suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merge upstream

Browse Source
This commit is contained in:
Danial Bekhit
2025-04-18 06:26:40 +02:00
parent 9548235fde 5883bf7549
commit b219a28ae1
78 changed files with 4378 additions and 1354 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.gitea/workflows/trigger_devel.yaml
View File

@@ -1,7 +1,8 @@
name: Trigger Devel Packages
on:
# NOTE (fdegir): Cron is set to run midday every weekday
schedule:
- cron: "@daily"
- cron: "0 12 * * 1-5
jobs:
sync-pr-project:
@@ -27,4 +28,4 @@ jobs:
ref: 'devel'
- name: "Trigger packages"
run: |
python3 .obs/trigger_package.py
python3 .obs/trigger_package.py

6
_config
View File

@@ -58,6 +58,7 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: excludebuild:endpoint-copier-operator-image
BuildFlags: excludebuild:ironic-image
BuildFlags: excludebuild:ironic-ipa-downloader-image
BuildFlags: excludebuild:kiwi-builder-image
BuildFlags: excludebuild:kube-rbac-proxy-image
BuildFlags: excludebuild:metallb-controller-image
BuildFlags: excludebuild:metallb-speaker-image
@@ -80,12 +81,14 @@ BuildFlags: onlybuild:release-manifest-image
BuildFlags: onlybuild:ironic-image
BuildFlags: onlybuild:ironic-ipa-downloader-image
BuildFlags: onlybuild:ironic-ipa-ramdisk
BuildFlags: onlybuild:kiwi-builder-image
BuildFlags: onlybuild:kube-rbac-proxy
BuildFlags: onlybuild:kube-rbac-proxy-image
BuildFlags: onlybuild:metallb
BuildFlags: onlybuild:metallb-controller-image
BuildFlags: onlybuild:metallb-speaker-image
BuildFlags: onlybuild:nm-configurator
BuildFlags: onlybuild:shim-noarch
%endif
%endif
@@ -112,6 +115,9 @@ BuildFlags: onlybuild:release-manifest-image
%if "%_repository" == "standard"
# for build openstack-ironic-image
BuildFlags: allowrootforbuild
# ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
%endif
# Enable reproducible builds

6
akri-dashboard-extension-chart/Chart.yaml
View File

@@ -13,9 +13,9 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
apiVersion: v2
appVersion: 1.2.1
description: "SUSE Edge: Akri extension for Rancher Dashboard"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg
appVersion: 302.0.0+up1.2.1
description: 'SUSE Edge: Akri extension for Rancher Dashboard'
name: akri-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/akri/icon/color/akri-icon-color.svg

4
akri-dashboard-extension-chart/templates/_helpers.tpl
View File

@@ -38,7 +38,7 @@ Common labels
helm.sh/chart: {{ include "extension-server.chart" . }}
{{ include "extension-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
@@ -60,4 +60,4 @@ Pkg annotations
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
akri-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/akri-dashboard-extension/302.0.0+up1.2.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

2
baremetal-operator/_service
View File

@@ -2,7 +2,7 @@
<service name="obs_scm">
<param name="url">https://github.com/metal3-io/baremetal-operator</param>
<param name="scm">git</param>
<param name="revision">v0.9.0</param>
<param name="revision">v0.9.1</param>
<param name="version">_auto_</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>

2
baremetal-operator/baremetal-operator.spec
View File

@@ -17,7 +17,7 @@
Name: baremetal-operator
Version: 0.9.0
Version: 0.9.1
Release: 0
Summary: Implements a Kubernetes API for managing bare metal hosts
License: Apache-2.0

21
ironic-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
@@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper -n in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
fi
RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
WORKDIR /tmp
COPY prepare-efi.sh /bin/
RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -46,8 +40,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opencontainers.image.version="26.1.2.3"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%"
LABEL org.opencontainers.image.version="26.1.2.4"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
fi
COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
COPY ironic.conf.j2 /etc/ironic/
COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

2
ironic-image/configure-ironic.sh
View File

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
fi
fi
IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

4
ironic-image/inspector.ipxe.j2
View File

@@ -5,6 +5,6 @@ echo In inspector.ipxe
imgfree
# NOTE(dtantsur): keep inspection kernel params in [mdns]params in
# ironic-inspector-image and configuration in configure-ironic.sh
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
boot

2
ironic-image/ironic.conf.j2
View File

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
# Power state is checked every 60 seconds and BMC activity should
# be avoided more often than once every sixty seconds.
send_sensor_data_interval = 160
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
verify_step_priority_override = management.clear_job_queue:90
# We don't use this feature, and it creates an additional load on the database
node_history = False

51
ironic-image/prepare-efi.sh
View File

@@ -2,41 +2,26 @@
set -euxo pipefail
ARCH=$(uname -m)
DEST=${2:-/tmp/esp.img}
OS=${1:-sles}
declare -A efi_arch=(
["x86_64"]="X64"
["aarch64"]="AA64"
)
if [ $ARCH = "aarch64" ]; then
BOOTEFI=BOOTAA64.EFI
GRUBEFI=grubaa64.efi
else
BOOTEFI=BOOTX64.efi
GRUBEFI=grubx64.efi
fi
for arch in "${!efi_arch[@]}"; do
DEST=/tmp/esp-${arch}.img
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
dd bs=1024 count=6400 if=/dev/zero of=$DEST
mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
mdir -i $DEST ::EFI/BOOT;
done
mkdir -p /boot/efi/EFI/BOOT
mkdir -p /boot/efi/EFI/$OS
if [ $ARCH = "aarch64" ]; then
cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
else
cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
#cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
fi
mmd -i $DEST EFI
mmd -i $DEST EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
if [ $ARCH = "aarch64" ]; then
mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
else
mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
fi
mdir -i $DEST ::EFI/BOOT;

2
ironic-image/runhttpd
View File

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
# Copy files to shared mount
render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
cp /tmp/uefi_esp*.img /shared/html/
# Render the core httpd config
render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

22
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,6 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
#!ArchExclusiveLine: x86_64
RUN if [ "$(uname -m)" = "x86_64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#!ArchExclusiveLine: aarch64
RUN if [ "$(uname -m)" = "aarch64" ];then \
zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
fi
#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
@@ -26,11 +19,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.1"
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

