├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ ├── failing-test.yaml │ ├── feature_request.md │ └── flaking-test.yaml ├── PULL_REQUEST_TEMPLATE.md ├── dependabot.yml └── workflows │ ├── build-fkas-images-action.yml │ ├── build-images-action.yml │ ├── dependabot.yml │ ├── golangci-lint.yml │ ├── pr-gh-workflow-approve.yaml │ ├── pr-link-check.yml │ ├── pr-verifier.yaml │ ├── release.yaml │ ├── scheduled-link-check.yml │ └── scheduled-osv-scan.yml ├── .gitignore ├── .golangci.yaml ├── .lycheeignore ├── .markdownlint-cli2.yaml ├── CONTRIBUTING.md ├── DCO ├── Dockerfile ├── LICENSE ├── Makefile ├── OWNERS ├── OWNERS_ALIASES ├── README.md ├── SECURITY_CONTACTS ├── Tiltfile ├── api ├── go.mod ├── go.sum └── v1beta1 │ ├── common_types.go │ ├── common_types_test.go │ ├── condition_consts.go │ ├── conversion.go │ ├── doc.go │ ├── groupversion_info.go │ ├── metal3cluster_types.go │ ├── metal3cluster_types_test.go │ ├── metal3clustertemplate_types.go │ ├── metal3data_types.go │ ├── metal3dataclaim_types.go │ ├── metal3datatemplate_types.go │ ├── metal3machine_types.go │ ├── metal3machine_types_test.go │ ├── metal3machinetemplate_types.go │ ├── metal3remediation_types.go │ ├── metal3remediationtemplate_types.go │ ├── v1beta1_suite_test.go │ └── zz_generated.deepcopy.go ├── baremetal ├── manager_factory.go ├── manager_factory_test.go ├── metal3cluster_manager.go ├── metal3cluster_manager_test.go ├── metal3data_manager.go ├── metal3data_manager_test.go ├── metal3datatemplate_manager.go ├── metal3datatemplate_manager_test.go ├── metal3machine_manager.go ├── metal3machine_manager_test.go ├── metal3machinetemplate_manager.go ├── metal3machinetemplate_manager_test.go ├── metal3remediation_manager.go ├── metal3remediation_manager_test.go ├── mocks │ ├── zz_generated.manager_factory.go │ ├── zz_generated.metal3cluster_manager.go │ ├── zz_generated.metal3data_manager.go │ ├── zz_generated.metal3datatemplate_manager.go │ ├── zz_generated.metal3machine_manager.go │ ├── zz_generated.metal3machinetemplate_manager.go │ └── zz_generated.metal3remediation_manager.go ├── reconcile_error.go ├── reconcile_error_test.go ├── remote │ ├── remote.go │ ├── remote_test.go │ └── suite_test.go ├── suite_test.go ├── utils.go └── utils_test.go ├── clusterctl-settings.json ├── config ├── certmanager │ ├── certificate.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── crd │ ├── bases │ │ ├── infrastructure.cluster.x-k8s.io_metal3clusters.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3clustertemplates.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3dataclaims.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3datas.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3datatemplates.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3machines.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3machinetemplates.yaml │ │ ├── infrastructure.cluster.x-k8s.io_metal3remediations.yaml │ │ └── infrastructure.cluster.x-k8s.io_metal3remediationtemplates.yaml │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── patches │ │ ├── cainjection_in_metal3clusters.yaml │ │ ├── cainjection_in_metal3dataclaims.yaml │ │ ├── cainjection_in_metal3datas.yaml │ │ ├── cainjection_in_metal3datatemplates.yaml │ │ ├── cainjection_in_metal3machines.yaml │ │ ├── cainjection_in_metal3machinetemplates.yaml │ │ ├── cainjection_in_metal3remediations.yaml │ │ ├── cainjection_in_metal3remediationtemplates.yaml │ │ ├── skipcrdnamecheck_in_metal3datas.yaml │ │ ├── webhook_in_metal3clusters.yaml │ │ ├── webhook_in_metal3dataclaims.yaml │ │ ├── webhook_in_metal3datas.yaml │ │ ├── webhook_in_metal3datatemplates.yaml │ │ ├── webhook_in_metal3machines.yaml │ │ ├── webhook_in_metal3machinetemplates.yaml │ │ ├── webhook_in_metal3remediations.yaml │ │ └── webhook_in_metal3remediationtemplates.yaml ├── default │ ├── capm3 │ │ ├── kustomization.yaml │ │ ├── kustomizeconfig.yaml │ │ ├── manager_image_patch.yaml │ │ ├── manager_pull_policy_patch.yaml │ │ ├── manager_webhook_patch.yaml │ │ ├── namespace.yaml │ │ └── webhookcainjection_patch.yaml │ └── kustomization.yaml ├── manager │ ├── kustomization.yaml │ └── manager.yaml ├── rbac │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── role.yaml │ ├── role_binding.yaml │ └── service_account.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ ├── manifests.yaml │ └── service.yaml ├── controllers ├── metal3cluster_controller.go ├── metal3cluster_controller_integration_test.go ├── metal3cluster_controller_test.go ├── metal3data_controller.go ├── metal3data_controller_test.go ├── metal3datatemplate_controller.go ├── metal3datatemplate_controller_test.go ├── metal3labelsync_controller.go ├── metal3labelsync_controller_test.go ├── metal3machine_controller.go ├── metal3machine_controller_integration_test.go ├── metal3machine_controller_test.go ├── metal3machinetemplate_controller.go ├── metal3machinetemplate_controller_test.go ├── metal3remediation_controller.go ├── metal3remediation_controller_test.go └── suite_test.go ├── docs ├── api.md ├── architecture.md ├── deployment_workflow.md ├── dev-setup.md ├── disk_cleaning.md ├── e2e-test.md ├── getting-started.md ├── images │ ├── components.png │ ├── controllerssequencediagram.png │ └── fields_mapping.png ├── ip_reuse.md ├── releasing.md ├── remediation-controller.md └── testing.md ├── examples ├── addons.yaml ├── cluster │ ├── cluster.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── clusterctl-templates │ ├── clusterctl-cluster.yaml │ └── example_variables.rc ├── controlplane │ ├── controlplane.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── generate.sh ├── machinedeployment │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── machinedeployment.yaml ├── metal3crds │ ├── kustomization.yaml │ └── metal3.io_baremetalhosts.yaml ├── metal3plane │ ├── hosts.yaml │ └── kustomization.yaml ├── provider-components │ ├── image_versions_patch.yaml │ ├── kustomization.yaml │ └── manager_tolerations_patch.yaml └── templates │ ├── cluster.yaml │ └── clusterclass.yaml ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt ├── boilerplate │ ├── BUILD │ ├── boilerplate.Dockerfile.txt │ ├── boilerplate.Makefile.txt │ ├── boilerplate.bzl.txt │ ├── boilerplate.generatebzl.txt │ ├── boilerplate.generatego.txt │ ├── boilerplate.go.txt │ ├── boilerplate.py │ ├── boilerplate.py.txt │ ├── boilerplate.sh.txt │ ├── boilerplate_test.py │ └── test │ │ ├── BUILD │ │ ├── fail.go │ │ ├── fail.py │ │ ├── pass.go │ │ └── pass.py ├── build.sh ├── codegen.sh ├── ensure-go.sh ├── ensure-golangci-lint.sh ├── ensure-kind.sh ├── ensure-kubectl.sh ├── fake-apiserver │ ├── Dockerfile │ ├── README.md │ ├── cmd │ │ ├── metal3-fkas-reconciler │ │ │ └── main.go │ │ └── metal3-fkas │ │ │ ├── main.go │ │ │ └── utils.go │ ├── go.mod │ ├── go.sum │ └── k8s │ │ ├── metal3-fkas-system.yaml │ │ └── metal3-fkas.yaml ├── gen_tilt_settings.sh ├── gomod.sh ├── kind_with_registry.sh ├── kustomize-sub.sh ├── manifestlint.sh ├── markdownlint.sh ├── shellcheck.sh ├── tools │ ├── go.mod │ ├── go.sum │ ├── install_kubebuilder.sh │ ├── release │ │ └── notes.go │ ├── remove_sec_ctx.py │ └── tools.go ├── unit.sh ├── verify-boilerplate.sh └── verify-release.sh ├── internal └── webhooks │ └── v1beta1 │ ├── doc.go │ ├── metal3cluster_webhook.go │ ├── metal3cluster_webhook_test.go │ ├── metal3clustertemplate_webhook.go │ ├── metal3clustertemplate_webhook_test.go │ ├── metal3data_webhook.go │ ├── metal3data_webhook_test.go │ ├── metal3dataclaim_webhook.go │ ├── metal3dataclaim_webhook_test.go │ ├── metal3datatemplate_webhook.go │ ├── metal3datatemplate_webhook_test.go │ ├── metal3machine_webhook.go │ ├── metal3machine_webhook_test.go │ ├── metal3machinetemplate_webhook.go │ ├── metal3machinetemplate_webhook_test.go │ ├── metal3remediation_webhook.go │ ├── metal3remediation_webhook_test.go │ ├── metal3remediationtemplate_webhook.go │ └── metal3remediationtemplate_webhook_test.go ├── main.go ├── metadata.yaml ├── releasenotes ├── v1.10.0-beta.0.md ├── v1.10.0.md ├── v1.10.1.md ├── v1.10.2.md ├── v1.10.3.md ├── v1.11.0-alpha.0.md ├── v1.11.0-rc.0.md ├── v1.11.0.md ├── v1.11.1.md ├── v1.8.4.md ├── v1.8.5.md ├── v1.8.6.md ├── v1.9.2.md ├── v1.9.3.md ├── v1.9.4.md └── v1.9.5.md ├── scripts ├── ci-e2e.sh ├── environment.sh └── fetch_manifests.sh ├── template └── sarif.tpl ├── test ├── README.md ├── e2e │ ├── basic_integration_test.go │ ├── cert_rotation.go │ ├── common.go │ ├── config │ │ └── e2e_conf.yaml │ ├── data │ │ ├── .gitignore │ │ ├── bmo-deployment │ │ │ ├── components │ │ │ │ ├── basic-auth │ │ │ │ │ ├── credentials_patch.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── tls │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── tls_ca_patch.yaml │ │ │ └── overlays │ │ │ │ ├── pr-test │ │ │ │ ├── ironic.env │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-0.10 │ │ │ │ ├── ironic.env │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-0.11 │ │ │ │ ├── ironic.env │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-0.9 │ │ │ │ ├── ironic.env │ │ │ │ └── kustomization.yaml │ │ │ │ └── release-latest │ │ │ │ ├── ironic.env │ │ │ │ └── kustomization.yaml │ │ ├── cert-manager-test │ │ │ ├── certificate.yaml │ │ │ ├── issuer.yaml │ │ │ ├── kustomization.yaml │ │ │ └── namespace.yaml │ │ ├── fkas │ │ │ ├── kustomization.yaml │ │ │ └── resources.yaml │ │ ├── infrastructure-metal3 │ │ │ ├── main │ │ │ │ ├── bases │ │ │ │ │ ├── centos-kubeadm-config │ │ │ │ │ │ ├── centos-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster-with-topology │ │ │ │ │ │ ├── cluster-with-topology.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster │ │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ │ ├── crs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── md.yaml │ │ │ │ │ ├── clusterclass-centos-kubeadm-config │ │ │ │ │ │ ├── clusterclass-centos-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── clusterclass-cluster │ │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ │ ├── crs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── md.yaml │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config │ │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── clusterclass │ │ │ │ │ │ ├── clusterclass.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── ippool │ │ │ │ │ │ ├── ippool.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── opensuse-leap-kubeadm-config │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── opensuse-leap-kubeadm-config.yaml │ │ │ │ │ └── ubuntu-kubeadm-config │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ubuntu-kubeadm-config.yaml │ │ │ │ ├── cluster-template-centos-fake │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-centos-md-remediation │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── md.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-centos │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-opensuse-leap │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-ubuntu-md-remediation │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── md.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-ubuntu │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-upgrade-workload │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-metal3 │ │ │ │ │ ├── clusterclass-metal3.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-centos │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-ubuntu │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-upgrade-workload │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── clusterclass │ │ │ │ │ └── kustomization.yaml │ │ │ ├── v1.10 │ │ │ │ ├── bases │ │ │ │ │ ├── centos-kubeadm-config │ │ │ │ │ │ ├── centos-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster-with-topology │ │ │ │ │ │ ├── cluster-with-topology.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster │ │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ │ ├── crs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── md.yaml │ │ │ │ │ ├── clusterclass-centos-kubeadm-config │ │ │ │ │ │ ├── clusterclass-centos-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── clusterclass-cluster │ │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ │ ├── crs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── md.yaml │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config │ │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── clusterclass │ │ │ │ │ │ ├── clusterclass.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── ippool │ │ │ │ │ │ ├── ippool.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ └── ubuntu-kubeadm-config │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ubuntu-kubeadm-config.yaml │ │ │ │ ├── cluster-template-centos-fake │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-centos-md-remediation │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── md.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-centos │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-ubuntu-md-remediation │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── md.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-ubuntu │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-upgrade-workload │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-metal3 │ │ │ │ │ ├── clusterclass-metal3.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-centos │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-ubuntu │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-upgrade-workload │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── clusterclass │ │ │ │ │ └── kustomization.yaml │ │ │ ├── v1.11 │ │ │ │ ├── bases │ │ │ │ │ ├── centos-kubeadm-config │ │ │ │ │ │ ├── centos-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster-with-topology │ │ │ │ │ │ ├── cluster-with-topology.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── cluster │ │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ │ ├── crs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── md.yaml │ │ │ │ │ ├── clusterclass-centos-kubeadm-config │ │ │ │ │ │ ├── clusterclass-centos-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── clusterclass-cluster │ │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ │ ├── crs.yaml │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── md.yaml │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config │ │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── clusterclass │ │ │ │ │ │ ├── clusterclass.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── ippool │ │ │ │ │ │ ├── ippool.yaml │ │ │ │ │ │ └── kustomization.yaml │ │ │ │ │ ├── opensuse-leap-kubeadm-config │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── opensuse-leap-kubeadm-config.yaml │ │ │ │ │ └── ubuntu-kubeadm-config │ │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ │ └── ubuntu-kubeadm-config.yaml │ │ │ │ ├── cluster-template-centos-fake │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-centos-md-remediation │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── md.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-centos │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-opensuse-leap │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-ubuntu-md-remediation │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ ├── md.yaml │ │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-ubuntu │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-upgrade-workload │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-metal3 │ │ │ │ │ ├── clusterclass-metal3.