gitlab sylva-projects/sylva-core 1.6.5
on GitLab

latest release: 1.6.6
9 hours ago

Merge Requests integrated in this release

165 merge requests were integrated in this repo between 1.6.0 and 1.6.5.
These notes don't account for the MRs merged in secondary repos.

Networking

  • Enable calico apiserver !6477 ~"capo" ~"type::bug" (issues: #3270)
  • Redefine calico-apiserver implementation !6548 ~"type::cleanup"
  • turn calico apiserver off by default !6561
  • Fix calico-apiserver !6560 (issues: #3379)
  • include TigeraStatus objects state in the calico-ready unit checks !6565 (issues: #3302)
  • Fix workload cluster kyverno policies for sriov-network-operator deployed in the wrong cluster !6690 ~"type::bug" (issues: #3429)
  • Circular dependency error when deploying CAPO workload cluster with additional networks !6845 ~"area:workload-cluster" ~"capo" ~"type::bug" (issues: #3408)

OpenStack ~capo

  • Update heat-operator to v0.4.0 !6456 ~"renovate"
  • Update dependency k-orc/openstack-resource-controller to v2.4.0 !6434 ~"renovate"
  • Update dependency kubernetes-sigs/cluster-api-provider-openstack to v0.12.7 !6651 ~"area:capi" ~"renovate"
  • Update Helm chart openstack-cinder-csi to v2.35.0 !6702 ~"renovate"
  • Update Sylva-elements (main) (minor) -- follow-up to release- branches creation in sylva-elements repo after sylva 1.6 release !6451 ~"area:capi" ~"area:observability" ~"area:security" ~"capm3" ~"logging" ~"monitoring" ~"renovate" ~"security"
  • fix os-images-info regression, make it run quickly again in more scenarios !6472 ~"capm3" (issues: #3331)
  • Enable calico apiserver !6477 ~"area:networking" ~"type::bug" (issues: #3270)
  • Circular dependency error when deploying CAPO workload cluster with additional networks !6845 ~"area:networking" ~"area:workload-cluster" ~"type::bug" (issues: #3408)

Baremetal ~capm3

  • Update dependency metal3-io/ip-address-manager to v1.10.5 !6432 ~"renovate"
  • Update dependency metal3-io/cluster-api-provider-metal3 to v1.10.5 !6474 ~"area:capi" ~"renovate"
  • Update Sylva Helm chart os-image-server to v2.7.1 !6827 ~"renovate"
  • Update Sylva-elements (main) (minor) -- follow-up to release- branches creation in sylva-elements repo after sylva 1.6 release !6451 ~"area:capi" ~"area:observability" ~"area:security" ~"capo" ~"logging" ~"monitoring" ~"renovate" ~"security"
  • fix os-images-info regression, make it run quickly again in more scenarios !6472 ~"capo" (issues: #3331)
  • Stop managing bmh.spec.online field from cluster-bmh HelmRelease !6583 ~"area:capi" (issues: #3385)
  • let sylva-capi-cluster handle BMH.spec.online, use 'lookup' to preserve state set by BMH/CAPM3 controllers !6618 ~"area:capi"
  • CI: add testing for cluster-maxunavailable functionality !6643 ~"area:CI" ~"area:capi"

Monitoring

  • Update Sylva Helm chart sylva-dashboards to v0.3.3 ~"area:observability" ~"renovate" !6502 !6577 !6775
  • Update Helm chart prometheus-snmp-exporter to v9.11.1 ~"area:observability" ~"renovate" !6286 !6550 !6754
  • Update Helm chart jiralert to v1.8.2 !6794 ~"area:observability" ~"renovate"
  • Update Sylva-elements (main) (minor) -- follow-up to release- branches creation in sylva-elements repo after sylva 1.6 release !6451 ~"area:capi" ~"area:observability" ~"area:security" ~"capm3" ~"capo" ~"logging" ~"renovate" ~"security"
  • Revert "Disable Grafana default datasource" !6511 ~"area:observability" (issues: #3355)
  • Reintroduce "move grafana additional sources from configmap to secret to avoid password leak" !6296 ~"area:observability" ~"area:security" ~"logging" (issues: #2875)
  • CI: revisit job checking monitoring alerts !6575 ~"CI::tooling" ~"area:CI" ~"area:observability"
  • Prometheus SNMP exporter: rename "sylva_cluster" to "cluster_name" !6638 ~"area:observability"
  • Add new SNMP devices monitoring validation !6710 ~"area:observability"