68
ironic-ipa-downloader-image/get-resource.sh
View File

@@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
export https_proxy=${https_proxy:-$HTTPS_PROXY}
export no_proxy=${no_proxy:-$NO_PROXY}
if [ -d "/tmp/ironic-certificates" ]; then
sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
CERTS_CHANGED=0
else
CERTS_CHANGED=1
fi
fi
# Which image should we use
if [ -z "${IPA_BASEURI}" ]; then
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
if [ "${CERTS_CHANGED:-0}" = "0" ]; then
# everything is the same exit early
exit 0
fi
fi
IMAGE_CHANGED=1
# SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
mkdir -p /shared/html/images
cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
# Use arm64 as destination for iPXE compatibility
cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
cp /tmp/images.sha256 /shared/images.sha256
else
FILENAME=ironic-python-agent
FILENAME_EXT=.tar
@@ -25,47 +46,56 @@ else
# If we have a CACHEURL and nothing has yet been downloaded
# get header info from the cache
ls -l
if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
fi
# Download the most recent version of IPA
if [ -e $FFILENAME.headers ] ; then
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
# curl didn't download anything because we have the ETag already
# but we don't have it in the images directory
# Its in the cache, go get it
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
mv /shared/html/images/$FFILENAME.headers .
curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
fi
else
cd $TMPDIR
curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
cd "$TMPDIR"
curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
fi
if [ -s $FFILENAME ] ; then
tar -xf $FFILENAME
xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
mv $FILENAME.initramfs.zstd $FILENAME.initramfs
ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
if [ "$ARCH" = "x86" ]; then
ARCH="x86_64"
fi
ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
cd -
chmod 755 $TMPDIR
mv $TMPDIR $FILENAME-$ETAG
ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
chmod 755 "$TMPDIR"
mv "$TMPDIR" "$FILENAME-$ETAG"
ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
IMAGE_CHANGED=1
else
rm -rf $TMPDIR
rm -rf "$TMPDIR"
fi
fi
if [ -d "/tmp/ironic-certificates" ]; then
if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then
mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
mkdir -p etc/ironic-python-agent.d/ca-certs
cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
done
cp /tmp/certificates.sha256 /shared/certificates.sha256
fi

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi
View File

@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<image schemaversion="7.4" name="openstack-ironic-image-301">
<image schemaversion="7.4" name="openstack-ironic-image">
<description type="system">
<author>Cloud developers</author>
<contact>cloud-devel@suse.de</contact>

8
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.1
Version: 3.0.3
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA
@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
cd /tmp/openstack-ironic-image/img/build/image-root
find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
cd $TDIR
gzip -9 -f initrdtmp
INITRDGZ=`ls *.gz | head -1`
gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
INITRD=`ls *.xz | head -1`
zstd initrdtmp -o initrd-%{_arch}.zst
INITRD=`ls *.zst | head -1`
ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

8
kubevirt-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0
apiVersion: v2
appVersion: 1.3.1
appVersion: 1.4.0
description: A Helm chart for KubeVirt
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt
type: application
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"

280
kubevirt-chart/crds/kubevirt.yaml
View File

@@ -231,6 +231,17 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
commonInstancetypesDeployment:
description: CommonInstancetypesDeployment controls the deployment
of common-instancetypes resources
nullable: true
properties:
enabled:
description: Enabled controls the deployment of common-instancetypes
resources, defaults to True.
nullable: true
type: boolean
type: object
controllerConfiguration:
description: |-
ReloadableComponentConfiguration holds all generic k8s configuration options which can
@@ -412,6 +423,23 @@ spec:
description: PullPolicy describes a policy for if/when to pull
a container image
type: string
instancetype:
description: Instancetype configuration
nullable: true
properties:
referencePolicy:
description: |-
ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:
reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.
expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.
expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.
enum:
- reference
- expand
- expandAll
nullable: true
type: string
type: object
ksmConfiguration:
description: KSMConfiguration holds the information regarding
the enabling the KSM in the nodes (if available).
@@ -470,8 +498,9 @@ spec:
features
properties:
maxCpuSockets:
description: MaxCpuSockets holds the maximum amount of sockets
that can be hotplugged
description: |-
MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.
For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.
format: int32
type: integer
maxGuest:
@@ -577,7 +606,7 @@ spec:
description: |-
CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
format: int64
type: integer
disableTLS:
@@ -640,34 +669,6 @@ spec:
ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
version: v1alphav1
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -696,7 +697,7 @@ spec:
domainAttachmentType:
description: |-
DomainAttachmentType is a standard domain network attachment method kubevirt supports.
Supported values: "tap".
Supported values: "tap", "managedTap" (since v1.4).
The standard domain attachment can be used instead or in addition to the sidecarImage.
version: 1alphav1
type: string
@@ -874,37 +875,10 @@ spec:
usually idle and don't require a lot of memory or cpu.
properties:
resources:
description: ResourceRequirements describes the compute
resource requirements.
description: |-
ResourceRequirementsWithoutClaims describes the compute resource requirements.
This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field.
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in
PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -958,10 +932,8 @@ spec:
MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
Protocol versions are based on the following most common TLS configurations:
https://ssl-config.mozilla.org/
Note that SSLv3.0 is not a supported protocol version due to well known
vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
enum:
@@ -1091,10 +1063,13 @@ spec:
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -1411,7 +1386,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1426,7 +1401,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1594,7 +1569,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1609,7 +1584,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1775,7 +1750,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1790,7 +1765,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1958,7 +1933,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -1973,7 +1948,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2164,7 +2139,6 @@ spec:
BatchEvictionInterval Represents the interval to wait before issuing the next
batch of shutdowns
Defaults to 1 minute
type: string
batchEvictionSize:
@@ -2172,7 +2146,6 @@ spec:
BatchEvictionSize Represents the number of VMIs that can be forced updated per
the BatchShutdownInteral interval
Defaults to 10
type: integer
workloadUpdateMethods:
@@ -2183,7 +2156,6 @@ spec:
precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
methods are listed, only VMs which are not live migratable will be restarted/shutdown
An empty list defaults to no automated workload updating
items:
type: string
@@ -2491,7 +2463,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2506,7 +2478,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2674,7 +2646,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2689,7 +2661,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2855,7 +2827,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -2870,7 +2842,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -3038,7 +3010,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -3053,7 +3025,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -3516,6 +3488,17 @@ spec:
type: object
type: object
x-kubernetes-map-type: atomic
commonInstancetypesDeployment:
description: CommonInstancetypesDeployment controls the deployment
of common-instancetypes resources
nullable: true
properties:
enabled:
description: Enabled controls the deployment of common-instancetypes
resources, defaults to True.
nullable: true
type: boolean
type: object
controllerConfiguration:
description: |-
ReloadableComponentConfiguration holds all generic k8s configuration options which can
@@ -3697,6 +3680,23 @@ spec:
description: PullPolicy describes a policy for if/when to pull
a container image
type: string
instancetype:
description: Instancetype configuration
nullable: true
properties:
referencePolicy:
description: |-
ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:
reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.
expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.
expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.
enum:
- reference
- expand
- expandAll
nullable: true
type: string
type: object
ksmConfiguration:
description: KSMConfiguration holds the information regarding
the enabling the KSM in the nodes (if available).
@@ -3755,8 +3755,9 @@ spec:
features
properties:
maxCpuSockets:
description: MaxCpuSockets holds the maximum amount of sockets
that can be hotplugged
description: |-
MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.
For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.
format: int32
type: integer
maxGuest:
@@ -3862,7 +3863,7 @@ spec:
description: |-
CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
format: int64
type: integer
disableTLS:
@@ -3925,34 +3926,6 @@ spec:
ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
version: v1alphav1
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry
in PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -3981,7 +3954,7 @@ spec:
domainAttachmentType:
description: |-
DomainAttachmentType is a standard domain network attachment method kubevirt supports.
Supported values: "tap".
Supported values: "tap", "managedTap" (since v1.4).
The standard domain attachment can be used instead or in addition to the sidecarImage.
version: 1alphav1
type: string
@@ -4159,37 +4132,10 @@ spec:
usually idle and don't require a lot of memory or cpu.
properties:
resources:
description: ResourceRequirements describes the compute
resource requirements.
description: |-
ResourceRequirementsWithoutClaims describes the compute resource requirements.
This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field.
properties:
claims:
description: |-
Claims lists the names of resources, defined in spec.resourceClaims,
that are used by this container.
This is an alpha field and requires enabling the
DynamicResourceAllocation feature gate.
This field is immutable. It can only be set for containers.
items:
description: ResourceClaim references one entry in
PodSpec.ResourceClaims.
properties:
name:
description: |-
Name must match the name of one entry in pod.spec.resourceClaims of
the Pod where this field is used. It makes that resource available
inside a container.
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
limits:
additionalProperties:
anyOf:
@@ -4243,10 +4189,8 @@ spec:
MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
Protocol versions are based on the following most common TLS configurations:
https://ssl-config.mozilla.org/
Note that SSLv3.0 is not a supported protocol version due to well known
vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
enum:
@@ -4376,10 +4320,13 @@ spec:
referenced object inside the same namespace.
properties:
name:
default: ""
description: |-
Name of the referent.
This field is effectively required, but due to backwards compatibility is
allowed to be empty. Instances of this type with an empty value here are
almost certainly wrong.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
type: object
x-kubernetes-map-type: atomic
@@ -4696,7 +4643,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -4711,7 +4658,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -4879,7 +4826,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -4894,7 +4841,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5060,7 +5007,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5075,7 +5022,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5243,7 +5190,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5258,7 +5205,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5449,7 +5396,6 @@ spec:
BatchEvictionInterval Represents the interval to wait before issuing the next
batch of shutdowns
Defaults to 1 minute
type: string
batchEvictionSize:
@@ -5457,7 +5403,6 @@ spec:
BatchEvictionSize Represents the number of VMIs that can be forced updated per
the BatchShutdownInteral interval
Defaults to 10
type: integer
workloadUpdateMethods:
@@ -5468,7 +5413,6 @@ spec:
precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
methods are listed, only VMs which are not live migratable will be restarted/shutdown
An empty list defaults to no automated workload updating
items:
type: string
@@ -5776,7 +5720,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5791,7 +5735,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5959,7 +5903,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -5974,7 +5918,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6140,7 +6084,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6155,7 +6099,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6323,7 +6267,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both matchLabelKeys and labelSelector.
Also, matchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array
@@ -6338,7 +6282,7 @@ spec:
pod labels will be ignored. The default value is empty.
The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
items:
type: string
type: array

