steven.hardy/Factory
SHA256
1
0
Fork 0
forked from suse-edge/Factory
Code Pull Requests Activity

Compare commits

merge into: steven.hardy:rm_old_ipa
Branches Tags
steven.hardy:main steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:main suse-edge:devel
...
pull from: steven.hardy:kiwi_fix
Branches Tags
steven.hardy:kiwi_fix2 steven.hardy:jarndt/edge-1544 steven.hardy:arm_config steven.hardy:turtles_3.2 steven.hardy:turtles_fix_3.2 steven.hardy:turtles_upgrade_fix steven.hardy:cdi_fix steven.hardy:kubevirt_chart steven.hardy:sriov_update steven.hardy:capm3_downgrade steven.hardy:rm_capi_images steven.hardy:kiwi_fix steven.hardy:kiwi_builder steven.hardy:metal3_chart_090 steven.hardy:turtles_013 steven.hardy:rm_old_ipa steven.hardy:ipa-fix steven.hardy:kube-rbac-proxy-fix2 steven.hardy:turtles_fix steven.hardy:metal3_090 steven.hardy:metallb_rbac_proxy steven.hardy:kube-rbac-proxy-fix steven.hardy:kube_rbac_proxy steven.hardy:main steven.hardy:document-branch steven.hardy:supportlvl-macro steven.hardy:run-sync suse-edge:3.2 suse-edge:3.3 suse-edge:3.4 suse-edge:main suse-edge:devel

8 Commits
rm_old_ipa ... kiwi_fix

Author SHA256 Message Date
Steven Hardy
f971f64dd3 kiwi-builder-image: fix quoting issue 2024-11-15 17:06:28 +00:00
Steven Hardy
7a577c3d0b Add kiwi-builder-image 
Add image based on isv:SUSE:Edge:KiwiBuilder/kiwi-builder-10
 2024-11-15 13:48:36 +00:00
Steven Hardy
07c7783780 rancher-turtles-airgap-resources: update to 0.13 release 2024-11-15 14:40:28 +01:00
Steven Hardy
d95a664929 rancher-turtles: Update to 0.13 upstream version 
Aligns with https://github.com/suse-edge/charts/pull/166
 2024-11-15 14:40:28 +01:00
Jiri Tomasek
8159c7a050 Add kubevirt-dashboard-extension-chart v1.2.0 2024-11-15 14:40:04 +01:00
Jiri Tomasek
0790cd828c Add kubevirt-dashboard-extension to obs/workflows 2024-11-15 14:40:04 +01:00
Jiri Tomasek
241b76999f Update akri-dashboard-extension-chart to v1.2.0 2024-11-15 14:38:10 +01:00
Steven Hardy
f3052f1473 metal3-chart: Update to 0.9.0 
Align with https://github.com/suse-edge/charts/pull/165
 2024-11-14 18:20:25 +00:00
61 changed files with 3278 additions and 321 deletions
Expand all files Collapse all files

8
.obs/workflows.yml
View File

@@ -230,3 +230,11 @@ staging_build:
source_package: ironic-ipa-ramdisk source_package: ironic-ipa-ramdisk
source_project: isv:SUSE:Edge:Factory source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kubevirt-dashboard-extension-chart
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging
- branch_package:
source_package: kiwi-builder-image
source_project: isv:SUSE:Edge:Factory
target_project: isv:SUSE:Edge:Factory:Staging

12
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0 #!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.2.0
#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE% #!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.2.0-%RELEASE%
annotations: annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Akri catalog.cattle.io/display-name: Akri
@@ -7,14 +7,14 @@ annotations:
catalog.cattle.io/namespace: cattle-ui-plugin-system catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= v2.9.0' catalog.cattle.io/rancher-version: '>= 2.10.0-0'
catalog.cattle.io/scope: management catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: '>= 2.0.1' catalog.cattle.io/ui-extensions-version: '>= 3.0.0'
apiVersion: v2 apiVersion: v2
appVersion: 1.1.0 appVersion: 1.2.0
description: 'SUSE Edge: Akri extension for Rancher Dashboard' description: 'SUSE Edge: Akri extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
name: akri-dashboard-extension name: akri-dashboard-extension
type: application type: application
version: 1.1.0 version: 1.2.0

2
akri-dashboard-extension-chart/templates/_helpers.tpl
View File

@@ -60,4 +60,4 @@ Pkg annotations
{{ $key }}: {{ $value | quote }} {{ $key }}: {{ $value | quote }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

4
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin: plugin:
name: {{ include "extension-server.fullname" . }} name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }} version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0 endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.0
noCache: {{ .Values.plugin.noCache }} noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }} noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }} metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

4
akri-dashboard-extension-chart/values.yaml
View File

@@ -7,6 +7,6 @@ plugin:
noAuth: false noAuth: false
metadata: metadata:
catalog.cattle.io/display-name: Akri catalog.cattle.io/display-name: Akri
catalog.cattle.io/rancher-version: ">= v2.9.0" catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 2.0.1" catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0" catalog.cattle.io/kube-version: ">= v1.26.0-0"

38
kiwi-builder-image/Dockerfile Normal file
View File

@@ -0,0 +1,38 @@
#!BuildTag: kiwi-builder:10.1
FROM registry.suse.com/bci/kiwi:10.1.10
MAINTAINER SUSE LLC (https://www.suse.com/)
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.akri
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
# Install required packages for Kiwi to function as expected
# Should be provided via https://github.com/SUSE/BCI-dockerfile-generator/pull/1770
# RUN zypper in -y gawk && zypper clean -a
# Configure Kiwi to use kpartx
RUN echo -e "mapper:\n - part_mapper: kpartx" > /etc/kiwi.yml
# Copy build script into image and make it executable
ADD build-image.sh /usr/bin/build-image
RUN chmod a+x /usr/bin/build-image
# Make a directory for the standard SL Micro Kiwi definition and config file and copy them in
RUN mkdir -p /micro-sdk/defs
ADD SL-Micro.kiwi /micro-sdk/defs
ADD SL-Micro.kiwi.4096 /micro-sdk/defs
ADD config.sh /micro-sdk/defs

51
kiwi-builder-image/README Normal file
View File

@@ -0,0 +1,51 @@
###########################
Kiwi SDK Image Instructions
###########################
Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
# setenforce 0
Next, download the podman image:
# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10
Make a local output directory (where the images will reside):
# mkdir output
Then, to build a standard "Default" image, run the following in podman:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
To build a SelfInstall ISO, you can add additional flags, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall
To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Base-RT
To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall -b
# mkdir mydefs/
# cp /path/to/SL-Micro.kiwi mydefs/
# cp /path/to/config.sh mydefs/
# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
All output will be in the local $(pwd)/output directory, for example:
# ls -1 output/
SLE-Micro.x86_64-6.0.changes
SLE-Micro.x86_64-6.0.packages
SLE-Micro.x86_64-6.0.raw
SLE-Micro.x86_64-6.0.verified
build
kiwi.result
kiwi.result.json
Note, if you want to rebuild the image, you'll need to empty the output directory, or Kiwi will error due to existing output files:
# rm -rf output/*

777
kiwi-builder-image/SL-Micro.kiwi Normal file
View File

@@ -0,0 +1,777 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
<!-- OBS-Milestone: %current_milestone -->
<!-- OBS-BcntSyncTag: SL-Micro -->
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
<description type="system">
<author>SUSE</author>
<contact>crc@suse.com</contact>
<specification>SL Micro</specification>
</description>
<profiles>
<!-- Profiles used as dependencies of actual image profiles -->
<!-- Flavors -->
<profile name="full" description="SL Micro as KVM and Container host"/>
<profile name="container-host" description="SL Micro as Container host"/>
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
<!-- Platforms - support profiles -->
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
<profile name="self_install" description="Self Installing ISO media"/>
<!-- Platforms -->
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86"/>
</profile>
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-encrypted"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86"/>
</profile>
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
>
<luksformat>
<option name="--cipher" value="aes"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">4</size>
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="s390-dasd">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="s390-fba">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
format="vmdk"
firmware="uefi"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">20</size>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
<!-- <package name="k3s-install"/> -->
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
<package name="system-user-tss"/>
<package name="libtss2-fapi1"/>
<package name="libtss2-tcti-device0"/>
<package name="tpm2.0-tools"/>
<package name="tpm2-0-tss"/>
<package name="fde-firstboot"/>
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="ecs_anywhere">
<package name="amazon-ssm-agent"/>
<package name="amazon-ecs-init"/>
<package name="aws-cli"/>
<package name="docker"/>
</packages>
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
<packages type="image">
<package name="ignition"/>
<package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
<package name="SL-Micro-release"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="NetworkManager-tui"/>
<package name="growpart-generator"/>
<package name="suse-build-key"/>
<!-- for debugging -->
<package name="less"/>
<package name="vim-small"/>
<namedCollection name="micro_defaults"/>
<package name="patterns-micro-defaults"/>
<package name="NetworkManager"/>
<package name="NetworkManager-branding-SLE"/>
<package name="ModemManager"/>
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
</packages>
<packages type="image" profiles="bootloader">
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
<!-- obsoleted by kiwi-settings
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
<!-- bsc#1221936 -->
<packages type="image" profiles="x86-vmware">
<package name="open-vm-tools"/>
</packages>
<!-- bsc#1221727-->
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
</image>

