render(base_project, subproject, internal, scm_url=None):
+    version = base_project.rsplit(':', 1)[-1]
+    context = {
+        "base_project": subproject == "",
+        "title": f"SUSE Edge {version} {subproject}".rstrip(),
+    }
+    if subproject == "ToTest":
+        context["project"] = f"{base_project}:ToTest"
+        context["description"] = (
+            f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
+            "project currently going through the automated test layer"
+        )
+        if "Factory" in base_project or internal:
+            context["release_project"] = f"{base_project}:Snapshot"
+    elif subproject == "Snapshot":
+        context["project"] = f"{base_project}:Snapshot"
+        context["release_project"] = f"{base_project.rsplit(':', 1)[0]}:Containers"
+        context["for_release"] = True
+        context["description"] = (
+            f"This project doesn't build, it stores a snapshot of SUSE Edge {version} "
+            "project that passed automated test layer"
+        )
+    elif subproject == "":
+        context["project"] = base_project
+        context["release_project"] = f"{base_project}:ToTest"
+    else: # PR case direct python call
+        context["base_project"] = True
+        context["project"] = f"{base_project}:{subproject}"
+        if scm_url is not None:
+            context["scm_url"] = scm_url
+
+    with open("_meta") as meta:
+        template = Template(meta.read())
+    return template.render(context)
+
+def main():
+    parser = argparse.ArgumentParser(
+                    prog='ProgramName',
+                    description='What the program does',
+                    epilog='Text at the bottom of help')
+    parser.add_argument("subproject", default="", choices=["", "ToTest", "Snapshot"], nargs="?")
+    parser.add_argument("--internal", action="store_true")
+    parser.add_argument("--pr")
+    parser.add_argument("--scm-url")
+    args = parser.parse_args()
+    base_project = PROJECT.replace("isv", "ISV", 1) if args.internal else PROJECT
+
+    print(render(
+        base_project=base_project,
+        subproject=args.subproject if args.pr is None else f"Staging:PR-{args.pr}",
+        internal=args.internal,
+        scm_url=args.scm_url,
+    ))
+
+
+if __name__ == "__main__":
+    main()

.obs/sync_packages.py

@@ -9,7 +9,7 @@ from common import PROJECT
 
 def get_obs_packages() -> Set[str]:
     packages = subprocess.run(["osc", "ls", PROJECT], encoding='utf-8' , capture_output=True)
-    return set(packages.stdout.splitlines())
+    return { p for p in packages.stdout.splitlines() if ":" not in p }
 
 def get_local_packages() -> Set[str]:
     p = pathlib.Path('.')

.obs/wait_obs.py

@@ -0,0 +1,83 @@
+import xml.etree.ElementTree as ET
+import subprocess
+import time
+import os
+import sys
+
+from collections import Counter
+
+def get_buildstatus(project: str) -> ET.Element:
+    for _ in range(5):
+        try:
+            output = subprocess.check_output(["osc", "pr", "--xml", project])
+            return ET.fromstring(output)
+        except subprocess.CalledProcessError:
+            continue
+    print("Failed to get buildstatus from OBS")
+
+def do_wait(project:str, commit:str) -> ET.Element:
+    last_state = None
+    while True:
+        time.sleep(5)
+        status = get_buildstatus(project)
+        if last_state == status.get("state"):
+            continue
+        else:
+            last_state = status.get("state")
+
+        scminfo = { e.text for e in status.findall(".//scminfo") }
+        if len(scminfo) != 1 or scminfo.pop() != commit:
+            print("Waiting for OBS to sync with SCM")
+            continue
+
+        if not all([ e.get('state') == "published" and e.get('dirty') is None for e in status.findall("./result")]):
+            print("Waiting for OBS to finish building")
+            continue
+
+        return status
+        
+def print_results(status: ET.Element) -> bool:
+    results = {}
+    failed = []
+    for e in status.findall("./result"):
+        repo = results.get(e.get("repository"), {})
+        repo[e.get("arch")] = e
+        results[e.get("repository")] = repo
+    
+    for repo in results.keys():
+        print(f"{repo}:")
+        depth=1
+        for arch in results[repo].keys():
+            counts = Counter()
+            if repo != "charts":
+                print(f"\t{arch}:")
+                depth=2
+            for package in results[repo][arch].findall("./status"):
+                if package.get("code") in ["excluded", "disabled"]:
+                    continue
+                if package.get("code") in ["failed", "unresolvable", "broken"]:
+                    details = package.findtext("details")
+                    if details:
+                        failed.append(f"{package.get('package')} ({arch}): {details}")
+                    else:
+                        failed.append(f"{package.get('package')} ({arch})")
+                counts[package.get("code")] += 1
+            for (code, count) in counts.items():
+                print("\t"*depth, f"{code}: {count}")
+    
+    failed.sort()
+    if failed:
+        print("\nPackages failing: ")
+    for fail in failed:
+        print("\t", fail)
+    return len(failed)
+
+def main():
+    project = os.environ.get("OBS_PROJECT")
+    sha = os.environ.get("GIT_SHA")
+    print(f"Waiting for OBS to build {project} for commit {sha}")
+    status = do_wait(project, sha)
+    sys.exit(print_results(status))
+
+if __name__ == "__main__":
+    main()

.obs/workflows.yml

@@ -1,220 +0,0 @@
-staging_build:
-  filters:
-    event: pull_request
-  steps:
-  - branch_package:
-      source_package: endpoint-copier-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: endpoint-copier-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: endpoint-copier-operator-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-agent-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-dashboard-extension-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-debug-echo-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-onvif-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-opcua-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-udev-discovery-handler-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: akri-webhook-configuration-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: obs-service-set_version
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cosign
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: frr-k8s
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kubectl
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: upgrade-controller
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: nm-configurator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kube-rbac-proxy
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: edge-image-builder
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: hauler
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ip-address-manager
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: baremetal-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-metal3
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cdi-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-metal3-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: sriov-crd-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: upgrade-controller-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: edge-image-builder-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ironic-ipa-downloader-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: upgrade-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metal3-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: baremetal-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: sriov-network-operator-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ip-address-manager-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: metallb-speaker-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ironic-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cri-tools
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: crudini
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: fakeroot
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ipcalc
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: autoconf
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: rancher-turtles-airgap-resources-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: rancher-turtles-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kube-rbac-proxy-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: ironic-ipa-ramdisk
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kubevirt-dashboard-extension-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kiwi-builder-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: kubevirt-chart
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: release-manifest-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging

README.md

@@ -5,15 +5,6 @@ Contains the definition of the packages built on OBS for the SUSE Edge Solution
 This repository is linked to an OBS project: <https://build.opensuse.org/project/show/isv:SUSE:Edge:Factory>
 Every directory in this repository represents a package in that OBS project, those should be synced automatically from this repository.
 
-## Adding a package
-
-To add a package, first create a directory with your package as you intend it in OBS.
-
-Then run the `.obs/add_package.py` script to create the package in the OBS project and add the required elements to the synchronization workflow.
-This script is using the `osc` command behind the scenes, so ensure you have it installed and correctly configured, as well as you have the correct permissions to create a new package in the project.
-
-You will then get asked to push your changes.
-
 ## Testing a fork or a development branch
 
 You can create a project in your home space in OBS, use the same prjconf as the one of "isv:SUSE:Edge:Factory", and copy the repositories part of the metadata (adjust self references).
@@ -23,16 +14,14 @@ Then add a scmsync stanza to your metadata like this (adjust repository path and
 <scmsync>https://src.opensuse.org/suse-edge/Factory#main</scmsync>
 ```
 
+This is done automatically for any PR filed against this repository.
+
 ## Cutting a release version branch
 
 1. Do the appropriate git branch command
 2. Change the project path in `.obs/common.py` file (e.g. from `isv:SUSE:Edge:Factory` to `isv:SUSE:Edge:3.2`)
 3. Change the branch reference in `.obs/common.py` file (e.g. from `main` to `3.2`)
-4. Edit the `.obs/workflows.yml` file to change the references to the correct projects
 5. Commit those changes to the new branch and push the new branch
-6. Create the base and to-test projects (e.g. `isv:SUSE:Edge:3.2` and `isv:SUSE:Edge:3.2:ToTest`), use the `isv:SUSE:Edge:Factory` projects as example for metadata part
-7. Use the prjconf of Factory in all those projects
-8. Run the `.obs/sync_packages.py` script to create all the packages in the base project
 9. Go take a few cups of coffee/tea/mate/... while waiting for OBS to build everything
 10. Once built do an `osc release` of the project for it to be copied over in the `ToTest` section
 11. Hand over to QA to test whatever is in `ToTest`. (You can continue to work on the base branch if needed meanwhile)

_config

@@ -0,0 +1,125 @@
+Prefer: -libqpid-proton10 -python311-urllib3_1
+
+Macros:
+%__python3 /usr/bin/python3.11
+%registry_url %(echo %{vendor} | cut -d '/' -f 3 | sed 's/build/registry/')
+:Macros
+
+%if "%{sub %{lower %_project} 1 14}" != "isv:suse:edge:" || "%{sub %_project 15 21}" == "Factory"
+    # Here we are in Factory like project so set chart major version to 999
+Macros:
+%chart_major 999
+:Macros
+%else
+    # Here we are in version branch, so set the image prefix and chart major accordingly
+Macros:
+%project_branch %(echo %{_project} | cut -d ':' -f 4)
+%img_prefix %{project_branch}/
+%chart_major %(echo %{project_branch} | awk '{split($1,a,"."); print a[1]*100 + a[2]}')
+:Macros
+%endif
+
+%if %{sub %_project 1 3} == ISV
+Macros:
+%img_repo registry.suse.com/edge
+%chart_repo oci://registry.suse.com/edge
+%manifest_repo registry.suse.com/edge
+%support_level l3
+:Macros
+%else
+Macros:
+%img_repo registry.opensuse.org/isv/suse/edge/containers/images
+%manifest_repo registry.opensuse.org/isv/suse/edge/containers/images
+%chart_repo oci://registry.opensuse.org/isv/suse/edge/containers/charts
+%support_level techpreview
+:Macros
+%endif
+
+%if "%_repository" == "charts" || "%_repository" == "test_manifest_images"
+Macros:
+%img_repo %(echo %{registry_url}:%{_project}:images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
+%manifest_repo %(echo %{registry_url}:%{_project}:test_manifest_images | tr ":" "/" | tr '[:upper:]' '[:lower:]')
+%chart_repo oci://%(echo %{registry_url}:%{_project}:charts | tr ":" "/" | tr '[:upper:]' '[:lower:]')
+:Macros
+%endif
+
+# Missing deps for testsuite
+BuildFlags: excludebuild:autoconf:el
+BuildFlags: excludebuild:autoconf:testsuite
+
+# Only build manifest embedding images here
+%if "%_repository" == "test_manifest_images"
+BuildFlags: onlybuild:edge-image-builder-image
+BuildFlags: onlybuild:release-manifest-image
+  # Exclude the images selected by the following section
+  # as the standard repository is a dependency
+  %ifarch aarch64
+    BuildFlags: excludebuild:baremetal-operator-image
+    BuildFlags: excludebuild:endpoint-copier-operator-image
+    BuildFlags: excludebuild:ironic-image
+    BuildFlags: excludebuild:ironic-ipa-downloader-image
+    BuildFlags: excludebuild:kube-rbac-proxy-image
+    BuildFlags: excludebuild:metallb-controller-image
+    BuildFlags: excludebuild:metallb-speaker-image
+  %endif
+%else
+# Only a subset of stack is arm64 ready
+  %ifarch aarch64
+    BuildFlags: onlybuild:autoconf
+    BuildFlags: onlybuild:baremetal-operator
+    BuildFlags: onlybuild:baremetal-operator-image
+    BuildFlags: onlybuild:ca-certificates-suse
+    BuildFlags: onlybuild:cosign
+    BuildFlags: onlybuild:crudini
+    BuildFlags: onlybuild:edge-image-builder
+    BuildFlags: onlybuild:edge-image-builder-image
+    BuildFlags: onlybuild:endpoint-copier-operator
+    BuildFlags: onlybuild:endpoint-copier-operator-image
+    BuildFlags: onlybuild:fakeroot
+    BuildFlags: onlybuild:hauler
+    BuildFlags: onlybuild:ipcalc
+    BuildFlags: onlybuild:ironic-image
+    BuildFlags: onlybuild:ironic-ipa-downloader-image
+    BuildFlags: onlybuild:ironic-ipa-ramdisk
+    BuildFlags: onlybuild:kube-rbac-proxy
+    BuildFlags: onlybuild:kube-rbac-proxy-image
+    BuildFlags: onlybuild:metallb
+    BuildFlags: onlybuild:metallb-controller-image
+    BuildFlags: onlybuild:metallb-speaker-image
+    BuildFlags: onlybuild:nm-configurator
+  %endif
+%endif
+
+%if "%_repository" == "images" || "%_repository" == "test_manifest_images"
+    Prefer: container:sles15-image
+    Type: docker
+    Repotype: none
+    Patterntype: none
+    BuildEngine: podman
+    Prefer: sles-release
+    BuildFlags: dockerarg:SLE_VERSION=15.6
+
+    # Publish multi-arch container images only once all archs have been built
+    PublishFlags: archsync
