Try with my PR

Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>

.gitignore

@@ -1,3 +1,4 @@
 */.osc
 */__pycache__
 .venv/
+.idea/

_config

@@ -60,6 +60,7 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: excludebuild:endpoint-copier-operator-image
     BuildFlags: excludebuild:ironic-image
     BuildFlags: excludebuild:ironic-ipa-downloader-image
+    BuildFlags: excludebuild:kiwi-builder-image
     BuildFlags: excludebuild:kubectl-image
     BuildFlags: excludebuild:kube-rbac-proxy-image
     BuildFlags: excludebuild:metallb-controller-image
@@ -109,6 +110,11 @@ BuildFlags: onlybuild:release-manifest-image
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync
     
+    # skopeo and umoci are used by build scripts to list packages
+    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
+%endif
+
+%if "%_repository" == "images"
     # skopeo and umoci are used by build scripts to list packages
     Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
 
@@ -123,6 +129,8 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: dockerarg:SLE_VERSION=16.0
     BuildFlags: onlybuild:kiwi-builder-image
     
+    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
+
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync
 
@@ -140,7 +148,13 @@ BuildFlags: onlybuild:release-manifest-image
     %endif
 
 %else
+    %if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
       BuildFlags: excludebuild:kiwi-builder-image
+    %else
+      %ifarch aarch64
+        BuildFlags: onlybuild:kiwi-builder-image
+      %endif
+    %endif
 %endif
 
 

_meta

@@ -23,6 +23,9 @@
     <disable/>
     <enable repository="charts"/>
     <enable repository="test_manifest_images"/>
+    {%- if for_release %}
+    <enable repository="releasecharts"/>
+    {%- endif %}
   </build>
   <publish>
     <disable repository="phantomcharts"/>

akri-dashboard-extension-chart/Chart.yaml

@@ -1,4 +1,3 @@
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2
 #!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
 #!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
 annotations:

baremetal-operator-image/Dockerfile

@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.0-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
 
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,6 +29,8 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 
 COPY --from=base /installroot /
+COPY bmo-run /usr/bin/bmo-run
+RUN chmod +x /usr/bin/bmo-run
 RUN groupadd -r -g 11000 bmo
 RUN useradd -u 11000 -g 11000 bmo
-ENTRYPOINT [ "/usr/bin/baremetal-operator" ]
+ENTRYPOINT [ "/usr/bin/bmo-run" ]

baremetal-operator-image/bmo-run

@@ -0,0 +1,12 @@
+#!/bin/bash
+export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
+export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
+
+if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
+    # shellcheck disable=SC2034
+    inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
+        kill $(pgrep baremetal-opera)
+    done &
+fi
+
+exec /usr/bin/baremetal-operator $@

baremetal-operator/0001-Allow-configuring-different-IPA-images-per-architect.patch

