Fix missed 302 chart prefixes

The CDI chart should only use CHART_MAJOR, and the cluster-api-operator
subchart doesn't need to use a prefix

.obs/workflows.yml

@@ -66,14 +66,6 @@ staging_build:
       source_package: frr-k8s
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-operator
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: kubectl
       source_project: isv:SUSE:Edge:Factory
@@ -82,10 +74,6 @@ staging_build:
       source_package: upgrade-controller
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: nm-configurator
       source_project: isv:SUSE:Edge:Factory
@@ -122,10 +110,6 @@ staging_build:
       source_package: cdi-chart
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-controller-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: cluster-api-provider-metal3-image
       source_project: isv:SUSE:Edge:Factory
@@ -134,10 +118,6 @@ staging_build:
       source_package: metallb-chart
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-operator-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: sriov-crd-chart
       source_project: isv:SUSE:Edge:Factory
@@ -154,10 +134,6 @@ staging_build:
       source_package: ironic-ipa-downloader-image
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2-controlplane-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: upgrade-controller-image
       source_project: isv:SUSE:Edge:Factory
@@ -170,10 +146,6 @@ staging_build:
       source_package: baremetal-operator-image
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
-  - branch_package:
-      source_package: cluster-api-provider-rke2-bootstrap-image
-      source_project: isv:SUSE:Edge:Factory
-      target_project: isv:SUSE:Edge:Factory:Staging
   - branch_package:
       source_package: sriov-network-operator-chart
       source_project: isv:SUSE:Edge:Factory
@@ -230,3 +202,19 @@ staging_build:
       source_package: ironic-ipa-ramdisk
       source_project: isv:SUSE:Edge:Factory
       target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kubevirt-dashboard-extension-chart
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kiwi-builder-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: kubevirt-chart
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging
+  - branch_package:
+      source_package: release-manifest-image
+      source_project: isv:SUSE:Edge:Factory
+      target_project: isv:SUSE:Edge:Factory:Staging

akri-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20
-#!BuildTag: %%IMG_PREFIX%%akri-chart:0.12.20-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20
+#!BuildTag: %%IMG_PREFIX%%akri-chart:%%CHART_MAJOR%%.0.0_up0.12.20-%RELEASE%
 annotations:
   catalog.cattle.io/display-name: Akri
 apiVersion: v2
@@ -8,4 +8,4 @@ description: A Helm chart for Akri
 icon: https://raw.githubusercontent.com/project-akri/akri-docs/main/art/icon/akri-icon-light.svg
 name: akri
 type: application
-version: 0.12.20
+version: "%%CHART_MAJOR%%.0.0+up0.12.20"

akri-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

akri-dashboard-extension-chart/Chart.yaml

@@ -1,20 +1,20 @@
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0
-#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:1.1.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0
+#!BuildTag: %%IMG_PREFIX%%akri-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Akri
-  catalog.cattle.io/kube-version: '>= v1.26.0-0'
+  catalog.cattle.io/kube-version: ">= v1.26.0-0"
   catalog.cattle.io/namespace: cattle-ui-plugin-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux, windows
-  catalog.cattle.io/rancher-version: '>= v2.9.0'
+  catalog.cattle.io/rancher-version: ">= 2.10.0-0"
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/ui-extensions-version: '>= 2.0.1'
+  catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
 apiVersion: v2
-appVersion: 1.1.0
-description: 'SUSE Edge: Akri extension for Rancher Dashboard'
+appVersion: 1.2.0
+description: "SUSE Edge: Akri extension for Rancher Dashboard"
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
 name: akri-dashboard-extension
 type: application
-version: 1.1.0
+version: "%%CHART_MAJOR%%.0.0+up1.2.0"

akri-dashboard-extension-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

akri-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.1.0
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.0
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
     metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

akri-dashboard-extension-chart/values.yaml

@@ -7,6 +7,6 @@ plugin:
   noAuth: false
   metadata:
     catalog.cattle.io/display-name: Akri
-    catalog.cattle.io/rancher-version: ">= v2.9.0"
-    catalog.cattle.io/ui-extensions-version: ">= 2.0.1"
+    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

cdi-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0
-#!BuildTag: %%IMG_PREFIX%%cdi-chart:0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%IMG_PREFIX%%cdi-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
 apiVersion: v2
 appVersion: 1.60.1
 description: A Helm chart for Containerized Data Importer (CDI)
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: cdi
 type: application
-version: 0.4.0
+version: "%%CHART_MAJOR%%.0.0+up0.4.0"

cdi-chart/_service

@@ -4,5 +4,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

cluster-api-controller-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:v%%cluster-api_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-controller:%%cluster-api_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api Container Image"
-LABEL org.opencontainers.image.description="cluster-api based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api:%%cluster-api_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-controller /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-operator-image/Dockerfile

@@ -1,35 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-operator shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-operator
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-operator Container Image"
-LABEL org.opencontainers.image.description="cluster-api-operator based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-operator_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-operator:%%cluster-api-operator_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/cluster-api-operator-controller /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-operator-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-operator_version%%</param>
-    <param name="package">cluster-api-operator</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

cluster-api-operator/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/cluster-api-operator</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.12.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-operator/cluster-api-operator.spec

@@ -1,52 +0,0 @@
-#
-# spec file for package cluster-api-operator
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-operator
-Version:        0.12.0
-Release:        0
-Summary:        Cluster API Core Controller
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/cluster-api-operator
-Source:         cluster-api-operator-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.21
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API operator
-
-%prep
-%autosetup -a1 -n cluster-api-operator-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-   -o cluster-api-operator cmd/main.go
-
-%install
-install -D -m0755 cluster-api-operator %{buildroot}%{_bindir}/cluster-api-operator-controller
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-operator-controller
-
-%changelog

cluster-api-provider-metal3/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/cluster-api-provider-metal3</param>
     <param name="scm">git</param>
-    <param name="revision">v1.8.2</param>
+    <param name="revision">v1.7.2</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

cluster-api-provider-metal3/cluster-api-provider-metal3.spec

@@ -17,7 +17,7 @@
 
 
 Name:           cluster-api-provider-metal3
-Version:        1.8.2
+Version:        1.7.2
 Release:        0
 Summary:        Cluster API Infrastructure Provider for Metal3
 License:        Apache-2.0

cluster-api-provider-rke2-bootstrap-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:v%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-bootstrap shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-rke2
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-bootstrap:%%cluster-api-provider-rke2_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/rke2-bootstrap-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-rke2-controlplane-image/Dockerfile

@@ -1,36 +0,0 @@
-# SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:v%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%
-#!BuildTag: %%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%
-#!BuildVersion: 15.6
-ARG SLE_VERSION
-FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
-
-FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
-COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends cluster-api-provider-rke2-control-plane shadow; zypper -n clean; rm -rf /var/log/*
-
-FROM micro AS final
-# Define labels according to https://en.opensuse.org/Building_derived_containers
-# labelprefix=com.suse.application.cluster-api-provider-rke2
-LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
-LABEL org.opencontainers.image.title="SLE cluster-api-provider-rke2 Container Image"
-LABEL org.opencontainers.image.description="cluster-api-provider-rke2 based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%cluster-api-provider-rke2_version%%"
-LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
-LABEL org.opencontainers.image.created="%BUILDTIME%"
-LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%cluster-api-provider-rke2-controlplane:%%cluster-api-provider-rke2_version%%-%RELEASE%"
-LABEL org.openbuildservice.disturl="%DISTURL%"
-LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
-LABEL com.suse.eula="SUSE Combined EULA February 2024"
-LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
-LABEL com.suse.image-type="application"
-LABEL com.suse.release-stage="released"
-# endlabelprefix
-
-COPY --from=base /installroot /
-RUN mv /usr/bin/rke2-control-plane-manager /manager
-# Use uid of nonroot user (65532) because kubernetes expects numeric user when applying pod security policies
-USER 65532
-ENTRYPOINT [ "/manager" ]

cluster-api-provider-rke2-controlplane-image/_service

@@ -1,19 +0,0 @@
-<services>
-  <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-rke2_version%%</param>
-    <param name="package">cluster-api-provider-rke2-control-plane</param>
-    <param name="parse-version">patch</param>
-  </service>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
-    <param name="var">SUPPORT_LEVEL</param>
-  </service>
-</services>

cluster-api-provider-rke2/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/rancher-sandbox/cluster-api-provider-rke2</param>
-    <param name="scm">git</param>
-    <param name="revision">v0.8.0</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-   <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api-provider-rke2/cluster-api-provider-rke2.spec

@@ -1,61 +0,0 @@
-#
-# spec file for package cluster-api-provider-rke2
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api-provider-rke2
-Version:        0.8.0
-Release:        0
-Summary:        Cluster API provider for RKE2
-License:        Apache-2.0
-URL:            https://github.com/rancher-sandbox/cluster-api-provider-rke2
-Source:         cluster-api-provider-rke2-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API provider for RKE2
-
-%package bootstrap
-Summary: Cluster API bootstrap controller for RKE2
-%description bootstrap
-Cluster API bootstrap controller for RKE2
-
-%package control-plane
-Summary: Cluster API control-plane controller for RKE2
-%description control-plane
-Cluster API control-plane controller for RKE2
-
-%prep
-%autosetup -a1 -n cluster-api-provider-rke2-%{version}
-
-%build
-make managers
-
-%install
-install -D -m0755 bin/rke2-bootstrap-manager %{buildroot}%{_bindir}/rke2-bootstrap-manager
-install -D -m0755 bin/rke2-control-plane-manager %{buildroot}%{_bindir}/rke2-control-plane-manager
-
-%files bootstrap
-%{_bindir}/rke2-bootstrap-manager
-
-%files control-plane
-%{_bindir}/rke2-control-plane-manager
-
-%changelog

cluster-api/_service

@@ -1,23 +0,0 @@
-<services>
- <service name="obs_scm">
-    <param name="url">https://github.com/kubernetes-sigs/cluster-api</param>
-    <param name="scm">git</param>
-    <param name="revision">v1.8.4</param>
-    <param name="version">_auto_</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="changesgenerate">enable</param>
-    <param name="changesauthor">steven.hardy@suse.com</param>
-    <param name="match-tag">v*</param>
-    <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
-    <param name="without-version">yes</param>
-    <param name="versionrewrite-replacement">\1</param>
-  </service>
-  <service mode="buildtime" name="tar" />
-  <service mode="buildtime" name="recompress">
-    <param name="file">*.tar</param>
-    <param name="compression">gz</param>
-  </service>
-  <service name="go_modules">
-  </service>
-  <service mode="buildtime" name="set_version" />
-</services>

cluster-api/cluster-api.spec

@@ -1,51 +0,0 @@
-#
-# spec file for package cluster-api
-#
-# Copyright (c) 2023 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-
-Name:           cluster-api
-Version:        1.8.4
-Release:        0
-Summary:        Cluster API Core Controller
-License:        Apache-2.0
-URL:            https://github.com/kubernetes-sigs/cluster-api
-Source:         cluster-api-%{version}.tar.gz
-Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
-ExcludeArch:    s390
-ExcludeArch:    %{ix86}
-
-%description
-
-Cluster API core controller
-
-%prep
-%autosetup -a1 -n cluster-api-%{version}
-
-%build
-go build \
-   -mod=vendor \
-   -buildmode=pie \
-
-%install
-install -D -m0755 cluster-api %{buildroot}%{_bindir}/cluster-api-controller
-
-%files
-%license LICENSE
-%doc README.md
-%{_bindir}/cluster-api-controller
-
-%changelog

