Merge Requests integrated in this release

427 merge requests were integrated in this repo between a09410c63ca84f6c050b6f44b99132ad0dd28c21 and 1.5.0.
These notes don't account for the MRs merged in secondary repos.

Networking

• Update Helm chart metallb to v0.15.2 !4560 ~"renovate"
  
• Optimize Calico MTU in OpenStack context !4471 ~"capo" ~"type::enhancement" (issues: #2369)
  
• Automatically enable frr-k8s when needed !4340 (issues: #2352)
  
• Cleanup externalIPs specification !4878 ~"type::cleanup" (issues: #2628)
  
• Adding 'goldpinger' for pod to pod networking observability !4686 ~"type::feature" (issues: #2527)
  
• Add a unit to clean-up multus cache files on nodes !4840 ~"has-backport-issue-1.3.x" ~"has-backport-issue-1.4.x" ~"type::bug"
  
• Align rke2-multus chart version with RKE2 validated versions !5167 ~"rke2" (issues: #2612)
  
• Use custom image for metallb speaker !5203 (issues: #2726)
  
• prevent multiple multus-cleanup crashes !5359 ~"type::bug" (issues: #2780)
  
• Add units to support correct Multus uninstallation !4929 (issues: #2252)
  
• Enable drift detection for metallb HR !4955 ~"area:networking" ~"cluster-lifecycle" (issues: #2238)
  
• Use secret to store metallb-resources values !5453 ~"area:security" (issues: #2841)
  

OpenStack ~capo

• Update Sylva Helm chart sync-openstack-images to v0.6.0 ~"renovate" !4628 !5195 !5395
  
• Update Helm chart openstack-cinder-csi to v2.33.1 ~"renovate" !4587 !4934
  
• Update dependency k-orc/openstack-resource-controller to v2.2.0 !4601 ~"renovate"
  
• Update sylva-elements/container-images/openstack-client container to v0.1.1 ~"renovate" !4644 !4669 !5580
  
• Update dependency kubernetes-sigs/cluster-api-provider-openstack to v0.12.5 ~"has-backport-issue-1.4.x" ~"renovate" !4713 !5435
  
• Update heat-operator to v0.2.1 !5366 ~"renovate"
  
• Optimize Calico MTU in OpenStack context !4471 ~"Networking" ~"type::enhancement" (issues: #2369)
  
• Move capo-network-resources kube-job script to separate file !4943 ~"type::cleanup" (issues: #2620)
  
• improve timeout/retries behavior for sync-openstack-images !4696 (issues: #2232)
  
• Fix backing up capi resources adding orc-manager-role role to clusterctl !5452 ~"area:backup-restore" (issues: #2852)
  
• bootstrap pivot: don't let Flux override the HeatStack.spec.suspend field !5510
  

CAPD ~capd

• Fix capd rke2 deployments !4742 ~"rke2" (issues: #2564)
  

Baremetal ~capm3

• Update sylva-elements/container-images/libvirt-metal to v0.2.1 ~"renovate" !4618 !4647
  
• Update dependency metal3-io/cluster-api-provider-metal3 to v1.9.4 !4615 ~"renovate"
  
• Update Helm chart metal3 to v0.12.7 ~"renovate" !4673 !5504
  
• Update dependency metal3-io/ip-address-manager to v1.10.2 !5393 ~"renovate"
  
• Set one_shot on refresh-metal3machinetemplates unit !4746 (issues: #2586)
  
• Prevent duplicate BMC Addresses for BareMetalHosts !4846 (issues: #2311)
  
• Unpause BareMetalHosts in target cluster after pivot !4976 (issues: #2684)
  
• CI: use ci-deployment-values with cluster-maxunavailable enabled for capm3 misc workload clusters !5165
  
• Single Node Edge examples !4881 ~"docs" ~"docs::values" (issues: #2629)
  
• Make sure resources are not part of the latest cluster generation before garbage-collecting them !5410 ~"type::bug" (issues: #2820)
  
• Refactor and fix clusterctl role to backup capi resources !5534 ~"area:backup-restore" (issues: #2909)
  

VSphere ~capv

• Update dependency kubernetes-sigs/cluster-api-provider-vsphere to v1.13.1 !4716 ~"renovate"
  
• Update dependency kubernetes-sigs/vsphere-csi-driver to v3.5.0 !4681 ~"renovate"
  