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-centos │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-ubuntu │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-upgrade-workload │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── clusterclass │ │ │ │ │ └── kustomization.yaml │ │ │ └── v1.9 │ │ │ │ ├── bases │ │ │ │ ├── centos-kubeadm-config │ │ │ │ │ ├── centos-kubeadm-config.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-with-topology │ │ │ │ │ ├── cluster-with-topology.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ ├── crs.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── md.yaml │ │ │ │ ├── clusterclass-centos-kubeadm-config │ │ │ │ │ ├── clusterclass-centos-kubeadm-config.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-cluster │ │ │ │ │ ├── cluster-with-kcp.yaml │ │ │ │ │ ├── crs.yaml │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── md.yaml │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config │ │ │ │ │ ├── clusterclass-ubuntu-kubeadm-config.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass │ │ │ │ │ ├── clusterclass.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ ├── ippool │ │ │ │ │ ├── ippool.yaml │ │ │ │ │ └── kustomization.yaml │ │ │ │ └── ubuntu-kubeadm-config │ │ │ │ │ ├── kustomization.yaml │ │ │ │ │ └── ubuntu-kubeadm-config.yaml │ │ │ │ ├── cluster-template-centos-fake │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-centos-md-remediation │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── md.yaml │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-centos │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-ubuntu-md-remediation │ │ │ │ ├── kustomization.yaml │ │ │ │ ├── md.yaml │ │ │ │ └── mhc.yaml │ │ │ │ ├── cluster-template-ubuntu │ │ │ │ └── kustomization.yaml │ │ │ │ ├── cluster-template-upgrade-workload │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-metal3 │ │ │ │ ├── clusterclass-metal3.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-centos │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-ubuntu │ │ │ │ └── kustomization.yaml │ │ │ │ ├── clusterclass-template-upgrade-workload │ │ │ │ └── kustomization.yaml │ │ │ │ └── clusterclass │ │ │ │ └── kustomization.yaml │ │ ├── ironic-deployment │ │ │ ├── components │ │ │ │ └── basic-auth │ │ │ │ │ ├── auth.yaml │ │ │ │ │ ├── ironic-auth-config-tpl │ │ │ │ │ └── kustomization.yaml │ │ │ └── overlays │ │ │ │ ├── pr-test │ │ │ │ ├── ironic_bmo_configmap.env │ │ │ │ ├── keepalived_patch.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-27.0 │ │ │ │ ├── ironic_bmo_configmap.env │ │ │ │ ├── keepalived_patch.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-29.0 │ │ │ │ ├── ironic_bmo_configmap.env │ │ │ │ ├── keepalived_patch.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-31.0 │ │ │ │ ├── ironic_bmo_configmap.env │ │ │ │ ├── keepalived_patch.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ ├── release-32.0 │ │ │ │ ├── ironic_bmo_configmap.env │ │ │ │ ├── keepalived_patch.yaml │ │ │ │ └── kustomization.yaml │ │ │ │ └── release-latest │ │ │ │ ├── ironic_bmo_configmap.env │ │ │ │ ├── keepalived_patch.yaml │ │ │ │ └── kustomization.yaml │ │ ├── kubetest │ │ │ └── conformance.yaml │ │ └── shared │ │ │ ├── capi │ │ │ ├── v1.10 │ │ │ │ └── metadata.yaml │ │ │ ├── v1.11 │ │ │ │ └── metadata.yaml │ │ │ ├── v1.12 │ │ │ │ └── metadata.yaml │ │ │ └── v1.9 │ │ │ │ └── metadata.yaml │ │ │ ├── infrastructure-metal3 │ │ │ ├── main │ │ │ │ └── metadata.yaml │ │ │ ├── v1.10 │ │ │ │ └── metadata.yaml │ │ │ ├── v1.11 │ │ │ │ └── metadata.yaml │ │ │ └── v1.9 │ │ │ │ └── metadata.yaml │ │ │ └── ipam-metal3 │ │ │ ├── v1.10 │ │ │ └── metadata.yaml │ │ │ └── v1.11 │ │ │ └── metadata.yaml │ ├── e2e_suite_test.go │ ├── healthcheck.go │ ├── inspection.go │ ├── integration_test.go │ ├── ip_reuse.go │ ├── ip_reuse_test.go │ ├── k8s_conformance_test.go │ ├── logcollector.go │ ├── md_remediations_test.go │ ├── md_rollout_test.go │ ├── md_scale_test.go │ ├── node_deletion_remediation.go │ ├── node_reuse.go │ ├── pivoting.go │ ├── pivoting_based_feature_test.go │ ├── remediation.go │ ├── remediation_based_feature_test.go │ ├── scalability_test.go │ ├── upgrade_clusterctl_test.go │ ├── upgrade_kubernetes_test.go │ └── yaml.go ├── go.mod └── go.sum └── tilt-provider.json /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Tell us about a problem you are experiencing 4 | 5 | --- 6 | 7 | **What steps did you take and what happened:** 8 | [A clear and concise description on how to REPRODUCE the bug.] 9 | 10 | 11 | **What did you expect to happen:** 12 | 13 | 14 | **Anything else you would like to add:** 15 | [Miscellaneous information that will assist in solving the issue.] 16 | 17 | 18 | **Environment:** 19 | 20 | - Cluster-api version: 21 | - Cluster-api-provider-metal3 version: 22 | - Environment (metal3-dev-env or other): 23 | - Kubernetes version: (use `kubectl version`): 24 | 25 | /kind bug 26 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/failing-test.yaml: -------------------------------------------------------------------------------- 1 | name: Failing Test 2 | description: Report continuously failing tests or jobs in Metal3 CI 3 | body: 4 | - type: textarea 5 | id: jobs 6 | attributes: 7 | label: Which jobs are failing? 8 | placeholder: | 9 | Please only use this template for submitting reports about continuously failing tests or jobs in Metal3 CI. 10 | validations: 11 | required: true 12 | 13 | - type: textarea 14 | id: tests 15 | attributes: 16 | label: Which tests are failing? 17 | validations: 18 | required: true 19 | 20 | - type: textarea 21 | id: since 22 | attributes: 23 | label: Since when has it been failing? 24 | validations: 25 | required: true 26 | 27 | - type: input 28 | id: Jenkins 29 | attributes: 30 | label: Jenkins link 31 | 32 | - type: textarea 33 | id: reason 34 | attributes: 35 | label: Reason for failure (if possible) 36 | 37 | - type: textarea 38 | id: additional 39 | attributes: 40 | label: Anything else we need to know? 41 | 42 | - type: textarea 43 | id: templateLabel 44 | attributes: 45 | label: Label(s) to be applied 46 | value: | 47 | /kind failing-test 48 | One or more /area label. See https://github.com/metal3-io/cluster-api-provider-metal3/labels for the list of labels. -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature addition 3 | about: Suggest and track an idea for this project 4 | 5 | --- 6 | 7 | **User Story** 8 | 9 | As a [developer/user/operator] I would like to [high level description] for [reasons] 10 | 11 | **Detailed Description** 12 | 13 | [A clear and concise description of what you want to happen.] 14 | 15 | **Anything else you would like to add:** 16 | 17 | [Miscellaneous information that will assist in solving the issue.] 18 | 19 | /kind feature 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/flaking-test.yaml: -------------------------------------------------------------------------------- 1 | name: Flaking Test 2 | description: Report flaky tests or jobs in Metal3 CI 3 | body: 4 | - type: textarea 5 | id: jobs 6 | attributes: 7 | label: Which jobs are flaking? 8 | description: | 9 | Please only use this template for submitting reports about flaky tests or jobs (pass or fail with no underlying change in code) in Metal3 CI. 10 | validations: 11 | required: true 12 | 13 | - type: textarea 14 | id: tests 15 | attributes: 16 | label: Which tests are flaking? 17 | validations: 18 | required: true 19 | 20 | - type: textarea 21 | id: since 22 | attributes: 23 | label: Since when has it been flaking? 24 | validations: 25 | required: true 26 | 27 | - type: input 28 | id: Jenkins 29 | attributes: 30 | label: Jenkins link 31 | 32 | - type: textarea 33 | id: reason 34 | attributes: 35 | label: Reason for failure (if possible) 36 | 37 | - type: textarea 38 | id: additional 39 | attributes: 40 | label: Anything else we need to know? 41 | 42 | - type: textarea 43 | id: templateLabel 44 | attributes: 45 | label: Label(s) to be applied 46 | value: | 47 | /kind flake 48 | One or more /area label. See https://github.com/metal3-io/cluster-api-provider-metal3/labels for the list of labels. -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | **What this PR does / why we need it**: 5 | 6 | **Which issue(s) this PR fixes** *(optional, in `fixes #(, fixes #, ...)` format, will close the issue(s) when PR gets merged)*: 7 | Fixes # 8 | -------------------------------------------------------------------------------- /.github/workflows/build-fkas-images-action.yml: -------------------------------------------------------------------------------- 1 | name: build-fkas-images-action 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'main' 7 | paths: 8 | - 'hack/fake-apiserver/**' 9 | - 'api/**' 10 | 11 | permissions: 12 | contents: read 13 | 14 | jobs: 15 | prepare: 16 | name: Prepare FKAS build 17 | if: github.repository == 'metal3-io/cluster-api-provider-metal3' 18 | runs-on: ubuntu-latest 19 | steps: 20 | - name: Checkout code 21 | uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 22 | - name: Calculate go version 23 | id: vars 24 | run: echo "go_version=$(make go-version)" >> "${GITHUB_OUTPUT}" 25 | - name: Set up Go 26 | uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 27 | with: 28 | go-version: ${{ steps.vars.outputs.go_version }} 29 | - name: Prepare fake-apiserver 30 | run: | 31 | mkdir -p hack/fake-apiserver/capm3 32 | cp -r api/ hack/fake-apiserver/capm3 33 | cd hack/fake-apiserver 34 | go mod edit -replace=github.com/metal3-io/cluster-api-provider-metal3=./capm3 35 | go mod tidy 36 | - name: Upload artifact of prepared fkas env 37 | uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 38 | with: 39 | name: prepared-fkas 40 | path: hack/fake-apiserver/** 41 | 42 | build_FKAS: 43 | name: Build Metal3-FKAS image 44 | if: github.repository == 'metal3-io/cluster-api-provider-metal3' 45 | needs: prepare 46 | uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main 47 | with: 48 | image-name: "metal3-fkas" 49 | pushImage: true 50 | artifact-name: prepared-fkas 51 | secrets: 52 | QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} 53 | QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} 54 | SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} 55 | -------------------------------------------------------------------------------- /.github/workflows/build-images-action.yml: -------------------------------------------------------------------------------- 1 | name: build-images-action 2 | 3 | on: 4 | push: 5 | branches: 6 | - 'main' 7 | - 'release-*' 8 | tags: 9 | - 'v*' 10 | 11 | permissions: 12 | contents: read 13 | 14 | jobs: 15 | build_CAPM3: 16 | name: Build CAPM3 image 17 | if: github.repository == 'metal3-io/cluster-api-provider-metal3' 18 | uses: metal3-io/project-infra/.github/workflows/container-image-build.yml@main 19 | with: 20 | image-name: 'cluster-api-provider-metal3' 21 | pushImage: true 22 | secrets: 23 | QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }} 24 | QUAY_PASSWORD: ${{ secrets.QUAY_PASSWORD }} 25 | SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} 26 | -------------------------------------------------------------------------------- /.github/workflows/dependabot.yml: -------------------------------------------------------------------------------- 1 | name: dependabot 2 | 3 | on: 4 | pull_request: 5 | branches: 6 | - dependabot/** 7 | push: 8 | branches: 9 | - dependabot/** 10 | workflow_dispatch: 11 | 12 | permissions: {} 13 | 14 | jobs: 15 | build: 16 | name: Build 17 | runs-on: ubuntu-latest 18 | 19 | permissions: 20 | contents: write 21 | 22 | steps: 23 | - name: Check out code into the Go module directory 24 | uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 25 | - name: Calculate go version 26 | id: vars 27 | run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT 28 | - name: Set up Go 29 | uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 30 | with: 31 | go-version: ${{ steps.vars.outputs.go_version }} 32 | - uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 33 | name: Restore go cache 34 | with: 35 | path: | 36 | ~/.cache/go-build 37 | ~/go/pkg/mod 38 | key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} 39 | restore-keys: | 40 | ${{ runner.os }}-go- 41 | - name: Update all modules 42 | run: make modules 43 | - name: Update generated code 44 | run: make generate 45 | - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4 46 | name: Commit changes 47 | with: 48 | author_name: dependabot[bot] 49 | author_email: 49699333+dependabot[bot]@users.noreply.github.com 50 | default_author: github_actor 51 | message: 'Update generated code' 52 | -------------------------------------------------------------------------------- /.github/workflows/golangci-lint.yml: -------------------------------------------------------------------------------- 1 | name: golangci-lint 2 | 3 | on: 4 | pull_request: 5 | types: [opened, edited, reopened, synchronize, ready_for_review] 6 | 7 | permissions: {} 8 | 9 | jobs: 10 | golangci: 11 | name: lint 12 | runs-on: ubuntu-latest 13 | 14 | strategy: 15 | fail-fast: false 16 | matrix: 17 | working-directory: 18 | - "" 19 | - test 20 | - api 21 | - hack/fake-apiserver 22 | 23 | steps: 24 | - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 25 | - name: Calculate go version 26 | id: vars 27 | run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT 28 | - name: Set up Go 29 | uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 30 | with: 31 | go-version: ${{ steps.vars.outputs.go_version }} 32 | - name: golangci-lint-${{matrix.working-directory}} 33 | uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 34 | with: 35 | version: v2.1.0 36 | working-directory: ${{matrix.working-directory}} 37 | args: --timeout=15m 38 | -------------------------------------------------------------------------------- /.github/workflows/pr-gh-workflow-approve.yaml: -------------------------------------------------------------------------------- 1 | # adapted from github.com/kubernetes-sigs/cluster-api/.github/workflows/pr-gh-workflow-approve.yaml 2 | # this workflow approves workflows if the PR has /ok-to-test 3 | # related Prow feature request https://github.com/kubernetes/test-infra/issues/25210 4 | 5 | name: Approve GH Workflows 6 | 7 | on: 8 | pull_request_target: 9 | types: [opened, edited, reopened, synchronize, ready_for_review] 10 | 11 | permissions: {} 12 | 13 | jobs: 14 | approve: 15 | name: Approve on ok-to-test 16 | runs-on: ubuntu-latest 17 | 18 | permissions: 19 | actions: write 20 | 21 | if: contains(github.event.pull_request.labels.