Merge pull request 'Fix missing paths changes in condition' (#209) from fix-ipa-paths into main

Reviewed-on: #209
Reviewed-by: Kristian Zhelyazkov <kzhelyazkov@noreply.src.opensuse.org>
Reviewed-by: Steven Hardy <steven.hardy@noreply.src.opensuse.org>

.gitignore

@@ -1,3 +1,4 @@
 */.osc
 */__pycache__
-.venv/
+.venv/
+.idea/

_config

@@ -60,6 +60,7 @@ BuildFlags: onlybuild:release-manifest-image
     BuildFlags: excludebuild:endpoint-copier-operator-image
     BuildFlags: excludebuild:ironic-image
     BuildFlags: excludebuild:ironic-ipa-downloader-image
+    BuildFlags: excludebuild:kiwi-builder-image
     BuildFlags: excludebuild:kubectl-image
     BuildFlags: excludebuild:kube-rbac-proxy-image
     BuildFlags: excludebuild:metallb-controller-image
@@ -108,7 +109,12 @@ BuildFlags: onlybuild:release-manifest-image
 
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync
+    
+    # skopeo and umoci are used by build scripts to list packages
+    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
+%endif
 
+%if "%_repository" == "images"
     # skopeo and umoci are used by build scripts to list packages
     Substitute: system-packages:podman podman buildah createrepo_c release-compare edge-build-checks skopeo umoci
 
@@ -122,6 +128,8 @@ BuildFlags: onlybuild:release-manifest-image
     Patterntype: none
     BuildFlags: dockerarg:SLE_VERSION=16.0
     BuildFlags: onlybuild:kiwi-builder-image
+    
+    Substitute: system-packages:podman podman buildah createrepo_c release-compare skopeo umoci
 
     # Publish multi-arch container images only once all archs have been built
     PublishFlags: archsync
@@ -140,7 +148,13 @@ BuildFlags: onlybuild:release-manifest-image
     %endif
 
 %else
-    BuildFlags: excludebuild:kiwi-builder-image
+    %if "%{sub %{reverse %_project} 1 7}" != "%{reverse :ToTest}" && "%{sub %{reverse %_project} 1 9}" != "%{reverse :Snapshot}"
+      BuildFlags: excludebuild:kiwi-builder-image
+    %else
+      %ifarch aarch64
+        BuildFlags: onlybuild:kiwi-builder-image
+      %endif
+    %endif
 %endif
 
 

_meta

@@ -23,6 +23,9 @@
     <disable/>
     <enable repository="charts"/>
     <enable repository="test_manifest_images"/>
+    {%- if for_release %}
+    <enable repository="releasecharts"/>
+    {%- endif %}
   </build>
   <publish>
     <disable repository="phantomcharts"/>

akri-dashboard-extension-chart/Chart.yaml

@@ -1,4 +1,3 @@
-#!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2
 #!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1
 #!BuildTag: %%CHART_PREFIX%%akri-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.1-%RELEASE%
 annotations:

baremetal-operator-image/Dockerfile

@@ -1,13 +1,13 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%
-#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1
+#!BuildTag: %%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION AS base
 COPY --from=micro / /installroot/
-RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
+RUN zypper --installroot /installroot --non-interactive install --no-recommends baremetal-operator inotify-tools procps iproute2 bind-utils vim shadow; zypper -n clean; rm -rf /var/log/*
 
 FROM micro AS final
 # Define labels according to https://en.opensuse.org/Building_derived_containers
@@ -19,7 +19,7 @@ LABEL org.opencontainers.image.version="%%baremetal-operator_version%%"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator:%%baremetal-operator_version%%.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -29,6 +29,8 @@ LABEL com.suse.release-stage="released"
 # endlabelprefix
 
 COPY --from=base /installroot /
+COPY bmo-run /usr/bin/bmo-run
+RUN chmod +x /usr/bin/bmo-run
 RUN groupadd -r -g 11000 bmo
 RUN useradd -u 11000 -g 11000 bmo
-ENTRYPOINT [ "/usr/bin/baremetal-operator" ]
+ENTRYPOINT [ "/usr/bin/bmo-run" ]

baremetal-operator-image/bmo-run

@@ -0,0 +1,12 @@
+#!/bin/bash
+export RESTART_CONTAINER_CERTIFICATE_UPDATED=${RESTART_CONTAINER_CERTIFICATE_UPDATED:-"false"}
+export IRONIC_CACERT_FILE=${IRONIC_CACERT_FILE:-"/opt/metal3/certs/ca/tls.crt"}
+
+if [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
+    # shellcheck disable=SC2034
+    inotifywait -m -e delete_self "${IRONIC_CACERT_FILE}" | while read -r file event; do
+        kill $(pgrep baremetal-opera)
+    done &
+fi
+
+exec /usr/bin/baremetal-operator $@

edge-image-builder-image/Dockerfile

@@ -1,5 +1,5 @@
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0
-#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1
+#!BuildTag: %%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-base:$SLE_VERSION
@@ -15,11 +15,11 @@ RUN zypper --non-interactive install --no-recommends edge-image-builder qemu-x86
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE edge-image-builder Container Image"
 LABEL org.opencontainers.image.description="edge-image-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.2.0"
+LABEL org.opencontainers.image.version="1.2.1"
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%edge-image-builder:1.2.1-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

edge-image-builder-image/artifacts.yaml

@@ -5,7 +5,7 @@ metallb:
 endpoint-copier-operator:
   chart: endpoint-copier-operator
   repository: "%%CHART_REPO%%/%%CHART_PREFIX%%"
-  version: "%%CHART_MAJOR%%.0.0+up0.2.1"
+  version: "%%CHART_MAJOR%%.0.1+up0.3.0"
 kubernetes:
   k3s:
     selinuxPackage: k3s-selinux-1.6-1.slemicro.noarch

edge-image-builder/_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/suse-edge/edge-image-builder.git</param>
     <param name="scm">git</param>
     <param name="exclude">.git</param>
-    <param name="revision">v1.2.0</param>
+    <param name="revision">v1.2.1</param>
     <!-- Uncomment and set this For Pre-Release Version -->
     <!-- <param name="version">1.2.0~rc1</param> -->
     <!-- Uncomment and this for regular version -->

edge-image-builder/edge-image-builder.spec

@@ -17,7 +17,7 @@
 
 
 Name:           edge-image-builder
-Version:        1.2.0
+Version:        1.2.1
 Release:        0
 Summary:        Edge Image Builder
 License:        Apache-2.0

endpoint-copier-operator-chart/Chart.yaml

@@ -1,8 +1,8 @@
-#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1
-#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.0_up0.2.1-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.1_up0.3.0
+#!BuildTag: %%CHART_PREFIX%%endpoint-copier-operator:%%CHART_MAJOR%%.0.1_up0.3.0-%RELEASE%
 apiVersion: v2
-appVersion: v0.2.0
+appVersion: v0.3.0
 description: A Helm chart for Kubernetes
 name: endpoint-copier-operator
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.2.1"
+version: "%%CHART_MAJOR%%.0.1+up0.3.0"

endpoint-copier-operator-chart/templates/deployment.yaml

@@ -20,8 +20,23 @@ spec:
       labels:
         {{- include "endpoint-copier-operator.selectorLabels" . | nindent 8 }}
     spec:
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - command:
         - /manager

endpoint-copier-operator-chart/templates/rbac/role.yaml

@@ -7,9 +7,9 @@ metadata:
   name: {{ include "endpoint-copier-operator.fullname" . }}
 rules:
 - apiGroups:
-  - ""
+  - "discovery.k8s.io"
   resources:
-  - endpoints
+  - endpointslices
   verbs:
   - create
   - delete

endpoint-copier-operator-chart/values.yaml

@@ -8,7 +8,7 @@ image:
   repository: %%IMG_REPO%%/%%IMG_PREFIX%%endpoint-copier-operator
   pullPolicy: IfNotPresent
   # Overrides the image tag whose default is the chart appVersion.
-  tag: "0.2.0"
+  tag: "0.3.0"
 
 nameOverride: "endpoint-copier-operator"
 fullnameOverride: "endpoint-copier-operator"
@@ -29,6 +29,8 @@ podSecurityContext:
   seccompProfile:
     type: RuntimeDefault
 