Monitoring

• Update Sylva Helm chart sylva-dashboards to v0.1.0 !4623 ~"renovate"
  
• Update Sylva Helm chart sylva-alertmanager-resources to v0.1.0 !4621 ~"renovate"
  
• Update Sylva Helm chart sylva-snmp-resources to v0.1.0 !4626 ~"renovate"
  
• Update Sylva Helm chart sylva-prometheus-rules to v0.1.3 ~"renovate" !4625 !5573
  
• Update Sylva Helm chart sylva-thanos-rules to v0.2.0 !4627 ~"renovate"
  
• Update Helm chart alertmanager-snmp-notifier to v2.1.0 ~"renovate" !4456 !4894 !5187
  
• Update Helm chart prometheus-pushgateway to v3.4.1 ~"renovate" !4584 !4901
  
• Update Helm chart prometheus-snmp-exporter to v9.6.2 ~"renovate" !4455 !4733 !4892 !4938 !5014
  
• Update rancher-monitoring to v105.2.1+up66.7.1-rancher.14 !4720 ~"renovate"
  
• Update Helm chart k8s-ephemeral-storage-metrics to v1.18.1 !5159 ~"renovate"
  
• Update Helm chart kepler to v0.6.1 !4888 ~"renovate"
  
• Quote env values for Thanos cleanup script !4697
  
• Add k8s-ephemeral-storage-exporter unit !4609 (issues: #2175)
  
• Add needed FQDNs to thanos cert !5023 (issues: #2642)
  
• Fix Goldpinger's http target connectivity issue !5033 ~"Goldpinger" ~"type::bug" (issues: #2700)
  
• Enable thanos-bucketweb !4841 (issues: #2597)
  
• Add RKE2 etcd monitoring !4927 (issues: #2647)
  
• Fix grafana UI test !5354 (issues: #2764)
  
• Update Thanos image and flags !5383
  
• Disable Rancher prometheus-adapter !5401 ~"has-backport-issue-1.4.x"
  
• Disable monitoring stack rules in management cluster Prometheus !5429 (issues: #1983)
  

Logging

• Update Sylva Helm chart sylva-logging-flows to v0.1.0 !4624 ~"renovate"
  
• Update rancher-logging to v105.3.1+up4.10.0-rancher.6 !4719 ~"renovate"
  
• Update github.com/grafana/loki to v3.5.3 ~"renovate" !4866 !4917
  
• Update github.com/kube-logging/logging-operator to v6 !5024 ~"renovate"
  
• add X-scope-OrgID to Loki datasource !4598 (issues: #2388)
  
• Increase ingestion rate config in loki !4600 (issues: #2482)
  
• rancher logging/monitoring chart version updates compatible with rancher 2.11.x !4940 (issues: #2660)
  
• Enable New logging unit to deploy components from logging-operator from upstream helmchart kube-logging !3577
  
• ensure that logging-operator image version is the same as the Git tag !5164
  
• Modify the enabled_conditions in loki-credentials-secret unit !4923 (issues: #2631)
  
• Tune Fluentd/Loki buffer management and sync for better resilience !5247 (issues: #2766)
  
• Add precondition to prevent loki HelmRelease reconciliation policy errors !5319 ~"kyverno" (issues: #2752)
  
• Create missing Loki datasource in workload clusters !4708 (issues: #2552)
  
• Ignore drift detection on PrometheusRule CR generated by Loki HelmRelease !5315 (issues: #2746)
  
• deploy Loki Helm chart from Helm repo instead of Git !5400 (issues: #2769)
  

Storage

• Update longhorn to v105.2.1+up1.8.2 !4718 ~"renovate"
  
• Update github.com/rancher/local-path-provisioner to v0.0.32 !4954 ~"renovate"
  
• Add liveness and readiness probe to nfs-ganesha POD !4651 (issues: #2513)
  
• ensure sane behavior of minio-operator !4738
  
• Upgrade NFS-Ganesha to v6.5 to fix issue where it becomes unresponsive !4863 (issues: #2477)
  
• Update NFS-Ganesha image tag (fix excessive log generation) !4928 ~"has-backport-issue-1.3.x" ~"has-backport-issue-1.4.x" (issues: #2637)
  
• longhorn: use 106.x chart (remaining on Longhorn 1.8.x) !5362
  
• Make two-replicas-storageclass depend on available Longhorn nodes !5391 ~"type::bug" (issues: #2816)
  