+%endif
+
+%if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
+    Type: helm
+    Repotype: helm
+    Patterntype: none
+    Required: perl-YAML-LibYAML
+%endif
+
+%if "%_repository" == "standard"
+    # for build openstack-ironic-image
+    BuildFlags: allowrootforbuild
+%endif
+
+# Enable reproducible builds
+# https://en.opensuse.org/openSUSE:Reproducible_Builds\#With_OBS
+Macros:
+%source_date_epoch_from_changelog Y
+%clamp_mtime_to_source_date_epoch Y
+%use_source_date_epoch_as_buildtime Y
+%_buildhost reproducible
+:Macros

_meta

@@ -0,0 +1,69 @@
+{#- 
+  This template is rendered by the render_meta.py script
+  it is not automatically enforced by OBS
+-#}
+{%- set maintainers = [
+    "edge-engineering",
+] -%}
+<project name="{{ project }}">
+  <title>{{ title }}</title>
+  {%- if description is defined %}
+  <description>{{ description }}</description>
+  {%- else %}
+  <description/>
+  {%- endif %}
+  {%- if scm_url is defined %}
+  <scmsync>{{ scm_url }}</scmsync>
+  {%- endif %}
+{%- for maintainer in maintainers %}
+  <person userid="{{ maintainer }}" role="maintainer"/>
+{%- endfor %}
+{%- if not base_project %}
+  <build>
+    <disable/>
+    <enable repository="charts"/>
+    <enable repository="test_manifest_images"/>
+  </build>
+  <publish>
+    <disable repository="phantomcharts"/>
+  </publish>
+  <repository name="phantomcharts">
+    <arch>x86_64</arch>
+  </repository>
+{%- endif %}
+{%- for repository in ["images", "test_manifest_images"] %}
+  <repository name="{{ repository }}">
+    {%- if release_project is defined and repository == "images" %}
+    <releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
+    {%- endif %}
+    <path project="SUSE:Registry" repository="standard"/>
+    <path project="SUSE:CA" repository="SLE_15_SP6"/>
+    <path project="{{ project }}" repository="standard"/>
+    <arch>x86_64</arch>
+    <arch>aarch64</arch>
+  </repository>
+{%- endfor %}
+  <repository name="standard" block="local">
+    {%- if release_project is defined and not for_release %}
+    <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
+    {%- endif %}
+    <path project="Cloud:OpenStack:2024.2" repository="15.6"/>
+    <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
+    <arch>x86_64</arch>
+    <arch>aarch64</arch>
+  </repository>
+  <repository name="charts"{{ ' rebuild="local"' if not base_project }}>
+    {%- if release_project is defined and not for_release %}
+    <releasetarget project="{{ release_project }}" repository="phantomcharts" trigger="manual"/>
+    {%- endif %}
+    <path project="{{ project }}" repository="standard"/>
+    <arch>x86_64</arch>
+  </repository>
+  {%- if for_release %}
+  <repository name="releasecharts" rebuild="local">
+    <releasetarget project="{{ release_project }}" repository="charts" trigger="manual"/>
+    <path project="{{ project }}" repository="standard"/>
+    <arch>x86_64</arch>
+  </repository>
+  {%- endif %}
+</project>

akri-dashboard-extension-chart/Chart.yaml

@@ -1,5 +1,6 @@
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Akri
@@ -10,11 +11,11 @@ annotations:
   catalog.cattle.io/rancher-version: ">= 2.10.0-0"
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
 apiVersion: v2
-appVersion: 1.2.0
+appVersion: 1.2.1
 description: "SUSE Edge: Akri extension for Rancher Dashboard"
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
 name: akri-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.0+up1.2.0"
+version: "%%CHART_MAJOR%%.0.0+up1.2.1"

akri-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.0
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
     metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

akri-dashboard-extension-chart/values.yaml

@@ -8,5 +8,5 @@ plugin:
   metadata:
     catalog.cattle.io/display-name: Akri
     catalog.cattle.io/rancher-version: ">= 2.10.0-0"
-    catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

akri/_service

@@ -10,7 +10,9 @@
 	<service name="cargo_vendor" mode="manual">
 		<param name="srcdir">akri</param>
 	</service>
-	<service name="tar" mode="buildtime" />
+	<service name="tar" mode="buildtime">
+		<param name="obsinfo">akri.obsinfo</param>
+	</service>
 	<service name="set_version" mode="buildtime" >
 		<param name="fromfile">version.txt</param>
 		<param name="regex">^(.*)$</param>

baremetal-operator/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">baremetal-operator.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
    <service name="go_modules">
   </service>
@@ -23,7 +21,7 @@
     <param name="file">baremetal-operator.spec</param>
     <param name="var">SOURCE_COMMIT</param>
     <param name="eval">
-      SOURCE_COMMIT=$(grep commit *.obsinfo | cut -d" " -f2)
+      SOURCE_COMMIT=$(grep commit baremetal-operator.obsinfo | cut -d" " -f2)
     </param>
     <param name="verbose">1</param>
   </service>

baremetal-operator/baremetal-operator.spec

@@ -22,7 +22,7 @@ Release:        0.8.0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
-Source:         baremetal-operator-%{version}.tar.gz
+Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390

cluster-api-provider-metal3-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:v%%cluster-api-provider-metal3_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-metal3 shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-metal3
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-metal3 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-metal3 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-metal3_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:%%cluster-api-provider-metal3_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-provider-metal3 /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-metal3/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.7.2</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-provider-metal3/cluster-api-provider-metal3.spec

@@ -1,54 +0,0 @@
-#
-# spec file for package cluster-api-provider-metal3
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-provider-metal3
-Version:        1.7.2
-Release:        0
-Summary:        Cluster API Infrastructure Provider for Metal3
-License:        Apache-2.0
-URL:            https://github.com/metal3-io/cluster-api-provider-metal3
-Source:         cluster-api-provider-metal3-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API Provider Metal3 is one of the providers for Cluster API and enables
-users to deploy a Cluster API based cluster on top of bare metal infrastructure
-using Metal3.
-
-%prep
-%autosetup -a1 -n cluster-api-provider-metal3-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-   -a -ldflags '-extldflags "-static"'
-
-%install
-install -D -m0755 cluster-api-provider-metal3 %{buildroot}%{_bindir}/cluster-api-provider-metal3
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-provider-metal3
-
-%changelog

cosign/_service

@@ -8,10 +8,8 @@
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">cosign.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service mode="buildtime" name="set_version" />
   <service name="go_modules">

cosign/cosign.spec

@@ -24,7 +24,7 @@ Release:        0
 Summary:        Container Signing, Verification and Storage in an OCI registry
 License:        Apache-2.0
 URL:            https://github.com/rancher-government-carbide/cosign
-Source:         cosign-%{version}.tar.gz
+Source:         cosign-%{version}.tar
 Source1:        vendor.tar.gz         
 BuildRequires:  golang-packaging
 

edge-image-builder-image/_service

@@ -7,10 +7,14 @@
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
     <param name="var">IMG_REPO</param>
     <param name="file">artifacts.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
     <param name="eval">CHART_REPO=$(rpm --macros=/root/.rpmmacros -E %chart_repo)</param>
     <param name="var">CHART_REPO</param>
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
     <param name="var">SUPPORT_LEVEL</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>
 

edge-image-builder-image/artifacts.yaml

@@ -1,11 +1,11 @@
 metallb:
   chart: metallb-chart
-  repository: %%CHART_REPO%%/3.1
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
-  version: 0.14.9
+  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
 endpoint-copier-operator:
   chart: endpoint-copier-operator-chart
-  repository: %%CHART_REPO%%/3.1
+  repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
-  version: 0.2.1
+  version: "%%CHART_MAJOR%%.0.0+up0.2.1"
 kubernetes:
   k3s:
     selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch
@@ -13,4 +13,3 @@ kubernetes:
   rke2:
     selinuxPackage: rke2-selinux
     selinuxRepository: https://rpm.rancher.io/rke2/stable/common/slemicro/noarch
-

edge-image-builder/_service

@@ -9,10 +9,8 @@
     <param name="versionrewrite-replacement">\1.\2.\3</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">edge-image-builder.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service mode="buildtime" name="set_version" />
   <service name="go_modules">

edge-image-builder/edge-image-builder.spec

@@ -22,7 +22,7 @@ Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/edge-image-builder
-Source:         edge-image-builder-%{version}.tar.gz
+Source:         edge-image-builder-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) go1.22
 BuildRequires:  golang-packaging

endpoint-copier-operator/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">endpoint-copier-operator.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service name="go_modules">
   </service>

endpoint-copier-operator/endpoint-copier-operator.spec

@@ -22,7 +22,7 @@ Release:        0.2.0
 Summary:        Implements a Kubernetes API for copying endpoint resources
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/endpoint-copier-operator
-Source:         endpoint-copier-operator-%{version}.tar.gz
+Source:         endpoint-copier-operator-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.20
 ExcludeArch:    s390

frr-image/Dockerfile

@@ -0,0 +1,58 @@
+# SPDX-License-Identifier: MIT
+#!BuildTag: %%IMG_PREFIX%%frr:8.4
+#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
+#!BuildVersion: 15.5
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends tcpdump libpcap-devel iproute2 iputils strace socat frr python3 catatonit sed util-linux; zypper -n clean; rm -rf /var/log/*
+
+FROM micro AS final
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.frr
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="FRR Container Image"
+LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="8.4"
+LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+
+#Install frr
+USER root
+
+ENV PYTHONDONTWRITEBYTECODE yes
+
+# frr.sh is the entry point. This script examines environment
+# variables to direct operation and configure ovn
+ADD frr.sh /root/
+ADD daemons /etc/frr
+ADD frr.conf /etc/frr
+ADD vtysh.conf /etc/frr
+
+RUN chown frr:frr /etc/frr/daemons /etc/frr/frr.conf
+
+RUN ln -s /usr/bin/catatonit /sbin/tini
+RUN usermod -a -G frrvty frr
+
+COPY docker-start /usr/libexec/frr/docker-start
+RUN cp -r /usr/libexec/frr /usr/lib/ # required because of the different path on rhel
+
+WORKDIR /root
+ENTRYPOINT ["/sbin/tini", "--"]
+
+COPY docker-start /usr/lib/frr/docker-start
+RUN chmod +x /usr/lib/frr/docker-start
+CMD ["/usr/lib/frr/docker-start"]

frr-image/_service

@@ -1,12 +1,6 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-metal3_version%%</param>
-    <param name="package">cluster-api-provider-metal3</param>
-    <param name="parse-version">patch</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

frr-image/daemons

@@ -0,0 +1,82 @@
+# This file tells the frr package which daemons to start.
+#
+# Entries are in the format: <daemon>=(yes|no|priority)
+#   0, "no"  = disabled
+#   1, "yes" = highest priority
+#   2 .. 10  = lower priorities
+#
+# For daemons which support multiple instances, a 2nd line listing
+# the instances can be added. Eg for ospfd:
+#   ospfd=yes
+#   ospfd_instances="1,2"
+#
+# Priorities were suggested by Dancer <dancer@zeor.simegen.com>.
+# They're used to start the FRR daemons in more than one step
+# (for example start one or two at network initialization and the
+# rest later). The number of FRR daemons being small, priorities
+# must be between 1 and 9, inclusive (or the initscript has to be
+# changed). /etc/init.d/frr then can be started as
+#
+#   /etc/init.d/frr <start|stop|restart|<priority>>
+#
+# where priority 0 is the same as 'stop', priority 10 or 'start'
+# means 'start all'
+#
+# Sample configurations for these daemons can be found in
+# /usr/share/doc/frr/examples/.
+#
+# ATTENTION:
+#
+# When activation a daemon at the first time, a config file, even if it is
+# empty, has to be present *and* be owned by the user and group "frr", else
+# the daemon will not be started by /etc/init.d/frr. The permissions should
+# be u=rw,g=r,o=.
+# When using "vtysh" such a config file is also needed. It should be owned by
+# group "frrvty" and set to ug=rw,o= though. Check /etc/pam.d/frr, too.
+#
+watchfrr_enable=yes
+watchfrr_options="-r '/usr/lib/frr/frr restart %s' -s '/usr/lib/frr/frr start %s' -k '/usr/lib/frr/frr stop %s'"
+#
+zebra=yes
+bgpd=yes
+ospfd=no
+ospf6d=no
+ripd=no
+ripngd=no
+isisd=no
+pimd=no
+nhrpd=no
+eigrpd=no
+sharpd=no
+pbrd=no
+staticd=yes
+bfdd=yes
+fabricd=no
+
+#
+# Command line options for the daemons
+#
+zebra_options=("-A 127.0.0.1")
+bgpd_options=("-A 127.0.0.1")
+ospfd_options=("-A 127.0.0.1")
+ospf6d_options=("-A ::1")
+ripd_options=("-A 127.0.0.1")
+ripngd_options=("-A ::1")
+isisd_options=("-A 127.0.0.1")
+pimd_options=("-A 127.0.0.1")
+nhrpd_options=("-A 127.0.0.1")
+eigrpd_options=("-A 127.0.0.1")
+sharpd_options=("-A 127.0.0.1")
+pbrd_options=("-A 127.0.0.1")
+staticd_options=("-A 127.0.0.1")
+bfdd_options=("-A 127.0.0.1")
+fabricd_options=("-A 127.0.0.1")
+
+#
+# If the vtysh_enable is yes, then the unified config is read
+# and applied if it exists.  If no unified frr.conf exists
+# then the per-daemon <daemon>.conf files are used)
+# If vtysh_enable is no or non-existant, the frr.conf is ignored.
+# it is highly suggested to have this set to yes
+vtysh_enable=yes
+

frr-image/docker-start

@@ -0,0 +1,4 @@
+#!/bin/bash
+
+source /usr/lib/frr/frrcommon.sh
+/usr/lib/frr/watchfrr $(daemon_list)

frr-image/frr.conf

@@ -0,0 +1,53 @@
+frr defaults traditional
+log file /var/log/frr/frr.log
+log syslog informational
+log stdout debugging
+ipv6 forwarding
+service integrated-vtysh-config
+!
+debug bgp updates in
+debug bgp updates out
+debug bgp zebra
+!
+interface eth0
+ no ipv6 nd suppress-ra
+ ipv6 nd ra-interval 10
+!
+router bgp OCPASN
+ bgp router-id OCPROUTERID
+ bgp bestpath as-path multipath-relax
+ bgp bestpath compare-routerid
+!
+ neighbor OCPnodes peer-group
+ neighbor OCPnodes description Internal OCP Nodes
+ neighbor OCPnodes remote-as OCPASN
+ neighbor OCPnodes bfd
+ neighbor OCPnodes capability extended-nexthop 
+ !neighbor eth0 interface peer-group OCPnodes
+ !neighbor OCPPEER remote-as OCPASN peer-group OCPnodes
+ neighbor OCPPEER peer-group OCPnodes
+ !
+ address-family ipv4 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+ exit-address-family
+ !