+priorityClassName: "system-cluster-critical"
+
 securityContext:
   allowPrivilegeEscalation: false
   capabilities:
@@ -37,11 +39,11 @@ securityContext:
 
 resources:
   limits:
-    cpu: 500m
-    memory: 128Mi
-  requests:
-    cpu: 10m
+    cpu: 100m
     memory: 64Mi
+  requests:
+    cpu: 5m
+    memory: 32Mi
 
 autoscaling:
   enabled: false

endpoint-copier-operator/_service

@@ -2,7 +2,7 @@
  <service name="obs_scm">
     <param name="url">https://github.com/suse-edge/endpoint-copier-operator</param>
     <param name="scm">git</param>
-    <param name="revision">v0.2.0</param>
+    <param name="revision">v0.3.0</param>
     <param name="version">_auto_</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="changesgenerate">enable</param>

endpoint-copier-operator/endpoint-copier-operator.spec

@@ -17,14 +17,14 @@
 
 
 Name:           endpoint-copier-operator
-Version:        0.2.0
-Release:        0.2.0
+Version:        0.3.0
+Release:        0.3.0
 Summary:        Implements a Kubernetes API for copying endpoint resources
 License:        Apache-2.0
 URL:            https://github.com/suse-edge/endpoint-copier-operator
 Source:         endpoint-copier-operator-%{version}.tar
 Source1:        vendor.tar.gz
-BuildRequires:  golang(API) = 1.20
+BuildRequires:  golang(API) = 1.24
 ExcludeArch:    s390
 ExcludeArch:    %{ix86}
 

ironic-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4
-#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.5
+#!BuildTag: %%IMG_PREFIX%%ironic:26.1.2.5-%RELEASE%
 #!BuildVersion: 15.6
 
 ARG SLE_VERSION
@@ -20,11 +20,11 @@ RUN sed -i -e 's%^# rpm.install.excludedocs = no.*%rpm.install.excludedocs = yes
 
 #!ArchExclusiveLine: x86_64
 RUN if [ "$(uname -m)" = "x86_64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+      zypper --installroot /installroot --non-interactive install --no-recommends syslinux python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
     fi
 #!ArchExclusiveLine: aarch64
 RUN if [ "$(uname -m)" = "aarch64" ];then \
-      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi inotify-tools ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
+      zypper --installroot /installroot --non-interactive install --no-recommends python311-devel python311 python311-pip python-dracclient python311-sushy-oem-idrac python311-proliantutils python311-sushy python311-pyinotify python3-ironicclient git curl sles-release tar gzip vim gawk dnsmasq dosfstools apache2 apache2-mod_wsgi ipcalc ipmitool iproute2 procps qemu-tools sqlite3 util-linux xorriso tftp ipxe-bootimgs python311-sushy-tools crudini openstack-ironic openstack-ironic-inspector-api; \
     fi
     
 # DATABASE
@@ -32,7 +32,9 @@ RUN mkdir -p /installroot/var/lib/ironic && \
   /installroot/usr/bin/sqlite3 /installroot/var/lib/ironic/ironic.sqlite "pragma journal_mode=wal" && \
   zypper --installroot /installroot --non-interactive remove sqlite3
 
+# build actual image
 FROM micro AS final
+
 MAINTAINER SUSE LLC (https://www.suse.com/)
 # Define labels according to https://en.opensuse.org/Building_derived_containers
 LABEL org.opencontainers.image.title="SLE Openstack Ironic Container Image"
@@ -40,8 +42,8 @@ LABEL org.opencontainers.image.description="Openstack Ironic based on the SLE Ba
 LABEL org.opencontainers.image.url="https://www.suse.com/products/server/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opencontainers.image.version="26.1.2.4"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.4-%RELEASE%"
+LABEL org.opencontainers.image.version="26.1.2.5"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic:26.1.2.5-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -62,14 +64,15 @@ RUN echo 'alias mkisofs="xorriso -as mkisofs"' >> ~/.bashrc
 COPY mkisofs_wrapper /usr/bin/mkisofs
 RUN set -euo pipefail; chmod +x /usr/bin/mkisofs
 
-COPY auth-common.sh configure-ironic.sh ironic-common.sh rundnsmasq runhttpd runironic runlogwatch.sh tls-common.sh configure-nonroot.sh ironic-probe.j2 /bin/
-RUN set -euo pipefail; chmod +x /bin/auth-common.sh; chmod +x /bin/configure-ironic.sh; chmod +x /bin/ironic-common.sh; chmod +x /bin/rundnsmasq; chmod +x /bin/runhttpd; chmod +x /bin/runironic; chmod +x /bin/runlogwatch.sh; chmod +x /bin/tls-common.sh; chmod +x /bin/configure-nonroot.sh;
 RUN mkdir -p /tftpboot
 RUN mkdir -p $GRUB_DIR
 
-# No need to support the Legacy BIOS boot
-#RUN cp /usr/share/syslinux/pxelinux.0 /tftpboot
-#RUN cp /usr/share/syslinux/chain.c32 /tftpboot/
+COPY scripts/ /bin/
+COPY configure-nonroot.sh /bin/
+RUN set -euo pipefail; chmod +x /bin/configure-ironic.sh /bin/rundnsmasq /bin/runhttpd /bin/runironic /bin/runlogwatch.sh /bin/configure-nonroot.sh
+
+COPY ironic-config/inspector.ipxe.j2 ironic-config/httpd-ironic-api.conf.j2 \
+     ironic-config/ipxe_config.template /tmp/
 
 # IRONIC #
 RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
@@ -77,31 +80,29 @@ RUN cp /usr/share/ipxe/undionly.kpxe /tftpboot/undionly.kpxe
 RUN if [ "$(uname -m)" = "x86_64" ];then \
       cp /usr/share/ipxe/ipxe-x86_64.efi /tftpboot/ipxe.efi ;\
     fi
-#!ArchExclusiveLine: x86_64
+#!ArchExclusiveLine: aarch64 
 RUN if [ "$(uname -m)" = "aarch64" ]; then\ 
-     cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
+      cp /usr/share/ipxe/snp-arm64.efi /tftpboot/ipxe.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp-arm64.efi; cp /usr/share/ipxe/snp-arm64.efi /tftpboot/snp.efi ;\
     fi
     
 COPY --from=base /tmp/esp-x86_64.img /tmp/uefi_esp-x86_64.img
 COPY --from=base /tmp/esp-aarch64.img /tmp/uefi_esp-arm64.img
 
-COPY ironic.conf.j2 /etc/ironic/
-COPY inspector.ipxe.j2 httpd-ironic-api.conf.j2 ipxe_config.template /tmp/
-COPY network-data-schema-empty.json /etc/ironic/
+COPY ironic-config/ironic.conf.j2 /etc/ironic/
+COPY ironic-config/network-data-schema-empty.json /etc/ironic/
 
 # DNSMASQ
-COPY dnsmasq.conf.j2 /etc/
-
-# Custom httpd config, removes all but the bare minimum needed modules
-COPY httpd.conf.j2 /etc/httpd/conf/
-COPY httpd-modules.conf /etc/httpd/conf.modules.d/
-COPY apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
-COPY apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
+COPY ironic-config/dnsmasq.conf.j2 /etc/
 
 # Workaround
 # Removing the 010-ironic.conf file that comes with the package 
 RUN rm /etc/ironic/ironic.conf.d/010-ironic.conf
 
+# Custom httpd config, removes all but the bare minimum needed modules
+COPY ironic-config/httpd.conf.j2 /etc/httpd/conf/
+COPY ironic-config/httpd-modules.conf /etc/httpd/conf.modules.d/
+COPY ironic-config/apache2-vmedia.conf.j2 /etc/httpd-vmedia.conf.j2
+COPY ironic-config/apache2-ipxe.conf.j2 /etc/httpd-ipxe.conf.j2
+
 # configure non-root user and set relevant permissions
-RUN configure-nonroot.sh && \
-  rm -f /bin/configure-nonroot.sh
+RUN configure-nonroot.sh && rm -f /bin/configure-nonroot.sh

ironic-image/inspector-apache.conf.j2

@@ -1,57 +0,0 @@
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-
-{% if env.LISTEN_ALL_INTERFACES | lower == "true" %}
-Listen {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
- <VirtualHost *:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
-{% else %}
-Listen {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
- <VirtualHost {{ env.IRONIC_URL_HOST }}:{{ env.IRONIC_INSPECTOR_LISTEN_PORT }}>
-{% endif %}
-    {% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
-    ProxyPass "/"  "unix:/shared/inspector.sock|http://127.0.0.1/"
-    ProxyPassReverse "/"  "unix:/shared/inspector.sock|http://127.0.0.1/"
-    {% else %}
-    ProxyPass "/"  "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
-    ProxyPassReverse "/"  "http://127.0.0.1:{{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}/"
-    {% endif %}
-
-    SetEnv APACHE_RUN_USER ironic-suse
-    SetEnv APACHE_RUN_GROUP ironic-suse
-
-    ErrorLog /dev/stdout
-    LogLevel debug
-    CustomLog /dev/stdout combined
-
-    SSLEngine On
-    SSLProtocol {{ env.IRONIC_SSL_PROTOCOL }}
-    SSLCertificateFile {{ env.IRONIC_INSPECTOR_CERT_FILE }} 
-    SSLCertificateKeyFile {{ env.IRONIC_INSPECTOR_KEY_FILE }}
-
-    {% if "INSPECTOR_HTPASSWD" in env and env.INSPECTOR_HTPASSWD | length %}
-    <Location / >
-        AuthType Basic
-        AuthName "Restricted area"
-        AuthUserFile "/etc/ironic-inspector/htpasswd"
-        Require valid-user
-    </Location>
-
-    <Location ~ "^/(v1/?)?$" >
-        Require all granted
-    </Location>
-
-    <Location /v1/continue >
-        Require all granted
-    </Location>
-    {% endif %}
-</VirtualHost>

ironic-image/ironic-config/ironic.conf.j2

@@ -187,11 +187,6 @@ insecure = {{ env.IRONIC_INSECURE }}
 [nova]
 send_power_notifications = false
 
