Add kubevirt-dashboard-extension-chart version 303.0.1+up1.3.0

Reviewed-on: #122
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>

.gitea/workflows/check_manifest.yaml

@@ -1,23 +0,0 @@
-name: Check Release Manifest Local Charts Versions
-on:
-  pull_request:
-      branches-ignore:
-      - "devel"
-
-
-jobs:
-  sync-pr-project:
-    name: "Check Release Manifest Local Charts Versions"
-    runs-on: tumbleweed
-    steps:
-        # Waiting on PR to get merged for support in upstream action/checkout action
-      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
-        name: Checkout repository
-        with:
-          object-format: 'sha256'
-      - name: Setup dependencies
-        run: |
-          zypper in -y python3-ruamel.yaml
-      - name: Check release manifest
-        run: |
-          python3 .obs/manifest-check.py --check

.gitea/workflows/trigger_devel.yaml

@@ -0,0 +1,31 @@
+name: Trigger Devel Packages
+on:
+  # NOTE (fdegir): Cron is set to run midday every weekday
+  schedule:
+    - cron: "0 12 * * 1-5
+
+jobs:
+  sync-pr-project:
+    name: "Trigger source services for devel packages that changed"
+    runs-on: tumbleweed
+    steps:
+      - name: Setup OSC
+        run: |
+          mkdir -p ~/.config/osc
+          cat >~/.config/osc/oscrc <<'EOF'
+          [general]
+          apiurl = https://api.opensuse.org
+
+          [https://api.opensuse.org]
+          user=${{ vars.OBS_USERNAME }}
+          pass=${{ secrets.OBS_PASSWORD }}
+          EOF
+    # Waiting on PR to get merged for support in upstream action/checkout action
+      - uses: 'https://github.com/yangskyboxlabs/action-checkout@sha256'
+        name: Checkout repository
+        with:
+          object-format: 'sha256'
+          ref: 'devel'
+      - name: "Trigger packages"
+        run: |
+          python3 .obs/trigger_package.py

.obs/common.py

@@ -1,3 +1,3 @@
-PROJECT = "isv:SUSE:Edge:3.2"
+PROJECT = "isv:SUSE:Edge:Factory"
 REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
-BRANCH = "3.2"
+BRANCH = "main"

.obs/manifest-check.py

@@ -1,84 +0,0 @@
-#!/usr/bin/python3
-
-import ruamel.yaml
-import pathlib
-import argparse
-import sys
-
-yaml = ruamel.yaml.YAML()
-
-def get_chart_version(chart_name: str) -> str:
-    with open(f"./{chart_name}/Chart.yaml") as f:
-        chart = yaml.load(f)
-        return chart["version"]
-
-def get_charts(chart):
-    if not chart["chart"].startswith("%%CHART_REPO%%"):
-        # Not a locally managed chart
-        return {}
-
-    chart_name = chart["chart"][len("%%CHART_REPO%%/%%IMG_PREFIX%%"):]
-    charts = { chart_name: chart["version"] }
-    for child_chart in chart.get("dependencyCharts", []) + chart.get("addonCharts", []):
-        charts.update(get_charts(child_chart))
-    return charts
-
-def get_charts_list():
-    with open("./release-manifest-image/release_manifest.yaml") as f:
-        manifest = yaml.load(f)
-    charts = {}
-    for chart in manifest["spec"]["components"]["workloads"]["helm"]:
-        charts.update(get_charts(chart))
-    return charts
-
-def check_charts(fix: bool) -> bool:
-    success = True
-    charts = get_charts_list()
-    to_fix = {}
-    for chart in charts:
-        expected_version = get_chart_version(chart)
-        if expected_version != charts[chart]:
-            success = False
-            to_fix[f'%%CHART_REPO%%/%%IMG_PREFIX%%{chart}'] = expected_version
-            print(f"{chart}: Expected: {expected_version}, Got: {charts[chart]}")
-    if fix and not success:
-        fix_charts(to_fix)
-        return True
-    return success
-
-def fix_charts(to_fix):
-    manifest_path = pathlib.Path("./release-manifest-image/release_manifest.yaml")
-    manifest = yaml.load(manifest_path)
-    yaml.indent(mapping=2, sequence=4, offset=2)
-    yaml.width = 4096
-    for chart_index, chart in enumerate(manifest["spec"]["components"]["workloads"]["helm"]):
-        changed = False
-        if chart["chart"] in to_fix.keys():
-            changed = True
-            chart["version"] = to_fix[chart["chart"]]
-        for subchart_index, subchart in enumerate(chart.get("addonCharts", [])):
-            if subchart["chart"] in to_fix.keys():
-                changed = True
-                subchart["version"] = to_fix[subchart["chart"]]
-                chart["addonCharts"][subchart_index] = subchart
-        for subchart_index, subchart in enumerate(chart.get("dependencyCharts", [])):
-            if subchart["chart"] in to_fix.keys():
-                changed = True
-                subchart["version"] = to_fix[subchart["chart"]]
-                chart["dependencyCharts"][subchart_index] = subchart
-        if changed:
-            manifest["spec"]["components"]["workloads"]["helm"][chart_index] = chart
-    yaml.dump(manifest, manifest_path)
-
-def main():
-    print("Checking charts versions in release manifest")
-    parser = argparse.ArgumentParser()
-    parser.add_argument('-c', '--check', action='store_true')
-    args = parser.parse_args()
-    if not check_charts(not args.check):
-        sys.exit(1)
-    else:
-        print("All local charts in release manifest are using the right version")
-
-if __name__ == "__main__":
-    main()

.obs/render_meta.py

@@ -8,6 +8,7 @@ def render(base_project, subproject, internal, scm_url=None):
     context = {
         "base_project": subproject == "",
         "title": f"SUSE Edge {version} {subproject}".rstrip(),
+        "ironic_base": "ISV:SUSE:Edge:Ironic" if internal else "Cloud:OpenStack",
     }
     if subproject == "ToTest":
         context["project"] = f"{base_project}:ToTest"

.pre-commit-config.yaml

@@ -1,10 +0,0 @@
-repos:
-  - repo: local
-    hooks:
-      - id: check-manifest
-        name: "Check release-manifest"
-        entry: python3 .obs/manifest-check.py
-        language: python
-        additional_dependencies: ['ruamel.yaml']
-        pass_filenames: false
-        always_run: true

_config

@@ -58,6 +58,7 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: excludebuild:endpoint-copier-operator-image
     BuildFlags: excludebuild:ironic-image
     BuildFlags: excludebuild:ironic-ipa-downloader-image
+    BuildFlags: excludebuild:kiwi-builder-image
     BuildFlags: excludebuild:kube-rbac-proxy-image
     BuildFlags: excludebuild:metallb-controller-image
     BuildFlags: excludebuild:metallb-speaker-image
@@ -69,7 +70,6 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: onlybuild:baremetal-operator
     BuildFlags: onlybuild:baremetal-operator-image
     BuildFlags: onlybuild:ca-certificates-suse
-    BuildFlags: onlybuild:cosign
     BuildFlags: onlybuild:crudini
     BuildFlags: onlybuild:edge-image-builder
     BuildFlags: onlybuild:edge-image-builder-image
@@ -81,12 +81,14 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: onlybuild:ironic-image
     BuildFlags: onlybuild:ironic-ipa-downloader-image
     BuildFlags: onlybuild:ironic-ipa-ramdisk
+    BuildFlags: onlybuild:kiwi-builder-image
     BuildFlags: onlybuild:kube-rbac-proxy
     BuildFlags: onlybuild:kube-rbac-proxy-image
     BuildFlags: onlybuild:metallb
     BuildFlags: onlybuild:metallb-controller-image
     BuildFlags: onlybuild:metallb-speaker-image
     BuildFlags: onlybuild:nm-configurator
+    BuildFlags: onlybuild:shim-noarch
   %endif
 %endif
 
@@ -103,36 +105,6 @@ BuildFlags: onlybuild:release-manifest-image
     PublishFlags: archsync
 %endif
 
-%if "%_repository" == "images_6.0"
-    Prefer: container:sles15-image
-    Type: docker
-    BuildEngine: podman
-    Repotype: none
-    Patterntype: none
-    BuildFlags: dockerarg:SLE_VERSION=16.0
-    BuildFlags: onlybuild:kiwi-builder-image
-
-    # Publish multi-arch container images only once all archs have been built
-    PublishFlags: archsync
-
-    # Exclude the images selected by the aarch64 section
-    %ifarch aarch64
-      BuildFlags: excludebuild:baremetal-operator-image
-      BuildFlags: excludebuild:edge-image-builder-image
-      BuildFlags: excludebuild:endpoint-copier-operator-image
-      BuildFlags: excludebuild:ironic-image
-      BuildFlags: excludebuild:ironic-ipa-downloader-image
-      BuildFlags: excludebuild:kube-rbac-proxy-image
-      BuildFlags: excludebuild:metallb-controller-image
-      BuildFlags: excludebuild:metallb-speaker-image
-    %endif
-
-%else
-    BuildFlags: excludebuild:kiwi-builder-image
-%endif
-
-
-
 %if "%_repository" == "charts" || "%_repository" == "phantomcharts" || "%_repository" == "releasecharts"
     Type: helm
     Repotype: helm
@@ -143,6 +115,9 @@ BuildFlags: onlybuild:release-manifest-image
 %if "%_repository" == "standard"
     # for build openstack-ironic-image
     BuildFlags: allowrootforbuild
+
+    # ironic-ipa-ramdisk are noarch packages that need to be availble to both archs
+    ExportFilter: ^ironic-ipa-ramdisk-.*\.noarch\.rpm$ aarch64 x86_64
 %endif
 
 # Enable reproducible builds

_meta

@@ -31,19 +31,14 @@
     <arch>x86_64</arch>
   </repository>
 {%- endif %}
-{%- for repository in ["images", "images_6.0", "test_manifest_images"] %}
+{%- for repository in ["images", "test_manifest_images"] %}
   <repository name="{{ repository }}">
-    {%- if release_project is defined and repository != "test_manifest_images" %}
+    {%- if release_project is defined and repository == "images" %}
     <releasetarget project="{{ release_project }}" repository="images" trigger="manual"/>
     {%- endif %}
     <path project="SUSE:Registry" repository="standard"/>
-    {%- if repository == "images_6.0" %}
+    <path project="SUSE:CA" repository="SLE_15_SP6"/>
-      <path project="SUSE:CA" repository="16.0"/>
+    <path project="{{ project }}" repository="standard"/>
-      <path project="SUSE:ALP:Products:Marble:6.0" repository="standard"/>
-    {%- else %}
-      <path project="SUSE:CA" repository="SLE_15_SP6"/>
-      <path project="{{ project }}" repository="standard"/>
-    {%- endif %}
     <arch>x86_64</arch>
     <arch>aarch64</arch>
   </repository>
@@ -52,7 +47,7 @@
     {%- if release_project is defined and not for_release %}
     <releasetarget project="{{ release_project }}" repository="standard" trigger="manual"/>
     {%- endif %}
-    <path project="Cloud:OpenStack:2024.2" repository="15.6"/>
+    <path project="{{ ironic_base }}:2024.2" repository="15.6"/>
     <path project="SUSE:SLE-15-SP6:Update" repository="standard"/>
     <arch>x86_64</arch>
     <arch>aarch64</arch>

baremetal-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/baremetal-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.8.0</param>
+    <param name="revision">v0.9.1</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

baremetal-operator/baremetal-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           baremetal-operator
-Version:        0.8.0
+Version:        0.9.1
-Release:        0.8.0
+Release:        0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
 Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.22
+BuildRequires:  golang(API) = 1.23
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

cosign/_service

@@ -1,18 +0,0 @@
-<services>
-  <service name="obs_scm">
-    <param name="url">https://github.com/rancher-government-carbide/cosign.git</param>
-    <param name="versionformat">@PARENT_TAG@</param>
-    <param name="scm">git</param>
-    <param name="exclude">.get</param>
-    <param name="revision">v2.2.3+carbide.2</param>
-    <param name="versionrewrite-pattern">v(.*)</param>
-    <param name="changesgenerate">enable</param>
-  </service>
-  <service mode="buildtime" name="tar">
-    <param name="obsinfo">cosign.obsinfo</param>
-  </service>
-  <service mode="buildtime" name="set_version" />
-  <service name="go_modules">
-     <param name="compression">gz</param>
-  </service>
-</services>

cosign/cosign.spec

@@ -1,55 +0,0 @@
-#
-# spec file for package cosign-rgs
-#
-# Copyright (c) 2024 SUSE LLC
-#
-# All modifications and additions to the file contributed by third parties
-# remain the property of their copyright owners, unless otherwise agreed
-# upon. The license for this file, and modifications and additions to the
-# file, is the same license as for the pristine package itself (unless the
-# license for the pristine package is not an Open Source License, in which
-# case the license is the MIT License). An "Open Source License" is a
-# license that conforms to the Open Source Definition (Version 1.9)
-# published by the Open Source Initiative.
-
-# Please submit bugfixes or comments via https://bugs.opensuse.org/
-#
-
-%define project https://github.com/hauler-dev/cosign
-%define revision 49542360ffb5de63f9d2f5856b658651d5538e40 
-
-Name:           cosign
-Version:        0
-Release:        0
-Summary:        Container Signing, Verification and Storage in an OCI registry
-License:        Apache-2.0
-URL:            https://github.com/rancher-government-carbide/cosign
-Source:         cosign-%{version}.tar
-Source1:        vendor.tar.gz         
-BuildRequires:  golang-packaging
-
-%description
-
-%prep
-%setup -q -a1 -n cosign-%{version}
-
-%build
-%goprep %{project}
-
-DATE_FMT="+%%Y-%%m-%%dT%%H:%%M:%%SZ"
-BUILD_DATE=$(date -u -d "@${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u -r "${SOURCE_DATE_EPOCH}" "${DATE_FMT}" 2>/dev/null || date -u "${DATE_FMT}")
-
-CLI_PKG=sigs.k8s.io/release-utils/version
-CLI_LDFLAGS="-X ${CLI_PKG}.gitVersion=%{version} -X ${CLI_PKG}.gitCommit=%{revision} -X ${CLI_PKG}.gitTreeState=release -X ${CLI_PKG}.buildDate=${BUILD_DATE}"
-
-CGO_ENABLED=0 go build -mod=vendor -buildmode=pie -trimpath -ldflags "${CLI_LDFLAGS}" -o cosign ./cmd/cosign
-
-%install
-install -D -m 0755 cosign %{buildroot}%{_bindir}/cosign
-
-%files
-%license LICENSE
-%doc *.md
-%{_bindir}/cosign
-
-%changelog

edge-image-builder-image/Dockerfile

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.2-rc1
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.2-rc1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.1.2-rc1"
+LABEL org.opencontainers.image.version="1.1.0"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.2-rc1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.1.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

edge-image-builder-image/artifacts.yaml

@@ -1,7 +1,7 @@
 metallb:
   chart: metallb-chart
   repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"
-  version: "%%CHART_MAJOR%%.0.1+up0.14.9"
+  version: "%%CHART_MAJOR%%.0.0+up0.14.9"
 endpoint-copier-operator:
   chart: endpoint-copier-operator-chart
   repository: "%%CHART_REPO%%/%%IMG_PREFIX%%"

edge-image-builder/_service

@@ -1,13 +1,10 @@
 <services>
   <service name="obs_scm">
     <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
+    <param name="versionformat">@PARENT_TAG@</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.1.2-rc1</param>
+    <param name="revision">v1.1.0</param>
-    <!-- Uncomment and set this For Pre-Release Version -->
-    <param name="version">1.1.2~rc0</param>
-    <!-- Uncomment and this for regular version -->
-    <!-- <param name="versionformat">@PARENT_TAG@</param> -->
     <param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
     <param name="versionrewrite-replacement">\1.\2.\3</param>
     <param name="changesgenerate">enable</param>

edge-image-builder/edge-image-builder.spec

@@ -17,7 +17,7 @@
 
 
 Name:           edge-image-builder
-Version:        1.1.2~rc1
+Version:        1.1.0
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0

frr-image/Dockerfile

@@ -1,7 +1,7 @@
 # SPDX-License-Identifier: MIT
-#!BuildTag: %%IMG_PREFIX%%frr:8.4
+#!BuildTag: %%IMG_PREFIX%%frr:8.5.6
-#!BuildTag: %%IMG_PREFIX%%frr:8.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%frr:8.5.6-%RELEASE%
-#!BuildVersion: 15.5
+#!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -15,11 +15,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="FRR Container Image"
 LABEL org.opencontainers.image.description="frr based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="8.4"
+LABEL org.opencontainers.image.version="8.5.6"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.4-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%frr:8.5.6-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

frr-k8s/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metallb/frr-k8s</param>
     <param name="scm">git</param>
-    <param name="revision">v0.0.14</param>
+    <param name="revision">v0.0.16</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

frr-k8s/frr-k8s.spec

@@ -17,8 +17,8 @@
 
 
 Name:           frr-k8s
-Version:        0.0.14
+Version:        0.0.16
-Release:        0.0.14
+Release:        0.0.16
 Summary:        A kubernetes based daemonset that exposes a subset of the FRR API in a kubernetes compliant manner.
 License:        Apache-2.0
 URL:            https://github.com/metallb/frr-k8s

hauler/_service

@@ -4,7 +4,7 @@
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="scm">git</param>
     <param name="exclude">.get</param>
-    <param name="revision">v1.0.7</param>
+    <param name="revision">v1.2.1</param>
     <param name="versionrewrite-pattern">v(.*)</param>
     <param name="changesgenerate">enable</param>
   </service>
@@ -15,4 +15,13 @@
   <service name="go_modules">
      <param name="compression">gz</param>
   </service>
+  <service mode="buildtime" name="replace_using_env">
+    <param name="file">hauler.spec</param>
+    <param name="var">SOURCE_COMMIT</param>
+    <param name="eval">
+      SOURCE_COMMIT=$(grep commit hauler.obsinfo | cut -d" " -f2)
+    </param>
+    <param name="verbose">1</param>
+  </service>
+  <service mode="buildtime" name="set_version" />
 </services>

hauler/hauler.spec

@@ -18,7 +18,7 @@
 %define project github.com/hauler-dev/hauler
 
 Name:           hauler
-Version:        1.0.7
+Version:        1.2.1
 Release:        0
 Summary:        Airgap Swiss Army Knife
 License:        Apache-2.0
@@ -26,7 +26,6 @@ URL:            https://github.com/hauler-dev/hauler
 Source:         hauler-%{version}.tar
 Source1:        vendor.tar.gz
 BuildRequires:  golang-packaging
-BuildRequires:  cosign
 
