suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: suse-edge:devel
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel
..
compare: suse-edge:3a654b98261a5763b272579d62d4ec17dc847e2d828d9ccf5b70f10fe79a0090
Branches Tags
suse-edge:main suse-edge:3.3 suse-edge:3.2 suse-edge:devel

16 Commits
devel ... 3a654b9826

Author SHA256 Message Date
Steven Hardy
3a654b9826 rancher-turtles: updates for 0.19.0
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in -40s
Details
2025-05-09 18:25:21 +01:00
Steven Hardy
fe8d0ba120 rancher-turtles-airgap-resources: Updates for 0.19.0 2025-05-09 15:05:52 +01:00
Nicolas Belouin
b28f7a5817 Merge pull request 'Update the metal3-chart to fix the IPA ramdisk with multiple config-2 drives' (#145) from mchiappero/Factory:metal3_0.11.1 into main 
Reviewed-on: #145
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-05-09 15:58:42 +02:00
Marco Chiappero
c6b78eb569 Update metal3-chart to leverage IPA downloader 3.0.4
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 1m20s
Details 
Change the version of the metal3-chart include the latest IPA fixes,
and update the release manifest accordingly.

Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-05-09 12:18:07 +00:00
Marco Chiappero
8f7747415c Update the IPA ramdisk and downloader to 3.0.4 
Signed-off-by: Marco Chiappero <marco.chiappero@suse.com>
 2025-05-09 12:17:44 +00:00
Denislav Prodanov
e5ba38d02f Merge pull request '[3.3.0] - update sriov chart' (#148) from dprodanov/Factory:sriov-update into main 
Reviewed-on: #148
Reviewed-by: Nicolas Belouin <nbelouin@noreply.src.opensuse.org>
 2025-05-09 11:52:57 +02:00
Denislav Prodanov
f221cf4b37 [3.3.0] - update sriov chart
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 13s
Details
2025-05-09 12:29:17 +03:00
Nicolas Belouin
f42ac11716 Merge pull request 'Do a multibuild for IPA image so we also have lighter single architecture images' (#130) from nbelouin/Factory:ipa-multibuild into main 
Reviewed-on: #130
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>
 2025-05-09 10:18:34 +02:00
Denislav Prodanov
08ef2fe86f Merge pull request '[3.3.0] - update cdi version' (#144) from dprodanov/Factory:cdi-update into main 
Reviewed-on: #144
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2025-05-08 10:38:32 +02:00
Denislav Prodanov
ad221cd94e Merge pull request '[3.3.0] - update kubevirt and sriov in release-manifest' (#143) from dprodanov/Factory:release-manifest-update into main 
Reviewed-on: #143
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2025-05-08 10:38:26 +02:00
Denislav Prodanov
81a856e586 Merge pull request '[3.3.0] - update sriov to 1.5.0' (#142) from dprodanov/Factory:sriov-1-5-0 into main 
Reviewed-on: #142
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
 2025-05-08 10:38:09 +02:00
Denislav Prodanov
3c9ebbd7ef [3.3.0] - update sriov to 1.5.0
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in -36s
Details
2025-05-08 10:47:37 +03:00
Denislav Prodanov
03018e5cd1 [3.3.0] - update cdi version
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 9s
Details
2025-05-07 20:03:45 +03:00
Denislav Prodanov
e91096e13e [3.3.0] - update kubevirt and sriov in release-manifest
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 9s
Details
2025-05-07 19:44:16 +03:00
Nicolas Belouin
93f3abfeb5 Do a multibuild for IPA image so we also have lighter single architecture images
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 14s
Details 
Signed-off-by: Nicolas Belouin <nicolas.belouin@suse.com>
 2025-05-07 14:33:32 +02:00
Steven Hardy
2c4991cb24 Update versions for 3.3
All checks were successful
Build PR in OBS / Build PR in OBS (pull_request_target) Successful in 10s
Details 
Rancher prime 2.11.1 was released, so align with that and
updated Longhorn/Neuvector/Elemental and Metal3 charts
 2025-05-06 15:34:15 +01:00
93 changed files with 3940 additions and 2453 deletions
Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -1,4 +1,3 @@
*/.osc
*/__pycache__
.venv/
.idea/

4
.obs/common.py
View File

@@ -1,3 +1,3 @@
PROJECT = "isv:SUSE:Edge:Factory:Devel"
PROJECT = "isv:SUSE:Edge:Factory"
REPOSITORY = "https://src.opensuse.org/suse-edge/Factory"
BRANCH = "devel"
BRANCH = "main"

65
.obs/trigger_package.py
View File

@@ -1,65 +0,0 @@
import xml.etree.ElementTree as ET
import subprocess
from sync_packages import get_local_packages
from common import PROJECT
def get_service_repo(package):
with open(f"{package}/_service") as service:
root = ET.parse(service).getroot()
for service in root.findall("service"):
if service.get("mode") in ["manual", "disabled"]:
continue
if service.get("name") not in ["obs_scm", "tar_scm"]:
continue
ref = service.find("param[@name='revision']").text
repo = service.find("param[@name='url']").text
return (repo, ref)
return None
def get_remote_ref(project, package):
files = subprocess.run(["osc", "ls", "-e", project, package], encoding='utf-8' , capture_output=True).stdout.splitlines()
for filename in files:
if filename.startswith("_service") and filename.endswith(".obsinfo"):
obsinfo = subprocess.run(["osc", "cat", project, package, filename], encoding='utf-8' , capture_output=True).stdout.splitlines()
for line in obsinfo:
if line.startswith("commit:"):
return line.split(':')[-1].strip()
def get_upstream_ref(repo, ref):
refs = subprocess.run(["git", "ls-remote", repo, ref, f"{ref}^{{}}"], encoding='utf-8' , capture_output=True).stdout.splitlines()
refpath = ref.split('/')
best = None
for rref in refs:
value = rref.split('\t')
(sha, name) = (value[0].strip(), value[1].strip())
namepath = name.split('/')
if len(namepath) == len(refpath) or len(namepath) - 2 == len(refpath):
if name.endswith(ref) and best is None:
best = sha
if name.endswith("^{}"):
best = sha
return best
def trigger_service(project, package):
subprocess.run(["osc", "service", "remoterun", project, package], encoding="utf-8",check=True)
def main():
packages = get_local_packages()
for package in packages:
try:
(repo, ref) = get_service_repo(package)
print(f"{package} uses {repo} at {ref}")
except: # Package is not using server side scm service
continue
remote_ref = get_remote_ref(PROJECT, package)
upstream_ref = get_upstream_ref(repo, ref)
if upstream_ref != remote_ref:
print(f"\t{package} needs a refresh")
print(f"\tOBS ref is {remote_ref}")
print(f"\tgit ref is {upstream_ref}")
trigger_service(PROJECT, package)
if __name__ == "__main__":
main()

8
cdi-chart/Chart.yaml
View File

@@ -1,9 +1,9 @@
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0
#!BuildTag: %%CHART_PREFIX%%cdi:%%CHART_MAJOR%%.0.0_up0.5.0-%RELEASE%
apiVersion: v2
appVersion: 1.60.1
appVersion: 1.61.0
description: A Helm chart for Containerized Data Importer (CDI)
icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
name: cdi
type: application
version: "%%CHART_MAJOR%%.0.0+up0.4.0"
version: "%%CHART_MAJOR%%.0.0+up0.5.0"