54
kubevirt-chart/templates/kubevirt-operator.yaml
View File

@@ -606,15 +606,35 @@ rules:
- apiGroups:
- snapshot.kubevirt.io
resources:
- '*'
- virtualmachinesnapshots
- virtualmachinesnapshots/status
- virtualmachinesnapshotcontents
- virtualmachinesnapshotcontents/status
- virtualmachinesnapshotcontents/finalizers
- virtualmachinerestores
- virtualmachinerestores/status
verbs:
- '*'
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- export.kubevirt.io
resources:
- '*'
- virtualmachineexports
- virtualmachineexports/status
- virtualmachineexports/finalizers
verbs:
- '*'
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- pool.kubevirt.io
resources:
@@ -636,6 +656,12 @@ rules:
- '*'
verbs:
- '*'
- apiGroups:
- kubevirt.io
resources:
- virtualmachines/finalizers
verbs:
- update
- apiGroups:
- subresources.kubevirt.io
resources:
@@ -844,6 +870,7 @@ rules:
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
- virtualmachineinstances/usbredir
verbs:
- get
- apiGroups:
@@ -992,6 +1019,7 @@ rules:
- virtualmachineinstances/userlist
- virtualmachineinstances/sev/fetchcertchain
- virtualmachineinstances/sev/querylaunchmeasurement
- virtualmachineinstances/usbredir
verbs:
- get
- apiGroups:
@@ -1264,7 +1292,7 @@ metadata:
name: virt-operator
namespace: {{ .Release.Namespace }}
spec:
replicas: 2
replicas: {{ .Values.operator.replicas }}
selector:
matchLabels:
kubevirt.io: virt-operator
@@ -1279,17 +1307,7 @@ spec:
name: virt-operator
spec:
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-operator
topologyKey: kubernetes.io/hostname
weight: 1
{{- .Values.operator.affinity | toYaml | nindent 8 }}
containers:
- args:
- --port
@@ -1325,9 +1343,7 @@ spec:
initialDelaySeconds: 5
timeoutSeconds: 10
resources:
requests:
cpu: 10m
memory: 450Mi
{{- .Values.operator.resources | toYaml | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:

4
kubevirt-chart/templates/kubevirt.yaml
View File

@@ -20,6 +20,10 @@ spec:
{{- if .Values.kubevirt.uninstallStrategy }}
uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
{{- end }}
{{- with .Values.kubevirt.workloads }}
workloads:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.kubevirt.workloadUpdateStrategy }}
workloadUpdateStrategy:
{{- toYaml . | nindent 4 }}

21
kubevirt-chart/values.yaml
View File

@@ -1,7 +1,24 @@
operator:
image: registry.suse.com/suse/sles/15.6/virt-operator
version: 1.3.1-150600.5.9.1
version: 1.4.0-150600.5.15.1
replicas: 2
pullPolicy: IfNotPresent
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: kubevirt.io
operator: In
values:
- virt-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 10m
memory: 450Mi
kubevirt:
# Holds kubevirt configurations. Same as the virt-configMap.
@@ -14,6 +31,8 @@ kubevirt:
# Specifies if KubeVirt can be deleted if workloads are still present.
# This is mainly a precaution to avoid accidental data loss.
uninstallStrategy: ""
# Selectors and tolerations that should apply to KubeVirt workloads.
workloads: {}
# WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
workloadUpdateStrategy: {}
# Optionally enable ServiceMonitor for prometheus, see

5
kubevirt-dashboard-extension-chart/Chart.yaml
View File

@@ -13,9 +13,10 @@ annotations:
catalog.cattle.io/ui-component: plugins
catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
apiVersion: v2
appVersion: 1.2.1
appVersion: 302.0.0+up1.2.1
description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: kubevirt-dashboard-extension
type: application
version: "%%CHART_MAJOR%%.0.0+up1.2.1"
icon: >-
https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

4
kubevirt-dashboard-extension-chart/templates/_helpers.tpl
View File

@@ -38,7 +38,7 @@ Common labels
helm.sh/chart: {{ include "extension-server.chart" . }}
{{ include "extension-server.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
@@ -60,4 +60,4 @@ Pkg annotations
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}

2
kubevirt-dashboard-extension-chart/templates/cr.yaml
View File

@@ -8,7 +8,7 @@ spec:
plugin:
name: {{ include "extension-server.fullname" . }}
version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/1.2.1
endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/302.0.0+up1.2.1
noCache: {{ .Values.plugin.noCache }}
noAuth: {{ .Values.plugin.noAuth }}
metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