@@ -0,0 +1,529 @@
+From 19cbf4febbf042248266188e3629e0c88e06906a Mon Sep 17 00:00:00 2001
+From: Nicolas Belouin <nicolas.belouin@suse.com>
+Date: Thu, 26 Jun 2025 09:37:19 +0200
+Subject: [PATCH] Allow configuring different IPA images per architecture
+
+When using multiple architectures, having a way to set the Ironic
+"bootloader" (a.k.a EFI partition) accordingly is important, so this
+commit adds a new `DEPLOY_BOOTLOADER_URL` variable to set this Ironic
+option.
+
+This commit adds a set of new environment variables allowing to specify
+different URLs per target CPU architecture for the IPA image:
+ - `DEPLOY_KERNEL_URL_<ARCH>`
+ - `DEPLOY_RAMDISK_URL_<ARCH>`
+ - `DEPLOY_ISO_URL_<ARCH>`
+ - `DEPLOY_BOOTLOADER_URL_<ARCH>`
+
+Non suffixed variables are used as defaults, if there is no architecture
+specific image(s) defined for the BMH CPU architecture.
+
+Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
+---
+ .../metal3.io/baremetalhost_controller.go     |  1 +
+ pkg/imageprovider/imageprovider.go            |  1 +
+ pkg/provisioner/ironic/factory.go             | 61 ++++++++++----
+ pkg/provisioner/ironic/factory_test.go        | 25 ++++--
+ pkg/provisioner/ironic/ironic.go              | 46 ++++++++---
+ pkg/provisioner/ironic/ironic_test.go         | 10 ++-
+ pkg/provisioner/ironic/register_test.go       | 80 ++++++++++++-------
+ pkg/provisioner/provisioner.go                |  1 +
+ 8 files changed, 160 insertions(+), 65 deletions(-)
+
+diff --git a/internal/controller/metal3.io/baremetalhost_controller.go b/internal/controller/metal3.io/baremetalhost_controller.go
+index d04bb618..a4ea9d19 100644
+--- a/internal/controller/metal3.io/baremetalhost_controller.go
++++ b/internal/controller/metal3.io/baremetalhost_controller.go
+@@ -847,6 +847,7 @@ func (r *BareMetalHostReconciler) registerHost(prov provisioner.Provisioner, inf
+ 			PreprovisioningNetworkData: preprovisioningNetworkData,
+ 			HasCustomDeploy:            hasCustomDeploy(info.host),
+ 			DisablePowerOff:            info.host.Spec.DisablePowerOff,
++			CPUArchitecture:            getHostArchitecture(info.host),
+ 		},
+ 		credsChanged,
+ 		info.host.Status.ErrorType == metal3api.RegistrationError)
+diff --git a/pkg/imageprovider/imageprovider.go b/pkg/imageprovider/imageprovider.go
+index 459fdf2d..f307c041 100644
+--- a/pkg/imageprovider/imageprovider.go
++++ b/pkg/imageprovider/imageprovider.go
+@@ -20,6 +20,7 @@ type ImageData struct {
+ type GeneratedImage struct {
+ 	ImageURL          string
+ 	KernelURL         string
++	BootloaderURL     string
+ 	ExtraKernelParams string
+ }
+ 
+diff --git a/pkg/provisioner/ironic/factory.go b/pkg/provisioner/ironic/factory.go
+index 95cc21b4..5f4189bb 100644
+--- a/pkg/provisioner/ironic/factory.go
++++ b/pkg/provisioner/ironic/factory.go
+@@ -58,9 +58,10 @@ func (f *ironicProvisionerFactory) init(havePreprovImgBuilder bool) error {
+ 	f.log.Info("ironic settings",
+ 		"endpoint", ironicEndpoint,
+ 		"ironicAuthType", ironicAuth.Type,
+-		"deployKernelURL", f.config.deployKernelURL,
+-		"deployRamdiskURL", f.config.deployRamdiskURL,
+-		"deployISOURL", f.config.deployISOURL,
++		"defaultDeployKernelURL", f.config.defaultDeployConfig.kernelURL,
++		"defaultDeployRamdiskURL", f.config.defaultDeployConfig.ramdiskURL,
++		"defaultDeployISOURL", f.config.defaultDeployConfig.ISOURL,
++		"defaultDeployBootloaderURL", f.config.defaultDeployConfig.bootloaderURL,
+ 		"liveISOForcePersistentBootDevice", f.config.liveISOForcePersistentBootDevice,
+ 		"CACertFile", tlsConf.TrustedCAFile,
+ 		"ClientCertFile", tlsConf.ClientCertificateFile,
+@@ -105,27 +106,55 @@ func (f ironicProvisionerFactory) NewProvisioner(ctx context.Context, hostData p
+ 	return f.ironicProvisioner(ctx, hostData, publisher)
+ }
+ 
+-func loadConfigFromEnv(havePreprovImgBuilder bool) (ironicConfig, error) {
+-	c := ironicConfig{
+-		havePreprovImgBuilder: havePreprovImgBuilder,
++func loadDeployURLFromEnv(arch string, havePreprovImgBuilder bool) (ironicDeployConfig, error) {
++	c := ironicDeployConfig{}
++	var suffix string
++	if arch != "" {
++		suffix = "_" + strings.ToUpper(arch)
+ 	}
++	c.kernelURL = os.Getenv("DEPLOY_KERNEL_URL" + suffix)
++	c.ramdiskURL = os.Getenv("DEPLOY_RAMDISK_URL" + suffix)
++	c.ISOURL = os.Getenv("DEPLOY_ISO_URL" + suffix)
++	c.bootloaderURL = os.Getenv("DEPLOY_BOOTLOADER_URL" + suffix)
+ 
+-	c.deployKernelURL = os.Getenv("DEPLOY_KERNEL_URL")
+-	c.deployRamdiskURL = os.Getenv("DEPLOY_RAMDISK_URL")
+-	c.deployISOURL = os.Getenv("DEPLOY_ISO_URL")
+ 	if !havePreprovImgBuilder {
+-		if c.deployISOURL == "" &&
+-			(c.deployKernelURL == "" || c.deployRamdiskURL == "") {
+-			return c, errors.New("either DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL or DEPLOY_ISO_URL must be set")
+-		}
+-		if (c.deployKernelURL == "" && c.deployRamdiskURL != "") ||
+-			(c.deployKernelURL != "" && c.deployRamdiskURL == "") {
++		if (c.kernelURL == "" && c.ramdiskURL != "") ||
++			(c.kernelURL != "" && c.ramdiskURL == "") {
+ 			return c, errors.New("DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL can only be set together")
+ 		}
+ 	}
+-	if c.deployKernelURL == "" && c.deployRamdiskURL != "" {
++	if c.kernelURL == "" && c.ramdiskURL != "" {
+ 		return c, errors.New("DEPLOY_RAMDISK_URL requires DEPLOY_KERNEL_URL to be set also")
+ 	}
++	return c, nil
++}
++
++func loadConfigFromEnv(havePreprovImgBuilder bool) (ironicConfig, error) {
++	c := ironicConfig{
++		havePreprovImgBuilder: havePreprovImgBuilder,
++		archDeployConfig:      make(map[string]ironicDeployConfig),
++	}
++	var err error
++	c.defaultDeployConfig, err = loadDeployURLFromEnv("", havePreprovImgBuilder)
++	if err != nil {
++		return c, err
++	}
++	for _, arch := range supportedArch {
++		archDeployConfig, err := loadDeployURLFromEnv(arch, havePreprovImgBuilder)
++		// Only register valid arch specific deploy configuration
++		if archDeployConfig.ISOURL != "" || (archDeployConfig.kernelURL != "" && archDeployConfig.ramdiskURL != "") {
++			c.archDeployConfig[arch] = archDeployConfig
++		}
++		if err != nil {
++			return c, err
++		}
++	}
++	if !havePreprovImgBuilder {
++		if c.defaultDeployConfig.ISOURL == "" &&
++			(c.defaultDeployConfig.kernelURL == "" || c.defaultDeployConfig.ramdiskURL == "") {
++			return c, errors.New("either DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL or DEPLOY_ISO_URL must be set")
++		}
++	}
+ 
+ 	c.maxBusyHosts = 20
+ 	if maxHostsStr := os.Getenv("PROVISIONING_LIMIT"); maxHostsStr != "" {
+diff --git a/pkg/provisioner/ironic/factory_test.go b/pkg/provisioner/ironic/factory_test.go
+index db47d8b2..acdedf1c 100644
+--- a/pkg/provisioner/ironic/factory_test.go
++++ b/pkg/provisioner/ironic/factory_test.go
+@@ -14,6 +14,11 @@ type EnvFixture struct {
+ 	kernelURL                        string
+ 	ramdiskURL                       string
+ 	isoURL                           string
++	bootloaderURL                    string
++	aarch64kernelURL                 string
++	aarch64ramdiskURL                string
++	aarch64isoURL                    string
++	aarch64bootloaderURL             string
+ 	liveISOForcePersistentBootDevice string
+ 	ironicCACertFile                 string
+ 	ironicClientCertFile             string
+@@ -49,6 +54,11 @@ func (f *EnvFixture) SetUp() {
+ 	f.replace("DEPLOY_KERNEL_URL", f.kernelURL)
+ 	f.replace("DEPLOY_RAMDISK_URL", f.ramdiskURL)
+ 	f.replace("DEPLOY_ISO_URL", f.isoURL)
++	f.replace("DEPLOY_BOOTLOADER_URL", f.bootloaderURL)
++	f.replace("DEPLOY_KERNEL_URL_AARCH64", f.aarch64kernelURL)
++	f.replace("DEPLOY_RAMDISK_URL_AARCH64", f.aarch64ramdiskURL)
++	f.replace("DEPLOY_ISO_URL_AARCH64", f.aarch64isoURL)
++	f.replace("DEPLOY_BOOTLOADER_URL_AARCH64", f.aarch64bootloaderURL)
+ 	f.replace("LIVE_ISO_FORCE_PERSISTENT_BOOT_DEVICE", f.liveISOForcePersistentBootDevice)
+ 	f.replace("IRONIC_CACERT_FILE", f.ironicCACertFile)
+ 	f.replace("IRONIC_CLIENT_CERT_FILE", f.ironicClientCertFile)
+@@ -58,9 +68,14 @@ func (f *EnvFixture) SetUp() {
+ }
+ func (f EnvFixture) VerifyConfig(t *testing.T, c ironicConfig, _ string) {
+ 	t.Helper()
+-	assert.Equal(t, f.kernelURL, c.deployKernelURL)
+-	assert.Equal(t, f.ramdiskURL, c.deployRamdiskURL)
+-	assert.Equal(t, f.isoURL, c.deployISOURL)
++	assert.Equal(t, f.kernelURL, c.defaultDeployConfig.kernelURL)
++	assert.Equal(t, f.ramdiskURL, c.defaultDeployConfig.ramdiskURL)
++	assert.Equal(t, f.isoURL, c.defaultDeployConfig.ISOURL)
++	assert.Equal(t, f.bootloaderURL, c.defaultDeployConfig.bootloaderURL)
++	assert.Equal(t, f.aarch64kernelURL, c.archDeployConfig["aarch64"].kernelURL)
++	assert.Equal(t, f.aarch64ramdiskURL, c.archDeployConfig["aarch64"].ramdiskURL)
++	assert.Equal(t, f.aarch64isoURL, c.archDeployConfig["aarch64"].ISOURL)
++	assert.Equal(t, f.aarch64bootloaderURL, c.archDeployConfig["aarch64"].bootloaderURL)
+ 	assert.Equal(t, f.liveISOForcePersistentBootDevice, c.liveISOForcePersistentBootDevice)
+ }
+ 
+@@ -108,14 +123,14 @@ func TestLoadConfigFromEnv(t *testing.T) {
+ 			env: EnvFixture{
+ 				kernelURL: "http://kernel",
+ 			},
+-			expectedError: "either DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL or DEPLOY_ISO_URL must be set",
++			expectedError: "DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL can only be set together",
+ 		},
+ 		{
+ 			name: "only ramdisk",
+ 			env: EnvFixture{
+ 				ramdiskURL: "http://ramdisk",
+ 			},
+-			expectedError:         "either DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL or DEPLOY_ISO_URL must be set",
++			expectedError:         "DEPLOY_KERNEL_URL and DEPLOY_RAMDISK_URL can only be set together",
+ 			expectedImgBuildError: "DEPLOY_RAMDISK_URL requires DEPLOY_KERNEL_URL to be set also",
+ 		},
+ 		{