784
kiwi-builder-image/SL-Micro.kiwi.4096 Normal file
View File

@@ -0,0 +1,784 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
<!-- OBS-Milestone: %current_milestone -->
<!-- OBS-BcntSyncTag: SL-Micro -->
<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
<description type="system">
<author>SUSE</author>
<contact>crc@suse.com</contact>
<specification>SL Micro</specification>
</description>
<profiles>
<!-- Profiles used as dependencies of actual image profiles -->
<!-- Flavors -->
<profile name="full" description="SL Micro as KVM and Container host"/>
<profile name="container-host" description="SL Micro as Container host"/>
<profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
<!-- Platforms - support profiles -->
<profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
<profile name="self_install" description="Self Installing ISO media"/>
<!-- Platforms -->
<profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
<requires profile="bootloader"/>
</profile>
<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
<requires profile="bootloader"/>
</profile>
<profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
<requires profile="bootloader"/>
</profile>
<!-- Images (flavor + platform) -->
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86"/>
</profile>
<profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-vmware"/>
</profile>
<profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-encrypted"/>
</profile>
<profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-encrypted"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86"/>
</profile>
<profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="full"/>
<requires profile="ecs_anywhere"/>
<requires profile="x86-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="rpi"/>
</profile>
<profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="rpi"/>
</profile>
<profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt"/>
</profile>
<profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-rt-self_install"/>
<requires profile="self_install"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-kvm"/>
</profile>
<profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-dasd"/>
</profile>
<profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
<requires profile="full"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
<requires profile="container-host"/>
<requires profile="s390-fba"/>
</profile>
<profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-legacy"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
<requires profile="full"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
<requires profile="container-host"/>
<requires profile="x86-qcow"/>
</profile>
<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
<requires profile="full"/>
<requires profile="aarch64-qcow"/>
</profile>
<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
<requires profile="container-host"/>
<requires profile="aarch64-qcow"/>
</profile>
</profiles>
<preferences profiles="x86-encrypted,x86-rt-encrypted">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
luks_version="luks2"
luks="1234"
luks_randomize="false"
luks_pbkdf="pbkdf2"
target_blocksize="4096"
efipartsize="200"
>
<luksformat>
<option name="--cipher" value="aes"/>
</luksformat>
<bootloader name="grub2" console="gfxterm" use_disk_password="true" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">4</size>
</type>
</preferences>
<preferences profiles="x86,x86-rt">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="x86-self_install,x86-rt-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="rpi">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
fsmountoptions="noatime"
firmware="uefi"
kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
efipartsize="128"
editbootinstall="editbootinstall_rpi.sh"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="false"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="aarch64-self_install">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
initrd_system="dracut"
installiso="true"
filesystem="btrfs"
installboot="install"
install_continue_on_timeout="false"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
disk_start_sector="4096"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
</type>
</preferences>
<preferences profiles="s390-kvm">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
format="qcow2"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="s390-dasd">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
target_blocksize="4096"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="s390-fba">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
bootpartition="true"
bootpartsize="300"
bootfilesystem="ext2"
initrd_system="dracut"
kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">5</size>
</type>
</preferences>
<preferences profiles="x86-vmware">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
filesystem="btrfs"
format="vmdk"
firmware="uefi"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<bootloader name="grub2" console="gfxterm" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">24</size>
<machine memory="1024" HWversion="10" guestOS="suse-64"/>
</type>
</preferences>
<preferences profiles="x86-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
target_blocksize="4096"
efipartsize="200"
>
<bootloader name="grub2" console="gfxterm" timeout="3" />
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<!-- on tmpfs jsc#SMO-2 <volume name="tmp"/> -->
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/i386-pc"/>
<volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">32</size>
</type>
</preferences>
<preferences profiles="aarch64-qcow">
<version>6.0</version>
<packagemanager>zypper</packagemanager>
<bootsplash-theme>SLE</bootsplash-theme>
<bootloader-theme>SLE</bootloader-theme>
<rpm-excludedocs>true</rpm-excludedocs>
<locale>en_US</locale>
<type
image="oem"
format="qcow2"
filesystem="btrfs"
firmware="uefi"
efipartsize="128"
kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
bootpartition="false"
bootkernel="custom"
devicepersistency="by-uuid"
btrfs_root_is_snapshot="true"
btrfs_root_is_readonly_snapshot="true"
btrfs_quota_groups="true"
>
<systemdisk>
<volume name="home"/>
<volume name="root"/>
<volume name="opt"/>
<volume name="srv"/>
<volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
<volume name="boot/writable"/>
<volume name="usr/local"/>
<volume name="var" copy_on_write="false"/>
</systemdisk>
<size unit="G">20</size>
</type>
</preferences>
<repository type="rpm-md" >
<source path='obsrepositories:/'/>
</repository>
<packages type="image" profiles="full">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="salt_minion"/>
<package name="patterns-base-salt_minion"/>
<namedCollection name="kvm_host"/>
<package name="patterns-base-kvm_host"/>
<package name="lzop"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="wpa_supplicant" arch="x86_64,aarch64"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
<!-- full disk encryption stuff -->
<package name="device-mapper"/>
<package name="cryptsetup"/>
<package name="system-user-tss"/>
<package name="libtss2-fapi1"/>
<package name="libtss2-tcti-device0"/>
<package name="tpm2.0-tools"/>
<package name="tpm2-0-tss"/>
<package name="fde-firstboot"/>
</packages>
<packages type="image" profiles="container-host">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="container_runtime_podman"/>
<package name="patterns-container-runtime_podman"/>
<namedCollection name="cockpit"/>
<package name="patterns-base-cockpit"/>
<namedCollection name="selinux"/>
<package name="patterns-base-selinux"/>
<package name="suseconnect-ng"/>
<package name="SL-Micro-release"/>
<package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="libpwquality-tools"/>
</packages>
<packages type="image" profiles="ecs_anywhere">
<package name="amazon-ssm-agent"/>
<package name="amazon-ecs-init"/>
<package name="aws-cli"/>
<package name="docker"/>
</packages>
<!-- Ignition / Combustion everywhere, cloud-init only in selected images
<packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
<packages type="image">
<package name="ignition"/>
<package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
<package name="jeos-firstboot"/>
</packages>
<packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
<package name="cloud-init"/>
<package name="cloud-init-config-suse"/>
</packages>
<packages type="image">
<namedCollection name="base_transactional"/>
<package name="patterns-base-transactional"/>
<namedCollection name="hardware"/>
<package name="patterns-base-hardware"/>
<package name="grub2"/>
<package name="glibc-locale-base"/>
<package name="ca-certificates"/>
<package name="SL-Micro-release"/>
<package name="systemd-default-settings-branding-SLE-Micro"/>
<package name="firewalld"/>
<package name="NetworkManager-tui"/>
<package name="growpart-generator"/>
<package name="suse-build-key"/>
<!-- for debugging -->
<package name="less"/>
<package name="vim-small"/>
<namedCollection name="micro_defaults"/>
<package name="patterns-micro-defaults"/>
<package name="NetworkManager"/>
<package name="NetworkManager-branding-SLE"/>
<package name="ModemManager"/>
<!-- FIXME does not build without control file which is obsolete
<package name="live-add-yast-repos"/> -->
<package name="parted"/> <!-- seems missing to deploy the image -->
</packages>
<packages type="image" profiles="bootloader">
<package name="grub2-i386-pc" arch="x86_64"/>
<package name="grub2-x86_64-efi" arch="x86_64"/>
<package name="grub2-arm64-efi" arch="aarch64"/>
<package name="grub2-s390x-emu" arch="s390x"/>
<package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
<package name="grub2-snapper-plugin"/>
<package name="shim" arch="x86_64,aarch64"/>
<package name="mokutil" arch="x86_64,aarch64"/>
<!-- obsoleted by kiwi-settings
<package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
</packages>
<!-- rpi kernel-default-base does not provide all necessary drivers -->
<packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
<package name="kernel-default"/>
<package name="kernel-firmware-all"/>
</packages>
<packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
<package name="kernel-rt"/>
<package name="kernel-firmware-all"/>
<!-- FIXME intentionally removed from ALP code stream
<package name="cpuset"/> -->
</packages>
<!-- makes the image build, but also include kernel-default
<packages type="image" profiles="x86-rt-encrypted">
<package name="kernel-default-extra"/>
</packages> -->
<packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
<package name="dracut-kiwi-oem-repart"/>
<package name="blog"/>
</packages>
<packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
<package name="dracut-kiwi-oem-repart"/>
<package name="dracut-kiwi-oem-dump"/>
</packages>
<packages type="image" profiles="rpi,aarch64-self_install">
<package name="raspberrypi-firmware" arch="aarch64"/>
<package name="raspberrypi-firmware-config" arch="aarch64"/>
<package name="raspberrypi-firmware-dt" arch="aarch64"/>
<package name="u-boot-rpiarm64" arch="aarch64"/>
<package name="dracut-kiwi-oem-repart"/>
<package name="bcm43xx-firmware"/>
<package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
<package name="wireless-regdb"/>
<package name="wireless-tools"/>
<package name="wpa_supplicant"/>
<package name="grub2-arm64-efi"/>
<!-- kernel-default-base does not have all required drivers -->
<package name="kernel-default"/>
</packages>
<packages type="bootstrap">
<package name="coreutils"/>
<package name="filesystem"/>
<package name="ca-certificates"/>
<package name="ca-certificates-mozilla"/>
</packages>
<!-- bsc#1221936 -->
<packages type="image" profiles="x86-vmware">
<package name="open-vm-tools"/>
</packages>
<!-- bsc#1221727-->
<packages type="image" profiles="x86-qcow,aarch64-qcow">
<package name="qemu-guest-agent"/>
</packages>
</image>

19
kiwi-builder-image/_service Normal file
View File

@@ -0,0 +1,19 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">README</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
<param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
<param name="var">SUPPORT_LEVEL</param>
</service>
</services>