endpoint-copier-operator-chart/Chart.yaml

@@ -1,8 +1,8 @@
-#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1
-#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:0.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1
+#!BuildTag: %%IMG_PREFIX%%endpoint-copier-operator-chart:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
 apiVersion: v2
 appVersion: v0.2.0
 description: A Helm chart for Kubernetes
 name: endpoint-copier-operator
 type: application
-version: 0.2.1
+version: "%%CHART_MAJOR%%.0.0+up0.2.1"

endpoint-copier-operator-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

ip-address-manager/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/ip-address-manager</param>
     <param name="scm">git</param>
-    <param name="revision">v1.8.1</param>
+    <param name="revision">v1.7.2</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

ip-address-manager/ip-address-manager.spec

@@ -17,7 +17,7 @@
 
 
 Name:           ip-address-manager
-Version:        1.8.1
+Version:        1.7.2
 Release:        0
 Summary:        Metal3 IPAM controller
 License:        Apache-2.0

kiwi-builder-image/Dockerfile

@@ -0,0 +1,38 @@
+#!BuildTag: kiwi-builder:10.1
+FROM registry.suse.com/bci/kiwi:10.1.10
+MAINTAINER SUSE LLC (https://www.suse.com/)
+
+# Define labels according to https://en.opensuse.org/Building_derived_containers
+# labelprefix=com.suse.application.akri
+LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
+LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
+LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
+LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
+LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
+LABEL org.opencontainers.image.created="%BUILDTIME%"
+LABEL org.opencontainers.image.vendor="SUSE LLC"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1"
+LABEL org.openbuildservice.disturl="%DISTURL%"
+LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
+LABEL com.suse.eula="SUSE Combined EULA February 2024"
+LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
+LABEL com.suse.image-type="application"
+LABEL com.suse.release-stage="released"
+# endlabelprefix
+
+# Install required packages for Kiwi to function as expected
+# Should be provided via https://github.com/SUSE/BCI-dockerfile-generator/pull/1770
+# RUN zypper in -y gawk && zypper clean -a
+
+# Configure Kiwi to use kpartx
+RUN echo -e "mapper:\n  - part_mapper: kpartx" > /etc/kiwi.yml
+
+# Copy build script into image and make it executable
+ADD build-image.sh /usr/bin/build-image
+RUN chmod a+x /usr/bin/build-image
+
+# Make a directory for the standard SL Micro Kiwi definition and config file and copy them in
+RUN mkdir -p /micro-sdk/defs
+ADD SL-Micro.kiwi /micro-sdk/defs
+ADD SL-Micro.kiwi.4096 /micro-sdk/defs
+ADD config.sh /micro-sdk/defs

kiwi-builder-image/README

@@ -0,0 +1,51 @@
+###########################
+Kiwi SDK Image Instructions
+###########################
+
+Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
+
+# setenforce 0
+
+Next, download the podman image:
+
+# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10
+
+Make a local output directory (where the images will reside):
+
+# mkdir output
+
+Then, to build a standard "Default" image, run the following in podman:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
+
+To build a SelfInstall ISO, you can add additional flags, for example:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall
+
+To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Base-RT
+
+To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
+
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image -p Default-SelfInstall -b
+
+# mkdir mydefs/
+# cp /path/to/SL-Micro.kiwi mydefs/
+# cp /path/to/config.sh mydefs/
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10 build-image
+
+All output will be in the local $(pwd)/output directory, for example:
+
+# ls -1 output/
+SLE-Micro.x86_64-6.0.changes
+SLE-Micro.x86_64-6.0.packages
+SLE-Micro.x86_64-6.0.raw
+SLE-Micro.x86_64-6.0.verified
+build
+kiwi.result
+kiwi.result.json
+
+Note, if you want to rebuild the image, you'll need to empty the output directory, or Kiwi will error due to existing output files:
+
+# rm -rf output/*

kiwi-builder-image/SL-Micro.kiwi

@@ -0,0 +1,777 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
+<!-- OBS-Milestone: %current_milestone -->
+<!-- OBS-BcntSyncTag: SL-Micro -->
+<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
+    <description type="system">
+        <author>SUSE</author>
+        <contact>crc@suse.com</contact>
+        <specification>SL Micro</specification>
+    </description>
+    <profiles>
+        <!-- Profiles used as dependencies of actual image profiles -->
+        <!-- Flavors -->
+        <profile name="full" description="SL Micro as KVM and Container host"/>
+        <profile name="container-host" description="SL Micro as Container host"/>
+        <profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
+        <!-- Platforms - support profiles -->
+        <profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
+        <profile name="self_install" description="Self Installing ISO media"/>
+        <!-- Platforms -->
+        <profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+	<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
+	  <requires profile="bootloader"/>
+	</profile>
+        <profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <!-- Images (flavor + platform) -->
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+	    <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-encrypted"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-legacy"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+	<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="full"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+	<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="container-host"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+    </profiles>
+
+    <preferences profiles="x86-encrypted,x86-rt-encrypted">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            luks_version="luks2"
+            luks="1234"
+	    luks_randomize="false"
+	    luks_pbkdf="pbkdf2"
+        >
+            <luksformat>
+                <option name="--cipher" value="aes"/>
+            </luksformat>
+            <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">4</size>
+        </type>
+    </preferences>
+    <preferences profiles="x86,x86-rt">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+    	    <bootloader name="grub2" console="gfxterm" timeout="3"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="x86-self_install,x86-rt-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="rpi">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            efipartsize="128"     
+            editbootinstall="editbootinstall_rpi.sh"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="aarch64-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            efipartsize="128"     
+	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="s390-kvm">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+
+        <type
+            image="oem"
+            filesystem="btrfs"
+            bootpartition="true"
+            bootpartsize="300"
+            bootfilesystem="ext2"
+        initrd_system="dracut"
+        format="qcow2"
+            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+        devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+    >
+            <bootloader name="grub2_s390x_emu" timeout="3" />
+              <systemdisk>
+                  <volume name="home"/>
+                  <volume name="root"/>
+                  <volume name="opt"/>
+                  <volume name="srv"/>
+          <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                  <volume name="boot/writable"/>
+                  <volume name="usr/local"/>
+                  <volume name="var" copy_on_write="false"/>
+               </systemdisk>
+           <size unit="G">32</size>
+      </type>
+    </preferences>
+
+
+    <preferences profiles="s390-dasd">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          target_blocksize="4096"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+      >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+      </type>
+    </preferences>
+
+
+
+    <preferences profiles="s390-fba">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
+
+
+    <preferences profiles="x86-vmware">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            filesystem="btrfs"
+            format="vmdk"
+            firmware="uefi"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">24</size>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
+        </type>
+    </preferences>
+    <preferences profiles="x86-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">32</size>
+        </type>
+    </preferences>
+ 
+    <preferences profiles="aarch64-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+	<locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            efipartsize="128"     
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+ 		<volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">20</size>
+        </type>
+    </preferences>
+
+   <repository type="rpm-md" >
+        <source path='obsrepositories:/'/>
+    </repository>
+
+    <packages type="image" profiles="full">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="salt_minion"/>
+	<package name="patterns-base-salt_minion"/>
+        <namedCollection name="kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
+	<package name="lzop"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/> 
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+        <package name="wpa_supplicant" arch="x86_64,aarch64"/>
+	<package name="libpwquality-tools"/>
+        <!-- <package name="k3s-install"/> -->
+    </packages>
+
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
+        <!-- full disk encryption stuff -->
+        <package name="device-mapper"/>
+        <package name="cryptsetup"/>
+        <package name="system-user-tss"/>
+        <package name="libtss2-fapi1"/>
+        <package name="libtss2-tcti-device0"/>
+        <package name="tpm2.0-tools"/>
+        <package name="tpm2-0-tss"/>
+        <package name="fde-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="container-host">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/> 
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="libpwquality-tools"/>
+    </packages>
+
+    <packages type="image" profiles="ecs_anywhere">
+        <package name="amazon-ssm-agent"/>
+        <package name="amazon-ecs-init"/>
+        <package name="aws-cli"/>
+        <package name="docker"/>
+    </packages>
+
+    <!-- Ignition / Combustion everywhere, cloud-init only in selected images
+    <packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
+    <packages type="image">
+        <package name="ignition"/>
+        <package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
+	<package name="jeos-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
+        <package name="cloud-init"/>
+        <package name="cloud-init-config-suse"/>
+    </packages>
+
+    <packages type="image">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="hardware"/>
+        <package name="patterns-base-hardware"/>
+        <package name="grub2"/>
+        <package name="glibc-locale-base"/>
+        <package name="ca-certificates"/>
+	<package name="SL-Micro-release"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="NetworkManager-tui"/>
+        <package name="growpart-generator"/>
+        <package name="suse-build-key"/>
+        <!-- for debugging -->
+        <package name="less"/>
+        <package name="vim-small"/>
+
+        <namedCollection name="micro_defaults"/>
+        <package name="patterns-micro-defaults"/>
+        <package name="NetworkManager"/>
+        <package name="NetworkManager-branding-SLE"/>
+	<package name="ModemManager"/>
+	<!-- FIXME does not build without control file which is obsolete 
+	<package name="live-add-yast-repos"/> -->
+	<package name="parted"/> <!-- seems missing to deploy the image -->
+    </packages>
+
+    <packages type="image" profiles="bootloader">
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-s390x-emu" arch="s390x"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-snapper-plugin"/>
+        <package name="shim" arch="x86_64,aarch64"/>
+	<package name="mokutil" arch="x86_64,aarch64"/>
+	<!-- obsoleted by kiwi-settings
+	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
+    </packages>
+    <!-- rpi kernel-default-base does not provide all necessary drivers -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+        <package name="kernel-default"/>
+        <package name="kernel-firmware-all"/>
+    </packages>
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+        <package name="kernel-rt"/>
+	<package name="kernel-firmware-all"/>
+	<!-- FIXME intentionally removed from ALP code stream 
+	<package name="cpuset"/> -->
+    </packages>
+    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="kernel-default-extra"/>
+    </packages> -->
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="blog"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages>
+    <packages type="image" profiles="rpi,aarch64-self_install">
+        <package name="raspberrypi-firmware" arch="aarch64"/>
+        <package name="raspberrypi-firmware-config" arch="aarch64"/>
+        <package name="raspberrypi-firmware-dt" arch="aarch64"/>
+        <package name="u-boot-rpiarm64" arch="aarch64"/>
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="bcm43xx-firmware"/>
+        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
+        <package name="wireless-regdb"/>
+        <package name="wireless-tools"/>
+        <package name="wpa_supplicant"/>
+        <package name="grub2-arm64-efi"/>
+        <!-- kernel-default-base does not have all required drivers -->
+        <package name="kernel-default"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="coreutils"/>
+        <package name="filesystem"/>
+        <package name="ca-certificates"/>
+        <package name="ca-certificates-mozilla"/>
+    </packages>
+
+    <!-- bsc#1221936 -->
+    <packages type="image" profiles="x86-vmware">
+        <package name="open-vm-tools"/>
+    </packages>
+
+    <!-- bsc#1221727-->
+    <packages type="image" profiles="x86-qcow,aarch64-qcow">
+        <package name="qemu-guest-agent"/>
+    </packages>
+</image>