+diff --git a/pkg/provisioner/ironic/ironic.go b/pkg/provisioner/ironic/ironic.go
+index 4bc753f2..52d03479 100644
+--- a/pkg/provisioner/ironic/ironic.go
++++ b/pkg/provisioner/ironic/ironic.go
+@@ -30,6 +30,7 @@ var (
+ 	subscriptionRequeueDelay  = time.Second * 10
+ 	introspectionRequeueDelay = time.Second * 15
+ 	softPowerOffTimeout       = time.Second * 180
++	supportedArch             = [...]string{"x86_64", "aarch64"}
+ )
+ 
+ const (
+@@ -41,6 +42,7 @@ const (
+ 	nameSeparator        = "~"
+ 	customDeployPriority = 80
+ 
++	bootloaderKey    = "bootloader"
+ 	deployKernelKey  = "deploy_kernel"
+ 	deployRamdiskKey = "deploy_ramdisk"
+ 	deployISOKey     = "deploy_iso"
+@@ -61,11 +63,17 @@ func NewMacAddressConflictError(address, node string) error {
+ 	return macAddressConflictError{Address: address, ExistingNode: node}
+ }
+ 
++type ironicDeployConfig struct {
++	kernelURL     string
++	ramdiskURL    string
++	bootloaderURL string
++	ISOURL        string
++}
++
+ type ironicConfig struct {
+ 	havePreprovImgBuilder            bool
+-	deployKernelURL                  string
+-	deployRamdiskURL                 string
+-	deployISOURL                     string
++	defaultDeployConfig              ironicDeployConfig
++	archDeployConfig                 map[string]ironicDeployConfig
+ 	liveISOForcePersistentBootDevice string
+ 	maxBusyHosts                     int
+ 	externalURL                      string
+@@ -318,7 +326,7 @@ func (p *ironicProvisioner) createPXEEnabledNodePort(uuid, macAddress string) er
+ func (p *ironicProvisioner) configureImages(data provisioner.ManagementAccessData, ironicNode *nodes.Node, bmcAccess bmc.AccessDetails) (result provisioner.Result, err error) {
+ 	updater := clients.UpdateOptsBuilder(p.log)
+ 
+-	deployImageInfo := setDeployImage(p.config, bmcAccess, data.PreprovisioningImage)
++	deployImageInfo := setDeployImage(p.config, bmcAccess, data.PreprovisioningImage, data.CPUArchitecture)
+ 	updater.SetDriverInfoOpts(deployImageInfo, ironicNode)
+ 
+ 	// NOTE(dtantsur): It is risky to update image information for active nodes since it may affect the ability to clean up.
+@@ -430,14 +438,20 @@ func setExternalURL(p *ironicProvisioner, driverInfo map[string]interface{}) map
+ 	return driverInfo
+ }
+ 
+-func setDeployImage(config ironicConfig, accessDetails bmc.AccessDetails, hostImage *provisioner.PreprovisioningImage) clients.UpdateOptsData {
++func setDeployImage(config ironicConfig, accessDetails bmc.AccessDetails, hostImage *provisioner.PreprovisioningImage, cpuArch string) clients.UpdateOptsData {
+ 	deployImageInfo := clients.UpdateOptsData{
++		bootloaderKey:    nil,
+ 		deployKernelKey:  nil,
+ 		deployRamdiskKey: nil,
+ 		deployISOKey:     nil,
+ 		kernelParamsKey:  nil,
+ 	}
+ 
++	deployConfig, ok := config.archDeployConfig[cpuArch]
++	if !ok {
++		deployConfig = config.defaultDeployConfig
++	}
++
+ 	allowISO := accessDetails.SupportsISOPreprovisioningImage()
+ 
+ 	if hostImage != nil {
+@@ -450,10 +464,15 @@ func setDeployImage(config ironicConfig, accessDetails bmc.AccessDetails, hostIm
+ 		case metal3api.ImageFormatInitRD:
+ 			if hostImage.KernelURL != "" {
+ 				deployImageInfo[deployKernelKey] = hostImage.KernelURL
+-			} else if config.deployKernelURL == "" {
++			} else if deployConfig.kernelURL == "" {
+ 				return nil
+ 			} else {
+-				deployImageInfo[deployKernelKey] = config.deployKernelURL
++				deployImageInfo[deployKernelKey] = deployConfig.kernelURL
++			}
++			if hostImage.BootloaderURL != "" {
++				deployImageInfo[bootloaderKey] = hostImage.BootloaderURL
++			} else if deployConfig.bootloaderURL != "" {
++				deployImageInfo[bootloaderKey] = deployConfig.bootloaderURL
+ 			}
+ 			deployImageInfo[deployRamdiskKey] = hostImage.ImageURL
+ 			if hostImage.ExtraKernelParams != "" {
+@@ -465,13 +484,16 @@ func setDeployImage(config ironicConfig, accessDetails bmc.AccessDetails, hostIm
+ 	}
+ 
+ 	if !config.havePreprovImgBuilder {
+-		if allowISO && config.deployISOURL != "" {
+-			deployImageInfo[deployISOKey] = config.deployISOURL
++		if allowISO && deployConfig.ISOURL != "" {
++			deployImageInfo[deployISOKey] = deployConfig.ISOURL
+ 			return deployImageInfo
+ 		}
+-		if config.deployKernelURL != "" && config.deployRamdiskURL != "" {
+-			deployImageInfo[deployKernelKey] = config.deployKernelURL
+-			deployImageInfo[deployRamdiskKey] = config.deployRamdiskURL
++		if deployConfig.kernelURL != "" && deployConfig.ramdiskURL != "" {
++			deployImageInfo[deployKernelKey] = deployConfig.kernelURL
++			deployImageInfo[deployRamdiskKey] = deployConfig.ramdiskURL
++			if deployConfig.bootloaderURL != "" {
++				deployImageInfo[bootloaderKey] = deployConfig.bootloaderURL
++			}
+ 			return deployImageInfo
+ 		}
+ 	}
+diff --git a/pkg/provisioner/ironic/ironic_test.go b/pkg/provisioner/ironic/ironic_test.go
+index a8759c44..f65592e6 100644
+--- a/pkg/provisioner/ironic/ironic_test.go
++++ b/pkg/provisioner/ironic/ironic_test.go
+@@ -27,10 +27,12 @@ func newTestProvisionerFactory() ironicProvisionerFactory {
+ 	return ironicProvisionerFactory{
+ 		log: logf.Log,
+ 		config: ironicConfig{
+-			deployKernelURL:  "http://deploy.test/ipa.kernel",
+-			deployRamdiskURL: "http://deploy.test/ipa.initramfs",
+-			deployISOURL:     "http://deploy.test/ipa.iso",
+-			maxBusyHosts:     20,
++			defaultDeployConfig: ironicDeployConfig{
++				kernelURL:  "http://deploy.test/ipa.kernel",
++				ramdiskURL: "http://deploy.test/ipa.initramfs",
++				ISOURL:     "http://deploy.test/ipa.iso",
++			},
++			maxBusyHosts: 20,
+ 		},
+ 	}
+ }
+diff --git a/pkg/provisioner/ironic/register_test.go b/pkg/provisioner/ironic/register_test.go
+index c7d6bc75..9ded5946 100644
+--- a/pkg/provisioner/ironic/register_test.go
++++ b/pkg/provisioner/ironic/register_test.go
+@@ -1112,9 +1112,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "iso no imgbuilder",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: false,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver:      isoDriver,
+ 			ExpectBuild: false,
+@@ -1125,8 +1127,10 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "no imgbuilder no iso",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: false,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++				},
+ 			},
+ 			Driver:      isoDriver,
+ 			ExpectBuild: false,
+@@ -1137,9 +1141,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe no imgbuilder",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: false,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver:      pxeDriver,
+ 			ExpectBuild: false,
+@@ -1150,9 +1156,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "iso no build",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver:    isoDriver,
+ 			ExpectISO: false,
+@@ -1162,9 +1170,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "iso build",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver: isoDriver,
+ 			Image: &provisioner.PreprovisioningImage{
+@@ -1181,9 +1191,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe build",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver: pxeDriver,
+ 			Image: &provisioner.PreprovisioningImage{
+@@ -1200,9 +1212,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe build with new kernel and kernel params",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver: pxeDriver,
+ 			Image: &provisioner.PreprovisioningImage{
+@@ -1223,9 +1237,11 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe iso build",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
+-				deployRamdiskURL:      localRamdisk,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL:  localKernel,
++					ramdiskURL: localRamdisk,
++					ISOURL:     localIso,
++				},
+ 			},
+ 			Driver: pxeDriver,
+ 			Image: &provisioner.PreprovisioningImage{
+@@ -1242,7 +1258,9 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe build no kernel",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					ISOURL: localIso,
++				},
+ 			},
+ 			Driver: pxeDriver,
+ 			Image: &provisioner.PreprovisioningImage{
+@@ -1273,7 +1291,9 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe iso build no initrd",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL: localKernel,
++				},
+ 			},
+ 			Driver: pxeDriver,
+ 			Image: &provisioner.PreprovisioningImage{
+@@ -1289,7 +1309,9 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "no build no initrd",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: true,
+-				deployKernelURL:       localKernel,
++				defaultDeployConfig: ironicDeployConfig{
++					kernelURL: localKernel,
++				},
+ 			},
+ 			Driver:    pxeDriver,
+ 			ExpectISO: false,
+@@ -1299,7 +1321,9 @@ func TestSetDeployImage(t *testing.T) {
+ 			Scenario: "pxe no imgbuilder no pxe",
+ 			Config: ironicConfig{
+ 				havePreprovImgBuilder: false,
+-				deployISOURL:          localIso,
++				defaultDeployConfig: ironicDeployConfig{
++					ISOURL: localIso,
++				},
+ 			},
+ 			Driver:    pxeDriver,
+ 			ExpectISO: false,
+@@ -1318,7 +1342,7 @@ func TestSetDeployImage(t *testing.T) {
+ 
+ 	for _, tc := range testCases {
+ 		t.Run(tc.Scenario, func(t *testing.T) {
+-			opts := setDeployImage(tc.Config, tc.Driver, tc.Image)
++			opts := setDeployImage(tc.Config, tc.Driver, tc.Image, "x86_64")
+ 
+ 			switch {
+ 			case tc.ExpectISO:
+diff --git a/pkg/provisioner/provisioner.go b/pkg/provisioner/provisioner.go
+index faddd0fd..f7f55c0d 100644
+--- a/pkg/provisioner/provisioner.go
++++ b/pkg/provisioner/provisioner.go
+@@ -82,6 +82,7 @@ type ManagementAccessData struct {
+ 	PreprovisioningNetworkData string
+ 	HasCustomDeploy            bool
+ 	DisablePowerOff            bool
++	CPUArchitecture            string
+ }
+ 
+ type AdoptData struct {
+-- 
+2.50.0
+