*.name, 'ok-to-test') 22 | steps: 23 | - name: Update PR 24 | uses: actions/github-script@f28e40c7f34bde8b3046d885e986cb6290c5673b # v7.1.0 25 | continue-on-error: true 26 | with: 27 | github-token: ${{ secrets.GITHUB_TOKEN }} 28 | script: | 29 | const result = await github.rest.actions.listWorkflowRunsForRepo({ 30 | owner: context.repo.owner, 31 | repo: context.repo.repo, 32 | event: "pull_request", 33 | status: "action_required", 34 | head_sha: context.payload.pull_request.head.sha, 35 | per_page: 100 36 | }); 37 | 38 | for (var run of result.data.workflow_runs) { 39 | await github.rest.actions.approveWorkflowRun({ 40 | owner: context.repo.owner, 41 | repo: context.repo.repo, 42 | run_id: run.id 43 | }); 44 | } 45 | -------------------------------------------------------------------------------- /.github/workflows/pr-link-check.yml: -------------------------------------------------------------------------------- 1 | name: PR Check Links 2 | 3 | on: 4 | pull_request: 5 | types: [opened, edited, reopened, synchronize, ready_for_review] 6 | 7 | permissions: 8 | contents: read 9 | 10 | jobs: 11 | check-pr-links: 12 | uses: metal3-io/project-infra/.github/workflows/pr-link-check.yml@main 13 | with: 14 | upstream: https://github.com/metal3-io/cluster-api-provider-metal3.git 15 | -------------------------------------------------------------------------------- /.github/workflows/pr-verifier.yaml: -------------------------------------------------------------------------------- 1 | name: PR Verifier 2 | 3 | permissions: {} 4 | 5 | on: 6 | pull_request_target: 7 | types: [opened, edited, reopened, synchronize, ready_for_review] 8 | 9 | jobs: 10 | verify: 11 | name: verify PR contents 12 | uses: metal3-io/project-infra/.github/workflows/pr-verifier.yaml@main 13 | -------------------------------------------------------------------------------- /.github/workflows/scheduled-link-check.yml: -------------------------------------------------------------------------------- 1 | name: Scheduled Link Check 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | # random minute and hour as to not overlap with other scheduled checks 7 | - cron: "30 14 1 * *" 8 | repository_dispatch: 9 | # run manually 10 | types: [check-links] 11 | 12 | permissions: 13 | contents: read 14 | issues: write 15 | 16 | jobs: 17 | check-links: 18 | uses: metal3-io/project-infra/.github/workflows/scheduled-link-check.yml@main 19 | -------------------------------------------------------------------------------- /.github/workflows/scheduled-osv-scan.yml: -------------------------------------------------------------------------------- 1 | # runs vulnerability scans and add them to Github Security tab 2 | 3 | name: OSV-Scanner Scheduled 4 | 5 | on: 6 | workflow_dispatch: 7 | schedule: 8 | - cron: "0 6 * * *" 9 | pull_request: 10 | paths: 11 | - '.github/workflows/scheduled-osv-scan.yml' 12 | 13 | permissions: 14 | actions: read 15 | contents: read 16 | security-events: write # for uploading SARIF files 17 | 18 | jobs: 19 | osv-scan: 20 | if: ${{ github.repository == 'metal3-io/cluster-api-provider-metal3' }} 21 | uses: metal3-io/project-infra/.github/workflows/scheduled-osv-scan.yml@main 22 | with: 23 | repository-name: ${{ github.repository }} 24 | secrets: 25 | SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} 26 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | 8 | # Test binary, build with `go test -c` 9 | *.test 10 | 11 | # Output of the go coverage tool, specifically when used with LiteIDE 12 | *.out 13 | 14 | # Ansible 15 | *.retry 16 | 17 | # vim 18 | *~ 19 | *.swp 20 | 21 | # envfiles 22 | .env 23 | envfile 24 | 25 | # kubeconfigs 26 | kind.kubeconfig 27 | minikube.kubeconfig 28 | /kubeconfig 29 | 30 | # ssh keys 31 | .ssh* 32 | 33 | # Example and binary output directory 34 | out 35 | 36 | # vscode 37 | .vscode 38 | 39 | # goland 40 | .idea 41 | 42 | # zed 43 | .zed* 44 | 45 | # Common editor / temporary files 46 | *~ 47 | *.tmp 48 | .DS_Store 49 | 50 | bin/* 51 | hack/tools/bin/* 52 | examples/_out/* 53 | examples/envsubst-go 54 | examples/provider-components/*-components.yaml 55 | out/* 56 | 57 | # e2e 58 | test/e2e/_out 59 | /_artifacts 60 | 61 | # Tilt files. 62 | .tiltbuild 63 | /tilt.d 64 | tilt-settings.json 65 | tilt_config.json 66 | 67 | github/ 68 | 69 | go.work 70 | go.work.sum 71 | 72 | # Development containers (https://containers.dev/) 73 | .devcontainer 74 | 75 | # e2e result junit xml files 76 | junit.e2e_suite.*.xml 77 | -------------------------------------------------------------------------------- /.lycheeignore: -------------------------------------------------------------------------------- 1 | https://localhost 2 | http://localhost 3 | -------------------------------------------------------------------------------- /.markdownlint-cli2.yaml: -------------------------------------------------------------------------------- 1 | # Reference: https://github.com/DavidAnson/markdownlint-cli2#markdownlint-cli2yaml 2 | 3 | config: 4 | ul-indent: 5 | # Kramdown wanted us to have 3 earlier, tho this CLI recommends 2 or 4 6 | indent: 3 7 | 8 | # Don't autofix anything, we're linting here 9 | fix: false 10 | -------------------------------------------------------------------------------- /DCO: -------------------------------------------------------------------------------- 1 | Developer Certificate of Origin 2 | Version 1.1 3 | 4 | Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 5 | 1 Letterman Drive 6 | Suite D4700 7 | San Francisco, CA, 94129 8 | 9 | Everyone is permitted to copy and distribute verbatim copies of this 10 | license document, but changing it is not allowed. 11 | 12 | 13 | Developer's Certificate of Origin 1.1 14 | 15 | By making a contribution to this project, I certify that: 16 | 17 | (a) The contribution was created in whole or in part by me and I 18 | have the right to submit it under the open source license 19 | indicated in the file; or 20 | 21 | (b) The contribution is based upon previous work that, to the best 22 | of my knowledge, is covered under an appropriate open source 23 | license and I have the right under that license to submit that 24 | work with modifications, whether created in whole or in part 25 | by me, under the same open source license (unless I am 26 | permitted to submit under a different license), as indicated 27 | in the file; or 28 | 29 | (c) The contribution was provided directly to me by some other 30 | person who certified (a), (b) or (c) and I have not modified 31 | it. 32 | 33 | (d) I understand and agree that this project and the contribution 34 | are public and that a record of the contribution (including all 35 | personal information I submit with it, including my sign-off) is 36 | maintained indefinitely and may be redistributed consistent with 37 | this project or the open source license(s) involved. 38 | -------------------------------------------------------------------------------- /OWNERS: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs at https://go.k8s.io/owners 2 | 3 | approvers: 4 | - cluster-api-provider-metal3-maintainers 5 | 6 | reviewers: 7 | - cluster-api-provider-metal3-maintainers 8 | - cluster-api-provider-metal3-reviewers 9 | 10 | emeritus_approvers: 11 | - fmuyassarov 12 | - furkatgofurov7 13 | - maelk 14 | - mboukhalfa 15 | - Xenwar 16 | 17 | emeritus_reviewers: 18 | - jan-est 19 | - mquhuy 20 | - namnx228 21 | -------------------------------------------------------------------------------- /OWNERS_ALIASES: -------------------------------------------------------------------------------- 1 | # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md 2 | 3 | aliases: 4 | cluster-api-provider-metal3-maintainers: 5 | - adilGhaffarDev 6 | - kashifest 7 | - lentzi90 8 | - smoshiur1237 9 | - Sunnatillo 10 | - tuminoid 11 | 12 | cluster-api-provider-metal3-reviewers: 13 | - dtantsur 14 | - honza 15 | - peppi-lotta 16 | - Rozzii 17 | - zhouhao3 18 | -------------------------------------------------------------------------------- /SECURITY_CONTACTS: -------------------------------------------------------------------------------- 1 | # Reporting a security vulnerability 2 | 3 | Please do: 4 | - not disclose any security issue publicly e.g. Pull Requests, Comments. 5 | - not disclose any security issue directly to any owner of the repository or 6 | to any other contributor. 7 | 8 | In this repository security reports are handled according to the 9 | Metal3-io project's security policy. For more information about the security 10 | policy consult the User-Guide [here](https://book.metal3.io/security_policy.html). 11 | 12 | Security vulnerability fixes can be ported to the currently supported release branches, 13 | more about the supported releases can be found [here](https://book.metal3.io/version_support.html). 14 | 15 | -------------------------------------------------------------------------------- /api/v1beta1/conversion.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | func (*Metal3Cluster) Hub() {} 20 | func (*Metal3ClusterList) Hub() {} 21 | func (*Metal3Machine) Hub() {} 22 | func (*Metal3MachineList) Hub() {} 23 | func (*Metal3MachineTemplate) Hub() {} 24 | func (*Metal3MachineTemplateList) Hub() {} 25 | func (*Metal3DataTemplate) Hub() {} 26 | func (*Metal3DataTemplateList) Hub() {} 27 | func (*Metal3Data) Hub() {} 28 | func (*Metal3DataList) Hub() {} 29 | func (*Metal3DataClaim) Hub() {} 30 | func (*Metal3DataClaimList) Hub() {} 31 | func (*Metal3Remediation) Hub() {} 32 | func (*Metal3RemediationList) Hub() {} 33 | func (*Metal3RemediationTemplate) Hub() {} 34 | func (*Metal3RemediationTemplateList) Hub() {} 35 | -------------------------------------------------------------------------------- /api/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1beta1 contains API Schema definitions for the metal3 v1beta1 API group 18 | // +k8s:openapi-gen=true 19 | // +k8s:deepcopy-gen=package,register 20 | // +k8s:defaulter-gen=TypeMeta 21 | // +kubebuilder:object:generate=true 22 | // +groupName=infrastructure.cluster.x-k8s.io 23 | package v1beta1 24 | -------------------------------------------------------------------------------- /api/v1beta1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | // Package v1beta1 contains API Schema definitions for the infrastructure v1beta1 API group 18 | // +kubebuilder:object:generate=true 19 | // +k8s:openapi-gen=true 20 | // +k8s:deepcopy-gen=package,register 21 | // +k8s:defaulter-gen=TypeMeta 22 | // +groupName=infrastructure.cluster.x-k8s.io 23 | package v1beta1 24 | 25 | import ( 26 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 27 | "k8s.io/apimachinery/pkg/runtime" 28 | "k8s.io/apimachinery/pkg/runtime/schema" 29 | ) 30 | 31 | var ( 32 | // GroupVersion is group version used to register these objects. 33 | GroupVersion = schema.GroupVersion{Group: "infrastructure.cluster.x-k8s.io", Version: "v1beta1"} 34 | 35 | // schemeBuilder is used to add go types to the GroupVersionKind scheme. 36 | schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) 37 | 38 | // AddToScheme adds the types in this group-version to the given scheme. 39 | AddToScheme = schemeBuilder.AddToScheme 40 | 41 | objectTypes = []runtime.Object{} 42 | ) 43 | 44 | func addKnownTypes(scheme *runtime.Scheme) error { 45 | scheme.AddKnownTypes(GroupVersion, objectTypes...) 46 | metav1.AddToGroupVersion(scheme, GroupVersion) 47 | return nil 48 | } 49 | 50 | // Resource is required by pkg/client/listers/... 51 | // func Resource(resource string) schema.GroupResource { 52 | // return SchemeGroupVersion.WithResource(resource).GroupResource() 53 | // } 54 | -------------------------------------------------------------------------------- /api/v1beta1/metal3clustertemplate_types.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2024 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package v1beta1 15 | 16 | import ( 17 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 18 | ) 19 | 20 | // Metal3ClusterTemplateSpec defines the desired state of Metal3ClusterTemplate. 21 | type Metal3ClusterTemplateSpec struct { 22 | Template Metal3ClusterTemplateResource `json:"template"` 23 | } 24 | 25 | // +kubebuilder:object:root=true 26 | // +kubebuilder:resource:path=metal3clustertemplates,scope=Namespaced,categories=cluster-api,shortName=m3ct 27 | // +kubebuilder:storageversion 28 | 29 | // Metal3ClusterTemplate is the Schema for the metal3clustertemplates API. 30 | type Metal3ClusterTemplate struct { 31 | metav1.TypeMeta `json:",inline"` 32 | metav1.ObjectMeta `json:"metadata,omitempty"` 33 | 34 | Spec Metal3ClusterTemplateSpec `json:"spec,omitempty"` 35 | } 36 | 37 | // +kubebuilder:object:root=true 38 | 39 | // Metal3ClusterTemplateList contains a list of Metal3ClusterTemplate. 40 | type Metal3ClusterTemplateList struct { 41 | metav1.TypeMeta `json:",inline"` 42 | metav1.ListMeta `json:"metadata,omitempty"` 43 | Items []Metal3ClusterTemplate `json:"items"` 44 | } 45 | 46 | func init() { 47 | objectTypes = append(objectTypes, &Metal3ClusterTemplate{}, &Metal3ClusterTemplateList{}) 48 | } 49 | 50 | // Metal3ClusterTemplateResource describes the data for creating a Metal3Cluster from a template. 51 | type Metal3ClusterTemplateResource struct { 52 | Spec Metal3ClusterSpec `json:"spec"` 53 | } 54 | -------------------------------------------------------------------------------- /api/v1beta1/metal3machine_types_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | import ( 20 | "testing" 21 | 22 | "github.com/onsi/gomega" 23 | corev1 "k8s.io/api/core/v1" 24 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 25 | "k8s.io/apimachinery/pkg/types" 26 | ) 27 | 28 | func TestStorageMetal3MachineSpec(t *testing.T) { 29 | key := types.NamespacedName{ 30 | Name: "foo", 31 | Namespace: "default", 32 | } 33 | 34 | created := &Metal3Machine{ 35 | ObjectMeta: metav1.ObjectMeta{ 36 | Name: "foo", 37 | Namespace: "default", 38 | }, 39 | Spec: Metal3MachineSpec{ 40 | UserData: &corev1.SecretReference{ 41 | Name: "foo", 42 | }, 43 | }, 44 | } 45 | 46 | g := gomega.NewGomegaWithT(t) 47 | 48 | // Test Create 49 | fetched := &Metal3Machine{} 50 | g.Expect(c.Create(t.Context(), created)).NotTo(gomega.HaveOccurred()) 51 | 52 | g.Expect(c.Get(t.Context(), key, fetched)).NotTo(gomega.HaveOccurred()) 53 | g.Expect(fetched).To(gomega.Equal(created)) 54 | 55 | // Test Updating the Labels 56 | updated := fetched.DeepCopy() 57 | updated.Labels = map[string]string{"hello": "world"} 58 | g.Expect(c.Update(t.Context(), updated)).NotTo(gomega.HaveOccurred()) 59 | 60 | g.Expect(c.Get(t.Context(), key, fetched)).NotTo(gomega.HaveOccurred()) 61 | g.Expect(fetched).To(gomega.Equal(updated)) 62 | 63 | // Test Delete 64 | g.Expect(c.Delete(t.Context(), fetched)).NotTo(gomega.HaveOccurred()) 65 | g.Expect(c.Get(t.Context(), key, fetched)).To(gomega.HaveOccurred()) 66 | } 67 | -------------------------------------------------------------------------------- /api/v1beta1/v1beta1_suite_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package v1beta1 18 | 19 | import ( 20 | "log" 21 | "os" 22 | "path/filepath" 23 | "testing" 24 | 25 | "k8s.io/client-go/kubernetes/scheme" 26 | "k8s.io/client-go/rest" 27 | "sigs.k8s.io/controller-runtime/pkg/client" 28 | "sigs.k8s.io/controller-runtime/pkg/envtest" 29 | ) 30 | 31 | var cfg *rest.Config 32 | var c client.Client 33 | 34 | func TestMain(m *testing.M) { 35 | t := &envtest.Environment{ 36 | CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, 37 | } 38 | 39 | err := schemeBuilder.AddToScheme(scheme.Scheme) 40 | if err != nil { 41 | log.Fatal(err) 42 | } 43 | 44 | if cfg, err = t.Start(); err != nil { 45 | log.Fatal(err) 46 | } 47 | 48 | if c, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}); err != nil { 49 | log.Fatal(err) 50 | } 51 | 52 | code := m.Run() 53 | _ = t.Stop() 54 | os.Exit(code) 55 | } 56 | -------------------------------------------------------------------------------- /baremetal/reconcile_error_test.