12
metal3-chart/Chart.yaml
View File

@@ -1,16 +1,16 @@
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.0
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.0_up0.10.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
apiVersion: v2
appVersion: 0.10.0
appVersion: 0.11.0
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
repository: file://./charts/baremetal-operator
version: 0.9.0
version: 0.9.1
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.9.3
version: 0.10.0
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.0+up0.10.0"
version: "%%CHART_MAJOR%%.0.2+up0.11.0"

4
metal3-chart/charts/baremetal-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 0.9.0
appVersion: 0.9.1
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.9.0
version: 0.9.1

11
metal3-chart/charts/baremetal-operator/templates/clusterrole-metrics-reader.yaml
View File

@@ -1,11 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "baremetal-operator.fullname" . }}-metrics-reader
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- /metrics
verbs:
- get

19
metal3-chart/charts/baremetal-operator/templates/clusterrole-proxy.yaml
View File

@@ -1,19 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "baremetal-operator.fullname" . }}-proxy-role
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create

14
metal3-chart/charts/baremetal-operator/templates/clusterrolebinding-proxy.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "baremetal-operator.fullname" . }}-proxy-rolebinding
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "baremetal-operator.fullname" . }}-proxy-role
subjects:
- kind: ServiceAccount
name: {{ include "baremetal-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}

6
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -5,6 +5,7 @@
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1
data:
@@ -19,8 +20,9 @@ data:
{{- $protocol = "http" }}
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
kind: ConfigMap
metadata:
name: baremetal-operator-ironic

14
metal3-chart/charts/baremetal-operator/templates/service-controller-manager.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
control-plane: controller-manager
name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager

2
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -28,7 +28,7 @@ images:
baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent
tag: "0.9.0"
tag: "0.9.1"
imagePullSecrets: []
nameOverride: "manger"

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.9.3
version: 0.10.0

6
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -12,6 +12,7 @@ data:
{{- $ironicApiHost := print $ironicIP ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -39,8 +40,9 @@ data:
{{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs
DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -56,11 +56,11 @@ images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 26.1.2.3
tag: 26.1.2.4
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.1
tag: 3.0.3
nameOverride: ""
fullnameOverride: ""

3
metal3-chart/values.yaml
View File

@@ -63,6 +63,9 @@ global:
# Name for the MariaDB service
databaseServiceName: metal3-mariadb
# Architecture for deployed nodes (either x86_64 or arm64)
deployArchitecture: x86_64
# In a multi-node cluster use the node selector to ensure the pods
# all run on the same host where the dnsmasqDNSServer and provisioningIP
# and /opt/media exist. Uncomment the nodeSelector and update the

1
nm-configurator/.gitattributes vendored
View File

@@ -1 +0,0 @@
*.obscpio filter=lfs diff=lfs merge=lfs -text

2
nm-configurator/_service
View File

@@ -3,7 +3,7 @@
<param name="url">https://github.com/suse-edge/nm-configurator.git</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="scm">git</param>
<param name="revision">v0.3.1</param>
<param name="revision">v0.3.2</param>
<param name="match-tag">*</param>
<param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
<param name="versionrewrite-replacement">\1</param>

2
nm-configurator/_servicedata
View File

@@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/suse-edge/nm-configurator.git</param>
<param name="changesrevision">8a7b3180476cd0d5958a809c527bd8cb9b3f247b</param></service></servicedata>
<param name="changesrevision">747301ba15a28e758d1f06070dc7ff29a5e80242</param></service></servicedata>

BIN
nm-configurator/nm-configurator-0.3.1.obscpio (Stored with Git LFS)
View File

Binary file not shown.

BIN
nm-configurator/nm-configurator-0.3.2.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

6
nm-configurator/nm-configurator.obsinfo
View File

@@ -1,4 +1,4 @@
name: nm-configurator
version: 0.3.1
mtime: 1725004214
commit: 8a7b3180476cd0d5958a809c527bd8cb9b3f247b
version: 0.3.2
mtime: 1744218621
commit: 747301ba15a28e758d1f06070dc7ff29a5e80242

2
nm-configurator/nmc.spec
View File

@@ -17,7 +17,7 @@
Name: nm-configurator
Version: 0.3.1
Version: 0.3.2
Release: 0
Summary: NM Configurator
License: Apache-2.0

BIN
nm-configurator/vendor.tar.xz (Stored with Git LFS)
View File

Binary file not shown.

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-airgap-resources-chart:%%CHART_MAJOR%%.0.0_up0.17.0
apiVersion: v2
appVersion: 0.16.0
appVersion: 0.17.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