baremetal-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/metal3-io/baremetal-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.9.1</param>
+    <param name="revision">v0.10.2</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

baremetal-operator/baremetal-operator.spec

@@ -17,14 +17,15 @@
 
 
 Name:           baremetal-operator
-Version:        0.9.1
+Version:        0.10.2
 Release:        0
 Summary:        Implements a Kubernetes API for managing bare metal hosts
 License:        Apache-2.0
 URL:            https://github.com/metal3-io/baremetal-operator
+Patch0:         0001-Allow-configuring-different-IPA-images-per-architect.patch
 Source:         baremetal-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.23
+BuildRequires:  golang(API) = 1.24
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

edge-image-builder-image/Dockerfile

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.2.0"
+LABEL org.opencontainers.image.version="1.2.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

edge-image-builder-image/artifacts.yaml

@@ -5,7 +5,7 @@ metallb:
 endpoint-copier-operator:
   chart: endpoint-copier-operator
   repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
-  version: "%%CHART_MAJOR%%.0.0+up0.2.1"
+  version: "%%CHART_MAJOR%%.0.1+up0.3.0"
 kubernetes:
   k3s:
     selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch

edge-image-builder/_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.2.0</param>
+    <param name="revision">v1.2.1</param>
     <!-- Uncomment and set this For Pre-Release Version -->
     <!-- <param name="version">1.2.0~rc1</param> -->
     <!-- Uncomment and this for regular version -->

edge-image-builder/edge-image-builder.spec

@@ -17,7 +17,7 @@
 
 
 Name:           edge-image-builder
-Version:        1.2.0
+Version:        1.2.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0

endpoint-copier-operator-chart/Chart.yaml

@@ -1,8 +1,8 @@
-#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
+#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.1_up0.3.0
-#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.1_up0.3.0-%RELEASE%
 apiVersion: v2
-appVersion: v0.2.0
+appVersion: v0.3.0
 description: A Helm chart for Kubernetes
 name: endpoint-copier-operator
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.2.1"
+version: "%%CHART_MAJOR%%.0.1+up0.3.0"

endpoint-copier-operator-chart/templates/deployment.yaml

@@ -20,8 +20,23 @@ spec:
       labels:
         {{- include "endpoint-copier-operator.selectorLabels" . | nindent 8 }}
     spec:
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - command:
         - /manager

endpoint-copier-operator-chart/templates/rbac/role.yaml

@@ -7,9 +7,9 @@ metadata:
   name: {{ include "endpoint-copier-operator.fullname" . }}
 rules:
 - apiGroups:
-  - ""
+  - "discovery.k8s.io"
   resources:
-  - endpoints
+  - endpointslices
   verbs:
   - create
   - delete

endpoint-copier-operator-chart/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "0.2.0"
+  tag: "0.3.0"
 
 nameOverride: "endpoint-copier-operator"
 fullnameOverride: "endpoint-copier-operator"
@@ -29,6 +29,8 @@ podSecurityContext:
   seccompProfile:
     type: RuntimeDefault
 
+priorityClassName: "system-cluster-critical"
+
 securityContext:
   allowPrivilegeEscalation: false
   capabilities:
@@ -37,11 +39,11 @@ securityContext:
 
 resources:
   limits:
-    cpu: 500m
+    cpu: 100m
-    memory: 128Mi
-  requests:
-    cpu: 10m
     memory: 64Mi
+  requests:
+    cpu: 5m
+    memory: 32Mi
 
 autoscaling:
   enabled: false

endpoint-copier-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/suse-edge/endpoint-copier-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.2.0</param>
+    <param name="revision">v0.3.0</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

endpoint-copier-operator/endpoint-copier-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           endpoint-copier-operator
-Version:        0.2.0
+Version:        0.3.0
-Release:        0.2.0
+Release:        0.3.0
 Summary:        Implements a Kubernetes API for copying endpoint resources
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/endpoint-copier-operator
 Source:         endpoint-copier-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.20
+BuildRequires:  golang(API) = 1.24
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

ironic-image/inspector-apache.conf.j2

@@ -1,57 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-{% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
- <VirtualHost *:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
-{% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
- <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
-{% endif %}
-    {% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
-    ProxyPass "/"  "unix:/shared/inspector.sock|http://127.0.0.1/"
-    ProxyPassReverse "/"  "unix:/shared/inspector.sock|http://127.0.0.1/"
-    {% else %}
-    ProxyPass "/"  "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
-    ProxyPassReverse "/"  "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
-    {% endif %}
-
-    SetEnv APACHE_RUN_USER ironic-suse
-    SetEnv APACHE_RUN_GROUP ironic-suse
-
-    ErrorLog /dev/stdout
-    LogLevel debug
-    CustomLog /dev/stdout combined
-
-    SSLEngine On
-    SSLProtocol {{ env.IRONIC_SSL_PROTOCOL }}
-    SSLCertificateFile {{ env.IRONIC_INSPECTOR_CERT_FILE }} 
-    SSLCertificateKeyFile {{ env.IRONIC_INSPECTOR_KEY_FILE }}
-
-    {% if "INSPECTOR_HTPASSWD" in env and env.INSPECTOR_HTPASSWD | length %}
-    <Location / >
-        AuthType Basic
-        AuthName "Restricted area"
-        AuthUserFile "/etc/ironic-inspector/htpasswd"
-        Require valid-user
-    </Location>
-
-    <Location ~ "^/(v1/?)?$" >
-        Require all granted
-    </Location>
-
-    <Location /v1/continue >
-        Require all granted
-    </Location>
-    {% endif %}
-</VirtualHost>