18
cdi-chart/templates/cdi-operator.yaml
View File

@@ -606,17 +606,7 @@ spec:
prometheus.cdi.kubevirt.io: "true"
spec:
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
containers:
- env:
- name: DEPLOY_CLUSTER_RESOURCES
@@ -650,9 +640,7 @@ spec:
name: metrics
protocol: TCP
resources:
requests:
cpu: 100m
memory: 150Mi
{{- .Values.deployment.resources | toYaml | nindent 12 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -661,6 +649,8 @@ spec:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
nodeSelector:
kubernetes.io/os: linux
securityContext:

18
cdi-chart/values.yaml
View File

@@ -1,5 +1,5 @@
deployment:
version: 1.60.1-150600.3.9.1
version: 1.61.0-150600.3.12.1
operatorImage: registry.suse.com/suse/sles/15.6/cdi-operator
controllerImage: registry.suse.com/suse/sles/15.6/cdi-controller
importerImage: registry.suse.com/suse/sles/15.6/cdi-importer
@@ -8,6 +8,22 @@ deployment:
uploadserverImage: registry.suse.com/suse/sles/15.6/cdi-uploadserver
uploadproxyImage: registry.suse.com/suse/sles/15.6/cdi-uploadproxy
pullPolicy: IfNotPresent
affinity:
podAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- podAffinityTerm:
labelSelector:
matchExpressions:
- key: cdi.kubevirt.io
operator: In
values:
- cdi-operator
topologyKey: kubernetes.io/hostname
weight: 1
resources:
requests:
cpu: 100m
memory: 150Mi
cdi:
config:

8
edge-image-builder-image/Dockerfile
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc1
#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-rc1-%RELEASE%
#!BuildVersion: 15.6
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="%PACKAGE_VERSION%"
LABEL org.opencontainers.image.version="1.2.0-rc1"
LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:%PACKAGE_VERSION%-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-rc1-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

5
edge-image-builder-image/_service
View File

@@ -1,10 +1,5 @@
<services>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%PACKAGE_VERSION%</param>
<param name="package">edge-image-builder</param>
</service>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>

11
edge-image-builder/_service
View File

@@ -1,12 +1,15 @@
<services>
<service name="obs_scm">
<param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
<param name="versionformat">@PARENT_TAG@_%h.%ad</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
<param name="revision">main</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="revision">v1.2.0-rc1</param>
<!-- Uncomment and set this For Pre-Release Version -->
<param name="version">1.2.0~rc1</param>
<!-- Uncomment and this for regular version -->
<!-- <param name="versionformat">@PARENT_TAG@</param> -->
<param name="versionrewrite-pattern">v(\d+).(\d+).(\d+)</param>
<param name="versionrewrite-replacement">\1.\2.\3</param>
<param name="changesgenerate">enable</param>
</service>
<service mode="buildtime" name="tar">

2
edge-image-builder/edge-image-builder.spec
View File

@@ -17,7 +17,7 @@
Name: edge-image-builder
Version: 0
Version: 1.2.0~rc1
Release: 0
Summary: Edge Image Builder
License: Apache-2.0

9
ironic-ipa-downloader-image/Dockerfile
View File

@@ -1,7 +1,6 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%
#!BuildVersion: 15.6
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.4
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.4-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -19,11 +18,11 @@ FROM micro AS final
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.3"
LABEL org.opencontainers.image.version="3.0.4"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.3-%RELEASE%"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"

45
ironic-ipa-downloader-image/Dockerfile.aarch64 Normal file
View File

@@ -0,0 +1,45 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.4
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.4-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-aarch64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.4"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

45
ironic-ipa-downloader-image/Dockerfile.x86_64 Normal file
View File

@@ -0,0 +1,45 @@
# SPDX-License-Identifier: Apache-2.0
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.4
#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.4-%RELEASE%
ARG SLE_VERSION
FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
COPY --from=micro / /installroot/
RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes%g' /etc/zypp/zypp.conf
RUN zypper --installroot /installroot --non-interactive install --no-recommends ironic-ipa-ramdisk-x86_64 tar gawk curl xz zstd shadow cpio findutils
RUN cp /usr/bin/getopt /installroot/
FROM micro AS final
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=com.suse.application.ironic
LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
LABEL org.opencontainers.image.version="3.0.4"
LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="SUSE LLC"
LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.4-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
LABEL com.suse.eula="SUSE Combined EULA February 2024"
LABEL com.suse.lifecycle-url="https://www.suse.com/lifecycle"
LABEL com.suse.image-type="application"
LABEL com.suse.release-stage="released"
# endlabelprefix
COPY --from=base /installroot /
RUN cp /getopt /usr/bin/
RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
# configure non-root user
COPY configure-nonroot.sh /bin/
RUN set -euo pipefail; chmod +x /bin/configure-nonroot.sh
RUN set -euo pipefail; /bin/configure-nonroot.sh && rm -f /bin/configure-nonroot.sh
COPY get-resource.sh /usr/local/bin/get-resource.sh
RUN set -euo pipefail; chmod +x /usr/local/bin/get-resource.sh

4
ironic-ipa-downloader-image/_multibuild Normal file
View File

@@ -0,0 +1,4 @@
<multibuild>
<flavor>x86_64</flavor>
<flavor>aarch64</flavor>
</multibuild>

2
ironic-ipa-downloader-image/_service
View File

@@ -2,6 +2,8 @@
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service mode="buildtime" name="docker_label_helper"/>
<service name="replace_using_env" mode="buildtime">
<param name="file">Dockerfile.aarch64</param>
<param name="file">Dockerfile.x86_64</param>
<param name="file">Dockerfile</param>
<param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
<param name="var">IMG_PREFIX</param>

2
ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec
View File

@@ -19,7 +19,7 @@
Name: ironic-ipa-ramdisk
Version: 3.0.3
Version: 3.0.4
Release: 0
Summary: Kernel and ramdisk image for OpenStack Ironic
License: SUSE-EULA

BIN
ironic-ipa-ramdisk/root.tar.bz2 (Stored with Git LFS)
View File

Binary file not shown.

10
metal3-chart/Chart.yaml
View File

@@ -1,7 +1,7 @@
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.2_up0.11.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.3_up0.11.1
#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.3_up0.11.1-%RELEASE%
apiVersion: v2
appVersion: 0.11.0
appVersion: 0.11.1
dependencies:
- alias: metal3-baremetal-operator
name: baremetal-operator
@@ -10,7 +10,7 @@ dependencies:
- alias: metal3-ironic
name: ironic
repository: file://./charts/ironic
version: 0.10.0
version: 0.10.1
- alias: metal3-mariadb
condition: global.enable_mariadb
name: mariadb
@@ -25,4 +25,4 @@ description: A Helm chart that installs all of the dependencies needed for Metal
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
name: metal3
type: application
version: "%%CHART_MAJOR%%.0.2+up0.11.0"
version: "%%CHART_MAJOR%%.0.3+up0.11.1"

2
metal3-chart/charts/baremetal-operator/values.yaml
View File

@@ -22,8 +22,6 @@ global:
# Comment this out when pinning the baremetal-operator container to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:

2
metal3-chart/charts/ironic/Chart.yaml
View File

@@ -3,4 +3,4 @@ appVersion: 26.1.2
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.10.0
version: 0.10.1

4
metal3-chart/charts/ironic/values.yaml
View File

@@ -50,8 +50,6 @@ global:
# Comment this out when pinning the pdns containers to a specfic host.
nodeSelector: {}
enable_tls: false
replicaCount: 1
images:
@@ -62,7 +60,7 @@ images:
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.3
tag: 3.0.4
nameOverride: ""
fullnameOverride: ""