Logging

  • Update Sylva-elements (main) (minor) -- follow-up to release- branches creation in sylva-elements repo after sylva 1.6 release !6451 ~"area:capi" ~"area:observability" ~"area:security" ~"capm3" ~"capo" ~"monitoring" ~"renovate" ~"security"
  • Reintroduce "move grafana additional sources from configmap to secret to avoid password leak" !6296 ~"area:observability" ~"area:security" ~"monitoring" (issues: #2875)

Observability

  • Update Sylva Helm chart sylva-dashboards to v0.3.3 ~"monitoring" ~"renovate" !6502 !6577 !6775
  • Update Helm chart prometheus-snmp-exporter to v9.11.1 ~"monitoring" ~"renovate" !6286 !6550 !6754
  • Update Helm chart jiralert to v1.8.2 !6794 ~"monitoring" ~"renovate"
  • Update Sylva-elements (main) (minor) -- follow-up to release- branches creation in sylva-elements repo after sylva 1.6 release !6451 ~"area:capi" ~"area:security" ~"capm3" ~"capo" ~"logging" ~"monitoring" ~"renovate" ~"security"
  • Revert "Disable Grafana default datasource" !6511 ~"monitoring" (issues: #3355)
  • Reintroduce "move grafana additional sources from configmap to secret to avoid password leak" !6296 ~"area:security" ~"logging" ~"monitoring" (issues: #2875)
  • CI: revisit job checking monitoring alerts !6575 ~"CI::tooling" ~"area:CI" ~"monitoring"
  • Prometheus SNMP exporter: rename "sylva_cluster" to "cluster_name" !6638 ~"monitoring"
  • Add new SNMP devices monitoring validation !6710 ~"monitoring"

Storage

  • Update longhorn to v107.2.0+up1.10.1 !6423 ~"renovate"
  • Enable ceph-csi automatically when ceph.rbd_csi is defined !6623 ~"ceph-csi"
  • Make ceph-csi-rbd wait for the nodes to be ready !6776 (issues: #3495)
  • Enable RWX Volume Fast Failover for longhorn !6771 (issues: #3481)
  • Add targetNamespace trident to trident backend units in workload-cluster !6824 (issues: #3522)

Security

  • Update Helm chart vault-config-operator to v0.8.38 ~"renovate" !6521 !6647
  • Update github.com/kyverno/policy-reporter to v3.7.0 !6506 ~"renovate"
  • Update Sylva Helm chart keycloak-user-management to v0.3.0 !6758 ~"renovate"
  • Update rancher-compliance to v107.5.0+up1.2.4 !6737 ~"renovate"
  • Update Sylva-elements (main) (minor) -- follow-up to release- branches creation in sylva-elements repo after sylva 1.6 release !6451 ~"area:capi" ~"area:observability" ~"capm3" ~"capo" ~"logging" ~"monitoring" ~"renovate"
  • Move gitea Keycloak OIDC client to crossplane !6454 ~"area:misc" (issues: #3217)
  • Reintroduce "move grafana additional sources from configmap to secret to avoid password leak" !6296 ~"area:observability" ~"logging" ~"monitoring" (issues: #2875)
  • Align Kyverno Kustomization timeout with the one of the HelmRelease !6641 ~"kyverno" (issues: #3409)
  • Re-enable and enhance the Vault restart policy !6272 (issues: #3171)
  • Neuvector keycloak client to crossplane !6501 ~"neuvector" (issues: #3216)
  • Add dependency on vault-init for openbao-set-service-label unit, in order to avoid timeouts !6713 ~"type::enhancement"
  • Avoid continuous reconciliation of OIDC keycloack crossplane resources !6717 (issues: #3451)
  • prevent Flux Helm drift correction on Rancher ClusterRoleTemplateBinding labels !6723 ~"type::bug" (issues: #3453)
  • Move the configuration of membership of sylva-admin to keycloak-user-management unit !6735 ~"area:CI" ~"type::bug"
  • driftDetection ignore for keycloak-user-management !6822 (issues: #3520)
  • cnpg-keycloak: idle session timeout introduced to prevent max connection limit !6799 ~"CNPG" ~"area:misc" (issues: #3515)

Bug Fixes

  • Prevent multus-cleanup pods to be scheduled and evicted in loop when node is under disk pressure !6274 (issues: #3244)
  • sylva-units/CLI: use branch+commit with GitRepository (bis) !6402 ~"area:units-framework"
  • Fix Flux dependencies on upgrade !6541 ~"area:units-framework" (issues: #3368)
  • CI: fix regression in prepare-test-env for -no-wkld scenarios !6704 ~"area:CI"