• Add Kyverno policy to enforce staleReplicaTimeout=60 on Longhorn Volumes !5482 ~"has-backport-issue-1.4.x" (issues: #2520)
  
• [backport-1.5] NFS-Ganesha: update vfs.conf to disable ID mapping !5695 ~"area:storage"
  

Security

• Update Helm chart kyverno to v3.4.4 ~"renovate" !4296 !4729
  
• Update github.com/bank-vaults/vault-operator to v1.23.0 !4834 ~"renovate"
  
• Update rancher-cis-benchmark to v106 !4156 ~"renovate"
  
• Update Helm chart trivy-operator to v0.30.0 !4594 ~"renovate"
  
• Update dependency keycloak/keycloak-k8s-resources to v26.3.3 !4225 ~"renovate"
  
• Set keycloak log levels to enable logging user events and admin events !4848 (issues: #2606, #1944)
  
• Option to use openbao !3401 (issues: #1237)
  
• Enable validating-admission-policies unit for a workload cluster !5426 (issues: #2822)
  

Lifecyle

• Update workload-cluster-operator to v0.5.0 ~"renovate" !4617 !4717 !5351
  
• Update sylva-units-operator to v0.3.6 ~"renovate" !4616 !4890 !5406 !5581
  
• Enable drift detection for metallb HR !4955 ~"Networking" ~"area:networking" (issues: #2238)
  

RKE2

• Update Helm chart rke2-multus to v4.2.102 !4586 ~"renovate"
  
• Update dependency rancher/cluster-api-provider-rke2 to v0.19.0 ~"renovate" !4570 !4732 !5193
  
• Cleanup Kyverno policy for RKE2ControlPlane nodeDeletionTimeout !4512 ~"type::cleanup" (issues: #2126)
  
• Fix capd rke2 deployments !4742 ~"capd" (issues: #2564)
  
• Align rke2-multus chart version with RKE2 validated versions !5167 ~"Networking" (issues: #2612)
  
• delete helmchart rke2-calico-crd if present !5202 ~"type::cleanup" (issues: #2716)
  

Kubeadm

• Enable coredns unit in kubeadm !4777 ~"has-backport-issue-1.4.x"
  
• Add VIP to ingress-nginx LB Service annotations !4975
  

OKD/OpenShift

• Update OpenShift CAPI provider to v0.3.4 !4389
  
• Update dependency openshift/assisted-service to v2.40.1 !4886 ~"renovate"
  
• Disable drift detection for coredns ConfigMap !4906 (issues: #2602)
  
• Update OKD workload values to work with the new CAPI version !4953
  
• Pin RHCOS to 4.19.0 !5251
  
• Add scc for Goldpinger in OKD context !5254 (issues: #2743)
  
• Add sshAuthorizedKey in okd-capm3-virt !5470 ~"area:capi" ~"type::bug" (issues: #2859)
  

Bug Fixes

• Use custom image for metallb controller !4958 (issues: #2671)
  
• Fix external certificate key used for goldpinger !5459 ~"area:networking"
  

Other

• Deactivate managed-system-upgrade-controller Rancher feature !4632 (issues: #2498)
  
• cleanup now-useless dep of 'cluster' unit to Kyverno cluster delete prevention policy !4577
  
• expose kube-jobs's deadlines and backofflimits as substitution variables !4643
  
• Enable per-unit timeout (optional) !2383 (issues: #1270)
  
• Flux take over coredns deployment !4575 (issues: #2451)
  
• automatic refresh of local management-cluster-kubeconfig file !4655 (issues: #2509)
  
• allow get_image_refs.py to map images to units using mapping rules !4638
  
• exclude kyverno's namespace from kyverno's webhook configurations !4688
  
• Enable Kyverno CRD watcher feature !4595 (issues: #1899, #2341)
  
• tools/get_image_refs.py: validate rules files, fix rule file !4704 (issues: #2556)
  
• Enable vmRolloutStrategy: LiveUpdate for seamless VM upgrades !4649 ~"kubevirt" (issues: #2508)
  
• Make Kubevirt test VMs parameters configurable more easily !4645 ~"kubevirt" (issues: #1795)
  
• Allow to disable the cluster schema validation at sylva-unit helm-release level !4745 (issues: #2471)
  