91
kiwi-builder-image/build-image.sh Normal file
View File

@@ -0,0 +1,91 @@
#!/usr/bin/env bash
# Copyright (c) 2024 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
# Set image build defaults, blocksize is an empty string
PROFILE="Default"
LARGEBLOCK=false
# Print usage
usage(){
cat <<-EOF
==============================
SLE Micro 6.0 Kiwi SDK Builder
==============================
Usage: ${0} [-p <profile>] [-b]
Profile Options (-p):
* Default: RAW Disk Image with kernel-default
* Default-SelfInstall: SelfInstall ISO with kernel-default
* Base-RT: RAW Disk Image with kernel-rt
* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
NOTE: If both options are omitted, the "Default" profile with a standard "512" blocksize is used.
EOF
}
# Grab CLI options and handle
while getopts 'p:bh' OPTION; do
case "${OPTION}" in
p)
PROFILE="${OPTARG}"
;;
b)
LARGEBLOCK=true
;;
?)
usage && exit 2
;;
esac
done
# To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
# This only happens when the container hasn't been ran on the host before, and is avoided by mounting /dev/ into the image.
qemu-img create /tmp/output/test.img 1M
if LOOP=$(losetup -f --show /tmp/output/test.img); then
rm -f /tmp/output/test.img
losetup -d $LOOP
else
echo -e "\nERROR: Early loop device test failed, please retry the container run."
exit 1
fi
# Grab local SLE Micro repos and create a list to use as part of the image build
REPOS=`for i in $(cat /micro-sdk/repos/*.repo | awk '/baseurl/ {split($0,string,"="); print string[2]}'); do echo -n "--add-repo $i "; done`
if $LARGEBLOCK; then
mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
fi
# Build the image
kiwi-ng --debug --profile $PROFILE system build \
--description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
# Print output
RESULT=$?
if [ $RESULT -eq 0 ]; then
echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
else
echo -e "\n\nERROR: Failed to build the image, please see above logs."
fi

317
kiwi-builder-image/config.sh Normal file
View File

@@ -0,0 +1,317 @@
#!/bin/bash
# Copyright (c) 2023 SUSE LLC
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
#
#======================================
# Functions...
#--------------------------------------
test -f /.kconfig && . /.kconfig
test -f /.profile && . /.profile
set -euxo pipefail
mkdir /var/lib/misc/reconfig_system
#======================================
# Greeting...
#--------------------------------------
echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
#======================================
# This is a workaround - someone,
# somewhere needs to load the xts crypto
# module, otherwise luksOpen will fail while
# creating the image.
#--------------------------------------
modprobe xts || true
#======================================
# add missing fonts
#--------------------------------------
CONSOLE_FONT="eurlatgr.psfu"
#======================================
# prepare for setting root pw, timezone
#--------------------------------------
echo ** "reset machine settings"
sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow
rm /etc/machine-id
rm /var/lib/zypp/AnonymousUniqueId
#======================================
# Setup baseproduct link
#--------------------------------------
suseSetupProduct
#======================================
# Specify default runlevel
#--------------------------------------
baseSetRunlevel 3
#======================================
# Add missing gpg keys to rpm
#--------------------------------------
suseImportBuildKey
#======================================
# If SELinux is installed, configure it like transactional-update setup-selinux
#--------------------------------------
if [[ -e /etc/selinux/config ]]; then
# Check if we don't have selinux already enabled.
grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q security=selinux || \
sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g' "/etc/default/grub"
# Adjust selinux config
sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \
-e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
"/etc/selinux/config"
# Move an /.autorelabel file from initial installation to writeable location
test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel
fi
##======================================
## Enable DHCP on eth0
##--------------------------------------
#cat >/etc/sysconfig/network/ifcfg-eth0 <<EOF
#BOOTPROTO='dhcp'
#MTU=''
#REMOTE_IPADDR=''
#STARTMODE='auto'
#ETHTOOL_OPTIONS=''
#USERCONTROL='no'
#EOF
systemctl enable NetworkManager
systemctl enable ModemManager
#======================================
# Enable cloud-init
#--------------------------------------
suseInsertService cloud-init-local
suseInsertService cloud-init
suseInsertService cloud-config
suseInsertService cloud-final
# Enable chrony
suseInsertService chronyd
#======================================
# Sysconfig Update
#--------------------------------------
echo '** Update sysconfig entries...'
echo FONT="$CONSOLE_FONT" >> /etc/vconsole.conf
# fix security level (boo#1171174)
sed -e '/^PERMISSION_SECURITY=s/easy/paranoid/' /etc/sysconfig/security
chkstat --set --system
#======================================
# SSL Certificates Configuration
#--------------------------------------
echo '** Rehashing SSL Certificates...'
update-ca-certificates
#======================================
# Import trusted rpm keys
#--------------------------------------
for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
# importing can fail if it already exists
rpm --import $i || true
done
# Temporary workaround for bsc#1212187
echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
#======================================
# Enable kubelet if installed
#--------------------------------------
if [ -e /usr/lib/systemd/system/kubelet.service ]; then
suseInsertService kubelet
fi
# Adjust zypp conf
# https://github.com/openSUSE/libzypp/issues/212
# in yast that's done in packager/cfa/zypp_conf.rb
sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf
#=====================================
# Configure snapper
#-------------------------------------
if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
echo "creating initial snapper config ..."
cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root
# Adjust parameters
sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root
sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root
sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
fi
# Enable jeos-firstboot if installed, disabled by combustion/ignition
if rpm -q --whatprovides jeos-firstboot >/dev/null; then
mkdir -p /var/lib/YaST2
touch /var/lib/YaST2/reconfig_system
systemctl enable jeos-firstboot.service
fi
# Enable cloud-init if installed
if rpm -q --whatprovides cloud-init >/dev/null; then
systemctl enable cloud-init
systemctl enable cloud-init-local
fi
# The %post script can't edit /etc/fstab sys due to https://github.com/OSInside/kiwi/issues/945
# so use the kiwi custom hack
cat >/etc/fstab.script <<"EOF"
#!/bin/sh
set -eux
/usr/sbin/setup-fstab-for-overlayfs
# If /var is on a different partition than /...
if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
# ... set options for autoexpanding /var
gawk -i inplace '$2 == "/var" { $4 = $4",x-growpart.grow,x-systemd.growfs" } { print $0 }' /etc/fstab
fi
EOF
chmod a+x /etc/fstab.script
# To make x-systemd.growfs work from inside the initrd
cat >/etc/dracut.conf.d/50-microos-growfs.conf <<"EOF"
install_items+=" /usr/lib/systemd/systemd-growfs "
EOF
#======================================
# Add repos from control.xml
#--------------------------------------
if [ -x /usr/sbin/add-yast-repos ]; then
add-yast-repos
zypper --non-interactive rm -u live-add-yast-repos
fi
#======================================
# Configure SelfInstall specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"SelfInstall"* ]]; then
cat > /etc/systemd/system/selfinstallbootloader.service <<-EOF
[Unit]
Description=
After=systemd-machine-id-commit.service
Before=jeos-firstboot.service
[Service]
Type=oneshot
ExecStart=rm /etc/systemd/system/selfinstallbootloader.service
ExecStart=rm /etc/systemd/system/default.target.wants/selfinstallbootloader.service
ExecStart=/sbin/transactional-update bootloader
ExecStart=/sbin/transactional-update apply
[Install]
WantedBy=default.target
EOF
ln -s /etc/systemd/system/selfinstallbootloader.service /etc/systemd/system/default.target.wants/selfinstallbootloader.service
fi
#======================================
# Boot TimeOut Configuration for iSCSI
#--------------------------------------
cat > /etc/systemd/system/iscsi-init-delay.service <<-EOF
[Unit]
# Workaround for boo#1198457 delay gen-initiatorname after local-fs
Description=One time delay for the iscsid.service
ConditionPathExists=!/etc/iscsi/initiatorname.iscsi
ConditionPathExists=/sbin/iscsi-gen-initiatorname
DefaultDependencies=no
RequiresMountsFor=/etc/iscsi
After=local-fs.target
Before=iscsi-init.service
[Install]
WantedBy=default.target
[Service]
Type=oneshot
RemainAfterExit=no
ExecStart=/sbin/iscsi-gen-initiatorname
EOF
ln -s /etc/systemd/system/iscsi-init-delay.service /etc/systemd/system/default.target.wants/iscsi-init-delay.service
#======================================
# Configure Pine64 specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"Pine64" ]]; then
echo 'add_drivers+=" fixed sunxi-mmc axp20x-regulator axp20x-rsb "' > /etc/dracut.conf.d/sunxi_modules.conf
fi
#======================================
# Configure Raspberry Pi specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
# Add necessary kernel modules to initrd (will disappear with bsc#1084272)
echo 'add_drivers+=" bcm2835_dma dwc2 "' > /etc/dracut.conf.d/raspberrypi_modules.conf
# Add necessary kernel modules to initrd (will disappear with boo#1162669)
echo 'add_drivers+=" pcie-brcmstb "' >> /etc/dracut.conf.d/raspberrypi_modules.conf
# Work around network issues
cat > /etc/modprobe.d/50-rpi3.conf <<-EOF
# Prevent too many page allocations (bsc#1012449)
options smsc95xx turbo_mode=N
EOF
cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
vm.min_free_kbytes = 2048
EOF
fi
#======================================
# Configure Vagrant specifics
#--------------------------------------
if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
# create vagrant user
useradd vagrant
# allow password-less sudo
echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
# add vagrant's insecure key
mkdir -p /home/vagrant/.ssh
chmod 0700 /home/vagrant/.ssh
cat > /home/vagrant/.ssh/authorized_keys << EOF
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
EOF
chmod 0600 /home/vagrant/.ssh/authorized_keys
chown -R vagrant /home/vagrant
fi
#======================================
# cloud-init specific settings
#--------------------------------------
# We do not want cloud-init to run in an environment when there is no data
# source found. bsc#1222113
if [[ "$kiwi_profiles" =~ ^(x86-qcow|x86-vmware|aarch64-qcow)$ ]]; then
echo "policy: search,found=all,maybe=disabled,notfound=disabled" > /etc/cloud/ds-identify.cfg
fi
exit 0