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2023 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package baremetal 18 | 19 | import ( 20 | "errors" 21 | "fmt" 22 | "time" 23 | 24 | . "github.com/onsi/ginkgo/v2" 25 | . "github.com/onsi/gomega" 26 | ) 27 | 28 | const ( 29 | duration = 50 * time.Second 30 | ) 31 | 32 | var _ = Describe("Reconcile Error testing", func() { 33 | 34 | It("Returns correct values for Transient Error", func() { 35 | 36 | err := WithTransientError(errors.New("Transient Error"), duration) 37 | Expect(err.GetRequeueAfter()).To(Equal(duration)) 38 | Expect(err.IsTransient()).To(BeTrue()) 39 | Expect(err.IsTerminal()).To(BeFalse()) 40 | Expect(err.Error()).To(Equal(fmt.Sprintf("%s. Object will be requeued after %s", "Transient Error", duration))) 41 | }) 42 | 43 | It("Returns correct values for Terminal Error", func() { 44 | err := WithTerminalError(errors.New("Terminal Error")) 45 | Expect(err.IsTransient()).To(BeFalse()) 46 | Expect(err.IsTerminal()).To(BeTrue()) 47 | Expect(err.Error()).To(Equal(fmt.Sprintf("reconcile error that cannot be recovered occurred: %s. Object will not be requeued", "Terminal Error"))) 48 | }) 49 | 50 | It("Returns correct values for Unknown ReconcileError type", func() { 51 | err := ReconcileError{errors.New("Unknown Error"), "unknownErrorType", 0 * time.Second} 52 | Expect(err.IsTerminal()).To(BeFalse()) 53 | Expect(err.IsTransient()).To(BeFalse()) 54 | Expect(err.Error()).To(Equal("reconcile error occurred with unknown recovery type. The actual error is: Unknown Error")) 55 | }) 56 | }) 57 | -------------------------------------------------------------------------------- /baremetal/remote/remote.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | http://www.apache.org/licenses/LICENSE-2.0 7 | Unless required by applicable law or agreed to in writing, software 8 | distributed under the License is distributed on an "AS IS" BASIS, 9 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 10 | See the License for the specific language governing permissions and 11 | limitations under the License. 12 | */ 13 | 14 | package remote 15 | 16 | import ( 17 | "context" 18 | 19 | "github.com/pkg/errors" 20 | "k8s.io/apimachinery/pkg/types" 21 | corev1 "k8s.io/client-go/kubernetes/typed/core/v1" 22 | "k8s.io/client-go/tools/clientcmd" 23 | clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2" 24 | kcfg "sigs.k8s.io/cluster-api/util/kubeconfig" 25 | "sigs.k8s.io/controller-runtime/pkg/client" 26 | ) 27 | 28 | // NewClusterClient creates a new ClusterClient. 29 | func NewClusterClient(ctx context.Context, c client.Client, cluster *clusterv1.Cluster) (corev1.CoreV1Interface, error) { 30 | kubeconfig, err := kcfg.FromSecret(ctx, c, types.NamespacedName{ 31 | Name: cluster.Name, 32 | Namespace: cluster.Namespace, 33 | }) 34 | if err != nil { 35 | return nil, errors.Wrapf(err, "failed to retrieve kubeconfig secret for Cluster %q in namespace %q", 36 | cluster.Name, cluster.Namespace) 37 | } 38 | 39 | restConfig, err := clientcmd.RESTConfigFromKubeConfig(kubeconfig) 40 | if err != nil { 41 | return nil, errors.Wrapf(err, "failed to create client configuration for Cluster %q in namespace %q", 42 | cluster.Name, cluster.Namespace) 43 | } 44 | 45 | return corev1.NewForConfig(restConfig) 46 | } 47 | -------------------------------------------------------------------------------- /baremetal/remote/suite_test.go: -------------------------------------------------------------------------------- 1 | package remote_test 2 | 3 | import ( 4 | "testing" 5 | 6 | . "github.com/onsi/ginkgo/v2" 7 | . "github.com/onsi/gomega" 8 | ) 9 | 10 | func TestRemote(t *testing.T) { 11 | RegisterFailHandler(Fail) 12 | RunSpecs(t, "Remote Suite") 13 | } 14 | -------------------------------------------------------------------------------- /clusterctl-settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "infrastructure-metal3", 3 | "config": { 4 | "componentsFile": "infrastructure-components.yaml", 5 | "nextVersion": "v1.12.99" 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /config/certmanager/certificate.yaml: -------------------------------------------------------------------------------- 1 | # The following manifests contain a self-signed issuer CR and a certificate CR. 2 | # More document can be found at https://docs.cert-manager.io 3 | apiVersion: cert-manager.io/v1 4 | kind: Issuer 5 | metadata: 6 | name: selfsigned-issuer 7 | namespace: system 8 | spec: 9 | selfSigned: {} 10 | --- 11 | apiVersion: cert-manager.io/v1 12 | kind: Certificate 13 | metadata: 14 | name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml 15 | namespace: system 16 | spec: 17 | # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize 18 | dnsNames: 19 | - SERVICE_NAME.SERVICE_NAMESPACE.svc 20 | - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local 21 | issuerRef: 22 | kind: Issuer 23 | name: selfsigned-issuer 24 | secretName: capm3-webhook-service-cert # this secret will not be prefixed, since it's not managed by kustomize 25 | -------------------------------------------------------------------------------- /config/certmanager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - certificate.yaml 5 | 6 | configurations: 7 | - kustomizeconfig.yaml 8 | -------------------------------------------------------------------------------- /config/certmanager/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | nameReference: 3 | - kind: Issuer 4 | group: cert-manager.io 5 | fieldSpecs: 6 | - kind: Certificate 7 | group: cert-manager.io 8 | path: spec/issuerRef/name 9 | 10 | varReference: 11 | - kind: Certificate 12 | group: cert-manager.io 13 | path: spec/commonName 14 | - kind: Certificate 15 | group: cert-manager.io 16 | path: spec/dnsNames 17 | - kind: Certificate 18 | group: cert-manager.io 19 | path: spec/secretName 20 | -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhook/clientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhook/clientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3clusters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3clusters.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3dataclaims.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3dataclaims.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3datas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3datas.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3datatemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3datatemplates.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3machines.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3machines.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3machinetemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3machinetemplates.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3remediations.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3remediations.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/cainjection_in_metal3remediationtemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds a directive for certmanager to inject CA into the CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | annotations: 7 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 8 | name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io 9 | -------------------------------------------------------------------------------- /config/crd/patches/skipcrdnamecheck_in_metal3datas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch adds "clusterctl.cluster.x-k8s.io/skip-crd-name-preflight-check" 2 | # CAPI annotation for clusterctl to inject annotation into the CRD. See more why this is needed 3 | # here: https://github.com/kubernetes-sigs/cluster-api/issues/5686#issuecomment-1238255937 4 | # CRD conversion requires k8s 1.13 or later. 5 | apiVersion: apiextensions.k8s.io/v1 6 | kind: CustomResourceDefinition 7 | metadata: 8 | annotations: 9 | clusterctl.cluster.x-k8s.io/skip-crd-name-preflight-check: "" 10 | name: metal3datas.infrastructure.cluster.x-k8s.io -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3clusters.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3clusters.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3dataclaims.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3dataclaims.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3datas.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3datas.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3datatemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3datatemplates.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3machines.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3machines.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3machinetemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3machinetemplates.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3remediations.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3remediations.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/crd/patches/webhook_in_metal3remediationtemplates.yaml: -------------------------------------------------------------------------------- 1 | # The following patch enables conversion webhook for CRD 2 | # CRD conversion requires k8s 1.13 or later. 3 | apiVersion: apiextensions.k8s.io/v1 4 | kind: CustomResourceDefinition 5 | metadata: 6 | name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io 7 | spec: 8 | conversion: 9 | strategy: Webhook 10 | webhook: 11 | conversionReviewVersions: ["v1", "v1beta1"] 12 | clientConfig: 13 | service: 14 | namespace: system 15 | name: webhook-service 16 | path: /convert 17 | -------------------------------------------------------------------------------- /config/default/capm3/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This configuration is for teaching kustomize how to update name ref and var substitution 2 | varReference: 3 | - kind: Deployment 4 | path: spec/template/spec/volumes/secret/secretName -------------------------------------------------------------------------------- /config/default/capm3/manager_image_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | # Change the value of image field below to your controller image URL 11 | - image: quay.io/metal3-io/cluster-api-provider-metal3:main 12 | name: manager 13 | -------------------------------------------------------------------------------- /config/default/capm3/manager_pull_policy_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | imagePullPolicy: IfNotPresent 12 | -------------------------------------------------------------------------------- /config/default/capm3/manager_webhook_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | ports: 12 | - containerPort: 9443 13 | name: webhook-server 14 | protocol: TCP 15 | volumeMounts: 16 | - mountPath: /tmp/k8s-webhook-server/serving-certs 17 | name: cert 18 | readOnly: true 19 | volumes: 20 | - name: cert 21 | secret: 22 | defaultMode: 420 23 | secretName: capm3-webhook-service-cert 24 | -------------------------------------------------------------------------------- /config/default/capm3/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: capm3-system 5 | labels: 6 | pod-security.kubernetes.io/enforce: restricted 7 | 8 | -------------------------------------------------------------------------------- /config/default/capm3/webhookcainjection_patch.yaml: -------------------------------------------------------------------------------- 1 | # This patch add annotation to admission webhook config and 2 | # the variables CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize. 3 | apiVersion: admissionregistration.k8s.io/v1 4 | kind: MutatingWebhookConfiguration 5 | metadata: 6 | name: mutating-webhook-configuration 7 | annotations: 8 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 9 | --- 10 | apiVersion: admissionregistration.k8s.io/v1 11 | kind: ValidatingWebhookConfiguration 12 | metadata: 13 | name: validating-webhook-configuration 14 | annotations: 15 | cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME 16 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | labels: 2 | - includeSelectors: true 3 | pairs: 4 | cluster.x-k8s.io/provider: infrastructure-metal3 5 | 6 | resources: 7 | - capm3 8 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | 4 | resources: 5 | - manager.yaml 6 | 7 | configMapGenerator: 8 | - name: capm3fasttrack-configmap 9 | literals: 10 | - CAPM3_FAST_TRACK=${CAPM3_FAST_TRACK:='false'} 11 | 12 | generatorOptions: 13 | disableNameSuffixHash: true 14 | -------------------------------------------------------------------------------- /config/manager/manager.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | labels: 7 | control-plane: controller-manager 8 | controller-tools.k8s.io: "1.0" 9 | spec: 10 | selector: 11 | matchLabels: 12 | control-plane: controller-manager 13 | controller-tools.k8s.io: "1.0" 14 | template: 15 | metadata: 16 | labels: 17 | control-plane: controller-manager 18 | controller-tools.k8s.io: "1.0" 19 | spec: 20 | containers: 21 | - command: 22 | - /manager 23 | args: 24 | - "--webhook-port=9443" 25 | - "--enableBMHNameBasedPreallocation=${ENABLE_BMH_NAME_BASED_PREALLOCATION:=false}" 26 | - "--diagnostics-address=${CAPM3_DIAGNOSTICS_ADDRESS:=:8443}" 27 | - "--insecure-diagnostics=${CAPM3_INSECURE_DIAGNOSTICS:=false}" 28 | - "--tls-min-version=${TLS_MIN_VERSION:=VersionTLS13}" 29 | image: controller:latest 30 | imagePullPolicy: IfNotPresent 31 | name: manager 32 | envFrom: 33 | - configMapRef: 34 | name: capm3fasttrack-configmap 35 | ports: 36 | - containerPort: 9440 37 | name: healthz 38 | protocol: TCP 39 | - containerPort: 8443 40 | name: metrics 41 | protocol: TCP 42 | readinessProbe: 43 | httpGet: 44 | path: /readyz 45 | port: healthz 46 | livenessProbe: 47 | httpGet: 48 | path: /healthz 49 | port: healthz 50 | securityContext: 51 | allowPrivilegeEscalation: false 52 | capabilities: 53 | drop: 54 | - ALL 55 | privileged: false 56 | runAsUser: 65532 57 | runAsGroup: 65532 58 | terminationMessagePolicy: FallbackToLogsOnError 59 | terminationGracePeriodSeconds: 10 60 | securityContext: 61 | runAsNonRoot: true 62 | seccompProfile: 63 | type: RuntimeDefault 64 | serviceAccountName: manager 65 | tolerations: 66 | - effect: NoSchedule 67 | key: node-role.kubernetes.io/master 68 | - effect: NoSchedule 69 | key: node-role.kubernetes.io/control-plane 70 | -------------------------------------------------------------------------------- /config/rbac/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - role.yaml 5 | - role_binding.yaml 6 | - service_account.yaml 7 | - leader_election_role_binding.yaml 8 | - leader_election_role.yaml 9 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - "" 9 | resources: 10 | - events 11 | verbs: 12 | - create 13 | - apiGroups: 14 | - "coordination.k8s.io" 15 | resources: 16 | - leases 17 | verbs: 18 | - get 19 | - list 20 | - watch 21 | - create 22 | - update 23 | - patch 24 | - delete -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: manager 12 | namespace: system 13 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: manager 5 | namespace: system -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: webhook-server 11 | -------------------------------------------------------------------------------- /docs/images/components.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/metal3-io/cluster-api-provider-metal3/705d60ee90bf5e34b010aeb34ef20269dbe78c09/docs/images/components.png -------------------------------------------------------------------------------- /docs/images/controllerssequencediagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/metal3-io/cluster-api-provider-metal3/705d60ee90bf5e34b010aeb34ef20269dbe78c09/docs/images/controllerssequencediagram.png -------------------------------------------------------------------------------- /docs/images/fields_mapping.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/metal3-io/cluster-api-provider-metal3/705d60ee90bf5e34b010aeb34ef20269dbe78c09/docs/images/fields_mapping.png -------------------------------------------------------------------------------- /examples/cluster/cluster.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta2 3 | kind: Cluster 4 | metadata: 5 | name: ${CLUSTER_NAME} 6 | namespace: ${NAMESPACE} 7 | spec: 8 | clusterNetwork: 9 | services: 10 | cidrBlocks: 11 | - 10.96.0.0/12 12 | pods: 13 | cidrBlocks: 14 | - 192.168.0.0/18 15 | serviceDomain: "cluster.local" 16 | infrastructureRef: 17 | apiGroup: infrastructure.cluster.x-k8s.io 18 | kind: Metal3Cluster 19 | name: ${CLUSTER_NAME} 20 | controlPlaneRef: 21 | apiGroup: controlplane.cluster.x-k8s.io 22 | kind: KubeadmControlPlane 23 | name: ${CLUSTER_NAME}-controlplane 24 | --- 25 | apiVersion: infrastructure.cluster.x-k8s.io/v1beta1 26 | kind: Metal3Cluster 27 | metadata: 28 | name: ${CLUSTER_NAME} 29 | namespace: ${NAMESPACE} 30 | spec: 31 | controlPlaneEndpoint: 32 | host: ${CLUSTER_APIENDPOINT_HOST} 33 | port: ${CLUSTER_APIENDPOINT_PORT} 34 | cloudProviderEnabled: false 35 | -------------------------------------------------------------------------------- /examples/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - cluster.yaml 6 | configurations: 7 | - kustomizeconfig.yaml 8 | -------------------------------------------------------------------------------- /examples/cluster/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | namespace: 2 | - kind: Cluster 3 | group: cluster.x-k8s.io 4 | version: v1beta2 5 | path: spec/infrastructureRef/namespace 6 | create: true 7 | -------------------------------------------------------------------------------- /examples/controlplane/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - controlplane.yaml 6 | configurations: 7 | - kustomizeconfig.yaml 8 | -------------------------------------------------------------------------------- /examples/controlplane/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | namespace: 2 | - kind: Machine 3 | group: cluster.x-k8s.io 4 | version: v1beta2 5 | path: spec/infrastructureRef/namespace 6 | create: true 7 | - kind: Machine 8 | group: cluster.x-k8s.io 9 | version: v1beta2 10 | path: spec/bootstrap/configRef/namespace 11 | create: true 12 | 13 | commonLabels: 14 | - path: metadata/labels 15 | create: true 16 | -------------------------------------------------------------------------------- /examples/machinedeployment/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - machinedeployment.yaml 6 | configurations: 7 | - kustomizeconfig.yaml 8 | -------------------------------------------------------------------------------- /examples/machinedeployment/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | namespace: 2 | - kind: MachineDeployment 3 | group: cluster.x-k8s.io 4 | version: v1beta2 5 | path: spec/template/spec/infrastructureRef/namespace 6 | create: true 7 | - kind: MachineDeployment 8 | group: cluster.x-k8s.io 9 | version: v1beta2 10 | path: spec/template/spec/bootstrap/configRef/namespace 11 | create: true 12 | -------------------------------------------------------------------------------- /examples/metal3crds/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - metal3.io_baremetalhosts.yaml 6 | -------------------------------------------------------------------------------- /examples/metal3plane/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: default 4 | resources: 5 | - hosts.yaml 6 | -------------------------------------------------------------------------------- /examples/provider-components/image_versions_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: capi-controller-manager 5 | namespace: capi-system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | image: gcr.io/k8s-staging-cluster-api/cluster-api-controller:main 12 | --- 13 | apiVersion: apps/v1 14 | kind: Deployment 15 | metadata: 16 | name: capi-kubeadm-bootstrap-controller-manager 17 | namespace: capi-kubeadm-bootstrap-system 18 | spec: 19 | template: 20 | spec: 21 | containers: 22 | - name: manager 23 | image: gcr.io/k8s-staging-cluster-api/kubeadm-bootstrap-controller:main 24 | --- 25 | apiVersion: apps/v1 26 | kind: Deployment 27 | metadata: 28 | name: capi-kubeadm-control-plane-controller-manager 29 | namespace: capi-kubeadm-control-plane-system 30 | spec: 31 | template: 32 | spec: 33 | containers: 34 | - name: manager 35 | image: gcr.io/k8s-staging-cluster-api/kubeadm-control-plane-controller:main 36 | 37 | -------------------------------------------------------------------------------- /examples/provider-components/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - core-components.yaml 5 | - bootstrap-components.yaml 6 | - ctlplane-components.yaml 7 | - infrastructure-components.yaml 8 | patches: 9 | - path: manager_tolerations_patch.yaml 10 | - path: image_versions_patch.yaml 11 | -------------------------------------------------------------------------------- /examples/provider-components/manager_tolerations_patch.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: capm3-controller-manager 6 | namespace: capm3-system 7 | spec: 8 | template: 9 | spec: 10 | tolerations: 11 | - effect: NoSchedule 12 | key: node-role.kubernetes.io/master 13 | - effect: NoSchedule 14 | key: node-role.kubernetes.io/control-plane 15 | - key: CriticalAddonsOnly 16 | operator: Exists 17 | --- 18 | apiVersion: apps/v1 19 | kind: Deployment 20 | metadata: 21 | name: capi-controller-manager 22 | namespace: capi-system 23 | spec: 24 | template: 25 | spec: 26 | tolerations: 27 | - effect: NoSchedule 28 | key: node-role.kubernetes.io/master 29 | - effect: NoSchedule 30 | key: node-role.kubernetes.io/control-plane 31 | - key: CriticalAddonsOnly 32 | operator: Exists 33 | --- 34 | apiVersion: apps/v1 35 | kind: Deployment 36 | metadata: 37 | name: capi-kubeadm-bootstrap-controller-manager 38 | namespace: capi-kubeadm-bootstrap-system 39 | spec: 40 | template: 41 | spec: 42 | tolerations: 43 | - effect: NoSchedule 44 | key: node-role.kubernetes.io/master 45 | - effect: NoSchedule 46 | key: node-role.kubernetes.io/control-plane 47 | - key: CriticalAddonsOnly 48 | operator: Exists 49 | --- 50 | apiVersion: apps/v1 51 | kind: Deployment 52 | metadata: 53 | name: capi-kubeadm-control-plane-controller-manager 54 | namespace: capi-kubeadm-control-plane-system 55 | spec: 56 | template: 57 | spec: 58 | tolerations: 59 | - effect: NoSchedule 60 | key: node-role.kubernetes.io/master 61 | - effect: NoSchedule 62 | key: node-role.kubernetes.io/control-plane 63 | - key: CriticalAddonsOnly 64 | operator: Exists 65 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /hack/boilerplate/BUILD: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | exports_files(glob(["*.txt"])) 4 | 5 | py_test( 6 | name = "boilerplate_test", 7 | srcs = [ 8 | "boilerplate.py", 9 | "boilerplate_test.py", 10 | ], 11 | data = glob([ 12 | "*.txt", 13 | "test/*", 14 | ]), 15 | ) 16 | 17 | filegroup( 18 | name = "package-srcs", 19 | srcs = glob(["**"]), 20 | tags = ["automanaged"], 21 | visibility = ["//visibility:private"], 22 | ) 23 | 24 | filegroup( 25 | name = "all-srcs", 26 | srcs = [ 27 | ":package-srcs", 28 | "//hack/boilerplate/test:all-srcs", 29 | ], 30 | tags = ["automanaged"], 31 | ) 32 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Dockerfile.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.Makefile.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.bzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatebzl.txt: -------------------------------------------------------------------------------- 1 | # Copyright The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.generatego.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright YEAR The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.py.txt: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright YEAR The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate.sh.txt: -------------------------------------------------------------------------------- 1 | # Copyright YEAR The Kubernetes Authors. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /hack/boilerplate/boilerplate_test.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2016 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | import boilerplate 18 | import unittest 19 | import StringIO 20 | import os 21 | import sys 22 | 23 | class TestBoilerplate(unittest.TestCase): 24 | """ 25 | Note: run this test from the hack/boilerplate directory. 26 | 27 | $ python -m unittest boilerplate_test 28 | """ 29 | 30 | def test_boilerplate(self): 31 | os.chdir("test/") 32 | 33 | class Args(object): 34 | def __init__(self): 35 | self.filenames = [] 36 | self.rootdir = "." 37 | self.boilerplate_dir = "../" 38 | self.verbose = True 39 | 40 | # capture stdout 41 | old_stdout = sys.stdout 42 | sys.stdout = StringIO.StringIO() 43 | 44 | boilerplate.args = Args() 45 | ret = boilerplate.main() 46 | 47 | output = sorted(sys.stdout.getvalue().split()) 48 | 49 | sys.stdout = old_stdout 50 | 51 | self.assertEquals( 52 | output, ['././fail.go', '././fail.py']) 53 | -------------------------------------------------------------------------------- /hack/boilerplate/test/BUILD: -------------------------------------------------------------------------------- 1 | package(default_visibility = ["//visibility:public"]) 2 | 3 | load( 4 | "@io_bazel_rules_go//go:def.bzl", 5 | "go_library", 6 | ) 7 | 8 | go_library( 9 | name = "go_default_library", 10 | srcs = [ 11 | "fail.go", 12 | "pass.go", 13 | ], 14 | importpath = "sigs.k8s.io/cluster-api-provider-aws/hack/boilerplate/test", 15 | ) 16 | 17 | filegroup( 18 | name = "package-srcs", 19 | srcs = glob(["**"]), 20 | tags = ["automanaged"], 21 | visibility = ["//visibility:private"], 22 | ) 23 | 24 | filegroup( 25 | name = "all-srcs", 26 | srcs = [":package-srcs"], 27 | tags = ["automanaged"], 28 | ) 29 | -------------------------------------------------------------------------------- /hack/boilerplate/test/fail.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | fail 5 | 6 | Licensed under the Apache License, Version 2.0 (the "License"); 7 | you may not use this file except in compliance with the License. 8 | You may obtain a copy of the License at 9 | 10 | http://www.apache.org/licenses/LICENSE-2.0 11 | 12 | Unless required by applicable law or agreed to in writing, software 13 | distributed under the License is distributed on an "AS IS" BASIS, 14 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | See the License for the specific language governing permissions and 16 | limitations under the License. 17 | */ 18 | 19 | package test 20 | -------------------------------------------------------------------------------- /hack/boilerplate/test/fail.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2015 The Kubernetes Authors. 4 | # 5 | # failed 6 | # 7 | # Licensed under the Apache License, Version 2.0 (the "License"); 8 | # you may not use this file except in compliance with the License. 9 | # You may obtain a copy of the License at 10 | # 11 | # http://www.apache.org/licenses/LICENSE-2.0 12 | # 13 | # Unless required by applicable law or agreed to in writing, software 14 | # distributed under the License is distributed on an "AS IS" BASIS, 15 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | # See the License for the specific language governing permissions and 17 | # limitations under the License. 18 | -------------------------------------------------------------------------------- /hack/boilerplate/test/pass.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2014 The Kubernetes Authors. 3 | 4 | Licensed under the Apache License, Version 2.0 (the "License"); 5 | you may not use this file except in compliance with the License. 6 | You may obtain a copy of the License at 7 | 8 | http://www.apache.org/licenses/LICENSE-2.0 9 | 10 | Unless required by applicable law or agreed to in writing, software 11 | distributed under the License is distributed on an "AS IS" BASIS, 12 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | See the License for the specific language governing permissions and 14 | limitations under the License. 15 | */ 16 | 17 | package test 18 | -------------------------------------------------------------------------------- /hack/boilerplate/test/pass.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # Copyright 2015 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | True 18 | -------------------------------------------------------------------------------- /hack/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # shellcheck disable=SC2292 3 | 4 | set -eux 5 | 6 | IS_CONTAINER="${IS_CONTAINER:-false}" 7 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 8 | WORKDIR="${WORKDIR:-/workdir}" 9 | BUILD_FKAS="${BUILD_FKAS:-false}" 10 | 11 | 12 | if [ "${IS_CONTAINER}" != "false" ]; then 13 | export XDG_CACHE_HOME=/tmp/.cache 14 | mkdir /tmp/build 15 | cp -r . /tmp/build 16 | cd /tmp/build 17 | 18 | if [ "${BUILD_FKAS}" != "false" ]; then 19 | make build-fkas 20 | else 21 | make build 22 | fi 23 | else 24 | "${CONTAINER_RUNTIME}" run --rm \ 25 | --env IS_CONTAINER=TRUE \ 26 | --volume "${PWD}:${WORKDIR}:ro,z" \ 27 | --entrypoint sh \ 28 | --workdir "${WORKDIR}" \ 29 | docker.io/golang:1.24 \ 30 | "${WORKDIR}"/hack/build.sh "$@" 31 | fi 32 | -------------------------------------------------------------------------------- /hack/codegen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Ignore the rule that says we should always quote variables, because 4 | # in this script we *do* want globbing. 5 | # shellcheck disable=SC2086,SC2292 6 | 7 | set -eux 8 | 9 | IS_CONTAINER="${IS_CONTAINER:-false}" 10 | ARTIFACTS="${ARTIFACTS:-/tmp}" 11 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 12 | WORKDIR="${WORKDIR:-/workdir}" 13 | 14 | if [ "${IS_CONTAINER}" != "false" ]; then 15 | # we need to tell git its OK to use dir owned by someone else 16 | git config --global safe.directory "${WORKDIR}" 17 | export XDG_CACHE_HOME="/tmp/.cache" 18 | 19 | INPUT_FILES="$(git ls-files config) $(git ls-files | grep zz_generated)" 20 | cksum ${INPUT_FILES} > "${ARTIFACTS}/lint.cksums.before" 21 | export VERBOSE="--verbose" 22 | make generate 23 | cksum ${INPUT_FILES} > "${ARTIFACTS}/lint.cksums.after" 24 | diff "${ARTIFACTS}/lint.cksums.before" "${ARTIFACTS}/lint.cksums.after" 25 | 26 | else 27 | "${CONTAINER_RUNTIME}" run --rm \ 28 | --env IS_CONTAINER=TRUE \ 29 | --volume "${PWD}:${WORKDIR}:rw,z" \ 30 | --entrypoint sh \ 31 | --workdir "${WORKDIR}" \ 32 | docker.io/golang:1.24 \ 33 | "${WORKDIR}"/hack/codegen.sh "$@" 34 | fi 35 | -------------------------------------------------------------------------------- /hack/ensure-go.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | # Ensure the go tool exists and is a viable version. 22 | verify_go_version() 23 | { 24 | if [[ -z "$(command -v go)" ]]; then 25 | cat << EOF 26 | Can't find 'go' in PATH, please fix and retry. 27 | See http://golang.org/doc/install for installation instructions. 28 | EOF 29 | return 2 30 | fi 31 | 32 | local go_version 33 | IFS=" " read -ra go_version <<< "$(go version)" 34 | local minimum_go_version 35 | minimum_go_version=go1.24 36 | if [[ "${minimum_go_version}" != $(echo -e "${minimum_go_version}\n${go_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) ]] && [[ "${go_version[2]}" != "devel" ]]; then 37 | cat << EOF 38 | Detected go version: ${go_version[*]}. 39 | Kubernetes requires ${minimum_go_version} or greater. 40 | Please install ${minimum_go_version} or later. 41 | EOF 42 | return 2 43 | fi 44 | } 45 | 46 | verify_go_version 47 | 48 | # Explicitly opt into go modules, even though we're inside a GOPATH directory 49 | export GO111MODULE=on 50 | -------------------------------------------------------------------------------- /hack/ensure-kubectl.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2021 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | 21 | GOPATH_BIN="$(go env GOPATH)/bin/" 22 | MINIMUM_KUBECTL_VERSION=${KUBERNETES_VERSION:-"v1.34.1"} 23 | 24 | # Ensure the kubectl tool exists and is a viable version, or installs it 25 | verify_kubectl_version() 26 | { 27 | # If kubectl is not available on the path, get it 28 | if ! [ -x "$(command -v kubectl)" ]; then 29 | if [[ "${OSTYPE}" == "linux-gnu" ]]; then 30 | if ! [ -d "${GOPATH_BIN}" ]; then 31 | mkdir -p "${GOPATH_BIN}" 32 | fi 33 | echo 'kubectl not found, installing' 34 | curl -sLo "${GOPATH_BIN}/kubectl" https://storage.googleapis.com/kubernetes-release/release/"${MINIMUM_KUBECTL_VERSION}"/bin/linux/amd64/kubectl 35 | chmod +x "${GOPATH_BIN}/kubectl" 36 | else 37 | echo "Missing required binary in path: kubectl" 38 | return 2 39 | fi 40 | fi 41 | 42 | local kubectl_version 43 | IFS=" " read -ra kubectl_version <<< "$(kubectl version --client --short 2>/dev/null || kubectl version --client 2>/dev/null)" 44 | if [[ "${MINIMUM_KUBECTL_VERSION}" != $(echo -e "${MINIMUM_KUBECTL_VERSION}\n${kubectl_version[2]}" | sort -s -t. -k 1,1 -k 2,2n -k 3,3n | head -n1) ]]; then 45 | cat << EOF 46 | Detected kubectl version: ${kubectl_version[2]}. 47 | Requires ${MINIMUM_KUBECTL_VERSION} or greater. 48 | Please install ${MINIMUM_KUBECTL_VERSION} or later. 49 | EOF 50 | return 2 51 | fi 52 | } 53 | 54 | verify_kubectl_version 55 | -------------------------------------------------------------------------------- /hack/fake-apiserver/k8s/metal3-fkas-system.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: metal3-fkas-sa 6 | namespace: default 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRole 10 | metadata: 11 | name: metal3-fkas-role 12 | rules: 13 | - apiGroups: ["metal3.io", "infrastructure.cluster.x-k8s.io"] 14 | resources: ["baremetalhosts", "metal3machines"] 15 | verbs: ["get", "list", "watch"] 16 | - apiGroups: ["cluster.x-k8s.io"] 17 | resources: ["machines"] 18 | verbs: ["get", "list", "watch"] 19 | - apiGroups: [""] 20 | resources: ["secrets"] 21 | verbs: ["get", "list"] 22 | --- 23 | apiVersion: rbac.authorization.k8s.io/v1 24 | kind: ClusterRoleBinding 25 | metadata: 26 | name: metal3-fkas-rolebinding 27 | subjects: 28 | - kind: ServiceAccount 29 | name: metal3-fkas-sa 30 | namespace: default 31 | roleRef: 32 | kind: ClusterRole 33 | name: metal3-fkas-role 34 | apiGroup: rbac.authorization.k8s.io 35 | --- 36 | apiVersion: apps/v1 37 | kind: Deployment 38 | metadata: 39 | name: metal3-fkas-system 40 | namespace: default 41 | spec: 42 | replicas: 1 43 | selector: 44 | matchLabels: 45 | app: metal3-fkas-system 46 | template: 47 | metadata: 48 | labels: 49 | app: metal3-fkas-system 50 | spec: 51 | serviceAccountName: metal3-fkas-sa 52 | containers: 53 | - name: metal3-fkas-reconciler 54 | image: quay.io/metal3-io/metal3-fkas:latest 55 | imagePullPolicy: IfNotPresent 56 | command: ["/reconciler"] 57 | env: 58 | - name: DEBUG 59 | value: "true" 60 | - image: quay.io/metal3-io/metal3-fkas:latest 61 | imagePullPolicy: IfNotPresent 62 | ports: 63 | - containerPort: 3333 64 | env: 65 | - name: POD_IP 66 | valueFrom: 67 | fieldRef: 68 | fieldPath: status.podIP 69 | - name: DEBUG 70 | value: "true" 71 | name: metal3-fkas 72 | -------------------------------------------------------------------------------- /hack/fake-apiserver/k8s/metal3-fkas.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: metal3-fkas-sa 6 | namespace: default 7 | --- 8 | apiVersion: rbac.authorization.k8s.io/v1 9 | kind: ClusterRole 10 | metadata: 11 | name: metal3-fkas-role 12 | rules: 13 | - apiGroups: ["cluster.x-k8s.io"] 14 | resources: ["machines"] 15 | verbs: ["get", "list", "watch"] 16 | - apiGroups: [""] 17 | resources: ["secrets"] 18 | verbs: ["get", "list"] 19 | --- 20 | apiVersion: rbac.authorization.k8s.io/v1 21 | kind: ClusterRoleBinding 22 | metadata: 23 | name: metal3-fkas-rolebinding 24 | subjects: 25 | - kind: ServiceAccount 26 | name: metal3-fkas-sa 27 | namespace: default 28 | roleRef: 29 | kind: ClusterRole 30 | name: metal3-fkas-role 31 | apiGroup: rbac.authorization.k8s.io 32 | --- 33 | apiVersion: apps/v1 34 | kind: Deployment 35 | metadata: 36 | name: metal3-fkas-system 37 | namespace: default 38 | spec: 39 | replicas: 1 40 | selector: 41 | matchLabels: 42 | app: metal3-fkas-system 43 | template: 44 | metadata: 45 | labels: 46 | app: metal3-fkas-system 47 | spec: 48 | serviceAccountName: metal3-fkas-sa 49 | containers: 50 | - image: quay.io/metal3-io/metal3-fkas:latest 51 | imagePullPolicy: IfNotPresent 52 | ports: 53 | - containerPort: 3333 54 | env: 55 | - name: POD_IP 56 | valueFrom: 57 | fieldRef: 58 | fieldPath: status.podIP 59 | - name: DEBUG 60 | value: "true" 61 | name: metal3-fkas 62 | -------------------------------------------------------------------------------- /hack/gomod.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # 1. Verify that `go mod tidy` can be executed successfully 4 | # 2. Verify that running the above doesn't change go.mod and go.sum 5 | # 6 | # NOTE: This won't work unless the build environment has internet access 7 | # shellcheck disable=SC2292 8 | 9 | set -eux 10 | 11 | IS_CONTAINER="${IS_CONTAINER:-false}" 12 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 13 | WORKDIR="${WORKDIR:-/workdir}" 14 | 15 | if [ "${IS_CONTAINER}" != "false" ]; then 16 | export XDG_CACHE_HOME=/tmp/.cache 17 | 18 | mkdir /tmp/gomod 19 | cp -r . /tmp/gomod 20 | cd /tmp/gomod 21 | 22 | STATUS="$(git status --porcelain)" 23 | if [ -n "${STATUS}" ]; then 24 | echo "Dirty tree: refusing to continue out of caution" 25 | exit 1 26 | fi 27 | 28 | make modules 29 | 30 | STATUS="$(git status --porcelain)" 31 | if [ -n "${STATUS}" ]; then 32 | echo "one of the go.mod and/or go.sum files changed" 33 | echo "${STATUS}" 34 | echo "Please run 'go mod tidy' and commit the changes" 35 | exit 1 36 | fi 37 | 38 | else 39 | "${CONTAINER_RUNTIME}" run --rm \ 40 | --env IS_CONTAINER=TRUE \ 41 | --volume "${PWD}:${WORKDIR}:ro,z" \ 42 | --entrypoint sh \ 43 | --workdir "${WORKDIR}" \ 44 | docker.io/golang:1.24 \ 45 | "${WORKDIR}"/hack/gomod.sh "$@" 46 | fi 47 | -------------------------------------------------------------------------------- /hack/kustomize-sub.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2018 The Kubernetes Authors. 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -o errexit 17 | set -o nounset 18 | set -o pipefail 19 | 20 | root="$(dirname "${BASH_SOURCE[0]}")" 21 | "${root}/tools/bin/kustomize" build "$1" | "${root}/tools/bin/envsubst" 22 | -------------------------------------------------------------------------------- /hack/manifestlint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # shellcheck disable=SC2292 3 | 4 | set -eux 5 | 6 | IS_CONTAINER="${IS_CONTAINER:-false}" 7 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 8 | K8S_VERSION="${K8S_VERSION:-master}" 9 | WORKDIR="${WORKDIR:-/workdir}" 10 | 11 | # --strict: Disallow additional properties not in schema. 12 | # --ignore-missing-schemas: Skip validation for resource 13 | # definitions without a schema. This will skip the checks 14 | # for the Custom Resource Definitions(CRDs). 15 | # --ignore-filename-pattern string: ignore pattern, can give multiple 16 | # We are skipping validation for the files that 17 | # matches our regexp pattern (i.e. kustom, patch). 18 | # --output string: The format of the output of this script. 19 | # --kubernetes-version string: which k8s version schema to test against 20 | 21 | # KUBECONFORM_PATH is needed as kubeconform binary in the official image 22 | # is at the root /kubeconform, but it is not at default path, while 23 | # in non-container run, it is on go bin path and can't have leading / 24 | 25 | if [ "${IS_CONTAINER}" != "false" ]; then 26 | "${KUBECONFORM_PATH:-}"kubeconform --strict --ignore-missing-schemas \ 27 | --kubernetes-version "${K8S_VERSION}" \ 28 | --ignore-filename-pattern kustom --ignore-filename-pattern patch \ 29 | --ignore-filename-pattern clusterctl \ 30 | --output tap \ 31 | config/ examples/ 32 | else 33 | "${CONTAINER_RUNTIME}" run --rm \ 34 | --env IS_CONTAINER=TRUE \ 35 | --env KUBECONFORM_PATH="/" \ 36 | --volume "${PWD}:${WORKDIR}:ro,z" \ 37 | --entrypoint sh \ 38 | --workdir "${WORKDIR}" \ 39 | ghcr.io/yannh/kubeconform:v0.6.7-alpine@sha256:824e0c248809e4b2da2a768b16b107cf17ada88a89ec6aa6050e566ba93ebbc6 \ 40 | "${WORKDIR}"/hack/manifestlint.sh "$@" 41 | fi 42 | -------------------------------------------------------------------------------- /hack/markdownlint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # markdownlint-cli2 has config file(s) named .markdownlint-cli2.yaml in the repo 3 | # shellcheck disable=SC2292 4 | 5 | set -eux 6 | 7 | IS_CONTAINER="${IS_CONTAINER:-false}" 8 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 9 | WORKDIR="${WORKDIR:-/workdir}" 10 | 11 | # all md files, but ignore .github 12 | if [ "${IS_CONTAINER}" != "false" ]; then 13 | markdownlint-cli2 "**/*.md" "#.github" 14 | else 15 | "${CONTAINER_RUNTIME}" run --rm \ 16 | --env IS_CONTAINER=TRUE \ 17 | --volume "${PWD}:${WORKDIR}:ro,z" \ 18 | --entrypoint sh \ 19 | --workdir "${WORKDIR}" \ 20 | docker.io/pipelinecomponents/markdownlint-cli2:0.12.0@sha256:a3977fba9814f10d33a1d69ae607dc808e7a6470b2ba03e84c17193c0791aac0 \ 21 | "${WORKDIR}"/hack/markdownlint.sh "$@" 22 | fi 23 | -------------------------------------------------------------------------------- /hack/shellcheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # shellcheck disable=SC2292 3 | 4 | set -eux 5 | 6 | IS_CONTAINER="${IS_CONTAINER:-false}" 7 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 8 | WORKDIR="${WORKDIR:-/workdir}" 9 | 10 | if [ "${IS_CONTAINER}" != "false" ]; then 11 | TOP_DIR="${1:-.}" 12 | find "${TOP_DIR}" -name '*.sh' -type f -exec shellcheck -s bash {} \+ 13 | else 14 | "${CONTAINER_RUNTIME}" run --rm \ 15 | --env IS_CONTAINER=TRUE \ 16 | --volume "${PWD}:${WORKDIR}:ro,z" \ 17 | --entrypoint sh \ 18 | --workdir "${WORKDIR}" \ 19 | docker.io/koalaman/shellcheck-alpine:v0.10.0@sha256:5921d946dac740cbeec2fb1c898747b6105e585130cc7f0602eec9a10f7ddb63 \ 20 | "${WORKDIR}"/hack/shellcheck.sh "$@" 21 | fi 22 | -------------------------------------------------------------------------------- /hack/tools/install_kubebuilder.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | [[ -f bin/kubebuilder ]] && exit 0 4 | 5 | # kubebuilder version 6 | kb_version=3.13.0 7 | 8 | mkdir -p ./bin 9 | cd ./bin || exit 10 | curl -L -o kubebuilder "https://github.com/kubernetes-sigs/kubebuilder/releases/download/v${kb_version}/kubebuilder_$(go env GOOS)_$(go env GOARCH)" 11 | chmod +x kubebuilder 12 | -------------------------------------------------------------------------------- /hack/tools/remove_sec_ctx.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # 3 | # remove security contexts from stdin-read yaml, and output yaml to stdout 4 | # this allows tilt's live update to work 5 | # 6 | 7 | import sys 8 | import yaml 9 | 10 | 11 | def main(): 12 | # remove security contexts 13 | output = [] 14 | content = "\n".join(sys.stdin.readlines()) 15 | data = yaml.safe_load_all(content) 16 | 17 | for d in data: 18 | if d.get("kind", "") == "Deployment": 19 | try: 20 | spec = d["spec"]["template"]["spec"] 21 | spec["securityContext"] = {} 22 | for container in spec.get("containers", []): 23 | container["securityContext"] = {} 24 | except (KeyError, TypeError): 25 | pass 26 | output.append(yaml.safe_dump(d)) 27 | 28 | print("---\n".join(output)) 29 | 30 | 31 | if __name__ == "__main__": 32 | main() -------------------------------------------------------------------------------- /hack/tools/tools.go: -------------------------------------------------------------------------------- 1 | //go:build tools 2 | // +build tools 3 | 4 | /* 5 | Copyright 2021 The Kubernetes Authors. 6 | 7 | Licensed under the Apache License, Version 2.0 (the "License"); 8 | you may not use this file except in compliance with the License. 9 | You may obtain a copy of the License at 10 | 11 | http://www.apache.org/licenses/LICENSE-2.0 12 | 13 | Unless required by applicable law or agreed to in writing, software 14 | distributed under the License is distributed on an "AS IS" BASIS, 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 | See the License for the specific language governing permissions and 17 | limitations under the License. 18 | */ 19 | 20 | // This package imports things required by build scripts, to force `go mod` to see them as dependencies 21 | package tools 22 | 23 | import ( 24 | _ "github.com/drone/envsubst" 25 | _ "github.com/golang/mock/mockgen" 26 | _ "github.com/jteeuwen/go-bindata/go-bindata" 27 | _ "k8s.io/code-generator/cmd/conversion-gen" 28 | _ "sigs.k8s.io/controller-tools/cmd/controller-gen" 29 | _ "sigs.k8s.io/kustomize/kustomize/v5" 30 | _ "sigs.k8s.io/testing_frameworks/integration" 31 | ) 32 | -------------------------------------------------------------------------------- /hack/unit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # shellcheck disable=SC2292 3 | 4 | set -eux 5 | 6 | IS_CONTAINER="${IS_CONTAINER:-false}" 7 | CONTAINER_RUNTIME="${CONTAINER_RUNTIME:-podman}" 8 | WORKDIR="${WORKDIR:-/workdir}" 9 | 10 | if [ "${IS_CONTAINER}" != "false" ]; then 11 | export XDG_CACHE_HOME=/tmp/.cache 12 | mkdir /tmp/unit 13 | cp -r . /tmp/unit 14 | cd /tmp/unit 15 | make unit-cover-verbose 16 | else 17 | "${CONTAINER_RUNTIME}" run --rm \ 18 | --env IS_CONTAINER=TRUE \ 19 | --volume "${PWD}:${WORKDIR}:ro,z" \ 20 | --entrypoint sh \ 21 | --workdir "${WORKDIR}" \ 22 | docker.io/golang:1.24 \ 23 | "${WORKDIR}"/hack/unit.sh "$@" 24 | fi 25 | -------------------------------------------------------------------------------- /hack/verify-boilerplate.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copyright 2014 The Kubernetes Authors. 4 | # 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -o errexit 18 | set -o nounset 19 | set -o pipefail 20 | set -o verbose 21 | 22 | KUBE_ROOT="$(dirname "${BASH_SOURCE[0]}")/.." 23 | 24 | boilerDir="${KUBE_ROOT}/hack/boilerplate" 25 | boiler="${boilerDir}/boilerplate.py" 26 | 27 | files_need_boilerplate=() 28 | while IFS=$'\n' read -r line; do 29 | files_need_boilerplate+=("$line") 30 | done < <("${boiler}" "$@") 31 | 32 | # Run boilerplate check 33 | if [[ ${#files_need_boilerplate[@]} -gt 0 ]]; then 34 | for file in "${files_need_boilerplate[@]}"; do 35 | echo "Boilerplate header is wrong for: ${file}" >&2 36 | done 37 | 38 | exit 1 39 | fi 40 | -------------------------------------------------------------------------------- /internal/webhooks/v1beta1/doc.go: -------------------------------------------------------------------------------- 1 | /* 2 | Copyright 2021 The Kubernetes Authors. 3 | Copyright 2025 The Metal3 Authors. 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this file except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | */ 17 | 18 | // Package webhooks contains external webhook implementations for some of our API types. 