• reduce history of HelmReleases to 2 !4679
  
• Fix MinIO operator Kyverno policy, in order to check for deployment existence !4599 (issues: #2490)
  
• Use new sylva-library tags for main !4770
  
• Make sure that workload clusters are unpaused !4744 (issues: #2580)
  
• Add support for worker_node_count in cluster values !4605 (issues: #2488)
  
• Upgrade kunai version !4727 (issues: #2568)
  
• Upgrading ExternalSecret operator CRDs to recent apiVersions !4648 (issues: #2506)
  
• Allow traffic to the http port 6180 of ironic image server !4832 (issues: #2594)
  
• Remove gateway property duplicate from capm3 values.yaml !4833 (issues: #2593)
  
• Add Crossplane provisioner for Keycloak !3104 (issues: #2186)
  
• Use external-secrets apiVersion V1 on crossplane-init !4844
  
• Add enabled-units to sylva-units-status !4851
  
• Add roleTemplates in Rancher to view/manage sriovnetworks !4837 (issues: #2537)
  
• Fix node_count and worker_node_count evaluation in CI !4850 (issues: #2600)
  
• Add suspend values layer !4865
  
• deps-project-tool.py: support rke2-in-docker (+ a small fix) !4864 ~"CI::tooling"
  
• Refactor Kyverno policies, in order to remove deprecated fields !4589 ~"type::enhancement" (issues: #2356)
  
• parametrize APIServer arguments !3388 (issues: #169)
  
• compute unit timeout per cp/md node !4652 (issues: #2373)
  
• Fix Kyverno policy background scan failures for non-existent default ServiceAccounts !4911 ~"has-backport-issue-1.4.x"
  
• Fix sylva-units drift detection !4919 (issues: #2641)
  
• Upgrade KubeVirt Manager to v1.5.0 !4701 ~"kubevirt" (issues: #2546, #2633)
  
• Avoid getting irrelevant logs from rancher-turtles !4924
  
• Enable VMExport Feature Gate in KubeVirt !4568 ~"kubevirt" (issues: #2465)
  
• add support of K8s 1.32 in Sylva !4588 (issues: #2449)
  
• Upgrade all CAPI infra providers to be compatible with 1.10 generation !4859 (issues: #2566)
  
• remove support of k8s-1.29 !4941 (issues: #2448)
  
• Make wkld-firewall-verify working with OKD !4922 ~"CI::functional-tests" ~"Test"
  
• Backup rancher data using the rancher-backup operator !4583 (issues: #2456)
  
• Updated kube-job defaults for activeDeadlineSeconds and backoffLimit !4700 (issues: #2539)
  
• fix use of unreleased version of Sylva diskimage-builder !4960
  
• Add a flux kustomisation for sylvactl bootstrap !4612
  
• Use different storage to store WAL for CNPG keycloak !4520 (issues: #2358)
  
• Fix grafana login test using hurl !4963 (issues: #2674)
  
• Use a custom kube-job image for pivot, in order to fix capm3 deployments !4981
  
• revert Flux source-controller version override !4964
  
• add misc-controllers-suite to introduce cluster-maxunavailable controller !4853
  
• Revert "Updated kube-job defaults for activeDeadlineSeconds and backoffLimit" !5006 (issues: #2693)
  
• canonical-k8s: align Sylva CI runs and env values with the other providers !4978
  
• Use provider-id-blacklist controller !4952 (issues: #2655)
  
• Decrease Longhorn default disk storage reserved percentage !5000 (issues: #2690)
  
• Fix typo in merge request template !5021
  
• Modifying the request/limit for deployment source-controller, available at... !4977
  
• Increase memory limit of multus-cleanup pods !5160 (issues: #2706)
  
• Fix firewall test job in workload cluster !5032 (issues: #2704)
  
• minor: make tools/generate_csr.sh and tools/get_image_refs.py executable !5166
  
• Revert "Update Helm chart crossplane to v2" !5169
  
• Upgrade kubevirt manager to 1.5.1 !4972 ~"kubevirt" (issues: #2681, #2167)
  
• Enhance the reliability of rke2-metrics-server deployment !4228 (issues: #1857)
  
• have 'cluster' unit depend on 'os-images-info' unit (capo/capm3) !5171 (issues: #2703)
  
