gitlab sylva-projects/sylva-core 1.7.0-test-20260511-sylva-units-operator
on GitLab

4 hours ago

Merge Requests integrated in this release

231 merge requests were integrated in this repo between 1.7.0-test-20260312-sylva-units-operator and 1.7.0-test-20260511-sylva-units-operator.
These notes don't account for the MRs merged in secondary repos.

Kubernetes

  • update patch versions for main (1.34.5+rke2r1 , 1.33.9+rke2r1, 1.32.13+rke2r1) !7087
  • Add tolerations for the taints which are going to be placed on control plane nodes !6547
  • support k8s upgrades delta>1 by computing intermediate k8s version !7493 ~"area:capi"
  • Annotate sylva-units-status Ks with "additional-reconciliation-requested" if k8s upgrade requires more than one step !7614 ~"area:units-framework"

Sylva-units framework

  • Update sylva-units-operator to v1.3.0 ~"renovate" !7191 !7413 !7550 !7610
  • Revert "use management cluster proxy for mgmt-run kube-jobs" !7215 ~"area:workload-cluster"
  • Remove duplicate entry of reconcile in bootstrap.sh !7247 ~"type::cleanup"
  • reword apply*.sh/bootstrap.sh message to reflect use of SylvaUnitsRelease !7370
  • use Flux HelmRelease RetryOnFailure strategy, remove Sylva force-reconcile-helmreleases Kyverno policy !6897
  • change SYLVA_CORE_BRANCH definition to prevent use of wrong/other users branches !7408 (issues: #3843)
  • sylva-units optimization (use "pass result by reference" for call to "all-unit-dependencies") !7425
  • Enforce the existence of wait or healthChecks in Kustomization spec !7254
  • OKD/Openshift: Add helm config to make longhorn compatible !7053 ~"area:security" ~"longhorn" ~"okd"
  • sylva-units: optimization, reduce CPU/memory cost around the automatic cluster-machines-ready depends_on !7492
  • Run publish-sylva-units-artifact job in ensure mode for MR pipelines !7355 ~"area:CI" (issues: #3851)
  • improve how cluster-machines-ready depends_on is injected !7511
  • sylva-units: add result caching to "unit-def" named template !7513 (issues: #3906)
  • fall back to --contains when --points-at fails to detect branch !7583 ~"type::bug" (issues: #3945)
  • fix regression in override logic on base-deps.depends_on that partly broke root-dependency injection for bootstrap !7625 (issues: #3969)
  • Annotate sylva-units-status Ks with "additional-reconciliation-requested" if k8s upgrade requires more than one step !7614 ~"area:kubernetes-core"
  • fix: don't set additional-reconciliation-requested on sylva-units-tests-status !7675
  • use Flux 2.8 !7071
  • Fix server-side apply conflict on .data.secrets by adding --force-conflicts !7703 (issues: #3974)
  • increase sylva-units-operator memory limits/requests !7710 (issues: #4011)
  • FluxCD kustomize-controller: enable MigrateAPIVersion feature gate !7680 (issues: #3996, #3807)
  • add enable_test_units flag !7348 ~"area:CI"

Cluster API

  • Update Sylva Helm chart sylva-capi-cluster to v0.14.4 ~"renovate" !7259 !7471
  • Update metal3 to v1.12.4 ~"renovate" ~"capm3" !7475 !7729
  • Update dependency kubernetes-sigs/cluster-api-provider-openstack to v0.14.2 !7472 ~"capo" ~"renovate"
  • Update dependency rancher/cluster-api-provider-rke2 to v0.24.3 ~"rke2" ~"renovate" !7474 !7671
  • integrate cluster-maxunavailable refactoring !6523
  • Add configuration for rhcos image artifacts !6819 ~"okd" (issues: #2821)
  • additionalTrustedCAs computed based on metal3-sylva-ca-init being enabled !7400 ~"capm3" (issues: #3841)
  • Update CAPI to 1.12 and CAPI providers to 1.11+ compatible versions !5900 (issues: #3051)
  • Add CNI dependency for CSI in CAPD case !7620 ~"capd" (issues: #3961)
  • support k8s upgrades delta>1 by computing intermediate k8s version !7493 ~"area:kubernetes-core"
  • No default providers !7458
  • Update cluster-api & capd-manager !7503 ~"renovate"

Workload cluster

  • Update workload-cluster-operator to v0.13.2 !7412 ~"renovate"
  • Update Sylva Helm chart workload-team-defs to v0.7.4 !7277 ~"renovate"
  • Revert "use management cluster proxy for mgmt-run kube-jobs" !7215 ~"area:units-framework"
  • restructure workload_clusters, directly map workload_team_defs to chart values !7088 (issues: #3681)
  • Use tag for workload-team-defs unit !7249
  • Map schema from workload-team-defs chart !6826 (issues: #2994)
  • pass string value for kunai resources !7597 ~"area:misc" ~"kunai" ~"type::bug" (issues: #3943)

Backup and Restore

  • Fix kube-job image for backup units !7552 (issues: #3929)

Networking

  • Update dependency nmstate/kubernetes-nmstate to v0.86.0 !7354 ~"renovate"
  • Update sriov to v1.6.4+up1.6.0 !7419 ~"renovate"
  • clean-up kyverno policy introduced to restart sriov operator webhook on certificate renewal !7457 ~"type::cleanup"
  • Add system-node-critical priority class to Whereabouts IPAM pods !7395 (issues: #3864)
  • Fix nested interpretation of calico_readiness_unit in management clusters !7426
  • Set tolerations for calico-kube-controllers and calico-typha !7501 ~"capv"
  • Revert temporary Calico workaround once rke2-calico chart bug is fixed !7547 ~"external-dependencies" (issues: #3181)
  • Multus: prevent secondary interface loss on node boot/reboot and pod restart !7646 ~"type::bug" (issues: #3962)
  • kube-ovn unit !7567 ~"kubevirt" ~"type::feature" (issues: #3937)

OpenStack ~capo

  • Update dependency kubernetes-sigs/cluster-api-provider-openstack to v0.14.2 !7472 ~"area:capi" ~"renovate"
  • Update heat-operator to v0.4.2 !7633 ~"renovate"
  • Update dependency k-orc/openstack-resource-controller to v2.5.0 !7666 ~"renovate"
  • Update Sylva Helm chart sync-openstack-images to v0.8.1 !7670 ~"renovate"
  • Volumetype environment example for capo deployments !7024 ~"area:documentation" ~"docs::values" (issues: #270)
  • Allow injecting an openstack config file instead of using env variables !7381 ~"area:CI"
  • Use specific infra CAPO CI values !7466 ~"area:CI"
  • cleanup now-unused kube-rbac-proxy in heat-operator !7643 ~"type::cleanup"
  • capo-contrail-bgpaas fixes !7529

CAPD ~capd

  • bootstrap: don't inherit the auto-cluster-machines-ready-dep from defaults !7617
  • Add CNI dependency for CSI in CAPD case !7620 ~"area:capi" (issues: #3961)

Baremetal ~capm3

  • Update metal3 to v1.12.4 ~"renovate" ~"area:capi" !7475 !7729
  • Update sylva-elements/container-images/libvirt-metal to v0.4.2 !7616 ~"area:CI" ~"renovate"
  • Fix runner-aas flavor !7231 ~"area:CI"
  • additionalTrustedCAs computed based on metal3-sylva-ca-init being enabled !7400 ~"area:capi" (issues: #3841)

VSphere ~capv

  • Set tolerations for calico-kube-controllers and calico-typha !7501 ~"area:networking"

Monitoring

  • Update Sylva Helm chart sylva-thanos-rules to v0.4.1 !7213 ~"area:observability" ~"renovate"
  • Update Sylva Helm chart sylva-prometheus-rules to v0.3.7 ~"renovate" ~"area:observability" !7308 !7353 !7574
  • Update Helm chart prometheus-snmp-exporter to v9.13.1 !7300 ~"area:observability" ~"renovate"
  • Update thanos to v0.41.0 !6948 ~"area:observability" ~"renovate"
  • Update github.com/bitnami/charts to thanos/15.8.5 !7436 ~"area:observability" ~"renovate"
  • Update Sylva Helm chart sylva-snmp-resources to v0.3.3 !7141 ~"area:observability" ~"renovate"
  • Update rancher-monitoring to v108.0.4+up77.9.1-rancher.14 !6872 ~"area:observability" ~"rancher" ~"renovate"
  • minor: simplify name of xxx-monitoring-info ConfigMap !7255 ~"area:observability" ~"rancher"

Logging

  • Update github.com/kube-logging/logging-operator to v6.5.0 !7594 ~"area:observability" ~"renovate"
  • Missing information in the logs rke2 logs and kubelet logs !3035 ~"area:observability" (issues: #1591)

Storage

  • Update Helm chart trident-operator to v100.2602.0 !7069 ~"renovate"
  • add kustomization_substitute_secrets for trident backend secrets !6518 ~"area:security" (issues: #3254)
  • OKD/Openshift: Add helm config to make longhorn compatible !7053 ~"area:security" ~"area:units-framework" ~"okd"
  • Fix encrypted Longhorn PVC size to meet LUKS2 minimum requirement !6936 (issues: #3952)
  • Add support volume expansion for Longhorn encrypted persistent volumes !6625 (issues: #3179)
  • Ease default minio pools configuration !7478 (issues: #3893)

Security

  • Update Helm chart trivy-operator to v0.32.1 !7235 ~"area:misc" ~"renovate" ~"trivy"
  • Update Helm chart sbom-operator to v0.42.2 !7260 ~"renovate" ~"sbom-operator"
  • Update Helm chart vault-config-operator to v0.8.48 ~"renovate" !7411 !7482 !7497
  • Update dependency keycloak/keycloak-k8s-resources to v26.6.0 ~"renovate" !6513 !7499
  • Update ghcr.io/kyverno/chainsaw container to v0.2.14 !7586 ~"renovate"
  • Update Helm chart kyverno to v3.6.4 !7657 ~"renovate"
  • Update Sylva Helm chart keycloak-user-management to v0.3.1 !7659 ~"renovate"
  • Vault/OpenBao RBAC: change from banzaicloud to local file !7193
  • mitigate effects of keycloak crossplane provider looping on Diff reconciliations !7296
  • add kustomization_substitute_secrets for trident backend secrets !6518 ~"area:storage" (issues: #3254)
  • no need for crossplane-provider-keycloak to depend on keycloak !7310
  • Prevent password leaking in Vault resource !7288 (issues: #3811)
  • Fix vault sso secret !7334
  • upgrade keycloak crossplane provider to v2.17.0 !7282
  • CI: Use users created by keycloak-mgmt chart in SSO tests !6675 ~"area:CI" (issues: #3267)
  • Use short DNS name for Vault service to improve DNS resolution efficiency !6985
  • Change the way that the Vault pods are restarted on certificate change !7421 ~"type::cleanup"
  • Add ClusterPolicy to audit the existence of OpenID client scope and introspection.token.claim !6756 (issues: #3457)
  • OKD/Openshift: Add helm config to make longhorn compatible !7053 ~"area:units-framework" ~"longhorn" ~"okd"
  • Improve get_image_refs.py to better manage nodes_images !7536 ~"area:CI" (issues: #3922)
  • fix bug in keycloak-add-truststore.sh !7537 ~"bug-workaround::identified"
  • Prevent Secret data leakage in CI logs by using server-side apply !7171 ~"type::bug" (issues: #3460)
  • Move flux-webui Keycloak OIDC client to crossplane !5901 (issues: #3212)
  • Make merge_image_refs produce deployment independent image dependencies and keep the container information !7578 ~"area:CI"

RKE2

  • Update rancher-compliance to v108.4.0+up1.3.4 !7340 ~"rancher" ~"renovate"
  • Update dependency rancher/cluster-api-provider-rke2 to v0.24.3 ~"renovate" ~"area:capi" !7474 !7671

OKD/OpenShift

  • Proxy ConfigMap for MCE !7232
  • Add configuration for rhcos image artifacts !6819 ~"area:capi" (issues: #2821)
  • Toggle VIP Validation in MCE (with 2.11 base images) !7480
  • OKD/Openshift: Add helm config to make longhorn compatible !7053 ~"area:security" ~"area:units-framework" ~"longhorn"
  • Add proxy env vars to MCE operator for CAPOA behind HTTP proxy !7553

Bug Fixes

  • improve how we avoid bad behavior of fleet-agent Pods during Node drain !7406 ~"rancher" (issues: #3871)

Other

  • Update Helm chart cloudnative-pg to v0.28.0 !7427 ~"area:misc" ~"harbor"
  • Monitoring unit deployment without rancher dependency in workload cluster !7240
  • mitigate effect of keycloak crossplane provider looping on Diff reconciliations !7293
  • Revert mistakently self-merged MR 7293 !7295
  • Avoid continuous reconciliation of OIDC keycloak crossplane vault-groups-mapper ressource !7294
  • fix typo in bootstrap.sh comment !7357
  • make crossplane-provider-keycloak unit depend on keycloak-init !7327
  • crossplane-init needs to depend on eso-secret-stores, not keycloak !7326
  • Small fixes and cleanup in values.yaml for UIs and minio-operator !7243 ~"area:misc"
  • improve depends_on for rancher-fleet-agent-fix unit !7488 ~"area:misc" ~"rancher"
  • fix circular dependency related to rancher-fleet-agent-fix & rancher !7505 ~"area:misc" ~"rancher" (issues: #3905)
  • Make flux depend unconditionally on single-replica-storageclass when longhorn is used !7543
  • kyverno: ensure at least 2 admission controller replicas !7524 ~"kyverno"
  • typo: correct volumesPerserver to volumesPerServer in minio pool configs !7587
  • Add missing introspection.token.claim: true on ProtocolMapper for Flux-webui !7635 ~"security::user-and-role-management"
  • Revert "Prevent Secret data leakage in CI logs by using server-side apply" !7647
  • Remove minio-operator console !7484 ~"area:misc"
  • remove stray quote and add missing CLUSTER_DOMAIN substitution for minio-operator certificate !7662 ~"area:misc" (issues: #3997)
  • relax rancher Helm chart kubeVersion constraint (Flux ArtifactGenerator) !7723 ~"area:misc" ~"rancher"

Other dependency upgrades

  • Update pre-commit hook astral-sh/ruff-pre-commit to v0.15.12 !7234 !7299 !7366 !7464 !7517 !7669 !7763
  • Update Helm chart cert-manager to v1.20.2 !7182 !7375 !7606
  • Update Helm chart velero to v12 !7246 ~"area:misc" ~"velero"
  • Update Sylva Helm chart workload-team-defs to v0.7.5 !7272 !7649
  • Update ghcr.io/openbao/openbao container to v2.5.3 !6830 !7361
  • Update kube-job to v1.6.1 !7208 !7379 !7577
  • Update sylva-elements/ci-tooling/ci-deployment-values to v0.5.80 !7319 !7420 !7628 !7688 !7740
  • Update dependency sylva-projects/sylva-elements/ci-tooling/ci-templates to v1.0.51 !7336
  • Update Helm chart core to v2.8.12 !7286 ~"area:misc" ~"neuvector"
  • Update Helm chart k8s-gateway to v3.6.0 !6505
  • Update Helm chart external-secrets to v2.4.0 !7324 !7602 !7764
  • Update Helm chart harbor to v1.18.3 !7287
  • Update dependency python_gitlab to v8.2.0 !7376 ~"automerge"
  • Update dependency to-be-continuous/gitleaks to v2.10.0 !7377 !7394
  • Update Runner-aas updates to v2.1.6 !7392 !7396 !7401 !7538 !7624
  • Update github.com/czerwonk/junos_exporter to v0.15.3 !7369
  • Update pre-commit hook crate-ci/typos to v1.45.1 !7428 !7618
  • Update Helm chart kunai to v3.4.0 !7432 ~"kunai"
  • Update ghcr.io/kube-vip/kube-vip container to v1.1.2 !7155
  • Update sylva-elements/container-images/ci-image container to v1.6.6 !7229
  • Update Helm chart goldpinger to v1.1.0 !7479
  • Update github.com/bitnami/charts to postgresql-ha/14.2.34 !7434
  • Update curlimages/curl container to v8.19.0 !7500
  • Update container-images/sylva-toolbox container to v1.5.4 !7569 !7631
  • Update Sylva Helm chart rancher-roles-management to v1.1.3 ~"rancher" !7595 !7674
  • Update pre-commit hook packaging to v26.2 !7634 !7765
  • Update sylva-toolbox & ci-image to v1.6.8 !7641 !7665

Documentation

  • Volumetype environment example for capo deployments !7024 ~"capo" (issues: #270)
  • Document available CI platforms !7268 ~"area:CI"
  • minor: Address spelling inaccuracies !7600 ~"type::cleanup"
  • correct comment reference in minio-monitoring tenant config !7686 ~"type::cleanup"
  • Add description for info.hidden in unit metadata !7528 (issues: #3912)

Cleanups

  • Rewrite redundant ClusterPolicies as namespaced policies !5896
  • Remove duplicate entry of reconcile in bootstrap.sh !7247 ~"area:units-framework"
  • Remove useless unit - cluster-import-legacy-cleanup !7313
  • Change the way that the Vault pods are restarted on certificate change !7421 ~"area:security"
  • clean-up kyverno policy introduced to restart sriov operator webhook on certificate renewal !7457 ~"area:networking" ~"sriov"
  • minor: Cleanup unused bitnami-postgresql-ha, bitnami-redis-cluster GitRepository !7485
  • cleanup: remove redundant line in .gitlab/ci/deployments-base.yml !7509 ~"area:CI"
  • typo: Fix incorrect cluster reference in firewall-workload-cluster description !7601 ~"docs::fix"
  • minor: Address spelling inaccuracies !7600 ~"docs"
  • cleanup now-unused kube-rbac-proxy in heat-operator !7643 ~"capo"
  • correct comment reference in minio-monitoring tenant config !7686 ~"docs"

CI

  • Update sylva-elements/container-images/libvirt-metal to v0.4.2 !7616 ~"capm3" ~"renovate"
  • Enhance Renovate capabilities by adding more predefined pipelines for Renovate !7122
  • Fix runner-aas flavor !7231 ~"capm3"
  • handle missing ARG SYLVACTL_VERSION in identify_deps_projects_sylvactl !7206 (issues: #3775)
  • Add persistent runner platform (Leaseweb, Oro vbmh) !7233
  • generate_units_documentation.py: improvements for use in downstream projects !7250
  • fix sylva-units shema generation (related to workload-teams-def) !7312
  • Update scheduled pipelines !7387
  • Runner aas on GCP !7382
  • Allow injecting an openstack config file instead of using env variables !7381 ~"capo"
  • CI: revisit edit_host_file code !7205 (issues: #3688)
  • CI: Use users created by keycloak-mgmt chart in SSO tests !6675 ~"area:security" (issues: #3267)
  • Add a shorter default timeout for CI test !7407
  • Change CI values patching order !7276
  • Document available CI platforms !7268 ~"area:documentation"
  • Uncheck capm3 pipelines by default in description !7476
  • Fix report for skipped job !7470
  • cleanup: remove redundant line in .gitlab/ci/deployments-base.yml !7509 ~"type::cleanup"
  • Use specific infra CAPO CI values !7466 ~"capo"
  • Set per unit-timeout and increase global timeout in order to avoid transient failures during check status of sylva test units !5502 (issues: #2881)
  • Run publish-sylva-units-artifact job in ensure mode for MR pipelines !7355 ~"area:units-framework" (issues: #3851)
  • Fix missing kubeconfig in node check jobs !7521 ~"type::bug"
  • Improve get_image_refs.py to better manage nodes_images !7536 ~"area:security" (issues: #3922)
  • [CI] Add ⚡ to control start of deployment pipeline !7424
  • "CI - Implement Chainsaw testing" !4553 ~"Test" (issues: #2305)
  • feat: variabilise sylva-core repo URL and sylva-units OCI registry !7630
  • Fix chainsaw-tests timeout in CI !7599 ~"type::bug"
  • Make merge_image_refs produce deployment independent image dependencies and keep the container information !7578 ~"area:security"
  • handle sylva-toolbox DEV versions "snapshot" !7691 (issues: #4002)
  • CI: Make enabled/disabled units take precedence over any other configuration !7685
  • tools/shell-lib/common.sh: fix use of SNAPSHOT !7698
  • fix: support kubernetes executor in .setup_docker !7696
  • Use wget to retrieve files served by miniserve instead of the generated archive !7701
  • Add ttlSecondsAfterFinished for chainsaw job !7736 ~"type::bug"
  • add 0.0.0-xxx specific tag case !7748 ~"type::bug" (issues: #4017)
  • add enable_test_units flag !7348 ~"area:units-framework"

Internal tooling

  • Test pipeline schedule report in MRs !7168 ~"area:CI"
  • minor: Rename predefined Renovate pipeline trivy-operator to match the actual label !7236 ~"area:CI"
  • Regroup runner-aas updates !7311 ~"area:CI"
  • renovate: add support for tracking KEYCLOAK_PROVIDER_IMAGE in values.yaml !7358 ~"area:CI" (issues: #3808)
  • Make renovate detect kube-job-updates in debug-on-exit.sh !7368 ~"area:CI"
  • Update renovate configuration to properly track Bitnami charts versioning !7430 ~"area:CI"
  • Track kube-job image version in a single place !7417

Contributors

37 people contributed.

Adhitya Logan, Advit Pandey, Akshay Yadav, Alain Thioliere, Alex Ghita, Alexandre Seitz, Alice.Borie, Andra-Simona Delicostea, Andrew Kiselev, Bogdan Antohe, Bogdan Nicolae, Cristian Manda, Cristina Isaroiu, Daniel Anton, Daniel Kostecki, Dragos Gerea, Francois Eleouet, Ionut Spanu, Ishita Mittal, Jonathan Gayvallet, Loic Nicolle, Manik Bindlish, Mihai Zaharia, Médéric De Verdilhac, Nitin Sharma, Patrick Enoux, Pierrick Seite, Priya Goyal, Ravindra Tanwar, Sakshi Choudhary, Samuel Bartel, Shreya Gupta, Teodora Pirvan, Thomas Morin, Tiberiu Mihai, Vladimir Braquet, Xavier Francois

Check out latest releases or
releases around sylva-projects/sylva-core 1.7.0-test-20260511-sylva-units-operator

Don't miss a new sylva-core release

NewReleases is sending notifications on new releases.

Get notifications