8
rancher-turtles-airgap-resources-chart/Chart.yaml
View File

@@ -1,10 +1,10 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.1_up0.19.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.1_up0.19.0-%RELEASE%
apiVersion: v2
appVersion: 0.17.0
appVersion: 0.19.0
description: Rancher Turtles utility chart for airgap scenarios
home: https://github.com/rancher/turtles/
icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
name: rancher-turtles-airgap-resources
type: application
version: "%%CHART_MAJOR%%.0.0+up0.17.0"
version: "%%CHART_MAJOR%%.0.1+up0.19.0"

2
rancher-turtles-airgap-resources-chart/templates/airgap-cm-core.yaml
View File

File diff suppressed because one or more lines are too long

871
rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml
View File

@@ -1,11 +1,876 @@
apiVersion: v1
data:
components: Not Found
metadata: Not Found
components: |
apiVersion: v1
kind: Namespace
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-system
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: fleetaddonconfigs.addons.cluster.x-k8s.io
spec:
group: addons.cluster.x-k8s.io
names:
categories: []
kind: FleetAddonConfig
plural: fleetaddonconfigs
shortNames: []
singular: fleetaddonconfig
scope: Cluster
versions:
- additionalPrinterColumns: []
name: v1alpha1
schema:
openAPIV3Schema:
description: Auto-generated derived type for FleetAddonConfigSpec via `CustomResource`
properties:
spec:
description: This provides a config for fleet addon functionality
properties:
cluster:
description: |-
Enable Cluster config funtionality.
This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the ClusterClass will be added to the Fleet Cluster labels.
nullable: true
properties:
agentEnvVars:
description: AgentEnvVars are extra environment variables to be
added to the agent deployment.
items:
description: EnvVar represents an environment variable present
in a Container.
properties:
name:
description: Name of the environment variable. Must be a
C_IDENTIFIER.
type: string
value:
description: 'Variable references $(VAR_NAME) are expanded
using the previously defined environment variables in
the container and any service environment variables. If
a variable cannot be resolved, the reference in the input
string will be unchanged. Double $$ are reduced to a single
$, which allows for escaping the $(VAR_NAME) syntax: i.e.
"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
Escaped references will never be expanded, regardless
of whether the variable exists or not. Defaults to "".'
nullable: true
type: string
valueFrom:
description: Source for the environment variable's value.
Cannot be used if value is not empty.
nullable: true
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
nullable: true
properties:
key:
description: The key to select.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the ConfigMap or its
key must be defined
nullable: true
type: boolean
required:
- key
type: object
fieldRef:
description: 'Selects a field of the pod: supports metadata.name,
metadata.namespace, `metadata.labels[''<KEY>'']`,
`metadata.annotations[''<KEY>'']`, spec.nodeName,
spec.serviceAccountName, status.hostIP, status.podIP,
status.podIPs.'
nullable: true
properties:
apiVersion:
description: Version of the schema the FieldPath
is written in terms of, defaults to "v1".
nullable: true
type: string
fieldPath:
description: Path of the field to select in the
specified API version.
type: string
required:
- fieldPath
type: object
resourceFieldRef:
description: 'Selects a resource of the container: only
resources limits and requests (limits.cpu, limits.memory,
limits.ephemeral-storage, requests.cpu, requests.memory
and requests.ephemeral-storage) are currently supported.'
nullable: true
properties:
containerName:
description: 'Container name: required for volumes,
optional for env vars'
nullable: true
type: string
divisor:
description: Specifies the output format of the
exposed resources, defaults to "1"
nullable: true
x-kubernetes-int-or-string: true
resource:
description: 'Required: resource to select'
type: string
required:
- resource
type: object
secretKeyRef:
description: Selects a key of a secret in the pod's
namespace
nullable: true
properties:
key:
description: The key of the secret to select from. Must
be a valid secret key.
type: string
name:
description: 'Name of the referent. This field is
effectively required, but due to backwards compatibility
is allowed to be empty. Instances of this type
with an empty value here are almost certainly
wrong. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
nullable: true
type: string
optional:
description: Specify whether the Secret or its key
must be defined
nullable: true
type: boolean
required:
- key
type: object
type: object
required:
- name
type: object
nullable: true
type: array
agentNamespace:
description: Namespace selection for the fleet agent
nullable: true
type: string
agentTolerations:
description: Agent taint toleration settings for every cluster
items:
description: The pod this Toleration is attached to tolerates
any taint that matches the triple <key,value,effect> using
the matching operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match.
Empty means match all taint effects. When specified, allowed
values are NoSchedule, PreferNoSchedule and NoExecute.
nullable: true
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty,
operator must be Exists; this combination means to match
all values and all keys.
nullable: true
type: string
operator:
description: Operator represents a key's relationship to
the value. Valid operators are Exists and Equal. Defaults
to Equal. Exists is equivalent to wildcard for value,
so that a pod can tolerate all taints of a particular
category.
nullable: true
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of
time the toleration (which must be of effect NoExecute,
otherwise this field is ignored) tolerates the taint.
By default, it is not set, which means tolerate the taint
forever (do not evict). Zero and negative values will
be treated as 0 (evict immediately) by the system.
format: int64
nullable: true
type: integer
value:
description: Value is the taint value the toleration matches
to. If the operator is Exists, the value should be empty,
otherwise just a regular string.
nullable: true
type: string
type: object
nullable: true
type: array
applyClassGroup:
description: Apply a ClusterGroup for a ClusterClass referenced
from a different namespace.
nullable: true
type: boolean
hostNetwork:
description: 'Host network allows to deploy agent configuration
using hostNetwork: true setting which eludes dependency on the
CNI configuration for the cluster.'
nullable: true
type: boolean
namespaceSelector:
description: Namespace label selector. If set, only clusters in
the namespace matching label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
naming:
description: Naming settings for the fleet cluster
nullable: true
properties:
prefix:
description: Specify a prefix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
suffix:
description: Specify a suffix for the Cluster name, applied
to created Fleet cluster
nullable: true
type: string
type: object
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
selector:
description: Cluster label selector. If set, only clusters matching
label selector will be imported.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that relates
the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In, NotIn,
Exists and DoesNotExist.
type: string
values:
description: values is an array of string values. If
the operator is In or NotIn, the values array must
be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced
during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A
single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field is "key",
the operator is "In", and the values array contains only
"value". The requirements are ANDed.
type: object
type: object
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
required:
- namespaceSelector
- selector
type: object
clusterClass:
description: |-
Enable clusterClass controller functionality.
This will create Fleet ClusterGroups for each ClusterClaster with the same name.
nullable: true
properties:
patchResource:
description: Allow to patch resources, maintaining the desired
state. If is not set, resources will only be re-created in case
of removal.
nullable: true
type: boolean
setOwnerReferences:
description: Setting to disable setting owner references on the
created resources
nullable: true
type: boolean
type: object
config:
nullable: true
properties:
featureGates:
description: feature gates controlling experimental features
nullable: true
properties:
configMap:
description: FeaturesConfigMap references a ConfigMap where
to apply feature flags. If a ConfigMap is referenced, the
controller will update it instead of upgrading the Fleet
chart.
nullable: true
properties:
ref:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type: object
experimentalHelmOps:
description: Enables experimental Helm operations support.
type: boolean
experimentalOciStorage:
description: Enables experimental OCI storage support.
type: boolean
required:
- experimentalHelmOps
- experimentalOciStorage
type: object
server:
description: fleet server url configuration options
nullable: true
oneOf:
- required:
- inferLocal
- required:
- custom
properties:
custom:
properties:
apiServerCaConfigRef:
description: ObjectReference contains enough information
to let you inspect or modify the referred object.
nullable: true
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object
instead of an entire object, this string should
contain a valid JSON/Go field access statement,
such as desiredState.manifest.containers[2]. For
example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only
to have some well-defined way of referencing a part
of an object.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
apiServerUrl:
nullable: true
type: string
type: object
inferLocal:
type: boolean
type: object
type: object
install:
nullable: true
oneOf:
- required:
- followLatest
- required:
- version
properties:
followLatest:
description: Follow the latest version of the chart on install
type: boolean
version:
description: Use specific version to install
type: string
type: object
type: object
x-kubernetes-validations: []
status:
nullable: true
properties:
conditions:
description: conditions represents the observations of a Fleet addon
current state.
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition
transitioned from one status to another. This should be when
the underlying condition changed. If that is not known, then
using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: message is a human readable message indicating
details about the transition. This may be an empty string.
type: string
observedGeneration:
description: observedGeneration represents the .metadata.generation
that the condition was set based upon. For instance, if .metadata.generation
is currently 12, but the .status.conditions[x].observedGeneration
is 9, the condition is out of date with respect to the current
state of the instance.
format: int64
type: integer
reason:
description: reason contains a programmatic identifier indicating
the reason for the condition's last transition. Producers
of specific condition types may define expected values and
meanings for this field, and whether the values are considered
a guaranteed API. The value should be a CamelCase string.
This field may not be empty.
type: string
status:
description: status of the condition, one of True, False, Unknown.
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
installedVersion:
nullable: true
type: string
type: object
required:
- spec
title: FleetAddonConfig_kube_validation
type: object
x-kubernetes-validations:
- rule: self.metadata.name == 'fleet-addon-config'
served: true
storage: true
subresources:
status: {}
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-leader-election-role
namespace: caapf-system
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-role
rules:
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- fleetaddonconfigs
- fleetaddonconfigs/status
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- list
- get
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- create
- apiGroups:
- events.k8s.io
resources:
- events
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- patch
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- watch
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
- apiGroups:
- bootstrap.cluster.x-k8s.io
- clusterctl.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusterclasses
verbs:
- get
- list
- watch
- patch
- apiGroups:
- fleet.cattle.io
resources:
- clusters
- clustergroups
- clusterregistrationtokens
- bundlenamespacemappings
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- fleet.cattle.io
resources:
- bundlenamespacemappings
verbs:
- delete
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: caapf-helm-manager
namespace: caapf-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: fleet
name: caapf-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: caapf-manager-role
subjects:
- kind: ServiceAccount
name: caapf-controller-manager
namespace: caapf-system
---
apiVersion: v1
kind: Secret
metadata:
annotations:
kubernetes.io/service-account.name: caapf-helm-manager
labels:
cluster.x-k8s.io/fleet-addon-registration: "true"
cluster.x-k8s.io/provider: fleet
name: caapf-helm-manager
namespace: caapf-system
type: kubernetes.io/service-account-token
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
name: caapf-controller-manager
namespace: caapf-system
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
cluster.x-k8s.io/provider: fleet
control-plane: controller-manager
spec:
containers:
- image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
imagePullPolicy: IfNotPresent
name: manager
ports:
- containerPort: 8443
name: http
protocol: TCP
readinessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
- args:
- --helm-install
image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
name: helm-manager
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: helm-kubeconfig
readOnly: true
serviceAccountName: caapf-controller-manager
terminationGracePeriodSeconds: 10
volumes:
- name: helm-kubeconfig
secret:
secretName: caapf-helm-manager
metadata: |
apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3
releaseSeries:
- major: 0
minor: 1
contract: v1beta1
- major: 0
minor: 2
contract: v1beta1
- major: 0
minor: 3
contract: v1beta1
- major: 0
minor: 4
contract: v1beta1
- major: 0
minor: 5
contract: v1beta1
- major: 0
minor: 6
contract: v1beta1
- major: 0
minor: 7
contract: v1beta1
- major: 0
minor: 8
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.6.0
name: v0.8.1
namespace: rancher-turtles-system
labels:
provider-components: fleet