• update Kubernetes patch versions to 1.32.7, 1.31.11, 1.30.14 !4942 (issues: #2589)
  
• Add a script to get (compressed) size of a list of container images !5178
  
• Improve check_args() validation and error messaging !4689 (issues: #2536)
  
• Update CAPI garbage collector script !4514 (issues: #2320)
  
• minor changes to tools/get_network_footprint.py !5201
  
• refactor global timeout when per-unit timeout is enabled !5190 (issues: #2721)
  
• Various fixes of trivy operator !4406 (issues: #2350)
  
• Update to sylva-toolbox v1.0.0 !5223
  
• make Vault version detectable by tools/generate_units_documentation.py !5239 (issues: #2738)
  
• Removing kubevirt manager version label !5208 (issues: #2730)
  
• Dynamically set /etc/hosts of OS for management services !4410 (issues: #2288)
  
• Align Leap Micro images naming format and k8s versions !5253
  
• Change repository to bitnami legacy !5324
  
• Make preview compatible with workload clusters !5011
  
• Prevent calico from installing CNI binaries concurrently with Multus !5260 (issues: #2741)
  
• Create keycloak namespace using new keycloak-init unit !4762
  
• Fix management-cluster-kubeconfig search in debug-on-exit.sh !4490
  
• enable sylvactl per-unit timeout by default !4879 (issues: #2374)
  
• Enable a Minimal Velero Installation (CRD + Controllers) !4418 ~"backup"
  
• Add Node Affinity to kubevirt-test-vms Unit VMs to restrict scheduling to worker nodes !4608 (issues: #2489)
  
• Add OpenNebula/CAPONE infrastructure provider !4474 ~"opennebula" (issues: #2547)
  
• Create vault namespace using new vault-init unit !4773
  
• allow providing a custom values file to bootstrap !5330
  
• update kube-job retry parameters !5377 (issues: #2539, #2216)
  
• Increase the memory Limit for Flux source controller to 2.5Gi !5396 ~"type::enhancement"
  
• Explicit dependency between workload cluster operator and external secret operator !5407
  
• make cluster-garbage-collector emit event in the same namespace as the involved object !5408 ~"area:capi"
  
• set prune false for crd units !5389 (issues: #2813)
  
• Disable unused kyverno controllers during bootstrap !4757
  
• update k8s patch versions (main) - 1.30.14 (rke2r2), 1.31.12, 1.32.8 !5346 (issues: #2776)
  
• Reconfigure keycloak postgresql DB !5360 (issues: #2773, #2650)
  
• Enable drift detection for cluster HelmRelease !4758 ~"area:capi" (issues: #1812)
  
• Add unhealthyPodEvictionPolicy to keycloak PDBs !5425 (issues: #2835)
  
• Increase default sylva-units reconcile timeout !5428 (issues: #2837)
  
• Allow RandomSecret to verify that secret exists !5419 ~"bug-workaround::identified" ~"security::credentials" (issues: #2832)
  
• Significantly increase flux controllers memory limits !5447 (issues: #2837)
  
• debug-on-exit.sh: add MachineSets !5457
  
• Disable cluster-garbage-collector !5463 ~"has-backport-issue-1.4.x"
  
• CAPI: ensure that cluster-max-unavailable is effective before updating 'cluster' unit !5461
  
• update vsphere-cpi unit version for 1.31.0 !5473 (issues: #2864)
  
• Apply least-privileges to vault policies !4329 ~"security::hardening"
  
• point Kyverno policyReportsCleanup image to bitnamilegacy instead of deleted bitnami !5524
  
• Fix dependencies when using sylva-ca component !5481 ~"area:units-framework" (issues: #2868)
  
• [backport-1.5] bootstrap: use increased memory for flux controllers, as in mgmt cluster !5640 (issues: #2952)
  
• [backport-1.5] Upgrade Longhorn after waiting for volumes to be healthy !5641 (issues: #2953)
  
• [backport-1.5]: use management cluster proxy for mgmt-run kube-jobs !5677 (issues: #2911)
  
• [backport-1.5] increase per unit timeout for rancher !5609
  
• [backport-1.5] Add deployment existence check to Grafana OIDC restart policy !5710 ~"backport" ~"kyverno" (issues: #2967)
  
• [release-1.5] upgrade Kubernetes to 1.32.9, 1.31.13 !5659 (issues: #2962)
  