4
rancher-turtles-airgap-resources-chart/README.md
View File

@@ -23,4 +23,8 @@ cluster-api-operator:
infrastructure:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"metal3\"}}"
fleet:
addon:
fetchConfig:
selector: "{\"matchLabels\": {\"provider-components\": \"fleet\"}}"
```

4
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

11
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
data:
components: Not Found
metadata: Not Found
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.6.0
namespace: rancher-turtles-system
labels:
provider-components: fleet

6
rancher-turtles-airgap-resources-chart/templates/airgap-cm-metal3.yaml
View File

@@ -3734,7 +3734,7 @@ data:
envFrom:
- configMapRef:
name: capm3-capm3fasttrack-configmap
image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.2
image: registry.rancher.com/rancher/cluster-api-provider-metal3:v1.9.3
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -3820,7 +3820,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: quay.io/metal3-io/ip-address-manager:v1.9.3
image: quay.io/metal3-io/ip-address-manager:v1.9.4
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4524,7 +4524,7 @@ data:
kind: ConfigMap
metadata:
creationTimestamp: null
name: v1.9.2
name: v1.9.3
namespace: capm3-system
labels:
provider-components: metal3

7
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -2527,7 +2527,7 @@ data:
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.11.0
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2747,10 +2747,13 @@ data:
- major: 0
minor: 11
contract: v1beta1
- major: 0
minor: 12
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.11.0
name: v0.12.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

7
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -4263,7 +4263,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.11.0
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4490,10 +4490,13 @@ data:
- major: 0
minor: 11
contract: v1beta1
- major: 0
minor: 12
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.11.0
name: v0.12.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.16.0
digest: sha256:9b296be6ee446bff492e6736e084ce3734b07ea613791b77fd15d31c0f62dc70
generated: "2025-01-30T10:14:58.692942399Z"
version: 0.17.0
digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
generated: "2025-02-27T10:39:03.203623466Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.16.0-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%IMG_PREFIX%%rancher-turtles-chart:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,12 +12,12 @@ annotations:
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.16.0
appVersion: 0.17.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
repository: file://./charts/cluster-api-operator
version: 0.14.0
version: 0.17.0
description: Rancher Turtles is an extension to Rancher that brings full Cluster API
integration to Rancher.
home: https://github.com/rancher/turtles/
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.16.0"
version: "%%CHART_MAJOR%%.0.0+up0.17.0"

4
rancher-turtles-chart/charts/cluster-api-operator/Chart.yaml
View File

@@ -1,6 +1,6 @@
apiVersion: v2
appVersion: 0.14.0
appVersion: 0.17.0
description: Cluster API Operator
name: cluster-api-operator
type: application
version: 0.14.0
version: 0.17.0

15
rancher-turtles-chart/charts/cluster-api-operator/templates/control-plane.yaml
View File

@@ -38,12 +38,25 @@ metadata:
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2"
{{- if or $controlPlaneVersion $.Values.configSecret.name }}
{{- if or $controlPlaneVersion $.Values.configSecret.name $.Values.manager }}
spec:
{{- end}}
{{- if $controlPlaneVersion }}
version: {{ $controlPlaneVersion }}
{{- end }}
{{- if $.Values.manager }}
{{- if hasKey $.Values.manager.featureGates $controlPlaneName }}
manager:
{{- range $key, $value := $.Values.manager.featureGates }}
{{- if eq $key $controlPlaneName }}
featureGates:
{{- range $k, $v := $value }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.configSecret.name }}
configSecret:
name: {{ $.Values.configSecret.name }}

2
rancher-turtles-chart/charts/cluster-api-operator/templates/core.yaml
View File

@@ -38,7 +38,7 @@ metadata:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2"
{{- if or $coreVersion $.Values.configSecret.name }}
{{- if or $coreVersion $.Values.configSecret.name $.Values.manager }}
spec:
{{- end}}
{{- if $coreVersion }}

36
rancher-turtles-chart/charts/cluster-api-operator/templates/deployment.yaml
View File

@@ -65,9 +65,6 @@ spec:
{{- if .Values.healthAddr }}
- --health-addr={{ .Values.healthAddr }}
{{- end }}
{{- if .Values.metricsBindAddr }}
- --metrics-bind-addr={{ .Values.metricsBindAddr }}
{{- end }}
{{- if .Values.diagnosticsAddress }}
- --diagnostics-address={{ .Values.diagnosticsAddress }}
{{- end }}
@@ -100,9 +97,15 @@ spec:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: {{ ( split ":" $.Values.metricsBindAddr)._1 | int }}
{{- if $.Values.diagnosticsAddress }}
{{- $diagnosticsPort := $.Values.diagnosticsAddress }}
{{- if contains ":" $diagnosticsPort -}}
{{ $diagnosticsPort = ( split ":" $.Values.diagnosticsAddress)._1 | int }}
{{- end }}
- containerPort: {{ $diagnosticsPort | int }}
name: metrics
protocol: TCP
{{- end }}
{{- with .Values.resources.manager }}
resources:
{{- toYaml . | nindent 12 }}
@@ -119,6 +122,31 @@ spec:
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
terminationMessagePolicy: FallbackToLogsOnError
{{- $healthAddr := $.Values.healthAddr }}
{{- if contains ":" $healthAddr -}}
{{ $healthAddr = ( split ":" $.Values.healthAddr)._1 | int }}
{{- end }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: {{ $healthAddr | default 9440 }}
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 20
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: {{ $healthAddr | default 9440 }}
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
terminationGracePeriodSeconds: 10
{{- with .Values.volumes }}
volumes:

9
rancher-turtles-chart/charts/cluster-api-operator/templates/infra-conditions.yaml
View File

@@ -53,6 +53,15 @@ metadata:
"argocd.argoproj.io/sync-wave": "2"
{{- with .Values.configSecret }}
spec:
{{- if $.Values.manager }}
manager:
{{- if and $.Values.manager.featureGates $.Values.manager.featureGates.kubeadm }}
featureGates:
{{- range $key, $value := $.Values.manager.featureGates.kubeadm }}
{{ $key }}: {{ $value }}
{{- end }}
{{- end }}
{{- end }}
configSecret:
name: {{ .name }}
{{- if .namespace }}

10
rancher-turtles-chart/charts/cluster-api-operator/templates/infra.yaml
View File

@@ -59,6 +59,16 @@ spec:
{{- end }}
{{- end }}
{{- end }}
{{- if and (kindIs "map" $.Values.fetchConfig) (hasKey $.Values.fetchConfig $infrastructureName) }}
{{- range $key, $value := $.Values.fetchConfig }}
{{- if eq $key $infrastructureName }}
fetchConfig:
{{- range $k, $v := $value }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.configSecret.name }}
configSecret:
name: {{ $.Values.configSecret.name }}

73
rancher-turtles-chart/charts/cluster-api-operator/templates/ipam.yaml Normal file
View File

@@ -0,0 +1,73 @@
# IPAM providers
{{- if .Values.ipam }}
{{- $ipams := split ";" .Values.ipam }}
{{- $ipamNamespace := "" }}
{{- $ipamName := "" }}
{{- $ipamVersion := "" }}
{{- range $ipam := $ipams }}
{{- $ipamArgs := split ":" $ipam }}
{{- $ipamArgsLen := len $ipamArgs }}
{{- if eq $ipamArgsLen 3 }}
{{- $ipamNamespace = $ipamArgs._0 }}
{{- $ipamName = $ipamArgs._1 }}
{{- $ipamVersion = $ipamArgs._2 }}
{{- else if eq $ipamArgsLen 2 }}
{{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
{{- $ipamName = $ipamArgs._0 }}
{{- $ipamVersion = $ipamArgs._1 }}
{{- else if eq $ipamArgsLen 1 }}
{{- $ipamNamespace = print $ipamArgs._0 "-ipam-system" }}
{{- $ipamName = $ipamArgs._0 }}
{{- else }}
{{- fail "ipam provider argument should have the following format in-cluster:v1.0.0 or mynamespace:in-cluster:v1.0.0" }}
{{- end }}
---
apiVersion: v1
kind: Namespace
metadata:
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "1"
"argocd.argoproj.io/sync-wave": "1"
name: {{ $ipamNamespace }}
---
apiVersion: operator.cluster.x-k8s.io/v1alpha2
kind: IPAMProvider
metadata:
name: {{ $ipamName }}
namespace: {{ $ipamNamespace }}
annotations:
"helm.sh/hook": "post-install,post-upgrade"
"helm.sh/hook-weight": "2"
"argocd.argoproj.io/sync-wave": "2"
{{- if or $ipamVersion $.Values.configSecret.name $.Values.manager $.Values.additionalDeployments }}
spec:
{{- end }}
{{- if $ipamVersion }}
version: {{ $ipamVersion }}
{{- end }}
{{- if $.Values.manager }}
manager:
{{- if and (kindIs "map" $.Values.manager.featureGates) (hasKey $.Values.manager.featureGates $ipamName) }}
{{- range $key, $value := $.Values.manager.featureGates }}
{{- if eq $key $ipamName }}
featureGates:
{{- range $k, $v := $value }}
{{ $k }}: {{ $v }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if $.Values.configSecret.name }}
configSecret:
name: {{ $.Values.configSecret.name }}
{{- if $.Values.configSecret.namespace }}
namespace: {{ $.Values.configSecret.namespace }}
{{- end }}
{{- end }}
{{- if $.Values.additionalDeployments }}
additionalDeployments: {{ toYaml $.Values.additionalDeployments | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

2431
rancher-turtles-chart/charts/cluster-api-operator/templates/operator-components.yaml
View File

File diff suppressed because it is too large Load Diff

9
rancher-turtles-chart/charts/cluster-api-operator/values.yaml
View File

@@ -5,8 +5,10 @@ core: ""
bootstrap: ""
controlPlane: ""
infrastructure: ""
ipam: ""
addon: ""
manager.featureGates: {}
fetchConfig: {}
# ---
# Common configuration secret options
configSecret: {}
@@ -19,13 +21,12 @@ leaderElection:
image:
manager:
repository: registry.k8s.io/capi-operator/cluster-api-operator
tag: v0.14.0
tag: v0.17.0
pullPolicy: IfNotPresent
env:
manager: []
healthAddr: ":8081"
metricsBindAddr: "127.0.0.1:8080"
diagnosticsAddress: "8443"
diagnosticsAddress: ":8443"
healthAddr: ":9440"
insecureDiagnostics: false
watchConfigSecret: false
imagePullSecrets: {}

28
rancher-turtles-chart/questions.yml
View File

@@ -11,11 +11,16 @@ questions:
- variable: cluster-api-operator.cert-manager.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually"
description: "Flag to enable or disable installation of cert-manager. If set to false then you will need to install cert-manager manually."
label: "Enable Cert Manager"
- variable: turtlesUI.enabled
default: false
type: boolean
description: "Flag to enable or disable installation of CAPI UI extension. If set to false then you will need to install CAPI UI extension manually."
label: "Install CAPI UI (Experimental)"
- variable: rancherTurtles.cluster-api-operator.cleanup
default: true
description: "Specify that the CAPI Operator post-delete cleanup job will be performed"
description: "Specify that the CAPI Operator post-delete cleanup job will be performed."
type: boolean
label: Cleanup CAPI Operator installation
group: "CAPI Operator cleanup settings"
@@ -25,20 +30,31 @@ questions:
label: "Enable RKE2 Provider"
type: boolean
- variable: rancherTurtles.features.addon-provider-fleet.enabled
default: false
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles"
default: true
description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles."
type: boolean
label: Seamless integration with Fleet and CAPI
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.agent-tls-mode.enabled
default: false
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters"
description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
type: boolean
label: Enable Agent TLS Mode
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.kubectlImage
default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
description: "Specify the image to use when running kubectl in jobs"
description: "Specify the image to use when running kubectl in jobs."
type: string
label: Kubectl Image
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.day2operations.enabled
label: "Enable Day 2 Operations functionality in Rancher Turtles"
description: "Use this setting to configure Day 2 Operations functionality in Rancher Turtles, such as enabling ETCD Backup and Restore."
type: boolean
group: "Rancher Turtles Features Settings"
- variable: rancherTurtles.features.day2operations.etcdBackupRestore.enabled
label: "Enable ETCD Backup and Restore"
description: "[ALPHA] Enable ETCD Backup and Restore functionality in Rancher Turtles."
type: boolean
group: "ETCD Backup and Restore Settings"
show_if: "rancherTurtles.features.day2operations.enabled"

6
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -10,6 +10,12 @@ metadata:
"helm.sh/hook-weight": "2"
spec:
type: addon
deployment:
containers:
- name: manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
- name: helm-manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'

2
rancher-turtles-chart/templates/deployment.yaml
View File

@@ -26,7 +26,7 @@ spec:
containers:
- args:
- --leader-elect
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}}
- --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
{{- range .Values.rancherTurtles.managerArguments }}
- {{ . }}
{{- end }}

20
rancher-turtles-chart/templates/rancher-turtles-components.yaml
View File

@@ -3385,6 +3385,17 @@ rules:
- patch
- update
- watch
- apiGroups:
- catalog.cattle.io
resources:
- uiplugins
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
@@ -3450,6 +3461,15 @@ rules:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resourceNames:
- rancher-turtles-manager-role
resources:
- clusterroles
verbs:
- get
- list
- apiGroups:
- turtles-capi.cattle.io
resources:

793
rancher-turtles-chart/templates/rancher-turtles-exp-clusterclass-components.yaml Normal file
View File

@@ -0,0 +1,793 @@
{{- if index .Values "rancherTurtles" "features" "clusterclass-operations" "enabled" }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: clusterclass
name: clusterupgradegroups.rollout.turtles-capi.cattle.io
spec:
group: rollout.turtles-capi.cattle.io
names:
kind: ClusterUpgradeGroup
listKind: ClusterUpgradeGroupList
plural: clusterupgradegroups
singular: clusterupgradegroup
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterUpgradeGroup is the Schema for the clusterupgrades API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterUpgradeGroupSpec defines the desired state of ClusterUpgradeGroup
properties:
className:
type: string
rolloutStrategy:
description: |-
RolloutStrategy controls the rollout of bundles, by defining
partitions, canaries and percentages for cluster availability.
properties:
rollingUpdate:
description: |-
Rolling update config params. Present only if
RolloutStrategyType = RollingUpdate.
properties:
maxFailures:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of failed attempts before skipping the update for a given
cluster.
x-kubernetes-int-or-string: true
maxRollouts:
anyOf:
- type: integer
- type: string
description: |-
The maximum number of clusters that can be in update state (non-active) during a
rolling update.
x-kubernetes-int-or-string: true
rolloutDelay:
anyOf:
- type: integer
- type: string
description: The delay between subsequent cluster rollouts.
x-kubernetes-int-or-string: true
type: object
type:
description: |-
Type of rollout.
Default is RollingUpdate.
type: string
type: object
targets:
description: Targets refer to the clusters that should be upgraded.
items:
properties:
clusterGroup:
description: ClusterGroup to match a specific cluster group
by name.
nullable: true
type: string
clusterGroupSelector:
description: ClusterGroupSelector is a selector to match cluster
groups.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: |-
ClusterName to match a specific cluster by name that will be
selected
nullable: true
type: string
clusterSelector:
description: |-
ClusterSelector is a selector to match clusters. The structure is
the standard metav1.LabelSelector format. If clusterGroupSelector or
clusterGroup is specified, clusterSelector will be used only to
further refine the selection after clusterGroupSelector and
clusterGroup is evaluated.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
x-kubernetes-list-type: atomic
required:
- key
- operator
type: object
type: array
x-kubernetes-list-type: atomic
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
doNotDeploy:
description: DoNotDeploy if set to true, will not deploy to
this target.
type: boolean
name:
description: |-
Name of target. This value is largely for display and logging. If
not specified a default name of the format "target000" will be used
type: string
type: object
type: array
required:
- className
type: object
status:
description: ClusterUpgradeGroupStatus defines the observed state of ClusterUpgradeGroup
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
labels:
turtles-capi.cattle.io: clusterclass
name: clusterupgrades.rollout.turtles-capi.cattle.io
spec:
group: rollout.turtles-capi.cattle.io
names:
kind: ClusterUpgrade
listKind: ClusterUpgradeList
plural: clusterupgrades
singular: clusterupgrade
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ClusterUpgrade is the Schema for the clusterupgrades API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ClusterUpgradeSpec defines the desired state of ClusterUpgrade
properties:
className:
type: string
rolloutStrategy:
description: |-
RolloutStrategy controls the rollout of bundles, by defining
partitions, canaries and percentages for cluster availability.
properties:
autoPartitionSize:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of how to automatically partition clusters if no
specific partitioning strategy is configured.
default: 25%
x-kubernetes-int-or-string: true
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of clusters that can be unavailable during an update