-[oslo_messaging_notifications]
-driver = prometheus_exporter
-location = /shared/ironic_prometheus_exporter
-transport_url = fake://
-
 [pxe]
 # NOTE(dtantsur): keep this value at least 3x lower than
 # [conductor]deploy_callback_timeout so that at least some retries happen.

ironic-image/ironic-inspector.conf.j2

@@ -1,68 +0,0 @@
-[DEFAULT]
-auth_strategy = noauth
-debug = true
-transport_url = fake://
-use_stderr = true
-{% if env.INSPECTOR_REVERSE_PROXY_SETUP == "true" %}
-{% if env.IRONIC_INSPECTOR_PRIVATE_PORT == "unix" %}
-listen_unix_socket = /shared/inspector.sock
-# NOTE(dtantsur): this is not ideal, but since the socket is accessed from
-# another container, we need to make it world-writeable.
-listen_unix_socket_mode = 0666
-{% else %}
-listen_port = {{ env.IRONIC_INSPECTOR_PRIVATE_PORT }}
-listen_address = 127.0.0.1
-{% endif %}
-{% elif env.LISTEN_ALL_INTERFACES | lower == "true" %}
-listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
-listen_address = ::
-{% else %}
-listen_port = {{ env.IRONIC_INSPECTOR_LISTEN_PORT }}
-listen_address = {{ env.IRONIC_IP }}
-{% endif %}
-host = {{ env.IRONIC_IP }}
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
-use_ssl = true
-{% endif %}
-
-[database]
-connection = sqlite:////var/lib/ironic-inspector/ironic-inspector.db
-
-{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
-[discovery]
-enroll_node_driver = ipmi
-{% endif %}
-
-[ironic]
-auth_type = none
-endpoint_override = {{ env.IRONIC_BASE_URL }}
-{% if env.IRONIC_TLS_SETUP == "true" %}
-cafile = {{ env.IRONIC_CACERT_FILE }}
-insecure = {{ env.IRONIC_INSECURE }}
-{% endif %}
-
-[processing]
-add_ports = all
-always_store_ramdisk_logs = true
-keep_ports = present
-{% if env.IRONIC_INSPECTOR_ENABLE_DISCOVERY == "true" %}
-node_not_found_hook = enroll
-{% endif %}
-permit_active_introspection = true
-power_off = false
-processing_hooks = $default_processing_hooks,lldp_basic
-ramdisk_logs_dir = /shared/log/ironic-inspector/ramdisk
-store_data = database
-
-[pxe_filter]
-driver = noop
-
-[service_catalog]
-auth_type = none
-endpoint_override = {{ env.IRONIC_INSPECTOR_BASE_URL }}
-
-{% if env.IRONIC_INSPECTOR_TLS_SETUP == "true" and env.INSPECTOR_REVERSE_PROXY_SETUP == "false" %}
-[ssl]
-cert_file = {{ env.IRONIC_INSPECTOR_CERT_FILE }}
-key_file = {{ env.IRONIC_INSPECTOR_KEY_FILE }}
-{% endif %}

ironic-image/runironic-api

@@ -1,13 +0,0 @@
-#!/usr/bin/bash
-
-export IRONIC_DEPLOYMENT="API"
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-export IRONIC_REVERSE_PROXY_SETUP=false
-
-python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < /tmp/httpd-ironic-api.conf.j2 > /etc/httpd/conf.d/ironic.conf
-
-# shellcheck disable=SC1091
-. /bin/runhttpd

ironic-image/runironic-conductor

@@ -1,20 +0,0 @@
-#!/usr/bin/bash
-
-export IRONIC_DEPLOYMENT="Conductor"
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-# Ramdisk logs
-mkdir -p /shared/log/ironic/deploy
-
-run_ironic_dbsync
-
-if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
-        kill $(pgrep ironic)
-    done &
-fi
-
-exec /usr/bin/ironic-conductor

ironic-image/runironic-exporter

@@ -1,12 +0,0 @@
-#!/usr/bin/bash
-
-# shellcheck disable=SC1091
-. /bin/configure-ironic.sh
-
-FLASK_RUN_HOST=${FLASK_RUN_HOST:-0.0.0.0}
-FLASK_RUN_PORT=${FLASK_RUN_PORT:-9608}
-
-export IRONIC_CONFIG="/etc/ironic/ironic.conf"
-
-exec gunicorn -b "${FLASK_RUN_HOST}:${FLASK_RUN_PORT}" -w 4 \
-    ironic_prometheus_exporter.app.wsgi:application

ironic-image/runironic-inspector

@@ -1,62 +0,0 @@
-#!/usr/bin/bash
-
-set -euxo pipefail
-
-CONFIG=/etc/ironic-inspector/ironic-inspector.conf
-
-export IRONIC_INSPECTOR_ENABLE_DISCOVERY=${IRONIC_INSPECTOR_ENABLE_DISCOVERY:-false}
-export INSPECTOR_REVERSE_PROXY_SETUP=${INSPECTOR_REVERSE_PROXY_SETUP:-false}
-
-# shellcheck disable=SC1091
-. /bin/tls-common.sh
-# shellcheck disable=SC1091
-. /bin/ironic-common.sh
-# shellcheck disable=SC1091
-. /bin/auth-common.sh
-
-if [[ "$USE_IRONIC_INSPECTOR" == "false" ]]; then
-    echo "FATAL: ironic-inspector is disabled via USE_IRONIC_INSPECTOR"
-    exit 1
-fi
-
-wait_for_interface_or_ip
-
-IRONIC_INSPECTOR_PORT=${IRONIC_INSPECTOR_ACCESS_PORT}
-if [[ "$IRONIC_INSPECTOR_TLS_SETUP" == "true" ]]; then
-    if [[ "${INSPECTOR_REVERSE_PROXY_SETUP}" == "true" ]] && [[ "${IRONIC_INSPECTOR_PRIVATE_PORT}" != "unix" ]]; then
-        IRONIC_INSPECTOR_PORT=$IRONIC_INSPECTOR_PRIVATE_PORT
-    fi
-else
-    export INSPECTOR_REVERSE_PROXY_SETUP="false" # If TLS is not used, we have no reason to use the reverse proxy
-fi
-
-export IRONIC_INSPECTOR_BASE_URL="${IRONIC_INSPECTOR_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_INSPECTOR_PORT}"
-export IRONIC_BASE_URL="${IRONIC_SCHEME}://${IRONIC_URL_HOST}:${IRONIC_ACCESS_PORT}"
-
-build_j2_config()
-{
-    local CONFIG_FILE="$1"
-    python3 -c 'import os; import sys; import jinja2; sys.stdout.write(jinja2.Template(sys.stdin.read()).render(env=os.environ))' < "$CONFIG_FILE.j2"
-}
-
-# Merge with the original configuration file from the package.
-build_j2_config "$CONFIG" | crudini --merge "$CONFIG"
-
-configure_inspector_auth
-
-configure_client_basic_auth ironic "${CONFIG}"
-
-ironic-inspector-dbsync --config-file "${CONFIG}" upgrade
-
-if [[ "$INSPECTOR_REVERSE_PROXY_SETUP" == "false" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
-    # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_INSPECTOR_CERT_FILE}" | while read -r file event; do
-        kill $(pgrep ironic)
-    done &
-fi
-
-# Make sure ironic traffic bypasses any proxies
-export NO_PROXY="${NO_PROXY:-},$IRONIC_IP"
-
-# shellcheck disable=SC2086
-exec /usr/bin/ironic-inspector

ironic-image/scripts/configure-ironic.sh

@@ -84,7 +84,6 @@ echo 'Options set from Environment variables'
 env | grep "^OS_" || true
 
 mkdir -p /shared/html
-mkdir -p /shared/ironic_prometheus_exporter
 
 configure_json_rpc_auth
 

ironic-image/scripts/runhttpd

@@ -72,7 +72,7 @@ fi
 # Set up inotify to kill the container (restart) whenever cert files for ironic api change
 if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
     # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
+    python3.11 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${IRONIC_CERT_FILE}" | while read -r file event; do
         kill -WINCH $(pgrep httpd)
     done &
 fi
@@ -80,7 +80,7 @@ fi
 # Set up inotify to kill the container (restart) whenever cert of httpd for /shared/html/<redifsh;ilo> path change
 if [[ "$IRONIC_VMEDIA_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
     # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_VMEDIA_CERT_FILE}" | while read -r file event; do
+    python3.11 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${IRONIC_VMEDIA_CERT_FILE}" | while read -r file event; do
         kill -WINCH $(pgrep httpd)
     done &
 fi

ironic-image/scripts/runironic

@@ -13,7 +13,7 @@ run_ironic_dbsync
 
 if [[ "$IRONIC_TLS_SETUP" == "true" ]] && [[ "${RESTART_CONTAINER_CERTIFICATE_UPDATED}" == "true" ]]; then
     # shellcheck disable=SC2034
-    inotifywait -m -e delete_self "${IRONIC_CERT_FILE}" | while read -r file event; do
+    python3.11 -m pyinotify --raw-format -e IN_DELETE_SELF -v "${IRONIC_CERT_FILE}" | while read -r file event; do
         kill $(pgrep ironic)
     done &
 fi

ironic-image/scripts/runlogwatch.sh

@@ -11,7 +11,7 @@ while [ ! -d "${LOG_DIR}" ]; do
   sleep 5
 done
 
-inotifywait -m "${LOG_DIR}" -e close_write |
+python3.11 -m pyinotify --raw-format -e IN_CLOSE_WRITE -v "${LOG_DIR}" |
     while read -r path _action file; do
         echo "************ Contents of ${path}/${file} ramdisk log file bundle **************"
         tar -xOzvvf "${path}/${file}" | sed -e "s/^/${file}: /"

ironic-ipa-downloader-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.6
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/

ironic-ipa-downloader-image/Dockerfile.aarch64

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.6
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.6-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-aarch64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/

ironic-ipa-downloader-image/Dockerfile.x86_64

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.6
-#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.6-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8
+#!BuildTag: %%IMG_PREFIX%%ironic-ipa-downloader-x86_64:3.0.8-%RELEASE%
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
 
@@ -18,11 +18,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Based Ironic IPA Downloader Container Image"
 LABEL org.opencontainers.image.description="ironic-ipa-downloader based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="3.0.6"
+LABEL org.opencontainers.image.version="3.0.8"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.6-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%ironic-ipa-downloader:3.0.8-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -33,8 +33,6 @@ LABEL com.suse.release-stage="released"
 
 COPY --from=base /installroot /
 RUN cp /getopt /usr/bin/
-RUN cp /srv/tftpboot/openstack-ironic-image/initrd*.zst /tmp
-RUN cp /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel /tmp
 RUN sha256sum /srv/tftpboot/openstack-ironic-image/initrd*.zst /srv/tftpboot/openstack-ironic-image/openstack-ironic-image*.kernel > /tmp/images.sha256
 # configure non-root user
 COPY configure-nonroot.sh /bin/

ironic-ipa-downloader-image/get-resource.sh

@@ -6,6 +6,8 @@ export http_proxy=${http_proxy:-$HTTP_PROXY}
 export https_proxy=${https_proxy:-$HTTPS_PROXY}
 export no_proxy=${no_proxy:-$NO_PROXY}
 
+IMAGES_BASE_PATH="/srv/tftpboot/openstack-ironic-image"
+
 if [ -d "/tmp/ironic-certificates" ]; then
   sha256sum /tmp/ironic-certificates/* > /tmp/certificates.sha256
   if cmp "/shared/certificates.sha256" "/tmp/certificates.sha256"; then
@@ -26,14 +28,14 @@ if [ -z "${IPA_BASEURI}" ]; then
   IMAGE_CHANGED=1
   # SLES BASED IPA - ironic-ipa-ramdisk-x86_64 and ironic-ipa-ramdisk-aarch64 packages
   mkdir -p /shared/html/images
-  if [ -f /tmp/initrd-x86_64.zst ]; then
-    cp /tmp/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
-    cp /tmp/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
+  if [ -f ${IMAGES_BASE_PATH}/initrd-x86_64.zst ]; then
+    cp ${IMAGES_BASE_PATH}/initrd-x86_64.zst /shared/html/images/ironic-python-agent-x86_64.initramfs
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.x86_64*.kernel /shared/html/images/ironic-python-agent-x86_64.kernel
   fi
   # Use arm64 as destination for iPXE compatibility
-  if [ -f /tmp/initrd-aarch64.zst ]; then
-    cp /tmp/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
-    cp /tmp/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
+  if [ -f ${IMAGES_BASE_PATH}/initrd-aarch64.zst ]; then
+    cp ${IMAGES_BASE_PATH}/initrd-aarch64.zst /shared/html/images/ironic-python-agent-arm64.initramfs
+    cp ${IMAGES_BASE_PATH}/openstack-ironic-image.aarch64*.kernel /shared/html/images/ironic-python-agent-arm64.kernel
   fi
 
   cp /tmp/images.sha256 /shared/images.sha256

ironic-ipa-ramdisk/ironic-ipa-ramdisk.spec

@@ -19,7 +19,7 @@
 
 
 Name:           ironic-ipa-ramdisk
-Version:        3.0.6
+Version:        3.0.7
 Release:        0
 Summary:        Kernel and ramdisk image for OpenStack Ironic
 License:        SUSE-EULA

kiwi-builder-image/Dockerfile

@@ -1,6 +1,7 @@
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%
-#!BuildTag: %%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kiwi-builder:10.2.12.0
 
+# Base image version, should match the tag above
 ARG KIWIVERSION="10.2.12"
 FROM registry.suse.com/bci/kiwi:${KIWIVERSION}
 ARG KIWIVERSION
@@ -10,11 +11,11 @@ ARG KIWIVERSION
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE Kiwi Builder Container Image"
 LABEL org.opencontainers.image.description="kiwi-builder based on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="%%kiwi_version%%"
+LABEL org.opencontainers.image.version="${KIWIVERSION}"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:%%kiwi_version%%.0-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kiwi-builder:${KIWIVERSION}.0-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"
@@ -23,9 +24,6 @@ LABEL com.suse.image-type="application"
 LABEL com.suse.release-stage="released"
 # endlabelprefix
 
-# help the build service understand the need for python3-kiwi
-RUN zypper -n install -d -D python3-kiwi; [ "%%kiwi_version%%" = "${KIWIVERSION}" ] || { echo "expected kiwi version ${KIWIVERSION}: version mismatch"; exit 1; }
-
 # Copy build script into image and make it executable
 ADD build-image.sh /usr/bin/build-image
 RUN chmod a+x /usr/bin/build-image

kiwi-builder-image/_service

@@ -1,15 +1,9 @@
 <services>
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="docker_label_helper" mode="buildtime"/>
-  <service name="replace_using_env" mode="buildtime">
-    <param name="file">README</param>
-    <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
-    <param name="var">IMG_REPO</param>
-    <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
-    <param name="var">IMG_PREFIX</param>
-  </service>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Dockerfile</param>
+    <param name="file">README</param>
     <param name="eval">IMG_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
     <param name="var">IMG_PREFIX</param>
     <param name="eval">IMG_REPO=$(rpm --macros=/root/.rpmmacros -E %img_repo)</param>
@@ -17,14 +11,4 @@
     <param name="eval">SUPPORT_LEVEL=$(rpm --macros=/root/.rpmmacros -E %support_level)</param>
     <param name="var">SUPPORT_LEVEL</param>
   </service>
-  <service mode="buildtime" name="replace_using_package_version">
-    <param name="file">Dockerfile</param>
-    <param name="regex">%%kiwi_version%%</param>
-    <param name="package">python3-kiwi</param>
-  </service>
-  <service mode="buildtime" name="replace_using_package_version">
-    <param name="file">README</param>
-    <param name="regex">%%kiwi_version%%</param>
-    <param name="package">python3-kiwi</param>
-  </service>
 </services>

kubectl-image/Dockerfile

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: Apache-2.0
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3
-#!BuildTag: %%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4
+#!BuildTag: %%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%
 #!BuildVersion: 15.6
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION AS micro
@@ -16,11 +16,11 @@ FROM micro AS final
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SLE kubectl image"
 LABEL org.opencontainers.image.description="kubectl on the SLE Base Container Image."
-LABEL org.opencontainers.image.version="1.30.3"
+LABEL org.opencontainers.image.version="1.32.4"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3-%RELEASE%"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4-%RELEASE%"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

kubectl/kubectl.spec

@@ -1,7 +1,7 @@
 %global debug_package %{nil}
 
 Name: kubectl
-Version: 1.30.3
+Version: 1.32.4
 Release: 0
 Summary: Command-line utility for interacting with a Kubernetes cluster
 
@@ -12,7 +12,7 @@ Group: admin
 Packager: Kubernetes Authors <dev@kubernetes.io>
 License: Apache-2.0
 URL: https://kubernetes.io
-Source0: kubectl_%{version}.orig.tar.gz
+Source0: %{name}_%{version}.orig.tar.gz
 
 %description
 %{summary}.

kubevirt-dashboard-extension-chart/Chart.yaml

@@ -1,4 +1,3 @@
-#!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2
 #!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2
 #!BuildTag: %%CHART_PREFIX%%kubevirt-dashboard-extension:%%CHART_MAJOR%%.0.2_up1.3.2-%RELEASE%
 annotations:

metal3-chart/Chart.yaml

@@ -1,28 +1,28 @@
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3
-#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.5_up0.11.3-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.9_up0.11.7
+#!BuildTag: %%CHART_PREFIX%%metal3:%%CHART_MAJOR%%.0.9_up0.11.7-%RELEASE%
 apiVersion: v2
-appVersion: 0.11.3
+appVersion: 0.11.7
 dependencies:
 - alias: metal3-baremetal-operator
   name: baremetal-operator
   repository: file://./charts/baremetal-operator
-  version: 0.9.1
+  version: 0.9.2
 - alias: metal3-ironic
   name: ironic
   repository: file://./charts/ironic
-  version: 0.10.3
+  version: 0.10.6
 - alias: metal3-mariadb
   condition: global.enable_mariadb
   name: mariadb
   repository: file://./charts/mariadb
-  version: 0.5.4
+  version: 0.6.0
 - alias: metal3-media
   condition: global.enable_metal3_media_server
   name: media
   repository: file://./charts/media
-  version: 0.6.1
+  version: 0.6.3
 description: A Helm chart that installs all of the dependencies needed for Metal3
 icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
 name: metal3
 type: application
-version: "%%CHART_MAJOR%%.0.5+up0.11.3"
+version: "%%CHART_MAJOR%%.0.9+up0.11.7"

metal3-chart/charts/baremetal-operator/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 0.9.1
 description: A Helm chart for baremetal-operator, used by Metal3
 name: baremetal-operator
 type: application
-version: 0.9.1
+version: 0.9.2

metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml

@@ -10,14 +10,15 @@
 apiVersion: v1
 data:
   IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
-  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
     {{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
     {{- $protocol = "https" }}
+  RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
   {{- else }}
     {{- $protocol = "http" }}
+  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
   {{- end }}
   CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
   DEPLOY_KERNEL_URL: "{{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel"

metal3-chart/charts/baremetal-operator/templates/configmap.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-data:
-  controller_manager_config.yaml: |
-    apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
-    kind: ControllerManagerConfig
-    health:
-      healthProbeBindAddress: :9440
-    metrics:
-      bindAddress: 127.0.0.1:8085
-    webhook:
-      port: 9443
-    leaderElection:
-      leaderElect: true
-      resourceName: a9498140.metal3.io
-kind: ConfigMap
-metadata:
-  name: baremetal-operator-manager-config
-  labels:
-    {{- include "baremetal-operator.labels" . | nindent 4 }}

metal3-chart/charts/baremetal-operator/templates/deployment.yaml

@@ -17,6 +17,8 @@ spec:
       control-plane: controller-manager
   template:
     metadata:
+      annotations:
+        checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
       labels:
         {{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
         control-plane: controller-manager

metal3-chart/charts/baremetal-operator/values.yaml

@@ -28,7 +28,7 @@ images:
   baremetalOperator:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
     pullPolicy: IfNotPresent
-    tag: "0.9.1"
+    tag: "0.9.1.1"
 
 imagePullSecrets: []
 nameOverride: "manger"

metal3-chart/charts/ironic/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.10.3
+version: 0.10.6

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: ironic-bmo
+  name: ironic
   labels:
     {{- include "ironic.labels" . | nindent 4 }}
 data:
@@ -9,7 +9,6 @@ data:
   {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
-  {{- $ironicApiHost := print $ironicIP ":6385" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
   {{- $deployArch := .Values.global.deployArchitecture }}
@@ -25,11 +24,6 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  USE_IRONIC_INSPECTOR: "false"
-  IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
-  IRONIC_API_HOST: {{ $ironicApiHost }}
-  IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
-  IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -39,12 +33,8 @@ data:
     {{- $protocol = "http" }}
   {{- end }}
   IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }}
-  CACHEURL: {{ $protocol }}://{{ $ironicCacheHost }}/images
-  DEPLOY_KERNEL_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.kernel
-  DEPLOY_RAMDISK_URL: {{ $protocol }}://{{ $ironicBootHost }}/images/ironic-python-agent-{{ $deployArch }}.initramfs
   DEPLOY_ARCHITECTURE: {{ $deployArch }}
   IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
-  IRONIC_VMEDIA_HTTPD_SERVER_NAME: {{ $ironicBootHost }}
   ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
   {{- if .Values.global.provisioningInterface }}
   PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
@@ -52,8 +42,6 @@ data:
   {{- if .Values.global.provisioningIP }}
   PROVISIONING_IP: {{ .Values.global.provisioningIP }}
   {{- end }}
-  IRONIC_ILO_USE_SWIFT: "false"
-  IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
   IRONIC_FAST_TRACK: "true"
   LISTEN_ALL_INTERFACES: "true"
   {{- if .Values.global.ironicIP }}

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -14,10 +14,11 @@ spec:
     type: Recreate
   template:
     metadata:
-      {{- with .Values.podAnnotations }}
       annotations:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+        checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.podAnnotations }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
       labels:
         {{- include "ironic.selectorLabels" . | nindent 8 }}
     spec:
@@ -38,7 +39,7 @@ spec:
         - /bin/runhttpd
         envFrom:
         - configMapRef:
-            name: ironic-bmo
+            name: ironic
         livenessProbe:
           exec:
             command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
@@ -96,7 +97,7 @@ spec:
         - /bin/runironic
         envFrom:
         - configMapRef:
-            name: ironic-bmo
+            name: ironic
         env:
         {{- if .Values.global.enable_basicAuth }}
         - name: IRONIC_HTPASSWD
@@ -169,7 +170,7 @@ spec:
         - /bin/rundnsmasq
         envFrom:
         - configMapRef:
-            name: ironic-bmo
+            name: ironic
         livenessProbe:
           exec:
             command:

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 26.1.2.4
+    tag: 26.1.2.5
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 3.0.6
+    tag: 3.0.8
 
 nameOverride: ""
 fullnameOverride: ""

metal3-chart/charts/mariadb/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 10.6.7
+appVersion: "10.11"
 description: A Helm chart for MariaDB, used by Metal3
 name: mariadb
 type: application
-version: 0.5.4
+version: 0.6.0

metal3-chart/charts/mariadb/templates/configmap-mariadb.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap 
+metadata:
+  name: mariadb-config
+  labels:
+    {{- include "mariadb.labels" . | nindent 4 }}
+data:
+  ironic.conf: |
+    [mariadb]
+    max_connections 64
+    max_heap_table_size 1M
+    innodb_buffer_pool_size 5M
+    innodb_log_buffer_size 512K

metal3-chart/charts/mariadb/templates/configmap.yaml

@@ -5,4 +5,7 @@ metadata:
   labels:
     {{- include "mariadb.labels" . | nindent 4 }}
 data:
-  RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
+  MARIADB_USER: ironic
+  MARIADB_RANDOM_ROOT_PASSWORD: "yes"
+  MARIADB_DATABASE: ironic
+  MARIADB_AUTO_UPGRADE: "yes"