ironic-image/ironic-inspector.conf.j2

@@ -1,68 +0,0 @@
-[DEFAULT]
-auth_strategy = noauth
-debug = true
-transport_url = fake://
-use_stderr = true
-{% if env.INSPECTOR_REVERSE_PROXY_SETUP == "true" %}
-{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
-listen_unix_socket = /shared/inspector.sock
-# NOTE(dtantsur): this is not ideal, but since the socket is accessed from
-# another container, we need to make it world-writeable.
-listen_unix_socket_mode = 0666
-{% else %}
-listen_port = {{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}
-listen_address = 127.0.0.1
-{% endif %}
-{% elif env.LISTEN_ALL_INTERFACES | lower == "true" %}
-listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
-listen_address = ::
-{% else %}
-listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
-listen_address = {{ env.IRONIC_IP }}
-{% endif %}
-host = {{ env.IRONIC_IP }}
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
-use_ssl = true
-{% endif %}
-
-[database]
-connection = sqlite:////var/lib/ironic-inspector/ironic-inspector.db
-
-{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
-[discovery]
-enroll_node_driver = ipmi
-{% endif %}
-
-[ironic]
-auth_type = none
-endpoint_override = {{ env.IRONIC_BASE_URL }}
-{% if env.IRONIC_TLS_SETUP == "true" %}
-cafile = {{ env.IRONIC_CACERT_FILE }}
-insecure = {{ env.IRONIC_INSECURE }}
-{% endif %}
-
-[processing]
-add_ports = all
-always_store_ramdisk_logs = true
-keep_ports = present
-{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
-node_not_found_hook = enroll
-{% endif %}
-permit_active_introspection = true
-power_off = false
-processing_hooks = $default_processing_hooks,lldp_basic
-ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk
-store_data = database
-
-[pxe_filter]
-driver = noop
-
-[service_catalog]
-auth_type = none
-endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
-
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
-[ssl]
-cert_file = {{ env.IRONIC_INSPECTOR_CERT_FILE }}
-key_file = {{ env.IRONIC_INSPECTOR_KEY_FILE }}
-{% endif %}

ironic-image/runironic-api

@@ -1,13 +0,0 @@
-#!/usr/bin/bash
-
-export IRONIC_DEPLOYMENT="API"
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-export IRONIC_REVERSE_PROXY_SETUP=false
-
-python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < /tmp/httpd-ironic-api.conf.j2 > /etc/httpd/conf.d/ironic.conf
-
-# shellcheck disable=SC1091
-. /bin/runhttpd

ironic-image/runironic-conductor

@@ -1,20 +0,0 @@
-#!/usr/bin/bash
-
-export IRONIC_DEPLOYMENT="Conductor"
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-# Ramdisk logs
-mkdir -p /shared/log/ironic/deploy
-
-run_ironic_dbsync
-
-if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
-        kill $(pgrep ironic)
-    done &
-fi
-
-exec /usr/bin/ironic-conductor

ironic-image/runironic-inspector

@@ -1,62 +0,0 @@
-#!/usr/bin/bash
-
-set -euxo pipefail
-
-CONFIG=/etc/ironic-inspector/ironic-inspector.conf
-
-export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
-export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
-
-# shellcheck disable=SC1091
-. /bin/tls-common.sh
-# shellcheck disable=SC1091
-. /bin/ironic-common.sh
-# shellcheck disable=SC1091
-. /bin/auth-common.sh
-
-if [[ "$USE_IRONIC_INSPECTOR" == "false" ]]; then
-    echo "FATAL: ironic-inspector is disabled via USE_IRONIC_INSPECTOR"
-    exit 1
-fi
-
-wait_for_interface_or_ip
-
-IRONIC_INSPECTOR_PORT=${IRONIC_INSPECTOR_ACCESS_PORT}
-if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
-    if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]] && [[ "${IRONIC_INSPECTOR_PRIVATE_PORT}" != "unix" ]]; then
-        IRONIC_INSPECTOR_PORT=$IRONIC_INSPECTOR_PRIVATE_PORT
-    fi
-else
-    export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
-fi
-
-export IRONIC_INSPECTOR_BASE_URL="${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_PORT}"
-export IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"
-
-build_j2_config()
-{
-    local CONFIG_FILE="$1"
-    python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$CONFIG_FILE.j2"
-}
-
-# Merge with the original configuration file from the package.
-build_j2_config "$CONFIG" | crudini --merge "$CONFIG"
-
-configure_inspector_auth
-
-configure_client_basic_auth ironic "${CONFIG}"
-
-ironic-inspector-dbsync --config-file "${CONFIG}" upgrade
-
-if [[ "$INSPECTOR_REVERSE_PROXY_SETUP" == "false" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
-        kill $(pgrep ironic)
-    done &
-fi
-
-# Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
-
-# shellcheck disable=SC2086
-exec /usr/bin/ironic-inspector

ironic-ipa-downloader-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.6
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.version="3.0.6"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-ipa-downloader-image/Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.6
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.6-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.7-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.version="3.0.6"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-ipa-downloader-image/Dockerfile.x86_64

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.6
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.6-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.7-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -22,7 +22,7 @@ LABEL org.opencontainers.image.version="3.0.6"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.7-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -19,7 +19,7 @@
 
 
 Name:           ironic-ipa-ramdisk
-Version:        3.0.6
+Version:        3.0.7
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA

kiwi-builder-image/Dockerfile

@@ -1,6 +1,7 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
 
+# Base image version, should match the tag above
 ARG KIWIVERSION="10.2.12"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
@@ -10,11 +11,11 @@ ARG KIWIVERSION
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
 LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%kiwi_version%%"
+LABEL org.opencontainers.image.version="${KIWIVERSION}"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:${KIWIVERSION}.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -23,9 +24,6 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
-# help the build service understand the need for python3-kiwi
-RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
-
 # Copy build script into image and make it executable
 ADD build-image.sh /usr/bin/build-image
 RUN chmod a+x /usr/bin/build-image

kiwi-builder-image/_service

@@ -1,15 +1,9 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">README</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
+    <param name="file">README</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
@@ -17,14 +11,4 @@
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
     <param name="var">SUPPORT_LEVEL</param>
   </service>
-  <service mode="buildtime" name="replace_using_package_version">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%kiwi_version%%</param>
-    <param name="package">python3-kiwi</param>
-  </service>
-  <service mode="buildtime" name="replace_using_package_version">
-    <param name="file">README</param>
-    <param name="regex">%%kiwi_version%%</param>
-    <param name="package">python3-kiwi</param>
-  </service>
 </services>

kubectl-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -16,11 +16,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.30.3"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.30.3
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 
@@ -12,7 +12,7 @@ Group: admin
 Packager: Kubernetes Authors <dev@kubernetes.io>
 License: Apache-2.0
 URL: https://kubernetes.io
-Source0: kubectl_%{version}.orig.tar.gz
+Source0: %{name}_%{version}.orig.tar.gz
 
 %description
 %{summary}.

kubevirt-dashboard-extension-chart/Chart.yaml

@@ -1,4 +1,3 @@
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2
 #!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
 #!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
 annotations:

metal3-chart/Chart.yaml

@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.6
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.8_up0.11.6-%RELEASE%
 apiVersion: v2
-appVersion: 0.11.3
+appVersion: 0.11.6
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.9.1
+  version: 0.9.2
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.10.3
+  version: 0.10.5
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.5.4
+  version: 0.6.0
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.1
+  version: 0.6.2
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.5+up0.11.3"
+version: "%%CHART_MAJOR%%.0.8+up0.11.6"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.9.1
+version: 0.9.2