20
kubevirt-dashboard-extension-chart/Chart.yaml Normal file
View File

@@ -0,0 +1,20 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:1.2.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:1.2.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/kube-version: '>= v1.26.0-0'
catalog.cattle.io/namespace: cattle-ui-plugin-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux, windows
catalog.cattle.io/rancher-version: '>= 2.10.0-0'
catalog.cattle.io/scope: management
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: '>= 3.0.0'
apiVersion: v2
appVersion: 1.2.0
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt-dashboard-extension
type: application
version: 1.2.0

6
kubevirt-dashboard-extension-chart/README.md Normal file
View File

@@ -0,0 +1,6 @@
# SUSE Edge: KubeVirt extension for Rancher Dashboard
An Edge focused extension for Rancher Dashboard allowing to monitor and interact virtual machine based workloads.
For more information on SUSE Edge see https://suse-edge.github.io/ \
For more information on Kubevirt see https://kubevirt.io/

15
kubevirt-dashboard-extension-chart/_service Normal file
View File

@@ -0,0 +1,15 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">values.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
<param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
<param name="var">IMG_REPO</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Chart.yaml</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>
</service>
</services>

63
kubevirt-dashboard-extension-chart/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,63 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "extension-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "extension-server.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "extension-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "extension-server.labels" -}}
helm.sh/chart: {{ include "extension-server.chart" . }}
{{ include "extension-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "extension-server.selectorLabels" -}}
app.kubernetes.io/name: {{ include "extension-server.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Pkg annotations
*/}}
{{- define "extension-server.pluginMetadata" -}}
{{- with .Values.plugin.metadata }}
{{- range $key, $value := . }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}

14
kubevirt-dashboard-extension-chart/templates/cr.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: catalog.cattle.io/v1
kind: UIPlugin
metadata:
name: {{ include "extension-server.fullname" . }}
namespace: {{ .Release.Namespace }}
labels: {{ include "extension-server.labels" . | nindent 4 }}
spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.0
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

12
kubevirt-dashboard-extension-chart/values.yaml Normal file
View File

@@ -0,0 +1,12 @@
nameOverride: ""
fullnameOverride: ""
plugin:
enabled: true
versionOverride: ""
noCache: false
noAuth: false
metadata:
catalog.cattle.io/display-name: KubeVirt
catalog.cattle.io/rancher-version: ">= 2.10.0-0"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
catalog.cattle.io/kube-version: ">= v1.26.0-0"

15
metal3-chart/Chart.yaml
View File

@@ -1,17 +1,18 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1 #!BuildTag: %%IMG_PREFIX%%metal3-chart:302.0.0_up0.9.0
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE% #!BuildTag: %%IMG_PREFIX%%metal3-chart:302.0.0_up0.9.0-%RELEASE%
apiVersion: v2 apiVersion: v2
appVersion: 1.16.0 appVersion: 0.9.0
dependencies: dependencies:
- alias: metal3-baremetal-operator - alias: metal3-baremetal-operator
name: baremetal-operator name: baremetal-operator
repository: file://./charts/baremetal-operator repository: file://./charts/baremetal-operator
version: 0.5.0 version: 0.6.0
- alias: metal3-ironic - alias: metal3-ironic
name: ironic name: ironic
repository: file://./charts/ironic repository: file://./charts/ironic
version: 0.7.0 version: 0.8.0
- alias: metal3-mariadb - alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb name: mariadb
repository: file://./charts/mariadb repository: file://./charts/mariadb
version: 0.5.4 version: 0.5.4
@@ -19,9 +20,9 @@ dependencies:
condition: global.enable_metal3_media_server condition: global.enable_metal3_media_server
name: media name: media
repository: file://./charts/media repository: file://./charts/media
version: 0.5.0 version: 0.6.0
description: A Helm chart that installs all of the dependencies needed for Metal3 description: A Helm chart that installs all of the dependencies needed for Metal3
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3 name: metal3
type: application type: application
version: 0.8.1 version: 302.0.0+up0.9.0

4
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
appVersion: 0.6.1 appVersion: 0.8.0
description: A Helm chart for baremetal-operator, used by Metal3 description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator name: baremetal-operator
type: application type: application
version: 0.5.0 version: 0.6.0

7
metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml
View File

@@ -39,11 +39,6 @@ spec:
name: BMC name: BMC
priority: 1 priority: 1
type: string type: string
- description: The type of hardware detected
jsonPath: .status.hardwareProfile
name: Hardware_Profile
priority: 1
type: string
- description: Whether the host is online or not - description: Whether the host is online or not
jsonPath: .spec.online jsonPath: .spec.online
name: Online name: Online
@@ -740,6 +735,7 @@ spec:
type: object type: object
hardwareProfile: hardwareProfile:
description: The name of the profile matching the hardware details. description: The name of the profile matching the hardware details.
Hardware profiles are deprecated and should not be relied on.
type: string type: string
lastUpdated: lastUpdated:
description: LastUpdated identifies when this status was last observed. description: LastUpdated identifies when this status was last observed.
@@ -1136,7 +1132,6 @@ spec:
required: required:
- errorCount - errorCount
- errorMessage - errorMessage
- hardwareProfile
- operationalStatus - operationalStatus
- poweredOn - poweredOn
- provisioning - provisioning

2
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -3,14 +3,12 @@
{{- $protocol := ternary "https" "http" $enableTLS }} {{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }} {{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicInspectorHost := print $ironicIP ":5050" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
apiVersion: v1 apiVersion: v1
data: data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/" IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
IRONIC_INSPECTOR_ENDPOINT: "{{ $protocol }}://{{ $ironicInspectorHost }}/v1/"
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false" RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
# Switch VMedia to HTTP if enable_vmedia_tls is false # Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }} {{- if and $enableTLS $enableVMediaTLS }}

11
metal3-chart/charts/baremetal-operator/templates/deployment.yaml
View File

@@ -78,14 +78,6 @@ spec:
mountPath: "/opt/metal3/auth/ironic/password" mountPath: "/opt/metal3/auth/ironic/password"
subPath: password subPath: password
readOnly: true readOnly: true
- name: ironic-inspector-basic-auth
mountPath: "/opt/metal3/auth/ironic-inspector/username"
subPath: username
readOnly: true
- name: ironic-inspector-basic-auth
mountPath: "/opt/metal3/auth/ironic-inspector/password"
subPath: password
readOnly: true
{{- end }} {{- end }}
{{- if .Values.global.enable_tls }} {{- if .Values.global.enable_tls }}
- name: cacert - name: cacert
@@ -116,9 +108,6 @@ spec:
- name: ironic-basic-auth - name: ironic-basic-auth
secret: secret:
secretName: ironic-basic-auth secretName: ironic-basic-auth
- name: ironic-inspector-basic-auth
secret:
secretName: ironic-inspector-basic-auth
{{- end }} {{- end }}
{{- if .Values.global.enable_tls }} {{- if .Values.global.enable_tls }}
- name: cacert - name: cacert

4
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -28,11 +28,11 @@ images:
baremetalOperator: baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "0.6.1" tag: "0.8.0"
rbacProxy: rbacProxy:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: "v0.14.2" tag: "0.18.1"
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "manger" nameOverride: "manger"

4
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
appVersion: 24.1.2 appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3 description: A Helm chart for Ironic, used by Metal3
name: ironic name: ironic
type: application type: application
version: 0.7.0 version: 0.8.0

3
metal3-chart/charts/ironic/templates/_helpers.tpl
View File

@@ -77,9 +77,6 @@ Get ironic CA volumeMounts
- name: cert-ironic-ca - name: cert-ironic-ca
mountPath: "/certs/ca/ironic" mountPath: "/certs/ca/ironic"
readOnly: true readOnly: true
- name: cert-ironic-inspector-ca
mountPath: "/certs/ca/ironic-inspector"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }} {{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca - name: cert-ironic-vmedia-ca
mountPath: "/certs/ca/vmedia" mountPath: "/certs/ca/vmedia"

13
metal3-chart/charts/ironic/templates/certificates.yaml
View File

@@ -25,19 +25,6 @@ spec:
kind: Issuer kind: Issuer
name: ca-issuer name: ca-issuer
secretName: ironic-cert secretName: ironic-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ironic-inspector-cert
spec:
commonName: ironic-inspector-cert
ipAddresses:
- {{ .Values.global.ironicIP }}
issuerRef:
kind: Issuer
name: ca-issuer
secretName: ironic-inspector-cert
{{- if .Values.global.enable_vmedia_tls }} {{- if .Values.global.enable_vmedia_tls }}
--- ---
apiVersion: cert-manager.io/v1 apiVersion: cert-manager.io/v1