kiwi-builder-image/SL-Micro.kiwi.4096

@@ -0,0 +1,784 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- OBS-Profiles: @BUILD_FLAVOR@ -->
+<!-- OBS-Milestone: %current_milestone -->
+<!-- OBS-BcntSyncTag: SL-Micro -->
+<image schemaversion="7.5" name="SL-Micro" displayname="SL Micro">
+    <description type="system">
+        <author>SUSE</author>
+        <contact>crc@suse.com</contact>
+        <specification>SL Micro</specification>
+    </description>
+    <profiles>
+        <!-- Profiles used as dependencies of actual image profiles -->
+        <!-- Flavors -->
+        <profile name="full" description="SL Micro as KVM and Container host"/>
+        <profile name="container-host" description="SL Micro as Container host"/>
+        <profile name="ecs_anywhere" description="Amazon ECS Anywhere support"/>
+        <!-- Platforms - support profiles -->
+        <profile name="bootloader" description="Bootloader files for x86_64 and aarch64"/>
+        <profile name="self_install" description="Self Installing ISO media"/>
+        <!-- Platforms -->
+        <profile name="x86" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-vmware" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-encrypted" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-self_install" description="Raw disk for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-encrypted" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-rt-self_install" description="Raw disk for x86_64 with RT kernel - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="rpi" description="Raw disk for Raspberry Pi" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="x86-qcow" description="qcow2 for x86_64 - uEFI" arch="x86_64">
+            <requires profile="bootloader"/>
+        </profile>
+	<profile name="aarch64-qcow" description="qcow2 for aarch64 - uEFI" arch="aarch64">
+	  <requires profile="bootloader"/>
+	</profile>
+        <profile name="s390-kvm" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-dasd" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <!-- Images (flavor + platform) -->
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="Default-VMware" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Base-VMware" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+	    <requires profile="x86-vmware"/>
+        </profile>
+        <profile name="Default-encrypted" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-encrypted"/>
+        </profile>
+        <profile name="Base-RT-encrypted" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-encrypted"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-SelfInstall" description="SL Micro with Podman and KVM as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Base-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="ECS-Anywhere" description="SL Micro with Podman and ECS Anywhere packagesas raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86"/>
+        </profile>
+        <profile name="ECS-Anywhere-SelfInstall" description="SL Micro with Podman and ECS Anywhere packages as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="ecs_anywhere"/>
+            <requires profile="x86-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="aarch64">
+            <requires profile="full"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="rpi"/>
+        </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-kvm"/>
+        </profile>
+        <profile name="Default-dasd" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Base-dasd" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-dasd"/>
+        </profile>
+        <profile name="Default-fba" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Base-fba" description="SL Micro with Podman as raw image for KVM on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fba"/>
+        </profile>
+        <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-legacy"/>
+        </profile>
+        <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
+            <requires profile="full"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+        <profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="x86_64">
+            <requires profile="container-host"/>
+            <requires profile="x86-qcow"/>
+        </profile>
+	<profile name="Default-qcow" description="SL Micro with Podman and KMV as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="full"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+	<profile name="Base-qcow" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+	    <requires profile="container-host"/>
+	    <requires profile="aarch64-qcow"/>
+        </profile>
+    </profiles>
+
+    <preferences profiles="x86-encrypted,x86-rt-encrypted">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            luks_version="luks2"
+            luks="1234"
+	    luks_randomize="false"
+	    luks_pbkdf="pbkdf2"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+            <luksformat>
+                <option name="--cipher" value="aes"/>
+            </luksformat>
+            <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">4</size>
+        </type>
+    </preferences>
+    <preferences profiles="x86,x86-rt">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+    	    <bootloader name="grub2" console="gfxterm" timeout="3"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="x86-self_install,x86-rt-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="rpi">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            fsmountoptions="noatime"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            efipartsize="128"
+            editbootinstall="editbootinstall_rpi.sh"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="false"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="aarch64-self_install">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            initrd_system="dracut"
+            installiso="true"
+            filesystem="btrfs"
+            installboot="install"
+            install_continue_on_timeout="false"
+            firmware="uefi"
+            efipartsize="128"
+	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            disk_start_sector="4096"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="s390-kvm">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+
+        <type
+            image="oem"
+            filesystem="btrfs"
+            bootpartition="true"
+            bootpartsize="300"
+            bootfilesystem="ext2"
+        initrd_system="dracut"
+        format="qcow2"
+            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+        devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+    >
+            <bootloader name="grub2_s390x_emu" timeout="3" />
+              <systemdisk>
+                  <volume name="home"/>
+                  <volume name="root"/>
+                  <volume name="opt"/>
+                  <volume name="srv"/>
+          <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                  <volume name="boot/writable"/>
+                  <volume name="usr/local"/>
+                  <volume name="var" copy_on_write="false"/>
+               </systemdisk>
+           <size unit="G">32</size>
+      </type>
+    </preferences>
+
+
+    <preferences profiles="s390-dasd">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          target_blocksize="4096"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+      >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="CDL" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+      </type>
+    </preferences>
+
+
+
+    <preferences profiles="s390-fba">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext2"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="FBA"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
+
+
+    <preferences profiles="x86-vmware">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            filesystem="btrfs"
+            format="vmdk"
+            firmware="uefi"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <bootloader name="grub2" console="gfxterm" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">24</size>
+            <machine memory="1024" HWversion="10" guestOS="suse-64"/>
+        </type>
+    </preferences>
+    <preferences profiles="x86-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+            target_blocksize="4096"
+            efipartsize="200"
+        >
+            <bootloader name="grub2" console="gfxterm" timeout="3" />
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/i386-pc"/>
+                <volume name="boot/grub2/x86_64-efi" mountpoint="boot/grub2/x86_64-efi"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">32</size>
+        </type>
+    </preferences>
+
+    <preferences profiles="aarch64-qcow">
+        <version>6.0</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+	<locale>en_US</locale>
+        <type
+            image="oem"
+            format="qcow2"
+            filesystem="btrfs"
+            firmware="uefi"
+            efipartsize="128"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+ 		<volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">20</size>
+        </type>
+    </preferences>
+
+   <repository type="rpm-md" >
+        <source path='obsrepositories:/'/>
+    </repository>
+
+    <packages type="image" profiles="full">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="salt_minion"/>
+	<package name="patterns-base-salt_minion"/>
+        <namedCollection name="kvm_host"/>
+	<package name="patterns-base-kvm_host"/>
+	<package name="lzop"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/>
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+        <package name="wpa_supplicant" arch="x86_64,aarch64"/>
+	<package name="libpwquality-tools"/>
+    </packages>
+
+    <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
+        <!-- full disk encryption stuff -->
+        <package name="device-mapper"/>
+        <package name="cryptsetup"/>
+        <package name="system-user-tss"/>
+        <package name="libtss2-fapi1"/>
+        <package name="libtss2-tcti-device0"/>
+        <package name="tpm2.0-tools"/>
+        <package name="tpm2-0-tss"/>
+        <package name="fde-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="container-host">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="container_runtime_podman"/>
+        <package name="patterns-container-runtime_podman"/>
+        <namedCollection name="cockpit"/>
+        <package name="patterns-base-cockpit"/>
+        <namedCollection name="selinux"/>
+        <package name="patterns-base-selinux"/>
+        <package name="suseconnect-ng"/>
+        <package name="SL-Micro-release"/>
+        <package name="grub2-branding-SLE" arch="x86_64,aarch64"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="libpwquality-tools"/>
+    </packages>
+
+    <packages type="image" profiles="ecs_anywhere">
+        <package name="amazon-ssm-agent"/>
+        <package name="amazon-ecs-init"/>
+        <package name="aws-cli"/>
+        <package name="docker"/>
+    </packages>
+
+    <!-- Ignition / Combustion everywhere, cloud-init only in selected images
+    <packages type="image" profiles="aarch64-self_install,rpi,s390-dasd,s390-fba,s390-kvm,x86,x86-encrypted,x86-legacy,x86-rt,x86-rt-encrypted,x86-rt-self_install,x86-self_install"> -->
+    <packages type="image">
+        <package name="ignition"/>
+        <package name="combustion &gt;= 1.2"/> <!-- New firstboot mechanism -->
+	<package name="jeos-firstboot"/>
+    </packages>
+
+    <packages type="image" profiles="x86-qcow,x86-vmware,aarch64-qcow">
+        <package name="cloud-init"/>
+        <package name="cloud-init-config-suse"/>
+    </packages>
+
+    <packages type="image">
+        <namedCollection name="base_transactional"/>
+        <package name="patterns-base-transactional"/>
+        <namedCollection name="hardware"/>
+        <package name="patterns-base-hardware"/>
+        <package name="grub2"/>
+        <package name="glibc-locale-base"/>
+        <package name="ca-certificates"/>
+	<package name="SL-Micro-release"/>
+        <package name="systemd-default-settings-branding-SLE-Micro"/>
+        <package name="firewalld"/>
+	<package name="NetworkManager-tui"/>
+        <package name="growpart-generator"/>
+        <package name="suse-build-key"/>
+        <!-- for debugging -->
+        <package name="less"/>
+        <package name="vim-small"/>
+
+        <namedCollection name="micro_defaults"/>
+        <package name="patterns-micro-defaults"/>
+        <package name="NetworkManager"/>
+        <package name="NetworkManager-branding-SLE"/>
+	<package name="ModemManager"/>
+	<!-- FIXME does not build without control file which is obsolete
+	<package name="live-add-yast-repos"/> -->
+	<package name="parted"/> <!-- seems missing to deploy the image -->
+    </packages>
+
+    <packages type="image" profiles="bootloader">
+        <package name="grub2-i386-pc" arch="x86_64"/>
+        <package name="grub2-x86_64-efi" arch="x86_64"/>
+        <package name="grub2-arm64-efi" arch="aarch64"/>
+        <package name="grub2-s390x-emu" arch="s390x"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-snapper-plugin"/>
+        <package name="shim" arch="x86_64,aarch64"/>
+	<package name="mokutil" arch="x86_64,aarch64"/>
+	<!-- obsoleted by kiwi-settings
+	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
+    </packages>
+    <!-- rpi kernel-default-base does not provide all necessary drivers -->
+    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+        <package name="kernel-default"/>
+        <package name="kernel-firmware-all"/>
+    </packages>
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+        <package name="kernel-rt"/>
+	<package name="kernel-firmware-all"/>
+	<!-- FIXME intentionally removed from ALP code stream
+	<package name="cpuset"/> -->
+    </packages>
+    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="kernel-default-extra"/>
+    </packages> -->
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="blog"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="dracut-kiwi-oem-dump"/>
+    </packages>
+    <packages type="image" profiles="rpi,aarch64-self_install">
+        <package name="raspberrypi-firmware" arch="aarch64"/>
+        <package name="raspberrypi-firmware-config" arch="aarch64"/>
+        <package name="raspberrypi-firmware-dt" arch="aarch64"/>
+        <package name="u-boot-rpiarm64" arch="aarch64"/>
+        <package name="dracut-kiwi-oem-repart"/>
+        <package name="bcm43xx-firmware"/>
+        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
+        <package name="wireless-regdb"/>
+        <package name="wireless-tools"/>
+        <package name="wpa_supplicant"/>
+        <package name="grub2-arm64-efi"/>
+        <!-- kernel-default-base does not have all required drivers -->
+        <package name="kernel-default"/>
+    </packages>
+    <packages type="bootstrap">
+        <package name="coreutils"/>
+        <package name="filesystem"/>
+        <package name="ca-certificates"/>
+        <package name="ca-certificates-mozilla"/>
+    </packages>
+
+    <!-- bsc#1221936 -->
+    <packages type="image" profiles="x86-vmware">
+        <package name="open-vm-tools"/>
+    </packages>
+
+    <!-- bsc#1221727-->
+    <packages type="image" profiles="x86-qcow,aarch64-qcow">
+        <package name="qemu-guest-agent"/>
+    </packages>
+</image>