metal3-chart/charts/mariadb/templates/deployment.yaml

@@ -25,23 +25,50 @@ spec:
       serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      initContainers:
+      # This would run during entrypoint if run as root
+      - name: set-volume-owners
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        securityContext:
+            runAsUser: 0
+            allowPrivilegeEscalation: true
+            capabilities:
+              drop:
+              - ALL
+              add:
+              - CHOWN
+              - FOWNER
+              - DAC_OVERRIDE
+            seccompProfile:
+              type: RuntimeDefault
+        volumeMounts:
+          - name: mariadb-conf
+            mountPath: /etc/mysql/conf.d
+          - name: mariadb-run
+            mountPath: /run/mysql
+          {{- $volmounts }}
+        command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
+        env:
+          - name: DATADIR
+            value: /var/lib/mysql
+          - name: SOCKET
+            value: /run/mysql/mysql.sock
       containers:
       - name: mariadb
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
         securityContext:
           {{- toYaml .Values.securityContext | nindent 12 }}
+        envFrom:
+          - configMapRef:
+              name: mariadb-cm
         env:
           - name: MARIADB_PASSWORD
             valueFrom:
               secretKeyRef:
                 key: password
                 name: ironic-mariadb
-          - name: RESTART_CONTAINER_CERTIFICATE_UPDATED
-            valueFrom:
-              configMapKeyRef:
-                name: mariadb-cm
-                key: RESTART_CONTAINER_CERTIFICATE_UPDATED
         lifecycle:
           preStop:
             exec:
@@ -52,9 +79,9 @@ spec:
         livenessProbe:
           exec:
             command:
-              - sh
-              - -c
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - healthcheck.sh
+              - --connect
+              - --innodb_initialized
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -67,19 +94,29 @@ spec:
         readinessProbe:
           exec:
             command:
-              - sh
-              - -c
-              - mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)
+              - healthcheck.sh
+              - --connect
+              - --innodb_initialized
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
           successThreshold: 1
           timeoutSeconds: 10
         volumeMounts:
+            - name: mariadb-conf
+              mountPath: /etc/mysql/conf.d
+            - name: mariadb-run
+              mountPath: /run/mysql
             {{- $volmounts }}
       {{- with .Values.global.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       volumes:
+        - name: mariadb-conf
+          configMap:
+            name: mariadb-config
+        - name: mariadb-run
+          emptyDir:
+            sizeLimit: 20Mi
         {{- $volumes }}

metal3-chart/charts/mariadb/values.yaml

@@ -12,9 +12,9 @@ service:
     targetPort: 3306
 
 image:
-  repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/suse/mariadb
+  repository: registry.suse.com/suse/mariadb
   pullPolicy: IfNotPresent
-  tag: 10.6.15.1
+  tag: 10.11
 
 nameOverride: ""
 fullnameOverride: ""
@@ -31,8 +31,8 @@ serviceAccount:
 podAnnotations: {}
 
 podSecurityContext:
-  runAsUser: 10060
-  fsGroup: 10060
+  runAsUser: 60
+  fsGroup: 60
 
 securityContext:
   allowPrivilegeEscalation: false
@@ -60,6 +60,7 @@ persistence:
 volumeMounts:
   - name: mariadb-data-volume
     mountPath: /var/lib/mysql
+    subPath: data
 
 volumes:
   - name: mariadb-data-volume

metal3-chart/charts/media/Chart.yaml

@@ -3,4 +3,4 @@ appVersion: 1.16.0
 description: A Helm chart for Media, used by Metal3
 name: media
 type: application
-version: 0.6.1
+version: 0.6.3

metal3-chart/charts/media/values.yaml

@@ -24,7 +24,7 @@ replicaCount: 1
 image:
   repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
   pullPolicy: IfNotPresent
-  tag: 26.1.2.2
+  tag: 26.1.2.5
 
 imagePullSecrets: []
 nameOverride: ""

metal3-chart/values.yaml

@@ -115,8 +115,8 @@ metal3-mariadb:
   persistence:
     storageClass: ""
   image:
-    repository: "registry.suse.com/edge/mariadb"
-    tag: "10.6.15.1"
+    repository: "registry.suse.com/suse/mariadb"
+    tag: "10.11"
 
 #
 # Baremetal Operator

nm-configurator/_service

@@ -3,7 +3,7 @@
     <param name="url">https://github.com/suse-edge/nm-configurator.git</param>
     <param name="versionformat">@PARENT_TAG@</param>
     <param name="scm">git</param>
-    <param name="revision">v0.3.2</param>
+    <param name="revision">v0.3.3</param>
     <param name="match-tag">*</param>
     <param name="versionrewrite-pattern">v(\d+\.\d+\.\d+)</param>
     <param name="versionrewrite-replacement">\1</param>

nm-configurator/_servicedata

@@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                 <param name="url">https://github.com/suse-edge/nm-configurator.git</param>
-              <param name="changesrevision">747301ba15a28e758d1f06070dc7ff29a5e80242</param></service></servicedata>
+              <param name="changesrevision">4563857d761c6d83e4013721f68ec4ac5828a1a7</param></service></servicedata>

nm-configurator/nm-configurator.obsinfo

@@ -1,4 +1,4 @@
 name: nm-configurator
-version: 0.3.2
-mtime: 1744218621
-commit: 747301ba15a28e758d1f06070dc7ff29a5e80242
+version: 0.3.3
+mtime: 1748341626
+commit: 4563857d761c6d83e4013721f68ec4ac5828a1a7

rancher-turtles-airgap-resources-chart/Chart.yaml

@@ -1,10 +1,10 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles-airgap-resources:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
 apiVersion: v2
-appVersion: 0.19.0
+appVersion: 0.20.0
 description: Rancher Turtles utility chart for airgap scenarios
 home: https://github.com/rancher/turtles/
 icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg
 name: rancher-turtles-airgap-resources
 type: application
-version: "%%CHART_MAJOR%%.0.2+up0.19.0"
+version: "%%CHART_MAJOR%%.0.4+up0.20.0"

rancher-turtles-airgap-resources-chart/_service

@@ -2,7 +2,7 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?img_prefix})</param>
+    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
     <param name="var">CHART_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>

rancher-turtles-airgap-resources-chart/templates/airgap-cm-fleet-addon.yaml

@@ -38,12 +38,12 @@ data:
                     description: |-
                       Enable Cluster config funtionality.
 
-                      This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the ClusterClass will be added to the Fleet Cluster labels.
+                      This will create Fleet Cluster for each Cluster with the same name. In case the cluster specifies topology.class, the name of the `ClusterClass` will be added to the Fleet Cluster labels.
                     nullable: true
                     properties:
                       agentEnvVars:
-                        description: AgentEnvVars are extra environment variables to be
-                          added to the agent deployment.
+                        description: '`AgentEnvVars` are extra environment variables to
+                          be added to the agent deployment.'
                         items:
                           description: EnvVar represents an environment variable present
                             in a Container.
@@ -218,7 +218,7 @@ data:
                         nullable: true
                         type: array
                       applyClassGroup:
-                        description: Apply a ClusterGroup for a ClusterClass referenced
+                        description: Apply a `ClusterGroup` for a `ClusterClass` referenced
                           from a different namespace.
                         nullable: true
                         type: boolean
@@ -352,7 +352,7 @@ data:
                     description: |-
                       Enable clusterClass controller functionality.
 
-                      This will create Fleet ClusterGroups for each ClusterClaster with the same name.
+                      This will create Fleet `ClusterGroups` for each `ClusterClaster` with the same name.
                     nullable: true
                     properties:
                       patchResource:
@@ -370,15 +370,20 @@ data:
                   config:
                     nullable: true
                     properties:
+                      bootstrapLocalCluster:
+                        description: Enable auto-installation of a fleet agent in the
+                          local cluster.
+                        nullable: true
+                        type: boolean
                       featureGates:
                         description: feature gates controlling experimental features
                         nullable: true
                         properties:
                           configMap:
-                            description: FeaturesConfigMap references a ConfigMap where
-                              to apply feature flags. If a ConfigMap is referenced, the
-                              controller will update it instead of upgrading the Fleet
-                              chart.
+                            description: '`FeaturesConfigMap` references a `ConfigMap`
+                              where to apply feature flags. If a `ConfigMap` is referenced,
+                              the controller will update it instead of upgrading the Fleet
+                              chart.'
                             nullable: true
                             properties:
                               ref:
@@ -507,7 +512,6 @@ data:
                         type: string
                     type: object
                 type: object
-                x-kubernetes-validations: []
               status:
                 nullable: true
                 properties:
@@ -565,7 +569,7 @@ data:
                 type: object
             required:
             - spec
-            title: FleetAddonConfig_kube_validation
+            title: FleetAddonConfigValidated
             type: object
             x-kubernetes-validations:
             - rule: self.metadata.name == 'fleet-addon-config'
@@ -813,7 +817,7 @@ data:
             control-plane: controller-manager
         spec:
           containers:
-          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
+          - image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
             imagePullPolicy: IfNotPresent
             name: manager
             ports:
@@ -826,10 +830,24 @@ data:
                 port: http
               initialDelaySeconds: 5
               periodSeconds: 5
+            resources:
+              limits:
+                cpu: 100m
+                memory: 150Mi
+              requests:
+                cpu: 100m
+                memory: 100Mi
           - args:
             - --helm-install
-            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.8.1
+            image: ghcr.io/rancher-sandbox/cluster-api-addon-provider-fleet:v0.10.0
             name: helm-manager
+            resources:
+              limits:
+                cpu: 100m
+                memory: 150Mi
+              requests:
+                cpu: 100m
+                memory: 100Mi
             volumeMounts:
             - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
               name: helm-kubeconfig
@@ -867,10 +885,16 @@ data:
       - major: 0
         minor: 8
         contract: v1beta1
+      - major: 0
+        minor: 9
+        contract: v1beta1
+      - major: 0
+        minor: 10
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.8.1
+  name: v0.10.0
   namespace: rancher-turtles-system
   labels:
     provider-components: fleet