Other dependency upgrades

• Update sylva-elements/container-images/oci-tools container to v0.2.2 !4633 !4753 !5579
  
• Update Sylva Helm chart os-image-server to v2.5.0 !4620 !5394
  
• Update Sylva Helm chart sylva-capi-cluster to v0.11.15 !4622 !4979 !5221 !5312 !5325 !5382 !5414 !5476 !5572
  
• Update Sylva Helm chart capo-contrail-bgpaas to v1.2.0 !4619
  
• Update Sylva Helm chart workload-team-defs to v0.3.3 !4629 !4725 !4885 !5456
  
• Update heat-operator to v0.2.0 !4631
  
• Update kube-job to v1.3.5 !4610 !4905 !5578
  
• Update Helm chart cert-manager to v1.18.2 !4591 !4662 !4836
  
• Update curlimages/curl container to v8.15.0 !4611 !4891
  
• Update Helm chart kepler to v0.6.0 !4338 !4450
  
• Update dependency fluxcd/flux2 to v2.6.4 !4541 !4740
  
• Update Helm chart jiralert to v1.8.1 !4684 !4933
  
• Update kube-vip container to v0.9.2 !4709
  
• Update container-images/sylva-toolbox container to v1.0.6 !4667 !5220 !5241 !5571
  
• Update dependency kubernetes-sigs/cluster-api to v1.9.10 !4478
  
• Update Helm chart external-secrets to v0.19.2 !4419 !4847 !4989 !5183
  
• Update Helm chart cloudnative-pg to v0.26.0 !4496 !4988 !5188
  
• Update dependency sylva-projects/sylva-elements/diskimage-builder to v0.5.11 !4630 !4887 !5575
  
• Update Helm chart harbor to v1.17.1 !3599
  
• Update Helm chart rancher to v2.11.3 !4937
  
• Update quay.io/kubevirt/cirros-container-disk-demo container to v1.6.0 !4663 !4992
  
• Update ghcr.io/kube-vip/kube-vip container to v1 !4994
  
• Update Helm chart sylva-library to v0.6.3 !4991 !5387 !5576
  
• Update Helm chart rancher-turtles to v0.22.0 !4473
  
• Update python container to v3.13.7 !5027 !5184
  
• Update Helm chart crossplane to v2 !5030 !5031 !5189
  
• Update sylva-toolbox & ci-image to v1.3.1 !5185
  
• Update sylva-elements/container-images/keytool-image container to v0.2.1 !4893
  
• Update Helm chart kunai to v2.1.2 !5213
  
• Update rancher-backup to v106 !5008
  
• Update dependency sylva-projects/sylva-elements/kiwi-imagebuilder to v0.2.3 !5374
  
• Update pre-commit hook renovatebot/pre-commit-hooks to v41.122.3 !5370 !5372 !5556
  
• Update dependency gitlab.com/sylva-projects/sylva-elements/misc-controllers-suite to v1.1.2 !5430
  
• Update Helm chart k8s-ephemeral-storage-metrics to v1.18.2 !5439
  
• Update Helm chart kubevirt to v0.6.0 !5326
  
• Update dependency sylva-projects/sylva-elements/ci-tooling/runner-aas to v1.2.3 !5574 !5653
  
• Update misc-controllers-suite to v1.1.5 !5577 !5628
  
• Update sylva-elements/ci-tooling/ci-deployment-values to v0.5.26 !5611 !5658 !5712
  
• Update Helm chart velero to v10.1.3 !5673
  
• Update sylva-toolbox & ci-image !4534
  
• Migrate renovate config !4999
  
• Update kube-job !4986
  
• Update kube-job !5310
  
• Update sylva-toolbox & ci-image !5404
  

Documentation

• Single Node Edge examples !4881 ~"capm3" (issues: #2629)
  

Cleanups

• sylva-units _os-images.tpl code cleanups !4281 (issues: #1322)
  
• Cleanup Kyverno policy for RKE2ControlPlane nodeDeletionTimeout !4512 ~"rke2" (issues: #2126)
  
• simplify capi-providers-pivot-ready !4576
  
• cleanup one-shot units of Sylva 1.4 !4678
  
• Add kube-job helpers and extract scripts !4676
  
• extract kube-job scripts from management and workload cluster values !4730
  
• move sylva registry configuration to sylva-library !4829 (issues: #2325)
  