kiwi-builder-image/_service

@@ -1,11 +1,11 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
-  <service mode="buildtime" name="docker_label_helper"/>
-  <service name="replace_using_package_version" mode="buildtime">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%cluster-api-provider-rke2_version%%</param>
-    <param name="package">cluster-api-provider-rke2-bootstrap</param>
-    <param name="parse-version">patch</param>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">README</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
   </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>

kiwi-builder-image/build-image.sh

@@ -0,0 +1,91 @@
+#!/usr/bin/env bash
+# Copyright (c) 2024 SUSE LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#
+
+# Set image build defaults, blocksize is an empty string
+PROFILE="Default"
+LARGEBLOCK=false
+
+# Print usage
+usage(){
+	cat <<-EOF
+	==============================
+	SLE Micro 6.0 Kiwi SDK Builder
+	==============================
+
+	Usage: ${0} [-p <profile>] [-b]
+
+	Profile Options (-p):
+	* Default: RAW Disk Image with kernel-default
+	* Default-SelfInstall: SelfInstall ISO with kernel-default
+	* Base-RT: RAW Disk Image with kernel-rt
+	* Base-RT-SelfInstall: SelfInstall ISO with kernel-rt
+
+	4096 Blocksize (-b): If specified, use a 4096 blocksize (rather than 512) when generating the image.
+
+	NOTE: If both options are omitted, the "Default" profile with a standard "512" blocksize is used.
+	EOF
+}
+
+# Grab CLI options and handle
+while getopts 'p:bh' OPTION; do
+	case "${OPTION}" in
+		p)
+			PROFILE="${OPTARG}"
+			;;
+		b)
+			LARGEBLOCK=true
+			;;
+		?)
+			usage && exit 2
+			;;
+	esac
+done
+
+# To avoid wasting time, perform the loop creation test first, and exit with a warning to re-run.
+# This only happens when the container hasn't been ran on the host before, and is avoided by mounting /dev/ into the image.
+qemu-img create /tmp/output/test.img 1M
+if LOOP=$(losetup -f --show /tmp/output/test.img); then
+  rm -f /tmp/output/test.img
+  losetup -d $LOOP
+else
+  echo -e "\nERROR: Early loop device test failed, please retry the container run."
+  exit 1
+fi
+
+# Grab local SLE Micro repos and create a list to use as part of the image build
+REPOS=`for i in $(cat /micro-sdk/repos/*.repo | awk '/baseurl/ {split($0,string,"="); print string[2]}'); do echo -n "--add-repo $i "; done`
+
+if $LARGEBLOCK; then
+  mv /micro-sdk/defs/SL-Micro.kiwi.4096 /micro-sdk/defs/SL-Micro.kiwi
+fi
+
+# Build the image
+kiwi-ng --debug --profile $PROFILE system build \
+    --description /micro-sdk/defs --target-dir /tmp/output --ignore-repos-used-for-build $REPOS
+
+# Print output
+RESULT=$?
+if [ $RESULT -eq 0 ]; then
+  echo -e "\n\nINFO: Image build successful, generated images are available in the 'output' directory."
+else
+  echo -e "\n\nERROR: Failed to build the image, please see above logs."
+fi

kiwi-builder-image/config.sh

@@ -0,0 +1,317 @@
+#!/bin/bash
+# Copyright (c) 2023 SUSE LLC
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+# 
+#======================================
+# Functions...
+#--------------------------------------
+
+test -f /.kconfig && . /.kconfig
+test -f /.profile && . /.profile
+
+set -euxo pipefail
+
+mkdir /var/lib/misc/reconfig_system
+
+#======================================
+# Greeting...
+#--------------------------------------
+echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
+
+#======================================
+# This is a workaround - someone,
+# somewhere needs to load the xts crypto
+# module, otherwise luksOpen will fail while
+# creating the image.
+#--------------------------------------
+modprobe xts || true
+
+#======================================
+# add missing fonts
+#--------------------------------------
+CONSOLE_FONT="eurlatgr.psfu"
+
+#======================================
+# prepare for setting root pw, timezone
+#--------------------------------------
+echo ** "reset machine settings"
+sed -i 's/^root:[^:]*:/root:*:/' /etc/shadow
+rm /etc/machine-id
+rm /var/lib/zypp/AnonymousUniqueId
+
+#======================================
+# Setup baseproduct link
+#--------------------------------------
+suseSetupProduct
+
+#======================================
+# Specify default runlevel
+#--------------------------------------
+baseSetRunlevel 3
+
+#======================================
+# Add missing gpg keys to rpm
+#--------------------------------------
+suseImportBuildKey
+
+#======================================
+# If SELinux is installed, configure it like transactional-update setup-selinux
+#--------------------------------------
+if [[ -e /etc/selinux/config ]]; then
+	# Check if we don't have selinux already enabled.
+	grep ^GRUB_CMDLINE_LINUX_DEFAULT /etc/default/grub | grep -q security=selinux || \
+	    sed -i -e 's|\(^GRUB_CMDLINE_LINUX_DEFAULT=.*\)"|\1 security=selinux selinux=1"|g' "/etc/default/grub"
+
+	# Adjust selinux config
+	sed -i -e 's|^SELINUX=.*|SELINUX=enforcing|g' \
+	    -e 's|^SELINUXTYPE=.*|SELINUXTYPE=targeted|g' \
+	    "/etc/selinux/config"
+
+	# Move an /.autorelabel file from initial installation to writeable location
+	test -f /.autorelabel && mv /.autorelabel /etc/selinux/.autorelabel
+fi
+
+##======================================
+## Enable DHCP on eth0
+##--------------------------------------
+#cat >/etc/sysconfig/network/ifcfg-eth0 <<EOF
+#BOOTPROTO='dhcp'
+#MTU=''
+#REMOTE_IPADDR=''
+#STARTMODE='auto'
+#ETHTOOL_OPTIONS=''
+#USERCONTROL='no'
+#EOF
+
+systemctl enable NetworkManager
+systemctl enable ModemManager
+
+#======================================
+# Enable cloud-init
+#--------------------------------------
+suseInsertService cloud-init-local
+suseInsertService cloud-init
+suseInsertService cloud-config
+suseInsertService cloud-final
+
+# Enable chrony
+suseInsertService chronyd
+
+#======================================
+# Sysconfig Update
+#--------------------------------------
+echo '** Update sysconfig entries...'
+
+echo FONT="$CONSOLE_FONT" >> /etc/vconsole.conf
+
+# fix security level (boo#1171174)
+sed -e '/^PERMISSION_SECURITY=s/easy/paranoid/' /etc/sysconfig/security
+chkstat --set --system
+
+#======================================
+# SSL Certificates Configuration
+#--------------------------------------
+echo '** Rehashing SSL Certificates...'
+update-ca-certificates
+
+#======================================
+# Import trusted rpm keys
+#--------------------------------------
+for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
+    # importing can fail if it already exists
+    rpm --import $i || true
+done
+
+# Temporary workaround for bsc#1212187
+echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
+
+#======================================
+# Enable kubelet if installed
+#--------------------------------------
+if [ -e /usr/lib/systemd/system/kubelet.service ]; then
+	suseInsertService kubelet
+fi
+
+# Adjust zypp conf
+# https://github.com/openSUSE/libzypp/issues/212
+# in yast that's done in packager/cfa/zypp_conf.rb
+sed -i 's/.*solver.onlyRequires.*/solver.onlyRequires = true/g' /etc/zypp/zypp.conf
+sed -i 's/.*rpm.install.excludedocs.*/rpm.install.excludedocs = yes/g' /etc/zypp/zypp.conf
+sed -i 's/^multiversion =.*/multiversion =/g' /etc/zypp/zypp.conf
+
+#=====================================
+# Configure snapper
+#-------------------------------------
+if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
+        echo "creating initial snapper config ..."
+        cp /usr/share/snapper/config-templates/default /etc/snapper/configs/root
+        baseUpdateSysConfig /etc/sysconfig/snapper SNAPPER_CONFIGS root
+
+	# Adjust parameters
+	sed -i'' 's/^TIMELINE_CREATE=.*$/TIMELINE_CREATE="no"/g' /etc/snapper/configs/root
+	sed -i'' 's/^NUMBER_LIMIT=.*$/NUMBER_LIMIT="2-10"/g' /etc/snapper/configs/root
+	sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
+fi
+
+# Enable jeos-firstboot if installed, disabled by combustion/ignition
+if rpm -q --whatprovides jeos-firstboot >/dev/null; then
+        mkdir -p /var/lib/YaST2
+        touch /var/lib/YaST2/reconfig_system
+        systemctl enable jeos-firstboot.service
+fi
+
+# Enable cloud-init if installed
+if rpm -q --whatprovides cloud-init >/dev/null; then
+	systemctl enable cloud-init
+	systemctl enable cloud-init-local
+fi
+
+# The %post script can't edit /etc/fstab sys due to https://github.com/OSInside/kiwi/issues/945
+# so use the kiwi custom hack
+cat >/etc/fstab.script <<"EOF"
+#!/bin/sh
+set -eux
+
+/usr/sbin/setup-fstab-for-overlayfs
+# If /var is on a different partition than /...
+if [ "$(findmnt -snT / -o SOURCE)" != "$(findmnt -snT /var -o SOURCE)" ]; then
+	# ... set options for autoexpanding /var
+	gawk -i inplace '$2 == "/var" { $4 = $4",x-growpart.grow,x-systemd.growfs" } { print $0 }' /etc/fstab
+fi
+EOF
+chmod a+x /etc/fstab.script
+
+# To make x-systemd.growfs work from inside the initrd
+cat >/etc/dracut.conf.d/50-microos-growfs.conf <<"EOF"
+install_items+=" /usr/lib/systemd/systemd-growfs "
+EOF
+
+#======================================
+# Add repos from control.xml
+#--------------------------------------
+if [ -x /usr/sbin/add-yast-repos ]; then
+	add-yast-repos
+	zypper --non-interactive rm -u live-add-yast-repos
+fi
+
+#======================================
+# Configure SelfInstall specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"SelfInstall"* ]]; then
+	cat > /etc/systemd/system/selfinstallbootloader.service <<-EOF
+	[Unit]
+	Description=
+	After=systemd-machine-id-commit.service
+	Before=jeos-firstboot.service
+	
+	[Service]
+	Type=oneshot
+	ExecStart=rm /etc/systemd/system/selfinstallbootloader.service
+	ExecStart=rm /etc/systemd/system/default.target.wants/selfinstallbootloader.service
+	ExecStart=/sbin/transactional-update bootloader
+	ExecStart=/sbin/transactional-update apply
+
+	[Install]
+	WantedBy=default.target
+	EOF
+	ln -s /etc/systemd/system/selfinstallbootloader.service /etc/systemd/system/default.target.wants/selfinstallbootloader.service
+fi
+
+#======================================
+# Boot TimeOut Configuration for iSCSI
+#--------------------------------------
+cat > /etc/systemd/system/iscsi-init-delay.service <<-EOF
+[Unit]
+# Workaround for boo#1198457 delay gen-initiatorname after local-fs
+Description=One time delay for the iscsid.service
+ConditionPathExists=!/etc/iscsi/initiatorname.iscsi
+ConditionPathExists=/sbin/iscsi-gen-initiatorname
+DefaultDependencies=no
+RequiresMountsFor=/etc/iscsi
+After=local-fs.target
+Before=iscsi-init.service
+
+[Install]
+WantedBy=default.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=no
+ExecStart=/sbin/iscsi-gen-initiatorname
+EOF
+ln -s /etc/systemd/system/iscsi-init-delay.service /etc/systemd/system/default.target.wants/iscsi-init-delay.service
+
+#======================================
+# Configure Pine64 specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"Pine64" ]]; then
+    echo 'add_drivers+=" fixed sunxi-mmc axp20x-regulator axp20x-rsb "' > /etc/dracut.conf.d/sunxi_modules.conf
+fi
+
+#======================================
+# Configure Raspberry Pi specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
+	# Add necessary kernel modules to initrd (will disappear with bsc#1084272)
+	echo 'add_drivers+=" bcm2835_dma dwc2 "' > /etc/dracut.conf.d/raspberrypi_modules.conf
+
+	# Add necessary kernel modules to initrd (will disappear with boo#1162669)
+	echo 'add_drivers+=" pcie-brcmstb "' >> /etc/dracut.conf.d/raspberrypi_modules.conf
+
+	# Work around network issues
+  	cat > /etc/modprobe.d/50-rpi3.conf <<-EOF
+		# Prevent too many page allocations (bsc#1012449)
+		options smsc95xx turbo_mode=N
+	EOF
+
+	cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
+		# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
+		vm.min_free_kbytes = 2048
+	EOF
+fi
+
+#======================================
+# Configure Vagrant specifics
+#--------------------------------------
+if [[ "$kiwi_profiles" == *"Vagrant"* ]]; then
+        # create vagrant user
+        useradd vagrant
+        # allow password-less sudo
+        echo "vagrant ALL=(ALL)NOPASSWD:ALL" > /etc/sudoers.d/vagrant
+        # add vagrant's insecure key
+        mkdir -p /home/vagrant/.ssh
+        chmod 0700 /home/vagrant/.ssh
+        cat > /home/vagrant/.ssh/authorized_keys << EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key
+EOF
+        chmod 0600 /home/vagrant/.ssh/authorized_keys
+        chown -R vagrant /home/vagrant
+fi
+
+#======================================
+# cloud-init specific settings
+#--------------------------------------
+# We do not want cloud-init to run in an environment when there is no data
+# source found. bsc#1222113
+if [[ "$kiwi_profiles" =~ ^(x86-qcow|x86-vmware|aarch64-qcow)$ ]]; then
+    echo "policy: search,found=all,maybe=disabled,notfound=disabled" > /etc/cloud/ds-identify.cfg
+fi
+
+exit 0