 %description
 
@@ -38,10 +37,18 @@ BuildRequires:  cosign
 
 tar -xf %{SOURCE1}
 
-mkdir cmd/hauler/binaries
+MODULE=hauler.dev/go/hauler
-cp `which cosign` cmd/hauler/binaries/cosign-linux-%{go_arch}
+%define buildtime %(date +%%Y-%%m-%%dT%%H:%%M:%%S%%z)
+%define buildcommit %%SOURCE_COMMIT%%
 
-go build -mod=vendor -buildmode=pie -o hauler ./cmd/hauler
+
+go build \
+-mod=vendor \
+-buildmode=pie \
+-o hauler \
+-ldflags \
+"-X $MODULE/internal/version.gitVersion=v%{version} -X $MODULE/internal/version.gitCommit=%{buildcommit} -X $MODULE/internal/version.buildDate=%{buildtime}" \
+./cmd/hauler
 
 %install
 

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
 #!BuildVersion: 15.6
 
 ARG SLE_VERSION
@@ -8,14 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 
-#!ArchExclusiveLine: x86_64
+RUN zypper -n in --no-recommends shim-x86_64 shim-aarch64 grub2-x86_64-efi grub2-arm64-efi dosfstools mtools
-RUN if [ "$(uname -m)" = "x86_64" ];then \
+
-      zypper -n  in --no-recommends gcc git make xz-devel shim dosfstools mtools glibc-extra grub2-x86_64-efi grub2; zypper -n clean; rm -rf /var/log/*; \
-    fi
-#!ArchExclusiveLine: aarch64
-RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper -n rm kubic-locale-archive-2.31-10.36.noarch openssl-1_1-1.1.1l-150500.17.37.1.aarch64; zypper -n in --no-recommends gcc git make xz-devel openssl-3 mokutil shim dosfstools mtools glibc glibc-extra grub2 grub2-arm64-efi; zypper -n clean; rm -rf /var/log/* ;\
-    fi
 WORKDIR /tmp
 COPY prepare-efi.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/prepare-efi.sh
@@ -46,8 +40,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="26.1.2.3"
+LABEL org.opencontainers.image.version="26.1.2.4"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.3-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -88,7 +82,8 @@ RUN if [ "$(uname -m)" = "aarch64" ]; then\
      cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
     fi
     
-COPY --from=base /tmp/esp.img /tmp/uefi_esp.img
+COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
+COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
 
 COPY ironic.conf.j2 /etc/ironic/
 COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/

ironic-image/configure-ironic.sh

@@ -68,7 +68,7 @@ if [[ -n "$IRONIC_EXTERNAL_IP" ]]; then
     fi
 fi
 
-IMAGE_CACHE_PREFIX=/shared/html/images/ironic-python-agent
+IMAGE_CACHE_PREFIX="/shared/html/images/ironic-python-agent-${DEPLOY_ARCHITECTURE}"
 if [[ -f "${IMAGE_CACHE_PREFIX}.kernel" ]] && [[ -f "${IMAGE_CACHE_PREFIX}.initramfs" ]]; then
     export IRONIC_DEFAULT_KERNEL="${IMAGE_CACHE_PREFIX}.kernel"
     export IRONIC_DEFAULT_RAMDISK="${IMAGE_CACHE_PREFIX}.initramfs"

ironic-image/inspector.ipxe.j2

@@ -5,6 +5,6 @@ echo In inspector.ipxe
 imgfree
 # NOTE(dtantsur): keep inspection kernel params in [mdns]params in
 # ironic-inspector-image and configuration in configure-ironic.sh
-kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
+kernel --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.kernel ipa-insecure=1 ipa-inspection-collectors={{ env.IRONIC_IPA_COLLECTORS }} systemd.journald.forward_to_console=yes BOOTIF=${mac} ipa-debug=1 ipa-enable-vlan-interfaces={{ env.IRONIC_ENABLE_VLAN_INTERFACES }} ipa-inspection-dhcp-all-interfaces=1 ipa-collect-lldp=1 {{ env.INSPECTOR_EXTRA_ARGS }} initrd=ironic-python-agent.initramfs {% if env.IRONIC_RAMDISK_SSH_KEY %}sshkey="{{ env.IRONIC_RAMDISK_SSH_KEY|trim }}"{% endif %} {{ env.IRONIC_KERNEL_PARAMS|trim }} || goto retry_boot
-initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent.initramfs || goto retry_boot
+initrd --timeout 60000 http://{{ env.IRONIC_URL_HOST }}:{{ env.HTTP_PORT }}/images/ironic-python-agent-${buildarch}.initramfs || goto retry_boot
 boot

ironic-image/ironic.conf.j2

@@ -83,7 +83,7 @@ send_sensor_data = {{ env.SEND_SENSOR_DATA }}
 # Power state is checked every 60 seconds and BMC activity should
 # be avoided more often than once every sixty seconds.
 send_sensor_data_interval = 160
-bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp.img
+bootloader = {{ env.IRONIC_BOOT_BASE_URL }}/uefi_esp-{{ env.DEPLOY_ARCHITECTURE }}.img
 verify_step_priority_override = management.clear_job_queue:90
 # We don't use this feature, and it creates an additional load on the database
 node_history = False

ironic-image/prepare-efi.sh

@@ -2,41 +2,26 @@
 
 set -euxo pipefail
 
-ARCH=$(uname -m)
+declare -A efi_arch=(
-DEST=${2:-/tmp/esp.img}
+  ["x86_64"]="X64"
-OS=${1:-sles}
+  ["aarch64"]="AA64"
+  )
 
-if [ $ARCH = "aarch64" ]; then
+for arch in "${!efi_arch[@]}"; do
-  BOOTEFI=BOOTAA64.EFI
-  GRUBEFI=grubaa64.efi
-else
-  BOOTEFI=BOOTX64.efi
-  GRUBEFI=grubx64.efi
-fi
   
-dd bs=1024 count=6400 if=/dev/zero of=$DEST
+  DEST=/tmp/esp-${arch}.img
-mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
+
+  dd bs=1024 count=6400 if=/dev/zero of=$DEST
+  mkfs.msdos -F 12 -n 'ESP_IMAGE' $DEST
+
+  mmd -i $DEST EFI
+  mmd -i $DEST EFI/BOOT
+
+  mcopy -i $DEST -v /usr/share/efi/${arch}/shim.efi ::EFI/BOOT/BOOT${efi_arch[$arch]}.EFI
+  mcopy -i $DEST -v /usr/share/efi/${arch}/grub.efi ::EFI/BOOT/GRUB.EFI
+
+  mdir -i $DEST ::EFI/BOOT;
+done
 
-mkdir -p /boot/efi/EFI/BOOT
-mkdir -p /boot/efi/EFI/$OS
-if [ $ARCH = "aarch64" ]; then
-  cp -L /usr/share/efi/aarch64/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
-  cp -L /usr/share/efi/aarch64/grub.efi /boot/efi/EFI/BOOT/grub.efi
-  cp /usr/share/grub2/arm64-efi/grub.efi /boot/efi/EFI/$OS/grubaa64.efi
-else
-  cp -L /usr/lib64/efi/shim.efi /boot/efi/EFI/BOOT/$BOOTEFI
-  #cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/$GRUBEFI
-  cp /usr/share/grub2/x86_64-efi/grub.efi /boot/efi/EFI/$OS/grub.efi
-fi
 
-mmd -i $DEST EFI
-mmd -i $DEST EFI/BOOT
-mcopy -i $DEST -v /boot/efi/EFI/BOOT/$BOOTEFI ::EFI/BOOT
-if [ $ARCH = "aarch64" ]; then
-  mcopy -i $DEST -v /boot/efi/EFI/BOOT/grub.efi ::EFI/BOOT
-  mcopy -i $DEST -v /boot/efi/EFI/$OS/$GRUBEFI ::EFI/BOOT
-else
-  mcopy -i $DEST -v /boot/efi/EFI/$OS/grub.efi ::EFI/BOOT
-fi 
-mdir -i $DEST ::EFI/BOOT;
 

ironic-image/runhttpd

@@ -39,7 +39,7 @@ export INSPECTOR_EXTRA_ARGS
 
 # Copy files to shared mount
 render_j2_config /tmp/inspector.ipxe.j2 /shared/html/inspector.ipxe
-cp /tmp/uefi_esp.img /shared/html/uefi_esp.img
+cp /tmp/uefi_esp*.img /shared/html/
 
 # Render the core httpd config
 render_j2_config /etc/httpd/conf/httpd.conf.j2 /etc/httpd/conf/httpd.conf

ironic-ipa-downloader-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -8,15 +8,8 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
 RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
-#!ArchExclusiveLine: x86_64
+RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
-RUN if [ "$(uname -m)" = "x86_64" ];then \
+
-  zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
-  fi
-#!ArchExclusiveLine: aarch64
-RUN if [ "$(uname -m)" = "aarch64" ];then \
-  zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 python311-devel python311 python311-pip tar gawk git curl xz fakeroot shadow sed cpio; zypper -n clean; rm -rf /var/log/*; \
-  fi
-#RUN zypper --installroot /installroot --non-interactive install --no-recommends sles-release;
 RUN cp /usr/bin/getopt /installroot/
 
 FROM micro AS final
@@ -26,11 +19,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.1"
+LABEL org.opencontainers.image.version="3.0.3"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -41,8 +34,9 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd.xz /tmp
+RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
 RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
+RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/
 RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh

ironic-ipa-downloader-image/get-resource.sh

@@ -6,12 +6,33 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
 export https_proxy=${https_proxy:-$HTTPS_PROXY}
 export no_proxy=${no_proxy:-$NO_PROXY}
 
+if [ -d "/tmp/ironic-certificates" ]; then
+  sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
+  if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
+    CERTS_CHANGED=0
+  else
+    CERTS_CHANGED=1
+  fi
+fi
+
 # Which image should we use
 if [ -z "${IPA_BASEURI}" ]; then
-  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 package
+  if cmp "/shared/images.sha256" "/tmp/images.sha256"; then
+    if [ "${CERTS_CHANGED:-0}" = "0" ]; then
+      # everything is the same exit early
+      exit 0
+    fi
+  fi
+  IMAGE_CHANGED=1
+  # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
   mkdir -p /shared/html/images
-  cp /tmp/initrd.xz /shared/html/images/ironic-python-agent.initramfs
+  cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
-  cp /tmp/openstack-ironic-image*.kernel /shared/html/images/ironic-python-agent.kernel
+  cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
+  # Use arm64 as destination for iPXE compatibility
+  cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
+  cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
+
+  cp /tmp/images.sha256 /shared/images.sha256
 else
   FILENAME=ironic-python-agent
   FILENAME_EXT=.tar
@@ -25,47 +46,56 @@ else
   # If we have a CACHEURL and nothing has yet been downloaded
   # get header info from the cache
   ls -l
-  if [ -n "$CACHEURL" -a ! -e $FFILENAME.headers ] ; then
+  if [ -n "$CACHEURL" ] && [ ! -e $FFILENAME.headers ] ; then
       curl -g --verbose --fail -O "$CACHEURL/$FFILENAME.headers" || true
   fi
   
   # Download the most recent version of IPA
   if [ -e $FFILENAME.headers ] ; then
       ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\r")
-      cd $TMPDIR
+      cd "$TMPDIR"
-      curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
+      curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME" --header "If-None-Match: $ETAG" || cp /shared/html/images/$FFILENAME.headers .
       # curl didn't download anything because we have the ETag already
       # but we don't have it in the images directory
       # Its in the cache, go get it
       ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
-      if [ ! -s $FFILENAME -a ! -e /shared/html/images/$FILENAME-$ETAG/$FFILENAME ] ; then
+      if [ ! -s $FFILENAME ] && [ ! -e "/shared/html/images/$FILENAME-$ETAG/$FFILENAME" ] ; then
           mv /shared/html/images/$FFILENAME.headers .
           curl -g --verbose -O "$CACHEURL/$FILENAME-$ETAG/$FFILENAME"
       fi
   else
-      cd $TMPDIR
+      cd "$TMPDIR"
-      curl -g --verbose --dump-header $FFILENAME.headers -O $IPA_BASEURI/$FFILENAME
+      curl -g --verbose --dump-header $FFILENAME.headers -O "$IPA_BASEURI/$FFILENAME"
   fi
   
   if [ -s $FFILENAME ] ; then
       tar -xf $FFILENAME
-  
+      xz -d -c -k --fast $FILENAME.initramfs | zstd -c > $FILENAME.initramfs.zstd
+      mv $FILENAME.initramfs.zstd $FILENAME.initramfs
+      ARCH=$(file -b ${FILENAME}.kernel | cut -d ' ' -f 3)
+      if [ "$ARCH" = "x86" ]; then
+        ARCH="x86_64"
+      fi
       ETAG=$(awk '/ETag:/ {print $2}' $FFILENAME.headers | tr -d "\"\r")
       cd -
-      chmod 755 $TMPDIR
+      chmod 755 "$TMPDIR"
-      mv $TMPDIR $FILENAME-$ETAG
+      mv "$TMPDIR" "$FILENAME-$ETAG"
-      ln -sf $FILENAME-$ETAG/$FFILENAME.headers $FFILENAME.headers
+      ln -sf "$FILENAME-$ETAG/$FFILENAME.headers" "$FFILENAME.headers"
-      ln -sf $FILENAME-$ETAG/$FILENAME.initramfs $FILENAME.initramfs
+      ln -sf "$FILENAME-$ETAG/$FILENAME.initramfs" "$FILENAME-${ARCH,,}.initramfs"
-      ln -sf $FILENAME-$ETAG/$FILENAME.kernel $FILENAME.kernel
+      ln -sf "$FILENAME-$ETAG/$FILENAME.kernel" "$FILENAME-${ARCH,,}.kernel"
+      
+      IMAGE_CHANGED=1
   else
-      rm -rf $TMPDIR
+      rm -rf "$TMPDIR"
   fi
 fi
 
-if [ -d "/tmp/ironic-certificates" ]; then
+if [ "${CERTS_CHANGED:-0}" = "1" ] || [ "${IMAGE_CHANGED:-0}" = "1" ]; then
   mkdir -p /tmp/ca/tmp-initrd && cd /tmp/ca/tmp-initrd
-  xz -d -c -k --fast /shared/html/images/ironic-python-agent.initramfs | fakeroot -s ../initrd.fakeroot cpio -i
   mkdir -p etc/ironic-python-agent.d/ca-certs
   cp /tmp/ironic-certificates/* etc/ironic-python-agent.d/ca-certs/
-  find . | fakeroot -i ../initrd.fakeroot cpio -o -H newc | xz --check=crc32 --x86 --lzma2 --fast > /shared/html/images/ironic-python-agent.initramfs
+  for initramfs in /shared/html/images/ironic-python-agent-*.initramfs; do
+    find . | cpio -o -H newc --reproducible | zstd -c >> "${initramfs}"
+  done
+  cp /tmp/certificates.sha256 /shared/certificates.sha256
 fi

ironic-ipa-ramdisk/ironic-ipa-ramdisk.kiwi

@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="utf-8"?>
-<image schemaversion="7.4" name="openstack-ironic-image-301">
+<image schemaversion="7.4" name="openstack-ironic-image">
     <description type="system">
         <author>Cloud developers</author>
         <contact>cloud-devel@suse.de</contact>