+ address-family ipv6 unicast
+  redistribute connected
+  neighbor OCPnodes activate
+  neighbor OCPnodes nexthop-local unchanged
+ exit-address-family
+ !
+!
+bfd
+ peer OCPPEER vrf default interface eth0
+   receive-interval 2000
+   transmit-interval 2000
+   echo-mode
+   echo-interval 3000
+   no shutdown
+ exit
+!
+line vty
+!
+

frr-image/frr.sh

@@ -0,0 +1,124 @@
+#!/bin/bash
+#set -euo pipefail
+
+# Enable verbose shell output if FRR_SH_VERBOSE is set to 'true'
+if [[ "${FRR_SH_VERBOSE:-}" == "true" ]]; then
+  set -x
+fi
+
+# The argument to the command is the operation to be performed
+# frr-node display display_env 
+# a cmd must be provided, there is no default
+cmd=${1:-""}
+
+# The frr user id, by default it is going to be frr:frr
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# This script is the entrypoint to the image.
+# frr.sh version (update when API between daemonset and script changes - v.x.y)
+frr_version="3"
+
+# The daemonset version must be compatible with this script.
+# The default when FRR_DAEMONSET_VERSION is not set is version 3
+frr_daemonset_version=${FRR_DAEMONSET_VERSION:-"3"}
+
+# hostname is the host's hostname when using host networking,
+# This is useful on the master
+# otherwise it is the container ID (useful for debugging).
+frr_pod_host=${K8S_NODE:-$(hostname)}
+
+# The ovs user id, by default it is going to be root:root
+frr_user_id=${FRR_USER_ID:-""}
+
+# frr options
+frr_options=${FRR_OPTIONS:-""}
+
+# frr.conf variables
+ocp_asn=${OCPASN:-65000}
+ocp_routerid=${OCPROUTERID:-"10.10.10.1"}
+ocp_peer=${OCPPEER:-"10.10.10.1"}
+
+FRR_ETCDIR=/etc/frr
+FRR_RUNDIR=/var/run/frr
+FRR_LOGDIR=/var/log/frr
+
+# =========================================
+
+setup_frr_permissions() {
+    chown -R ${frr_user_id} ${FRR_RUNDIR}
+    chown -R ${frr_user_id} ${FRR_LOGDIR}
+    chown -R ${frr_user_id} ${FRR_ETCDIR}
+}
+
+# =========================================
+
+display_version() {
+  echo " =================== hostname: ${frr_pod_host}"
+  echo " =================== daemonset version ${frr_daemonset_version}"
+  if [[ -f /root/git_info ]]; then
+    disp_ver=$(cat /root/git_info)
+    return
+  fi
+}
+
+display_env() {
+  echo FRR_USER_ID ${frr_user_id}
+  echo FRR_OPTIONS ${frr_options}
+  echo frr.sh version ${frr_version}
+  echo ocp_asn ${ocp_asn}
+  echo ocp_routerid ${ocp_routerid}
+  echo ocp_peer ${ocp_peer}
+}
+
+# frr-node - all nodes
+frr-node() {
+  trap 'kill $(jobs -p) ; exit 0' TERM
+  rm -f ${FRR_RUNDIR}/frr.pid
+  echo "=============== frr-node ========== update frr.conf"
+  sed -i "s/OCPASN/$ocp_asn/" /etc/frr/frr.conf
+  sed -i "s/OCPPEER/$ocp_peer/" /etc/frr/frr.conf
+  sed -i "s/OCPROUTERID/$ocp_routerid/" /etc/frr/frr.conf
+
+  #chown -R frr:frr /etc/frr
+  chown -R frr:frr ${FRR_RUNDIR}
+  echo "=============== frr-node ========== starting"
+  # /usr/lib/frr/frrinit.sh start
+  # bash -x /usr/lib/frr/frrinit.sh start
+  bash -x 
+  /usr/lib/frr/frrinit.sh start
+  frrResult=$?
+  echo "=============== frrinit result is ${frrResult} " 
+ 
+  # Sleep forever
+  exec tail -f /dev/null
+}
+
+echo "================== frr.sh --- version: ${frr_version} ================"
+
+display_version
+
+display_env
+
+case ${cmd} in
+"frr-node") 
+  frr-node
+  ;;
+"display_env")
+  display_env
+  exit 0
+  ;;
+"display")
+  display
+  exit 0
+  ;;
+*)
+  echo "invalid command ${cmd}"
+  echo "valid v3 commands: frr-node display_env display " 
+  exit 0
+  ;;
+esac
+
+exit 0

frr-k8s-image/Dockerfile

@@ -1,26 +1,25 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:v%%ip-address-manager_version%%
+#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%
+#!BuildTag: %%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ip-address-manager shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends frr-k8s; zypper -n clean; rm -rf /var/log/*
 
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.ip-address-manager
+# labelprefix=com.suse.application.endpoint-copier-operator
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE ip-address-manager Container Image"
+LABEL org.opencontainers.image.title="SLE frr-k8s Container Image"
-LABEL org.opencontainers.image.description="ip-address-manager based on the SLE Base Container Image."
+LABEL org.opencontainers.image.description="frr-k8s based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%ip-address-manager_version%%"
+LABEL org.opencontainers.image.version="%%frr-k8s_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:%%ip-address-manager_version%%-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr-k8s:v%%frr-k8s_version%%-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,8 +28,6 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
+#Install frr-k8s
 COPY --from=base /installroot /
-RUN mv /usr/bin/ip-address-manager /manager
+ENTRYPOINT ["/frr-k8s"]
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

frr-k8s-image/_service

@@ -3,8 +3,8 @@
   <service mode="buildtime" name="docker_label_helper"/>
   <service name="replace_using_package_version" mode="buildtime">
     <param name="file">Dockerfile</param>
-    <param name="regex">%%ip-address-manager_version%%</param>
+    <param name="regex">%%frr-k8s_version%%</param>
-    <param name="package">ip-address-manager</param>
+    <param name="package">frr-k8s</param>
     <param name="parse-version">patch</param>
   </service>
   <service name="replace_using_env" mode="buildtime">

frr-k8s/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">frr-k8s.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service name="go_modules">
   </service>

frr-k8s/frr-k8s.spec

@@ -22,7 +22,7 @@ Release:        0.0.14
 Summary:        A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
 License:        Apache-2.0
 URL:            https://github.com/metallb/frr-k8s
-Source:         frr-k8s-%{version}.tar.gz
+Source:         frr-k8s-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390

hauler/_service

@@ -8,10 +8,8 @@
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">hauler.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service mode="buildtime" name="set_version" />
   <service name="go_modules">

hauler/hauler.spec

@@ -23,7 +23,7 @@ Release:        0
 Summary:        Airgap Swiss Army Knife
 License:        Apache-2.0
 URL:            https://github.com/hauler-dev/hauler
-Source:         hauler-%{version}.tar.gz
+Source:         hauler-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang-packaging
 BuildRequires:  cosign

ip-address-manager/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/metal3-io/ip-address-manager</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.7.2</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

ip-address-manager/ip-address-manager.spec

@@ -1,51 +0,0 @@
-#
-# spec file for package ip-address-manager
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           ip-address-manager
-Version:        1.7.2
-Release:        0
-Summary:        Metal3 IPAM controller
-License:        Apache-2.0
-URL:            https://github.com/metal3-io/ip-address-manager
-Source:         ip-address-manager-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Metal3 IPAM controller
-
-%prep
-%autosetup -a1 -n ip-address-manager-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-
-%install
-install -D -m0755 ip-address-manager %{buildroot}%{_bindir}/ip-address-manager
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/ip-address-manager
-
-%changelog

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%
 #!BuildVersion: 15.6
 
 ARG SLE_VERSION
@@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 
-RUN set -euo pipefail; zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
+    fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+      zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
+    fi
 WORKDIR /tmp
 COPY prepare-efi.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -16,8 +23,16 @@ RUN /bin/prepare-efi.sh
 
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp syslinux ipxe-bootimgs crudini openstack-ironic
 
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+    fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+    fi
+    
 # DATABASE
 RUN mkdir -p /installroot/var/lib/ironic && \
   /installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
@@ -31,8 +46,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="26.1.2.0"
+LABEL org.opencontainers.image.version="26.1.2.2"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.2-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -64,7 +79,15 @@ RUN mkdir -p $GRUB_DIR
 
 # IRONIC #
 RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
-RUN cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+      cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
+    fi
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "aarch64" ]; then\ 
+     cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
+    fi
+    
 COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
 
 COPY ironic.conf.j2 /etc/ironic/

ironic-image/prepare-efi.sh

@@ -6,22 +6,37 @@ ARCH=$(uname -m)
 DEST=${2:-/tmp/esp.img}
 OS=${1:-sles}
 
-BOOTEFI=BOOTX64.efi
+if [ $ARCH = "aarch64" ]; then
-GRUBEFI=grubx64.efi
+  BOOTEFI=BOOTAA64.EFI
+  GRUBEFI=grubaa64.efi
+else
+  BOOTEFI=BOOTX64.efi
+  GRUBEFI=grubx64.efi
+fi
 
 dd bs=1024 count=6400 if=/dev/zero of=$DEST
 mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
 
 mkdir -p /boot/efi/EFI/BOOT
-cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
 mkdir -p /boot/efi/EFI/$OS
-#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
+if [ $ARCH = "aarch64" ]; then
-cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
+  cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
+  cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
+  cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
+else
+  cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
+  #cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
+  cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
+fi
 
 mmd -i $DEST EFI
 mmd -i $DEST EFI/BOOT
 mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
-#mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
+if [ $ARCH = "aarch64" ]; then
-mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
+  mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
+  mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
+else
+  mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
+fi 
 mdir -i $DEST ::EFI/BOOT;
 

ironic-image/runlogwatch.sh

@@ -3,6 +3,14 @@
 # Ramdisk logs path
 LOG_DIR="/shared/log/ironic/deploy"
 
+# The ironic container creates the directory, wait for
+# it to exist before running inotifywait or it can fail causing
+# a spurious restart
+while [ ! -d "${LOG_DIR}" ]; do
+  echo "Waiting for ${LOG_DIR}"
+  sleep 5
+done
+
 inotifywait -m "${LOG_DIR}" -e close_write |
     while read -r path _action file; do
         echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"

ironic-ipa-downloader-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,7 +8,14 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*
+#!ArchExclusiveLine: x86_64
+RUN if [ "$(uname -m)" = "x86_64" ];then \
+  zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
+  fi
+#!ArchExclusiveLine: aarch64
+RUN if [ "$(uname -m)" = "aarch64" ];then \
+  zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
+  fi
 #RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
 RUN cp /usr/bin/getopt /installroot/
 
@@ -19,11 +26,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.0"
+LABEL org.opencontainers.image.version="3.0.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-ipa-downloader-image/_service

@@ -1,12 +1,6 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%ironic-ipa-ramdisk-x86_64_version%%</param>
-    <param name="package">ironic-ipa-ramdisk-x86_64</param>
-    <param name="parse-version">patch</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

ironic-ipa-downloader-image/get-resource.sh

@@ -8,10 +8,10 @@ export no_proxy=${no_proxy:-$NO_PROXY}
 
 # Which image should we use
 if [ -z "${IPA_BASEURI}" ]; then
-  # SLES BASED IPA - openstack-ironic-image-x86_64 package
+  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
   mkdir -p /shared/html/images
   cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
-  cp /tmp/openstack-ironic-image*.x86_64*.kernel /shared/html/images/ironic-python-agent.kernel
+  cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
 else
   FILENAME=ironic-python-agent
   FILENAME_EXT=.tar
@@ -68,4 +68,4 @@ if [ -d "/tmp/ironic-certificates" ]; then
   mkdir -p etc/ironic-python-agent.d/ca-certs
   cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
   find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
-fi
+fi

ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<image schemaversion="7.4" name="openstack-ironic-image-201">
+<image schemaversion="7.4" name="openstack-ironic-image-301">
     <description type="system">
         <author>Cloud developers</author>
         <contact>cloud-devel@suse.de</contact>
@@ -116,8 +116,9 @@
         <package name="vim"/>
         <package name="grub2"/>
         <package name="grub2-x86_64-efi" arch="x86_64"/>
-        <package name="grub2-i386-pc"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
-        <package name="syslinux"/>
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="syslinux" arch="x86_64"/>
         <package name="lvm2"/>
         <package name="plymouth"/>
         <package name="fontconfig"/>
@@ -135,12 +136,10 @@
         <package name="openstack-ironic-python-agent"/>
         <package name="hdparm"/>
         <package name="qemu-tools"/>
-        <package name="python311-proliantutils" arch="x86_64"/>
+        <package name="python311-proliantutils"/>
         <package name="lshw"/>
-        <package name="dmidecode" arch="aarch64"/>
+        <package name="dmidecode"/>
-        <package name="dmidecode" arch="x86_64"/>
+        <package name="efibootmgr"/>
-        <package name="efibootmgr" arch="aarch64" />
-        <package name="efibootmgr" arch="x86_64" />
         <package name="gptfdisk"/>
         <package name="open-iscsi"/>
         <package name="hwinfo"/>
@@ -157,7 +156,6 @@
     </packages>
 
     <packages type="kis">
-        <package name="gfxboot-branding-SLE"/>
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages> 

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -19,7 +19,7 @@
 
 
 Name:           ironic-ipa-ramdisk
-Version:        3.0.0
+Version:        3.0.1
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
@@ -49,7 +49,12 @@ BuildRequires:  fontconfig
 BuildRequires:  fonts-config
 BuildRequires:  gptfdisk
 BuildRequires:  grub2
+%ifarch x86_64
 BuildRequires:  grub2-x86_64-efi
+%endif
+%ifarch aarch64
+BuildRequires:  grub2-arm64-efi
+%endif
 BuildRequires:  haveged
 BuildRequires:  hdparm
 BuildRequires:  hwinfo
@@ -93,19 +98,14 @@ BuildRequires:  plymouth-dracut
 BuildRequires:  plymouth-theme-bgrt
 BuildRequires:  dracut-kiwi-oem-dump
 BuildRequires:  dracut-kiwi-oem-repart
-BuildRequires:  gfxboot-branding-SLE
 BuildRequires:  grub2-branding-SLE
 BuildRequires:  open-iscsi
 BuildRequires:  plymouth-branding-SLE
 BuildRequires:  lshw
 BuildRequires:  kbd
-%ifarch aarch64
 BuildRequires:  dmidecode
 BuildRequires:  efibootmgr
-%endif
 %ifarch x86_64
-BuildRequires:  dmidecode
-BuildRequires:  efibootmgr
 BuildRequires:  syslinux
 %endif
 

kiwi-builder-image/Dockerfile

@@ -1,5 +1,6 @@
-#!BuildTag: kiwi-builder:10.1
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1
-FROM registry.suse.com/bci/kiwi:10.1.10
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1-%RELEASE%
+FROM registry.suse.com/bci/kiwi:10.1.16
 MAINTAINER SUSE LLC (https://www.suse.com/)
 
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -11,7 +12,7 @@ LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.1"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -20,10 +21,6 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
-# Install required packages for Kiwi to function as expected
-# Should be provided via https://github.com/SUSE/BCI-dockerfile-generator/pull/1770
-# RUN zypper in -y gawk && zypper clean -a
-
 # Configure Kiwi to use kpartx
 RUN echo -e "mapper:\n  - part_mapper: kpartx" > /etc/kiwi.yml
 

kiwi-builder-image/README

@@ -2,46 +2,54 @@
 Kiwi SDK Image Instructions
 ###########################
 
-Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
+Please ensure that you're running this on a registered SUSE Linux Micro 6.1 system, and make sure that SELinux is disabled:
 
 # setenforce 0
 
 Next, download the podman image:
 
-# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10
+# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1
 
 Make a local output directory (where the images will reside):
 
 # mkdir output
 
+Then, to build a standard "Base" image, run the following in podman:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
+
+To build a "Base" SelfInstall ISO, you can add additional flags, for example:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-SelfInstall
+
 Then, to build a standard "Default" image, run the following in podman:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default
 
-To build a SelfInstall ISO, you can add additional flags, for example:
+To build a "Default" SelfInstall ISO, you can add additional flags, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall
 
 To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Base-RT
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-RT
 
 To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall -b
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall -b
 
 # mkdir mydefs/
 # cp /path/to/SL-Micro.kiwi mydefs/
 # cp /path/to/config.sh mydefs/
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
 
 All output will be in the local $(pwd)/output directory, for example:
 