16
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -10,7 +10,6 @@ data:
{{- $protocol := ternary "https" "http" $enableTLS }} {{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }} {{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicInspectorHost := print $ironicIP ":5050" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicIP ":6180" }}
@@ -25,15 +24,11 @@ data:
{{- end }} {{- end }}
HTTP_PORT: "6180" HTTP_PORT: "6180"
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}" PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
USE_IRONIC_INSPECTOR: "true" USE_IRONIC_INSPECTOR: "false"
IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }} IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
IRONIC_API_HOST: {{ $ironicApiHost }} IRONIC_API_HOST: {{ $ironicApiHost }}
IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }} IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/ IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
# Switch VMedia to HTTP if enable_vmedia_tls is false # Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }} {{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }} {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -55,11 +50,9 @@ data:
{{- if .Values.global.provisioningIP }} {{- if .Values.global.provisioningIP }}
PROVISIONING_IP: {{ .Values.global.provisioningIP }} PROVISIONING_IP: {{ .Values.global.provisioningIP }}
{{- end }} {{- end }}
IRONIC_INSPECTOR_VLAN_INTERFACES: all
IRONIC_ILO_USE_SWIFT: "false" IRONIC_ILO_USE_SWIFT: "false"
IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true" IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
IRONIC_FAST_TRACK: "true" IRONIC_FAST_TRACK: "true"
IRONIC_USE_MARIADB: "true"
LISTEN_ALL_INTERFACES: "true" LISTEN_ALL_INTERFACES: "true"
{{- if .Values.global.ironicIP }} {{- if .Values.global.ironicIP }}
IRONIC_IP: {{ .Values.global.ironicIP }} IRONIC_IP: {{ .Values.global.ironicIP }}
@@ -69,7 +62,6 @@ data:
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
IPA_INSECURE: "0" IPA_INSECURE: "0"
IRONIC_REVERSE_PROXY_SETUP: "true" IRONIC_REVERSE_PROXY_SETUP: "true"
INSPECTOR_REVERSE_PROXY_SETUP: "true"
{{- if ( .Values.global.enable_vmedia_tls ) }} {{- if ( .Values.global.enable_vmedia_tls ) }}
VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}" VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
{{- end }} {{- end }}
@@ -81,6 +73,10 @@ data:
{{- end }} {{- end }}
{{- if ( .Values.global.enable_basicAuth ) }} {{- if ( .Values.global.enable_basicAuth ) }}
AUTH_STRATEGY: "http_basic" AUTH_STRATEGY: "http_basic"
INSPECTOR_AUTH_STRATEGY: "http_basic"
{{- end }} {{- end }}
{{- if .Values.global.enable_mariadb }}
MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
IRONIC_USE_MARIADB: "true"
{{- else }}
IRONIC_USE_MARIADB: "false"
{{- end }}

117
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -41,10 +41,7 @@ spec:
name: ironic-bmo name: ironic-bmo
livenessProbe: livenessProbe:
exec: exec:
command: command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
- /bin/sh
- -c
- curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
failureThreshold: 10 failureThreshold: 10
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30
@@ -62,10 +59,7 @@ spec:
{{- end }} {{- end }}
readinessProbe: readinessProbe:
exec: exec:
command: command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
- /bin/sh
- -c
- curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
failureThreshold: 10 failureThreshold: 10
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30
@@ -78,9 +72,6 @@ spec:
- name: cert-ironic - name: cert-ironic
mountPath: "/certs/ironic" mountPath: "/certs/ironic"
readOnly: true readOnly: true
- name: cert-ironic-inspector
mountPath: "/certs/ironic-inspector"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }} {{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia - name: cert-ironic-vmedia
mountPath: "/certs/vmedia" mountPath: "/certs/vmedia"
@@ -90,73 +81,6 @@ spec:
name: cert-ironic-ca name: cert-ironic-ca
readOnly: true readOnly: true
{{- end }} {{- end }}
- name: ironic-inspector
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runironic-inspector
envFrom:
- configMapRef:
name: ironic-bmo
env:
{{- if .Values.global.enable_basicAuth }}
- name: INSPECTOR_HTPASSWD
valueFrom:
secretKeyRef:
name: ironic-inspector-basic-auth
key: htpasswd
{{- end }}
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
livenessProbe:
exec:
command:
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 5050
name: inspector
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_basicAuth }}
- mountPath: "/auth/ironic/auth-config"
name: ironic-basic-auth
subPath: auth-config
readOnly: true
- mountPath: "/auth/ironic-inspector/auth-config"
name: ironic-inspector-basic-auth
subPath: auth-config
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
- name: cert-ironic-inspector
mountPath: "/certs/ironic-inspector"
readOnly: true
{{- end }}
- name: ironic-log-watch - name: ironic-log-watch
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }} image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }} imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
@@ -184,37 +108,33 @@ spec:
name: ironic-basic-auth name: ironic-basic-auth
key: htpasswd key: htpasswd
{{- end }} {{- end }}
{{- if .Values.global.enable_mariadb }}
- name: MARIADB_PASSWORD - name: MARIADB_PASSWORD
valueFrom: valueFrom:
secretKeyRef: secretKeyRef:
key: password key: password
name: ironic-mariadb name: ironic-mariadb
{{- end }}
livenessProbe: livenessProbe:
exec: exec:
command: command: ["/bin/ironic-liveness"]
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
failureThreshold: 10
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
ports: ports:
- containerPort: 6385 - containerPort: 6385
name: api name: api
protocol: TCP protocol: TCP
readinessProbe: readinessProbe:
exec: exec:
command: command: ["/bin/ironic-readiness"]
- /bin/sh
- -c
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
failureThreshold: 10
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10 timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
volumeMounts: volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }} {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_basicAuth }} {{- if .Values.global.enable_basicAuth }}
@@ -222,10 +142,6 @@ spec:
name: ironic-basic-auth name: ironic-basic-auth
subPath: auth-config subPath: auth-config
readOnly: true readOnly: true
- mountPath: "/auth/ironic-inspector/auth-config"
name: ironic-inspector-basic-auth
subPath: auth-config
readOnly: true
{{- end }} {{- end }}
{{- if .Values.global.enable_tls }} {{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }} {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
@@ -308,15 +224,16 @@ spec:
{{- end }} {{- end }}
volumes: volumes:
- name: ironic-data-volume - name: ironic-data-volume
{{- if .Values.persistence.ironic.size }}
persistentVolumeClaim: persistentVolumeClaim:
claimName: ironic-shared-volume claimName: ironic-shared-volume
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.global.enable_basicAuth }} {{- if .Values.global.enable_basicAuth }}
- name: ironic-basic-auth - name: ironic-basic-auth
secret: secret:
secretName: ironic-basic-auth secretName: ironic-basic-auth
- name: ironic-inspector-basic-auth
secret:
secretName: ironic-inspector-basic-auth
{{- if .Values.global.enable_tls }} {{- if .Values.global.enable_tls }}
- name: trusted-certs - name: trusted-certs
projected: projected:
@@ -333,12 +250,6 @@ spec:
- name: cert-ironic - name: cert-ironic
secret: secret:
secretName: ironic-cert secretName: ironic-cert
- name: cert-ironic-inspector-ca
secret:
secretName: ironic-cacert
- name: cert-ironic-inspector
secret:
secretName: ironic-inspector-cert
{{- if .Values.global.enable_vmedia_tls }} {{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca - name: cert-ironic-vmedia-ca
secret: secret:

2
metal3-chart/charts/ironic/templates/pvc.yaml
View File

@@ -1,3 +1,4 @@
{{- if .Values.persistence.ironic.size }}
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim kind: PersistentVolumeClaim
metadata: metadata:
@@ -22,3 +23,4 @@ spec:
storageClassName: {{ .Values.persistence.ironic.storageClass }} storageClassName: {{ .Values.persistence.ironic.storageClass }}
{{- end }} {{- end }}
volumeMode: Filesystem volumeMode: Filesystem
{{- end }}

29
metal3-chart/charts/ironic/templates/secrets-basic-auth.yaml
View File

@@ -29,34 +29,5 @@ data:
htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }} htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
auth-config: | auth-config: |
{{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }} {{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
---
{{- $ironicInspectorUsername := "" -}}
{{- $ironicInspectorPassword := "" -}}
{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
# Check if the secret is deployed and has a password
{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
# If not, check if a username and password are provided in values.yaml
{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
{{- else }}
# If no username and password are provided in values.yaml, generate new ones
{{- $ironicInspectorUsername = "ironic" -}}
{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $inspectorSecretName }}
type: Opaque
data:
username: {{ $ironicInspectorUsername | b64enc }}
password: {{ $ironicInspectorPassword | b64enc }}
htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername $ironicInspectorPassword) }}
auth-config: |
{{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
{{- end }} {{- end }}

13
metal3-chart/charts/ironic/values.yaml
View File

@@ -56,11 +56,11 @@ images:
ironic: ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 24.1.2.0 tag: 26.1.2.0
ironicIPADownloader: ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 2.0.0 tag: 3.0.0
nameOverride: "" nameOverride: ""
fullnameOverride: "" fullnameOverride: ""
@@ -102,10 +102,6 @@ service:
port: 6185 port: 6185
protocol: TCP protocol: TCP
targetPort: 6185 targetPort: 6185
- name: inspector
port: 5050
protocol: TCP
targetPort: 5050
- name: api - name: api
port: 6385 port: 6385
protocol: TCP protocol: TCP
@@ -144,8 +140,9 @@ persistence:
# storageClass for the ironic shared volume # storageClass for the ironic shared volume
# Ensure the storageClass is defined # Ensure the storageClass is defined
storageClass: "" storageClass: ""
# size of the ironic shared volume # size of the ironic shared volume e.g "1Gi"
size: "1Gi" # When unset persistent storage is disabled and emptyDir is enabled
size: ""
# accessMode of the ironic shared volume PVC # accessMode of the ironic shared volume PVC
# If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany # If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
accessMode: "" accessMode: ""