Other

  • tools/deps-project-tool.py: fix how we determine if 'v*' is set or not !6455
  • Fix scheduled pipelines configuration !6469 ~"area:CI"
  • Add rule for verifying OCI artifacts in dedicated nightly runs !6470 ~"area:CI"
  • avoid empty kube-job/kube-cronjob scripts !6509 ~"area:units-framework"
  • feat: support machinepools ready check in pivot !6512 ~"area:capi"
  • Remove upgrade from 1.4/1.5 to 1.6 from "main" branch CI configuration !6519 ~"area:CI"
  • Add Nightly - CAPM3 physical BMH scheduled pipeline !6530 ~"CI::configuration" ~"area:CI"
  • Add ck8s as an option to Renovate comment !6540 ~"CI::configuration" ~"area:CI"
  • fix "interpret" error message on non-existing key !6549 ~"area:units-framework"
  • Support / in scenario name !6546 ~"area:CI"
  • update k8s patch versions for main, 1.31.14, 1.32.11, 1.33.7 (+ some OS image changes) !6200 ~"area:kubernetes-core" (issues: #3207)
  • Skip deployment jobs for ci-no-deploy (Renovate pre-commit & gitleaks) MRs !6564 ~"area:CI" ~"ci-no-deploy" (issues: #3370)
  • Make wkld-kube-score job not run on rolling-update-no-wkld CI scenario !6571 ~"CI::configuration" ~"area:CI" (issues: #3384)
  • CI: default MR config template, uncheck upgrade pipelines !6580 ~"area:CI"
  • use CI values that omit bmh_spec.online !6607 (issues: #3399)
  • Run nameSuffixHash validation early in bootstrap/apply scripts !6599
  • Autodetect allowed infra !6582 ~"area:CI"
  • in healthCheckExprs use "exists" instead of "all" !6660 ~"area:units-framework"
  • Move harbor Keycloak OIDC client to crossplane !6476 ~"harbor" (issues: #3214)
  • Properly handle workload cluster namespace in CI !6411 ~"area:CI"
  • Fix ensure_source to work even if there is no git repository !6701 ~"area:units-framework" (issues: #3431)
  • Goldpinger must depend on ingress if ingress part is enabled !6732
  • Add vault-secrets dependecy to minio units !6729 (issues: #3458)
  • Fix CI upgrade scenario from older (1.5 and older) release to main !6694 ~"area:CI" (issues: #3428)
  • Remove exception for OKD options in CI !6630 ~"area:CI"
  • Add json schema from workload-team-def chart !6306 ~"area:workload-cluster" ~"lifecycle-operators" (issues: #2994)
  • CI: debug-on-exit - dump more information on node OS: uptime, load-average, CPU/mem processes top 10 !6749 ~"area:CI"
  • CI: debug-on-exit: add prometheus queries to debug-on-exit !6734 ~"area:CI"
  • Interpret _internal_calico_values before calculate final mtu !6767
  • refactor "rancher-settings" unit !5837
  • Use unbreakable space between bullets in the summary report !6772 ~"area:CI"
  • Increase SYLVA_UNITS_RECONCILE_TIMEOUT to 300s !6782 (issues: #3496)
  • CI: debug-on-exit: fix failures on first prometheus queries !6768 ~"area:CI"
  • rancher-roles-management: more drift correction ignore rules !6787 ~"security::user-and-role-management" (issues: #3500)
  • CI: delete SylvaUnitsRelease in delete-workload-cluster Job, not only HelmRelease !6829 ~"area:CI" ~"area:units-framework" ~"area:workload-cluster" (issues: #3536)
  • Alternative to bitnamilegacy/configmap-reload !6814 ~"area:misc" (issues: #3507)
  • cluster-machines-ready: more info on missing post-commands-executed annotation !6823 ~"area:CI" ~"area:capi"
  • CI: debug-on-exit: improve prometheus queries !6810 ~"area:CI"
  • rancher-roles-management: fix drift correction ignore rules on workload-cluster !6834 (issues: #3541)
  • CI: let dump_machine_logs untar node_logs !6835 ~"area:CI"
  • update_sylva_units_field_ownership: wait for avoid-delete-mgmt-resources-flux kyverno webhook to be cleared !6842 (issues: #3548)

Other dependency upgrades

  • Update kube-job to v1.5.0 !5642
  • Update workload-cluster-operator to v0.13.0 !6460 ~"area:workload-cluster"
  • Update sylva-units-operator to v1.2.0 !6459 ~"area:units-framework"
  • Update misc-controllers-suite to v1.3.0 !6457
  • Update pre-commit hook astral-sh/ruff-pre-commit to v0.15.0 ~"ci-no-deploy" !6467 !6537 !6598 !6678 !6818
  • Update Sylva Helm chart rancher-roles-management to v1.1.1 !6468
  • Update Helm chart external-secrets to v1.3.2 !6475 !6504 !6703 !6821
  • Update github.com/rancher/local-path-provisioner to v0.0.34 !6478 !6516
  • Update Helm chart oauth2-proxy to v10 !6452
  • Update pre-commit hook crate-ci/typos to v1.43.2 ~"ci-no-deploy" !6499 !6503 !6528 !6628 !6725 !6736 !6802 !6817 !6854
  • Update pre-commit hook pre-commit/pre-commit-hooks to v6 !6496
  • Update ghcr.io/kube-vip/kube-vip container to v1.0.3 !6449
  • Update dependency to-be-continuous/gitleaks to v2.9.1 !6524
  • Update cluster-api & capd-manager to v1.10.10 !6535 ~"area:capi"
  • Update quay.io/kubevirt/cirros-container-disk-demo container to v1.7.0 !6215
  • Update dependency canonical/cluster-api-k8s to v0.5.1 !6534 ~"area:capi"
  • Update sylva-elements/ci-tooling/ci-deployment-values to v0.5.59 !6543 !6584 !6622
  • Update pre-commit hook adrienverge/yamllint/ to v1.38.0 !6563 ~"ci-no-deploy"
  • Update Helm chart rancher-turtles to v0.24.4 !6581
  • Update Sylva Helm chart sylva-capi-cluster to v0.13.11 ~"area:capi" !6586 !6592 !6746
  • Update dependency fluxcd/flux2 to v2.7.5 !5717
  • Update Helm chart harbor to v1.18.2 !6324 !6715
  • Update sylva-elements/container-images/ci-image/ci-playwright-image container to v1.6.3 !6536
  • Update Helm chart k8s-ephemeral-storage-metrics to v1.19.2 !6442
  • Update pre-commit hook packaging to v26 !6662 ~"ci-no-deploy"
  • Update sylva-toolbox & ci-image to v1.6.4 !6677
  • Update curlimages/curl container to v8.18.0 !6529
  • Update Helm chart goldpinger to v1.0.2 !6755
  • Update dependency python_gitlab to v8 !6738
  • Update Helm chart cert-manager to v1.19.3 !6801
  • Update Helm chart crossplane to v2.0.7 !6820
  • Update dependency tenacity to v9.1.3 !6832
  • Update sylva-toolbox & ci-image !6458

Documentation

  • fix minor quote typo in charts/sylva-units/README.md !6605
  • Update units-description.md to include appVersion for Helm charts !5633 ~"area:CI" (issues: #2884)

Cleanups

  • Revisit environment-values/components/oci-artifacts !6444 (issues: #3246)
  • Redefine calico-apiserver implementation !6548 ~"area:networking"
  • bootstrap: ensure that management-sylva-units-operator unit depends on management-cluster-flux !6579 ~"area:units-framework"
  • minor: typo in Cluster_maxunavailable_more_than_one_machine_draining alert name !6780
  • Remove renovate-validator include as it's done via pre-commit !6843 ~"area:CI"

CI

  • Update CI after release-1.6 fork !6427 ~"area:CI"
  • Only retrieve necessary pipelines to create scheduled report !6051 ~"area:CI"
  • Generic pre-commit linters !5245 ~"area:CI"
  • Support multiple files for base deployment template !6566 ~"area:CI"
  • Missing oras module error in check_versions_downgrade !6696 ~"area:CI" ~"type::bug" (issues: #3427)
  • add check to avoid inconsistencies between helmrelease_spec.timeout and sylvactl/unitTimeout !6685 ~"area:CI" ~"area:units-framework"
  • Add support for deployment additional values with suffixes !6617 ~"area:CI"

Internal tooling

  • Revert "temporary renovate configuration to regroup all sylva-elements updates for main" !6464 ~"area:CI"
  • Install Oras before running postUpgradeTasks with renovate !6658 ~"area:CI" (issues: #3414)

Contributors

26 people contributed.

Akshay Yadav, Alex Ghita, Alin H, Andra-Simona Delicostea, Arnaud Bouts, Bogdan Antohe, Cristian Manda, Cristina Isaroiu, Daniel Anton, Dragos Gerea, Francois Eleouet, Ishita Mittal, Jonathan Gayvallet, Loic Nicolle, Manik Bindlish, Mohan Sharma, Médéric De Verdilhac, Patrick Enoux, Priya Goyal, Ravindra Tanwar, Remi Le Trocquer, Sakshi Choudhary, Samuel Bartel, Thomas Monguillon, Thomas Morin, Vladimir Braquet

Check out latest releases or
releases around sylva-projects/sylva-core 1.6.5

Don't miss a new sylva-core release

NewReleases is sending notifications on new releases.

Get notifications