19 | package webhooks 20 | -------------------------------------------------------------------------------- /metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 12 6 | contract: v1beta1 7 | - major: 1 8 | minor: 11 9 | contract: v1beta1 10 | - major: 1 11 | minor: 10 12 | contract: v1beta1 13 | - major: 1 14 | minor: 9 15 | contract: v1beta1 16 | - major: 1 17 | minor: 8 18 | contract: v1beta1 19 | - major: 1 20 | minor: 7 21 | contract: v1beta1 22 | - major: 1 23 | minor: 6 24 | contract: v1beta1 25 | - major: 1 26 | minor: 5 27 | contract: v1beta1 28 | - major: 1 29 | minor: 4 30 | contract: v1beta1 31 | - major: 1 32 | minor: 3 33 | contract: v1beta1 34 | - major: 1 35 | minor: 2 36 | contract: v1beta1 37 | - major: 1 38 | minor: 1 39 | contract: v1beta1 40 | -------------------------------------------------------------------------------- /releasenotes/v1.10.1.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.10.0 3 | 4 | ## :book: Documentation 5 | 6 | - Update build badges and triggers in README.md (#2548) 7 | 8 | ## :seedling: Others 9 | 10 | - Uplift ip-address-manager from v1.10.0 to v1.10.1 (#2608) 11 | - bump cloudflare/circl to v1.6.1 in /test (#2599) 12 | - Fix CONTROL_PLANE_MACHINE_COUNT and WORKER_MACHINE_COUNT for k8s upgrade and remediation test (#2593) 13 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.10.1 to 0.10.2 in /test (#2587) 14 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.10.1 to 0.10.2 in /hack/fake-apiserver (#2586) 15 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.10.1 to 0.10.2 (#2585) 16 | - Fix ironic version after pivot (#2567) 17 | - Bump github/codeql-action from 3.28.17 to 3.28.18 in the github-actions group (#2580) 18 | - Bump github.com/go-logr/logr from 1.4.2 to 1.4.3 (#2578) 19 | - Bump CAPI to v1.10.2 (#2564) 20 | - Bump the kubernetes group to v0.32.5 (#2563) 21 | - Bump golang to v1.24 (#2570) 22 | - Bump the github-actions group with 5 updates (#2542) 23 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.10.0-beta.0 to 1.10.0 in /hack/fake-apiserver (#2543) 24 | - Change Kubernetes version in e2e tests (#2553) 25 | 26 | ## :recycle: Superseded or Reverted 27 | 28 | - #2541 29 | 30 | The image for this release is: v1.10.1 31 | Mariadb image tag is: capm3-v1.10.1 32 | 33 | _Thanks to all our contributors!_ 😊 34 | -------------------------------------------------------------------------------- /releasenotes/v1.10.2.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.10.1 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - Delete child resources before machine (#2752) 7 | - Bump github.com/go-viper/mapstructure/v2 from 2.3.0 to 2.4.0 in /test (#2732) 8 | 9 | ## :seedling: Others 10 | 11 | - Bump IPAM v1.10.2 and BMO to v0.10.3 (#2756) 12 | - Bump github.com/spf13/pflag from 1.0.7 to 1.0.10 (#2750) 13 | - Bump CAPI to v1.10.6 (#2743) 14 | - Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions group (#2738) 15 | - Uplift Ubuntu to 24.04 (#2733) 16 | - Add IPA_BASEURI in ironic config to fix IPA download for release-1.10 (#2730) 17 | - Bump the kubernetes group to v0.32.8 (#2711) 18 | - bump golang to 1.24.6 (#2692) 19 | - Bump the github-actions group with 2 updates (#2682) 20 | - Fix trying to patch Metal3Data if it is deleted (#2668) 21 | - E2E: Use cert-manager version from config (#2629) 22 | - E2E: longer timeout for cert-manager (#2628) 23 | - Bump github.com/metal3-io/cluster-api-provider-metal3 from 1.9.3 to 1.9.4 in /hack/fake-apiserver (#2621) 24 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.10.0 to 1.10.1 in /hack/fake-apiserver (#2620) 25 | 26 | ## :recycle: Superseded or Reverted 27 | 28 | - #2712, #2655, #2647, #2648, #2630, #2619, #2614 29 | 30 | The image for this release is: v1.10.2 31 | Mariadb image tag is: capm3-v1.10.2 32 | 33 | _Thanks to all our contributors!_ 😊 34 | -------------------------------------------------------------------------------- /releasenotes/v1.10.3.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.10.2 3 | 4 | ## :seedling: Others 5 | 6 | - Uplift IPAM and BMO patch for release-1.10 (#2871) 7 | - Bump CAPI to v1.10.7 (#2866) 8 | - Add SKIP_NODE_IMAGE_PREPULL var in ci-e2e.sh (#2855) 9 | - Bump golang to v1.24.8 (#2848) 10 | - remove osv-scanner from release branches (#2827) 11 | - Change interface names to predictable ones for Centos (#2818) 12 | - Bump golang to v1.24.7 (#2796) 13 | - Bump the kubernetes group to v0.32.9 (#2772) 14 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.10.2 to 0.10.3 in /hack/fake-apiserver (#2775) 15 | - Bump github.com/metal3-io/cluster-api-provider-metal3 from 1.9.4 to 1.9.5 in /hack/fake-apiserver (#2773) 16 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.10.1 to 1.10.2 in /hack/fake-apiserver (#2774) 17 | - Add logging to releaseAddressFromM3Pool function (#2821) 18 | 19 | The image for this release is: v1.10.3 20 | Mariadb image tag is: capm3-v1.10.3 21 | 22 | _Thanks to all our contributors!_ 😊 23 | -------------------------------------------------------------------------------- /releasenotes/v1.11.1.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.11.0 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - Fix for 1.10->1.11 upgrade issue (#2873) 7 | 8 | ## :seedling: Others 9 | 10 | - Uplift IPAM and BMO patch release to release-1.11 (#2872) 11 | - Bump CAPI to v1.11.2 (#2865) 12 | - Add SKIP_NODE_IMAGE_PREPULL var in ci-e2e.sh (#2854) 13 | - Bump golang to v1.24.8 (#2847) 14 | - Bump github.com/metal3-io/ironic-standalone-operator/api from 0.5.1 to 0.5.2 in /test (#2844) 15 | - Fix scalability tests (#2837) 16 | - Bump the github-actions group across 1 directory with 2 updates (#2828) 17 | - remove osv-scanner from release branches (#2824) 18 | - Change interface names to predictable ones for Centos (#2816) 19 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.10.1 to 1.10.2 in /hack/fake-apiserver (#2809) 20 | - Remove unnecessary export for SKIP_NODE_IMAGE_PREPULL (#2858) 21 | - Add logging to releaseAddressFromM3Pool function (#2822) 22 | 23 | The image for this release is: v1.11.1 24 | Mariadb image tag is: capm3-v1.11.1 25 | 26 | _Thanks to all our contributors!_ 😊 27 | -------------------------------------------------------------------------------- /releasenotes/v1.8.4.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.8.3 3 | 4 | ## :seedling: Others 5 | 6 | - Bump sigs.k8s.io/controller-runtime from 0.18.6 to 0.18.7 (#2226) 7 | - Bump IPAM to 1.8.3 (#2217) 8 | - Bump Golang to 1.23.4 (#2211) 9 | - Bump the capi group across 3 directories with 2 updates (#2200) 10 | - Bump x/crypto to v0.31.0 (#2163) 11 | - Bump the k8s.io/* deps to v0.30.8 (#2149) 12 | - Bump CAPI to v1.8.6 (#2142) 13 | 14 | ## :recycle: Superseded or Reverted 15 | 16 | (#2133) 17 | 18 | The container image for this release is: v1.8.4 19 | Mariadb image tag is capm3-v1.8.4 20 | 21 | _Thanks to all our contributors!_ 😊 22 | -------------------------------------------------------------------------------- /releasenotes/v1.8.5.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.8.4 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - bump golang to 1.23.5 (#2282) 7 | - E2E: Fix Ironic kustomization (#2278) 8 | - Fix live-iso serial console boot verification in e2e (#2267) 9 | 10 | ## :seedling: Others 11 | 12 | - Bump IPAM to 1.8.4 (#2295) 13 | - Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#2283) 14 | - Add Peppi-lotta and Huy as reviewers (#2270) 15 | - Bump the k8s.io/* deps to v0.30.9 (#2263) 16 | - Bump CAPI to v1.8.9 (#2264) 17 | - bump x/net to v0.34.0 (#2237) 18 | 19 | The image for this release is: v1.8.5 20 | Mariadb image tag is capm3-v1.8.5 21 | 22 | _Thanks to all our contributors!_ 😊 23 | -------------------------------------------------------------------------------- /releasenotes/v1.8.6.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.8.5 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - bump golang to 1.23.6 (#2323) 7 | 8 | ## :book: Documentation 9 | 10 | - Fix broken IPAM kustomization links in releasing.md (#2356) 11 | 12 | ## :seedling: Others 13 | 14 | - Bump IPAM to 1.8.5 (#2345) 15 | - Bump the CAPI to v1.8.10 (#2341) 16 | - Bump the kubernetes group to v0.30.10 (#2340) 17 | - pin osv-scanner image in verify-release.sh (#2325) 18 | 19 | The image for this release is: v1.8.6 20 | Mariadb image tag is: capm3-v1.8.6 21 | 22 | _Thanks to all our contributors!_ 😊 23 | -------------------------------------------------------------------------------- /releasenotes/v1.9.2.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.9.1 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - bump golang to 1.23.5 (#2281) 7 | - E2E: Fix Ironic kustomization (#2279) 8 | 9 | ## :book: Documentation 10 | 11 | - update OpenSSF CII Best Practices badge (#2306) 12 | 13 | ## :seedling: Others 14 | 15 | - Bump IPAM to 1.9.3 (#2294) 16 | - Bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.19.5 in /hack/fake-apiserver (#2287) 17 | - Bump github.com/spf13/pflag from 1.0.5 to 1.0.6 (#2284) 18 | - Bump sigs.k8s.io/controller-runtime from 0.19.4 to 0.19.5 (#2286) 19 | - Add Peppi-lotta and Huy as reviewers (#2268) 20 | - Bump k8s.io/* deps to v0.31.5 (#2257) 21 | - Bump CAPI to v1.9.4 (#2258) 22 | - bump CAPM3 dependency in FKAS to correct branch (#2251) 23 | - Fix e2e pivoting(node_reuse) test (#2239) 24 | - Parameterize scalability test (#2233) 25 | - Bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4 (#2229) 26 | - Bump sigs.k8s.io/controller-runtime from 0.19.3 to 0.19.4 in /hack/fake-apiserver (#2230) 27 | 28 | The image for this release is: v1.9.2 29 | Mariadb image tag is capm3-v1.9.2 30 | 31 | _Thanks to all our contributors!_ 😊 32 | -------------------------------------------------------------------------------- /releasenotes/v1.9.3.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.9.2 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - bump golang to 1.23.6 (#2322) 7 | 8 | ## :book: Documentation 9 | 10 | - Fix broken IPAM kustomization links in releasing.md (#2357) 11 | 12 | ## :seedling: Others 13 | 14 | - Bump IPAM to 1.9.4 (#2346) 15 | - Bump CAPI to 1.9.5 (#2344) 16 | - Bump sigs.k8s.io/controller-runtime from 0.19.5 to 0.19.6 (#2330) 17 | - Bump the kubernetes group to v0.31.6 (#2327) 18 | - Bump sigs.k8s.io/controller-runtime from 0.19.5 to 0.19.6 in /hack/fake-apiserver (#2331) 19 | - pin osv-scanner image in verify-release.sh (#2324) 20 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.9.1 to 1.9.2 in /hack/fake-apiserver (#2313) 21 | 22 | The image for this release is: v1.9.3 23 | Mariadb image tag is: capm3-v1.9.3 24 | 25 | _Thanks to all our contributors!_ 😊 26 | -------------------------------------------------------------------------------- /releasenotes/v1.9.4.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.9.3 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - Handle NICs without IP addresses (#2524) 7 | 8 | ## :seedling: Others 9 | 10 | - Uplift ip-address-manager from v1.9.4 to v1.9.5 (#2610) 11 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.9.1 to 0.9.2 in /test (#2603) 12 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.9.1 to 0.9.2 in /hack/fake-apiserver (#2602) 13 | - bump cloudflare/circl to v1.6.1 in /test (#2600) 14 | - Bump github.com/metal3-io/baremetal-operator/apis from 0.9.1 to 0.9.2 (#2601) 15 | - Bump github.com/go-logr/logr from 1.4.2 to 1.4.3 (#2577) 16 | - Bump Golang to v1.24.3 (#2573) 17 | - Bump golangci lint v1.64.7 (#2572) 18 | - Bump the kubernetes group to v0.31.9 (#2565) 19 | - Bump CAPI to v1.9.8 (#2566) 20 | - E2E: Ensure cert-manager webhook is available (#2497) 21 | - Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 in /test (#2486) 22 | - Bump github.com/onsi/ginkgo/v2 from 2.23.3 to 2.23.4 (#2485) 23 | - Bump actions/cache from 4.2.2 to 4.2.3 (#2472) 24 | - Add Honza Pokorný as a reviewer (#2478) 25 | - bump x/net to v0.38.0 (#2470) 26 | - Bump github.com/onsi/gomega from 1.36.2 to 1.36.3 (#2458) 27 | - Move mquhuy to emeritus reviewers (#2435) 28 | - Bump google/osv-scanner from 1.9.1 to 1.9.2 in the all-github-actions group (#2412) 29 | - Bump sigs.k8s.io/controller-runtime from 0.19.6 to 0.19.7 in /hack/fake-apiserver (#2390) 30 | - Bump sigs.k8s.io/controller-runtime from 0.19.6 to 0.19.7 (#2389) 31 | - E2E: Adjust Ironic kustomization patch for BMO 0.8 (#2383) 32 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.9.2 to 1.9.3 in /hack/fake-apiserver (#2367) 33 | - bump x/crypto, x/oauth2 (#2403) 34 | 35 | ## :recycle: Superseded or Reverted 36 | 37 | - #2373,#2377,#2387,#2429,#2512,#2407,#2511 38 | 39 | The image for this release is: v1.9.4 40 | Mariadb image tag is: capm3-v1.9.4 41 | 42 | _Thanks to all our contributors!_ 😊 43 | -------------------------------------------------------------------------------- /releasenotes/v1.9.5.md: -------------------------------------------------------------------------------- 1 | 2 | # Changes since v1.9.4 3 | 4 | ## :bug: Bug Fixes 5 | 6 | - Delete child resources before machine (#2753) 7 | 8 | ## :seedling: Others 9 | 10 | - Bump IPAM to v1.9.6 and BMO to v0.9.3 (#2757) 11 | - Bump github.com/spf13/pflag from 1.0.7 to 1.0.10 (#2749) 12 | - Bump actions/cache from 4.2.3 to 4.2.4 in the github-actions group (#2739) 13 | - Uplift Ubuntu to 24.04 (#2736) 14 | - Add IPA_BASEURI in ironic config to fix IPA download for release-1.9 (#2731) 15 | - Bump github.com/docker/docker from 28.0.2+incompatible to 28.0.4+incompatible in /test (#2721) 16 | - Bump the kubernetes group to v0.31.12 (#2709) 17 | - Bump CAPI to v1.9.11 (#2710) 18 | - bump golang to 1.24.6 (#2693) 19 | - Bump github.com/metal3-io/cluster-api-provider-metal3/api from 1.9.3 to 1.9.4 in /hack/fake-apiserver (#2623) 20 | 21 | ## :recycle: Superseded or Reverted 22 | 23 | - #2656, #2651, #2652, #2631, #2622, #2613 24 | 25 | The image for this release is: v1.9.5 26 | Mariadb image tag is: capm3-v1.9.5 27 | 28 | _Thanks to all our contributors!_ 😊 29 | -------------------------------------------------------------------------------- /scripts/fetch_manifests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -x 4 | 5 | # Initial manifest directory 6 | DIR_NAME="/tmp/manifests/bootstrap-before-pivot" 7 | DIR_NAME_AFTER_PIVOT="/tmp/manifests/target-after-pivot" 8 | DIR_NAME_AFTER_REPIVOT="/tmp/manifests/bootstrap-after-repivot" 9 | # Check if manifest directory exists 10 | if [[ -d "${DIR_NAME}" ]] && [[ -d "${DIR_NAME_AFTER_PIVOT}" ]]; then 11 | DIR_NAME="${DIR_NAME_AFTER_REPIVOT}" 12 | mkdir -p "${DIR_NAME}" 13 | # Ephemeral cluster kubeconfig 14 | kconfig="${KUBECONFIG_BOOTSTRAP}" 15 | elif [[ -d "${DIR_NAME}" ]] && [[ ! -d "${DIR_NAME_AFTER_PIVOT}" ]]; then 16 | DIR_NAME="${DIR_NAME_AFTER_PIVOT}" 17 | mkdir -p "${DIR_NAME}" 18 | # Target cluster kubeconfig 19 | kconfig="${KUBECONFIG_WORKLOAD}" 20 | else 21 | mkdir -p "${DIR_NAME}" 22 | # Ephemeral cluster kubeconfig 23 | kconfig="${KUBECONFIG_BOOTSTRAP}" 24 | fi 25 | 26 | manifests=( 27 | bmh 28 | hardwaredata 29 | cluster 30 | deployment 31 | machine 32 | machinedeployment 33 | machinehealthchecks 34 | machinesets 35 | machinepools 36 | m3cluster 37 | m3machine 38 | metal3machinetemplate 39 | kubeadmconfig 40 | kubeadmconfigtemplates 41 | kubeadmcontrolplane 42 | replicaset 43 | ippool 44 | ipclaim 45 | ipaddress 46 | m3data 47 | m3dataclaim 48 | m3datatemplate 49 | ) 50 | 51 | set +x 52 | 53 | NAMESPACES="$(kubectl --kubeconfig="${kconfig}" get namespace -o jsonpath='{.items[*].metadata.name}')" 54 | for NAMESPACE in ${NAMESPACES}; do 55 | for kind in "${manifests[@]}"; do 56 | mkdir -p "${DIR_NAME}/${NAMESPACE}/${kind}" 57 | for name in $(kubectl --kubeconfig="${kconfig}" get -n "${NAMESPACE}" -o name "${kind}" || true); do 58 | kubectl --kubeconfig="${kconfig}" get -n "${NAMESPACE}" -o yaml "${name}" | tee "${DIR_NAME}/${NAMESPACE}/${kind}/$(basename "${name}").yaml" || true 59 | done 60 | done 61 | done -------------------------------------------------------------------------------- /test/README.md: -------------------------------------------------------------------------------- 1 | # Test 2 | 3 | ## Compatibility notice 4 | 5 | This package is not subject to deprecation notices or compatibility guarantees. 