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -10,18 +10,25 @@
 apiVersion: v1
 data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
-  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
     {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
     {{- $protocol = "https" }}
+  RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   {{- else }}
     {{- $protocol = "http" }}
+  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   {{- end }}
   CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
   DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"
   DEPLOY_RAMDISK_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs"
+  DEPLOY_KERNEL_URL_X86_64: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-x86_64.kernel"
+  DEPLOY_RAMDISK_URL_X86_64: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-x86_64.initramfs"
+  DEPLOY_BOOTLOADER_URL_X86_64: "{{ $protocol }}://{{ $ironicBootHost }}/uefi_esp-x86_64.img"
+  DEPLOY_KERNEL_URL_AARCH64: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-arm64.kernel"
+  DEPLOY_RAMDISK_URL_AARCH64: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-arm64.initramfs"
+  DEPLOY_BOOTLOADER_URL_AARCH64: "{{ $protocol }}://{{ $ironicBootHost }}/uefi_esp-arm64.img"
   DEPLOY_ARCHITECTURE: "{{ $deployArch }}"
 kind: ConfigMap
 metadata:

metal3-chart/charts/baremetal-operator/templates/configmap.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-data:
-  controller_manager_config.yaml: |
-    apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
-    kind: ControllerManagerConfig
-    health:
-      healthProbeBindAddress: :9440
-    metrics:
-      bindAddress: 127.0.0.1:8085
-    webhook:
-      port: 9443
-    leaderElection:
-      leaderElect: true
-      resourceName: a9498140.metal3.io
-kind: ConfigMap
-metadata:
-  name: baremetal-operator-manager-config
-  labels:
-    {{- include "baremetal-operator.labels" . | nindent 4 }}

metal3-chart/charts/baremetal-operator/templates/deployment.yaml

@@ -17,6 +17,8 @@ spec:
       control-plane: controller-manager
   template:
     metadata:
+      annotations:
+        checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
       labels:
         {{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
         control-plane: controller-manager

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,7 +28,7 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.9.1"
+    tag: "0.10.2.0"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.10.3
+version: 0.10.5

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -14,8 +14,9 @@ spec:
     type: Recreate
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
+        checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
           {{- toYaml . | nindent 8 }}
         {{- end }}
       labels:

metal3-chart/charts/ironic/values.yaml

@@ -60,7 +60,7 @@ images:
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.6
+    tag: 3.0.7
 
 nameOverride: ""
 fullnameOverride: ""

metal3-chart/charts/mariadb/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 10.6.7
+appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.5.4
+version: 0.6.0

metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap 
+metadata:
+  name: mariadb-config
+  labels:
+    {{- include "mariadb.labels" . | nindent 4 }}
+data:
+  ironic.conf: |
+    [mariadb]
+    max_connections 64
+    max_heap_table_size 1M
+    innodb_buffer_pool_size 5M
+    innodb_log_buffer_size 512K

metal3-chart/charts/mariadb/templates/configmap.yaml

@@ -5,4 +5,7 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 data:
-  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
+  MARIADB_USER: ironic
+  MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+  MARIADB_DATABASE: ironic
+  MARIADB_AUTO_UPGRADE: "yes"

metal3-chart/charts/mariadb/templates/deployment.yaml

@@ -25,23 +25,50 @@ spec:
       serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+      # This would run during entrypoint if run as root
+      - name: set-volume-owners
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        securityContext:
+            runAsUser: 0
+            allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+              - ALL
+              add:
+              - CHOWN
+              - FOWNER
+              - DAC_OVERRIDE
+            seccompProfile:
+              type: RuntimeDefault
+        volumeMounts:
+          - name: mariadb-conf
+            mountPath: /etc/mysql/conf.d
+          - name: mariadb-run
+            mountPath: /run/mysql
+          {{- $volmounts }}
+        command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
+        env:
+          - name: DATADIR
+            value: /var/lib/mysql
+          - name: SOCKET
+            value: /run/mysql/mysql.sock
       containers:
       - name: mariadb
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
+        envFrom:
+          - configMapRef:
+              name: mariadb-cm
         env:
           - name: MARIADB_PASSWORD
             valueFrom:
               secretKeyRef:
                 key: password
                 name: ironic-mariadb
-          - name: RESTART_CONTAINER_CERTIFICATE_UPDATED
-            valueFrom:
-              configMapKeyRef:
-                name: mariadb-cm
-                key: RESTART_CONTAINER_CERTIFICATE_UPDATED
         lifecycle:
           preStop:
             exec:
@@ -52,9 +79,9 @@ spec:
         livenessProbe:
           exec:
             command:
-              - sh
+              - healthcheck.sh
-              - -c
+              - --connect
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - --innodb_initialized
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -67,19 +94,29 @@ spec:
         readinessProbe:
           exec:
             command:
-              - sh
+              - healthcheck.sh
-              - -c
+              - --connect
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - --innodb_initialized
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
           successThreshold: 1
           timeoutSeconds: 10
         volumeMounts:
+            - name: mariadb-conf
+              mountPath: /etc/mysql/conf.d
+            - name: mariadb-run
+              mountPath: /run/mysql
             {{- $volmounts }}
       {{- with .Values.global.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
+        - name: mariadb-conf
+          configMap:
+            name: mariadb-config
+        - name: mariadb-run
+          emptyDir:
+            sizeLimit: 20Mi
         {{- $volumes }}

metal3-chart/charts/mariadb/values.yaml

@@ -12,9 +12,9 @@ service:
     targetPort: 3306
 
 image:
-  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/suse/mariadb
+  repository: registry.suse.com/suse/mariadb
   pullPolicy: IfNotPresent
-  tag: 10.6.15.1
+  tag: 10.11
 
 nameOverride: ""
 fullnameOverride: ""
@@ -31,8 +31,8 @@ serviceAccount:
 podAnnotations: {}
 
 podSecurityContext:
-  runAsUser: 10060
+  runAsUser: 60
-  fsGroup: 10060
+  fsGroup: 60
 
 securityContext:
   allowPrivilegeEscalation: false
@@ -60,6 +60,7 @@ persistence:
 volumeMounts:
   - name: mariadb-data-volume
     mountPath: /var/lib/mysql
+    subPath: data
 
 volumes:
   - name: mariadb-data-volume

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.1
+version: 0.6.2

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 26.1.2.2
+  tag: 26.1.2.4
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/values.yaml

@@ -115,8 +115,8 @@ metal3-mariadb:
   persistence:
     storageClass: ""
   image:
-    repository: "registry.suse.com/edge/mariadb"
+    repository: "registry.suse.com/suse/mariadb"
-    tag: "10.6.15.1"
+    tag: "10.11"
 
 #
 # Baremetal Operator

nm-configurator/_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/suse-edge/nm-configurator.git</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="scm">git</param>
-    <param name="revision">v0.3.2</param>
+    <param name="revision">v0.3.3</param>
     <param name="match-tag">*</param>
     <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
     <param name="versionrewrite-replacement">\1</param>

nm-configurator/_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/suse-edge/nm-configurator.git</param>
-              <param name="changesrevision">747301ba15a28e758d1f06070dc7ff29a5e80242</param></service></servicedata>
+              <param name="changesrevision">4563857d761c6d83e4013721f68ec4ac5828a1a7</param></service></servicedata>

nm-configurator/nm-configurator.obsinfo

@@ -1,4 +1,4 @@
 name: nm-configurator
-version: 0.3.2
+version: 0.3.3
-mtime: 1744218621
+mtime: 1748341626
-commit: 747301ba15a28e758d1f06070dc7ff29a5e80242
+commit: 4563857d761c6d83e4013721f68ec4ac5828a1a7

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.19.0
+appVersion: 0.20.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: "%%CHART_MAJOR%%.0.2+up0.19.0"
+version: "%%CHART_MAJOR%%.0.4+up0.20.0"

rancher-turtles-airgap-resources-chart/_service

@@ -2,7 +2,7 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
     <param name="var">CHART_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>

rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml

@@ -38,12 +38,12 @@ data:
                     description: |-
                       Enable Cluster config funtionality.
 
-                      This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the ClusterClass will be added to the Fleet Cluster labels.
+                      This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels.
                     nullable: true
                     properties:
                       agentEnvVars:
-                        description: AgentEnvVars are extra environment variables to be
+                        description: '`AgentEnvVars` are extra environment variables to
-                          added to the agent deployment.
+                          be added to the agent deployment.'
                         items:
                           description: EnvVar represents an environment variable present
                             in a Container.
@@ -218,7 +218,7 @@ data:
                         nullable: true
                         type: array
                       applyClassGroup:
-                        description: Apply a ClusterGroup for a ClusterClass referenced
+                        description: Apply a `ClusterGroup` for a `ClusterClass` referenced
                           from a different namespace.
                         nullable: true
                         type: boolean
@@ -352,7 +352,7 @@ data:
                     description: |-
                       Enable clusterClass controller functionality.
 
-                      This will create Fleet ClusterGroups for each ClusterClaster with the same name.
+                      This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name.
                     nullable: true
                     properties:
                       patchResource:
@@ -370,15 +370,20 @@ data:
                   config:
                     nullable: true
                     properties:
+                      bootstrapLocalCluster:
+                        description: Enable auto-installation of a fleet agent in the
+                          local cluster.
+                        nullable: true
+                        type: boolean
                       featureGates:
                         description: feature gates controlling experimental features
                         nullable: true
                         properties:
                           configMap:
-                            description: FeaturesConfigMap references a ConfigMap where
+                            description: '`FeaturesConfigMap` references a `ConfigMap`
-                              to apply feature flags. If a ConfigMap is referenced, the
+                              where to apply feature flags. If a `ConfigMap` is referenced,
-                              controller will update it instead of upgrading the Fleet
+                              the controller will update it instead of upgrading the Fleet
-                              chart.
+                              chart.'
                             nullable: true
                             properties:
                               ref:
@@ -507,7 +512,6 @@ data:
                         type: string
                     type: object
                 type: object
-                x-kubernetes-validations: []
               status:
                 nullable: true
                 properties:
@@ -565,7 +569,7 @@ data:
                 type: object
             required:
             - spec
-            title: FleetAddonConfig_kube_validation
+            title: FleetAddonConfigValidated
             type: object
             x-kubernetes-validations:
             - rule: self.metadata.name == 'fleet-addon-config'
@@ -813,7 +817,7 @@ data:
             control-plane: controller-manager
         spec:
           containers:
-          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
+          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
             imagePullPolicy: IfNotPresent
             name: manager
             ports:
@@ -826,10 +830,24 @@ data:
                 port: http
               initialDelaySeconds: 5
               periodSeconds: 5
+            resources:
+              limits:
+                cpu: 100m
+                memory: 150Mi
+              requests:
+                cpu: 100m
+                memory: 100Mi
           - args:
             - --helm-install
-            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
+            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
             name: helm-manager
+            resources:
+              limits:
+                cpu: 100m
+                memory: 150Mi
+              requests:
+                cpu: 100m
+                memory: 100Mi
             volumeMounts:
             - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
               name: helm-kubeconfig
@@ -867,10 +885,16 @@ data:
       - major: 0
         minor: 8
         contract: v1beta1
+      - major: 0
+        minor: 9
+        contract: v1beta1
+      - major: 0
+        minor: 10
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.8.1
+  name: v0.10.0
   namespace: rancher-turtles-system
   labels:
     provider-components: fleet

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -2529,7 +2529,7 @@ data:
             - --v=${CAPRKE2_DEBUG_LEVEL:=0}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.15.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2761,10 +2761,13 @@ data:
       - major: 0
         minor: 15
         contract: v1beta1
+      - major: 0
+        minor: 16
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.15.1
+  name: v0.16.1
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -4461,7 +4461,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.15.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4700,10 +4700,13 @@ data:
       - major: 0
         minor: 15
         contract: v1beta1
+      - major: 0
+        minor: 16
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.15.1
+  name: v0.16.1
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
   version: 0.18.1
 digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
-generated: "2025-04-29T09:14:10.14953774Z"
+generated: "2025-05-29T09:13:16.863770955Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,7 +12,7 @@ annotations:
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.19.0
+appVersion: 0.20.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: "%%CHART_MAJOR%%.0.2+up0.19.0"
+version: "%%CHART_MAJOR%%.0.4+up0.20.0"

rancher-turtles-chart/RELEASE_NOTES.md

@@ -1,14 +1,6 @@
-## Changes since v0.19.0-rc.1
+## Changes since v0.20.0-rc.0
 ---
 ## :chart_with_upwards_trend: Overview
-- 4 new commits merged
-
-:book: Additionally, there has been 1 contribution to our documentation and book. (#1325) 
-
-## :question: Sort these by hand
-- chart: Add helm chart values validation (#1320)
-- Dependency: Revert dependency bumps (#1328)
-- MULTIPLE_AREAS[documentation|azure]: Use predictable resourceGroup for AKS nodes (#1327)
 
 
 _Thanks to all our contributors!_ 😊

rancher-turtles-chart/questions.yml

@@ -29,12 +29,6 @@ questions:
         description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
         label: "Enable RKE2 Provider"
         type: boolean
-      - variable: rancherTurtles.features.addon-provider-fleet.enabled
-        default: true
-        description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles."
-        type: boolean
-        label: Seamless integration with Fleet and CAPI
-        group: "Rancher Turtles Features Settings"
       - variable: rancherTurtles.features.agent-tls-mode.enabled
         default: false
         description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
@@ -42,7 +36,7 @@ questions:
         label: Enable Agent TLS Mode
         group: "Rancher Turtles Features Settings"
       - variable: rancherTurtles.kubectlImage
-        default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
+        default: "registry.suse.com/edge/3.2/kubectl:1.32.4"
         description: "Specify the image to use when running kubectl in jobs."
         type: string
         label: Kubectl Image

rancher-turtles-chart/templates/addon-provider-fleet.yaml

@@ -1,5 +1,3 @@
-{{- if index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled" }}
----
 apiVersion: turtles-capi.cattle.io/v1alpha1
 kind: CAPIProvider
 metadata:
@@ -10,12 +8,6 @@ metadata:
     "helm.sh/hook-weight": "2"
 spec:
   type: addon
-  deployment:
-    containers:
-    - name: manager
-      imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
-    - name: helm-manager
-      imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
   additionalManifests:
     name: fleet-addon-config
     namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -66,4 +58,3 @@ data:
           matchExpressions:
             - key: cluster-api.cattle.io/disable-fleet-auto-import
               operator: DoesNotExist
-{{- end }}

rancher-turtles-chart/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       containers:
       - args:
         - --leader-elect
-        - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
+        - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
         {{- range .Values.rancherTurtles.managerArguments }}
         - {{ . }}
         {{- end }}  

rancher-turtles-chart/templates/rancher-turtles-components.yaml

@@ -3103,9 +3103,9 @@ spec:
             - message: Config secret namespace is always equal to the resource namespace
                 and should not be set.
               rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)'
-            - message: One of fetchConfig url or selector should be set.
+            - message: One of fetchConfig oci, url or selector should be set.
-              rule: '!has(self.fetchConfig) || [has(self.fetchConfig.url), has(self.fetchConfig.selector)].exists_one(e,
+              rule: '!has(self.fetchConfig) || [has(self.fetchConfig.oci), has(self.fetchConfig.url),
-                e)'
+                has(self.fetchConfig.selector)].exists_one(e, e)'
           status:
             default: {}
             description: CAPIProviderStatus defines the observed state of CAPIProvider.