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -19,7 +19,7 @@
 
 
 Name:           ironic-ipa-ramdisk
-Version:        3.0.1
+Version:        3.0.3
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA
@@ -148,10 +148,8 @@ TDIR=`mktemp -d /tmp/openstack-ironic-image.XXXXX`
 cd /tmp/openstack-ironic-image/img/build/image-root 
 find . | cpio --create --format=newc --quiet > $TDIR/initrdtmp
 cd $TDIR
-gzip -9 -f initrdtmp
+zstd initrdtmp -o initrd-%{_arch}.zst
-INITRDGZ=`ls *.gz | head -1`
+INITRD=`ls *.zst | head -1`
-gzip -cd $INITRDGZ | xz --check=crc32 -c9 > initrd.xz
-INITRD=`ls *.xz | head -1`
 
 ls /tmp/openstack-ironic-image/img/openstack-ironic-image*
 KERNEL=`ls /tmp/openstack-ironic-image/img/openstack-ironic-image*default*kernel | head -1`

kiwi-builder-image/Dockerfile

@@ -1,20 +1,18 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.1.16.1-%RELEASE%
-
+FROM registry.suse.com/bci/kiwi:10.1.16
-ARG KIWIVERSION="10.2.12"
+MAINTAINER SUSE LLC (https://www.suse.com/)
-FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
-ARG KIWIVERSION
 
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 # labelprefix=com.suse.application.akri
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
 LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%kiwi_version%%"
+LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.1-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:10.1.16.1"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -23,8 +21,8 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
-# help the build service understand the need for python3-kiwi
+# Configure Kiwi to use kpartx
-RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
+RUN echo -e "mapper:\n  - part_mapper: kpartx" > /etc/kiwi.yml
 
 # Copy build script into image and make it executable
 ADD build-image.sh /usr/bin/build-image

kiwi-builder-image/README

@@ -2,13 +2,13 @@
 Kiwi SDK Image Instructions
 ###########################
 
-Please ensure that you're running this on a registered SLE Micro 6.0 system, and make sure that SELinux is disabled:
+Please ensure that you're running this on a registered SUSE Linux Micro 6.1 system, and make sure that SELinux is disabled:
 
 # setenforce 0
 
 Next, download the podman image:
 
-# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1
+# podman pull %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1
 
 Make a local output directory (where the images will reside):
 
@@ -16,40 +16,40 @@ Make a local output directory (where the images will reside):
 
 Then, to build a standard "Base" image, run the following in podman:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
 
 To build a "Base" SelfInstall ISO, you can add additional flags, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-SelfInstall
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-SelfInstall
 
 Then, to build a standard "Default" image, run the following in podman:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default
 
 To build a "Default" SelfInstall ISO, you can add additional flags, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall
 
 To build an image with a RealTime kernel, e.g. a RAW disk image ("Default"), use the following:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Base-RT
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Base-RT
 
 To build an image that supports a large block/sectorsize (4096), use the "-b" flag, for example:
 
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image -p Default-SelfInstall -b
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image -p Default-SelfInstall -b
 
 # mkdir mydefs/
 # cp /path/to/SL-Micro.kiwi mydefs/
 # cp /path/to/config.sh mydefs/
-# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:%%kiwi_version%%.1 build-image
+# podman run --privileged -v /etc/zypp/repos.d:/micro-sdk/repos/ -v ./output:/tmp/output -v ./mydefs/:/micro-sdk/defs/ -it %%IMG_REPO%%/%%IMG_PREFIXkiwi-builder:10.1.16.1 build-image
 
 All output will be in the local $(pwd)/output directory, for example:
 
 # ls -1 output/
-SL-Micro.x86_64-6.0.changes
+SLE-Micro.x86_64-6.1.changes
-SL-Micro.x86_64-6.0.packages
+SLE-Micro.x86_64-6.1.packages
-SL-Micro.x86_64-6.0.raw
+SLE-Micro.x86_64-6.1.raw
-SL-Micro.x86_64-6.0.verified
+SLE-Micro.x86_64-6.1.verified
 build
 kiwi.result
 kiwi.result.json

kiwi-builder-image/SL-Micro.kiwi

@@ -33,6 +33,12 @@
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -63,6 +69,21 @@
         <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -140,6 +161,15 @@
             <requires profile="x86-rt-self_install"/>
             <requires profile="self_install"/>
         </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
         <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
             <requires profile="full"/>
             <requires profile="s390-kvm"/>
@@ -164,6 +194,14 @@
             <requires profile="container-host"/>
             <requires profile="s390-fba"/>
         </profile>
+        <profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fcp"/>
+        </profile>
+        <profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fcp"/>
+        </profile>
         <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
             <requires profile="full"/>
             <requires profile="x86-legacy"/>
@@ -184,10 +222,47 @@
 	    <requires profile="container-host"/>
 	    <requires profile="aarch64-qcow"/>
         </profile>
+
+	<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -198,7 +273,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -211,7 +286,7 @@
 	    luks_pbkdf="pbkdf2"
         >
             <luksformat>
-                <option name="--cipher" value="aes"/>
+                <option name="--cipher" value="aes-xts-plain64"/>
             </luksformat>
             <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
             <systemdisk>
@@ -230,7 +305,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -241,7 +316,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -266,7 +341,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -276,11 +351,12 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -304,8 +380,8 @@
         </type>
     </preferences>
 
-    <preferences profiles="rpi">
+    <preferences profiles="rpi,aarch64-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -320,7 +396,7 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
@@ -344,8 +420,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -355,12 +431,13 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
             efipartsize="128"
-	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -385,22 +462,22 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
         <rpm-excludedocs>true</rpm-excludedocs>
         <locale>en_US</locale>
-
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
         <type
             image="oem"
             filesystem="btrfs"
             bootpartition="true"
             bootpartsize="300"
-            bootfilesystem="ext2"
+            bootfilesystem="ext4"
         initrd_system="dracut"
         format="qcow2"
-            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
         devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
@@ -423,7 +500,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -434,9 +511,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           target_blocksize="4096"
           btrfs_root_is_snapshot="true"
@@ -461,7 +538,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -472,9 +549,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           btrfs_root_is_snapshot="true"
           btrfs_root_is_readonly_snapshot="true"
@@ -495,9 +572,47 @@
         </type>
     </preferences>
 
+    <preferences profiles="s390-fcp">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          installpxe="true"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext4"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <oemconfig>
+                <oem-multipath-scan>true</oem-multipath-scan>
+            </oemconfig>
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -532,7 +647,7 @@
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -543,7 +658,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -569,7 +684,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -581,7 +696,7 @@
             filesystem="btrfs"
             firmware="uefi"
             efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -592,7 +707,7 @@
             <systemdisk>
                 <volume name="home"/>
                 <volume name="root"/>
- 		<volume name="opt"/>
+                <volume name="opt"/>
                 <volume name="srv"/>
                 <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                 <volume name="boot/writable"/>
@@ -603,6 +718,161 @@
         </type>
     </preferences>
 
+    <preferences profiles="ppc64le-512ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="ppc64le-512ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+
    <repository type="rpm-md" >
         <source path='obsrepositories:/'/>
     </repository>
@@ -628,7 +898,6 @@
         <package name="firewalld"/>
         <package name="wpa_supplicant" arch="x86_64,aarch64"/>
 	<package name="libpwquality-tools"/>
-        <!-- <package name="k3s-install"/> -->
     </packages>
 
     <packages type="image" profiles="x86-encrypted,x86-rt-encrypted">
@@ -648,8 +917,6 @@
         <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
-        <namedCollection name="cockpit"/>
-        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
         <package name="suseconnect-ng"/>
@@ -713,7 +980,8 @@
         <package name="grub2-x86_64-efi" arch="x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
         <package name="grub2-s390x-emu" arch="s390x"/>
-        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
         <package name="grub2-snapper-plugin"/>
         <package name="shim" arch="x86_64,aarch64"/>
 	<package name="mokutil" arch="x86_64,aarch64"/>
@@ -721,46 +989,44 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
         <package name="kernel-rt"/>
-	<package name="kernel-firmware-all"/>
+        <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
-	<package name="cpuset"/> -->
+        <package name="cpuset"/> -->
     </packages>
-    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
-    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="dracut-kiwi-oem-dump"/>
-        <package name="kernel-default-extra"/>
-    </packages> -->
-    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="blog"/>
     </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+    <!-- FCP is usually used multipathed. -->
+    <packages type="image" profiles="s390-fcp">
+        <package name="multipath-tools"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
-        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
         <package name="wireless-regdb"/>
         <package name="wireless-tools"/>
         <package name="wpa_supplicant"/>
         <package name="grub2-arm64-efi"/>
-        <!-- kernel-default-base does not have all required drivers -->
-        <package name="kernel-default"/>
     </packages>
     <packages type="bootstrap">
-        <package name="coreutils"/>
         <package name="filesystem"/>
+        <package name="coreutils"/>
         <package name="ca-certificates"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
@@ -774,4 +1040,14 @@
     <packages type="image" profiles="x86-qcow,aarch64-qcow">
         <package name="qemu-guest-agent"/>
     </packages>
+
+    <!-- jsc#PED-8599 -->
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
+        <package name="usbguard"/>
+    </packages>
+
+    <!-- jsc#PED-8788 -->
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
+        <package name="stalld"/>
+    </packages>
 </image>

kiwi-builder-image/SL-Micro.kiwi.4096

@@ -33,6 +33,12 @@
         <profile name="aarch64-self_install" description="Raw disk for aarch64" arch="aarch64">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="aarch64-rt" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="aarch64-rt-self_install" description="Raw disk for aarch64 with RT kernel" arch="aarch64">
+            <requires profile="bootloader"/>
+        </profile>
         <profile name="x86-legacy" description="Raw disk for x86_64 - legacy boot" arch="x86_64">
             <requires profile="bootloader"/>
         </profile>
@@ -63,6 +69,21 @@
         <profile name="s390-fba" description="Raw disk for s390 - DASD" arch="s390x">
             <requires profile="bootloader"/>
         </profile>
+        <profile name="s390-fcp" description="Raw disk for s390 - SCSI" arch="s390x">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-512ss-self_install" description="Raw disk for PPc64 - 512 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
+        <profile name="ppc64le-4096ss-self_install" description="Raw disk for PPc64 - 4096 sector size" arch="ppc64le">
+            <requires profile="bootloader"/>
+        </profile>
         <!-- Images (flavor + platform) -->
         <profile name="Default" description="SL Micro with Podman and KVM as raw image with uEFI boot" arch="x86_64">
             <requires profile="full"/>
@@ -140,6 +161,15 @@
             <requires profile="x86-rt-self_install"/>
             <requires profile="self_install"/>
         </profile>
+        <profile name="Base-RT" description="SL Micro with Podman as raw image with uEFI boot" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt"/>
+        </profile>
+        <profile name="Base-RT-SelfInstall" description="SL Micro with Podman as raw image with uEFI boot - SelfInstall" arch="aarch64">
+            <requires profile="container-host"/>
+            <requires profile="aarch64-rt-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
         <profile name="Default-qcow" description="SL Micro with Podman and KVM as raw image for KVM on System z" arch="s390x">
             <requires profile="full"/>
             <requires profile="s390-kvm"/>
@@ -164,6 +194,14 @@
             <requires profile="container-host"/>
             <requires profile="s390-fba"/>
         </profile>
+        <profile name="Default-fcp" description="SL Micro with Podman and KVM as raw image for zFCP on System z" arch="s390x">
+            <requires profile="full"/>
+            <requires profile="s390-fcp"/>
+        </profile>
+        <profile name="Base-fcp" description="SL Micro with Podman as raw image for zFCP on System z" arch="s390x">
+            <requires profile="container-host"/>
+            <requires profile="s390-fcp"/>
+        </profile>
         <profile name="Default-legacy" description="SL Micro with Podman as raw image with legacy boot" arch="x86_64">
             <requires profile="full"/>
             <requires profile="x86-legacy"/>
@@ -184,10 +222,47 @@
 	    <requires profile="container-host"/>
 	    <requires profile="aarch64-qcow"/>
         </profile>
+
+	<profile name="Base-512" description="SL Micro with Podman as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Base-4096" description="SL Micro with Podman as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Base-512-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Base-4096-SelfInstall" description="SL Micro with Podman as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="container-host"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-512" description="SL Micro with Podman and KVM as raw image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss"/>
+        </profile>
+	<profile name="Default-4096" description="SL Micro with Podman and KVM as raw image for ppc64le with 4096b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss"/>
+        </profile>
+	<profile name="Default-512-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-512ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
+	<profile name="Default-4096-SelfInstall" description="SL Micro with Podman and KVM as self-install image for ppc64le with 512b sector size" arch="ppc64le">
+            <requires profile="full"/>
+            <requires profile="ppc64le-4096ss-self_install"/>
+            <requires profile="self_install"/>
+        </profile>
     </profiles>
 
     <preferences profiles="x86-encrypted,x86-rt-encrypted">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -198,7 +273,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -213,7 +288,7 @@
             efipartsize="200"
         >
             <luksformat>
-                <option name="--cipher" value="aes"/>
+                <option name="--cipher" value="aes-xts-plain64"/>
             </luksformat>
             <bootloader name="grub2" console="gfxterm" use_disk_password="true" />
             <systemdisk>
@@ -232,7 +307,7 @@
         </type>
     </preferences>
     <preferences profiles="x86,x86-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -243,7 +318,7 @@
             initrd_system="dracut"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -270,7 +345,7 @@
     </preferences>
 
     <preferences profiles="x86-self_install,x86-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -280,11 +355,12 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -310,8 +386,8 @@
         </type>
     </preferences>
 
-    <preferences profiles="rpi">
+    <preferences profiles="rpi,aarch64-rt">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -326,7 +402,7 @@
             install_continue_on_timeout="false"
             fsmountoptions="noatime"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200n8 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
@@ -350,8 +426,8 @@
             </systemdisk>
         </type>
     </preferences>
-    <preferences profiles="aarch64-self_install">
+    <preferences profiles="aarch64-self_install,aarch64-rt-self_install">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -361,12 +437,13 @@
             image="oem"
             initrd_system="dracut"
             installiso="true"
+            installpxe="true"
             filesystem="btrfs"
             installboot="install"
             install_continue_on_timeout="false"
             firmware="uefi"
             efipartsize="128"
-	    kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -391,22 +468,22 @@
     </preferences>
 
     <preferences profiles="s390-kvm">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
         <rpm-excludedocs>true</rpm-excludedocs>
         <locale>en_US</locale>
-
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
         <type
             image="oem"
             filesystem="btrfs"
             bootpartition="true"
             bootpartsize="300"
-            bootfilesystem="ext2"
+            bootfilesystem="ext4"
         initrd_system="dracut"
         format="qcow2"
-            kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+            kernelcmdline="security=selinux selinux=1 quiet systemd.show_status=1 ignition.platform.id=metal"
         devicepersistency="by-uuid"
             btrfs_root_is_snapshot="true"
             btrfs_root_is_readonly_snapshot="true"
@@ -429,7 +506,7 @@
 
 
     <preferences profiles="s390-dasd">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -440,9 +517,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           target_blocksize="4096"
           btrfs_root_is_snapshot="true"
@@ -467,7 +544,7 @@
 
 
     <preferences profiles="s390-fba">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -478,9 +555,9 @@
           filesystem="btrfs"
           bootpartition="true"
           bootpartsize="300"
-          bootfilesystem="ext2"
+          bootfilesystem="ext4"
           initrd_system="dracut"
-          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
           devicepersistency="by-uuid"
           btrfs_root_is_snapshot="true"
           btrfs_root_is_readonly_snapshot="true"
@@ -501,9 +578,47 @@
         </type>
     </preferences>
 
+    <preferences profiles="s390-fcp">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <type
+          image="oem"
+          filesystem="btrfs"
+          installpxe="true"
+          bootpartition="true"
+          bootpartsize="300"
+          bootfilesystem="ext4"
+          initrd_system="dracut"
+          kernelcmdline="hvc_iucv=8 TERM=dumb security=selinux selinux=1 quiet systemd.show_status=1"
+          devicepersistency="by-uuid"
+          btrfs_root_is_snapshot="true"
+          btrfs_root_is_readonly_snapshot="true"
+          btrfs_quota_groups="true"
+        >
+            <oemconfig>
+                <oem-multipath-scan>true</oem-multipath-scan>
+            </oemconfig>
+            <bootloader name="grub2_s390x_emu" console="serial" timeout="3" targettype="SCSI"/>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/s390x-emu" mountpoint="boot/grub2/s390x-emu"/>
+                <volume name="boot/writable"/>
+                <volume name="usr/local"/>
+                <volume name="var" copy_on_write="false"/>
+            </systemdisk>
+            <size unit="G">5</size>
+        </type>
+    </preferences>
 
     <preferences profiles="x86-vmware">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -538,7 +653,7 @@
         </type>
     </preferences>
     <preferences profiles="x86-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -549,7 +664,7 @@
             format="qcow2"
             filesystem="btrfs"
             firmware="uefi"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -577,7 +692,7 @@
     </preferences>
 
     <preferences profiles="aarch64-qcow">
-        <version>6.0</version>
+        <version>6.1</version>
         <packagemanager>zypper</packagemanager>
         <bootsplash-theme>SLE</bootsplash-theme>
         <bootloader-theme>SLE</bootloader-theme>
@@ -589,7 +704,7 @@
             filesystem="btrfs"
             firmware="uefi"
             efipartsize="128"
-            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=qemu"
+            kernelcmdline="console=ttyS0,115200 console=tty0 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=qemu"
             bootpartition="false"
             bootkernel="custom"
             devicepersistency="by-uuid"
@@ -600,7 +715,7 @@
             <systemdisk>
                 <volume name="home"/>
                 <volume name="root"/>
- 		<volume name="opt"/>
+                <volume name="opt"/>
                 <volume name="srv"/>
                 <volume name="boot/grub2/arm64-efi" mountpoint="boot/grub2/arm64-efi"/>
                 <volume name="boot/writable"/>
@@ -611,6 +726,161 @@
         </type>
     </preferences>
 
+    <preferences profiles="ppc64le-512ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+    <preferences profiles="ppc64le-512ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+    <preferences profiles="ppc64le-4096ss-self_install">
+        <version>6.1</version>
+        <packagemanager>zypper</packagemanager>
+        <bootsplash-theme>SLE</bootsplash-theme>
+        <bootloader-theme>SLE</bootloader-theme>
+        <rpm-excludedocs>true</rpm-excludedocs>
+        <locale>en_US</locale>
+        <!-- TODO: supposedly this is needed as type attribute, but kiwi needs patching
+             disk_start_sector="256" -->
+        <!-- Use ignition.platform.id=metal to avoid bsc#1227689 -->
+        <type
+            image="oem"
+            installiso="true"
+            installpxe="true"
+            target_blocksize="4096"
+            filesystem="btrfs"
+            firmware="ofw"
+            kernelcmdline="console=hvc0,115200 security=selinux selinux=1 quiet systemd.show_status=1 net.ifnames=0 ignition.platform.id=metal"
+            bootpartition="false"
+            bootkernel="custom"
+            devicepersistency="by-uuid"
+            btrfs_root_is_snapshot="true"
+            btrfs_root_is_readonly_snapshot="true"
+            btrfs_quota_groups="true"
+        >
+            <installmedia>
+                <initrd action="omit">
+                    <dracut module="drm"/>
+                </initrd>
+            </installmedia>
+            <systemdisk>
+                <volume name="home"/>
+                <volume name="root"/>
+		<!-- on tmpfs jsc#SMO-2                <volume name="tmp"/> -->
+                <volume name="opt"/>
+                <volume name="srv"/>
+                <volume name="boot/grub2/powerpc-ieee1275"/>
+                <volume name="boot/writable"/>
+		<volume name="usr/local"/>
+		<volume name="var" copy_on_write="false"/>
+            </systemdisk>
+        </type>
+    </preferences>
+
+
    <repository type="rpm-md" >
         <source path='obsrepositories:/'/>
     </repository>
@@ -655,8 +925,6 @@
         <package name="patterns-base-transactional"/>
         <namedCollection name="container_runtime_podman"/>
         <package name="patterns-container-runtime_podman"/>
-        <namedCollection name="cockpit"/>
-        <package name="patterns-base-cockpit"/>
         <namedCollection name="selinux"/>
         <package name="patterns-base-selinux"/>
         <package name="suseconnect-ng"/>
@@ -720,7 +988,8 @@
         <package name="grub2-x86_64-efi" arch="x86_64"/>
         <package name="grub2-arm64-efi" arch="aarch64"/>
         <package name="grub2-s390x-emu" arch="s390x"/>
-        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64"/>
+        <package name="grub2-powerpc-ieee1275" arch="ppc64le"/>
+        <package name="grub2-branding-SLE" bootinclude="true" arch="x86_64,aarch64,ppc64le"/>
         <package name="grub2-snapper-plugin"/>
         <package name="shim" arch="x86_64,aarch64"/>
 	<package name="mokutil" arch="x86_64,aarch64"/>
@@ -728,46 +997,44 @@
 	    <package name="kpartx" arch="s390x"/>--> <!-- previous releases picked it always, now kiwi picks partx instead -->
     </packages>
     <!-- rpi kernel-default-base does not provide all necessary drivers -->
-    <packages type="image" profiles="x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba">
+    <packages type="image" profiles="rpi,aarch64-self_install,x86,x86-encrypted,x86-legacy,x86-self_install,x86-vmware,x86-qcow,aarch64-qcow,s390-kvm,s390-dasd,s390-fba,s390-fcp,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="kernel-default"/>
         <package name="kernel-firmware-all"/>
     </packages>
-    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted">
+    <packages type="image" profiles="x86-rt,x86-rt-self_install,x86-rt-encrypted,aarch64-rt,aarch64-rt-self_install">
         <package name="kernel-rt"/>
-	<package name="kernel-firmware-all"/>
+        <package name="kernel-firmware-all"/>
 	<!-- FIXME intentionally removed from ALP code stream
-	<package name="cpuset"/> -->
+        <package name="cpuset"/> -->
     </packages>
-    <!-- makes the image build, but also include kernel-default
+    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba,s390-fcp">
-    <packages type="image" profiles="x86-rt-encrypted">
+        <package name="dracut-kiwi-oem-dump"/>
-        <package name="kernel-default-extra"/>
-    </packages> -->
-    <packages type="image" profiles="s390-kvm,s390-dasd,s390-fba">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="blog"/>
     </packages>
-    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install">
+    <!-- FCP is usually used multipathed. -->
+    <packages type="image" profiles="s390-fcp">
+        <package name="multipath-tools"/>
+    </packages>
+    <packages type="image" profiles="x86,x86-encrypted,x86-rt-encrypted,x86-self_install,x86-legacy,x86-vmware,x86-rt,x86-rt-self_install,x86-qcow,aarch64-qcow,rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install,ppc64le-512ss,ppc64le-4096ss,ppc64le-512ss-self_install,ppc64le-4096ss-self_install">
         <package name="dracut-kiwi-oem-repart"/>
         <package name="dracut-kiwi-oem-dump"/>
     </packages>
-    <packages type="image" profiles="rpi,aarch64-self_install">
+    <packages type="image" profiles="rpi,aarch64-self_install,aarch64-rt,aarch64-rt-self_install">
         <package name="raspberrypi-firmware" arch="aarch64"/>
         <package name="raspberrypi-firmware-config" arch="aarch64"/>
         <package name="raspberrypi-firmware-dt" arch="aarch64"/>
         <package name="u-boot-rpiarm64" arch="aarch64"/>
         <package name="dracut-kiwi-oem-repart"/>
         <package name="bcm43xx-firmware"/>
-        <package name="kernel-firmware-all"/><!-- Fix choice between kernel-firmware and kernel-firmware-all -->
         <package name="wireless-regdb"/>
         <package name="wireless-tools"/>
         <package name="wpa_supplicant"/>
         <package name="grub2-arm64-efi"/>
-        <!-- kernel-default-base does not have all required drivers -->
-        <package name="kernel-default"/>
     </packages>
     <packages type="bootstrap">
-        <package name="coreutils"/>
         <package name="filesystem"/>
+        <package name="coreutils"/>
         <package name="ca-certificates"/>
         <package name="ca-certificates-mozilla"/>
     </packages>
@@ -781,4 +1048,14 @@
     <packages type="image" profiles="x86-qcow,aarch64-qcow">
         <package name="qemu-guest-agent"/>
     </packages>
+
+    <!-- jsc#PED-8599 -->
+    <packages type="image" profiles="Base,Base-encrypted,Base-RT,Base-RT-encrypted,Base-fba,Base-dasd,Base-fcp,Base-512,Base-4096,Default,Default-encrypted,Default-fba,Default-dasd,Default-fcp,Default-512,Default-4096">
+        <package name="usbguard"/>
+    </packages>
+
+    <!-- jsc#PED-8788 -->
+    <packages type="image" profiles="Base-RT,Base-RT-encrypted,x86-rt-encrypted,x86-rt,x86-rt-self_install,aarch64-rt,aarch64-rt-self_install">
+        <package name="stalld"/>
+    </packages>
 </image>

kiwi-builder-image/_service

@@ -16,14 +16,4 @@
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
     <param name="var">SUPPORT_LEVEL</param>
   </service>
-  <service mode="buildtime" name="replace_using_package_version">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%kiwi_version%%</param>
-    <param name="package">python3-kiwi</param>
-  </service>
-  <service mode="buildtime" name="replace_using_package_version">
-    <param name="file">README</param>
-    <param name="regex">%%kiwi_version%%</param>
-    <param name="package">python3-kiwi</param>
-  </service>
 </services>

kiwi-builder-image/build-image.sh

@@ -1,5 +1,5 @@
 #!/usr/bin/env bash
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -27,9 +27,9 @@ LARGEBLOCK=false
 # Print usage
 usage(){
   cat <<-EOF
-  ==============================
+  =====================================
-  SLE Micro 6.0 Kiwi SDK Builder
+  SUSE Linux Micro 6.1 Kiwi SDK Builder
-  ==============================
+  =====================================
 
   Usage: ${0} [-p <profile>] [-b]
 

kiwi-builder-image/config.sh

@@ -35,14 +35,6 @@ mkdir /var/lib/misc/reconfig_system
 #--------------------------------------
 echo "Configure image: [$kiwi_iname]-[$kiwi_profiles]..."
 
-#======================================
-# This is a workaround - someone,
-# somewhere needs to load the xts crypto
-# module, otherwise luksOpen will fail while
-# creating the image.
-#--------------------------------------
-modprobe xts || true
-
 #======================================
 # add missing fonts
 #--------------------------------------
@@ -139,9 +131,6 @@ for i in /usr/lib/rpm/gnupg/keys/gpg-pubkey*asc; do
     rpm --import $i || true
 done
 
-# Temporary workaround for bsc#1212187
-echo "techpreview.ZYPP_MEDIANETWORK=1" >> /etc/zypp/zypp.conf
-
 #======================================
 # Enable kubelet if installed
 #--------------------------------------
@@ -170,8 +159,18 @@ if [ "${kiwi_btrfs_root_is_snapshot-false}" = 'true' ]; then
 	sed -i'' 's/^NUMBER_LIMIT_IMPORTANT=.*$/NUMBER_LIMIT_IMPORTANT="4-10"/g' /etc/snapper/configs/root
 fi
 
-# Enable jeos-firstboot if installed, disabled by combustion/ignition
+# Enable multipathd for MP images
-if rpm -q --whatprovides jeos-firstboot >/dev/null; then
+if [ "${kiwi_oemmultipath_scan-false}" = 'true' ]; then
+        systemctl enable multipathd.service
+fi
+
+# On those s390 targets the console is not capable of running jeos-firstboot,
+# use systemd-firstboot as minimal alternative.
+if [[ "$kiwi_profiles" =~ s390-(dasd|fba|fcp) ]]; then
+	systemctl enable systemd-firstboot
+	# Enable prompting for the root password
+	echo 'root:!unprovisioned' | chpasswd -e
+elif rpm -q --whatprovides jeos-firstboot >/dev/null; then
         mkdir -p /var/lib/YaST2
         touch /var/lib/YaST2/reconfig_system
         systemctl enable jeos-firstboot.service
@@ -281,7 +280,7 @@ if [[ "$kiwi_profiles" == *"RaspberryPi"* ]]; then
 		options smsc95xx turbo_mode=N
 	EOF
 
-	cat > /usr/lib/sysctl.d/50-rpi3.conf <<-EOF
+	cat > /etc/sysctl.d/50-rpi3.conf <<-EOF
 		# Avoid running out of DMA pages for smsc95xx (bsc#1012449)
 		vm.min_free_kbytes = 2048
 	EOF

kubevirt-chart/Chart.yaml

@@ -1,9 +1,9 @@
-#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.4.0
+#!BuildTag: %%IMG_PREFIX%%kubevirt-chart:%%CHART_MAJOR%%.0.0_up0.5.0
 apiVersion: v2
-appVersion: 1.3.1
+appVersion: 1.4.0
 description: A Helm chart for KubeVirt
 icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
 name: kubevirt
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.4.0"
+version: "%%CHART_MAJOR%%.0.0+up0.5.0"

kubevirt-chart/crds/kubevirt.yaml

@@ -231,6 +231,17 @@ spec:
                           type: object
                       type: object
                       x-kubernetes-map-type: atomic
+                    commonInstancetypesDeployment:
+                      description: CommonInstancetypesDeployment controls the deployment
+                        of common-instancetypes resources
+                      nullable: true
+                      properties:
+                        enabled:
+                          description: Enabled controls the deployment of common-instancetypes
+                            resources, defaults to True.
+                          nullable: true
+                          type: boolean
+                      type: object
                     controllerConfiguration:
                       description: |-
                         ReloadableComponentConfiguration holds all generic k8s configuration options which can
@@ -412,6 +423,23 @@ spec:
                       description: PullPolicy describes a policy for if/when to pull
                         a container image
                       type: string
+                    instancetype:
+                      description: Instancetype configuration
+                      nullable: true
+                      properties:
+                        referencePolicy:
+                          description: |-
+                            ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:
+                            reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.
+                            expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.
+                            expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.
+                          enum:
+                            - reference
+                            - expand
+                            - expandAll
+                          nullable: true
+                          type: string
+                      type: object
                     ksmConfiguration:
                       description: KSMConfiguration holds the information regarding
                         the enabling the KSM in the nodes (if available).
@@ -470,8 +498,9 @@ spec:
                         features
                       properties:
                         maxCpuSockets:
-                          description: MaxCpuSockets holds the maximum amount of sockets
+                          description: |-
-                            that can be hotplugged
+                            MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.
+                            For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.
                           format: int32
                           type: integer
                         maxGuest:
@@ -577,7 +606,7 @@ spec:
                           description: |-
                             CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
                             If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
-                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
+                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
                           format: int64
                           type: integer
                         disableTLS:
@@ -640,34 +669,6 @@ spec:
                                   ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
                                   version: v1alphav1
                                 properties:
-                                  claims:
-                                    description: |-
-                                      Claims lists the names of resources, defined in spec.resourceClaims,
-                                      that are used by this container.
-                                      
-                                      
-                                      This is an alpha field and requires enabling the
-                                      DynamicResourceAllocation feature gate.
-                                      
-                                      
-                                      This field is immutable. It can only be set for containers.
-                                    items:
-                                      description: ResourceClaim references one entry
-                                        in PodSpec.ResourceClaims.
-                                      properties:
-                                        name:
-                                          description: |-
-                                            Name must match the name of one entry in pod.spec.resourceClaims of
-                                            the Pod where this field is used. It makes that resource available
-                                            inside a container.
-                                          type: string
-                                      required:
-                                        - name
-                                      type: object
-                                    type: array
-                                    x-kubernetes-list-map-keys:
-                                      - name
-                                    x-kubernetes-list-type: map
                                   limits:
                                     additionalProperties:
                                       anyOf:
@@ -696,7 +697,7 @@ spec:
                               domainAttachmentType:
                                 description: |-
                                   DomainAttachmentType is a standard domain network attachment method kubevirt supports.
-                                  Supported values: "tap".
+                                  Supported values: "tap", "managedTap" (since v1.4).
                                   The standard domain attachment can be used instead or in addition to the sidecarImage.
                                   version: 1alphav1
                                 type: string
@@ -874,37 +875,10 @@ spec:
                           usually idle and don't require a lot of memory or cpu.
                         properties:
                           resources:
-                            description: ResourceRequirements describes the compute
+                            description: |-
-                              resource requirements.
+                              ResourceRequirementsWithoutClaims describes the compute resource requirements.
+                              This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field.
                             properties:
-                              claims:
-                                description: |-
-                                  Claims lists the names of resources, defined in spec.resourceClaims,
-                                  that are used by this container.
-                                  
-                                  
-                                  This is an alpha field and requires enabling the
-                                  DynamicResourceAllocation feature gate.
-                                  
-                                  
-                                  This field is immutable. It can only be set for containers.
-                                items:
-                                  description: ResourceClaim references one entry in
-                                    PodSpec.ResourceClaims.
-                                  properties:
-                                    name:
-                                      description: |-
-                                        Name must match the name of one entry in pod.spec.resourceClaims of
-                                        the Pod where this field is used. It makes that resource available
-                                        inside a container.
-                                      type: string
-                                  required:
-                                    - name
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                  - name
-                                x-kubernetes-list-type: map
                               limits:
                                 additionalProperties:
                                   anyOf:
@@ -958,10 +932,8 @@ spec:
                             MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
                             Protocol versions are based on the following most common TLS configurations:
                             
-                            
                               https://ssl-config.mozilla.org/
                             
-                            
                             Note that SSLv3.0 is not a supported protocol version due to well known
                             vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
                           enum:
@@ -1091,10 +1063,13 @@ spec:
                       referenced object inside the same namespace.
                     properties:
                       name:
+                        default: ""
                         description: |-
                           Name of the referent.
+                          This field is effectively required, but due to backwards compatibility is
+                          allowed to be empty. Instances of this type with an empty value here are
+                          almost certainly wrong.
                           More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Add other useful fields. apiVersion, kind, uid?
                         type: string
                     type: object
                     x-kubernetes-map-type: atomic
@@ -1411,7 +1386,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -1426,7 +1401,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -1594,7 +1569,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -1609,7 +1584,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -1775,7 +1750,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -1790,7 +1765,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -1958,7 +1933,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -1973,7 +1948,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -2164,7 +2139,6 @@ spec:
                         BatchEvictionInterval Represents the interval to wait before issuing the next
                         batch of shutdowns
                         
-                        
                         Defaults to 1 minute
                       type: string
                     batchEvictionSize:
@@ -2172,7 +2146,6 @@ spec:
                         BatchEvictionSize Represents the number of VMIs that can be forced updated per
                         the BatchShutdownInteral interval
                         
-                        
                         Defaults to 10
                       type: integer
                     workloadUpdateMethods:
@@ -2183,7 +2156,6 @@ spec:
                         precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
                         methods are listed, only VMs which are not live migratable will be restarted/shutdown
                         
-                        
                         An empty list defaults to no automated workload updating
                       items:
                         type: string
@@ -2491,7 +2463,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -2506,7 +2478,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -2674,7 +2646,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -2689,7 +2661,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -2855,7 +2827,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -2870,7 +2842,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -3038,7 +3010,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -3053,7 +3025,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -3516,6 +3488,17 @@ spec:
                           type: object
                       type: object
                       x-kubernetes-map-type: atomic
+                    commonInstancetypesDeployment:
+                      description: CommonInstancetypesDeployment controls the deployment
+                        of common-instancetypes resources
+                      nullable: true
+                      properties:
+                        enabled:
+                          description: Enabled controls the deployment of common-instancetypes
+                            resources, defaults to True.
+                          nullable: true
+                          type: boolean
+                      type: object
                     controllerConfiguration:
                       description: |-
                         ReloadableComponentConfiguration holds all generic k8s configuration options which can
@@ -3697,6 +3680,23 @@ spec:
                       description: PullPolicy describes a policy for if/when to pull
                         a container image
                       type: string
+                    instancetype:
+                      description: Instancetype configuration
+                      nullable: true
+                      properties:
+                        referencePolicy:
+                          description: |-
+                            ReferencePolicy defines how an instance type or preference should be referenced by the VM after submission, supported values are:
+                            reference (default) - Where a copy of the original object is stashed in a ControllerRevision and referenced by the VM.
+                            expand - Where the instance type or preference are expanded into the VM if no revisionNames have been populated.
+                            expandAll - Where the instance type or preference are expanded into the VM regardless of revisionNames previously being populated.
+                          enum:
+                            - reference
+                            - expand
+                            - expandAll
+                          nullable: true
+                          type: string
+                      type: object
                     ksmConfiguration:
                       description: KSMConfiguration holds the information regarding
                         the enabling the KSM in the nodes (if available).
@@ -3755,8 +3755,9 @@ spec:
                         features
                       properties:
                         maxCpuSockets:
-                          description: MaxCpuSockets holds the maximum amount of sockets
+                          description: |-
-                            that can be hotplugged
+                            MaxCpuSockets provides a MaxSockets value for VMs that do not provide their own.
+                            For VMs with more sockets than maximum the MaxSockets will be set to equal number of sockets.
                           format: int32
                           type: integer
                         maxGuest:
@@ -3862,7 +3863,7 @@ spec:
                           description: |-
                             CompletionTimeoutPerGiB is the maximum number of seconds per GiB a migration is allowed to take.
                             If a live-migration takes longer to migrate than this value multiplied by the size of the VMI,
-                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 800
+                            the migration will be cancelled, unless AllowPostCopy is true. Defaults to 150
                           format: int64
                           type: integer
                         disableTLS:
@@ -3925,34 +3926,6 @@ spec:
                                   ComputeResourceOverhead specifies the resource overhead that should be added to the compute container when using the binding.
                                   version: v1alphav1
                                 properties:
-                                  claims:
-                                    description: |-
-                                      Claims lists the names of resources, defined in spec.resourceClaims,
-                                      that are used by this container.
-                                      
-                                      
-                                      This is an alpha field and requires enabling the
-                                      DynamicResourceAllocation feature gate.
-                                      
-                                      
-                                      This field is immutable. It can only be set for containers.
-                                    items:
-                                      description: ResourceClaim references one entry
-                                        in PodSpec.ResourceClaims.
-                                      properties:
-                                        name:
-                                          description: |-
-                                            Name must match the name of one entry in pod.spec.resourceClaims of
-                                            the Pod where this field is used. It makes that resource available
-                                            inside a container.
-                                          type: string
-                                      required:
-                                        - name
-                                      type: object
-                                    type: array
-                                    x-kubernetes-list-map-keys:
-                                      - name
-                                    x-kubernetes-list-type: map
                                   limits:
                                     additionalProperties:
                                       anyOf:
@@ -3981,7 +3954,7 @@ spec:
                               domainAttachmentType:
                                 description: |-
                                   DomainAttachmentType is a standard domain network attachment method kubevirt supports.
-                                  Supported values: "tap".
+                                  Supported values: "tap", "managedTap" (since v1.4).
                                   The standard domain attachment can be used instead or in addition to the sidecarImage.
                                   version: 1alphav1
                                 type: string
@@ -4159,37 +4132,10 @@ spec:
                           usually idle and don't require a lot of memory or cpu.
                         properties:
                           resources:
-                            description: ResourceRequirements describes the compute
+                            description: |-
-                              resource requirements.
+                              ResourceRequirementsWithoutClaims describes the compute resource requirements.
+                              This struct was taken from the k8s.ResourceRequirements and cleaned up the 'Claims' field.
                             properties:
-                              claims:
-                                description: |-
-                                  Claims lists the names of resources, defined in spec.resourceClaims,
-                                  that are used by this container.
-                                  
-                                  
-                                  This is an alpha field and requires enabling the
-                                  DynamicResourceAllocation feature gate.
-                                  
-                                  
-                                  This field is immutable. It can only be set for containers.
-                                items:
-                                  description: ResourceClaim references one entry in
-                                    PodSpec.ResourceClaims.
-                                  properties:
-                                    name:
-                                      description: |-
-                                        Name must match the name of one entry in pod.spec.resourceClaims of
-                                        the Pod where this field is used. It makes that resource available
-                                        inside a container.
-                                      type: string
-                                  required:
-                                    - name
-                                  type: object
-                                type: array
-                                x-kubernetes-list-map-keys:
-                                  - name
-                                x-kubernetes-list-type: map
                               limits:
                                 additionalProperties:
                                   anyOf:
@@ -4243,10 +4189,8 @@ spec:
                             MinTLSVersion is a way to specify the minimum protocol version that is acceptable for TLS connections.
                             Protocol versions are based on the following most common TLS configurations:
                             
-                            
                               https://ssl-config.mozilla.org/
                             
-                            
                             Note that SSLv3.0 is not a supported protocol version due to well known
                             vulnerabilities such as POODLE: https://en.wikipedia.org/wiki/POODLE
                           enum:
@@ -4376,10 +4320,13 @@ spec:
                       referenced object inside the same namespace.
                     properties:
                       name:
+                        default: ""
                         description: |-
                           Name of the referent.
+                          This field is effectively required, but due to backwards compatibility is
+                          allowed to be empty. Instances of this type with an empty value here are
+                          almost certainly wrong.
                           More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                          TODO: Add other useful fields. apiVersion, kind, uid?
                         type: string
                     type: object
                     x-kubernetes-map-type: atomic
@@ -4696,7 +4643,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -4711,7 +4658,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -4879,7 +4826,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -4894,7 +4841,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -5060,7 +5007,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -5075,7 +5022,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -5243,7 +5190,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -5258,7 +5205,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -5449,7 +5396,6 @@ spec:
                         BatchEvictionInterval Represents the interval to wait before issuing the next
                         batch of shutdowns
                         
-                        
                         Defaults to 1 minute
                       type: string
                     batchEvictionSize:
@@ -5457,7 +5403,6 @@ spec:
                         BatchEvictionSize Represents the number of VMIs that can be forced updated per
                         the BatchShutdownInteral interval
                         
-                        
                         Defaults to 10
                       type: integer
                     workloadUpdateMethods:
@@ -5468,7 +5413,6 @@ spec:
                         precedence over more disruptive methods. For example if both LiveMigrate and Shutdown
                         methods are listed, only VMs which are not live migratable will be restarted/shutdown
                         
-                        
                         An empty list defaults to no automated workload updating
                       items:
                         type: string
@@ -5776,7 +5720,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -5791,7 +5735,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -5959,7 +5903,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -5974,7 +5918,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -6140,7 +6084,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                               Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -6155,7 +6099,7 @@ spec:
                                               pod labels will be ignored. The default value is empty.
                                               The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                               Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                              This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                              This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                             items:
                                               type: string
                                             type: array
@@ -6323,7 +6267,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both matchLabelKeys and labelSelector.
                                           Also, matchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array
@@ -6338,7 +6282,7 @@ spec:
                                           pod labels will be ignored. The default value is empty.
                                           The same key is forbidden to exist in both mismatchLabelKeys and labelSelector.
                                           Also, mismatchLabelKeys cannot be set when labelSelector isn't set.
-                                          This is an alpha field and requires enabling MatchLabelKeysInPodAffinity feature gate.
+                                          This is a beta field and requires enabling MatchLabelKeysInPodAffinity feature gate (enabled by default).
                                         items:
                                           type: string
                                         type: array

kubevirt-chart/templates/kubevirt-operator.yaml

@@ -606,15 +606,35 @@ rules:
   - apiGroups:
       - snapshot.kubevirt.io
     resources:
-      - '*'
+      - virtualmachinesnapshots
+      - virtualmachinesnapshots/status
+      - virtualmachinesnapshotcontents
+      - virtualmachinesnapshotcontents/status
+      - virtualmachinesnapshotcontents/finalizers
+      - virtualmachinerestores
+      - virtualmachinerestores/status
     verbs:
-      - '*'
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+      - patch
   - apiGroups:
       - export.kubevirt.io
     resources:
-      - '*'
+      - virtualmachineexports
+      - virtualmachineexports/status
+      - virtualmachineexports/finalizers
     verbs:
-      - '*'
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - delete
+      - patch
   - apiGroups:
       - pool.kubevirt.io
     resources:
@@ -636,6 +656,12 @@ rules:
       - '*'
     verbs:
       - '*'
+  - apiGroups:
+      - kubevirt.io
+    resources:
+      - virtualmachines/finalizers
+    verbs:
+      - update
   - apiGroups:
       - subresources.kubevirt.io
     resources:
@@ -844,6 +870,7 @@ rules:
       - virtualmachineinstances/userlist
       - virtualmachineinstances/sev/fetchcertchain
       - virtualmachineinstances/sev/querylaunchmeasurement
+      - virtualmachineinstances/usbredir
     verbs:
       - get
   - apiGroups:
@@ -992,6 +1019,7 @@ rules:
       - virtualmachineinstances/userlist
       - virtualmachineinstances/sev/fetchcertchain
       - virtualmachineinstances/sev/querylaunchmeasurement
+      - virtualmachineinstances/usbredir
     verbs:
       - get
   - apiGroups:
@@ -1264,7 +1292,7 @@ metadata:
   name: virt-operator
   namespace: {{ .Release.Namespace }}
 spec:
-  replicas: 2
+  replicas: {{ .Values.operator.replicas }}
   selector:
     matchLabels:
       kubevirt.io: virt-operator
@@ -1279,17 +1307,7 @@ spec:
       name: virt-operator
     spec:
       affinity:
-        podAntiAffinity:
+{{- .Values.operator.affinity | toYaml | nindent 8 }}
-          preferredDuringSchedulingIgnoredDuringExecution:
-            - podAffinityTerm:
-                labelSelector:
-                  matchExpressions:
-                    - key: kubevirt.io
-                      operator: In
-                      values:
-                        - virt-operator
-                topologyKey: kubernetes.io/hostname
-              weight: 1
       containers:
         - args:
             - --port
@@ -1325,9 +1343,7 @@ spec:
             initialDelaySeconds: 5
             timeoutSeconds: 10
           resources:
-            requests:
+{{- .Values.operator.resources | toYaml | nindent 12 }}
-              cpu: 10m
-              memory: 450Mi
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:

kubevirt-chart/templates/kubevirt.yaml

@@ -20,6 +20,10 @@ spec:
   {{- if .Values.kubevirt.uninstallStrategy }}
   uninstallStrategy: {{ .Values.kubevirt.uninstallStrategy }}
   {{- end }}
+  {{- with .Values.kubevirt.workloads }}
+  workloads:
+  {{- toYaml . | nindent 4 }}
+  {{- end }}
   {{- with .Values.kubevirt.workloadUpdateStrategy }}
   workloadUpdateStrategy:
   {{- toYaml . | nindent 4 }}

kubevirt-chart/values.yaml

@@ -1,7 +1,24 @@
 operator:
   image: registry.suse.com/suse/sles/15.6/virt-operator
-  version: 1.3.1-150600.5.9.1
+  version: 1.4.0-150600.5.15.1
+  replicas: 2
   pullPolicy: IfNotPresent
+  affinity:
+    podAntiAffinity:
+      preferredDuringSchedulingIgnoredDuringExecution:
+        - podAffinityTerm:
+            labelSelector:
+              matchExpressions:
+                - key: kubevirt.io
+                  operator: In
+                  values:
+                    - virt-operator
+            topologyKey: kubernetes.io/hostname
+          weight: 1
+  resources:
+    requests:
+      cpu: 10m
+      memory: 450Mi
 
 kubevirt:
   # Holds kubevirt configurations. Same as the virt-configMap.
@@ -14,6 +31,8 @@ kubevirt:
   # Specifies if KubeVirt can be deleted if workloads are still present.
   # This is mainly a precaution to avoid accidental data loss.
   uninstallStrategy: ""
+  # Selectors and tolerations that should apply to KubeVirt workloads.
+  workloads: {}
   # WorkloadUpdateStrategy defines at the cluster level how to handle automated workload updates.
   workloadUpdateStrategy: {}
   # Optionally enable ServiceMonitor for prometheus, see

kubevirt-dashboard-extension-chart/Chart.yaml

@@ -1,22 +1,22 @@
-#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.1
-#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.0
-#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.0_up1.2.1-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubevirt-dashboard-extension-chart:%%CHART_MAJOR%%.0.1_up1.3.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
-  catalog.cattle.io/display-name: KubeVirt
-  catalog.cattle.io/kube-version: '>= v1.26.0-0'
   catalog.cattle.io/namespace: cattle-ui-plugin-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux, windows
-  catalog.cattle.io/rancher-version: '>= 2.10.0-0'
   catalog.cattle.io/scope: management
   catalog.cattle.io/ui-component: plugins
-  catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
+  catalog.cattle.io/display-name: KubeVirt
+  catalog.cattle.io/rancher-version: '>= 2.11.0-0'
+  catalog.cattle.io/ui-extensions-version: '>= 3.0.4 < 4.0.0'
+  catalog.cattle.io/kube-version: '>= v1.26.0-0'
 apiVersion: v2
-appVersion: 302.0.0+up1.2.1
+appVersion: 303.0.1+up1.3.0
 description: 'SUSE Edge: KubeVirt extension for Rancher Dashboard'
 name: kubevirt-dashboard-extension
 type: application
-version: "%%CHART_MAJOR%%.0.0+up1.2.1"
+version: "%%CHART_MAJOR%%.0.1+up1.3.0"
 icon: >-
   https://raw.githubusercontent.com/cncf/artwork/master/projects/kubevirt/icon/color/kubevirt-icon-color.svg

kubevirt-dashboard-extension-chart/templates/cr.yaml

@@ -8,7 +8,7 @@ spec:
   plugin:
     name: {{ include "extension-server.fullname" . }}
     version: {{ (semver (default .Chart.AppVersion .Values.plugin.versionOverride)).Original }}
-    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/302.0.0+up1.2.1
+    endpoint: https://raw.githubusercontent.com/suse-edge/dashboard-extensions/gh-pages/extensions/kubevirt-dashboard-extension/303.0.1+up1.3.0
     noCache: {{ .Values.plugin.noCache }}
     noAuth: {{ .Values.plugin.noAuth }}
     metadata: {{ include "extension-server.pluginMetadata" . | indent 6 }}

kubevirt-dashboard-extension-chart/values.yaml

@@ -7,6 +7,6 @@ plugin:
   noAuth: false
   metadata:
     catalog.cattle.io/display-name: KubeVirt
-    catalog.cattle.io/rancher-version: ">= 2.10.0-0"
+    catalog.cattle.io/rancher-version: ">= 2.11.0-0"
-    catalog.cattle.io/ui-extensions-version: ">= 3.0.0 < 4.0.0"
+    catalog.cattle.io/ui-extensions-version: ">= 3.0.4 < 4.0.0"
     catalog.cattle.io/kube-version: ">= v1.26.0-0"

metal3-chart/Chart.yaml

@@ -1,16 +1,16 @@
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.1_up0.9.4
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0
-#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.1_up0.9.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metal3-chart:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.9.4
+appVersion: 0.11.0
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.6.1
+  version: 0.9.1
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.9.3
+  version: 0.10.0
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.9.4"
+version: "%%CHART_MAJOR%%.0.2+up0.11.0"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 0.8.0
+appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.6.1
+version: 0.9.1

metal3-chart/charts/baremetal-operator/crds/customresource-bmceventsubscriptions.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
   labels:
     clusterctl.cluster.x-k8s.io: ""
   name: bmceventsubscriptions.metal3.io
@@ -34,14 +34,19 @@ spec:
         description: BMCEventSubscription is the Schema for the fast eventing API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -57,8 +62,9 @@ spec:
                 description: A reference to a BareMetalHost
                 type: string
               httpHeadersRef:
-                description: A secret containing HTTP headers which should be passed
+                description: |-
-                  along to the Destination when making a request
+                  A secret containing HTTP headers which should be passed along to the Destination
+                  when making a request
                 properties:
                   name:
                     description: name is unique within a namespace to reference a

metal3-chart/charts/baremetal-operator/crds/customresource-dataimages.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
   name: dataimages.metal3.io
 spec:
   group: metal3.io
@@ -20,14 +20,19 @@ spec:
         description: DataImage is the Schema for the dataimages API.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -35,7 +40,8 @@ spec:
             description: DataImageSpec defines the desired state of DataImage.
             properties:
               url:
-                description: Url is the address of the dataImage that we want to attach
+                description: |-
+                  Url is the address of the dataImage that we want to attach
                   to a BareMetalHost
                 type: string
             required:

metal3-chart/charts/baremetal-operator/crds/customresource-firmwareschemas.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
   labels:
     clusterctl.cluster.x-k8s.io: ""
   name: firmwareschemas.metal3.io
@@ -22,14 +22,19 @@ spec:
         description: FirmwareSchema is the Schema for the firmwareschemas API.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -73,8 +78,9 @@ spec:
                       description: Whether or not this setting is read only.
                       type: boolean
                     unique:
-                      description: Whether or not this setting's value is unique to
+                      description: |-
-                        this node, e.g. a serial number.
+                        Whether or not this setting's value is unique to this node, e.g.
+                        a serial number.
                       type: boolean
                     upper_bound:
                       description: The highest value for an Integer type setting.