2
metal3-chart/charts/media/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 1.16.0
description: A Helm chart for Media, used by Metal3 description: A Helm chart for Media, used by Metal3
name: media name: media
type: application type: application
version: 0.5.0 version: 0.6.0

2
metal3-chart/charts/media/values.yaml
View File

@@ -24,7 +24,7 @@ replicaCount: 1
image: image:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
tag: 24.1.2.0 tag: 26.1.2.0
imagePullSecrets: [] imagePullSecrets: []
nameOverride: "" nameOverride: ""

7
metal3-chart/values.yaml
View File

@@ -6,6 +6,9 @@ global:
# IP on which the Ironic services will be exposed # IP on which the Ironic services will be exposed
ironicIP: "" ironicIP: ""
# whether to enable mariadb (default is sqlite)
enable_mariadb: false
# whether to enable media server. # whether to enable media server.
enable_metal3_media_server: false enable_metal3_media_server: false
@@ -28,8 +31,6 @@ global:
auth: auth:
ironicUsername: "" ironicUsername: ""
ironicPassword: "" ironicPassword: ""
ironicInspectorUsername: ""
ironicInspectorPassword: ""
# whether to have additional trusted CA # whether to have additional trusted CA
# NOTE: If enabled, a secret with name tls-ca-additional should be deployed # NOTE: If enabled, a secret with name tls-ca-additional should be deployed
@@ -125,6 +126,4 @@ metal3-baremetal-operator:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator" repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
rbacProxy: rbacProxy:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy" repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
tag: "v0.18.0"

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3-%RELEASE% #!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:302.0.0_up0.13.0
apiVersion: v2 apiVersion: v2
appVersion: 0.11.0 appVersion: 0.13.0
description: Rancher Turtles utility chart for airgap scenarios description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/ home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources name: rancher-turtles-airgap-resources
type: application type: application
version: 0.3.3 version: 302.0.0+up0.13.0

4
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

6
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

@@ -3647,7 +3647,7 @@ data:
envFrom: envFrom:
- configMapRef: - configMapRef:
name: capm3-capm3fasttrack-configmap name: capm3-capm3fasttrack-configmap
image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1 image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -3731,7 +3731,7 @@ data:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.namespace fieldPath: metadata.namespace
image: quay.io/metal3-io/ip-address-manager:v1.7.1 image: quay.io/metal3-io/ip-address-manager:v1.7.2
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -4384,7 +4384,7 @@ data:
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v1.7.1 name: v1.7.2
namespace: capm3-system namespace: capm3-system
labels: labels:
provider-components: metal3 provider-components: metal3

17
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -868,6 +868,11 @@ data:
type: string type: string
type: array type: array
type: object type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults: protectKernelDefaults:
description: |- description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2050,6 +2055,11 @@ data:
type: string type: string
type: array type: array
type: object type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults: protectKernelDefaults:
description: |- description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2535,7 +2545,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command: command:
- /manager - /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.1 image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -2742,10 +2752,13 @@ data:
- major: 0 - major: 0
minor: 7 minor: 7
contract: v1beta1 contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v0.7.1 name: v0.8.0
namespace: rke2-bootstrap-system namespace: rke2-bootstrap-system
labels: labels:
provider-components: rke2-bootstrap provider-components: rke2-bootstrap

17
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -1513,6 +1513,11 @@ data:
type: string type: string
type: array type: array
type: object type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults: protectKernelDefaults:
description: |- description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2926,6 +2931,11 @@ data:
type: string type: string
type: array type: array
type: object type: object
podSecurityAdmissionConfigFile:
description: |-
PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
spec.Files field.
type: string
protectKernelDefaults: protectKernelDefaults:
description: |- description: |-
ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -4285,7 +4295,7 @@ data:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.uid fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.1 image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
livenessProbe: livenessProbe:
httpGet: httpGet:
@@ -4499,10 +4509,13 @@ data:
- major: 0 - major: 0
minor: 7 minor: 7
contract: v1beta1 contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
kind: ConfigMap kind: ConfigMap
metadata: metadata:
creationTimestamp: null creationTimestamp: null
name: v0.7.1 name: v0.8.0
namespace: rke2-control-plane-system namespace: rke2-control-plane-system
labels: labels:
provider-components: rke2-control-plane provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies: dependencies:
- name: cluster-api-operator - name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.12.0 version: 0.14.0
digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526 digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
generated: "2024-08-22T14:23:18.589443298Z" generated: "2024-10-28T11:44:34.392387979Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3 #!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3-%RELEASE% #!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:302.0.0_up0.13.0-%RELEASE%
annotations: annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
catalog.cattle.io/scope: management catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool catalog.cattle.io/type: cluster-tool
apiVersion: v2 apiVersion: v2
appVersion: 0.11.0 appVersion: 0.13.0
dependencies: dependencies:
- condition: cluster-api-operator.enabled - condition: cluster-api-operator.enabled
name: cluster-api-operator name: cluster-api-operator
repository: file://./charts/cluster-api-operator repository: file://./charts/cluster-api-operator
version: 0.12.0 version: 0.14.0
description: Rancher Turtles is an extension to Rancher that brings full Cluster API description: Rancher Turtles is an extension to Rancher that brings full Cluster API
integration to Rancher. integration to Rancher.
home: https://github.com/rancher/turtles/ home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
- provisioning - provisioning
name: rancher-turtles name: rancher-turtles
type: application type: application
version: 0.3.3+up0.11.0 version: 302.0.0+up0.13.0

10
rancher-turtles-chart/RELEASE_NOTES.md
View File

@@ -1,6 +1,4 @@
## Changes since test/v0.11.0 gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
--- env:
## :chart_with_upwards_trend: Overview GH_TOKEN: ${{ github.token }}
: exit status 4
_Thanks to all our contributors!_ 😊

4
rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2 apiVersion: v2
appVersion: 0.12.0 appVersion: 0.14.0
description: Cluster API Operator description: Cluster API Operator
name: cluster-api-operator name: cluster-api-operator
type: application type: application
version: 0.12.0 version: 0.14.0

4
rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml
View File

@@ -26,7 +26,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
"argocd.argoproj.io/sync-wave": "1" "argocd.argoproj.io/sync-wave": "1"
name: {{ $addonNamespace }} name: {{ $addonNamespace }}
@@ -37,7 +37,7 @@ metadata:
name: {{ $addonName }} name: {{ $addonName }}
namespace: {{ $addonNamespace }} namespace: {{ $addonNamespace }}
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2" "argocd.argoproj.io/sync-wave": "2"
{{- if or $addonVersion $.Values.secretName }} {{- if or $addonVersion $.Values.secretName }}

4
rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml
View File

@@ -26,7 +26,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
name: {{ $bootstrapNamespace }} name: {{ $bootstrapNamespace }}
--- ---
@@ -36,7 +36,7 @@ metadata:
name: {{ $bootstrapName }} name: {{ $bootstrapName }}
namespace: {{ $bootstrapNamespace }} namespace: {{ $bootstrapNamespace }}
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
{{- if or $bootstrapVersion $.Values.configSecret.name }} {{- if or $bootstrapVersion $.Values.configSecret.name }}
spec: spec:

4
rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
View File

@@ -26,7 +26,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
name: {{ $controlPlaneNamespace }} name: {{ $controlPlaneNamespace }}
--- ---
@@ -36,7 +36,7 @@ metadata:
name: {{ $controlPlaneName }} name: {{ $controlPlaneName }}
namespace: {{ $controlPlaneNamespace }} namespace: {{ $controlPlaneNamespace }}
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
{{- if or $controlPlaneVersion $.Values.configSecret.name }} {{- if or $controlPlaneVersion $.Values.configSecret.name }}
spec: spec:

4
rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml
View File

@@ -6,7 +6,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
name: capi-system name: capi-system
--- ---
@@ -16,7 +16,7 @@ metadata:
name: cluster-api name: cluster-api
namespace: capi-system namespace: capi-system
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
{{- with .Values.configSecret }} {{- with .Values.configSecret }}
spec: spec:

4
rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
View File

@@ -25,7 +25,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
name: {{ $coreNamespace }} name: {{ $coreNamespace }}
--- ---
@@ -35,7 +35,7 @@ metadata:
name: {{ $coreName }} name: {{ $coreName }}
namespace: {{ $coreNamespace }} namespace: {{ $coreNamespace }}
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2" "argocd.argoproj.io/sync-wave": "2"
{{- if or $coreVersion $.Values.configSecret.name }} {{- if or $coreVersion $.Values.configSecret.name }}

3
rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
View File

@@ -74,6 +74,9 @@ spec:
{{- if .Values.insecureDiagnostics }} {{- if .Values.insecureDiagnostics }}
- --insecure-diagnostics={{ .Values.insecureDiagnostics }} - --insecure-diagnostics={{ .Values.insecureDiagnostics }}
{{- end }} {{- end }}
{{- if .Values.watchConfigSecret }}
- --watch-configsecret
{{- end }}
{{- with .Values.leaderElection }} {{- with .Values.leaderElection }}
- --leader-elect={{ .enabled }} - --leader-elect={{ .enabled }}
{{- if .leaseDuration }} {{- if .leaseDuration }}