rancher-turtles-chart/values.schema.json

@@ -259,6 +259,42 @@
             }
           }
         },
+        "resources": {
+          "type": "object",
+          "properties": {
+            "manager": {
+              "type": "object",
+              "properties": {
+                "limits": {
+                  "type": "object",
+                  "properties": {
+                    "cpu": {
+                      "type": "string",
+                      "description": "CPU limit."
+                    },
+                    "memory": {
+                      "type": "string",
+                      "description": "Memory limit."
+                    }
+                  }
+                },
+                "requests": {
+                  "type": "object",
+                  "properties": {
+                    "cpu": {
+                      "type": "string",
+                      "description": "CPU request."
+                    },
+                    "memory": {
+                      "type": "string",
+                      "description": "Memory request."
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
         "cleanup": {
           "type": "boolean",
           "default": true,

rancher-turtles-chart/values.yaml

@@ -9,8 +9,8 @@ turtlesUI:
 rancherTurtles:
   # image: registry.rancher.com/rancher/rancher/turtles
   image: registry.rancher.com/rancher/rancher/turtles
-  # imageVersion: v0.19.0
+  # imageVersion: v0.20.0
-  imageVersion: v0.19.0
+  imageVersion: v0.20.0
   # imagePullPolicy: IfNotPresent
   imagePullPolicy: IfNotPresent
   # namespace: Select namespace for Turtles to run.
@@ -22,7 +22,7 @@ rancherTurtles:
   # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
   rancherInstalled: false
   # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
   # features: Optional and experimental features.
   features:
     # day2operations: Alpha feature.
@@ -31,30 +31,26 @@ rancherTurtles:
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.19.0
+      # imageVersion: v0.20.0
-      imageVersion: v0.19.0
+      imageVersion: v0.20.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
       # etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
       etcdBackupRestore:
         # enabled: Turn on (true) or off (false).
         enabled: false
-    # addon-provider-fleet: Beta feature for fleet addons.
+    # agent-tls-mode: Beta feature for agent TLS.
-    addon-provider-fleet:
-      # enabled: Turn on or off.
-      enabled: true
-    # agent-tls-mode: Alpha feature for agent TLS.
     agent-tls-mode:
       # enabled: Turn on or off.
-      enabled: false
+      enabled: true
     # clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
     clusterclass-operations:
       # enabled: Turn on or off.
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.19.0
+      # imageVersion: v0.20.0
-      imageVersion: v0.19.0
+      imageVersion: v0.20.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
 
@@ -78,6 +74,14 @@ cluster-api-operator:
       configMap:
         # name: ConfigMap for clusterctl.
         name: clusterctl-config
+  resources:
+    manager:
+      limits:
+        cpu: 100m
+        memory: 300Mi
+      requests:
+        cpu: 100m
+        memory: 100Mi
   # image: registry.rancher.com/rancher/rancher/turtles
   image:
     manager:
@@ -123,7 +127,7 @@ cluster-api-operator:
       # enabled: Turn on or off.
       enabled: true
       # version: RKE2 version.
-      version: "v0.15.1"
+      version: "v0.16.1"
       # bootstrap: RKE2 bootstrap provider.
       bootstrap:
         # namespace: Bootstrap namespace.

release-manifest-image/Dockerfile

@@ -1,4 +1,4 @@
-#!BuildTag: %%IMG_PREFIX%%release-manifest:3.3.0
+#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.0
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
 
@@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SUSE Edge Release Manifest"
 LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release"
-LABEL org.opencontainers.image.version="3.3.0"
+LABEL org.opencontainers.image.version="3.4.0"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.3.0"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.0"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

release-manifest-image/release_manifest.yaml

@@ -1,13 +1,13 @@
 apiVersion: lifecycle.suse.com/v1alpha1
 kind: ReleaseManifest
 metadata:
-  name: release-manifest-3-3-0
+  name: release-manifest-3-4-0
 spec:
-  releaseVersion: 3.3.0
+  releaseVersion: 3.4.0
   components:
     kubernetes:
       k3s:
-        version: v1.32.3+k3s1
+        version: v1.32.4+k3s1
         coreComponents:
         - name: traefik-crd
           version: 34.2.1+up34.2.0
@@ -23,7 +23,7 @@ spec:
         - name: coredns
           containers:
           - name: coredns
-            image: rancher/mirrored-coredns-coredns:1.12.0
+            image: rancher/mirrored-coredns-coredns:1.12.1
           type: Deployment
         - name: metrics-server
           containers:
@@ -31,25 +31,25 @@ spec:
             image: rancher/mirrored-metrics-server:v0.7.2
           type: Deployment
       rke2:
-        version: v1.32.3+rke2r1
+        version: v1.32.4+rke2r1
         coreComponents:
         - name: rke2-cilium
-          version: 1.17.100
+          version: 1.17.300
           type: HelmChart
         - name: rke2-canal
-          version: v3.29.2-build2025030601
+          version: v3.29.3-build2025040801
           type: HelmChart
         - name: rke2-calico-crd
           version: v3.29.101
           type: HelmChart
         - name: rke2-calico
-          version: v3.29.200
+          version: v3.29.300
           type: HelmChart
         - name: rke2-coredns
-          version: 1.39.100
+          version: 1.39.201
           type: HelmChart
         - name: rke2-ingress-nginx
-          version: 4.12.100
+          version: 4.12.101
           type: HelmChart
         - name: rke2-metrics-server
           version: 3.12.200
@@ -89,7 +89,7 @@ spec:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.11.1
+          version: 2.11.2
           repository: https://charts.rancher.com/server-charts/prime
           values:
             postDelete:
@@ -123,22 +123,22 @@ spec:
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 106.0.0+up2.8.5
+          version: 106.0.1+up2.8.6
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 106.0.0+up2.8.5
+              version: 106.0.1+up2.8.6
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
               chart: neuvector-ui-ext
               repository: https://github.com/rancher/ui-plugin-charts/raw/main
-              version: 2.0.1
+              version: 2.1.3
         - prettyName: EndpointCopierOperator
           releaseName: endpoint-copier-operator
           chart: "%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator"
-          version: "%%CHART_MAJOR%%.0.0+up0.2.1"
+          version: "%%CHART_MAJOR%%.0.1+up0.3.0"
         - prettyName: Elemental
           releaseName: elemental-operator
           chart: oci://registry.suse.com/rancher/elemental-operator-chart
@@ -171,8 +171,8 @@ spec:
         - prettyName: Metal3
           releaseName: metal3
           chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
-          version: "%%CHART_MAJOR%%.0.5+up0.11.3"
+          version: "%%CHART_MAJOR%%.0.8+up0.11.6"
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
           chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
-          version: "%%CHART_MAJOR%%.0.2+up0.19.0"
+          version: "%%CHART_MAJOR%%.0.4+up0.20.0"

sriov-network-operator-chart/_service

@@ -2,7 +2,7 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHAT_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
+    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
     <param name="var">CHART_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>

upgrade-controller-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.0_up0.1.1
+#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.1_up0.1.1
-#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.0_up0.1.1-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.1_up0.1.1-%RELEASE%
 apiVersion: v2
 appVersion: 0.1.1
 dependencies:
@@ -10,4 +10,4 @@ dependencies:
 description: A Helm chart for Upgrade Controller
 name: upgrade-controller
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.1.1"
+version: "%%CHART_MAJOR%%.0.1+up0.1.1"

upgrade-controller-chart/values.yaml

@@ -15,7 +15,7 @@ env:
     image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
   kubectl:
     image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.30.3
+    version: 1.32.4
 
 imagePullSecrets: []
 nameOverride: ""