• Cleanup securityContext patches !4880
  
• Move capo-network-resources kube-job script to separate file !4943 ~"capo" (issues: #2620)
  
• Cleanup externalIPs specification !4878 ~"Networking" (issues: #2628)
  
• extract kube-job scripts from bootstrap values !4956 (issues: #2670)
  
• Remove obsolete rancher-logging references !5028
  
• simplify misc-controllers-suite ENABLE_* settings !5163
  
• delete helmchart rke2-calico-crd if present !5202 ~"rke2" (issues: #2716)
  

CI

• Update quay.io/kubevirt/cirros-container-disk-demo container to v1.4.1 !4483 ~"kubevirt" ~"renovate"
  
• Update dependency renovate-bot/renovate-runner to v24 ~"renovate" !4685 !4902
  
• Update dependency to-be-continuous/gitleaks to v2.8.0 ~"renovate" !4845 !5186
  
• Update dependency sylva-projects/sylva-elements/ci-tooling/ci-templates to v1.0.43 ~"renovate" !4870 !5257 !5467
  
• Factorize code used to compute SYLVA_CI_VERSIONED_CI_VALUES_FOLDER !4597
  
• Merge image-ref-reports for successful cluster deployments !4592 ~"security"
  
• Update CI configuration for release-1.4 !4607
  
• tools/openstack-cleanup.sh: fix corner case, improve output detail !4614 ~"capo" ~"type::cleanup" (issues: #2495)
  
• Define few nightly pipelines to test per-unit timeout !4650
  
• Allow to filter pipeline report with a regex !4654
  
• Replace spec.running with spec.runStrategy in KubeVirt VM specs !4642 ~"kubevirt" (issues: #2479)
  
• Fix machine dump for capm3 deployment !4602 (issues: #2474)
  
• Remove drift correction test exception for metallb-resources !4290 (issues: #2285)
  
• Revert "Update .../container-images/openstack-client to v0.1.0" !4668 ~"capo"
  
• Resolve "fix test_rancher_sso.py to manage both Rancher and Rancher Prime" !4728 (issues: #2569)
  
• Make metal3 explicitly depend on libvirt-metal during capm3-libvirt bootstrap !4739 ~"capm3"
  
• add tools/deps-project-tool.py to manage branches, tags in sylva-elements repo !4613
  
• add support for sylva-library to tools/deps-project-tool.py !4767
  
• Cleanup code in login-test.yml !4572 ~"type::cleanup" (issues: #2419)
  
• Improve openstack-cleanup script, in order to check for volumes in creating state !4823 ~"capo" ~"type::enhancement" (issues: #2581)
  
• Allow to retrieve external kubeconfig !4754
  
• Fix report to handle multiple releases !4839
  
• Set CAPO_TAG if DEPLOYMENT_INFRA_PROV contain capo pattern !4854
  
• Add one shot unit to clean up test VMs before upgrade !4750 ~"kubevirt" (issues: #2579)
  
• Improve the test of the firewall in CI !4828 ~"security" (issues: #2398)
  
• Enable OKD workload in CI with OpenShift CAPI provider v0.3.4 !4542 ~"okd"
  
• Display unit test report summary in pipeline summary bot comment !4925
  
• Set trace env variable directly in CI config !4970
  
• CI: Add domain into no_proxy env !5168 (issues: #2709)
  
• Update Deployment Pipelines Generation Guide and MR template with new options !4926 ~"docs" ~"okd"
  
• fix: tools/get_network_footprint.py mediatypes and failure handling !5197
  
• CI: Collect all the logs on cronjob test !5200
  
• replace custom pre-commit hook script in favor of pre-commit framework !4861
  
• Test MetalLB BGP in CI !5009 ~"Networking" (issues: #2510)
  
• check calicoctl version match !5218 ~"Networking" (issues: #2172)
  
• Update summary job don't need previous jobs artifacts !5240
  
• always print clusterctl and sylva toolbox versions checked for misalignment in CI !5255
  
• Cleanup firewall CI test code !5192 ~"type::cleanup"
  
• run version check CI jobs only if related files are changed !5256 (issues: #2739)
  
• Fix some linters gitlab ci rules !5308 ~"type::bug"
  
• CI: add a leapmicro scenario (on capo) !5321 ~"immutable-os" (issues: #2751)
  