metal3-chart/charts/baremetal-operator/crds/customresource-hardwaredata.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
   labels:
     clusterctl.cluster.x-k8s.io: ""
   name: hardwaredata.metal3.io
@@ -29,14 +29,19 @@ spec:
         description: HardwareData is the Schema for the hardwaredata API.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -47,7 +52,7 @@ spec:
                 description: The hardware discovered on the host during its inspection.
                 properties:
                   cpu:
-                    description: CPU describes one processor on the host.
+                    description: Details of the CPU(s) in the system.
                     properties:
                       arch:
                         type: string
@@ -65,7 +70,7 @@ spec:
                         type: string
                     type: object
                   firmware:
-                    description: Firmware describes the firmware on the host.
+                    description: System firmware information.
                     properties:
                       bios:
                         description: The BIOS for this firmware
@@ -84,14 +89,15 @@ spec:
                   hostname:
                     type: string
                   nics:
+                    description: List of network interfaces for the host.
                     items:
                       description: NIC describes one network interface on the host.
                       properties:
                         ip:
-                          description: The IP address of the interface. This will
+                          description: |-
-                            be an IPv4 or IPv6 address if one is present.  If both
+                            The IP address of the interface. This will be an IPv4 or IPv6 address
-                            IPv4 and IPv6 addresses are present in a dual-stack environment,
+                            if one is present.  If both IPv4 and IPv6 addresses are present in a
-                            two nics will be output, one with each IP.
+                            dual-stack environment, two nics will be output, one with each IP.
                           type: string
                         mac:
                           description: The device MAC address
@@ -134,16 +140,20 @@ spec:
                       type: object
                     type: array
                   ramMebibytes:
+                    description: The host's amount of memory in Mebibytes.
                     type: integer
                   storage:
+                    description: List of storage (disk, SSD, etc.) available to the
+                      host.
                     items:
                       description: Storage describes one storage device (disk, SSD,
                         etc.) on the host.
                       properties:
                         alternateNames:
-                          description: A list of alternate Linux device names of the
+                          description: |-
-                            disk, e.g. "/dev/sda". Note that this list is not exhaustive,
+                            A list of alternate Linux device names of the disk, e.g. "/dev/sda".
-                            and names may not be stable across reboots.
+                            Note that this list is not exhaustive, and names may not be stable
+                            across reboots.
                           items:
                             type: string
                           type: array
@@ -154,15 +164,17 @@ spec:
                           description: Hardware model
                           type: string
                         name:
-                          description: A Linux device name of the disk, e.g. "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0".
+                          description: |-
-                            This will be a name that is stable across reboots if one
+                            A Linux device name of the disk, e.g.
-                            is available.
+                            "/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name
+                            that is stable across reboots if one is available.
                           type: string
                         rotational:
-                          description: Whether this disk represents rotational storage.
+                          description: |-
-                            This field is not recommended for usage, please prefer
+                            Whether this disk represents rotational storage.
-                            using 'Type' field instead, this field will be deprecated
+                            This field is not recommended for usage, please
-                            eventually.
+                            prefer using 'Type' field instead, this field
+                            will be deprecated eventually.
                           type: boolean
                         serialNumber:
                           description: The serial number of the device
@@ -193,8 +205,7 @@ spec:
                       type: object
                     type: array
                   systemVendor:
-                    description: HardwareSystemVendor stores details about the whole
+                    description: System vendor information.
-                      hardware system.
                     properties:
                       manufacturer:
                         type: string

metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwarecomponents.yaml

@@ -3,7 +3,9 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
   name: hostfirmwarecomponents.metal3.io
 spec:
   group: metal3.io
@@ -21,14 +23,19 @@ spec:
           API.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -82,43 +89,35 @@ spec:
                 description: Track whether updates stored in the spec are valid based
                   on the schema
                 items:
-                  description: "Condition contains details for one aspect of the current
+                  description: Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
+                    state of this API Resource.
-                    use as an array at the field path .status.conditions.  For example,
-                    \n type FooStatus struct{ // Represents the observations of a
-                    foo's current state. // Known .status.conditions.type are: \"Available\",
-                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
-                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
+                      description: |-
-                        transitioned from one status to another. This should be when
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        the underlying condition changed.  If that is not known, then
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                        using the time when the API field changed is acceptable.
                       format: date-time
                       type: string
                     message:
-                      description: message is a human readable message indicating
+                      description: |-
-                        details about the transition. This may be an empty string.
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
                       maxLength: 32768
                       type: string
                     observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
+                      description: |-
-                        that the condition was set based upon. For instance, if .metadata.generation
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        is currently 12, but the .status.conditions[x].observedGeneration
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        is 9, the condition is out of date with respect to the current
+                        with respect to the current state of the instance.
-                        state of the instance.
                       format: int64
                       minimum: 0
                       type: integer
                     reason:
-                      description: reason contains a programmatic identifier indicating
+                      description: |-
-                        the reason for the condition's last transition. Producers
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        of specific condition types may define expected values and
+                        Producers of specific condition types may define expected values and meanings for this field,
-                        meanings for this field, and whether the values are considered
+                        and whether the values are considered a guaranteed API.
-                        a guaranteed API. The value should be a CamelCase string.
+                        The value should be a CamelCase string.
                         This field may not be empty.
                       maxLength: 1024
                       minLength: 1
@@ -133,10 +132,6 @@ spec:
                       type: string
                     type:
                       description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string
@@ -156,8 +151,9 @@ spec:
                 format: date-time
                 type: string
               updates:
-                description: Updates is the list of all firmware components that should
+                description: |-
-                  be updated they are specified via name and url fields.
+                  Updates is the list of all firmware components that should be updated
+                  they are specified via name and url fields.
                 items:
                   description: FirmwareUpdate defines a firmware update specification.
                   properties:

metal3-chart/charts/baremetal-operator/crds/customresource-hostfirmwaresettings.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
   labels:
     clusterctl.cluster.x-k8s.io: ""
   name: hostfirmwaresettings.metal3.io
@@ -25,14 +25,19 @@ spec:
           API.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -59,43 +64,35 @@ spec:
                 description: Track whether settings stored in the spec are valid based
                   on the schema
                 items:
-                  description: "Condition contains details for one aspect of the current
+                  description: Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
+                    state of this API Resource.
-                    use as an array at the field path .status.conditions.  For example,
-                    \n type FooStatus struct{ // Represents the observations of a
-                    foo's current state. // Known .status.conditions.type are: \"Available\",
-                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
-                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
+                      description: |-
-                        transitioned from one status to another. This should be when
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        the underlying condition changed.  If that is not known, then
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                        using the time when the API field changed is acceptable.
                       format: date-time
                       type: string
                     message:
-                      description: message is a human readable message indicating
+                      description: |-
-                        details about the transition. This may be an empty string.
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
                       maxLength: 32768
                       type: string
                     observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
+                      description: |-
-                        that the condition was set based upon. For instance, if .metadata.generation
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        is currently 12, but the .status.conditions[x].observedGeneration
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        is 9, the condition is out of date with respect to the current
+                        with respect to the current state of the instance.
-                        state of the instance.
                       format: int64
                       minimum: 0
                       type: integer
                     reason:
-                      description: reason contains a programmatic identifier indicating
+                      description: |-
-                        the reason for the condition's last transition. Producers
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        of specific condition types may define expected values and
+                        Producers of specific condition types may define expected values and meanings for this field,
-                        meanings for this field, and whether the values are considered
+                        and whether the values are considered a guaranteed API.
-                        a guaranteed API. The value should be a CamelCase string.
+                        The value should be a CamelCase string.
                         This field may not be empty.
                       maxLength: 1024
                       minLength: 1
@@ -110,10 +107,6 @@ spec:
                       type: string
                     type:
                       description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string
@@ -133,8 +126,9 @@ spec:
                 format: date-time
                 type: string
               schema:
-                description: FirmwareSchema is a reference to the Schema used to describe
+                description: |-
-                  each FirmwareSetting. By default, this will be a Schema in the same
+                  FirmwareSchema is a reference to the Schema used to describe each
+                  FirmwareSetting. By default, this will be a Schema in the same
                   Namespace as the settings but it can be overwritten in the Spec
                 properties:
                   name:

metal3-chart/charts/baremetal-operator/crds/customresource-hostupdatepolicies.yaml

@@ -0,0 +1,62 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.5
+  labels:
+    clusterctl.cluster.x-k8s.io: ""
+  name: hostupdatepolicies.metal3.io
+spec:
+  group: metal3.io
+  names:
+    kind: HostUpdatePolicy
+    listKind: HostUpdatePolicyList
+    plural: hostupdatepolicies
+    singular: hostupdatepolicy
+  scope: Namespaced
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: HostUpdatePolicy is the Schema for the hostupdatepolicy API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: HostUpdatePolicySpec defines the desired state of HostUpdatePolicy.
+            properties:
+              firmwareSettings:
+                description: Defines policy for changing firmware settings
+                enum:
+                - onPreparing
+                - onReboot
+                type: string
+              firmwareUpdates:
+                description: Defines policy for updating firmware
+                enum:
+                - onPreparing
+                - onReboot
+                type: string
+            type: object
+          status:
+            description: HostUpdatePolicyStatus defines the observed state of HostUpdatePolicy.
+            type: object
+        type: object
+    served: true
+    storage: true

metal3-chart/charts/baremetal-operator/crds/customresource-preprovisioningimages.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.12.1
+    controller-gen.kubebuilder.io/version: v0.16.5
   labels:
     clusterctl.cluster.x-k8s.io: ""
   name: preprovisioningimages.metal3.io
@@ -34,14 +34,19 @@ spec:
           API.
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
+            description: |-
-              of an object. Servers should convert recognized schemas to the latest
+              APIVersion defines the versioned schema of this representation of an object.
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
+            description: |-
-              object represents. Servers may infer this from the endpoint the client
+              Kind is a string value representing the REST resource this object represents.
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -62,8 +67,9 @@ spec:
                   to build the image.
                 type: string
               networkDataName:
-                description: networkDataName is the name of a Secret in the local
+                description: |-
-                  namespace that contains network data to build in to the image.
+                  networkDataName is the name of a Secret in the local namespace that
+                  contains network data to build in to the image.
                 type: string
             type: object
           status:
@@ -77,43 +83,35 @@ spec:
               conditions:
                 description: conditions describe the state of the built image
                 items:
-                  description: "Condition contains details for one aspect of the current
+                  description: Condition contains details for one aspect of the current
-                    state of this API Resource. --- This struct is intended for direct
+                    state of this API Resource.
-                    use as an array at the field path .status.conditions.  For example,
-                    \n type FooStatus struct{ // Represents the observations of a
-                    foo's current state. // Known .status.conditions.type are: \"Available\",
-                    \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
-                    // +listType=map // +listMapKey=type Conditions []metav1.Condition
-                    `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
-                    protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
                   properties:
                     lastTransitionTime:
-                      description: lastTransitionTime is the last time the condition
+                      description: |-
-                        transitioned from one status to another. This should be when
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
-                        the underlying condition changed.  If that is not known, then
+                        This should be when the underlying condition changed.  If that is not known, then using the time when the API field changed is acceptable.
-                        using the time when the API field changed is acceptable.
                       format: date-time
                       type: string
                     message:
-                      description: message is a human readable message indicating
+                      description: |-
-                        details about the transition. This may be an empty string.
+                        message is a human readable message indicating details about the transition.
+                        This may be an empty string.
                       maxLength: 32768
                       type: string
                     observedGeneration:
-                      description: observedGeneration represents the .metadata.generation
+                      description: |-
-                        that the condition was set based upon. For instance, if .metadata.generation
+                        observedGeneration represents the .metadata.generation that the condition was set based upon.
-                        is currently 12, but the .status.conditions[x].observedGeneration
+                        For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
-                        is 9, the condition is out of date with respect to the current
+                        with respect to the current state of the instance.
-                        state of the instance.
                       format: int64
                       minimum: 0
                       type: integer
                     reason:
-                      description: reason contains a programmatic identifier indicating
+                      description: |-
-                        the reason for the condition's last transition. Producers
+                        reason contains a programmatic identifier indicating the reason for the condition's last transition.
-                        of specific condition types may define expected values and
+                        Producers of specific condition types may define expected values and meanings for this field,
-                        meanings for this field, and whether the values are considered
+                        and whether the values are considered a guaranteed API.
-                        a guaranteed API. The value should be a CamelCase string.
+                        The value should be a CamelCase string.
                         This field may not be empty.
                       maxLength: 1024
                       minLength: 1
@@ -128,10 +126,6 @@ spec:
                       type: string
                     type:
                       description: type of condition in CamelCase or in foo.example.com/CamelCase.
-                        --- Many .condition.type values are consistent across resources
-                        like Available, but because arbitrary conditions can be useful
-                        (see .node.status.conditions), the ability to deconflict is
-                        important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
                       maxLength: 316
                       pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
                       type: string
@@ -147,13 +141,14 @@ spec:
                 - type
                 x-kubernetes-list-type: map
               extraKernelParams:
-                description: extraKernelParams is a string with extra parameters to
+                description: |-
-                  pass to the kernel when booting the image over network. Only makes
+                  extraKernelParams is a string with extra parameters to pass to the
-                  sense for initrd images.
+                  kernel when booting the image over network. Only makes sense for initrd images.
                 type: string
               format:
-                description: 'format is the type of image that is available at the
+                description: |-
-                  download url: either iso or initrd.'
+                  format is the type of image that is available at the download url:
+                  either iso or initrd.
                 enum:
                 - iso
                 - initrd
@@ -163,12 +158,14 @@ spec:
                   downloaded.
                 type: string
               kernelUrl:
-                description: kernelUrl is the URL from which the kernel of the image
+                description: |-
-                  can be downloaded. Only makes sense for initrd images.
+                  kernelUrl is the URL from which the kernel of the image can be downloaded.
+                  Only makes sense for initrd images.
                 type: string
               networkData:
-                description: networkData is a reference to the version of the Secret
+                description: |-
-                  containing the network data used to build the image.
+                  networkData is a reference to the version of the Secret containing the
+                  network data used to build the image.
                 properties:
                   name:
                     type: string

metal3-chart/charts/baremetal-operator/templates/clusterrole-manager.yaml

@@ -184,3 +184,23 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - metal3.io
+  resources:
+  - hostupdatepolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - metal3.io
+  resources:
+  - hostupdatepolicies/status
+  verbs:
+  - get
+  - patch
+  - update

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -5,6 +5,7 @@
   {{- $ironicApiHost := print $ironicIP ":6385" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
+  {{- $deployArch := .Values.global.deployArchitecture }}
 
 apiVersion: v1
 data:
@@ -19,8 +20,9 @@ data:
     {{- $protocol = "http" }}
   {{- end }}
   CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
-  DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel"
+  DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
-  DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs"
+  DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
+  DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
 kind: ConfigMap
 metadata:
   name: baremetal-operator-ironic

metal3-chart/charts/baremetal-operator/templates/deployment.yaml

@@ -24,8 +24,8 @@ spec:
     spec:
       containers:
       - args:
-        - --metrics-addr=127.0.0.1:8085
         - --enable-leader-election
+        - --tls-min-version=TLS13
         env:
         - name: POD_NAME
           valueFrom:
@@ -56,6 +56,9 @@ spec:
         - containerPort: 9443
           name: webhook-server
           protocol: TCP
+        - containerPort: 8443
+          protocol: TCP
+          name: https
         readinessProbe:
           failureThreshold: 10
           httpGet:
@@ -84,19 +87,6 @@ spec:
           mountPath: "/opt/metal3/certs/ca"
           readOnly: true
         {{- end }}
-      - args:
-        - --secure-listen-address=0.0.0.0:8443
-        - --upstream=http://127.0.0.1:8085/
-        - --logtostderr=true
-        - --v=10
-        image: "{{ .Values.images.rbacProxy.repository }}:{{ .Values.images.rbacProxy.tag }}"
-        imagePullPolicy: {{ .Values.images.rbacProxy.pullPolicy }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        name: kube-rbac-proxy
-        ports:
-        - containerPort: 8443
-          name: https
       serviceAccountName: {{ include "baremetal-operator.serviceAccountName" . }}
       terminationGracePeriodSeconds: 10
       volumes:

metal3-chart/charts/baremetal-operator/templates/metrics_auth_role.yaml

@@ -1,7 +1,7 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
-  name: {{ include "baremetal-operator.fullname" . }}-proxy-role
+  name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role
   labels:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
 rules:

metal3-chart/charts/baremetal-operator/templates/metrics_auth_role_binding.yaml

@@ -1,13 +1,13 @@
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
-  name: {{ include "baremetal-operator.fullname" . }}-proxy-rolebinding
+  name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-rolebinding
   labels:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
-  name: {{ include "baremetal-operator.fullname" . }}-proxy-role
+  name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role
 subjects:
 - kind: ServiceAccount
   name: {{ include "baremetal-operator.serviceAccountName" . }}

metal3-chart/charts/baremetal-operator/templates/metrics_reader_role.yaml

@@ -6,6 +6,6 @@ metadata:
     {{- include "baremetal-operator.labels" . | nindent 4 }}
 rules:
 - nonResourceURLs:
-  - /metrics
+  - "/metrics"
   verbs:
   - get