 # ls -1 output/
-SLE-Micro.x86_64-6.0.changes
+SLE-Micro.x86_64-6.1.changes
-SLE-Micro.x86_64-6.0.packages
+SLE-Micro.x86_64-6.1.packages
-SLE-Micro.x86_64-6.0.raw
+SLE-Micro.x86_64-6.1.raw
-SLE-Micro.x86_64-6.0.verified
+SLE-Micro.x86_64-6.1.verified
 build
 kiwi.result
 kiwi.result.json

kiwi-builder-image/SL-Micro.kiwi

@@ -33,6 +33,12 @@
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -63,6 +69,21 @@
         <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -140,6 +161,15 @@
             <requires profile="x86-rt-self_install"/>
             <requires profile="self_install"/>
         </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
         <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
             <requires profile="full"/>
             <requires profile="s390-kvm"/>
@@ -164,6 +194,14 @@
             <requires profile="container-host"/>
             <requires profile="s390-fba"/>
         </profile>
+        <profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fcp"/>
+        </profile>
+        <profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fcp"/>
+        </profile>
         <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
             <requires profile="full"/>
             <requires profile="x86-legacy"/>
@@ -184,10 +222,47 @@
 	    <requires profile="container-host"/>
 	    <requires profile="aarch64-qcow"/>
         </profile>
+
+	<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -198,7 +273,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -211,7 +286,7 @@
 	    luks_pbkdf="pbkdf2"
         >
             <luksformat>
-                <option name="--cipher" value="aes"/>
+                <option name="--cipher" value="aes-xts-plain64"/>
             </luksformat>
             <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
             <systemdisk>
@@ -230,7 +305,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -241,7 +316,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -266,7 +341,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -276,11 +351,12 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -304,8 +380,8 @@
         </type>
     </preferences>
 
-    <preferences profiles="rpi">
+    <preferences profiles="rpi,aarch64-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -320,11 +396,11 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
-            efipartsize="128"     
+            efipartsize="128"
             editbootinstall="editbootinstall_rpi.sh"
             btrfs_root_is_readonly_snapshot="true"
             btrfs_quota_groups="false"
@@ -344,8 +420,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -355,12 +431,13 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            efipartsize="128"     
+            efipartsize="128"
-	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -385,22 +462,22 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
         <rpm-excludedocs>true</rpm-excludedocs>
         <locale>en_US</locale>
-
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
         <type
             image="oem"
             filesystem="btrfs"
             bootpartition="true"
             bootpartsize="300"
-            bootfilesystem="ext2"
+            bootfilesystem="ext4"
         initrd_system="dracut"
         format="qcow2"
-            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
         devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
@@ -423,7 +500,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -434,9 +511,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           target_blocksize="4096"
           btrfs_root_is_snapshot="true"
@@ -461,7 +538,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -472,9 +549,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           btrfs_root_is_snapshot="true"
           btrfs_root_is_readonly_snapshot="true"
@@ -495,9 +572,47 @@
         </type>
     </preferences>
 
+    <preferences profiles="s390-fcp">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          installpxe="true"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext4"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <oemconfig>
+                <oem-multipath-scan>true</oem-multipath-scan>
+            </oemconfig>
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -532,7 +647,7 @@
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -543,7 +658,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -567,9 +682,9 @@
             <size unit="G">32</size>
         </type>
     </preferences>
- 
+
     <preferences profiles="aarch64-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -580,8 +695,8 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            efipartsize="128"     
+            efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -592,7 +707,7 @@
             <systemdisk>
                 <volume name="home"/>
                 <volume name="root"/>
- 		<volume name="opt"/>
+                <volume name="opt"/>
                 <volume name="srv"/>
                 <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                 <volume name="boot/writable"/>
@@ -603,6 +718,161 @@
         </type>
     </preferences>
 
+    <preferences profiles="ppc64le-512ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="ppc64le-512ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+
    <repository type="rpm-md" >
         <source path='obsrepositories:/'/>
     </repository>
@@ -616,7 +886,7 @@
 	<package name="patterns-base-kvm_host"/>
 	<package name="lzop"/>
         <namedCollection name="container_runtime_podman"/>
-        <package name="patterns-container-runtime_podman"/> 
+        <package name="patterns-container-runtime_podman"/>
         <namedCollection name="cockpit"/>
         <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
@@ -628,7 +898,6 @@
         <package name="firewalld"/>
         <package name="wpa_supplicant" arch="x86_64,aarch64"/>
 	<package name="libpwquality-tools"/>
-        <!-- <package name="k3s-install"/> -->
     </packages>
 
     <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
@@ -647,9 +916,7 @@
         <namedCollection name="base_transactional"/>
         <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
-        <package name="patterns-container-runtime_podman"/> 
+        <package name="patterns-container-runtime_podman"/>
-        <namedCollection name="cockpit"/>
-        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
         <package name="suseconnect-ng"/>
@@ -703,7 +970,7 @@
         <package name="NetworkManager"/>
         <package name="NetworkManager-branding-SLE"/>
 	<package name="ModemManager"/>
-	<!-- FIXME does not build without control file which is obsolete 
+	<!-- FIXME does not build without control file which is obsolete
 	<package name="live-add-yast-repos"/> -->
 	<package name="parted"/> <!-- seems missing to deploy the image -->
     </packages>
@@ -713,7 +980,8 @@
         <package name="grub2-x86_64-efi" arch="x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
         <package name="grub2-s390x-emu" arch="s390x"/>
-        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
         <package name="grub2-snapper-plugin"/>
         <package name="shim" arch="x86_64,aarch64"/>
 	<package name="mokutil" arch="x86_64,aarch64"/>
@@ -721,46 +989,44 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
         <package name="kernel-rt"/>
-	<package name="kernel-firmware-all"/>
+        <package name="kernel-firmware-all"/>
-	<!-- FIXME intentionally removed from ALP code stream 
+	<!-- FIXME intentionally removed from ALP code stream
-	<package name="cpuset"/> -->
+        <package name="cpuset"/> -->
     </packages>
-    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
-    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="dracut-kiwi-oem-dump"/>
-        <package name="kernel-default-extra"/>
-    </packages> -->
-    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="blog"/>
     </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+    <!-- FCP is usually used multipathed. -->
+    <packages type="image" profiles="s390-fcp">
+        <package name="multipath-tools"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
-        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
         <package name="wireless-regdb"/>
         <package name="wireless-tools"/>
         <package name="wpa_supplicant"/>
         <package name="grub2-arm64-efi"/>
-        <!-- kernel-default-base does not have all required drivers -->
-        <package name="kernel-default"/>
     </packages>
     <packages type="bootstrap">
-        <package name="coreutils"/>
         <package name="filesystem"/>
+        <package name="coreutils"/>
         <package name="ca-certificates"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
@@ -774,4 +1040,14 @@
     <packages type="image" profiles="x86-qcow,aarch64-qcow">
         <package name="qemu-guest-agent"/>
     </packages>
+
+    <!-- jsc#PED-8599 -->
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
+        <package name="usbguard"/>
+    </packages>
+
+    <!-- jsc#PED-8788 -->
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
+        <package name="stalld"/>
+    </packages>
 </image>

kiwi-builder-image/SL-Micro.kiwi.4096

@@ -33,6 +33,12 @@
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -63,6 +69,21 @@
         <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -140,6 +161,15 @@
             <requires profile="x86-rt-self_install"/>
             <requires profile="self_install"/>
         </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
         <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
             <requires profile="full"/>
             <requires profile="s390-kvm"/>
@@ -164,6 +194,14 @@
             <requires profile="container-host"/>
             <requires profile="s390-fba"/>
         </profile>
+        <profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fcp"/>
+        </profile>
+        <profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fcp"/>
+        </profile>
         <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
             <requires profile="full"/>
             <requires profile="x86-legacy"/>
@@ -184,10 +222,47 @@
 	    <requires profile="container-host"/>
 	    <requires profile="aarch64-qcow"/>
         </profile>
+
+	<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -198,7 +273,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -213,7 +288,7 @@
             efipartsize="200"
         >
             <luksformat>
-                <option name="--cipher" value="aes"/>
+                <option name="--cipher" value="aes-xts-plain64"/>
             </luksformat>
             <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
             <systemdisk>
@@ -232,7 +307,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -243,7 +318,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -270,7 +345,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -280,11 +355,12 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -310,8 +386,8 @@
         </type>
     </preferences>
 
-    <preferences profiles="rpi">
+    <preferences profiles="rpi,aarch64-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -326,7 +402,7 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
@@ -350,8 +426,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -361,12 +437,13 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
             efipartsize="128"
-	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -391,22 +468,22 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
         <rpm-excludedocs>true</rpm-excludedocs>
         <locale>en_US</locale>
-
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
         <type
             image="oem"
             filesystem="btrfs"
             bootpartition="true"
             bootpartsize="300"
-            bootfilesystem="ext2"
+            bootfilesystem="ext4"
         initrd_system="dracut"
         format="qcow2"
-            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
         devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
@@ -429,7 +506,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -440,9 +517,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           target_blocksize="4096"
           btrfs_root_is_snapshot="true"
@@ -467,7 +544,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -478,9 +555,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           btrfs_root_is_snapshot="true"
           btrfs_root_is_readonly_snapshot="true"
@@ -501,9 +578,47 @@
         </type>
     </preferences>
 
+    <preferences profiles="s390-fcp">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          installpxe="true"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext4"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <oemconfig>
+                <oem-multipath-scan>true</oem-multipath-scan>
+            </oemconfig>
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -538,7 +653,7 @@
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -549,7 +664,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -577,7 +692,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -589,7 +704,7 @@
             filesystem="btrfs"
             firmware="uefi"
             efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -600,7 +715,7 @@
             <systemdisk>
                 <volume name="home"/>
                 <volume name="root"/>
- 		<volume name="opt"/>
+                <volume name="opt"/>
                 <volume name="srv"/>
                 <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                 <volume name="boot/writable"/>
@@ -611,6 +726,161 @@
         </type>
     </preferences>
 
+    <preferences profiles="ppc64le-512ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="ppc64le-512ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+
    <repository type="rpm-md" >
         <source path='obsrepositories:/'/>
     </repository>
@@ -655,8 +925,6 @@
         <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
-        <namedCollection name="cockpit"/>
-        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
         <package name="suseconnect-ng"/>
@@ -720,7 +988,8 @@
         <package name="grub2-x86_64-efi" arch="x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
         <package name="grub2-s390x-emu" arch="s390x"/>
-        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
         <package name="grub2-snapper-plugin"/>
         <package name="shim" arch="x86_64,aarch64"/>
 	<package name="mokutil" arch="x86_64,aarch64"/>
@@ -728,46 +997,44 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
         <package name="kernel-rt"/>
-	<package name="kernel-firmware-all"/>
+        <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
-	<package name="cpuset"/> -->
+        <package name="cpuset"/> -->
     </packages>
-    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
-    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="dracut-kiwi-oem-dump"/>
-        <package name="kernel-default-extra"/>
-    </packages> -->
-    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="blog"/>
     </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+    <!-- FCP is usually used multipathed. -->
+    <packages type="image" profiles="s390-fcp">
+        <package name="multipath-tools"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
-        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
         <package name="wireless-regdb"/>
         <package name="wireless-tools"/>
         <package name="wpa_supplicant"/>
         <package name="grub2-arm64-efi"/>
-        <!-- kernel-default-base does not have all required drivers -->
-        <package name="kernel-default"/>
     </packages>
     <packages type="bootstrap">
-        <package name="coreutils"/>
         <package name="filesystem"/>
+        <package name="coreutils"/>
         <package name="ca-certificates"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
@@ -781,4 +1048,14 @@
     <packages type="image" profiles="x86-qcow,aarch64-qcow">
         <package name="qemu-guest-agent"/>
     </packages>
-</image>
+
+    <!-- jsc#PED-8599 -->
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
+        <package name="usbguard"/>
+    </packages>
+
+    <!-- jsc#PED-8788 -->
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
+        <package name="stalld"/>
+    </packages>
+</image>

kiwi-builder-image/build-image.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -21,43 +21,45 @@
 #
 
 # Set image build defaults, blocksize is an empty string
-PROFILE="Default"
+PROFILE="Base"
 LARGEBLOCK=false
 
 # Print usage
 usage(){
-	cat <<-EOF
+  cat <<-EOF
-	==============================
+  =====================================
-	SLE Micro 6.0 Kiwi SDK Builder
+  SUSE Linux Micro 6.1 Kiwi SDK Builder
-	==============================
+  =====================================
 
-	Usage: ${0} [-p <profile>] [-b]
+  Usage: ${0} [-p <profile>] [-b]
 
-	Profile Options (-p):
+  Profile Options (-p):
-	* Default: RAW Disk Image with kernel-default
+  * Base: RAW Disk Image with podman
-	* Default-SelfInstall: SelfInstall ISO with kernel-default
+  * Base-SelfInstall: SelfInstall ISO with podman
-	* Base-RT: RAW Disk Image with kernel-rt
+  * Default: RAW Disk Image with podman and kvm
-	* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
+  * Default-SelfInstall: SelfInstall ISO with podman and kvm
+  * Base-RT: RAW Disk Image with kernel-rt
+  * Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
 
-	4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
+  4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
 
-	NOTE: If both options are omitted, the "Default" profile with a standard "512" blocksize is used.