8
rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
View File

@@ -7,7 +7,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
"argocd.argoproj.io/sync-wave": "1" "argocd.argoproj.io/sync-wave": "1"
name: capi-kubeadm-bootstrap-system name: capi-kubeadm-bootstrap-system
@@ -18,7 +18,7 @@ metadata:
name: kubeadm name: kubeadm
namespace: capi-kubeadm-bootstrap-system namespace: capi-kubeadm-bootstrap-system
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2" "argocd.argoproj.io/sync-wave": "2"
{{- with .Values.configSecret }} {{- with .Values.configSecret }}
@@ -37,7 +37,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
"argocd.argoproj.io/sync-wave": "1" "argocd.argoproj.io/sync-wave": "1"
name: capi-kubeadm-control-plane-system name: capi-kubeadm-control-plane-system
@@ -48,7 +48,7 @@ metadata:
name: kubeadm name: kubeadm
namespace: capi-kubeadm-control-plane-system namespace: capi-kubeadm-control-plane-system
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2" "argocd.argoproj.io/sync-wave": "2"
{{- with .Values.configSecret }} {{- with .Values.configSecret }}

17
rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
View File

@@ -1,13 +1,3 @@
{{- define "recursivePrinter" }}
{{- range $key, $value := . }}
{{- if kindIs "map" $value }}
{{ $key }}:
{{- include "recursivePrinter" $value | indent 2 }}
{{- else }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end }}
# Infrastructure providers # Infrastructure providers
{{- if .Values.infrastructure }} {{- if .Values.infrastructure }}
{{- $infrastructures := split ";" .Values.infrastructure }} {{- $infrastructures := split ";" .Values.infrastructure }}
@@ -36,7 +26,7 @@ apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1" "helm.sh/hook-weight": "1"
"argocd.argoproj.io/sync-wave": "1" "argocd.argoproj.io/sync-wave": "1"
name: {{ $infrastructureNamespace }} name: {{ $infrastructureNamespace }}
@@ -47,7 +37,7 @@ metadata:
name: {{ $infrastructureName }} name: {{ $infrastructureName }}
namespace: {{ $infrastructureNamespace }} namespace: {{ $infrastructureNamespace }}
annotations: annotations:
"helm.sh/hook": "post-install" "helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2" "helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2" "argocd.argoproj.io/sync-wave": "2"
{{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }} {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
@@ -77,8 +67,7 @@ spec:
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if $.Values.additionalDeployments }} {{- if $.Values.additionalDeployments }}
additionalDeployments: additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
{{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- end }} {{- end }}

7
rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
View File

@@ -13,7 +13,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'
@@ -3023,7 +3022,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'
@@ -7618,7 +7616,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'
@@ -12216,7 +12213,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'
@@ -16811,7 +16807,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'
@@ -21409,7 +21404,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'
@@ -24419,7 +24413,6 @@ spec:
strategy: Webhook strategy: Webhook
webhook: webhook:
clientConfig: clientConfig:
caBundle: Cg==
service: service:
name: capi-operator-webhook-service name: capi-operator-webhook-service
namespace: '{{ .Release.Namespace }}' namespace: '{{ .Release.Namespace }}'

3
rancher-turtles-chart/charts/cluster-api-operator/values.yaml
View File

@@ -19,7 +19,7 @@ leaderElection:
image: image:
manager: manager:
repository: registry.k8s.io/capi-operator/cluster-api-operator repository: registry.k8s.io/capi-operator/cluster-api-operator
tag: v0.12.0 tag: v0.14.0
pullPolicy: IfNotPresent pullPolicy: IfNotPresent
env: env:
manager: [] manager: []
@@ -27,6 +27,7 @@ healthAddr: ":8081"
metricsBindAddr: "127.0.0.1:8080" metricsBindAddr: "127.0.0.1:8080"
diagnosticsAddress: "8443" diagnosticsAddress: "8443"
insecureDiagnostics: false insecureDiagnostics: false
watchConfigSecret: false
imagePullSecrets: {} imagePullSecrets: {}
resources: resources:
manager: manager:

66
rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml Normal file
View File

@@ -0,0 +1,66 @@
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: pre-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-2"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: pre-upgrade-job-delete-clusterctl-configmap
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-2"
rules:
- apiGroups: [""]
resources:
- configmaps
verbs:
- list
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pre-upgrade-job-clusterctl-configmap-cleanup
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-2"
subjects:
- kind: ServiceAccount
name: pre-upgrade-job
namespace: '{{ .Values.rancherTurtles.namespace }}'
roleRef:
kind: ClusterRole
name: pre-upgrade-job-delete-clusterctl-configmap
apiGroup: rbac.authorization.k8s.io
---
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-clusterctl-configmap-cleanup
namespace: '{{ .Values.rancherTurtles.namespace }}'
annotations:
"helm.sh/hook": "post-delete, pre-upgrade"
"helm.sh/hook-weight": "-1"
spec:
ttlSecondsAfterFinished: 300
template:
spec:
serviceAccountName: pre-upgrade-job
containers:
- name: rancher-clusterctl-configmap-cleanup
image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
args:
- delete
- configmap
- --namespace={{ .Values.rancherTurtles.namespace }}
- clusterctl-config
- --ignore-not-found=true
restartPolicy: Never
{{- end }}

2
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers: containers:
- args: - args:
- --leader-elect - --leader-elect
- --feature-gates=etcd-snapshot-restore={{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled"}},propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}} - --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
{{- range .Values.rancherTurtles.managerArguments }} {{- range .Values.rancherTurtles.managerArguments }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}

11
rancher-turtles-chart/templates/metal3-infrastructure.yaml
View File

@@ -2,6 +2,17 @@
{{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }} {{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
{{- if not (lookup "v1" "Namespace" "" $namespace) }} {{- if not (lookup "v1" "Namespace" "" $namespace) }}
--- ---
apiVersion: turtles-capi.cattle.io/v1alpha1
kind: ClusterctlConfig
metadata:
name: clusterctl-config
namespace: rancher-turtles-system
spec:
providers:
- name: metal3
url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
type: InfrastructureProvider
---
apiVersion: v1 apiVersion: v1
kind: Namespace kind: Namespace
metadata: metadata:

2
rancher-turtles-chart/templates/pre-install-job.yaml
View File

@@ -1,4 +1,5 @@
{{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }} {{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
{{- if index .Values "rancherTurtles" "rancherInstalled"}}
--- ---
apiVersion: management.cattle.io/v3 apiVersion: management.cattle.io/v3
kind: Feature kind: Feature
@@ -10,6 +11,7 @@ metadata:
spec: spec:
value: false value: false
{{- end }} {{- end }}
{{- end }}
{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }} {{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
--- ---
apiVersion: v1 apiVersion: v1

116
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

@@ -18,7 +18,7 @@ spec:
- jsonPath: .spec.type - jsonPath: .spec.type
name: Type name: Type
type: string type: string
- jsonPath: .spec.name - jsonPath: .status.name
name: ProviderName name: ProviderName
type: string type: string
- jsonPath: .status.installedVersion - jsonPath: .status.installedVersion
@@ -2979,15 +2979,7 @@ spec:
type: string type: string
type: type:
description: Type is the type of the provider to enable description: Type is the type of the provider to enable
enum: example: InfrastructureProvider
- infrastructure
- core
- controlPlane
- bootstrap
- addon
- runtimeextension
- ipam
example: infrastructure
type: string type: string
variables: variables:
additionalProperties: additionalProperties:
@@ -3073,6 +3065,10 @@ spec:
description: InstalledVersion is the version of the provider that description: InstalledVersion is the version of the provider that
is installed. is installed.
type: string type: string
name:
description: Name reflects actual provider name, which will be visible
to users in 'kubectl get capiproviders -A -o wide'
type: string
observedGeneration: observedGeneration:
description: ObservedGeneration is the latest generation observed description: ObservedGeneration is the latest generation observed
by the controller. by the controller.
@@ -3102,6 +3098,104 @@ spec:
subresources: subresources:
status: {} status: {}
--- ---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
name: clusterctlconfigs.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: ClusterctlConfig
listKind: ClusterctlConfigList
plural: clusterctlconfigs
singular: clusterctlconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterctlConfig is the Schema for the CAPI Clusterctl config
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterctlConfigSpec defines the user overrides for images
and known providers with sources
properties:
images:
description: Images is a list of image overrided for specified providers
items:
description: Image allows to define transformations to apply to
the image contained in the YAML manifests.
properties:
name:
description: Name of the provider image override
example: all
type: string
repository:
description: Repository sets the container registry override
to pull images from.
example: my-registry/my-org
type: string
tag:
description: Tag allows to specify a tag for the images.
type: string
required:
- name
type: object
type: array
providers:
description: Provider overrides
items:
description: Provider allows to define providers with known URLs
to pull the components.
properties:
name:
description: Name of the provider
type: string
type:
description: Type is the type of the provider
example: InfrastructureProvider
type: string
url:
description: URL of the provider components. Will be used unless
and override is specified
type: string
required:
- name
- type
- url
type: object
type: array
type: object
type: object
x-kubernetes-validations:
- message: Clusterctl Config should be named clusterctl-config.
rule: self.metadata.name == 'clusterctl-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1 apiVersion: v1
kind: ServiceAccount kind: ServiceAccount
metadata: metadata:
@@ -3277,6 +3371,8 @@ rules:
resources: resources:
- capiproviders - capiproviders
- capiproviders/status - capiproviders/status
- clusterctlconfigs
- clusterctlconfigs/status
verbs: verbs:
- get - get
- list - list