11
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml
View File

@@ -2525,9 +2525,10 @@ data:
- --leader-elect
- --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443}
- --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false}
- --feature-gates=MachinePool=${EXP_MACHINE_POOL:=true}
command:
- /manager
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.12.0
image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.14.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -2750,10 +2751,16 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.12.0
name: v0.14.0
namespace: rke2-bootstrap-system
labels:
provider-components: rke2-bootstrap

60
rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml
View File

@@ -1744,12 +1744,23 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -2185,9 +2196,15 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration of ETCD.
properties:
@@ -2547,8 +2564,12 @@ data:
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -3152,12 +3173,23 @@ data:
More info: http://kubernetes.io/docs/user-guide/labels
type: object
type: object
nodeDeletionTimeout:
description: |-
nodeDeletionTimeout defines how long the machine controller will attempt to delete the Node that the Machine
hosts after the Machine is marked for deletion. A duration of 0 will retry deletion indefinitely.
If no value is provided, the default value for this property of the Machine resource will be used.
type: string
nodeDrainTimeout:
description: |-
NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node
The default value is 0, meaning that the node can be drained without any time limitations.
NOTE: NodeDrainTimeout is different from `kubectl drain --timeout`
type: string
nodeVolumeDetachTimeout:
description: |-
nodeVolumeDetachTimeout is the total amount of time that the controller will spend on waiting for all volumes
to be detached. The default value is 0, meaning that the volumes can be detached without any time limitations.
type: string
required:
- infrastructureRef
type: object
@@ -3601,9 +3633,15 @@ data:
- rke2-coredns
- rke2-ingress-nginx
- rke2-metrics-server
- rke2-snapshot-controller
- rke2-snapshot-controller-crd
- rke2-snapshot-validation-webhook
type: string
type: array
type: object
embeddedRegistry:
description: EmbeddedRegistry enables the embedded registry.
type: boolean
etcd:
description: Etcd defines optional custom configuration
of ETCD.
@@ -3980,8 +4018,12 @@ data:
format: int64
type: integer
ready:
description: Ready indicates the BootstrapData field is ready to be
consumed.
description: |-
Ready denotes that the RKE2ControlPlane API Server became ready during initial provisioning
to receive requests.
NOTE: this field is part of the Cluster API contract and it is used to orchestrate provisioning.
The value of this field is never updated after provisioning is completed. Please use conditions
to check the operational state of the control plane.
type: boolean
readyReplicas:
description: ReadyReplicas is the number of replicas current attached
@@ -4263,7 +4305,7 @@ data:
valueFrom:
fieldRef:
fieldPath: metadata.uid
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.12.0
image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.14.0
imagePullPolicy: IfNotPresent
livenessProbe:
httpGet:
@@ -4493,10 +4535,16 @@ data:
- major: 0
minor: 12
contract: v1beta1
- major: 0
minor: 13
contract: v1beta1
- major: 0
minor: 14
contract: v1beta1
kind: ConfigMap
metadata:
creationTimestamp: null
name: v0.12.0
name: v0.14.0
namespace: rke2-control-plane-system
labels:
provider-components: rke2-control-plane

6
rancher-turtles-chart/Chart.lock
View File

@@ -1,6 +1,6 @@
dependencies:
- name: cluster-api-operator
repository: https://kubernetes-sigs.github.io/cluster-api-operator
version: 0.17.0
digest: sha256:c564dd1edce5e74cf5747adfa2477b3f0b9bae2b17a21b4c7312b2c1adbda64e
generated: "2025-02-27T10:39:03.203623466Z"
version: 0.18.1
digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
generated: "2025-04-29T09:14:10.14953774Z"