• Add OKD to renovate deployment pipelines !5313 ~"okd"
  
• Configure preconfigured renovate pipeline with any labels and add OKD config !5338 (issues: #2770)
  
• Add OKD scheduled pipeline !5345 ~"okd" (issues: #2747)
  
• avoid downloading sylva-toolbox when already present via ci-image !5339 (issues: #2767)
  
• Validate renovate configuration with pre-commit !5244
  
• Fix "|" character handling in pipelines report !5378 (issues: #2803)
  
• Display values and kustomization content after flavored deployment configuration !5384
  
• Clean per-units timeout scheduled pipelines !5386 ~"type::cleanup"
  
• Don't run gitleaks on scheduled pipelines !5399
  
• Configure capo runs to use the new runner tags for tests and cleanup !5392 ~"capo"
  
• Prevent deadlocking gitlab runner with the keep deployment runner busy job !5422
  
• Add CI job to detect unplanned node rolling updates after management cluster update !4705 ~"area:capi" ~"cluster-lifecycle" (issues: #2218)
  
• script added to check versions downgrade between branches !5363 (issues: #2720)
  
• corrected path in check_downgrade_versions_script.sh !5499
  
• add a README to describe what information is present in debug-on-exit/sylva-dumps archives !5503 ~"docs"
  
• Summary jobs don't need cache !5518
  
• Improve tools/get_image_refs.py to retrieve OCI artifacts !5434
  
• Bump runner-aas CI template tag !5511
  
• Renew expired certificates for CAPO misc pipeline !5500 ~"area:misc" ~"security::certificates" (issues: #2867)
  
• Improve cis-scan-report test in CI !5485
  
• fix: improve error handling and logging for node rolling update detection !5491 ~"area:CI" (issues: #2874)
  
• Fix: Update BusyBox image tag to 1.36.0 for nfs-ganesha test jobs !5536 ~"storage" ~"type::bug" (issues: #2734)
  
• Fix pre-commit for generate documentation !5546
  
• Bump CI deployment-values to prepare release-1.5 !5566
  
• [backport-1.5] more container image overrides for bitnami images, use bitnamilegacy instead (+ CI check) !5688 (issues: #2920)
  
• [backport-1.5] CI: on 'sylvactl watch' failure, dump 'sylvactl watch' final status in a non-collapsed log section !5694
  

Internal tooling

• Manage release-1.4 base branch with renovate !4562
  
• Update renovate configuration to match the new settings in default preset !4653 ~"CI"
  
• Add a missing path to manage kube job update !4903
  
• renovate configuration: Make sure depName and registryUrl are properly configured !4909 (issues: #2401)
  
• update Renovate configuration to allow Rancher 106.x charts !4957
  
• Group rancher-backup updates and align it with Rancher version !5005 (issues: #2692)
  
• Only allow patch updates for release branches !5191 (issues: #2722)
  
• Remove quotes around kunai definition !5209
  
• Handle busybox exception in renovate configuration !5212
  
• Add renovate configuration to track kube-job/backup version !5307 ~"CI" (issues: #2403)
  
• Track KIWI images with renovate !5373 (issues: #2802)
  
• Fix missing module for generate_units_documentation.py when started by renovate bot !5505 (issues: #2882)
  
• renovate: regroup misc-controllers-suite updates !5512
  
• Fix renovate configuration for OCI based helm_repo_url !5559 ~"CI" (issues: #9)
  

Contributors

39 people contributed.

Adhil0, Adrian Vladu, Akshay Yadav, Alain Thioliere, Alex Ghita, Alin H, Amit Kumar, Andrew Kiselev, Arnaud Bouts, Benjamin Le Diguerher, Bogdan Antohe, Bogdan Nicolae, Cristian Manda, Daniel Anton, Dragos Gerea, Francois Eleouet, Ionut Spanu, Ishita Mittal, Jianzhu Zhang, Jonas Arndt, Jonathan Gayvallet, Loic Nicolle, Manik Bindlish, Marc Bailly, Michał Opala, Mihai Zaharia, Mohan Sharma, Médéric De Verdilhac, Nikhil Sethi, Nitin Sharma, Pierrick Seite, Priya Goyal, Ravindra Tanwar, Remi Le Trocquer, Sakshi Choudhary, Sébastien Mathy, Thomas Morin, Tiberiu Mihai, Vladimir Braquet