kubevirt-chart/Chart.yaml

@@ -0,0 +1,9 @@
+#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%sriov-crd-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+apiVersion: v2
+appVersion: 1.3.1
+description: A Helm chart for KubeVirt
+icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
+name: kubevirt
+type: application
+version: "%%CHART_MAJOR%%.0.0+up0.4.0"

kubevirt-chart/_service

@@ -0,0 +1,10 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Chart.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
+  </service>
+</services>

kubevirt-chart/app-readme.md

@@ -0,0 +1 @@
+KubeVirt is a virtual machine management add-on for Kubernetes. The aim is to provide a common ground for virtualization solutions on top of Kubernetes.

kubevirt-chart/templates/NOTES.txt

@@ -0,0 +1,2 @@
+Verify that all KubeVirt components are installed correctly:
+  kubectl get all -n {{ .Release.Namespace }}

kubevirt-chart/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubevirt.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubevirt.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubevirt.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubevirt.labels" -}}
+helm.sh/chart: {{ include "kubevirt.chart" . }}
+{{ include "kubevirt.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubevirt.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubevirt.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubevirt.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubevirt.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

kubevirt-chart/templates/_hooks.tpl

@@ -0,0 +1,47 @@
+{{/* Hook annotations */}}
+{{- define "kubevirt.hook.annotations" -}}
+  annotations:
+    "helm.sh/hook": {{ .hookType }}
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": {{ .hookWeight | quote }}
+{{- end -}}
+
+{{/* Namespace modifying hook annotations */}}
+{{- define "kubevirt.namespaceHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-install") . }}
+{{- end -}}
+
+{{/* CRD upgrading hook annotations */}}
+{{- define "kubevirt.crdUpgradeHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-upgrade") . }}
+{{- end -}}
+
+{{/* Custom resource uninstalling hook annotations */}}
+{{- define "kubevirt.crUninstallHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "pre-delete") . }}
+{{- end -}}
+
+{{/* CRD uninstalling hook annotations */}}
+{{- define "kubevirt.crdUninstallHook.annotations" -}}
+{{ template "kubevirt.hook.annotations" merge (dict "hookType" "post-delete") . }}
+{{- end -}}
+
+{{/* Namespace modifying hook name */}}
+{{- define "kubevirt.namespaceHook.name" -}}
+{{ include "kubevirt.fullname" . }}-namespace-modify
+{{- end }}
+
+{{/* CRD upgrading hook name */}}
+{{- define "kubevirt.crdUpgradeHook.name" -}}
+{{ include "kubevirt.fullname" . }}-crd-upgrade
+{{- end }}
+
+{{/* Custom resource uninstalling hook name */}}
+{{- define "kubevirt.crUninstallHook.name" -}}
+{{ include "kubevirt.fullname" . }}-uninstall
+{{- end }}
+
+{{/* CRD uninstalling hook name */}}
+{{- define "kubevirt.crdUninstallHook.name" -}}
+{{ include "kubevirt.fullname" . }}-crd-uninstall
+{{- end }}

kubevirt-chart/templates/crd-uninstall-hooks.yaml

@@ -0,0 +1,55 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    resourceNames:
+      - "kubevirts.kubevirt.io"
+    verbs: [ "delete" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.crdUninstallHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUninstallHook.name" . }}
+  {{ template "kubevirt.crdUninstallHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.crdUninstallHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.crdUninstallHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.crdUninstallHook.name" . }}
+          image: {{ .Values.hookImage }}
+          args:
+            - delete
+            - customresourcedefinitions
+            - kubevirts.kubevirt.io
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}

kubevirt-chart/templates/crd-upgrade-hooks.yaml

@@ -0,0 +1,80 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: kubevirt-crd-manifest
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 1) }}
+data:
+  crd: |-
+    {{ $.Files.Get "crds/kubevirt.yaml" | nindent 4 }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 2) }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "configmaps" ]
+    resourceNames:
+      - "kubevirt-crd-manifest"
+    verbs: [ "get" ]
+  - apiGroups: [ "apiextensions.k8s.io" ]
+    resources: [ "customresourcedefinitions" ]
+    resourceNames:
+      - "kubevirts.kubevirt.io"
+    verbs: [ "get", "patch" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 3) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+  {{ template "kubevirt.crdUpgradeHook.annotations" (dict "hookWeight" 4) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.crdUpgradeHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.crdUpgradeHook.name" . }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          image: {{ .Values.hookImage }}
+          args:
+            - apply
+            - -f
+            - /etc/manifests/crd.yaml
+          volumeMounts:
+            - name: crd-volume
+              mountPath: /etc/manifests
+      volumes:
+        - name: crd-volume
+          configMap:
+            name: kubevirt-crd-manifest
+            items:
+              - key: crd
+                path: crd.yaml

kubevirt-chart/templates/kubevirt-uninstall-hooks.yaml

@@ -0,0 +1,71 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "kubevirt.io" ]
+    resources: [ "kubevirts" ]
+    resourceNames:
+      - "kubevirt"
+    verbs: [ "get", "list", "delete" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "deployments", "daemonsets" ]
+    verbs: [ "get", "list" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.crUninstallHook.name" . }}
+roleRef:
+  kind: Role
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.crUninstallHook.name" . }}
+  {{ template "kubevirt.crUninstallHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.crUninstallHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.crUninstallHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.crUninstallHook.name" . }}
+          image: {{ .Values.hookImage }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          args:
+            - delete
+            - kubevirt
+            - kubevirt
+        - name: {{ template "kubevirt.crUninstallHook.name" . }}-cleanup
+          image: {{ .Values.hookImage }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          args:
+            - wait
+            - --for=delete
+            - deployments/virt-api
+            - deployments/virt-controller
+            - daemonsets/virt-handler
+            - --timeout=60s

kubevirt-chart/templates/kubevirt.yaml

@@ -0,0 +1,32 @@
+apiVersion: kubevirt.io/v1
+kind: KubeVirt
+metadata:
+  name: kubevirt
+  namespace: {{ .Release.Namespace }}
+spec:
+  {{- with .Values.kubevirt.configuration }}
+  configuration:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- with .Values.kubevirt.customizeComponents }}
+  customizeComponents:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  imagePullPolicy: {{ .Values.kubevirt.imagePullPolicy }}
+  {{- with .Values.kubevirt.infra }}
+  infra:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.kubevirt.uninstallStrategy }}
+  uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
+  {{- end }}
+  {{- with .Values.kubevirt.workloadUpdateStrategy }}
+  workloadUpdateStrategy:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
+  {{- if .Values.kubevirt.monitorNamespace }}
+  monitorNamespace: {{ .Values.kubevirt.monitorNamespace }}
+  {{- end }}
+  {{- if .Values.kubevirt.monitorAccount }}
+  monitorAccount: {{ .Values.kubevirt.monitorAccount }}
+  {{- end }}

kubevirt-chart/templates/namespace-hooks.yaml

@@ -0,0 +1,60 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 1) }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "namespaces" ]
+    resourceNames:
+      - {{ .Release.Namespace | quote }}
+    verbs: [ "get", "patch" ]
+  - apiGroups: [ "management.cattle.io" ] # Rancher
+    resources: [ "projects" ]
+    verbs: [ "updatepsa" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 2) }}
+subjects:
+  - kind: ServiceAccount
+    namespace: {{ .Release.Namespace }}
+    name: {{ template "kubevirt.namespaceHook.name" . }}
+roleRef:
+  kind: ClusterRole
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "kubevirt.namespaceHook.name" . }}
+  {{ template "kubevirt.namespaceHook.annotations" (dict "hookWeight" 3) }}
+spec:
+  template:
+    metadata:
+      name: {{ template "kubevirt.namespaceHook.name" . }}
+    spec:
+      serviceAccountName: {{ template "kubevirt.namespaceHook.name" . }}
+      restartPolicy: {{ .Values.hookRestartPolicy }}
+      containers:
+        - name: {{ template "kubevirt.namespaceHook.name" . }}
+          securityContext:
+            {{- toYaml .Values.hookSecurityContext | nindent 12 }}
+          image: {{ .Values.hookImage }}
+          args:
+            - label
+            - namespace
+            - {{ .Release.Namespace }}
+            - kubevirt.io=
+            - pod-security.kubernetes.io/enforce=privileged

kubevirt-chart/values.yaml

@@ -0,0 +1,34 @@
+operator:
+  image: registry.suse.com/suse/sles/15.6/virt-operator
+  version: 1.3.1-150600.5.9.1
+  pullPolicy: IfNotPresent
+
+kubevirt:
+  # Holds kubevirt configurations. Same as the virt-configMap.
+  configuration: {}
+  customizeComponents: {}
+  # The ImagePullPolicy to use.
+  imagePullPolicy: IfNotPresent
+  # Selectors and tolerations that should apply to KubeVirt infrastructure components.
+  infra: {}
+  # Specifies if KubeVirt can be deleted if workloads are still present.
+  # This is mainly a precaution to avoid accidental data loss.
+  uninstallStrategy: ""
+  # WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
+  workloadUpdateStrategy: {}
+  # Optionally enable ServiceMonitor for prometheus, see
+  # https://kubevirt.io/user-guide/user_workloads/component_monitoring/
+  monitorAccount: ""
+  monitorNamespace: ""
+
+hookImage: rancher/kubectl:v1.30.2
+hookRestartPolicy: OnFailure
+hookSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  runAsNonRoot: true
+  runAsUser: 1000
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL

kubevirt-dashboard-extension-chart/Chart.yaml

@@ -0,0 +1,20 @@
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.0-%RELEASE%
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: KubeVirt
+  catalog.cattle.io/kube-version: '>= v1.26.0-0'
+  catalog.cattle.io/namespace: cattle-ui-plugin-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux, windows
+  catalog.cattle.io/rancher-version: '>= 2.10.0-0'
+  catalog.cattle.io/scope: management
+  catalog.cattle.io/ui-component: plugins
+  catalog.cattle.io/ui-extensions-version: '>= 3.0.0'
+apiVersion: v2
+appVersion: 1.2.0
+description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
+name: kubevirt-dashboard-extension
+type: application
+version: "%%CHART_MAJOR%%.0.0+up1.2.0"

kubevirt-dashboard-extension-chart/README.md

@@ -0,0 +1,6 @@
+# SUSE Edge: KubeVirt extension for Rancher Dashboard
+
+An Edge focused extension for Rancher Dashboard allowing to monitor and interact virtual machine based workloads.
+
+For more information on SUSE Edge see https://suse-edge.github.io/ \
+For more information on Kubevirt see https://kubevirt.io/

kubevirt-dashboard-extension-chart/_service

@@ -0,0 +1,17 @@
+<services>
+  <service mode="buildtime" name="kiwi_metainfo_helper"/>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">values.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
+    <param name="var">IMG_REPO</param>
+  </service>
+  <service name="replace_using_env" mode="buildtime">
+    <param name="file">Chart.yaml</param>
+    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
+  </service>
+</services>

kubevirt-dashboard-extension-chart/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "extension-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "extension-server.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "extension-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "extension-server.labels" -}}
+helm.sh/chart: {{ include "extension-server.chart" . }}
+{{ include "extension-server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "extension-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "extension-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Pkg annotations
+*/}}
+{{- define "extension-server.pluginMetadata" -}}
+{{- with .Values.plugin.metadata }}
+{{- range $key, $value := . }}
+{{ $key }}: {{ $value | quote }}
+{{- end }}
+{{- end }}
+{{- end }}

kubevirt-dashboard-extension-chart/templates/cr.yaml

@@ -0,0 +1,14 @@
+apiVersion: catalog.cattle.io/v1
+kind: UIPlugin
+metadata:
+  name: {{ include "extension-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "extension-server.labels" . | nindent 4 }}
+spec:
+  plugin:
+    name: {{ include "extension-server.fullname" . }}
+    version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.0
+    noCache: {{ .Values.plugin.noCache }}
+    noAuth: {{ .Values.plugin.noAuth }}
+    metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

kubevirt-dashboard-extension-chart/values.yaml

@@ -0,0 +1,12 @@
+nameOverride: ""
+fullnameOverride: ""
+plugin:
+  enabled: true
+  versionOverride: ""
+  noCache: false
+  noAuth: false
+  metadata:
+    catalog.cattle.io/display-name: KubeVirt
+    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
+    catalog.cattle.io/kube-version: ">= v1.26.0-0"

metal3-chart/Chart.yaml

@@ -1,17 +1,18 @@
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.9.0-%RELEASE%
 apiVersion: v2
-appVersion: 1.16.0
+appVersion: 0.9.0
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.5.0
+  version: 0.6.0
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.7.0
+  version: 0.8.0
 - alias: metal3-mariadb
+  condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
   version: 0.5.4
@@ -19,9 +20,9 @@ dependencies:
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.5.0
+  version: 0.6.0
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: 0.8.1
+version: "%%CHART_MAJOR%%.0.0+up0.9.0"

metal3-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.6.1
+appVersion: 0.8.0
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.5.0
+version: 0.6.0

metal3-chart/charts/baremetal-operator/crds/customresource-baremetalhosts.yaml

@@ -39,11 +39,6 @@ spec:
       name: BMC
       priority: 1
       type: string
-    - description: The type of hardware detected
-      jsonPath: .status.hardwareProfile
-      name: Hardware_Profile
-      priority: 1
-      type: string
     - description: Whether the host is online or not
       jsonPath: .spec.online
       name: Online
@@ -740,6 +735,7 @@ spec:
                 type: object
               hardwareProfile:
                 description: The name of the profile matching the hardware details.
+                  Hardware profiles are deprecated and should not be relied on.
                 type: string
               lastUpdated:
                 description: LastUpdated identifies when this status was last observed.
@@ -1136,7 +1132,6 @@ spec:
             required:
             - errorCount
             - errorMessage
-            - hardwareProfile
             - operationalStatus
             - poweredOn
             - provisioning

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -3,14 +3,12 @@
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
 apiVersion: v1
 data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
-  IRONIC_INSPECTOR_ENDPOINT: "{{ $protocol }}://{{ $ironicInspectorHost }}/v1/"
   RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}

metal3-chart/charts/baremetal-operator/templates/deployment.yaml

@@ -78,14 +78,6 @@ spec:
           mountPath: "/opt/metal3/auth/ironic/password"
           subPath: password
           readOnly: true
-        - name: ironic-inspector-basic-auth
-          mountPath: "/opt/metal3/auth/ironic-inspector/username"
-          subPath: username
-          readOnly: true
-        - name: ironic-inspector-basic-auth
-          mountPath: "/opt/metal3/auth/ironic-inspector/password"
-          subPath: password
-          readOnly: true
         {{- end }}
         {{- if .Values.global.enable_tls }}
         - name: cacert
@@ -116,9 +108,6 @@ spec:
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
-      - name: ironic-inspector-basic-auth
-        secret:
-          secretName: ironic-inspector-basic-auth
       {{- end }}
       {{- if .Values.global.enable_tls }}
       - name: cacert

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,11 +28,11 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.6.1"
+    tag: "0.8.0"
   rbacProxy:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
     pullPolicy: IfNotPresent
-    tag: "v0.14.2"
+    tag: "0.18.1"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 24.1.2
+appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.7.0
+version: 0.8.0

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -77,9 +77,6 @@ Get ironic CA volumeMounts
 - name: cert-ironic-ca
   mountPath: "/certs/ca/ironic"
   readOnly: true
-- name: cert-ironic-inspector-ca
-  mountPath: "/certs/ca/ironic-inspector"
-  readOnly: true
 {{- if .Values.global.enable_vmedia_tls }}
 - name: cert-ironic-vmedia-ca
   mountPath: "/certs/ca/vmedia"

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -25,19 +25,6 @@ spec:
     kind: Issuer
     name: ca-issuer
   secretName: ironic-cert
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ironic-inspector-cert
-spec:
-  commonName: ironic-inspector-cert
-  ipAddresses:
-  - {{ .Values.global.ironicIP }}
-  issuerRef:
-    kind: Issuer
-    name: ca-issuer
-  secretName: ironic-inspector-cert
 {{- if .Values.global.enable_vmedia_tls }}
 ---
 apiVersion: cert-manager.io/v1

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -10,7 +10,6 @@ data:
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
@@ -25,15 +24,11 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  USE_IRONIC_INSPECTOR: "true"
+  USE_IRONIC_INSPECTOR: "false"
   IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
   IRONIC_API_HOST: {{ $ironicApiHost }}
   IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
   IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
-  IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
-  IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
-  IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
-  IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -55,11 +50,9 @@ data:
   {{- if .Values.global.provisioningIP }}
   PROVISIONING_IP: {{ .Values.global.provisioningIP }}
   {{- end }}
-  IRONIC_INSPECTOR_VLAN_INTERFACES: all
   IRONIC_ILO_USE_SWIFT: "false"
   IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
   IRONIC_FAST_TRACK: "true"
-  IRONIC_USE_MARIADB: "true"
   LISTEN_ALL_INTERFACES: "true"
   {{- if .Values.global.ironicIP }}
   IRONIC_IP: {{ .Values.global.ironicIP }}
@@ -69,7 +62,6 @@ data:
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
   IPA_INSECURE: "0"
   IRONIC_REVERSE_PROXY_SETUP: "true"
-  INSPECTOR_REVERSE_PROXY_SETUP: "true"
   {{- if  ( .Values.global.enable_vmedia_tls ) }}
   VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
   {{- end }}
@@ -81,6 +73,10 @@ data:
   {{- end }}
   {{- if  ( .Values.global.enable_basicAuth ) }}
   AUTH_STRATEGY: "http_basic"
-  INSPECTOR_AUTH_STRATEGY: "http_basic"
   {{- end }}
+  {{- if .Values.global.enable_mariadb }}
   MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
+  IRONIC_USE_MARIADB: "true"
+  {{- else }}
+  IRONIC_USE_MARIADB: "false"
+  {{- end }}