10
rancher-turtles-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.0_up0.17.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.1_up0.19.0
#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.1_up0.19.0-%RELEASE%
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -7,12 +7,12 @@ annotations:
catalog.cattle.io/namespace: rancher-turtles-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.10.0-1'
catalog.cattle.io/rancher-version: '>= 2.11.0-1'
catalog.cattle.io/release-name: rancher-turtles
catalog.cattle.io/scope: management
catalog.cattle.io/type: cluster-tool
apiVersion: v2
appVersion: 0.17.0
appVersion: 0.19.0
dependencies:
- condition: cluster-api-operator.enabled
name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
- provisioning
name: rancher-turtles
type: application
version: "%%CHART_MAJOR%%.0.0+up0.17.0"
version: "%%CHART_MAJOR%%.0.1+up0.19.0"

18
rancher-turtles-chart/RELEASE_NOTES.md
View File

@@ -1,4 +1,14 @@
gh: To use GitHub CLI in a GitHub Actions workflow, set the GH_TOKEN environment variable. Example:
env:
GH_TOKEN: ${{ github.token }}
: exit status 4
## Changes since v0.19.0-rc.1
---
## :chart_with_upwards_trend: Overview
- 4 new commits merged
:book: Additionally, there has been 1 contribution to our documentation and book. (#1325)
## :question: Sort these by hand
- chart: Add helm chart values validation (#1320)
- Dependency: Revert dependency bumps (#1328)
- MULTIPLE_AREAS[documentation|azure]: Use predictable resourceGroup for AKS nodes (#1327)
_Thanks to all our contributors!_ 😊

16
rancher-turtles-chart/templates/addon-provider-fleet.yaml
View File

@@ -13,9 +13,9 @@ spec:
deployment:
containers:
- name: manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
- name: helm-manager
imageUrl: registry.rancher.com/rancher/cluster-api-fleet-controller:v0.6.0
imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
additionalManifests:
name: fleet-addon-config
namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -35,10 +35,22 @@ data:
metadata:
name: fleet-addon-config
spec:
config:
featureGates:
configMap:
ref:
kind: ConfigMap
apiVersion: v1
name: rancher-config
namespace: cattle-system
experimentalOciStorage: true
experimentalHelmOps: true
clusterClass:
patchResource: true
setOwnerReferences: true
cluster:
agentNamespace: cattle-fleet-system
applyClassGroup: true
patchResource: true
setOwnerReferences: true
hostNetwork: true

367
rancher-turtles-chart/values.schema.json Normal file
View File

@@ -0,0 +1,367 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Helm Chart Values Schema",
"type": "object",
"properties": {
"turtlesUI": {
"type": "object",
"description": "Manages the UI component.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn UI on or off."
},
"version": {
"type": "string",
"default": "0.8.2",
"description": "UI version to use."
}
}
},
"rancherTurtles": {
"type": "object",
"description": "Sets up the cluster management controller.",
"properties": {
"image": {
"type": "string",
"default": "controller",
"description": "Controller container image."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"namespace": {
"type": "string",
"default": "rancher-turtles-system",
"description": "Namespace for Turtles to run."
},
"managerArguments": {
"type": "array",
"default": [],
"description": "Extra args for the controller.",
"items": { "type": "string" }
},
"imagePullSecrets": {
"type": "array",
"default": [],
"description": "Secrets for private registries.",
"items": { "type": "string" }
},
"rancherInstalled": {
"type": "boolean",
"default": true,
"description": "True if Rancher is already installed in the cluster."
},
"kubectlImage": {
"type": "string",
"default": "registry.k8s.io/kubernetes/kubectl:v1.30.0",
"description": "Image for kubectl tasks."
},
"features": {
"type": "object",
"description": "Optional and experimental features.",
"properties": {
"day2operations": {
"type": "object",
"description": "Alpha feature.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for day-2 ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Specify image pull policy."
},
"etcdBackupRestore": {
"type": "object",
"description": "Manages etcd backup/restore.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on (true) or off (false)."
}
}
}
}
},
"addon-provider-fleet": {
"type": "object",
"description": "Beta feature for fleet addons.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
}
}
},
"agent-tls-mode": {
"type": "object",
"description": "Alpha feature for agent TLS.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"clusterclass-operations": {
"type": "object",
"description": "Alpha feature. Not ready for testing yet.",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
},
"image": {
"type": "string",
"default": "controller",
"description": "Image for cluster class ops."
},
"imageVersion": {
"type": "string",
"default": "v0.0.0",
"description": "Image tag."
},
"imagePullPolicy": {
"type": "string",
"default": "IfNotPresent",
"description": "Pull policy."
}
}
}
}
}
}
},
"cluster-api-operator": {
"type": "object",
"description": "Manages Cluster API components.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"cert-manager": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Turn on or off."
}
}
},
"volumes": {
"type": "array",
"description": "Volumes for operator pods (certs, config).",
"items": {
"type": "object",
"oneOf": [
{
"required": ["name", "secret"],
"properties": {
"name": { "type": "string" },
"secret": {
"type": "object",
"properties": {
"defaultMode": {
"type": "integer",
"default": 420,
"description": "File permissions."
},
"secretName": {
"type": "string",
"default": "capi-operator-webhook-service-cert",
"description": "Secret for webhook certs."
}
}
}
}
},
{
"required": ["name", "configMap"],
"properties": {
"name": { "type": "string" },
"configMap": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "clusterctl-config",
"description": "ConfigMap for clusterctl."
}
}
}
}
}
]
}
},
"image": {
"type": "object",
"properties": {
"manager": {
"type": "object",
"properties": {
"repository": {
"type": "string",
"default": "registry.rancher.com/rancher/cluster-api-operator",
"description": "Image repo."
}
}
}
}
},
"volumeMounts": {
"type": "object",
"properties": {
"manager": {
"type": "array",
"description": "Mount volumes to pods.",
"items": {
"type": "object",
"properties": {
"mountPath": { "type": "string" },
"name": { "type": "string" },
"readOnly": {
"type": "boolean",
"default": true,
"description": "Mount as read-only."
}
}
}
}
}
},
"cleanup": {
"type": "boolean",
"default": true,
"description": "Enable cleanup tasks."
},
"cluster-api": {
"type": "object",
"description": "Cluster API component settings.",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"configSecret": {
"type": "object",
"properties": {
"name": {
"type": "string",
"default": "",
"description": "Custom secret name (if overriding)."
},
"defaultName": {
"type": "string",
"default": "capi-env-variables",
"description": "Default secret name."
}
}
},
"core": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "capi-system",
"description": "Core component namespace."
},
"imageUrl": {
"type": "string",
"default": "",
"description": "Custom image URL."
},
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"rke2": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": true,
"description": "Turn on or off."
},
"version": {
"type": "string",
"default": "",
"description": "RKE2 version."
},
"bootstrap": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-bootstrap-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
},
"controlPlane": {
"type": "object",
"properties": {
"namespace": {
"type": "string",
"default": "rke2-control-plane-system"
},
"imageUrl": { "type": "string", "default": "" },
"fetchConfig": {
"type": "object",
"properties": {
"url": { "type": "string", "default": "" },
"selector": { "type": "string", "default": "" }
}
}
}
}
}
}
}
}
}
}
}
}