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-bootstrap.yaml

@@ -2529,7 +2529,7 @@ data:
             - --v=${CAPRKE2_DEBUG_LEVEL:=0}
             command:
             - /manager
-            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.15.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.16.1
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -2761,10 +2761,13 @@ data:
       - major: 0
         minor: 15
         contract: v1beta1
+      - major: 0
+        minor: 16
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.15.1
+  name: v0.16.1
   namespace: rke2-bootstrap-system
   labels:
     provider-components: rke2-bootstrap

rancher-turtles-airgap-resources-chart/templates/airgap-cm-rke2-control-plane.yaml

@@ -4461,7 +4461,7 @@ data:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.uid
-            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.15.1
+            image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.16.1
             imagePullPolicy: IfNotPresent
             livenessProbe:
               httpGet:
@@ -4700,10 +4700,13 @@ data:
       - major: 0
         minor: 15
         contract: v1beta1
+      - major: 0
+        minor: 16
+        contract: v1beta1
 kind: ConfigMap
 metadata:
   creationTimestamp: null
-  name: v0.15.1
+  name: v0.16.1
   namespace: rke2-control-plane-system
   labels:
     provider-components: rke2-control-plane

rancher-turtles-chart/Chart.lock

@@ -3,4 +3,4 @@ dependencies:
   repository: https://kubernetes-sigs.github.io/cluster-api-operator
   version: 0.18.1
 digest: sha256:7ad59ce8888c32723b4ef1ae5f334fdff00a8aba87e6f1de76d605f134bff354
-generated: "2025-04-29T09:14:10.14953774Z"
+generated: "2025-05-29T09:13:16.863770955Z"

rancher-turtles-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0
-#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.2_up0.19.0-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0
+#!BuildTag: %%CHART_PREFIX%%rancher-turtles:%%CHART_MAJOR%%.0.4_up0.20.0-%RELEASE%
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
@@ -12,7 +12,7 @@ annotations:
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool
 apiVersion: v2
-appVersion: 0.19.0
+appVersion: 0.20.0
 dependencies:
 - condition: cluster-api-operator.enabled
   name: cluster-api-operator
@@ -29,4 +29,4 @@ keywords:
 - provisioning
 name: rancher-turtles
 type: application
-version: "%%CHART_MAJOR%%.0.2+up0.19.0"
+version: "%%CHART_MAJOR%%.0.4+up0.20.0"

rancher-turtles-chart/RELEASE_NOTES.md

@@ -1,14 +1,6 @@
-## Changes since v0.19.0-rc.1
+## Changes since v0.20.0-rc.0
 ---
 ## :chart_with_upwards_trend: Overview
-- 4 new commits merged
-
-:book: Additionally, there has been 1 contribution to our documentation and book. (#1325) 
-
-## :question: Sort these by hand
-- chart: Add helm chart values validation (#1320)
-- Dependency: Revert dependency bumps (#1328)
-- MULTIPLE_AREAS[documentation|azure]: Use predictable resourceGroup for AKS nodes (#1327)
 
 
 _Thanks to all our contributors!_ 😊

rancher-turtles-chart/questions.yml

@@ -29,12 +29,6 @@ questions:
         description: "Flag to enable or disable installation of the RKE2 provider for Cluster API. By default this is enabled."
         label: "Enable RKE2 Provider"
         type: boolean
-      - variable: rancherTurtles.features.addon-provider-fleet.enabled
-        default: true
-        description: "[BETA] Enable Fleet Addon Provider functionality in Rancher Turtles."
-        type: boolean
-        label: Seamless integration with Fleet and CAPI
-        group: "Rancher Turtles Features Settings"
       - variable: rancherTurtles.features.agent-tls-mode.enabled
         default: false
         description: "[ALPHA] If enabled Turtles will use the agent-tls-mode setting to determine CA cert trust mode for importing clusters."
@@ -42,7 +36,7 @@ questions:
         label: Enable Agent TLS Mode
         group: "Rancher Turtles Features Settings"
       - variable: rancherTurtles.kubectlImage
-        default: "registry.suse.com/edge/3.2/kubectl:1.30.3"
+        default: "registry.suse.com/edge/3.2/kubectl:1.32.4"
         description: "Specify the image to use when running kubectl in jobs."
         type: string
         label: Kubectl Image

rancher-turtles-chart/templates/addon-provider-fleet.yaml

@@ -1,5 +1,3 @@
-{{- if index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled" }}
----
 apiVersion: turtles-capi.cattle.io/v1alpha1
 kind: CAPIProvider
 metadata:
@@ -10,12 +8,6 @@ metadata:
     "helm.sh/hook-weight": "2"
 spec:
   type: addon
-  deployment:
-    containers:
-    - name: manager
-      imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
-    - name: helm-manager
-      imageUrl: "registry.rancher.com/rancher/cluster-api-addon-provider-fleet:v0.8.1"
   additionalManifests:
     name: fleet-addon-config
     namespace: '{{ .Values.rancherTurtles.namespace }}'
@@ -66,4 +58,3 @@ data:
           matchExpressions:
             - key: cluster-api.cattle.io/disable-fleet-auto-import
               operator: DoesNotExist
-{{- end }}

rancher-turtles-chart/templates/deployment.yaml

@@ -26,7 +26,7 @@ spec:
       containers:
       - args:
         - --leader-elect
-        - --feature-gates=addon-provider-fleet={{ index .Values "rancherTurtles" "features" "addon-provider-fleet" "enabled"}},agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
+        - --feature-gates=agent-tls-mode={{ index .Values "rancherTurtles" "features" "agent-tls-mode" "enabled"}},ui-plugin={{ index .Values "turtlesUI" "enabled"}}
         {{- range .Values.rancherTurtles.managerArguments }}
         - {{ . }}
         {{- end }}  

rancher-turtles-chart/templates/rancher-turtles-components.yaml

@@ -3103,9 +3103,9 @@ spec:
             - message: Config secret namespace is always equal to the resource namespace
                 and should not be set.
               rule: '!has(self.configSecret) || !has(self.configSecret.__namespace__)'
-            - message: One of fetchConfig url or selector should be set.
-              rule: '!has(self.fetchConfig) || [has(self.fetchConfig.url), has(self.fetchConfig.selector)].exists_one(e,
-                e)'
+            - message: One of fetchConfig oci, url or selector should be set.
+              rule: '!has(self.fetchConfig) || [has(self.fetchConfig.oci), has(self.fetchConfig.url),
+                has(self.fetchConfig.selector)].exists_one(e, e)'
           status:
             default: {}
             description: CAPIProviderStatus defines the observed state of CAPIProvider.

rancher-turtles-chart/values.schema.json

@@ -259,6 +259,42 @@
             }
           }
         },
+        "resources": {
+          "type": "object",
+          "properties": {
+            "manager": {
+              "type": "object",
+              "properties": {
+                "limits": {
+                  "type": "object",
+                  "properties": {
+                    "cpu": {
+                      "type": "string",
+                      "description": "CPU limit."
+                    },
+                    "memory": {
+                      "type": "string",
+                      "description": "Memory limit."
+                    }
+                  }
+                },
+                "requests": {
+                  "type": "object",
+                  "properties": {
+                    "cpu": {
+                      "type": "string",
+                      "description": "CPU request."
+                    },
+                    "memory": {
+                      "type": "string",
+                      "description": "Memory request."
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
         "cleanup": {
           "type": "boolean",
           "default": true,

rancher-turtles-chart/values.yaml

@@ -9,8 +9,8 @@ turtlesUI:
 rancherTurtles:
   # image: registry.rancher.com/rancher/rancher/turtles
   image: registry.rancher.com/rancher/rancher/turtles
-  # imageVersion: v0.19.0
-  imageVersion: v0.19.0
+  # imageVersion: v0.20.0
+  imageVersion: v0.20.0
   # imagePullPolicy: IfNotPresent
   imagePullPolicy: IfNotPresent
   # namespace: Select namespace for Turtles to run.
@@ -22,7 +22,7 @@ rancherTurtles:
   # rancherInstalled: True if Rancher already installed is in the cluster, this is the preferred installation way.
   rancherInstalled: false
   # kubectlImage: Image for kubectl tasks.
-  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.30.3"
+  kubectlImage: "%%IMG_REPO%%/%%IMG_PREFIX%%kubectl:1.32.4"
   # features: Optional and experimental features.
   features:
     # day2operations: Alpha feature.
@@ -31,30 +31,26 @@ rancherTurtles:
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.19.0
-      imageVersion: v0.19.0
+      # imageVersion: v0.20.0
+      imageVersion: v0.20.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
       # etcdBackupRestore: Alpha feature. Manages etcd backup/restore.
       etcdBackupRestore:
         # enabled: Turn on (true) or off (false).
         enabled: false
-    # addon-provider-fleet: Beta feature for fleet addons.
-    addon-provider-fleet:
-      # enabled: Turn on or off.
-      enabled: true
-    # agent-tls-mode: Alpha feature for agent TLS.
+    # agent-tls-mode: Beta feature for agent TLS.
     agent-tls-mode:
       # enabled: Turn on or off.
-      enabled: false
+      enabled: true
     # clusterclass-operations: Alpha feature. Manages cluster class ops. Not ready for testing yet.
     clusterclass-operations:
       # enabled: Turn on or off.
       enabled: false
       # image: registry.rancher.com/rancher/rancher/turtles
       image: registry.rancher.com/rancher/rancher/turtles
-      # imageVersion: v0.19.0
-      imageVersion: v0.19.0
+      # imageVersion: v0.20.0
+      imageVersion: v0.20.0
       # imagePullPolicy: IfNotPresent
       imagePullPolicy: IfNotPresent
 
@@ -78,6 +74,14 @@ cluster-api-operator:
       configMap:
         # name: ConfigMap for clusterctl.
         name: clusterctl-config
+  resources:
+    manager:
+      limits:
+        cpu: 100m
+        memory: 300Mi
+      requests:
+        cpu: 100m
+        memory: 100Mi
   # image: registry.rancher.com/rancher/rancher/turtles
   image:
     manager:
@@ -123,7 +127,7 @@ cluster-api-operator:
       # enabled: Turn on or off.
       enabled: true
       # version: RKE2 version.
-      version: "v0.15.1"
+      version: "v0.16.1"
       # bootstrap: RKE2 bootstrap provider.
       bootstrap:
         # namespace: Bootstrap namespace.

release-manifest-image/Dockerfile

@@ -1,4 +1,4 @@
-#!BuildTag: %%IMG_PREFIX%%release-manifest:3.3.0
+#!BuildTag: %%IMG_PREFIX%%release-manifest:3.4.0
 ARG SLE_VERSION
 FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
 
@@ -7,11 +7,11 @@ FROM registry.suse.com/bci/bci-micro:$SLE_VERSION
 LABEL org.opencontainers.image.authors="SUSE LLC (https://www.suse.com/)"
 LABEL org.opencontainers.image.title="SUSE Edge Release Manifest"
 LABEL org.opencontainers.image.description="Release Manifest containing information about a specific SUSE Edge release"
-LABEL org.opencontainers.image.version="3.3.0"
+LABEL org.opencontainers.image.version="3.4.0"
 LABEL org.opencontainers.image.url="https://www.suse.com/solutions/edge-computing/"
 LABEL org.opencontainers.image.created="%BUILDTIME%"
 LABEL org.opencontainers.image.vendor="SUSE LLC"
-LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.3.0"
+LABEL org.opensuse.reference="%%IMG_REPO%%/%%IMG_PREFIX%%release-manifest:3.4.0"
 LABEL org.openbuildservice.disturl="%DISTURL%"
 LABEL com.suse.supportlevel="%%SUPPORT_LEVEL%%"
 LABEL com.suse.eula="SUSE Combined EULA February 2024"

release-manifest-image/release_manifest.yaml

@@ -1,13 +1,13 @@
 apiVersion: lifecycle.suse.com/v1alpha1
 kind: ReleaseManifest
 metadata:
-  name: release-manifest-3-3-0
+  name: release-manifest-3-4-0
 spec:
-  releaseVersion: 3.3.0
+  releaseVersion: 3.4.0
   components:
     kubernetes:
       k3s:
-        version: v1.32.3+k3s1
+        version: v1.32.4+k3s1
         coreComponents:
         - name: traefik-crd
           version: 34.2.1+up34.2.0
@@ -23,7 +23,7 @@ spec:
         - name: coredns
           containers:
           - name: coredns
-            image: rancher/mirrored-coredns-coredns:1.12.0
+            image: rancher/mirrored-coredns-coredns:1.12.1
           type: Deployment
         - name: metrics-server
           containers:
@@ -31,25 +31,25 @@ spec:
             image: rancher/mirrored-metrics-server:v0.7.2
           type: Deployment
       rke2:
-        version: v1.32.3+rke2r1
+        version: v1.32.4+rke2r1
         coreComponents:
         - name: rke2-cilium
-          version: 1.17.100
+          version: 1.17.300
           type: HelmChart
         - name: rke2-canal
-          version: v3.29.2-build2025030601
+          version: v3.29.3-build2025040801
           type: HelmChart
         - name: rke2-calico-crd
           version: v3.29.101
           type: HelmChart
         - name: rke2-calico
-          version: v3.29.200
+          version: v3.29.300
           type: HelmChart
         - name: rke2-coredns
-          version: 1.39.100
+          version: 1.39.201
           type: HelmChart
         - name: rke2-ingress-nginx
-          version: 4.12.100
+          version: 4.12.101
           type: HelmChart
         - name: rke2-metrics-server
           version: 3.12.200
@@ -89,7 +89,7 @@ spec:
         - prettyName: Rancher
           releaseName: rancher
           chart: rancher
-          version: 2.11.1
+          version: 2.11.2
           repository: https://charts.rancher.com/server-charts/prime
           values:
             postDelete:
@@ -123,22 +123,22 @@ spec:
         - prettyName: NeuVector
           releaseName: neuvector
           chart: neuvector
-          version: 106.0.0+up2.8.5
+          version: 106.0.1+up2.8.6
           repository: https://charts.rancher.io
           dependencyCharts:
             - releaseName: neuvector-crd
               chart: neuvector-crd
-              version: 106.0.0+up2.8.5
+              version: 106.0.1+up2.8.6
               repository: https://charts.rancher.io
           addonCharts:
             - releaseName: neuvector-ui-ext
               chart: neuvector-ui-ext
               repository: https://github.com/rancher/ui-plugin-charts/raw/main
-              version: 2.0.1
+              version: 2.1.3
         - prettyName: EndpointCopierOperator
           releaseName: endpoint-copier-operator
           chart: "%%CHART_REPO%%/%%CHART_PREFIX%%endpoint-copier-operator"
-          version: "%%CHART_MAJOR%%.0.0+up0.2.1"
+          version: "%%CHART_MAJOR%%.0.1+up0.3.0"
         - prettyName: Elemental
           releaseName: elemental-operator
           chart: oci://registry.suse.com/rancher/elemental-operator-chart
@@ -171,8 +171,8 @@ spec:
         - prettyName: Metal3
           releaseName: metal3
           chart: "%%CHART_REPO%%/%%CHART_PREFIX%%metal3"
-          version: "%%CHART_MAJOR%%.0.5+up0.11.3"
+          version: "%%CHART_MAJOR%%.0.9+up0.11.7"
         - prettyName: RancherTurtles
           releaseName: rancher-turtles
           chart: "%%CHART_REPO%%/%%CHART_PREFIX%%rancher-turtles"
-          version: "%%CHART_MAJOR%%.0.2+up0.19.0"
+          version: "%%CHART_MAJOR%%.0.4+up0.20.0"

sriov-network-operator-chart/_service

@@ -2,7 +2,7 @@
   <service mode="buildtime" name="kiwi_metainfo_helper"/>
   <service name="replace_using_env" mode="buildtime">
     <param name="file">Chart.yaml</param>
-    <param name="eval">CHAT_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
+    <param name="eval">CHART_PREFIX=$(rpm --macros=/root/.rpmmacros -E %{?chart_prefix})</param>
     <param name="var">CHART_PREFIX</param>
     <param name="eval">CHART_MAJOR=$(rpm --macros=/root/.rpmmacros -E %{?chart_major})</param>
     <param name="var">CHART_MAJOR</param>

upgrade-controller-chart/Chart.yaml

@@ -1,5 +1,5 @@
-#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.0_up0.1.1
-#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.0_up0.1.1-%RELEASE%
+#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.1_up0.1.1
+#!BuildTag: %%CHART_PREFIX%%upgrade-controller:%%CHART_MAJOR%%.0.1_up0.1.1-%RELEASE%
 apiVersion: v2
 appVersion: 0.1.1
 dependencies:
@@ -10,4 +10,4 @@ dependencies:
 description: A Helm chart for Upgrade Controller
 name: upgrade-controller
 type: application
-version: "%%CHART_MAJOR%%.0.0+up0.1.1"
+version: "%%CHART_MAJOR%%.0.1+up0.1.1"

upgrade-controller-chart/values.yaml

@@ -15,7 +15,7 @@ env:
     image: %%MANIFEST_REPO%%/%%IMG_PREFIX%%release-manifest
   kubectl:
     image: %%IMG_REPO%%/%%IMG_PREFIX%%kubectl
-    version: 1.30.3
+    version: 1.32.4
 
 imagePullSecrets: []
 nameOverride: ""