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,11 +28,7 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.8.0"
+    tag: "0.9.1"
-  rbacProxy:
-    repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
-    pullPolicy: IfNotPresent
-    tag: "0.18.1"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.9.3
+version: 0.10.0

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -12,6 +12,7 @@ data:
   {{- $ironicApiHost := print $ironicIP ":6385" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
+  {{- $deployArch := .Values.global.deployArchitecture }}
 
   {{- if  ( .Values.global.enable_dnsmasq ) }}
   DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
@@ -39,8 +40,9 @@ data:
   {{- end }}
   IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
   CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
-  DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.kernel
+  DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
-  DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent.initramfs
+  DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
+  DEPLOY_ARCHITECTURE: {{ $deployArch }}
   IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
   IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
   ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 26.1.2.3
+    tag: 26.1.2.4
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.1
+    tag: 3.0.3
 
 nameOverride: ""
 fullnameOverride: ""

metal3-chart/values.yaml

@@ -63,6 +63,9 @@ global:
   # Name for the MariaDB service
   databaseServiceName: metal3-mariadb
 
+  # Architecture for deployed nodes (either x86_64 or arm64)
+  deployArchitecture: x86_64
+
   # In a multi-node cluster use the node selector to ensure the pods
   # all run on the same host where the dnsmasqDNSServer and provisioningIP
   # and /opt/media exist. Uncomment the nodeSelector and update the

metallb-chart/Chart.yaml

@@ -1,17 +1,17 @@
-#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.1_up0.14.9
+#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9
-#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.1_up0.14.9-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%metallb-chart:%%CHART_MAJOR%%.0.0_up0.14.9-%RELEASE%
 apiVersion: v2
-appVersion: v0.14.3
+appVersion: v0.14.9
 dependencies:
+- condition: crds.enabled
+  name: crds
+  repository: file://./charts/crds
+  version: 0.14.9
 - alias: metallb-frr-k8s
   condition: frrk8s.enabled
   name: frr-k8s
   repository: file://./charts/frr-k8s
-  version: 0.0.15
+  version: 0.0.16
-- condition: crds.enabled
-  name: metallb-crds
-  repository: file://./charts/metallb-crds
-  version: 0.14.8
 description: A network load-balancer implementation for Kubernetes using standard
   routing protocols
 home: https://metallb.universe.tf
@@ -21,4 +21,4 @@ name: metallb
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: "%%CHART_MAJOR%%.0.1+up0.14.9"
+version: "%%CHART_MAJOR%%.0.0+up0.14.9"

metallb-chart/README.md

@@ -1,6 +1,6 @@
 # metallb
 
-![Version: 0.14.8](https://img.shields.io/badge/Version-0.14.8-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.8](https://img.shields.io/badge/AppVersion-v0.14.8-informational?style=flat-square)
+![Version: 0.14.9](https://img.shields.io/badge/Version-0.14.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.9](https://img.shields.io/badge/AppVersion-v0.14.9-informational?style=flat-square)
 
 A network load-balancer implementation for Kubernetes using standard routing protocols
 
@@ -16,8 +16,8 @@ Kubernetes: `>= 1.19.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | crds | 0.14.8 |
+|  | crds | 0.14.9 |
-| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.14 |
+| https://metallb.github.io/frr-k8s | frr-k8s | 0.0.16 |
 
 ## Values
 
@@ -79,17 +79,17 @@ Kubernetes: `>= 1.19.0-0`
 | prometheus.podMonitor.relabelings | list | `[]` |  |
 | prometheus.prometheusRule.additionalLabels | object | `{}` |  |
 | prometheus.prometheusRule.addressPoolExhausted.enabled | bool | `true` |  |
-| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"alert"` |  |
+| prometheus.prometheusRule.addressPoolExhausted.labels.severity | string | `"critical"` |  |
 | prometheus.prometheusRule.addressPoolUsage.enabled | bool | `true` |  |
 | prometheus.prometheusRule.addressPoolUsage.thresholds[0].labels.severity | string | `"warning"` |  |
 | prometheus.prometheusRule.addressPoolUsage.thresholds[0].percent | int | `75` |  |
 | prometheus.prometheusRule.addressPoolUsage.thresholds[1].labels.severity | string | `"warning"` |  |
 | prometheus.prometheusRule.addressPoolUsage.thresholds[1].percent | int | `85` |  |
-| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"alert"` |  |
+| prometheus.prometheusRule.addressPoolUsage.thresholds[2].labels.severity | string | `"critical"` |  |
 | prometheus.prometheusRule.addressPoolUsage.thresholds[2].percent | int | `95` |  |
 | prometheus.prometheusRule.annotations | object | `{}` |  |
 | prometheus.prometheusRule.bgpSessionDown.enabled | bool | `true` |  |
-| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"alert"` |  |
+| prometheus.prometheusRule.bgpSessionDown.labels.severity | string | `"critical"` |  |
 | prometheus.prometheusRule.configNotLoaded.enabled | bool | `true` |  |
 | prometheus.prometheusRule.configNotLoaded.labels.severity | string | `"warning"` |  |
 | prometheus.prometheusRule.enabled | bool | `false` |  |
@@ -99,7 +99,7 @@ Kubernetes: `>= 1.19.0-0`
 | prometheus.rbacPrometheus | bool | `true` |  |
 | prometheus.rbacProxy.pullPolicy | string | `nil` |  |
 | prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` |  |
-| prometheus.rbacProxy.tag | string | `"v0.12.0"` |  |
+| prometheus.rbacProxy.tag | string | `"v0.18.0"` |  |
 | prometheus.scrapeAnnotations | bool | `false` |  |
 | prometheus.serviceAccount | string | `""` |  |
 | prometheus.serviceMonitor.controller.additionalLabels | object | `{}` |  |
@@ -122,7 +122,7 @@ Kubernetes: `>= 1.19.0-0`
 | speaker.frr.enabled | bool | `true` |  |
 | speaker.frr.image.pullPolicy | string | `nil` |  |
 | speaker.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` |  |
-| speaker.frr.image.tag | string | `"8.4.2"` |  |
+| speaker.frr.image.tag | string | `"8.5.6"` |  |
 | speaker.frr.metricsPort | int | `7473` |  |
 | speaker.frr.resources | object | `{}` |  |
 | speaker.frrMetrics.resources | object | `{}` |  |

metallb-chart/charts/crds/Chart.yaml

@@ -3,8 +3,8 @@ appVersion: v0.14.9
 description: MetalLB CRDs
 home: https://metallb.universe.tf
 icon: https://metallb.universe.tf/images/logo/metallb-white.png
-name: metallb-crds
+name: crds
 sources:
 - https://github.com/metallb/metallb
 type: application
-version: 0.14.8
+version: 0.14.9

metallb-chart/charts/crds/README.md

@@ -0,0 +1,14 @@
+# crds
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square)
+
+MetalLB CRDs
+
+**Homepage:** <https://metallb.universe.tf>
+
+## Source Code
+
+* <https://github.com/metallb/metallb>
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)

metallb-chart/charts/crds/templates/crds.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: bfdprofiles.metallb.io
 spec:
   group: metallb.io
@@ -123,7 +123,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: bgpadvertisements.metallb.io
 spec:
   group: metallb.io
@@ -329,7 +329,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: bgppeers.metallb.io
 spec:
   conversion:
@@ -365,6 +365,8 @@ spec:
         - jsonPath: .spec.ebgpMultiHop
           name: Multi Hops
           type: string
+      deprecated: true
+      deprecationWarning: v1beta1 is deprecated, please use v1beta2
       name: v1beta1
       schema:
         openAPIV3Schema:
@@ -526,15 +528,26 @@ spec:
                   default: false
                   description: To set if we want to disable MP BGP that will separate IPv4 and IPv6 route exchanges into distinct BGP sessions.
                   type: boolean
+                dynamicASN:
+                  description: |-
+                    DynamicASN detects the AS number to use for the remote end of the session
+                    without explicitly setting it via the ASN field. Limited to:
+                    internal - if the neighbor's ASN is different than MyASN connection is denied.
+                    external - if the neighbor's ASN is the same as MyASN the connection is denied.
+                    ASN and DynamicASN are mutually exclusive and one of them must be specified.
+                  enum:
+                    - internal
+                    - external
+                  type: string
                 ebgpMultiHop:
                   description: To set if the BGPPeer is multi-hops away. Needed for FRR mode only.
                   type: boolean
                 enableGracefulRestart:
                   description: |-
-                    EnableGracefulRestart allows BGP peer to continue to forward data packets along
+                    EnableGracefulRestart allows BGP peer to continue to forward data packets
-                    known routes while the routing protocol information is being restored.
+                    along known routes while the routing protocol information is being
-                    This field is immutable because it requires restart of the BGP session
+                    restored. This field is immutable because it requires restart of the BGP
-                    Supported for FRR mode only.
+                    session. Supported for FRR mode only.
                   type: boolean
                   x-kubernetes-validations:
                     - message: EnableGracefulRestart cannot be changed after creation
@@ -622,7 +635,9 @@ spec:
                   type: object
                   x-kubernetes-map-type: atomic
                 peerASN:
-                  description: AS number to expect from the remote end of the session.
+                  description: |-
+                    AS number to expect from the remote end of the session.
+                    ASN and DynamicASN are mutually exclusive and one of them must be specified.
                   format: int32
                   maximum: 4294967295
                   minimum: 0
@@ -649,7 +664,6 @@ spec:
                   type: string
               required:
                 - myASN
-                - peerASN
                 - peerAddress
               type: object
             status:
@@ -665,7 +679,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: communities.metallb.io
 spec:
   group: metallb.io
@@ -730,7 +744,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: ipaddresspools.metallb.io
 spec:
   group: metallb.io
@@ -940,7 +954,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: l2advertisements.metallb.io
 spec:
   group: metallb.io
@@ -1120,7 +1134,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.14.0
+    controller-gen.kubebuilder.io/version: v0.16.3
   name: servicel2statuses.metallb.io
 spec:
   group: metallb.io

metallb-chart/charts/frr-k8s/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

metallb-chart/charts/frr-k8s/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: crds
+  repository: ""
+  version: 0.0.16
+digest: sha256:b54ee64c5e61f1dd38e89efc87ebd1e36cdb7c4dd7c897d9985040dccd713dba
+generated: "2024-11-22T11:40:47.152053909+01:00"

metallb-chart/charts/frr-k8s/Chart.yaml

@@ -1,5 +1,10 @@
 apiVersion: v2
-appVersion: v0.0.14
+appVersion: v0.0.16
+dependencies:
+- condition: crds.enabled
+  name: crds
+  repository: file://./charts/crds
+  version: 0.0.16
 description: A cloud native wrapper of FRR
 home: https://metallb.universe.tf
 icon: https://metallb.universe.tf/images/logo/metallb-white.png
@@ -8,4 +13,4 @@ name: frr-k8s
 sources:
 - https://github.com/metallb/frr-k8s
 type: application
-version: 0.0.15
+version: 0.0.16

metallb-chart/charts/frr-k8s/README.md

@@ -1,6 +1,6 @@
 # frr-k8s
 
-![Version: 0.0.14](https://img.shields.io/badge/Version-0.0.14-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.14](https://img.shields.io/badge/AppVersion-v0.0.14-informational?style=flat-square)
+![Version: 0.0.16](https://img.shields.io/badge/Version-0.0.16-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.16](https://img.shields.io/badge/AppVersion-v0.0.16-informational?style=flat-square)
 
 A cloud native wrapper of FRR
 
@@ -16,7 +16,7 @@ Kubernetes: `>= 1.19.0-0`
 
 | Repository | Name | Version |
 |------------|------|---------|
-|  | crds | 0.0.14 |
+|  | crds | 0.0.16 |
 
 ## Values
 
@@ -27,17 +27,17 @@ Kubernetes: `>= 1.19.0-0`
 | frrk8s.affinity | object | `{}` |  |
 | frrk8s.alwaysBlock | string | `""` |  |
 | frrk8s.disableCertRotation | bool | `false` |  |
+| frrk8s.frr.acceptIncomingBGPConnections | bool | `false` |  |
 | frrk8s.frr.image.pullPolicy | string | `nil` |  |
-| frrk8s.frr.image.repository | string | `"quay.io/frrouting/frr"` |  |
+| frrk8s.frr.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr"` |  |
-| frrk8s.frr.image.tag | string | `"9.1.0"` |  |
+| frrk8s.frr.image.tag | string | `"8.5.6"` |  |
 | frrk8s.frr.metricsBindAddress | string | `"127.0.0.1"` |  |
 | frrk8s.frr.metricsPort | int | `7573` |  |
 | frrk8s.frr.resources | object | `{}` |  |
 | frrk8s.frr.secureMetricsPort | int | `9141` |  |
 | frrk8s.frrMetrics.resources | object | `{}` |  |
-| frrk8s.healthPort | int | `8081` |  |
 | frrk8s.image.pullPolicy | string | `nil` |  |
-| frrk8s.image.repository | string | `"quay.io/metallb/frr-k8s"` |  |
+| frrk8s.image.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/frr-k8s"` |  |
 | frrk8s.image.tag | string | `nil` |  |
 | frrk8s.labels.app | string | `"frr-k8s"` |  |
 | frrk8s.livenessProbe.enabled | bool | `true` |  |
@@ -77,8 +77,8 @@ Kubernetes: `>= 1.19.0-0`
 | prometheus.namespace | string | `""` |  |
 | prometheus.rbacPrometheus | bool | `false` |  |
 | prometheus.rbacProxy.pullPolicy | string | `nil` |  |
-| prometheus.rbacProxy.repository | string | `"gcr.io/kubebuilder/kube-rbac-proxy"` |  |
+| prometheus.rbacProxy.repository | string | `"registry.opensuse.org/isv/suse/edge/metallb/images/kube-rbac-proxy"` |  |
-| prometheus.rbacProxy.tag | string | `"v0.12.0"` |  |
+| prometheus.rbacProxy.tag | string | `"v0.18.0"` |  |
 | prometheus.scrapeAnnotations | bool | `false` |  |
 | prometheus.secureMetricsPort | int | `9140` |  |
 | prometheus.serviceAccount | string | `""` |  |

metallb-chart/charts/frr-k8s/charts/crds/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

metallb-chart/charts/frr-k8s/charts/crds/Chart.yaml

@@ -0,0 +1,10 @@
+apiVersion: v2
+appVersion: v0.0.16
+description: FRR K8s CRDs
+home: https://metallb.universe.tf
+icon: https://metallb.universe.tf/images/logo/metallb-white.png
+name: crds
+sources:
+- https://github.com/metallb/frr-k8s
+type: application
+version: 0.0.16

metallb-chart/charts/frr-k8s/charts/crds/README.md

@@ -0,0 +1,14 @@
+# crds
+
+![Version: 0.0.0](https://img.shields.io/badge/Version-0.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.0.0](https://img.shields.io/badge/AppVersion-v0.0.0-informational?style=flat-square)
+
+FRR-K8s CRDs
+
+**Homepage:** <https://metallb.universe.tf>
+
+## Source Code
+
+* <https://github.com/metallb/frr-k8s>
+
+----------------------------------------------
+Autogenerated from chart metadata using [helm-docs v1.10.0](https://github.com/norwoodj/helm-docs/releases/v1.10.0)

metallb-chart/charts/frr-k8s/charts/crds/templates/frrk8s.metallb.io_frrconfigurations.yaml