81
rancher-turtles-chart/values.yaml
View File

@@ -1,83 +1,152 @@
# turtlesUI: Manages the UI component.
turtlesUI:
# enabled: Turn UI on or off.
enabled: false
version: v0.8.2
# version: UI version to use.
version: 0.8.2
# rancherTurtles: Sets up the cluster management controller.
rancherTurtles:
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# namespace: Select namespace for Turtles to run.
namespace: rancher-turtles-system
# managerArguments: Extra args for the controller.
managerArguments: []
# imagePullSecrets: Secrets for private registries.
imagePullSecrets: []
# rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
rancherInstalled: false
# kubectlImage: Image for kubectl tasks.
kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3"
# features: Optional and experimental features.
features:
# day2operations: Alpha feature.
day2operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
etcdBackupRestore:
# enabled: Turn on (true) or off (false).
enabled: false
# beta feature, see documentation for more information on feature stages
# addon-provider-fleet: Beta feature for fleet addons.
addon-provider-fleet:
# enabled: Turn on or off.
enabled: true
# alpha feature, see documentation for more information on feature stages
# agent-tls-mode: Alpha feature for agent TLS.
agent-tls-mode:
# enabled: Turn on or off.
enabled: false
# clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
clusterclass-operations:
# enabled: Turn on or off.
enabled: false
# image: registry.rancher.com/rancher/rancher/turtles
image: registry.rancher.com/rancher/rancher/turtles
imageVersion: v0.17.0
# imageVersion: v0.19.0
imageVersion: v0.19.0
# imagePullPolicy: IfNotPresent
imagePullPolicy: IfNotPresent
# cluster-api-operator: Manages Cluster API components.
cluster-api-operator:
# enabled: Turn on or off.
enabled: true
# cert-manager: Cert-manager integration.
cert-manager:
# enabled: Turn on or off.
enabled: false
# volumes: Volumes for operator pods (certs, config).
volumes:
- name: cert
secret:
# defaultMode: File permissions.
defaultMode: 420
# secretName: Secret for webhook certs.
secretName: capi-operator-webhook-service-cert
- name: clusterctl-config
configMap:
# name: ConfigMap for clusterctl.
name: clusterctl-config
# image: registry.rancher.com/rancher/rancher/turtles
image:
manager:
# repository: Image repo.
repository: registry.rancher.com/rancher/cluster-api-operator
# volumeMounts: Mount volumes to pods.
volumeMounts:
manager:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
# readOnly: Mount as read-only.
readOnly: true
- mountPath: /config
name: clusterctl-config
# readOnly: Mount as read-only.
readOnly: true
# cleanup: Enable cleanup tasks.
cleanup: true
# cluster-api: Cluster API component settings.
cluster-api:
# enabled: Turn on or off.
enabled: true
# configSecret: Secret for Cluster API config.
configSecret:
# name: Custom secret name (if overriding).
name: ""
# defaultName: Default secret name.
defaultName: capi-env-variables
# core: Core Cluster API settings.
core:
# namespace: Core component namespace.
namespace: capi-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# rke2: RKE2 provider settings.
rke2:
# enabled: Turn on or off.
enabled: true
# version: RKE2 version.
version: ""
# bootstrap: RKE2 bootstrap provider.
bootstrap:
# namespace: Bootstrap namespace.
namespace: rke2-bootstrap-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
# controlPlane: RKE2 control plane provider.
controlPlane:
# namespace: Control plane namespace.
namespace: rke2-control-plane-system
# imageUrl: Custom image URL.
imageUrl: ""
# fetchConfig: Config fetching settings.
fetchConfig:
# url: Config fetch URL.
url: ""
# selector: Config selector.
selector: ""
metal3:
enabled: true

38
release-manifest-image/release_manifest.yaml
View File

@@ -7,7 +7,7 @@ spec:
components:
kubernetes:
k3s:
version: v1.32.2+k3s1
version: v1.32.3+k3s1
coreComponents:
- name: traefik-crd
version: 34.2.1+up34.2.0
@@ -31,13 +31,13 @@ spec:
image: rancher/mirrored-metrics-server:v0.7.2
type: Deployment
rke2:
version: v1.32.2+rke2r1
version: v1.32.3+rke2r1
coreComponents:
- name: rke2-cilium
version: 1.17.000
version: 1.17.100
type: HelmChart
- name: rke2-canal
version: v3.29.2-build2025021800
version: v3.29.2-build2025030601
type: HelmChart
- name: rke2-calico-crd
version: v3.29.101
@@ -46,10 +46,10 @@ spec:
version: v3.29.200
type: HelmChart
- name: rke2-coredns
version: 1.36.102
version: 1.39.100
type: HelmChart
- name: rke2-ingress-nginx
version: 4.12.005
version: 4.12.100
type: HelmChart
- name: rke2-metrics-server
version: 3.12.200
@@ -89,20 +89,20 @@ spec:
- prettyName: Rancher
releaseName: rancher
chart: rancher
version: 2.11.0-alpha11
repository: https://releases.rancher.com/server-charts/alpha
version: 2.11.1
repository: https://charts.rancher.com/server-charts/prime
values:
postDelete:
enabled: false
- prettyName: Longhorn
releaseName: longhorn
chart: longhorn
version: 105.1.1+up1.7.3
version: 106.2.0+up1.8.1
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: longhorn-crd
chart: longhorn-crd
version: 105.1.1+up1.7.3
version: 106.2.0+up1.8.1
repository: https://charts.rancher.io
- prettyName: MetalLB
releaseName: metallb
@@ -111,11 +111,11 @@ spec:
- prettyName: CDI
releaseName: cdi
chart: %%CHART_REPO%%/%%CHART_PREFIX%%cdi
version: %%CHART_MAJOR%%.0.0+up0.4.0
version: %%CHART_MAJOR%%.0.0+up0.5.0
- prettyName: KubeVirt
releaseName: kubevirt
chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt
version: %%CHART_MAJOR%%.0.0+up0.4.0
version: %%CHART_MAJOR%%.0.0+up0.5.0
addonCharts:
- releaseName: kubevirt-dashboard-extension
chart: %%CHART_REPO%%/%%CHART_PREFIX%%kubevirt-dashboard-extension
@@ -123,12 +123,12 @@ spec:
- prettyName: NeuVector
releaseName: neuvector
chart: neuvector
version: 105.0.1+up2.8.4
version: 106.0.0+up2.8.5
repository: https://charts.rancher.io
dependencyCharts:
- releaseName: neuvector-crd
chart: neuvector-crd
version: 105.0.1+up2.8.4
version: 106.0.0+up2.8.5
repository: https://charts.rancher.io
addonCharts:
- releaseName: neuvector-ui-ext
@@ -142,11 +142,11 @@ spec:
- prettyName: Elemental
releaseName: elemental-operator
chart: oci://registry.suse.com/rancher/elemental-operator-chart
version: 1.6.5
version: 1.6.8
dependencyCharts:
- releaseName: elemental-operator-crds
chart: oci://registry.suse.com/rancher/elemental-operator-crds-chart
version: 1.6.5
version: 1.6.8
addonCharts:
- releaseName: elemental
chart: elemental
@@ -155,11 +155,11 @@ spec:
- prettyName: SRIOV
releaseName: sriov-network-operator
chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-network-operator
version: %%CHART_MAJOR%%.0.0+up1.4.0
version: %%CHART_MAJOR%%.0.2+up1.5.0
dependencyCharts:
- releaseName: sriov-crd
chart: %%CHART_REPO%%/%%CHART_PREFIX%%sriov-crd
version: %%CHART_MAJOR%%.0.0+up1.4.0
version: %%CHART_MAJOR%%.0.2+up1.5.0
- prettyName: Akri
releaseName: akri
chart: %%CHART_REPO%%/%%CHART_PREFIX%%akri
@@ -171,7 +171,7 @@ spec:
- prettyName: Metal3
releaseName: metal3
chart: %%CHART_REPO%%/%%CHART_PREFIX%%metal3
version: %%CHART_MAJOR%%.0.0+up0.10.0
version: %%CHART_MAJOR%%.0.3+up0.11.1
- prettyName: RancherTurtles
releaseName: rancher-turtles
chart: %%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles

6
sriov-crd-chart/Chart.yaml
View File

@@ -1,5 +1,5 @@
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.0_up1.4.0
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-crd:%%CHART_MAJOR%%.0.2_up1.5.0
annotations:
catalog.cattle.io/experimental: "true"
catalog.cattle.io/hidden: "true"
@@ -10,4 +10,4 @@ apiVersion: v2
description: Installs the CRDs for the SR-IOV operator
name: sriov-crd
type: application
version: "%%CHART_MAJOR%%.0.0+up1.4.0"
version: "%%CHART_MAJOR%%.0.2+up1.5.0"

4
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodepolicies.yaml
View File

@@ -81,6 +81,10 @@ spec:
description: external_ids field in the Interface table
in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface table
in OVSDB
type: integer
options:
additionalProperties:
type: string

26
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworknodestates.yaml
View File

@@ -102,6 +102,10 @@ spec:
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
@@ -174,6 +178,15 @@ spec:
- pciAddress
type: object
type: array
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
status:
description: SriovNetworkNodeStateStatus defines the observed state of
@@ -228,6 +241,10 @@ spec:
description: external_ids field in the Interface
table in OVSDB
type: object
mtuRequest:
description: mtu_request field in the Interface
table in OVSDB
type: integer
options:
additionalProperties:
type: string
@@ -335,6 +352,15 @@ spec:
type: string
syncStatus:
type: string
system:
properties:
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
type: object
type: object
served: true

6
sriov-crd-chart/templates/sriovnetwork.openshift.io_sriovnetworkpoolconfigs.yaml
View File

@@ -111,6 +111,12 @@ spec:
Name is the name of MachineConfigPool to be enabled with OVS hardware offload
type: string
type: object
rdmaMode:
description: RDMA subsystem. Allowed value "shared", "exclusive".
enum:
- shared
- exclusive
type: string
type: object
status:
description: SriovNetworkPoolConfigStatus defines the observed state of

12
sriov-network-operator-chart/Chart.yaml
View File

@@ -1,14 +1,14 @@
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.0_up1.4.0
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0-%RELEASE%
#!BuildTag: %%CHART_PREFIX%%sriov-network-operator:%%CHART_MAJOR%%.0.2_up1.5.0
annotations:
catalog.cattle.io/auto-install: sriov-crd=match
catalog.cattle.io/experimental: "true"
catalog.cattle.io/namespace: cattle-sriov-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/upstream-version: 1.4.0
catalog.cattle.io/upstream-version: 1.5.0
apiVersion: v2
appVersion: v1.4.0
appVersion: v1.5.0
dependencies:
- condition: sriov-nfd.enabled
name: sriov-nfd
@@ -20,9 +20,9 @@ home: https://github.com/k8snetworkplumbingwg/sriov-network-operator
icon: https://charts.rancher.io/assets/logos/sr-iov.svg
keywords:
- sriov
kubeVersion: '>= 1.16.0-0'
kubeVersion: '>= 1.24.0-0'
name: sriov-network-operator
sources:
- https://github.com/k8snetworkplumbingwg/sriov-network-operator
type: application
version: "%%CHART_MAJOR%%.0.0+up1.4.0"
version: "%%CHART_MAJOR%%.0.2+up1.5.0"

12
sriov-network-operator-chart/README.md
View File

@@ -41,7 +41,7 @@ For additional information and methods for installing Helm, refer to the officia
#### Deploy from OCI repo
```
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator
$ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --set sriovOperatorConfig.deploy=true sriov-network-operator oci://ghcr.io/k8snetworkplumbingwg/sriov-network-operator-chart
```
#### Deploy from project sources
@@ -51,7 +51,7 @@ $ helm install -n sriov-network-operator --create-namespace --version 1.3.0 --se
$ git clone https://github.com/k8snetworkplumbingwg/sriov-network-operator.git ; cd sriov-network-operator
# Install Operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator
$ helm install -n sriov-network-operator --create-namespace --wait --set sriovOperatorConfig.deploy=true sriov-network-operator ./deployment/sriov-network-operator-chart
# View deployed resources
$ kubectl -n sriov-network-operator get pods
@@ -123,10 +123,16 @@ This section contains general parameters that apply to both the operator and dae
| Name | Type | Default | description |
| ---- | ---- | ------- | ----------- |
| `sriovOperatorConfig.deploy` | bool | `false` | deploy SriovOperatorConfig custom resource |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node slectors for sriov-network-config-daemon |
| `sriovOperatorConfig.configDaemonNodeSelector` | map[string]string | `{}` | node selectors for sriov-network-config-daemon |
| `sriovOperatorConfig.logLevel` | int | `2` | log level for both operator and sriov-network-config-daemon |
| `sriovOperatorConfig.disableDrain` | bool | `false` | disable node draining when configuring SR-IOV, set to true in case of a single node cluster or any other justifiable reason |
| `sriovOperatorConfig.configurationMode` | string | `daemon` | sriov-network-config-daemon configuration mode. either `daemon` or `systemd` |
| `sriovOperatorConfig.featureGates` | map[string]bool | `{}` | feature gates to enable/disable |
**Note**
When `sriovOperatorConfig.configurationMode` is configured as `systemd`, configurations files and `systemd` service files are created on the node.
Upon chart deletion, those files are not cleaned up. For cases where this is not acceptable, users should rather configured the `daemon` mode.
### Images parameters

1
sriov-network-operator-chart/app-README.md
View File

@@ -10,4 +10,3 @@ The chart installs the following components:
Note that SR-IOV requires NICs that support SR-IOV and the activation of specific configuration options in the operating system. Nodes that fulfill these requirements should be labeled with: `feature.node.kubernetes.io/network-sriov.capable=true`.
The SR-IOV Network Config Daemon will be deployed on such capable nodes. For more information on how to use this feature, refer to our RKE2 networking docs.

1
sriov-network-operator-chart/charts/sriov-nfd/templates/rolebinding.yaml
View File

@@ -15,4 +15,3 @@ subjects:
name: {{ include "node-feature-discovery.worker.serviceAccountName" . }}
namespace: {{ include "node-feature-discovery.namespace" . }}
{{- end }}

2
sriov-network-operator-chart/charts/sriov-nfd/values.yaml
View File

@@ -3,7 +3,7 @@ image:
# This should be set to 'IfNotPresent' for released version
pullPolicy: IfNotPresent
# tag, if defined will use the given image tag, else Chart.AppVersion will be used
tag: v0.15.7-build20241113
tag: v0.15.7-build20250425
imagePullSecrets: []
nameOverride: ""

1
sriov-network-operator-chart/templates/_webhook-certs.tpl
View File

@@ -28,4 +28,3 @@ tls.key: {{ $cert.Key | b64enc }}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end }}