754
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml
View File

@@ -3,13 +3,16 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdmachinesnapshots.turtles-capi.cattle.io name: etcdmachinesnapshots.turtles-capi.cattle.io
spec: spec:
group: turtles-capi.cattle.io group: turtles-capi.cattle.io
names: names:
kind: EtcdMachineSnapshot kind: ETCDMachineSnapshot
listKind: EtcdMachineSnapshotList listKind: ETCDMachineSnapshotList
plural: etcdmachinesnapshots plural: etcdmachinesnapshots
singular: etcdmachinesnapshot singular: etcdmachinesnapshot
scope: Namespaced scope: Namespaced
@@ -17,7 +20,7 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: EtcdMachineSnapshot is the Schema for the EtcdMachineSnapshot description: ETCDMachineSnapshot is the Schema for the ETCDMachineSnapshot
API. API.
properties: properties:
apiVersion: apiVersion:
@@ -38,21 +41,81 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: EtcdMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot. description: ETCDMachineSnapshotSpec defines the desired state of EtcdMachineSnapshot
properties: properties:
foo: clusterName:
type: string
configRef:
type: string
location:
type: string
machineName:
type: string type: string
required: required:
- foo - clusterName
- configRef
- location
- machineName
type: object type: object
x-kubernetes-validations:
- message: ETCD snapshot location can't be empty.
rule: size(self.location)>0
status: status:
default: {} default: {}
description: EtcdMachineSnapshotStatus defines observed state of EtcdMachineSnapshot. description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore
properties: properties:
bar: conditions:
description: Conditions provide observations of the operational state
of a Cluster API resource.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
manual:
type: boolean
phase:
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string type: string
required:
- bar
type: object type: object
type: object type: object
served: true served: true
@@ -64,13 +127,16 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition kind: CustomResourceDefinition
metadata: metadata:
annotations: annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0 controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: etcd-restore
name: etcdsnapshotrestores.turtles-capi.cattle.io name: etcdsnapshotrestores.turtles-capi.cattle.io
spec: spec:
group: turtles-capi.cattle.io group: turtles-capi.cattle.io
names: names:
kind: EtcdSnapshotRestore kind: ETCDSnapshotRestore
listKind: EtcdSnapshotRestoreList listKind: ETCDSnapshotRestoreList
plural: etcdsnapshotrestores plural: etcdsnapshotrestores
singular: etcdsnapshotrestore singular: etcdsnapshotrestore
scope: Namespaced scope: Namespaced
@@ -78,7 +144,7 @@ spec:
- name: v1alpha1 - name: v1alpha1
schema: schema:
openAPIV3Schema: openAPIV3Schema:
description: EtcdSnapshotRestore is the schema for the EtcdSnapshotRestore description: ETCDSnapshotRestore is the schema for the ETCDSnapshotRestore
API. API.
properties: properties:
apiVersion: apiVersion:
@@ -99,25 +165,673 @@ spec:
metadata: metadata:
type: object type: object
spec: spec:
description: EtcdSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore. description: ETCDSnapshotRestoreSpec defines the desired state of EtcdSnapshotRestore.
properties: properties:
foo: clusterName:
type: string
etcdMachineSnapshotName:
type: string type: string
required: required:
- foo - clusterName
- etcdMachineSnapshotName
type: object type: object
x-kubernetes-validations:
- message: Cluster Name can't be empty.
rule: size(self.clusterName)>0
- message: ETCD machine snapshot name can't be empty.
rule: size(self.etcdMachineSnapshotName)>0
status: status:
default: {} default: {}
description: EtcdSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore. description: ETCDSnapshotRestoreStatus defines observed state of EtcdSnapshotRestore.
properties: properties:
bar: conditions:
description: Conditions provide observations of the operational state
of a Cluster API resource.
items:
description: Condition defines an observation of a Cluster API resource
operational state.
properties:
lastTransitionTime:
description: |-
Last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when
the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
A human readable message indicating details about the transition.
This field may be empty.
type: string
reason:
description: |-
The reason for the condition's last transition in CamelCase.
The specific API may choose whether or not this field is considered a guaranteed API.
This field may not be empty.
type: string
severity:
description: |-
Severity provides an explicit classification of Reason code, so the users or machines can immediately
understand the current situation and act accordingly.
The Severity field MUST be set only when Status=False.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: |-
Type of condition in CamelCase or in foo.example.com/CamelCase.
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
can be useful (see .node.status.conditions), the ability to deconflict is important.
type: string
required:
- lastTransitionTime
- status
- type
type: object
type: array
phase:
default: Pending
description: ETCDSnapshotPhase is a string representation of the phase
of the etcd snapshot
type: string type: string
required:
- bar
type: object type: object
type: object type: object
served: true served: true
storage: true storage: true
subresources: subresources:
status: {} status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: etcd-restore
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
names:
kind: RKE2EtcdMachineSnapshotConfig
listKind: RKE2EtcdMachineSnapshotConfigList
plural: rke2etcdmachinesnapshotconfigs
singular: rke2etcdmachinesnapshotconfig
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: RKE2EtcdMachineSnapshotConfig is the config for the RKE2EtcdMachineSnapshotConfig
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RKE2EtcdMachineSnapshotConfigSpec defines the desired state
of RKE2EtcdMachineSnapshotConfig
properties:
local:
properties:
dataDir:
type: string
required:
- dataDir
type: object
s3:
properties:
bucket:
type: string
endpoint:
type: string
endpointCAsecret:
type: string
folder:
type: string
insecure:
type: boolean
location:
type: string
region:
type: string
s3CredentialSecret:
type: string
skipSSLVerify:
type: boolean
type: object
required:
- local
- s3
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: rancher-turtles-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-leader-election-role
namespace: rancher-turtles-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rancher-turtles-exp/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles-exp/aggregate-to-manager: "true"
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager-role
rules:
- apiGroups:
- ""
resources:
- configmaps
- events
- secrets
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts/token
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- get
- apiGroups:
- bootstrap.cluster.x-k8s.io
resources:
- rke2configs
- rke2configs/finalizers
- rke2configs/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- management.cattle.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdmachinesnapshots/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- etcdsnapshotrestores/status
verbs:
- get
- patch
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs/finalizers
verbs:
- update
- apiGroups:
- turtles-capi.cattle.io
resources:
- rke2etcdmachinesnapshotconfigs/status
verbs:
- get
- patch
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding
namespace: rancher-turtles-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-etcdsnapshotrestore-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: rancher-turtles-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: rancher-turtles-system
---
apiVersion: v1
kind: Service
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
turtles-capi.cattle.io: etcd-restore
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-controller-manager
namespace: rancher-turtles-system
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
spec:
containers:
- args:
- --leader-elect
command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/turtles-etcd-snapshot-restore:dev
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-serving-cert
namespace: rancher-turtles-system
spec:
dnsNames:
- rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc
- rancher-turtles-etcdsnapshotrestore-webhook-service.rancher-turtles-system.svc.cluster.local
issuerRef:
kind: Issuer
name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
namespace: rancher-turtles-system
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
name: systemagentrke2config.kb.io
rules:
- apiGroups:
- bootstrap.cluster.x-k8s.io
apiVersions:
- v1beta1
operations:
- CREATE
- UPDATE
resources:
- rke2configs
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: rancher-turtles-system/rancher-turtles-etcdsnapshotrestore-serving-cert
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
failurePolicy: Fail
matchPolicy: Equivalent
name: etcdmachinesnapshot.kb.io
rules:
- apiGroups:
- turtles-capi.cattle.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- etcdmachinesnapshots
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
namespace: rancher-turtles-system
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
failurePolicy: Fail
matchPolicy: Equivalent
name: etcdsnapshotrestore.kb.io
rules:
- apiGroups:
- turtles-capi.cattle.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- etcdsnapshotrestores
sideEffects: None
{{- end }} {{- end }}

20
rancher-turtles-chart/values.yaml
View File

@@ -1,10 +1,11 @@
rancherTurtles: rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.11.0 imageVersion: v0.13.0
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system namespace: rancher-turtles-system
managerArguments: [] managerArguments: []
imagePullSecrets: [] imagePullSecrets: []
rancherInstalled: true
features: features:
cluster-api-operator: cluster-api-operator:
cleanup: true cleanup: true
@@ -30,10 +31,6 @@ cluster-api-operator:
enabled: true enabled: true
cert-manager: cert-manager:
enabled: false enabled: false
image:
manager:
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator"
tag: 0.12.0
volumes: volumes:
- name: cert - name: cert
secret: secret:
@@ -42,6 +39,9 @@ cluster-api-operator:
- name: clusterctl-config - name: clusterctl-config
configMap: configMap:
name: clusterctl-config name: clusterctl-config
image:
manager:
repository: registry.rancher.com/rancher/cluster-api-operator
volumeMounts: volumeMounts:
manager: manager:
- mountPath: /tmp/k8s-webhook-server/serving-certs - mountPath: /tmp/k8s-webhook-server/serving-certs
@@ -57,7 +57,7 @@ cluster-api-operator:
defaultName: capi-env-variables defaultName: capi-env-variables
core: core:
namespace: capi-system namespace: capi-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-controller:1.7.5" imageUrl: ""
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
@@ -66,13 +66,13 @@ cluster-api-operator:
version: "" version: ""
bootstrap: bootstrap:
namespace: rke2-bootstrap-system namespace: rke2-bootstrap-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:0.7.1" imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0"
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
controlPlane: controlPlane:
namespace: rke2-control-plane-system namespace: rke2-control-plane-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:0.7.1" imageUrl: "registry.rancher.com/rancher/cluster-api-provider-rke2-controlplane:v0.8.0"
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
@@ -81,10 +81,10 @@ cluster-api-operator:
version: "" version: ""
infrastructure: infrastructure:
namespace: capm3-system namespace: capm3-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.1" imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-metal3:1.7.2"
fetchConfig: fetchConfig:
url: "" url: ""
selector: "" selector: ""
ipam: ipam:
namespace: capm3-system namespace: capm3-system
imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%ip-address-manager:1.7.1" imageUrl: "%%IMG_REPO%%/%%IMG_PREFIX%%images/ip-address-manager:1.7.2"