@@ -156,8 +156,9 @@ spec:
                                   the session with.
                                 type: string
                               asn:
-                                description: ASN is the AS number to use for the local
+                                description: |-
-                                  end of the session.
+                                  ASN is the AS number to use for the local end of the session.
+                                  ASN and DynamicASN are mutually exclusive and one of them must be specified.
                                 format: int32
                                 maximum: 4294967295
                                 minimum: 0
@@ -187,6 +188,17 @@ spec:
                                   will separate IPv4 and IPv6 route exchanges into
                                   distinct BGP sessions.
                                 type: boolean
+                              dynamicASN:
+                                description: |-
+                                  DynamicASN detects the AS number to use for the local end of the session
+                                  without explicitly setting it via the ASN field. Limited to:
+                                  internal - if the neighbor's ASN is different than the router's the connection is denied.
+                                  external - if the neighbor's ASN is the same as the router's the connection is denied.
+                                  ASN and DynamicASN are mutually exclusive and one of them must be specified.
+                                enum:
+                                - internal
+                                - external
+                                type: string
                               ebgpMultiHop:
                                 description: EBGPMultiHop indicates if the BGPPeer
                                   is multi-hops away.
@@ -366,7 +378,6 @@ spec:
                                 type: object
                             required:
                             - address
-                            - asn
                             type: object
                           type: array
                         prefixes:

metallb-chart/charts/frr-k8s/templates/controller.yaml

@@ -50,7 +50,7 @@ data:
     #
     vtysh_enable=yes
     zebra_options="  -A 127.0.0.1 -s 90000000"
-    bgpd_options="   -A 127.0.0.1"
+    bgpd_options="   -A 127.0.0.1 {{ if not .Values.frrk8s.frr.acceptIncomingBGPConnections }} -p 0 {{- end }}"
     ospfd_options="  -A 127.0.0.1"
     ospf6d_options=" -A ::1"
     ripd_options="   -A 127.0.0.1"
@@ -199,7 +199,6 @@ spec:
         {{- with .Values.frrk8s.logLevel }}
         - --log-level={{ . }}
         {{- end }}
-        - --health-probe-bind-address={{.Values.prometheus.metricsBindAddress}}:{{ .Values.frrk8s.healthPort }}
         {{- if .Values.frrk8s.alwaysBlock }}
         - --always-block={{ .Values.frrk8s.alwaysBlock }}
         {{- end }}
@@ -222,8 +221,8 @@ spec:
         {{- if .Values.frrk8s.livenessProbe.enabled }}
         livenessProbe:
           httpGet:
-            path: /healthz
+            path: /metrics
-            port: {{ .Values.frrk8s.healthPort }}
+            port: monitoring
             host: {{ .Values.prometheus.metricsBindAddress }}
           initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }}
@@ -234,8 +233,8 @@ spec:
         {{- if .Values.frrk8s.readinessProbe.enabled }}
         readinessProbe:
           httpGet:
-            path: /healthz
+            path: /metrics
-            port: {{ .Values.frrk8s.healthPort }}
+            port: monitoring
             host: {{ .Values.prometheus.metricsBindAddress }}
           initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }}

metallb-chart/charts/frr-k8s/templates/webhooks.yaml

@@ -46,7 +46,7 @@ spec:
         - "--restart-on-rotator-secret-refresh=true"
         {{- end }}
         - "--namespace=$(NAMESPACE)"
-        - --health-probe-bind-address=:8081
+        - "--metrics-bind-address=:{{ .Values.prometheus.metricsPort }}"
         env:
         - name: NAMESPACE
           valueFrom:
@@ -63,11 +63,14 @@ spec:
             drop:
               - ALL
           readOnlyRootFilesystem: true
+        ports:
+        - containerPort: {{ .Values.prometheus.metricsPort }}
+          name: monitoring
         {{- if .Values.frrk8s.livenessProbe.enabled }}
         livenessProbe:
           httpGet:
-            path: /healthz
+            path: /metrics
-            port: 8081
+            port: monitoring
           initialDelaySeconds: {{ .Values.frrk8s.livenessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.frrk8s.livenessProbe.periodSeconds }}
           failureThreshold: {{ .Values.frrk8s.livenessProbe.failureThreshold }}
@@ -75,8 +78,8 @@ spec:
         {{- if .Values.frrk8s.readinessProbe.enabled }}
         readinessProbe:
           httpGet:
-            path: /readyz
+            path: /metrics
-            port: 8081
+            port: monitoring
           initialDelaySeconds: {{ .Values.frrk8s.readinessProbe.initialDelaySeconds }}
           periodSeconds: {{ .Values.frrk8s.readinessProbe.periodSeconds }}
           failureThreshold: {{ .Values.frrk8s.readinessProbe.failureThreshold }}

metallb-chart/charts/frr-k8s/values.yaml

@@ -98,7 +98,7 @@ frrk8s:
   tolerateMaster: true
   image:
     repository: "registry.opensuse.org/isv/suse/edge/metallb/images/frr-k8s"
-    tag: "v0.0.14"
+    tag: "v0.0.16"
     pullPolicy: IfNotPresent
   ## @param controller.updateStrategy.type FRR-K8s controller daemonset strategy type
   ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
@@ -132,7 +132,6 @@ frrk8s:
   podAnnotations: {}
   labels:
     app: frr-k8s
-  healthPort: 8081
   livenessProbe:
     enabled: true
     failureThreshold: 3
@@ -162,15 +161,17 @@ frrk8s:
   frr:
     image:
       repository: "registry.opensuse.org/isv/suse/edge/metallb/images/frr"
-      tag: "8.4"
+      tag: "8.5.6"
       pullPolicy: IfNotPresent
     metricsBindAddress: 127.0.0.1
     metricsPort: 7573
     resources: {}
     secureMetricsPort: 9141
+    acceptIncomingBGPConnections: false
   reloader:
     resources: {}
   frrMetrics:
     resources: {}
 crds:
+  enabled: true
   validationFailurePolicy: Fail

metallb-chart/charts/metallb-crds/README.md

@@ -1,11 +0,0 @@
-# crds
-
-![Version: 0.14.3](https://img.shields.io/badge/Version-0.14.3-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.14.3](https://img.shields.io/badge/AppVersion-v0.14.3-informational?style=flat-square)
-
-MetalLB CRDs
-
-**Homepage:** <https://metallb.universe.tf>
-
-## Source Code
-
-* <https://github.com/metallb/metallb>

metallb-chart/templates/_helpers.tpl

@@ -111,3 +111,4 @@ Create the name of the settings Secret to use.
 {{ .Values.speaker.frr.metricsPort }}
 {{- end }}
 {{- end }}
+

metallb-chart/templates/controller.yaml

@@ -84,7 +84,7 @@ spec:
         - name: METALLB_DEPLOYMENT
           value: {{ template "metallb.fullname" . }}-controller
         {{- end }}
-        {{- if .Values.speaker.frr.enabled }}
+        {{- if and .Values.speaker.enabled .Values.speaker.frr.enabled }}
         - name: METALLB_BGP_TYPE
           value: frr
         {{- end }}

metallb-chart/templates/podmonitor.yaml

@@ -36,6 +36,7 @@ spec:
     relabelings:
 {{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }}
 {{- end }}
+{{- if .Values.speaker.enabled }}
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: PodMonitor
@@ -74,6 +75,7 @@ spec:
     relabelings:
 {{- toYaml .Values.prometheus.podMonitor.relabelings | nindent 4 }}
 {{- end }}
+{{- end }}
 ---
 {{- if .Values.prometheus.rbacPrometheus }}
 apiVersion: rbac.authorization.k8s.io/v1

metallb-chart/templates/prometheusrules.yaml

@@ -19,8 +19,8 @@ spec:
     {{- if .Values.prometheus.prometheusRule.staleConfig.enabled }}
     - alert: MetalLBStaleConfig
       annotations:
-        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
+        summary: {{`'Stale config on {{ $labels.pod }}'`}}
-          }} has a stale config for > 1 minute'`}}
+        description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has a stale config for > 1 minute'`}}
       expr: metallb_k8s_client_config_stale_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 1
       for: 1m
       {{- with .Values.prometheus.prometheusRule.staleConfig.labels }}
@@ -31,8 +31,8 @@ spec:
     {{- if .Values.prometheus.prometheusRule.configNotLoaded.enabled }}
     - alert: MetalLBConfigNotLoaded
       annotations:
-        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
+        summary: {{`'Config on {{ $labels.pod }} has not been loaded'`}}
-          }} has not loaded for > 1 minute'`}}
+        description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has not loaded for > 1 minute'`}}
       expr: metallb_k8s_client_config_loaded_bool{job=~"{{ template "metallb.fullname" . }}.*"} == 0
       for: 1m
       {{- with .Values.prometheus.prometheusRule.configNotLoaded.labels }}
@@ -43,8 +43,8 @@ spec:
     {{- if .Values.prometheus.prometheusRule.addressPoolExhausted.enabled }}
     - alert: MetalLBAddressPoolExhausted
       annotations:
-        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
+        summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}}
-          }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}}
+        description: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has exhausted address pool {{ $labels.pool }} for > 1 minute'`}}
       expr: metallb_allocator_addresses_in_use_total >= on(pool) metallb_allocator_addresses_total
       for: 1m
       {{- with .Values.prometheus.prometheusRule.addressPoolExhausted.labels }}
@@ -57,8 +57,8 @@ spec:
     {{- range .Values.prometheus.prometheusRule.addressPoolUsage.thresholds }}
     - alert: MetalLBAddressPoolUsage{{ .percent }}Percent
       annotations:
-        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
+        summary: {{`'Exhausted address pool on {{ $labels.pod }}'`}}
-          }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}}
+        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has address pool {{ $labels.pool }} past `}}{{ .percent }}{{`% usage for > 1 minute'`}}
       expr: ( metallb_allocator_addresses_in_use_total / on(pool) metallb_allocator_addresses_total ) * 100 > {{ .percent }}
       {{- with .labels }}
       labels:
@@ -69,8 +69,8 @@ spec:
     {{- if .Values.prometheus.prometheusRule.bgpSessionDown.enabled }}
     - alert: MetalLBBGPSessionDown
       annotations:
-        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod
+        summary:  {{`'BGP session down on {{ $labels.pod }}'`}}
-          }} has BGP session {{ $labels.peer }} down for > 1 minute'`}}
+        message: {{`'{{ $labels.job }} - MetalLB {{ $labels.container }} on {{ $labels.pod }} has BGP session {{ $labels.peer }} down for > 1 minute'`}}
       expr: metallb_bgp_session_up{job=~"{{ template "metallb.fullname" . }}.*"} == 0
       for: 1m
       {{- with .Values.prometheus.prometheusRule.bgpSessionDown.labels }}

metallb-chart/templates/rbac.yaml

@@ -19,11 +19,11 @@ rules:
   resources: ["events"]
   verbs: ["create", "patch"]
 - apiGroups: ["admissionregistration.k8s.io"]
-  resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+  resources: ["validatingwebhookconfigurations"]
   resourceNames: ["metallb-webhook-configuration"]
   verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
 - apiGroups: ["admissionregistration.k8s.io"]
-  resources: ["validatingwebhookconfigurations", "mutatingwebhookconfigurations"]
+  resources: ["validatingwebhookconfigurations"]
   verbs: ["list", "watch"]
 - apiGroups: ["apiextensions.k8s.io"]
   resources: ["customresourcedefinitions"]
@@ -41,6 +41,7 @@ rules:
   resources: ["subjectaccessreviews"]
   verbs: ["create"]
 {{- end }}
+{{- if .Values.speaker.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -72,7 +73,7 @@ rules:
 {{- if or .Values.frrk8s.enabled .Values.frrk8s.external }}
 - apiGroups: ["frrk8s.metallb.io"]
   resources: ["frrconfigurations"]
-  verbs: ["get", "list", "watch","create","update"]
+  verbs: ["get", "list", "watch","create","update","delete"]
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
@@ -109,6 +110,7 @@ rules:
 - apiGroups: ["metallb.io"]
   resources: ["communities"]
   verbs: ["get", "list", "watch"]
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
@@ -117,7 +119,7 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels: {{- include "metallb.labels" . | nindent 4 }}
 rules:
-{{- if .Values.speaker.memberlist.enabled }}
+{{- if and .Values.speaker.enabled .Values.speaker.memberlist.enabled }}
 - apiGroups: [""]
   resources: ["secrets"]
   verbs: ["create", "get", "list", "watch"]
@@ -166,6 +168,7 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: {{ template "metallb.fullname" . }}:controller
+{{- if .Values.speaker.enabled }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -195,6 +198,7 @@ roleRef:
 subjects:
 - kind: ServiceAccount
   name: {{ include "metallb.speaker.serviceAccountName" . }}
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

metallb-chart/templates/service-accounts.yaml

@@ -13,7 +13,7 @@ metadata:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 {{- end }}
-{{- if .Values.speaker.serviceAccount.create }}
+{{- if and .Values.speaker.enabled .Values.speaker.serviceAccount.create }}
 ---
 apiVersion: v1
 kind: ServiceAccount

metallb-chart/templates/servicemonitor.yaml

@@ -1,4 +1,9 @@
+{{- if and .Values.prometheus.serviceMonitor.enabled .Values.prometheus.podMonitor.enabled }}
+{{- fail "prometheus.serviceMonitor.enabled and prometheus.podMonitor.enabled cannot both be set" }}
+{{- end }}
+
 {{- if .Values.prometheus.serviceMonitor.enabled }}
+{{- if .Values.speaker.enabled }}
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
@@ -89,6 +94,7 @@ spec:
 {{- end }}
   sessionAffinity: None
   type: ClusterIP
+{{- end }}
 ---
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
@@ -97,7 +103,6 @@ metadata:
   namespace: {{ .Release.Namespace | quote }}
   labels:
     {{- include "metallb.labels" . | nindent 4 }}
-    app.kubernetes.io/component: speaker
     {{- if .Values.prometheus.serviceMonitor.controller.additionalLabels }}
 {{ toYaml .Values.prometheus.serviceMonitor.controller.additionalLabels | indent 4 }}
     {{- end }}

metallb-chart/values.yaml

@@ -45,7 +45,7 @@ prometheus:
   # certificate to be used.
   controllerMetricsTLSSecret: ""
 
-  # prometheus doens't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
+  # prometheus doesn't have the permission to scrape all namespaces so we give it permission to scrape metallb's one
   rbacPrometheus: true
 
   # the service account used by prometheus
@@ -67,7 +67,7 @@ prometheus:
     # enable support for Prometheus Operator
     enabled: false
 
-    # optional additionnal labels for podMonitors
+    # optional additional labels for podMonitors
     additionalLabels: {}
 
     # optional annotations for podMonitors
@@ -146,7 +146,7 @@ prometheus:
     # enable alertmanager alerts
     enabled: false
 
-    # optional additionnal labels for prometheusRules
+    # optional additional labels for prometheusRules
     additionalLabels: {}
 
     # optional annotations for prometheusRules
@@ -168,7 +168,7 @@ prometheus:
     addressPoolExhausted:
       enabled: true
       labels:
-        severity: alert
+        severity: critical
 
     addressPoolUsage:
       enabled: true
@@ -181,13 +181,13 @@ prometheus:
             severity: warning
         - percent: 95
           labels:
-            severity: alert
+            severity: critical
 
     # MetalLBBGPSessionDown
     bgpSessionDown:
       enabled: true
       labels:
-        severity: alert
+        severity: critical
 
     extraAlerts: []
 
@@ -201,7 +201,7 @@ controller:
   # webhookMode: enabled
   image:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-controller"
-    tag: "v0.14.8"
+    tag: "v0.14.9"
     pullPolicy: IfNotPresent
   ## @param controller.updateStrategy.type Metallb controller deployment strategy type.
   ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
@@ -282,7 +282,7 @@ speaker:
 
   image:
     repository: "%%IMG_REPO%%/%%IMG_PREFIX%%metallb-speaker"
-    tag: "v0.14.8"
+    tag: "v0.14.9"
     pullPolicy: IfNotPresent
   ## @param speaker.updateStrategy.type Speaker daemonset strategy type
   ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
@@ -346,7 +346,7 @@ speaker:
     enabled: false
     image:
       repository: "%%IMG_REPO%%/%%IMG_PREFIX%%frr"
-      tag: "8.4"
+      tag: "8.5.6"
       pullPolicy: IfNotPresent
     metricsPort: 7473
     resources: {}

metallb/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metallb/metallb</param>
     <param name="scm">git</param>
-    <param name="revision">v0.14.8</param>
+    <param name="revision">v0.14.9</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

metallb/metallb.spec

@@ -17,8 +17,8 @@
 
 
 Name:           metallb
-Version:        0.14.8
+Version:        0.14.9
-Release:        0.14.8
+Release:        0.14.9
 Summary:        Load Balancer for bare metal Kubernetes clusters
 License:        Apache-2.0
 URL:            https://github.com/metallb/metallb
@@ -54,7 +54,7 @@ This package contains the speaker binary.
 cp ./frr-tools/reloader/frr-reloader.sh frr-reloader.sh
 
 %build
-go install -v -mod vendor -buildmode=pie ./controller ./speaker ./frr-tools/metrics
+go install -v -mod vendor -buildmode=pie ./controller ./speaker ./frr-tools/metrics ./frr-tools/cp-tool
 mv $HOME/go/bin/metrics $HOME/go/bin/frr-metrics
 
 %install
@@ -63,6 +63,7 @@ mkdir -p %{buildroot}%{_sbindir}/
 install -D -m 0755 $HOME/go/bin/controller %{buildroot}/
 install -D -m 0755 $HOME/go/bin/speaker %{buildroot}/
 install -D -m 0755 $HOME/go/bin/frr-metrics %{buildroot}/
+install -D -m 0755 $HOME/go/bin/cp-tool %{buildroot}/
 install -D -m 0755 frr-reloader.sh %{buildroot}/
 
 %files controller
@@ -73,6 +74,7 @@ install -D -m 0755 frr-reloader.sh %{buildroot}/
 %license LICENSE
 /speaker
 /frr-metrics
+/cp-tool
 /frr-reloader.sh
 
 %changelog

nm-configurator/.gitattributes

@@ -1 +0,0 @@
-*.obscpio filter=lfs diff=lfs merge=lfs -text