+  NOTE: If both options are omitted, the "Base" profile with a standard "512" blocksize is used.
-	EOF
+EOF
 }
 
 # Grab CLI options and handle
 while getopts 'p:bh' OPTION; do
-	case "${OPTION}" in
+  case "${OPTION}" in
-		p)
+    p)
-			PROFILE="${OPTARG}"
+      PROFILE="${OPTARG}"
-			;;
+      ;;
-		b)
+    b)
-			LARGEBLOCK=true
+      LARGEBLOCK=true
-			;;
+      ;;
-		?)
+    ?)
-			usage && exit 2
+      usage && exit 2
-			;;
+      ;;
-	esac
+  esac
 done
 
 # To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
@@ -88,4 +90,4 @@ if [ $RESULT -eq 0 ]; then
   echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
 else
   echo -e "\n\nERROR: Failed to build the image, please see above logs."
-fi
+fi

kiwi-builder-image/config.sh

@@ -35,14 +35,6 @@ mkdir /var/lib/misc/reconfig_system
 #--------------------------------------
 echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
 
-#======================================
-# This is a workaround - someone,
-# somewhere needs to load the xts crypto
-# module, otherwise luksOpen will fail while
-# creating the image.
-#--------------------------------------
-modprobe xts || true
-
 #======================================
 # add missing fonts
 #--------------------------------------
@@ -139,9 +131,6 @@ for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
     rpm --import $i || true
 done
 
-# Temporary workaround for bsc#1212187
-echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
-
 #======================================
 # Enable kubelet if installed
 #--------------------------------------
@@ -170,8 +159,18 @@ if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
 	sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
 fi
 
-# Enable jeos-firstboot if installed, disabled by combustion/ignition
+# Enable multipathd for MP images
-if rpm -q --whatprovides jeos-firstboot >/dev/null; then
+if [ "${kiwi_oemmultipath_scan-false}" = 'true' ]; then
+        systemctl enable multipathd.service
+fi
+
+# On those s390 targets the console is not capable of running jeos-firstboot,
+# use systemd-firstboot as minimal alternative.
+if [[ "$kiwi_profiles" =~ s390-(dasd|fba|fcp) ]]; then
+	systemctl enable systemd-firstboot
+	# Enable prompting for the root password
+	echo 'root:!unprovisioned' | chpasswd -e
+elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
         mkdir -p /var/lib/YaST2
         touch /var/lib/YaST2/reconfig_system
         systemctl enable jeos-firstboot.service
@@ -281,7 +280,7 @@ if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
 		options smsc95xx turbo_mode=N
 	EOF
 
-	cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
+	cat > /etc/sysctl.d/50-rpi3.conf <<-EOF
 		# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
 		vm.min_free_kbytes = 2048
 	EOF

kube-rbac-proxy/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar" >
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">kube-rbac-proxy.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service name="go_modules">
   </service>

kube-rbac-proxy/kube-rbac-proxy.spec

@@ -22,7 +22,7 @@ Release:        0.18.1
 Summary:        The kube-rbac-proxy is a small HTTP proxy for a single upstream
 License:        Apache-2.0
 URL:            https://github.com/brancz/kube-rbac-proxy
-Source:         kube-rbac-proxy-%{version}.tar.gz
+Source:         kube-rbac-proxy-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390

kubectl-image/Dockerfile

@@ -0,0 +1,34 @@
+# SPDX-License-Identifier: Apache-2.0
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
+#!BuildVersion: 15.6
+ARG SLE_VERSION
+FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
+
+FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
+COPY --from=micro / /installroot/
+RUN zypper --installroot /installroot --non-interactive install --no-recommends kubectl; zypper -n clean; rm -rf /var/log/*
+
+FROM micro AS final
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.kubectl
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE kubectl image"
+LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="1.30.3"
+LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+COPY --from=base /installroot /
+
+ENTRYPOINT ["/usr/bin/kubectl"]

kubectl-image/_service

@@ -0,0 +1,12 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Dockerfile</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
+    <param name="var">SUPPORT_LEVEL</param>
+  </service>
+</services>

kubectl/kubectl.spec

@@ -1,6 +1,6 @@
 %global debug_package %{nil}
 
-Name: kubectl-1303
+Name: kubectl
 Version: 1.30.3
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster

kubevirt-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
 apiVersion: v2
 appVersion: 1.3.1
 description: A Helm chart for KubeVirt

kubevirt-dashboard-extension-chart/Chart.yaml

@@ -1,5 +1,6 @@
-#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
-#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: KubeVirt
@@ -10,11 +11,11 @@ annotations:
   catalog.cattle.io/rancher-version: '>= 2.10.0-0'
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/ui-extensions-version: '>= 3.0.0'
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
 apiVersion: v2
-appVersion: 1.2.0
+appVersion: 1.2.1
 description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
 icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: kubevirt-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.0+up1.2.0"
+version: "%%CHART_MAJOR%%.0.0+up1.2.1"

kubevirt-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.0
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
     metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

kubevirt-dashboard-extension-chart/values.yaml

@@ -8,5 +8,5 @@ plugin:
   metadata:
     catalog.cattle.io/display-name: KubeVirt
     catalog.cattle.io/rancher-version: ">= 2.10.0-0"
-    catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

metal3-chart/Chart.yaml

@@ -1,16 +1,16 @@
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.2-%RELEASE%
 apiVersion: v2
-appVersion: 0.9.0
+appVersion: 0.9.2
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.6.0
+  version: 0.6.1
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.8.0
+  version: 0.9.1
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
@@ -20,9 +20,9 @@ dependencies:
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.0
+  version: 0.6.1
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.9.0"
+version: "%%CHART_MAJOR%%.0.0+up0.9.2"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 0.8.0
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.6.0
+version: 0.6.1

metal3-chart/charts/baremetal-operator/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "baremetal-operator.fullname" . }}-test-connection"
-  labels:
-    {{- include "baremetal-operator.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "baremetal-operator.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

metal3-chart/charts/ironic/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.8.0
+version: 0.9.1

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 26.1.2.0
+    tag: 26.1.2.2
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.0
+    tag: 3.0.1
 
 nameOverride: ""
 fullnameOverride: ""

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.0
+version: 0.6.1

metal3-chart/charts/media/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "media.fullname" . }}-test-connection"
-  labels:
-    {{- include "media.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "media.fullname" . }}:{{ .Values.service.port }}']
-  restartPolicy: Never

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 26.1.2.0
+  tag: 26.1.2.2
 
 imagePullSecrets: []
 nameOverride: ""

metallb/_service

@@ -12,10 +12,8 @@
     <param name="without-version">yes</param>
     <param name="versionrewrite-replacement">\1</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
-  <service mode="buildtime" name="recompress">
+    <param name="obsinfo">metallb.obsinfo</param>
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
   </service>
   <service name="go_modules">
   </service>

metallb/metallb.spec

@@ -22,7 +22,7 @@ Release:        0.14.8
 Summary:        Load Balancer for bare metal Kubernetes clusters
 License:        Apache-2.0
 URL:            https://github.com/metallb/metallb
-Source:         %{name}-%{version}.tar.gz
+Source:         %{name}-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang(API) = 1.22
 ExcludeArch:    s390

nm-configurator/_service

@@ -9,7 +9,9 @@
     <param name="versionrewrite-replacement">\1</param>
     <param name="changesgenerate">enable</param>
   </service>
-  <service mode="buildtime" name="tar" />
+  <service mode="buildtime" name="tar">
+    <param name="obsinfo">nm-configurator.obsinfo</param>
+  </service>
   <service mode="buildtime" name="set_version"/>
   <service mode="manual" name="cargo_vendor">
      <param name="src">nm-configurator</param>

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.13.0
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.13.0
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
 apiVersion: v2
-appVersion: 0.13.0
+appVersion: 0.16.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.13.0"
+version: "%%CHART_MAJOR%%.0.0+up0.16.0"

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -22,7 +22,7 @@ data:
     metadata:
       annotations:
         cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
-        controller-gen.kubebuilder.io/version: v0.14.0
+        controller-gen.kubebuilder.io/version: v0.16.1
       labels:
         cluster.x-k8s.io/provider: bootstrap-rke2
         cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -32,7 +32,6 @@ data:
         strategy: Webhook
         webhook:
           clientConfig:
-            caBundle: Cg==
             service:
               name: rke2-bootstrap-webhook-service
               namespace: rke2-bootstrap-system
@@ -155,7 +154,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -301,7 +299,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -440,7 +437,6 @@ data:
                                     the event) or if no container name is specified "spec.containers[2]" (container with
                                     index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                     referencing a part of an object.
-                                    TODO: this design is not final and this field is subject to change in the future.
                                   type: string
                                 kind:
                                   description: |-
@@ -496,7 +492,6 @@ data:
                                         the event) or if no container name is specified "spec.containers[2]" (container with
                                         index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                         referencing a part of an object.
-                                        TODO: this design is not final and this field is subject to change in the future.
                                       type: string
                                     kind:
                                       description: |-
@@ -583,20 +578,20 @@ data:
                           description: |-
                             The reason for the condition's last transition in CamelCase.
                             The specific API may choose whether or not this field is considered a guaranteed API.
-                            This field may not be empty.
+                            This field may be empty.
                           type: string
                         severity:
                           description: |-
-                            Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                            severity provides an explicit classification of Reason code, so the users or machines can immediately
                             understand the current situation and act accordingly.
                             The Severity field MUST be set only when Status=False.
                           type: string
                         status:
-                          description: Status of the condition, one of True, False, Unknown.
+                          description: status of the condition, one of True, False, Unknown.
                           type: string
                         type:
                           description: |-
-                            Type of condition in CamelCase or in foo.example.com/CamelCase.
+                            type of condition in CamelCase or in foo.example.com/CamelCase.
                             Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                             can be useful (see .node.status.conditions), the ability to deconflict is important.
                           type: string
@@ -743,7 +738,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -894,7 +888,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -1030,7 +1023,6 @@ data:
                                     the event) or if no container name is specified "spec.containers[2]" (container with
                                     index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                     referencing a part of an object.
-                                    TODO: this design is not final and this field is subject to change in the future.
                                   type: string
                                 kind:
                                   description: |-
@@ -1086,7 +1078,6 @@ data:
                                         the event) or if no container name is specified "spec.containers[2]" (container with
                                         index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                         referencing a part of an object.
-                                        TODO: this design is not final and this field is subject to change in the future.
                                       type: string
                                     kind:
                                       description: |-
@@ -1173,20 +1164,20 @@ data:
                           description: |-
                             The reason for the condition's last transition in CamelCase.
                             The specific API may choose whether or not this field is considered a guaranteed API.
-                            This field may not be empty.
+                            This field may be empty.
                           type: string
                         severity:
                           description: |-
-                            Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                            severity provides an explicit classification of Reason code, so the users or machines can immediately
                             understand the current situation and act accordingly.
                             The Severity field MUST be set only when Status=False.
                           type: string
                         status:
-                          description: Status of the condition, one of True, False, Unknown.
+                          description: status of the condition, one of True, False, Unknown.
                           type: string
                         type:
                           description: |-
-                            Type of condition in CamelCase or in foo.example.com/CamelCase.
+                            type of condition in CamelCase or in foo.example.com/CamelCase.
                             Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                             can be useful (see .node.status.conditions), the ability to deconflict is important.
                           type: string
@@ -1227,7 +1218,7 @@ data:
     metadata:
       annotations:
         cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert
-        controller-gen.kubebuilder.io/version: v0.14.0
+        controller-gen.kubebuilder.io/version: v0.16.1
       labels:
         cluster.x-k8s.io/provider: bootstrap-rke2
         cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -1237,7 +1228,6 @@ data:
         strategy: Webhook
         webhook:
           clientConfig:
-            caBundle: Cg==
             service:
               name: rke2-bootstrap-webhook-service
               namespace: rke2-bootstrap-system
@@ -1371,7 +1361,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -1525,7 +1514,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -1666,7 +1654,6 @@ data:
                                             the event) or if no container name is specified "spec.containers[2]" (container with
                                             index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                             referencing a part of an object.
-                                            TODO: this design is not final and this field is subject to change in the future.
                                           type: string
                                         kind:
                                           description: |-
@@ -1722,7 +1709,6 @@ data:
                                                 the event) or if no container name is specified "spec.containers[2]" (container with
                                                 index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                                 referencing a part of an object.
-                                                TODO: this design is not final and this field is subject to change in the future.