of a bundle. This follows the same basic approach as a deployment rollout
strategy. Once the number of clusters meets unavailable state update will be
paused. Default value is 100% which doesn't take effect on update.
default: 100%
x-kubernetes-int-or-string: true
maxUnavailablePartitions:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of cluster partitions that can be unavailable during
an update of a bundle.
default: 0
x-kubernetes-int-or-string: true
partitions:
description: |-
A list of definitions of partitions. If any target clusters do not match
the configuration they are added to partitions at the end following the
autoPartitionSize.
items:
description: Partition defines a separate rollout strategy for
a set of clusters.
properties:
clusterGroup:
description: A cluster group name to include in this partition
type: string
clusterGroupSelector:
description: Selector matching cluster group labels to include
in this partition
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: ClusterName is the name of a cluster to include
in this partition
type: string
clusterSelector:
description: Selector matching cluster labels to include
in this partition
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
maxUnavailable:
anyOf:
- type: integer
- type: string
description: |-
A number or percentage of clusters that can be unavailable in this
partition before this partition is treated as done.
default: 10%
x-kubernetes-int-or-string: true
name:
description: A user-friendly name given to the partition
used for Display (optional).
type: string
type: object
type: array
type: object
targets:
description: Targets refer to the clusters that should be upgraded.
items:
properties:
clusterGroup:
description: ClusterGroup to match a specific cluster group
by name.
nullable: true
type: string
clusterGroupSelector:
description: ClusterGroupSelector is a selector to match cluster
groups.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusterName:
description: |-
ClusterName to match a specific cluster by name that will be
selected
nullable: true
type: string
clusterSelector:
description: |-
ClusterSelector is a selector to match clusters. The structure is
the standard metav1.LabelSelector format. If clusterGroupSelector or
clusterGroup is specified, clusterSelector will be used only to
further refine the selection after clusterGroupSelector and
clusterGroup is evaluated.
nullable: true
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
doNotDeploy:
description: DoNotDeploy if set to true, will not deploy to
this target.
type: boolean
name:
description: |-
Name of target. This value is largely for display and logging. If
not specified a default name of the format "target000" will be used
type: string
type: object
type: array
required:
- className
type: object
status:
description: ClusterUpgradeStatus defines the observed state of ClusterUpgrade
type: object
type: object
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: leader-election-role
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-leader-election-role
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
aggregationRule:
clusterRoleSelectors:
- matchLabels:
rancher-turtles/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager-role
rules:
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
- clusters
- clusters/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroups
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroups/status
verbs:
- get
- patch
- update
- apiGroups:
- rollout.turtles-capi.cattle.io
resources:
- clusterupgradegroupss/finalizers
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: leader-election-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-leader-election-rolebinding
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-clusterclass-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: turtles-rollout-poc
app.kubernetes.io/instance: manager-rolebinding
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: turtles-rollout-poc
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-clusterclass-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-clusterclass-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
name: rancher-turtles-clusterclass-controller-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: clusterclass
spec:
containers:
- args:
- --leader-elect
command:
- ./turtles-clusterclass-operations
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- $imageVersion := index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" -}}
{{- if contains "sha256:" $imageVersion }}
image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}@{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
{{- else }}
image: {{ index .Values "rancherTurtles" "features" "clusterclass-operations" "image" }}:{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imageVersion" }}
{{- end }}
imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "clusterclass-operations" "imagePullPolicy" }}'
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
name: manager
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
serviceAccountName: rancher-turtles-clusterclass-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
{{- end }}

183
rancher-turtles-chart/templates/rancher-turtles-exp-etcdrestore-components.yaml → rancher-turtles-chart/templates/rancher-turtles-exp-day2-components.yaml
View File

@@ -1,12 +1,12 @@
{{- if index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "enabled" }}
{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
turtles-capi.cattle.io: day2-operations
name: etcdmachinesnapshots.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
@@ -115,10 +115,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
turtles-capi.cattle.io: day2-operations
name: etcdsnapshotrestores.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
@@ -234,10 +234,10 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
controller-gen.kubebuilder.io/version: v0.16.1
labels:
turtles-capi.cattle.io: etcd-restore
turtles-capi.cattle.io: day2-operations
name: rke2etcdmachinesnapshotconfigs.turtles-capi.cattle.io
spec:
group: turtles-capi.cattle.io
@@ -311,20 +311,6 @@ spec:
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
@@ -335,8 +321,8 @@ metadata:
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: role
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-leader-election-role
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-leader-election-role
namespace: {{ index .Values "rancherTurtles" "namespace" }}
rules:
- apiGroups:
@@ -379,8 +365,8 @@ apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-aggregated-manager-role
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -389,8 +375,8 @@ metadata:
labels:
rancher-turtles-exp/aggregate-to-manager: "true"
rancher-turtles/aggregate-to-manager: "true"
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager-role
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager-role
rules:
- apiGroups:
- ""
@@ -516,16 +502,16 @@ metadata:
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: rolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-leader-election-rolebinding
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-leader-election-rolebinding
namespace: {{ index .Values "rancherTurtles" "namespace" }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: rancher-turtles-etcdsnapshotrestore-leader-election-role
name: rancher-turtles-day2-operations-leader-election-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-etcdsnapshotrestore-manager
name: rancher-turtles-day2-operations-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: rbac.authorization.k8s.io/v1
@@ -538,140 +524,53 @@ metadata:
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: clusterrolebinding
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-manager-rolebinding
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-turtles-etcdsnapshotrestore-aggregated-manager-role
name: rancher-turtles-day2-operations-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: rancher-turtles-etcdsnapshotrestore-manager
name: rancher-turtles-day2-operations-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
---
apiVersion: v1
kind: Service
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-webhook-service
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
turtles-capi.cattle.io: etcd-restore
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-controller-manager
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: etcd-restore
spec:
containers:
- args:
- --leader-elect
command:
- ./etcd-snapshot-restore
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- $imageVersion := index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" -}}
{{- if contains "sha256:" $imageVersion }}
image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}@{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }}
{{- else }}
image: {{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "image" }}:{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imageVersion" }}
{{- end }}
imagePullPolicy: '{{ index .Values "rancherTurtles" "features" "etcd-snapshot-restore" "imagePullPolicy" }}'
livenessProbe:
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
serviceAccountName: rancher-turtles-etcdsnapshotrestore-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
- name: cert
secret:
secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert
turtles-capi.cattle.io: day2-operations
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-serving-cert
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-serving-cert
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
dnsNames:
- rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
- rancher-turtles-etcdsnapshotrestore-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
- rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc
- rancher-turtles-day2-operations-webhook-service.{{ index .Values "rancherTurtles" "namespace" }}.svc.cluster.local
issuerRef:
kind: Issuer
name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
secretName: rancher-turtles-etcdsnapshotrestore-webhook-service-cert
name: rancher-turtles-day2-operations-selfsigned-issuer
secretName: rancher-turtles-day2-operations-webhook-service-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-selfsigned-issuer
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-selfsigned-issuer
namespace: {{ index .Values "rancherTurtles" "namespace" }}
spec:
selfSigned: {}
@@ -680,16 +579,16 @@ apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-mutating-webhook-configuration
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config
failurePolicy: Fail
@@ -710,16 +609,16 @@ apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-etcdsnapshotrestore-serving-cert
cert-manager.io/inject-ca-from: {{ index .Values "rancherTurtles" "namespace" }}/rancher-turtles-day2-operations-serving-cert
labels:
turtles-capi.cattle.io: etcd-restore
name: rancher-turtles-etcdsnapshotrestore-validating-webhook-configuration
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdmachinesnapshot
failurePolicy: Fail
@@ -740,7 +639,7 @@ webhooks:
- v1
clientConfig:
service:
name: rancher-turtles-etcdsnapshotrestore-webhook-service
name: rancher-turtles-day2-operations-webhook-service
namespace: {{ index .Values "rancherTurtles" "namespace" }}
path: /validate-turtles-capi-cattle-io-v1alpha1-etcdsnapshotrestore
failurePolicy: Fail

106
rancher-turtles-chart/templates/rancher-turtles-exp-day2-deployment.yaml Normal file
View File

@@ -0,0 +1,106 @@
{{- if index .Values "rancherTurtles" "features" "day2operations" "enabled" }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-controller-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
control-plane: controller-manager
turtles-capi.cattle.io: day2-operations
spec:
containers:
- args:
- --leader-elect
- --feature-gates=etcd-backup-restore={{ .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
command:
- ./turtles-day2-operations
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if (contains "sha256:" .Values.rancherTurtles.features.day2operations.imageVersion) }}
image: '{{ .Values.rancherTurtles.features.day2operations.image }}@{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
{{- else }}
image: '{{ .Values.rancherTurtles.features.day2operations.image }}:{{ .Values.rancherTurtles.features.day2operations.imageVersion }}'
{{- end }}
imagePullPolicy: '{{ .Values.rancherTurtles.features.day2operations.imagePullPolicy }}'
livenessProbe:
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 15
periodSeconds: 20
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
volumeMounts:
{{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
{{- end }}
serviceAccountName: rancher-turtles-day2-operations-manager
terminationGracePeriodSeconds: 10
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
volumes:
{{- if .Values.rancherTurtles.features.day2operations.etcdBackupRestore.enabled }}
- name: cert
secret:
secretName: rancher-turtles-day2-operations-webhook-service-cert
{{- end }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app.kubernetes.io/component: rbac
app.kubernetes.io/created-by: rancher-turtles
app.kubernetes.io/instance: controller-manager-sa
app.kubernetes.io/managed-by: kustomize
app.kubernetes.io/name: serviceaccount
app.kubernetes.io/part-of: rancher-turtles
turtles-capi.cattle.io: day2-operations
name: rancher-turtles-day2-operations-manager
namespace: '{{ .Values.rancherTurtles.namespace }}'
{{- end }}

16
rancher-turtles-chart/templates/ui-plugin.yaml Normal file
View File

@@ -0,0 +1,16 @@
{{- if and (index .Values "turtlesUI" "enabled") (index .Values "rancherTurtles" "rancherInstalled") }}
apiVersion: catalog.cattle.io/v1
kind: UIPlugin
metadata:
name: capi
namespace: '{{ .Values.rancherTurtles.namespace }}'
spec:
plugin:
endpoint: https://raw.githubusercontent.com/rancher/capi-ui-extension/gh-pages/extensions/capi/{{ index .Values "turtlesUI" "version" | toString }}
name: capi
version: {{ index .Values "turtlesUI" "version" }}
metadata:
catalog.cattle.io/display-name: CAPI UI
catalog.cattle.io/experimental: "true"
catalog.cattle.io/ui-extensions-version: ">= 3.0.0"
{{- end }}

24
rancher-turtles-chart/values.yaml
View File

@@ -1,6 +1,9 @@
turtlesUI:
enabled: false
version: v0.8.2
rancherTurtles:
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
namespace: rancher-turtles-system
managerArguments: []
@@ -8,17 +11,24 @@ rancherTurtles:
rancherInstalled: false
kubectlImage: registry.suse.com/edge/3.2/kubectl:1.30.3
features:
etcd-snapshot-restore:
day2operations:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.16.0
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
etcdBackupRestore:
enabled: false
# beta feature, see documentation for more information on feature stages
addon-provider-fleet:
enabled: false
enabled: true
# alpha feature, see documentation for more information on feature stages
agent-tls-mode:
enabled: false
clusterclass-operations:
enabled: false
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
imagePullPolicy: IfNotPresent
cluster-api-operator:
enabled: true
cert-manager:
@@ -71,13 +81,13 @@ cluster-api-operator:
selector: ""
metal3:
enabled: true
version: "v1.9.2"
version: "v1.9.3"
infrastructure:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.2"
imageUrl: "registry.suse.com/rancher/cluster-api-provider-metal3:v1.9.3"
fetchConfig:
url: ""
selector: ""
ipam:
namespace: capm3-system
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.3"
imageUrl: "registry.suse.com/rancher/ip-address-manager:v1.9.4"

2
release-manifest-image/release_manifest.yaml
View File

@@ -175,4 +175,4 @@ spec:
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: %%CHART_REPO%%/%%IMG_PREFIX%%rancher-turtles-chart
version: %%CHART_MAJOR%%.0.0+up0.16.0
version: %%CHART_MAJOR%%.0.0+up0.17.0

BIN
shim-noarch/shim-15.7-150300.4.16.1.aarch64.rpm Normal file
View File

Binary file not shown.

BIN
shim-noarch/shim-15.7-150300.4.16.1.x86_64.rpm Normal file
View File

Binary file not shown.

1099
shim-noarch/shim.changes Normal file
View File

File diff suppressed because it is too large Load Diff

90
shim-noarch/shim.spec Normal file
View File

@@ -0,0 +1,90 @@
#
# spec file for package shim
#
# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%undefine _debuginfo_subpackages
%undefine _build_create_debug
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
Name: shim
Version: 15.7
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
URL: https://github.com/rhboot/shim
Source: shim-15.7-150300.4.16.1.x86_64.rpm
Source1: shim-15.7-150300.4.16.1.aarch64.rpm
Requires: perl-Bootloader
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
%description
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%package aarch64
Provides: shim(aarch64)
Group: System/Boot
Summary: UEFI shim loader
%package x86_64
Provides: shim(x86_64)
Group: System/Boot
Summary: UEFI shim loader
%description aarch64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%description x86_64
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
rm -rf %{buildroot}/usr/lib64/efi
rm %{buildroot}/etc/uefi/certs/BCA4E38E-shim.crt %{buildroot}/usr/sbin/shim-install %{buildroot}/usr/share/doc/packages/shim/COPYRIGHT
%files aarch64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/aarch64
%{sysefibasedir}/aarch64/shim.efi
%{sysefibasedir}/aarch64/shim-*.efi
%{sysefibasedir}/aarch64/shim-*.der
%{sysefibasedir}/aarch64/MokManager.efi
%{sysefibasedir}/aarch64/fallback.efi
%files x86_64
%defattr(-,root,root)
%dir %{?sysefibasedir}
%dir %{sysefibasedir}/x86_64
%{sysefibasedir}/x86_64/shim.efi
%{sysefibasedir}/x86_64/shim-*.efi
%{sysefibasedir}/x86_64/shim-*.der
%{sysefibasedir}/x86_64/MokManager.efi
%{sysefibasedir}/x86_64/fallback.efi
%changelog