1
sriov-network-operator-chart/templates/certmanagercerts.yaml
View File

@@ -38,4 +38,3 @@ spec:
privateKey:
rotationPolicy: Always
{{- end -}}

6
sriov-network-operator-chart/templates/clusterrole.yaml
View File

@@ -49,12 +49,6 @@ rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "patch", "update"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["*"]
- apiGroups: ["apps"]
resources: ["daemonsets"]
verbs: ["get"]
- apiGroups: [ "config.openshift.io" ]
resources: [ "infrastructures" ]
verbs: [ "get", "list", "watch" ]

4
sriov-network-operator-chart/templates/configmap.yaml
View File

@@ -20,8 +20,11 @@ data:
Intel_ice_Columbiaville_E810-CQDA2_2CQDA2: "8086 1592 1889"
Intel_ice_Columbiaville_E810-XXVDA4: "8086 1593 1889"
Intel_ice_Columbiaville_E810-XXVDA2: "8086 159b 1889"
Intel_ice_Columbiaville_E810-XXV_BACKPLANE: "8086 1599 1889"
Intel_ice_Columbiaville_E810: "8086 1591 1889"
Intel_ice_Columbiapark_E823C: "8086 188a 1889"
Intel_ice_Columbiapark_E823L_SFP: "8086 124d 1889"
Intel_ice_Columbiapark_E823L_BACKPLANE: "8086 124c 1889"
Nvidia_mlx5_ConnectX-4: "15b3 1013 1014"
Nvidia_mlx5_ConnectX-4LX: "15b3 1015 1016"
Nvidia_mlx5_ConnectX-5: "15b3 1017 1018"
@@ -30,6 +33,7 @@ data:
Nvidia_mlx5_ConnectX-6_Dx: "15b3 101d 101e"
Nvidia_mlx5_ConnectX-6_Lx: "15b3 101f 101e"
Nvidia_mlx5_ConnectX-7: "15b3 1021 101e"
Nvidia_mlx5_ConnectX-8: "15b3 1023 101e"
Nvidia_mlx5_MT42822_BlueField-2_integrated_ConnectX-6_Dx: "15b3 a2d6 101e"
Nvidia_mlx5_MT43244_BlueField-3_integrated_ConnectX-7_Dx: "15b3 a2dc 101e"
Broadcom_bnxt_BCM57414_2x25G: "14e4 16d7 16dc"

2
sriov-network-operator-chart/templates/operator.yaml
View File

@@ -95,6 +95,8 @@ spec:
value: {{ .Values.operator.cniBinPath }}
- name: CLUSTER_TYPE
value: {{ .Values.operator.clusterType }}
- name: STALE_NODE_STATE_CLEANUP_DELAY_MINUTES
value: "{{ .Values.operator.staleNodeStateCleanupDelayMinutes }}"
{{- if .Values.operator.admissionControllers.enabled }}
- name: ADMISSION_CONTROLLERS_CERTIFICATES_OPERATOR_SECRET_NAME
value: {{ .Values.operator.admissionControllers.certificates.secretNames.operator }}

33
sriov-network-operator-chart/templates/pre-delete-webooks.yaml Normal file
View File

@@ -0,0 +1,33 @@
# The following job will be used as Helm pre-delete hook. It executes a small go-client binary
# which intent to delete 'default' SriovOperatorConfig, that triggers operator removal of generated cluster objects
# e.g. mutating/validating webhooks, within operator's recoinciling loop and
# preventing operator cluster object remainings while using helm uninstall
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "sriov-network-operator.fullname" . }}-pre-delete-hook
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
spec:
template:
spec:
serviceAccountName: {{ include "sriov-network-operator.fullname" . }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
- name: cleanup
image: {{ include "system_default_registry" . }}{{ .Values.images.operator.repository }}:{{ .Values.images.operator.tag }}
command:
- sriov-network-operator-config-cleanup
args:
- --namespace
- {{ .Release.Namespace }}
restartPolicy: Never
backoffLimit: 2

14
sriov-network-operator-chart/templates/role.yaml
View File

@@ -32,9 +32,12 @@ rules:
- monitoring.coreos.com
resources:
- servicemonitors
- prometheusrules
verbs:
- get
- create
- update
- delete
- apiGroups:
- apps
resourceNames:
@@ -79,13 +82,10 @@ rules:
resources:
- pods
verbs:
- '*'
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- '*'
- "get"
- "list"
- "watch"
- "delete"
- apiGroups:
- sriovnetwork.openshift.io
resources:

1
sriov-network-operator-chart/templates/secrets.yaml
View File

@@ -17,4 +17,3 @@ metadata:
data: {{ include "sriov_resource_injector_cert" . | nindent 2 }}
{{- end }}
{{- end }}

4
sriov-network-operator-chart/templates/sriovoperatorconfig.yaml
View File

@@ -14,4 +14,8 @@ spec:
logLevel: {{ .Values.sriovOperatorConfig.logLevel }}
disableDrain: {{ .Values.sriovOperatorConfig.disableDrain }}
configurationMode: {{ .Values.sriovOperatorConfig.configurationMode }}
{{- with .Values.sriovOperatorConfig.featureGates }}
featureGates:
{{- range $k, $v := .}}{{printf "%s: %t" $k $v | nindent 4 }}{{ end }}
{{- end }}
{{ end }}

22
sriov-network-operator-chart/values.yaml
View File

@@ -30,6 +30,10 @@ operator:
resourcePrefix: "rancher.io"
cniBinPath: "/opt/cni/bin"
clusterType: "kubernetes"
# minimal amount of time (in minutes) the operator will wait before removing
# stale SriovNetworkNodeState objects (objects that doesn't match node with the daemon)
# "0" means no extra delay, in this case the CR will be removed by the next reconcilation cycle (may take up to 5 minutes)
staleNodeStateCleanupDelayMinutes: "30"
admissionControllers:
enabled: false
certificates:
@@ -81,7 +85,7 @@ operator:
sriovOperatorConfig:
# deploy sriovOperatorConfig CR with the below values
deploy: true
# node slectors for sriov-network-config-daemon
# node selectors for sriov-network-config-daemon
configDaemonNodeSelector: {feature.node.kubernetes.io/network-sriov.capable: 'true'}
# log level for both operator and sriov-network-config-daemon
logLevel: 2
@@ -90,31 +94,33 @@ sriovOperatorConfig:
disableDrain: false
# sriov-network-config-daemon configuration mode. either "daemon" or "systemd"
configurationMode: daemon
# feature gates to enable/disable
featureGates: {}
# Example for supportedExtraNICs values ['MyNIC: "8086 1521 1520"']
supportedExtraNICs: []
# Image URIs for sriov-network-operator components
images:
operator:
repository: rancher/hardened-sriov-network-operator
tag: v1.4.0-build20241113
tag: v1.5.0-build20250425
sriovConfigDaemon:
repository: rancher/hardened-sriov-network-config-daemon
tag: v1.4.0-build20241113
tag: v1.5.0-build20250425
sriovCni:
repository: rancher/hardened-sriov-cni
tag: v2.8.1-build20241113
tag: v2.9.0-build20250425
ibSriovCni:
repository: rancher/hardened-ib-sriov-cni
tag: v1.1.1-build20241113
tag: v1.2.1-build20250425
sriovDevicePlugin:
repository: rancher/hardened-sriov-network-device-plugin
tag: v3.8.0-build20241114
tag: v3.9.0-build20250425
resourcesInjector:
repository: rancher/hardened-sriov-network-resources-injector
tag: v1.6.0-build20241113
tag: v1.7.1-build20250425
webhook:
repository: rancher/hardened-sriov-network-webhook
tag: v1.4.0-build20241113
tag: v1.5.0-build20250425
imagePullSecrets: []
extraDeploy: []
global: