add sylva-logging-flows unit to create flow, clusterflow, output and clusteroutput !1983 ~"logging"

Verify the authenticity of kustomize-units OCIRepository artifact using Flux !1234

improve/fix disable-automountserviceaccounttoken Kyverno policy !3393

Rancher: Replace the deprecated "Restricted Admin" role with a custom role "All Clusters Admin" !2499

Lifecyle

• Update sylva-units-operator to v0.1.6 (patch) !3380 ~"renovate"
  

CAPO

• Update sylva-projects/sylva-elements/container-images/openstack-client Docker tag to v0.0.18 !3407 ~"renovate"
  
• Update dependency kubernetes-sigs/cluster-api-provider-openstack to v0.11.3 !3382 ~"renovate"
  
• Update Helm release ceph-csi-cephfs to v3.12.3 !3362 ~"renovate"
  
• Update Helm release openstack-cinder-csi to v2.31.2 !3099 ~"renovate"
  
• cleanup transitional units used to fix capo v1alpha8 CRD issues !3397 ~"type::cleanup"
  
• capo/capm3: don't enable ubuntu-jammy-hardened-rke2 image by default !3438 ~"capm3"
  
• restart the pods for openstack-cinder-csi-nodeplugin after changes in openstack credentials !3503
  

CAPD

• fix rke2 capd container image !3489 ~"rke2" ~"type::bug"
  

CAPM3

• Update dependency metal3-io/cluster-api-provider-metal3 to v1.8.3 !3411 ~"renovate"
  
• Update dependency https://gitlab.com/sylva-projects/sylva-elements/helm-charts/sylva-dashboards.git to v0.0.14 !3364 ~"monitoring" ~"renovate"
  

RKE2

• Add kyverno policy to fix jobs security context !3304
  
• Cleanup workaround for rke2-metrics-server upgrade !3396 ~"type::cleanup"
  
• cleanup: remove now useless 'cluster-rke2-migrate-legacy-etcd-certs' unit !3425 ~"type::cleanup"
  
• cleanup: remove now useless 'kyverno-policy-delete-kubernetes-vip-svc' unit !3424 ~"type::cleanup"
  
• Let Flux manage Calico on RKE2 !3218
  

Kubeadm

• remove tigera-clusterrole unit as no longer needed !3248 ~"type::cleanup"
  

OKD/OpenShift

• Update OpenShift CAPI from 0.1.5 to 0.2.0 with CAPI CRD name change !3383
  
• fix RBAC for CAPI cluster-garbage-collector CronJob, for OKD !3445
  

CI

• Update dependency renovate-bot/renovate-runner to v19.50.3

  • Update dependency renovate-bot/renovate-runner to v19.28.1 !3399 ~"renovate"

  • Update dependency renovate-bot/renovate-runner to v19.41.2 !3442 ~"renovate"

  • Update dependency renovate-bot/renovate-runner to v19.49.2 !3490 ~"renovate"

  • Update dependency renovate-bot/renovate-runner to v19.50.3 !3513 ~"renovate"
    

Update CI VALUES REVISION to 0.4.26 and update sriov-network-operator enable condition !3453

Support upgrade from 1.2.1 to main in CI !3400

Add k8s cronjobs testing in CI !3324

Introduce a new sylva-units-tests-status !3332 ~"Test"

debug-on-exit.sh: use 'timeout' for remote_command !3412

debug-on-exit.sh: remove log-related useless remote_commands !3422 ~"type::cleanup"

avoid race condition resulting in missing neuvector OIDC configuration !2721 ~"Test"

CI: Add login tests for minio-logging and minio-monitoring !3415 ~"logging" ~"monitoring"

CI: adjust what Secrets are whitelisted by leak-report tool !2846 ~"security"

Improve execution time for debug-on-exit !3410

Minor fix in cronjob-test artifacts path !3439

add yamllint rule to force unix LF !3451

CI: fix cronjob-test.sh for workload clusters when there is no cronjob !3457

Fix OS selection in CI - Do not fallback to Ubuntu if unknown value !3471

Bump CI values to 0.4.27 !3492

Avoid breaking deployment pipelines on test-unit failures !3485

fix regression in rework of tools/oci/artifact_utils.py !3517

CI: Fix CAPO misc failure on flux-webui and gitea !3515

Cleanups

• remove transition code for upgrade from 1.1.1 to adust how the root dependency is handled for HelmReleases !3428
  
• cleanup: remove transition code for sylva-units HelmRelease and GitRepository !3419
  

Other

• Update Kubernetes patch versions to 1.30.7/1.29.11, and align calico and ingress-nginx

  • update Kubernetes patch versions to 1.30.6, 1.29.10, 1.28.15 and align calico + ingress-nginx !3432

  • update Kubernetes patch versions to 1.30.7/1.29.11, and align calico and ingress-nginx !3475
    

Update dependency https://gitlab.com/sylva-projects/sylva-elements/helm-charts/capi-rancher-import.git to v0.1.10 !3437

make root-dependency job quicker !3290

Add CNPG unit for Postgres Operator !3305

cleanup minio-cleanup-pre-upgrade and thanos-uninstall-pre-upgrade !3409

apply scripts - avoid race conditions in how sylva-units HelmRelease is updated !2751

Cleanup metallb not needed unit after 1.2.1 !3416

apply scripts: output fix (remove --log) !3427

FluxCD: upgrade apiVersions for HelmRelease and HelmRepository !3404

add support for Kubernetes 1.30 !3103

fix apply-workload-cluster.sh, namespace not found !3430

Remove enabled condition from keycloak-add-client-scope unit !3376

remove support of k8s version 1.27 !3134

move neuvector ns definition to namespace-defs unit !3436

enable rancher-webhook HA policy on workload cluster !3317

enable drift detection on sylva-units HelmRelease !3433

joblog added to harbor-jobservice's pvc specific values !3037

Fix policy exception for neuvector !3446

sylva-units: fix typo in comment !3448 ~"docs::fix"

allow Kyverno policies webhooks in kube-system / fix policies related to rke2 HelmCharts !3347

Introduce HA PostgresQL DB for Keycloak (+ migration) !3308

Fix cnpg-keycloak db name !3480

improve sylva-units-tests-status Kustomization dependencies: no need to have it uselessly depend on cluster !3447

Enable keycloak-postgres only if keycloak is enabled !3487

cluster-garbage-collector: produce events in sylva-system, not in the cluster namespace !2925

use Git as source for bitnami Helm charts !3494

disable prune for cluster-vip service and kustomization !3440

Avoid breaking deployment pipelines on test-unit failures !3519

Other dependency upgrades

• Update curlimages/curl Docker tag to v8.11.1

  • Update curlimages/curl Docker tag to v8.11.0 !3247

  • Update curlimages/curl Docker tag to v8.11.1 !3472
    

Update python Docker tag to v3.13.1 !3429

Update dependency https://github.com/rancher/local-path-provisioner.git to v0.0.30 !3053

Update kube-vip Docker tag to v0.8.7 !3331

Update Helm release cert-manager to v1.15.4 !3323

Update sylva-projects/sylva-elements/container-images/ci-image Docker tag to v1.0.53 !3449

Update dependency sylva-projects/sylva-elements/diskimage-builder to v0.3.8 !3462

Update dependency https://gitlab.com/sylva-projects/sylva-elements/helm-charts/metallb-resources.git to v0.0.4 !3474

Update registry.gitlab.com/python-gitlab/python-gitlab Docker tag to v5.2.0 !3387

Update docker Docker tag to v27.4.0 !3455

Update registry.gitlab.com/sylva-projects/sylva-elements/container-images/sylva-toolbox Docker tag to v0.6.2 !3426

Update cluster-api & capd-manager to v1.8.6 (patch) !3314

Contributors

Pierrick Seite, Alin H, Bogdan Antohe, Daniel Anton, Thomas Morin, Samuel Bartel, François-Régis Menguy, Alain Thioliere, Sakshi Choudhary, Loic Nicolle, Cristian Manda, Jianzhu Zhang, Nikhil Sethi, Yiping Chen, Médéric de Verdilhac, Francois Eleouet, Zaharia Mihai, Dragos Gerea, Akshay yadav