                                               type: string
                                             kind:
                                               description: |-
@@ -1922,7 +1908,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -2081,7 +2066,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -2219,7 +2203,6 @@ data:
                                             the event) or if no container name is specified "spec.containers[2]" (container with
                                             index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                             referencing a part of an object.
-                                            TODO: this design is not final and this field is subject to change in the future.
                                           type: string
                                         kind:
                                           description: |-
@@ -2275,7 +2258,6 @@ data:
                                                 the event) or if no container name is specified "spec.containers[2]" (container with
                                                 index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                                 referencing a part of an object.
-                                                TODO: this design is not final and this field is subject to change in the future.
                                               type: string
                                             kind:
                                               description: |-
@@ -2545,7 +2527,7 @@ data:
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2574,6 +2556,7 @@ data:
               privileged: false
               runAsGroup: 65532
               runAsUser: 65532
+            terminationMessagePolicy: FallbackToLogsOnError
             volumeMounts:
             - mountPath: /tmp/k8s-webhook-server/serving-certs
               name: cert
@@ -2755,10 +2738,19 @@ data:
       - major: 0
         minor: 8
         contract: v1beta1
+      - major: 0
+        minor: 9
+        contract: v1beta1
+      - major: 0
+        minor: 10
+        contract: v1beta1
+      - major: 0
+        minor: 11
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.8.0
+  name: v0.11.0
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -22,7 +22,7 @@ data:
     metadata:
       annotations:
         cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
-        controller-gen.kubebuilder.io/version: v0.14.0
+        controller-gen.kubebuilder.io/version: v0.16.1
       labels:
         cluster.x-k8s.io/provider: control-plane-rke2
         cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -32,7 +32,6 @@ data:
         strategy: Webhook
         webhook:
           clientConfig:
-            caBundle: Cg==
             service:
               name: rke2-control-plane-webhook-service
               namespace: rke2-control-plane-system
@@ -155,7 +154,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -301,7 +299,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -419,7 +416,6 @@ data:
                           the event) or if no container name is specified "spec.containers[2]" (container with
                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                           referencing a part of an object.
-                          TODO: this design is not final and this field is subject to change in the future.
                         type: string
                       kind:
                         description: |-
@@ -465,7 +461,6 @@ data:
                           the event) or if no container name is specified "spec.containers[2]" (container with
                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                           referencing a part of an object.
-                          TODO: this design is not final and this field is subject to change in the future.
                         type: string
                       kind:
                         description: |-
@@ -538,7 +533,6 @@ data:
                                     the event) or if no container name is specified "spec.containers[2]" (container with
                                     index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                     referencing a part of an object.
-                                    TODO: this design is not final and this field is subject to change in the future.
                                   type: string
                                 kind:
                                   description: |-
@@ -594,7 +588,6 @@ data:
                                         the event) or if no container name is specified "spec.containers[2]" (container with
                                         index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                         referencing a part of an object.
-                                        TODO: this design is not final and this field is subject to change in the future.
                                       type: string
                                     kind:
                                       description: |-
@@ -728,7 +721,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -805,7 +797,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -936,7 +927,6 @@ data:
                                           the event) or if no container name is specified "spec.containers[2]" (container with
                                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                           referencing a part of an object.
-                                          TODO: this design is not final and this field is subject to change in the future.
                                         type: string
                                       kind:
                                         description: |-
@@ -981,6 +971,7 @@ data:
                                     description: |-
                                       S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
                                       The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
+                                      If empty, the controller will default to IAM authentication
                                     properties:
                                       apiVersion:
                                         description: API version of the referent.
@@ -994,7 +985,6 @@ data:
                                           the event) or if no container name is specified "spec.containers[2]" (container with
                                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                           referencing a part of an object.
-                                          TODO: this design is not final and this field is subject to change in the future.
                                         type: string
                                       kind:
                                         description: |-
@@ -1025,7 +1015,6 @@ data:
                                     x-kubernetes-map-type: atomic
                                 required:
                                 - endpoint
-                                - s3CredentialSecret
                                 type: object
                               scheduleCron:
                                 description: 'ScheduleCron Snapshot interval time in cron
@@ -1202,20 +1191,20 @@ data:
                           description: |-
                             The reason for the condition's last transition in CamelCase.
                             The specific API may choose whether or not this field is considered a guaranteed API.
-                            This field may not be empty.
+                            This field may be empty.
                           type: string
                         severity:
                           description: |-
-                            Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                            severity provides an explicit classification of Reason code, so the users or machines can immediately
                             understand the current situation and act accordingly.
                             The Severity field MUST be set only when Status=False.
                           type: string
                         status:
-                          description: Status of the condition, one of True, False, Unknown.
+                          description: status of the condition, one of True, False, Unknown.
                           type: string
                         type:
                           description: |-
-                            Type of condition in CamelCase or in foo.example.com/CamelCase.
+                            type of condition in CamelCase or in foo.example.com/CamelCase.
                             Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                             can be useful (see .node.status.conditions), the ability to deconflict is important.
                           type: string
@@ -1388,7 +1377,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -1539,7 +1527,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -1641,6 +1628,7 @@ data:
                     description: |-
                       InfrastructureRef is a required reference to a custom resource
                       offered by an infrastructure provider.
+                      This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
                     properties:
                       apiVersion:
                         description: API version of the referent.
@@ -1654,7 +1642,6 @@ data:
                           the event) or if no container name is specified "spec.containers[2]" (container with
                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                           referencing a part of an object.
-                          TODO: this design is not final and this field is subject to change in the future.
                         type: string
                       kind:
                         description: |-
@@ -1705,7 +1692,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -1743,7 +1729,7 @@ data:
                             additionalProperties:
                               type: string
                             description: |-
-                              Annotations is an unstructured key value map stored with a resource that may be
+                              annotations is an unstructured key value map stored with a resource that may be
                               set by external tools to store and retrieve arbitrary metadata. They are not
                               queryable and should be preserved when modifying objects.
                               More info: http://kubernetes.io/docs/user-guide/annotations
@@ -1784,7 +1770,6 @@ data:
                           the event) or if no container name is specified "spec.containers[2]" (container with
                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                           referencing a part of an object.
-                          TODO: this design is not final and this field is subject to change in the future.
                         type: string
                       kind:
                         description: |-
@@ -1818,6 +1803,7 @@ data:
                       NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
                       The default value is 0, meaning that the node can be drained without any time limitations.
                       NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+                      This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
                     type: string
                   postRKE2Commands:
                     description: PostRKE2Commands specifies extra commands to run after
@@ -1857,7 +1843,6 @@ data:
                                     the event) or if no container name is specified "spec.containers[2]" (container with
                                     index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                     referencing a part of an object.
-                                    TODO: this design is not final and this field is subject to change in the future.
                                   type: string
                                 kind:
                                   description: |-
@@ -1913,7 +1898,6 @@ data:
                                         the event) or if no container name is specified "spec.containers[2]" (container with
                                         index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                         referencing a part of an object.
-                                        TODO: this design is not final and this field is subject to change in the future.
                                       type: string
                                     kind:
                                       description: |-
@@ -2044,7 +2028,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -2121,7 +2104,6 @@ data:
                               the event) or if no container name is specified "spec.containers[2]" (container with
                               index 2 in this pod). This syntax is chosen only to have some well-defined way of
                               referencing a part of an object.
-                              TODO: this design is not final and this field is subject to change in the future.
                             type: string
                           kind:
                             description: |-
@@ -2252,7 +2234,6 @@ data:
                                           the event) or if no container name is specified "spec.containers[2]" (container with
                                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                           referencing a part of an object.
-                                          TODO: this design is not final and this field is subject to change in the future.
                                         type: string
                                       kind:
                                         description: |-
@@ -2297,6 +2278,7 @@ data:
                                     description: |-
                                       S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
                                       The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
+                                      If empty, the controller will default to IAM authentication
                                     properties:
                                       apiVersion:
                                         description: API version of the referent.
@@ -2310,7 +2292,6 @@ data:
                                           the event) or if no container name is specified "spec.containers[2]" (container with
                                           index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                           referencing a part of an object.
-                                          TODO: this design is not final and this field is subject to change in the future.
                                         type: string
                                       kind:
                                         description: |-
@@ -2341,7 +2322,6 @@ data:
                                     x-kubernetes-map-type: atomic
                                 required:
                                 - endpoint
-                                - s3CredentialSecret
                                 type: object
                               scheduleCron:
                                 description: 'ScheduleCron Snapshot interval time in cron
@@ -2491,7 +2471,6 @@ data:
                     pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
                     type: string
                 required:
-                - infrastructureRef
                 - rolloutStrategy
                 type: object
               status:
@@ -2525,20 +2504,20 @@ data:
                           description: |-
                             The reason for the condition's last transition in CamelCase.
                             The specific API may choose whether or not this field is considered a guaranteed API.
-                            This field may not be empty.
+                            This field may be empty.
                           type: string
                         severity:
                           description: |-
-                            Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                            severity provides an explicit classification of Reason code, so the users or machines can immediately
                             understand the current situation and act accordingly.
                             The Severity field MUST be set only when Status=False.
                           type: string
                         status:
-                          description: Status of the condition, one of True, False, Unknown.
+                          description: status of the condition, one of True, False, Unknown.
                           type: string
                         type:
                           description: |-
-                            Type of condition in CamelCase or in foo.example.com/CamelCase.
+                            type of condition in CamelCase or in foo.example.com/CamelCase.
                             Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                             can be useful (see .node.status.conditions), the ability to deconflict is important.
                           type: string
@@ -2610,7 +2589,7 @@ data:
     metadata:
       annotations:
         cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert
-        controller-gen.kubebuilder.io/version: v0.14.0
+        controller-gen.kubebuilder.io/version: v0.16.1
       labels:
         cluster.x-k8s.io/provider: control-plane-rke2
         cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1
@@ -2620,7 +2599,6 @@ data:
         strategy: Webhook
         webhook:
           clientConfig:
-            caBundle: Cg==
             service:
               name: rke2-control-plane-webhook-service
               namespace: rke2-control-plane-system
@@ -2798,7 +2776,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -2957,7 +2934,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -3060,6 +3036,7 @@ data:
                             description: |-
                               InfrastructureRef is a required reference to a custom resource
                               offered by an infrastructure provider.
+                              This field is deprecated. Use `.machineTemplate.infrastructureRef` instead.
                             properties:
                               apiVersion:
                                 description: API version of the referent.
@@ -3073,7 +3050,6 @@ data:
                                   the event) or if no container name is specified "spec.containers[2]" (container with
                                   index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                   referencing a part of an object.
-                                  TODO: this design is not final and this field is subject to change in the future.
                                 type: string
                               kind:
                                 description: |-
@@ -3124,7 +3100,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -3162,7 +3137,7 @@ data:
                                     additionalProperties:
                                       type: string
                                     description: |-
-                                      Annotations is an unstructured key value map stored with a resource that may be
+                                      annotations is an unstructured key value map stored with a resource that may be
                                       set by external tools to store and retrieve arbitrary metadata. They are not
                                       queryable and should be preserved when modifying objects.
                                       More info: http://kubernetes.io/docs/user-guide/annotations
@@ -3203,7 +3178,6 @@ data:
                                   the event) or if no container name is specified "spec.containers[2]" (container with
                                   index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                   referencing a part of an object.
-                                  TODO: this design is not final and this field is subject to change in the future.
                                 type: string
                               kind:
                                 description: |-
@@ -3237,6 +3211,7 @@ data:
                               NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
                               The default value is 0, meaning that the node can be drained without any time limitations.
                               NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
+                              This field is deprecated. Use `.machineTemplate.nodeDrainTimeout` instead.
                             type: string
                           postRKE2Commands:
                             description: PostRKE2Commands specifies extra commands to
@@ -3277,7 +3252,6 @@ data:
                                             the event) or if no container name is specified "spec.containers[2]" (container with
                                             index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                             referencing a part of an object.
-                                            TODO: this design is not final and this field is subject to change in the future.
                                           type: string
                                         kind:
                                           description: |-
@@ -3333,7 +3307,6 @@ data:
                                                 the event) or if no container name is specified "spec.containers[2]" (container with
                                                 index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                                 referencing a part of an object.
-                                                TODO: this design is not final and this field is subject to change in the future.
                                               type: string
                                             kind:
                                               description: |-
@@ -3468,7 +3441,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -3547,7 +3519,6 @@ data:
                                       the event) or if no container name is specified "spec.containers[2]" (container with
                                       index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                       referencing a part of an object.
-                                      TODO: this design is not final and this field is subject to change in the future.
                                     type: string
                                   kind:
                                     description: |-
@@ -3681,7 +3652,6 @@ data:
                                                   the event) or if no container name is specified "spec.containers[2]" (container with
                                                   index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                                   referencing a part of an object.
-                                                  TODO: this design is not final and this field is subject to change in the future.
                                                 type: string
                                               kind:
                                                 description: |-
@@ -3726,6 +3696,7 @@ data:
                                             description: |-
                                               S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket.
                                               The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key".
+                                              If empty, the controller will default to IAM authentication
                                             properties:
                                               apiVersion:
                                                 description: API version of the referent.
@@ -3739,7 +3710,6 @@ data:
                                                   the event) or if no container name is specified "spec.containers[2]" (container with
                                                   index 2 in this pod). This syntax is chosen only to have some well-defined way of
                                                   referencing a part of an object.
-                                                  TODO: this design is not final and this field is subject to change in the future.
                                                 type: string
                                               kind:
                                                 description: |-
@@ -3770,7 +3740,6 @@ data:
                                             x-kubernetes-map-type: atomic
                                         required:
                                         - endpoint
-                                        - s3CredentialSecret
                                         type: object
                                       scheduleCron:
                                         description: 'ScheduleCron Snapshot interval time
@@ -3929,7 +3898,6 @@ data:
                             pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$
                             type: string
                         required:
-                        - infrastructureRef
                         - rolloutStrategy
                         type: object
                     required:
@@ -3969,20 +3937,20 @@ data:
                           description: |-
                             The reason for the condition's last transition in CamelCase.
                             The specific API may choose whether or not this field is considered a guaranteed API.
-                            This field may not be empty.
+                            This field may be empty.
                           type: string
                         severity:
                           description: |-
-                            Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                            severity provides an explicit classification of Reason code, so the users or machines can immediately
                             understand the current situation and act accordingly.
                             The Severity field MUST be set only when Status=False.
                           type: string
                         status:
-                          description: Status of the condition, one of True, False, Unknown.
+                          description: status of the condition, one of True, False, Unknown.
                           type: string
                         type:
                           description: |-
-                            Type of condition in CamelCase or in foo.example.com/CamelCase.
+                            type of condition in CamelCase or in foo.example.com/CamelCase.
                             Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                             can be useful (see .node.status.conditions), the ability to deconflict is important.
                           type: string
@@ -4295,7 +4263,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4331,6 +4299,7 @@ data:
               privileged: false
               runAsGroup: 65532
               runAsUser: 65532
+            terminationMessagePolicy: FallbackToLogsOnError
             volumeMounts:
             - mountPath: /tmp/k8s-webhook-server/serving-certs
               name: cert
@@ -4349,7 +4318,7 @@ data:
           volumes:
           - name: cert
             secret:
-              secretName: rke2-control-plane-webhook-service-cert
+              secretName: rke2-controlplane-webhook-service-cert
     ---
     apiVersion: cert-manager.io/v1
     kind: Certificate
@@ -4365,7 +4334,7 @@ data:
       issuerRef:
         kind: Issuer
         name: rke2-control-plane-selfsigned-issuer
-      secretName: rke2-control-plane-webhook-service-cert
+      secretName: rke2-controlplane-webhook-service-cert
       subject:
         organizations:
         - Rancher by SUSE
@@ -4512,10 +4481,19 @@ data:
       - major: 0
         minor: 8
         contract: v1beta1
+      - major: 0
+        minor: 9
+        contract: v1beta1
+      - major: 0
+        minor: 10
+        contract: v1beta1
+      - major: 0
+        minor: 11
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.8.0
+  name: v0.11.0
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cluster-api-operator
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
-  version: 0.14.0
+  version: 0.16.0
-digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
+digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
-generated: "2024-10-28T11:44:34.392387979Z"
+generated: "2025-01-30T10:14:58.692942399Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.13.0
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.13.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -7,12 +7,12 @@ annotations:
   catalog.cattle.io/namespace: rancher-turtles-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux
-  catalog.cattle.io/rancher-version: '>= 2.9.0-1'
+  catalog.cattle.io/rancher-version: '>= 2.10.0-1'
   catalog.cattle.io/release-name: rancher-turtles
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.13.0
+appVersion: 0.16.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.13.0"
+version: "%%CHART_MAJOR%%.0.0+up0.16.0"

rancher-turtles-chart/questions.yml

@@ -1,78 +1,44 @@
 namespace: rancher-turtles-system
 questions:
-- variable: rancherTurtles.features.default
+  - variable: rancherTurtles.features.default
-  default: "false"
+    default: "false"
-  description: "Customize install settings"
+    description: "Customize install settings"
-  label: Customize install settings
+    label: Customize install settings
-  type: boolean
-  show_subquestion_if: true
-  group: "Rancher Turtles Extra Settings"
-  subquestions:
-  - variable: cluster-api-operator.cert-manager.enabled
-    default: false
     type: boolean
-    description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
-    label: "Enable Cert Manager"
-  - variable: rancherTurtles.features.cluster-api-operator.cleanup
-    default: true
-    description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
-    type: boolean
-    label: Cleanup CAPI Operator installation
-    group: "CAPI Operator cleanup settings"
     show_subquestion_if: true
+    group: "Rancher Turtles Extra Settings"
     subquestions:
-    - variable: rancherTurtles.features.cluster-api-operator.kubectlImage
+      - variable: cluster-api-operator.cert-manager.enabled
-      default: "rancher/kubectl:v1.30.3"
+        default: false
-      description: "Specify the image to use when cleaning up the Cluster API Operator manifests"
+        type: boolean
-      type: string
+        description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
-      label: Cleanup Image
+        label: "Enable Cert Manager"
-      group: "CAPI Operator cleanup settings"
+      - variable: rancherTurtles.cluster-api-operator.cleanup
-  - variable: rancherTurtles.features.rancher-webhook.cleanup
+        default: true
-    default: true
+        description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
-    description: "Specify that the Rancher embedded cluster api webhooks should be removed"
+        type: boolean
-    type: boolean
+        label: Cleanup CAPI Operator installation
-    label: Cleanup Rancher Embedded CAPI Webhooks
+        group: "CAPI Operator cleanup settings"
-    group: "Rancher webhook cleanup settings"
+      - variable: cluster-api-operator.cluster-api.rke2.enabled
-    show_subquestion_if: true
+        default: "true"
-    subquestions:
+        description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
-    - variable: rancherTurtles.features.rancher-webhook.kubectlImage
+        label: "Enable RKE2 Provider"
-      default: "rancher/kubectl:v1.30.3"
+        type: boolean
-      description: "Specify the image to use when cleaning up the webhooks"
+      - variable: rancherTurtles.features.addon-provider-fleet.enabled
-      type: string
+        default: false
-      label: Webhook Cleanup Image
+        description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
-      group: "Rancher webhook cleanup settings"
+        type: boolean
-  - variable: rancherTurtles.features.rancher-kubeconfigs.label
+        label: Seamless integration with Fleet and CAPI
-    default: false
+        group: "Rancher Turtles Features Settings"
-    description: "(Experimental) Specify that the kubeconfigs generated by Rancher should be automatically patched to contain the CAPI expected labels"
+      - variable: rancherTurtles.features.agent-tls-mode.enabled
-    type: boolean
+        default: false
-    label: Label Rancher Kubeconfigs
+        description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
-    group: "Rancher Turtles Features Settings"
+        type: boolean
-  - variable: rancherTurtles.features.managementv3-cluster.enabled
+        label: Enable Agent TLS Mode
-    default: true
+        group: "Rancher Turtles Features Settings"
-    description: "Use v3/management cluster manifest for import, instead of v1/provisioning"
+      - variable: rancherTurtles.kubectlImage
-    type: boolean
+        default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
-    label: Use management v3 cluster manifest
+        description: "Specify the image to use when running kubectl in jobs"
-    group: "Rancher Turtles Features Settings"
+        type: string
-  - variable: rancherTurtles.features.managementv3-cluster-migration.enabled
+        label: Kubectl Image
-    default: false
+        group: "Rancher Turtles Features Settings"
-    description: "Automatically migrate between provisioning and management clusters on upgrade"
-    type: boolean
-    label: All imported clusters will use new cluster manifest, replacing old cluster manifest.
-    group: "Rancher Turtles Features Settings"
-  - variable: cluster-api-operator.cluster-api.rke2.enabled
-    default: "true"
-    description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
-    label: "Enable RKE2 Provider"
-    type: boolean
-  - variable: rancherTurtles.features.propagate-labels.enabled
-    default: false
-    description: "(Experimental) Specify that the labels from CAPI should be propagated to Rancher"
-    type: boolean
-    label: Propagate CAPI Labels
-    group: "Rancher Turtles Features Settings"
-  - variable: rancherTurtles.features.addon-provider-fleet.enabled
-    default: false
-    description: "Enable Fleet Addon Provider functionality in Rancher Turtles"
-    type: boolean
-    label: Seamless integration with Fleet and CAPI
-    group: "Rancher Turtles Features Settings"

rancher-turtles-chart/templates/addon-provider-fleet.yaml

@@ -35,10 +35,17 @@ data:
       cluster:
         patchResource: true
         setOwnerReferences: true
+        hostNetwork: true
         selector:
           matchLabels:
             cluster-api.cattle.io/rancher-auto-import: "true"
+          matchExpressions:
+            - key: cluster-api.cattle.io/disable-fleet-auto-import
+              operator: DoesNotExist
         namespaceSelector:
           matchLabels:
             cluster-api.cattle.io/rancher-auto-import: "true"
+          matchExpressions:
+            - key: cluster-api.cattle.io/disable-fleet-auto-import
+              operator: DoesNotExist
 {{- end }}

rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml

@@ -1,4 +1,4 @@
-{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -55,7 +55,7 @@ spec:
       serviceAccountName: pre-upgrade-job
       containers:
         - name: rancher-clusterctl-configmap-cleanup
-          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           args:
           - delete
           - configmap

rancher-turtles-chart/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       containers:
       - args:
         - --leader-elect
-        - --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
+        - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
         {{- range .Values.rancherTurtles.managerArguments }}
         - {{ . }}
         {{- end }}  
@@ -67,10 +67,10 @@ spec:
         resources:
           limits:
             cpu: 500m
-            memory: 128Mi
+            memory: 256Mi
           requests:
             cpu: 10m
-            memory: 64Mi
+            memory: 128Mi
       serviceAccountName: rancher-turtles-manager
       terminationGracePeriodSeconds: 10
       tolerations:

rancher-turtles-chart/templates/metal3-infrastructure.yaml

@@ -2,17 +2,6 @@
 {{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
 {{- if not (lookup "v1" "Namespace" "" $namespace) }}
 ---
-apiVersion: turtles-capi.cattle.io/v1alpha1
-kind: ClusterctlConfig
-metadata:
-  name: clusterctl-config
-  namespace: rancher-turtles-system
-spec:
-  providers:
-  - name: metal3
-    url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
-    type: InfrastructureProvider
----
 apiVersion: v1
 kind: Namespace
 metadata:
@@ -23,6 +12,20 @@ metadata:
 {{- end }}
 ---
 apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: ClusterctlConfig
+metadata:
+  name: clusterctl-config
+  namespace: rancher-turtles-system
+  annotations:
+    "helm.sh/hook": "post-install, post-upgrade"
+    "helm.sh/hook-weight": "1"
+spec:
+  providers:
+  - name: metal3
+    url: "https://github.com/rancher-sandbox/cluster-api-provider-metal3/releases/v1.9.2/infrastructure-components.yaml"
+    type: InfrastructureProvider
+---
+apiVersion: turtles-capi.cattle.io/v1alpha1
 kind: CAPIProvider
 metadata:
   name: metal3
@@ -33,8 +36,8 @@ metadata:
 spec:
   name: metal3
   type: infrastructure
-{{- if index .Values  "cluster-api-operator" "cluster-api" "rke2" "version" }}
+{{- if index .Values  "cluster-api-operator" "cluster-api" "metal3" "version" }}
-  version: {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "version" }}
+  version: {{ index .Values "cluster-api-operator" "cluster-api" "metal3" "version" }}
 {{- end }}
   configSecret:
 {{- if index .Values "cluster-api-operator" "cluster-api" "configSecret" "name" }}

rancher-turtles-chart/templates/post-delete-job.yaml

@@ -1,4 +1,4 @@
-{{- if index .Values "rancherTurtles" "features" "cluster-api-operator" "cleanup" }}
+{{- if index .Values "cluster-api-operator" "cleanup" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
@@ -41,7 +41,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: post-delete-job
-    namespace: rancher-turtles-system
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
 roleRef:
   kind: ClusterRole
   name: post-delete-job-delete-webhooks
@@ -62,7 +62,7 @@ spec:
       serviceAccountName: post-delete-job
       containers:
         - name: cluster-api-operator-mutatingwebhook-cleanup
-          image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           command: ["kubectl"]
           args:
           - delete
@@ -90,7 +90,7 @@ spec:
       serviceAccountName: post-delete-job
       containers:
         - name: cluster-api-operator-validatingwebhook-cleanup
-          image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           command: ["kubectl"]
           args:
           - delete
@@ -119,7 +119,7 @@ spec:
       restartPolicy: Never
       containers:
       - name: delete-capi-controller-manager
-        image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+        image: {{ index .Values "rancherTurtles" "kubectlImage" }}
         command: ["kubectl"]
         args:
         - delete
@@ -128,7 +128,7 @@ spec:
         - {{ index .Values "cluster-api-operator" "cluster-api" "core" "namespace" }}
         - --ignore-not-found=true
       - name: delete-capi-kubeadm-bootstrap-controller-manager
-        image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+        image: {{ index .Values "rancherTurtles" "kubectlImage" }}
         command: ["kubectl"]
         args:
         - delete
@@ -137,7 +137,7 @@ spec:
         - capi-kubeadm-bootstrap-system
         - --ignore-not-found=true
       - name: delete-capi-kubeadm-control-plane-controller-manager
-        image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+        image: {{ index .Values "rancherTurtles" "kubectlImage" }}
         command: ["kubectl"]
         args:
         - delete
@@ -146,7 +146,7 @@ spec:
         - capi-kubeadm-control-plane-system
         - --ignore-not-found=true
       - name: delete-rke2-kubeadm-bootstrap-controller-manager
-        image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+        image: {{ index .Values "rancherTurtles" "kubectlImage" }}
         command: ["kubectl"]
         args:
         - delete
@@ -155,7 +155,7 @@ spec:
         - {{ index .Values "cluster-api-operator" "cluster-api" "rke2" "bootstrap" "namespace" }}
         - --ignore-not-found=true
       - name: delete-rke2-control-plane-controller-manager
-        image: {{ index .Values "rancherTurtles" "features" "cluster-api-operator" "kubectlImage" }}
+        image: {{ index .Values "rancherTurtles" "kubectlImage" }}
         command: ["kubectl"]
         args:
         - delete

rancher-turtles-chart/templates/post-upgrade-job.yaml

@@ -1,10 +1,9 @@
-{{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster-migration" "enabled") true }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: post-upgrade-job
-  namespace: rancher-turtles-system
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": post-upgrade
     "helm.sh/hook-weight": "1"
@@ -24,13 +23,6 @@ rules:
   verbs:
   - list
   - delete
-- apiGroups:
-  - management.cattle.io
-  resources:
-  - clusters
-  verbs:
-  - list
-  - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -42,7 +34,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: post-upgrade-job
-    namespace: rancher-turtles-system
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
 roleRef:
   kind: ClusterRole
   name: post-upgrade-job-delete-clusters
@@ -52,6 +44,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: post-upgrade-delete-clusters
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": post-upgrade
     "helm.sh/hook-weight": "2"
@@ -62,17 +55,12 @@ spec:
       serviceAccountName: post-upgrade-job
       containers:
         - name: post-upgrade-delete-clusters
-          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           args:
           - delete
-          {{- if eq (index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled") true }}
           - clusters.provisioning.cattle.io
-          {{- else }}
-          - clusters.management.cattle.io
-          {{- end }}
           - --selector=cluster-api.cattle.io/owned
           - -A
           - --ignore-not-found=true
           - --wait
       restartPolicy: OnFailure
-{{- end }}

rancher-turtles-chart/templates/pre-delete-job.yaml

@@ -1,10 +1,10 @@
-{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: pre-delete-job
-  namespace: rancher-turtles-system
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": pre-delete
     "helm.sh/hook-weight": "-2"
@@ -35,7 +35,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: pre-delete-job
-    namespace: rancher-turtles-system
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
 roleRef:
   kind: ClusterRole
   name: pre-delete-job-delete-capiproviders
@@ -45,7 +45,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: rancher-capiprovider-cleanup
-  namespace: rancher-turtles-system
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": pre-delete
     "helm.sh/hook-weight": "-1"
@@ -56,7 +56,7 @@ spec:
       serviceAccountName: pre-delete-job
       containers:
         - name: rancher-capiprovider-cleanup
-          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           args:
           - delete
           - capiproviders

rancher-turtles-chart/templates/pre-install-job.yaml

@@ -1,4 +1,3 @@
-{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
 {{- if index .Values "rancherTurtles" "rancherInstalled"}}
 ---
 apiVersion: management.cattle.io/v3
@@ -11,14 +10,13 @@ metadata:
 spec:
   value: false
 {{- end }}
-{{- end }}
+{{- if index .Values "rancherTurtles" "rancherInstalled" }}
-{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: pre-install-job
-  namespace: rancher-turtles-system
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "1"
@@ -49,7 +47,7 @@ metadata:
 subjects:
   - kind: ServiceAccount
     name: pre-install-job
-    namespace: rancher-turtles-system
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
 roleRef:
   kind: ClusterRole
   name: pre-install-job-delete-webhooks
@@ -59,6 +57,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: rancher-mutatingwebhook-cleanup
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "2"
@@ -69,7 +68,7 @@ spec:
       serviceAccountName: pre-install-job
       containers:
         - name: rancher-mutatingwebhook-cleanup
-          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           args:
           - delete
           - mutatingwebhookconfigurations.admissionregistration.k8s.io
@@ -81,6 +80,7 @@ apiVersion: batch/v1
 kind: Job
 metadata:
   name: rancher-validatingwebhook-cleanup
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
   annotations:
     "helm.sh/hook": pre-install
     "helm.sh/hook-weight": "2"
@@ -91,7 +91,7 @@ spec:
       serviceAccountName: pre-install-job
       containers:
         - name: rancher-validatingwebhook-cleanup
-          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          image: {{ index .Values "rancherTurtles" "kubectlImage" }}
           args:
           - delete
           - validatingwebhookconfigurations.admissionregistration.k8s.io

rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml

@@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+    cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: etcdmachinesnapshots.turtles-capi.cattle.io
@@ -45,77 +45,65 @@ spec:
             properties:
               clusterName:
                 type: string
-              configRef:
-                type: string
               location:
                 type: string
               machineName:
                 type: string
             required:
             - clusterName
-            - configRef
-            - location
-            - machineName
             type: object
             x-kubernetes-validations:
             - message: ETCD snapshot location can't be empty.
-              rule: size(self.location)>0
+              rule: size(self.clusterName)>0
           status:
             default: {}
             description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
             properties:
-              conditions:
+              error:
-                description: Conditions provide observations of the operational state
+                type: string
-                  of a Cluster API resource.
-                items:
-                  description: Condition defines an observation of a Cluster API resource
-                    operational state.
-                  properties:
-                    lastTransitionTime:
-                      description: |-
-                        Last time the condition transitioned from one status to another.
-                        This should be when the underlying condition changed. If that is not known, then using the time when
-                        the API field changed is acceptable.
-                      format: date-time
-                      type: string
-                    message:
-                      description: |-
-                        A human readable message indicating details about the transition.
-                        This field may be empty.
-                      type: string
-                    reason:
-                      description: |-
-                        The reason for the condition's last transition in CamelCase.
-                        The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
-                      type: string
-                    severity:
-                      description: |-
-                        Severity provides an explicit classification of Reason code, so the users or machines can immediately
-                        understand the current situation and act accordingly.
-                        The Severity field MUST be set only when Status=False.
-                      type: string
-                    status:
-                      description: Status of the condition, one of True, False, Unknown.
-                      type: string
-                    type:
-                      description: |-
-                        Type of condition in CamelCase or in foo.example.com/CamelCase.
-                        Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
-                        can be useful (see .node.status.conditions), the ability to deconflict is important.
-                      type: string
-                  required:
-                  - lastTransitionTime
-                  - status
-                  - type
-                  type: object
-                type: array
-              manual:
-                type: boolean
               phase:
                 description: ETCDSnapshotPhase is a string representation of the phase
                   of the etcd snapshot
                 type: string
+              s3Snapshots:
+                items:
+                  properties:
+                    creationTime:
+                      description: CreationTime is the timestamp when the snapshot
+                        was taken by etcd.
+                      format: date-time
+                      type: string
+                    location:
+                      type: string
+                    name:
+                      type: string
+                  required:
+                  - location
+                  - name
+                  type: object
+                type: array
+              snapshotFileName:
+                type: string
+              snapshots:
+                items:
+                  properties:
+                    creationTime:
+                      description: CreationTime is the timestamp when the snapshot
+                        was taken by etcd.
+                      format: date-time
+                      type: string
+                    location:
+                      type: string
+                    machineName:
+                      type: string
+                    name:
+                      type: string
+                  required:
+                  - location
+                  - machineName
+                  - name
+                  type: object
+                type: array
             type: object
         type: object
     served: true
@@ -127,8 +115,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+    cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: etcdsnapshotrestores.turtles-capi.cattle.io
@@ -207,20 +195,20 @@ spec:
                       description: |-
                         The reason for the condition's last transition in CamelCase.
                         The specific API may choose whether or not this field is considered a guaranteed API.
-                        This field may not be empty.
+                        This field may be empty.
                       type: string
                     severity:
                       description: |-
-                        Severity provides an explicit classification of Reason code, so the users or machines can immediately
+                        severity provides an explicit classification of Reason code, so the users or machines can immediately
                         understand the current situation and act accordingly.
                         The Severity field MUST be set only when Status=False.
                       type: string
                     status:
-                      description: Status of the condition, one of True, False, Unknown.
+                      description: status of the condition, one of True, False, Unknown.
                       type: string
                     type:
                       description: |-
-                        Type of condition in CamelCase or in foo.example.com/CamelCase.
+                        type of condition in CamelCase or in foo.example.com/CamelCase.
                         Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                         can be useful (see .node.status.conditions), the ability to deconflict is important.
                       type: string
@@ -246,8 +234,8 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+    cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.1
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
@@ -306,8 +294,6 @@ spec:
                     type: string
                   insecure:
                     type: boolean
-                  location:
-                    type: string
                   region:
                     type: string
                   s3CredentialSecret:
@@ -337,7 +323,7 @@ metadata:
     app.kubernetes.io/part-of: rancher-turtles
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-manager
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -351,7 +337,7 @@ metadata:
     app.kubernetes.io/part-of: rancher-turtles
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-leader-election-role
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 rules:
 - apiGroups:
   - ""
@@ -452,29 +438,7 @@ rules:
   - cluster.x-k8s.io
   resources:
   - clusters
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
   - clusters/status
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - cluster.x-k8s.io
-  resources:
   - machines
   verbs:
   - create
@@ -513,57 +477,7 @@ rules:
   - turtles-capi.cattle.io
   resources:
   - etcdmachinesnapshots
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - turtles-capi.cattle.io
-  resources:
-  - etcdmachinesnapshots/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - turtles-capi.cattle.io
-  resources:
-  - etcdmachinesnapshots/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - turtles-capi.cattle.io
-  resources:
   - etcdsnapshotrestores
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - turtles-capi.cattle.io
-  resources:
-  - etcdsnapshotrestores/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - turtles-capi.cattle.io
-  resources:
-  - etcdsnapshotrestores/status
-  verbs:
-  - get
-  - patch
-  - update
-- apiGroups:
-  - turtles-capi.cattle.io
-  resources:
   - rke2etcdmachinesnapshotconfigs
   verbs:
   - create
@@ -576,12 +490,16 @@ rules:
 - apiGroups:
   - turtles-capi.cattle.io
   resources:
+  - etcdmachinesnapshots/finalizers
+  - etcdsnapshotrestores/finalizers
   - rke2etcdmachinesnapshotconfigs/finalizers
   verbs:
   - update
 - apiGroups:
   - turtles-capi.cattle.io
   resources:
+  - etcdmachinesnapshots/status
+  - etcdsnapshotrestores/status
   - rke2etcdmachinesnapshotconfigs/status
   verbs:
   - get
@@ -600,7 +518,7 @@ metadata:
     app.kubernetes.io/part-of: rancher-turtles
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
@@ -608,7 +526,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: rancher-turtles-etcdsnapshotrestore-manager
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -629,7 +547,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: rancher-turtles-etcdsnapshotrestore-manager
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 ---
 apiVersion: v1
 kind: Service
@@ -637,7 +555,7 @@ metadata:
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-webhook-service
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 spec:
   ports:
   - port: 443
@@ -652,7 +570,7 @@ metadata:
     control-plane: controller-manager
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-controller-manager
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 spec:
   replicas: 1
   selector:
@@ -671,7 +589,7 @@ spec:
       - args:
         - --leader-elect
         command:
-        - /manager
+        - ./etcd-snapshot-restore
         env:
         - name: POD_NAMESPACE
           valueFrom:
@@ -685,8 +603,13 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.uid
-        image: ghcr.io/rancher/turtles-etcd-snapshot-restore:dev
+        {{- $imageVersion := index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" -}}
-        imagePullPolicy: IfNotPresent
+        {{- if contains "sha256:" $imageVersion }}
+        image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}@{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }}
+        {{- else }}
+        image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}:{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }}
+        {{- end }}
+        imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imagePullPolicy" }}'
         livenessProbe:
           httpGet:
             path: /healthz
@@ -733,11 +656,11 @@ metadata:
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-serving-cert
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 spec:
   dnsNames:
-  - rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc
+  - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
-  - rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc.cluster.local
+  - rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
   issuerRef:
     kind: Issuer
     name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
@@ -749,7 +672,7 @@ metadata:
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
-  namespace: rancher-turtles-system
+  namespace: {{ index .Values "rancherTurtles" "namespace" }}
 spec:
   selfSigned: {}
 ---
@@ -757,7 +680,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+    cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration
@@ -767,7 +690,7 @@ webhooks:
   clientConfig:
     service:
       name: rancher-turtles-etcdsnapshotrestore-webhook-service
-      namespace: rancher-turtles-system
+      namespace: {{ index .Values "rancherTurtles" "namespace" }}
       path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
   failurePolicy: Fail
   name: systemagentrke2config.kb.io
@@ -787,7 +710,7 @@ apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   annotations:
-    cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
+    cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
   labels:
     turtles-capi.cattle.io: etcd-restore
   name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration
@@ -797,7 +720,7 @@ webhooks:
   clientConfig:
     service:
       name: rancher-turtles-etcdsnapshotrestore-webhook-service
-      namespace: rancher-turtles-system
+      namespace: {{ index .Values "rancherTurtles" "namespace" }}
       path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
   failurePolicy: Fail
   matchPolicy: Equivalent
@@ -818,7 +741,7 @@ webhooks:
   clientConfig:
     service:
       name: rancher-turtles-etcdsnapshotrestore-webhook-service
-      namespace: rancher-turtles-system
+      namespace: {{ index .Values "rancherTurtles" "namespace" }}
       path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
   failurePolicy: Fail
   matchPolicy: Equivalent

rancher-turtles-chart/values.yaml

@@ -1,32 +1,24 @@
 rancherTurtles:
   image: registry.rancher.com/rancher/rancher/turtles
-  imageVersion: v0.13.0
+  imageVersion: v0.16.0
   imagePullPolicy: IfNotPresent
   namespace: rancher-turtles-system
   managerArguments: []
   imagePullSecrets: []
-  rancherInstalled: true
+  rancherInstalled: false
+  kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
   features:
-    cluster-api-operator:
-      cleanup: true
-      kubectlImage: rancher/kubectl:v1.30.3
-    embedded-capi:
-      disabled: false
-    rancher-webhook:
-      cleanup: false
-      kubectlImage: rancher/kubectl:v1.30.3
-    rancher-kubeconfigs:
-      label: false
-    managementv3-cluster:
-      enabled: true
-    managementv3-cluster-migration:
-      enabled: false
-    propagate-labels:
-      enabled: false
     etcd-snapshot-restore:
       enabled: false
+      image: registry.rancher.com/rancher/rancher/turtles
+      imageVersion: v0.16.0
+      imagePullPolicy: IfNotPresent
+    # beta feature, see documentation for more information on feature stages
     addon-provider-fleet:
       enabled: false
+    # alpha feature, see documentation for more information on feature stages
+    agent-tls-mode:
+      enabled: false
 cluster-api-operator:
   enabled: true
   cert-manager:
@@ -50,6 +42,7 @@ cluster-api-operator:
       - mountPath: /config
         name: clusterctl-config
         readOnly: true
+  cleanup: true
   cluster-api:
     enabled: true
     configSecret:
@@ -66,25 +59,25 @@ cluster-api-operator:
       version: ""
       bootstrap:
         namespace: rke2-bootstrap-system
-        imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0"
+        imageUrl: ""
         fetchConfig:
           url: ""
           selector: ""
       controlPlane:
         namespace: rke2-control-plane-system
-        imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-controlplane:v0.8.0"
+        imageUrl: ""
         fetchConfig:
           url: ""
           selector: ""
     metal3:
       enabled: true
-      version: ""
+      version: "v1.9.2"
       infrastructure:
         namespace: capm3-system
-        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.2"
+        imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
         fetchConfig:
           url: ""
           selector: ""
       ipam:
         namespace: capm3-system
-        imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%images/ip-address-manager:1.7.2"
+        imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"