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -41,10 +41,7 @@ spec:
             name: ironic-bmo
         livenessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -62,10 +59,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -78,9 +72,6 @@ spec:
           - name: cert-ironic
             mountPath: "/certs/ironic"
             readOnly: true
-          - name: cert-ironic-inspector
-            mountPath: "/certs/ironic-inspector"
-            readOnly: true
           {{- if .Values.global.enable_vmedia_tls }}
           - name: cert-ironic-vmedia
             mountPath: "/certs/vmedia"
@@ -90,73 +81,6 @@ spec:
             name: cert-ironic-ca
             readOnly: true
         {{- end }}
-      - name: ironic-inspector
-        image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
-        imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        command:
-        - /bin/runironic-inspector
-        envFrom:
-        - configMapRef:
-            name: ironic-bmo
-        env:
-        {{- if .Values.global.enable_basicAuth }}
-        - name: INSPECTOR_HTPASSWD
-          valueFrom:
-            secretKeyRef:
-              name: ironic-inspector-basic-auth
-              key: htpasswd
-        {{- end }}
-        - name: MARIADB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: password
-              name: ironic-mariadb
-        livenessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        ports:
-        - containerPort: 5050
-          name: inspector
-          protocol: TCP
-        readinessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        volumeMounts:
-          {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
-        {{- if .Values.global.enable_basicAuth }}
-          - mountPath: "/auth/ironic/auth-config"
-            name: ironic-basic-auth
-            subPath: auth-config
-            readOnly: true
-          - mountPath: "/auth/ironic-inspector/auth-config"
-            name: ironic-inspector-basic-auth
-            subPath: auth-config
-            readOnly: true
-        {{- end }}
-        {{- if .Values.global.enable_tls }}
-          {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
-          - name: cert-ironic-inspector
-            mountPath: "/certs/ironic-inspector"
-            readOnly: true
-        {{- end }}
       - name: ironic-log-watch
         image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
         imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
@@ -184,37 +108,33 @@ spec:
               name: ironic-basic-auth
               key: htpasswd
         {{- end }}
+        {{- if .Values.global.enable_mariadb }}
         - name: MARIADB_PASSWORD
           valueFrom:
             secretKeyRef:
               key: password
               name: ironic-mariadb
+        {{- end }}
         livenessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
-          failureThreshold: 10
+            command: ["/bin/ironic-liveness"]
           initialDelaySeconds: 30
           periodSeconds: 30
-          successThreshold: 1
           timeoutSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
         ports:
         - containerPort: 6385
           name: api
           protocol: TCP
         readinessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
-          failureThreshold: 10
+            command: ["/bin/ironic-readiness"]
           initialDelaySeconds: 30
           periodSeconds: 30
-          successThreshold: 1
           timeoutSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
         volumeMounts:
           {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
           {{- if .Values.global.enable_basicAuth }}
@@ -222,10 +142,6 @@ spec:
             name: ironic-basic-auth
             subPath: auth-config
             readOnly: true
-          - mountPath: "/auth/ironic-inspector/auth-config"
-            name: ironic-inspector-basic-auth
-            subPath: auth-config
-            readOnly: true
           {{- end }}
           {{- if .Values.global.enable_tls }}
           {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
@@ -308,15 +224,16 @@ spec:
         {{- end }}
       volumes:
       - name: ironic-data-volume
+      {{- if .Values.persistence.ironic.size }}
         persistentVolumeClaim:
           claimName: ironic-shared-volume
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
       {{- if .Values.global.enable_basicAuth }}
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
-      - name: ironic-inspector-basic-auth
-        secret:
-          secretName: ironic-inspector-basic-auth
       {{- if .Values.global.enable_tls }}
       - name: trusted-certs
         projected:
@@ -333,12 +250,6 @@ spec:
       - name: cert-ironic
         secret:
           secretName: ironic-cert
-      - name: cert-ironic-inspector-ca
-        secret:
-          secretName: ironic-cacert
-      - name: cert-ironic-inspector
-        secret:
-          secretName: ironic-inspector-cert
       {{- if .Values.global.enable_vmedia_tls }}
       - name: cert-ironic-vmedia-ca
         secret:

metal3-chart/charts/ironic/templates/pvc.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.persistence.ironic.size }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -22,3 +23,4 @@ spec:
   storageClassName: {{ .Values.persistence.ironic.storageClass }}
   {{- end }}
   volumeMode: Filesystem
+{{- end }}

metal3-chart/charts/ironic/templates/secrets-basic-auth.yaml

@@ -29,34 +29,5 @@ data:
   htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
   auth-config: |
   {{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
----
-{{- $ironicInspectorUsername := "" -}}
-{{- $ironicInspectorPassword := "" -}}
-{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
 
-# Check if the secret is deployed and has a password
-{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
-{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
-{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
-{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
-# If not, check if a username and password are provided in values.yaml
-{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
-{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
-{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
-{{- else }}
-# If no username and password are provided in values.yaml, generate new ones
-{{- $ironicInspectorUsername = "ironic" -}}
-{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
-{{- end }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ $inspectorSecretName }}
-type: Opaque
-data:
-  username: {{ $ironicInspectorUsername | b64enc }}
-  password: {{ $ironicInspectorPassword | b64enc }}
-  htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername  $ironicInspectorPassword) }}
-  auth-config: |
-  {{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
 {{- end }}

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 24.1.2.0
+    tag: 26.1.2.0
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 2.0.0
+    tag: 3.0.0
 
 nameOverride: ""
 fullnameOverride: ""
@@ -102,10 +102,6 @@ service:
     port: 6185
     protocol: TCP
     targetPort: 6185
-  - name: inspector
-    port: 5050
-    protocol: TCP
-    targetPort: 5050
   - name: api
     port: 6385
     protocol: TCP
@@ -144,8 +140,9 @@ persistence:
     # storageClass for the ironic shared volume
     # Ensure the storageClass is defined
     storageClass: ""
-    # size of the ironic shared volume
-    size: "1Gi"
+    # size of the ironic shared volume e.g "1Gi"
+    # When unset persistent storage is disabled and emptyDir is enabled
+    size: ""
     # accessMode of the ironic shared volume PVC
     # If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
     accessMode: ""

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.5.0
+version: 0.6.0

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 24.1.2.0
+  tag: 26.1.2.0
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/values.yaml

@@ -6,6 +6,9 @@ global:
   # IP on which the Ironic services will be exposed
   ironicIP: ""
 
+  # whether to enable mariadb (default is sqlite)
+  enable_mariadb: false
+
   # whether to enable media server.
   enable_metal3_media_server: false
 
@@ -28,8 +31,6 @@ global:
   auth:
     ironicUsername: ""
     ironicPassword: ""
-    ironicInspectorUsername: ""
-    ironicInspectorPassword: ""
 
   # whether to have additional trusted CA
   # NOTE: If enabled, a secret with name tls-ca-additional should be deployed
@@ -125,6 +126,4 @@ metal3-baremetal-operator:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
     rbacProxy:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
-      tag: "v0.18.0"
-
 

metallb-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%metallb-chart:0.14.9
-#!BuildTag: %%IMG_PREFIX%%metallb-chart:0.14.9-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9
+#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
 apiVersion: v2
 appVersion: v0.14.3
 dependencies:
@@ -20,4 +20,4 @@ name: metallb
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: 0.14.9
+version: "%%CHART_MAJOR%%.0.0+up0.14.9"

metallb-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:0.3.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.13.0
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.13.0
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.13.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: 0.3.3
+version: "%%CHART_MAJOR%%.0.0+up0.13.0"

rancher-turtles-airgap-resources-chart/_service

@@ -4,5 +4,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml

@@ -3647,7 +3647,7 @@ data:
             envFrom:
             - configMapRef:
                 name: capm3-capm3fasttrack-configmap
-            image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1
+            image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.2
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -3731,7 +3731,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
-            image: quay.io/metal3-io/ip-address-manager:v1.7.1
+            image: quay.io/metal3-io/ip-address-manager:v1.7.2
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4384,7 +4384,7 @@ data:
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v1.7.1
+  name: v1.7.2
   namespace: capm3-system
   labels:
     provider-components: metal3

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -868,6 +868,11 @@ data:
                               type: string
                             type: array
                         type: object
+                      podSecurityAdmissionConfigFile:
+                        description: |-
+                          PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                          spec.Files field.
+                        type: string
                       protectKernelDefaults:
                         description: |-
                           ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2050,6 +2055,11 @@ data:
                                       type: string
                                     type: array
                                 type: object
+                              podSecurityAdmissionConfigFile:
+                                description: |-
+                                  PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                                  spec.Files field.
+                                type: string
                               protectKernelDefaults:
                                 description: |-
                                   ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2535,7 +2545,7 @@ data:
             - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.7.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.8.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2742,10 +2752,13 @@ data:
       - major: 0
         minor: 7
         contract: v1beta1
+      - major: 0
+        minor: 8
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.7.1
+  name: v0.8.0
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -1513,6 +1513,11 @@ data:
                               type: string
                             type: array
                         type: object
+                      podSecurityAdmissionConfigFile:
+                        description: |-
+                          PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                          spec.Files field.
+                        type: string
                       protectKernelDefaults:
                         description: |-
                           ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -2926,6 +2931,11 @@ data:
                                       type: string
                                     type: array
                                 type: object
+                              podSecurityAdmissionConfigFile:
+                                description: |-
+                                  PodSecurityPolicyConfigFile contains the path to the PodSecurityPolicy configuration file. The file can be passed through
+                                  spec.Files field.
+                                type: string
                               protectKernelDefaults:
                                 description: |-
                                   ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults.
@@ -4285,7 +4295,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.7.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.8.0
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4499,10 +4509,13 @@ data:
       - major: 0
         minor: 7
         contract: v1beta1
+      - major: 0
+        minor: 8
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.7.1
+  name: v0.8.0
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -1,6 +1,6 @@
 dependencies:
 - name: cluster-api-operator
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
-  version: 0.12.0
-digest: sha256:c167c074ca89ef7a520ec18a5afd380b9edaee513810aa3ac0e0bda51db9c526
-generated: "2024-08-22T14:23:18.589443298Z"
+  version: 0.14.0
+digest: sha256:9e9e851dbab3212c279efec06bcf0da147228ea1590470f3a8cbbb5806a250d4
+generated: "2024-10-28T11:44:34.392387979Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3
-#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:0.3.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.13.0
+#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.13.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.11.0
+appVersion: 0.13.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
   repository: file://./charts/cluster-api-operator
-  version: 0.12.0
+  version: 0.14.0
 description: Rancher Turtles is an extension to Rancher that brings full Cluster API
   integration to Rancher.
 home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: 0.3.3+up0.11.0
+version: "%%CHART_MAJOR%%.0.0+up0.13.0"

rancher-turtles-chart/RELEASE_NOTES.md

@@ -1,6 +1,4 @@
-## Changes since test/v0.11.0
----
-## :chart_with_upwards_trend: Overview
-
-
-_Thanks to all our contributors!_ 😊
+gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
+  env:
+    GH_TOKEN: ${{ github.token }}
+: exit status 4

rancher-turtles-chart/_service

@@ -11,5 +11,7 @@
     <param name="file">Chart.yaml</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
+    <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
+    <param name="var">CHART_MAJOR</param>
   </service>
 </services>

rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.12.0
+appVersion: 0.14.0
 description: Cluster API Operator
 name: cluster-api-operator
 type: application
-version: 0.12.0
+version: 0.14.0

rancher-turtles-chart/charts/cluster-api-operator/templates/addon.yaml

@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $addonNamespace }}
@@ -37,7 +37,7 @@ metadata:
   name: {{ $addonName }}
   namespace: {{ $addonNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $addonVersion $.Values.secretName }}

rancher-turtles-chart/charts/cluster-api-operator/templates/bootstrap.yaml

@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: {{ $bootstrapNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
   name: {{ $bootstrapName }}
   namespace: {{ $bootstrapNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
 {{- if or $bootstrapVersion $.Values.configSecret.name }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml

@@ -26,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: {{ $controlPlaneNamespace }}
 ---
@@ -36,7 +36,7 @@ metadata:
   name: {{ $controlPlaneName }}
   namespace: {{ $controlPlaneNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
 {{- if or $controlPlaneVersion $.Values.configSecret.name }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/core-conditions.yaml

@@ -6,7 +6,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: capi-system
 ---
@@ -16,7 +16,7 @@ metadata:
   name: cluster-api
   namespace: capi-system
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
 {{- with .Values.configSecret }}
 spec:

rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml

@@ -25,7 +25,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
   name: {{ $coreNamespace }}
 ---
@@ -35,7 +35,7 @@ metadata:
   name: {{ $coreName }}
   namespace: {{ $coreNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $coreVersion $.Values.configSecret.name }}

rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml

@@ -74,6 +74,9 @@ spec:
         {{- if .Values.insecureDiagnostics }}
         - --insecure-diagnostics={{ .Values.insecureDiagnostics }}
         {{- end }}
+        {{- if .Values.watchConfigSecret }}
+        - --watch-configsecret
+        {{- end }}
         {{- with .Values.leaderElection }}
         - --leader-elect={{ .enabled }}
         {{- if .leaseDuration }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml

@@ -7,7 +7,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-bootstrap-system
@@ -18,7 +18,7 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-bootstrap-system
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}
@@ -37,7 +37,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: capi-kubeadm-control-plane-system
@@ -48,7 +48,7 @@ metadata:
   name: kubeadm
   namespace: capi-kubeadm-control-plane-system
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- with .Values.configSecret }}

rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml

@@ -1,13 +1,3 @@
-{{- define "recursivePrinter" }}
-{{- range $key, $value := . }}
-{{- if kindIs "map" $value }}
-  {{ $key }}:
-  {{- include "recursivePrinter" $value | indent 2 }}
-{{- else }}
-  {{ $key }}: {{ $value }}
-{{- end }}
-{{- end }}
-{{- end }}
 # Infrastructure providers
 {{- if .Values.infrastructure }}
 {{- $infrastructures := split ";" .Values.infrastructure }}
@@ -36,7 +26,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "1"
     "argocd.argoproj.io/sync-wave": "1"
   name: {{ $infrastructureNamespace }}
@@ -47,7 +37,7 @@ metadata:
   name: {{ $infrastructureName }}
   namespace: {{ $infrastructureNamespace }}
   annotations:
-    "helm.sh/hook": "post-install"
+    "helm.sh/hook": "post-install,post-upgrade"
     "helm.sh/hook-weight": "2"
     "argocd.argoproj.io/sync-wave": "2"
 {{- if or $infrastructureVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
@@ -77,8 +67,7 @@ spec:
     {{- end }}
 {{- end }}
 {{- if $.Values.additionalDeployments }}
-  additionalDeployments:
-  {{- include "recursivePrinter" $.Values.additionalDeployments | indent 2 }}
+  additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
 {{- end }}
 {{- end }}
 {{- end }}

rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml

@@ -13,7 +13,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -3023,7 +3022,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -7618,7 +7616,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -12216,7 +12213,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -16811,7 +16807,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -21409,7 +21404,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'
@@ -24419,7 +24413,6 @@ spec:
     strategy: Webhook
     webhook:
       clientConfig:
-        caBundle: Cg==
         service:
           name: capi-operator-webhook-service
           namespace: '{{ .Release.Namespace }}'

rancher-turtles-chart/charts/cluster-api-operator/values.yaml

@@ -19,7 +19,7 @@ leaderElection:
 image:
   manager:
     repository: registry.k8s.io/capi-operator/cluster-api-operator
-    tag: v0.12.0
+    tag: v0.14.0
     pullPolicy: IfNotPresent
 env:
   manager: []
@@ -27,6 +27,7 @@ healthAddr: ":8081"
 metricsBindAddr: "127.0.0.1:8080"
 diagnosticsAddress: "8443"
 insecureDiagnostics: false
+watchConfigSecret: false
 imagePullSecrets: {}
 resources:
   manager:

rancher-turtles-chart/templates/clusterctl-cm-cleanup-job.yaml

@@ -0,0 +1,66 @@
+{{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: pre-upgrade-job
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: pre-upgrade-job-delete-clusterctl-configmap
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+rules:
+- apiGroups: [""]
+  resources:
+  - configmaps
+  verbs:
+  - list
+  - delete
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: pre-upgrade-job-clusterctl-configmap-cleanup
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-2"
+subjects:
+  - kind: ServiceAccount
+    name: pre-upgrade-job
+    namespace: '{{ .Values.rancherTurtles.namespace }}'
+roleRef:
+  kind: ClusterRole
+  name: pre-upgrade-job-delete-clusterctl-configmap
+  apiGroup: rbac.authorization.k8s.io
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: rancher-clusterctl-configmap-cleanup
+  namespace: '{{ .Values.rancherTurtles.namespace }}'
+  annotations:
+    "helm.sh/hook": "post-delete, pre-upgrade"
+    "helm.sh/hook-weight": "-1"
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      serviceAccountName: pre-upgrade-job
+      containers:
+        - name: rancher-clusterctl-configmap-cleanup
+          image: {{ index .Values "rancherTurtles" "features" "rancher-webhook" "kubectlImage" }}
+          args:
+          - delete
+          - configmap
+          - --namespace={{ .Values.rancherTurtles.namespace }}
+          - clusterctl-config
+          - --ignore-not-found=true
+      restartPolicy: Never
+{{- end }}

rancher-turtles-chart/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       containers:
       - args:
         - --leader-elect
-        - --feature-gates=etcd-snapshot-restore={{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled"}},propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
+        - --feature-gates=propagate-labels={{ index .Values "rancherTurtles" "features" "propagate-labels" "enabled"}},managementv3-cluster={{ index .Values "rancherTurtles" "features" "managementv3-cluster" "enabled"}},rancher-kube-secret-patch={{ index .Values "rancherTurtles" "features" "rancher-kubeconfigs" "label"}}
         {{- range .Values.rancherTurtles.managerArguments }}
         - {{ . }}
         {{- end }}  

rancher-turtles-chart/templates/metal3-infrastructure.yaml

@@ -2,6 +2,17 @@
 {{- $namespace := index .Values "cluster-api-operator" "cluster-api" "metal3" "infrastructure" "namespace" }}
 {{- if not (lookup "v1" "Namespace" "" $namespace) }}
 ---
+apiVersion: turtles-capi.cattle.io/v1alpha1
+kind: ClusterctlConfig
+metadata:
+  name: clusterctl-config
+  namespace: rancher-turtles-system
+spec:
+  providers:
+  - name: metal3
+    url: "https://github.com/metal3-io/cluster-api-provider-metal3/releases/v1.7.2/infrastructure-components.yaml"
+    type: InfrastructureProvider
+---
 apiVersion: v1
 kind: Namespace
 metadata:

rancher-turtles-chart/templates/pre-install-job.yaml

@@ -1,4 +1,5 @@
 {{- if index .Values "rancherTurtles" "features" "embedded-capi" "disabled" }}
+{{- if index .Values "rancherTurtles" "rancherInstalled"}}
 ---
 apiVersion: management.cattle.io/v3
 kind: Feature
@@ -10,6 +11,7 @@ metadata:
 spec:
   value: false
 {{- end }}
+{{- end }}
 {{- if index .Values "rancherTurtles" "features" "rancher-webhook" "cleanup" }}
 ---
 apiVersion: v1

rancher-turtles-chart/templates/rancher-turtles-components.yaml

@@ -18,7 +18,7 @@ spec:
     - jsonPath: .spec.type
       name: Type
       type: string
-    - jsonPath: .spec.name
+    - jsonPath: .status.name
       name: ProviderName
       type: string
     - jsonPath: .status.installedVersion
@@ -2979,15 +2979,7 @@ spec:
                 type: string
               type:
                 description: Type is the type of the provider to enable
-                enum:
-                - infrastructure
-                - core
-                - controlPlane
-                - bootstrap
-                - addon
-                - runtimeextension
-                - ipam
-                example: infrastructure
+                example: InfrastructureProvider
                 type: string
               variables:
                 additionalProperties:
@@ -3073,6 +3065,10 @@ spec:
                 description: InstalledVersion is the version of the provider that
                   is installed.
                 type: string
+              name:
+                description: Name reflects actual provider name, which will be visible
+                  to users in 'kubectl get capiproviders -A -o wide'
+                type: string
               observedGeneration:
                 description: ObservedGeneration is the latest generation observed
                   by the controller.
@@ -3102,6 +3098,104 @@ spec:
     subresources:
       status: {}
 ---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.14.0
+    helm.sh/resource-policy: keep
+  name: clusterctlconfigs.turtles-capi.cattle.io
+spec:
+  group: turtles-capi.cattle.io
+  names:
+    kind: ClusterctlConfig
+    listKind: ClusterctlConfigList
+    plural: clusterctlconfigs
+    singular: clusterctlconfig
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: ClusterctlConfig is the Schema for the CAPI Clusterctl config
+          API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: ClusterctlConfigSpec defines the user overrides for images
+              and known providers with sources
+            properties:
+              images:
+                description: Images is a list of image overrided for specified providers
+                items:
+                  description: Image allows to define transformations to apply to
+                    the image contained in the YAML manifests.
+                  properties:
+                    name:
+                      description: Name of the provider image override
+                      example: all
+                      type: string
+                    repository:
+                      description: Repository sets the container registry override
+                        to pull images from.
+                      example: my-registry/my-org
+                      type: string
+                    tag:
+                      description: Tag allows to specify a tag for the images.
+                      type: string
+                  required:
+                  - name
+                  type: object
+                type: array
+              providers:
+                description: Provider overrides
+                items:
+                  description: Provider allows to define providers with known URLs
+                    to pull the components.
+                  properties:
+                    name:
+                      description: Name of the provider
+                      type: string
+                    type:
+                      description: Type is the type of the provider
+                      example: InfrastructureProvider
+                      type: string
+                    url:
+                      description: URL of the provider components. Will be used unless
+                        and override is specified
+                      type: string
+                  required:
+                  - name
+                  - type
+                  - url
+                  type: object
+                type: array
+            type: object
+        type: object
+        x-kubernetes-validations:
+        - message: Clusterctl Config should be named clusterctl-config.
+          rule: self.metadata.name == 'clusterctl-config'
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
@@ -3277,6 +3371,8 @@ rules:
   resources:
   - capiproviders
   - capiproviders/status
+  - clusterctlconfigs
+  - clusterctlconfigs/status
   verbs:
   - get
   - list