6 | 7 | - We iterate on the test framework quickly and frequently, and breaking changes 8 | are likely. 9 | - External providers using this package should update to the latest API changes 10 | when updating. 11 | - Maintainers and contributors must give notice in release notes when a breaking 12 | change happens. 13 | -------------------------------------------------------------------------------- /test/e2e/basic_integration_test.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "os" 5 | "path/filepath" 6 | "strings" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | ) 11 | 12 | var _ = Describe("When testing basic cluster creation", Label("basic"), func() { 13 | BeforeEach(func() { 14 | osType := strings.ToLower(os.Getenv("OS")) 15 | Expect(osType).ToNot(Equal("")) 16 | validateGlobals(specName) 17 | 18 | // We need to override clusterctl apply log folder to avoid getting our credentials exposed. 19 | clusterctlLogFolder = filepath.Join(os.TempDir(), "target_cluster_logs", bootstrapClusterProxy.GetName()) 20 | }) 21 | 22 | It("Should create a workload cluster", func() { 23 | By("Apply BMH for workload cluster") 24 | ApplyBmh(ctx, e2eConfig, bootstrapClusterProxy, namespace, specName) 25 | By("Fetching cluster configuration") 26 | k8sVersion := e2eConfig.MustGetVariable("KUBERNETES_VERSION") 27 | By("Provision Workload cluster") 28 | targetCluster, _ = CreateTargetCluster(ctx, func() CreateTargetClusterInput { 29 | return CreateTargetClusterInput{ 30 | E2EConfig: e2eConfig, 31 | BootstrapClusterProxy: bootstrapClusterProxy, 32 | SpecName: specName, 33 | ClusterName: clusterName, 34 | K8sVersion: k8sVersion, 35 | KCPMachineCount: int64(numberOfControlplane), 36 | WorkerMachineCount: int64(numberOfWorkers), 37 | ClusterctlLogFolder: clusterctlLogFolder, 38 | ClusterctlConfigPath: clusterctlConfigPath, 39 | OSType: osType, 40 | Namespace: namespace, 41 | } 42 | }) 43 | }) 44 | 45 | AfterEach(func() { 46 | DumpSpecResourcesAndCleanup(ctx, specName, bootstrapClusterProxy, targetCluster, artifactFolder, namespace, e2eConfig.GetIntervals, clusterName, clusterctlLogFolder, skipCleanup, clusterctlConfigPath) 47 | }) 48 | }) 49 | -------------------------------------------------------------------------------- /test/e2e/data/.gitignore: -------------------------------------------------------------------------------- 1 | # ironic username and password files 2 | */overlays/*/ironic-username 3 | */overlays/*/ironic-password 4 | */overlays/*/ironic-auth-config 5 | */overlays/*/ironic-inspector-auth-config 6 | */overlays/*/ironic-htpasswd 7 | */overlays/*/ironic-inspector-htpasswd 8 | 9 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/components/basic-auth/credentials_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | namespace: system 6 | spec: 7 | template: 8 | spec: 9 | containers: 10 | - name: manager 11 | volumeMounts: 12 | - name: ironic-credentials 13 | mountPath: "/opt/metal3/auth/ironic" 14 | readOnly: true 15 | volumes: 16 | - name: ironic-credentials 17 | secret: 18 | secretName: ironic-credentials 19 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/components/basic-auth/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | # NOTE: This component requires a secret with the basic auth credentials! 5 | # How you create it is up to you. The required secrets is: 6 | # - ironic-credentials 7 | # 8 | # It should contain 2 fields: username and password. Example: 9 | # 10 | # apiVersion: v1 11 | # kind: Secret 12 | # metadata: 13 | # name: ironic-credentials 14 | # data: 15 | # password: 16 | # username: 17 | 18 | patches: 19 | - path: credentials_patch.yaml 20 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/components/tls/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | patches: 5 | - path: tls_ca_patch.yaml 6 | target: 7 | kind: Deployment 8 | name: controller-manager 9 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/components/tls/tls_ca_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: controller-manager 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: manager 10 | volumeMounts: 11 | - name: cacert 12 | mountPath: "/opt/metal3/certs/ca" 13 | readOnly: true 14 | volumes: 15 | - name: cacert 16 | secret: 17 | secretName: ironic-cacert 18 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/pr-test/ironic.env: -------------------------------------------------------------------------------- 1 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 2 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 3 | IRONIC_ENDPOINT=https://172.22.0.2:6385/v1/ 4 | IRONIC_INSPECTOR_ENDPOINT=https://172.22.0.2:5050/v1/ 5 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/pr-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | resources: 5 | - https://github.com/metal3-io/baremetal-operator/config/overlays/basic-auth_tls?ref=${BMORELEASEBRANCH} 6 | configMapGenerator: 7 | - name: ironic 8 | behavior: create 9 | envs: 10 | - ironic.env 11 | patches: 12 | - patch: | 13 | # Don't try to pull again the pre-loaded image 14 | - op: replace 15 | path: /spec/template/spec/containers/0/imagePullPolicy 16 | value: IfNotPresent 17 | target: 18 | kind: Deployment 19 | name: controller-manager 20 | images: 21 | - name: quay.io/metal3-io/baremetal-operator 22 | newTag: main 23 | # We cannot use suffix hashes since the kustomizations we build on 24 | # cannot be aware of what suffixes we add. 25 | generatorOptions: 26 | disableNameSuffixHash: true 27 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 28 | secretGenerator: 29 | - name: ironic-credentials 30 | files: 31 | - username=ironic-username 32 | - password=ironic-password 33 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-0.10/ironic.env: -------------------------------------------------------------------------------- 1 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 2 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 3 | IRONIC_ENDPOINT=https://172.22.0.2:6385/v1/ 4 | IRONIC_INSPECTOR_ENDPOINT=https://172.22.0.2:5050/v1/ 5 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-0.10/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | resources: 5 | - https://github.com/metal3-io/baremetal-operator/config/overlays/basic-auth_tls?ref=release-0.10 6 | configMapGenerator: 7 | - name: ironic 8 | behavior: create 9 | envs: 10 | - ironic.env 11 | patches: 12 | - patch: | 13 | # Don't try to pull again the pre-loaded image 14 | - op: replace 15 | path: /spec/template/spec/containers/0/imagePullPolicy 16 | value: IfNotPresent 17 | target: 18 | kind: Deployment 19 | name: controller-manager 20 | images: 21 | - name: quay.io/metal3-io/baremetal-operator 22 | newTag: release-0.10 23 | # We cannot use suffix hashes since the kustomizations we build on 24 | # cannot be aware of what suffixes we add. 25 | generatorOptions: 26 | disableNameSuffixHash: true 27 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 28 | secretGenerator: 29 | - name: ironic-credentials 30 | files: 31 | - username=ironic-username 32 | - password=ironic-password 33 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-0.11/ironic.env: -------------------------------------------------------------------------------- 1 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 2 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 3 | IRONIC_ENDPOINT=https://172.22.0.2:6385/v1/ 4 | IRONIC_INSPECTOR_ENDPOINT=https://172.22.0.2:5050/v1/ 5 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-0.11/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | resources: 5 | - https://github.com/metal3-io/baremetal-operator/config/overlays/basic-auth_tls?ref=release-0.11 6 | configMapGenerator: 7 | - name: ironic 8 | behavior: create 9 | envs: 10 | - ironic.env 11 | patches: 12 | - patch: | 13 | # Don't try to pull again the pre-loaded image 14 | - op: replace 15 | path: /spec/template/spec/containers/0/imagePullPolicy 16 | value: IfNotPresent 17 | target: 18 | kind: Deployment 19 | name: controller-manager 20 | images: 21 | - name: quay.io/metal3-io/baremetal-operator 22 | newTag: release-0.11 23 | # We cannot use suffix hashes since the kustomizations we build on 24 | # cannot be aware of what suffixes we add. 25 | generatorOptions: 26 | disableNameSuffixHash: true 27 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 28 | secretGenerator: 29 | - name: ironic-credentials 30 | files: 31 | - username=ironic-username 32 | - password=ironic-password 33 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-0.9/ironic.env: -------------------------------------------------------------------------------- 1 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 2 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 3 | IRONIC_ENDPOINT=https://172.22.0.2:6385/v1/ 4 | IRONIC_INSPECTOR_ENDPOINT=https://172.22.0.2:5050/v1/ 5 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-0.9/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | resources: 5 | - https://github.com/metal3-io/baremetal-operator/config/overlays/basic-auth_tls?ref=release-0.9 6 | configMapGenerator: 7 | - name: ironic 8 | behavior: create 9 | envs: 10 | - ironic.env 11 | patches: 12 | - patch: | 13 | # Don't try to pull again the pre-loaded image 14 | - op: replace 15 | path: /spec/template/spec/containers/0/imagePullPolicy 16 | value: IfNotPresent 17 | target: 18 | kind: Deployment 19 | name: controller-manager 20 | images: 21 | - name: quay.io/metal3-io/baremetal-operator 22 | newTag: release-0.9 23 | # We cannot use suffix hashes since the kustomizations we build on 24 | # cannot be aware of what suffixes we add. 25 | generatorOptions: 26 | disableNameSuffixHash: true 27 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 28 | secretGenerator: 29 | - name: ironic-credentials 30 | files: 31 | - username=ironic-username 32 | - password=ironic-password 33 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-latest/ironic.env: -------------------------------------------------------------------------------- 1 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 2 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 3 | IRONIC_ENDPOINT=https://172.22.0.2:6385/v1/ 4 | IRONIC_INSPECTOR_ENDPOINT=https://172.22.0.2:5050/v1/ 5 | -------------------------------------------------------------------------------- /test/e2e/data/bmo-deployment/overlays/release-latest/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | resources: 5 | - https://github.com/metal3-io/baremetal-operator/config/overlays/basic-auth_tls?ref=main 6 | configMapGenerator: 7 | - name: ironic 8 | behavior: create 9 | envs: 10 | - ironic.env 11 | patches: 12 | - patch: | 13 | # Don't try to pull again the pre-loaded image 14 | - op: replace 15 | path: /spec/template/spec/containers/0/imagePullPolicy 16 | value: IfNotPresent 17 | target: 18 | kind: Deployment 19 | name: controller-manager 20 | images: 21 | - name: quay.io/metal3-io/baremetal-operator 22 | newTag: latest 23 | # We cannot use suffix hashes since the kustomizations we build on 24 | # cannot be aware of what suffixes we add. 25 | generatorOptions: 26 | disableNameSuffixHash: true 27 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 28 | secretGenerator: 29 | - name: ironic-credentials 30 | files: 31 | - username=ironic-username 32 | - password=ironic-password 33 | -------------------------------------------------------------------------------- /test/e2e/data/cert-manager-test/certificate.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: my-selfsigned-cert 5 | namespace: test 6 | spec: 7 | commonName: my-selfsigned-cert 8 | secretName: root-secret 9 | privateKey: 10 | algorithm: ECDSA 11 | size: 256 12 | issuerRef: 13 | name: selfsigned-issuer 14 | kind: Issuer 15 | group: cert-manager.io 16 | -------------------------------------------------------------------------------- /test/e2e/data/cert-manager-test/issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: selfsigned-issuer 5 | namespace: test 6 | spec: 7 | selfSigned: {} 8 | -------------------------------------------------------------------------------- /test/e2e/data/cert-manager-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | resources: 4 | - namespace.yaml 5 | - issuer.yaml 6 | - certificate.yaml 7 | -------------------------------------------------------------------------------- /test/e2e/data/cert-manager-test/namespace.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Namespace 3 | metadata: 4 | name: test 5 | -------------------------------------------------------------------------------- /test/e2e/data/fkas/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - resources.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/fkas/resources.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: fkas-system 6 | --- 7 | apiVersion: v1 8 | kind: ServiceAccount 9 | metadata: 10 | name: metal3-fkas-sa 11 | namespace: fkas-system 12 | --- 13 | apiVersion: rbac.authorization.k8s.io/v1 14 | kind: ClusterRole 15 | metadata: 16 | name: metal3-fkas-role 17 | rules: 18 | - apiGroups: ["metal3.io", "infrastructure.cluster.x-k8s.io"] 19 | resources: ["baremetalhosts", "metal3machines"] 20 | verbs: ["get", "list", "watch"] 21 | - apiGroups: ["cluster.x-k8s.io"] 22 | resources: ["machines"] 23 | verbs: ["get", "list", "watch"] 24 | - apiGroups: [""] 25 | resources: ["secrets"] 26 | verbs: ["get", "list"] 27 | --- 28 | apiVersion: rbac.authorization.k8s.io/v1 29 | kind: ClusterRoleBinding 30 | metadata: 31 | name: metal3-fkas-rolebinding 32 | subjects: 33 | - kind: ServiceAccount 34 | name: metal3-fkas-sa 35 | namespace: fkas-system 36 | roleRef: 37 | kind: ClusterRole 38 | name: metal3-fkas-role 39 | apiGroup: rbac.authorization.k8s.io 40 | --- 41 | apiVersion: apps/v1 42 | kind: Deployment 43 | metadata: 44 | name: metal3-fkas-system 45 | namespace: fkas-system 46 | spec: 47 | replicas: 1 48 | selector: 49 | matchLabels: 50 | app: metal3-fkas-system 51 | template: 52 | metadata: 53 | labels: 54 | app: metal3-fkas-system 55 | spec: 56 | serviceAccountName: metal3-fkas-sa 57 | hostNetwork: true 58 | containers: 59 | - name: metal3-fkas-reconciler 60 | image: quay.io/metal3-io/metal3-fkas:latest 61 | imagePullPolicy: IfNotPresent 62 | command: ["/reconciler"] 63 | env: 64 | - name: DEBUG 65 | value: "true" 66 | - image: quay.io/metal3-io/metal3-fkas:latest 67 | imagePullPolicy: IfNotPresent 68 | ports: 69 | - containerPort: 3333 70 | env: 71 | - name: POD_IP 72 | valueFrom: 73 | fieldRef: 74 | fieldPath: status.podIP 75 | - name: DEBUG 76 | value: "true" 77 | name: metal3-fkas 78 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../cluster 3 | patches: 4 | - path: centos-kubeadm-config.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/cluster-with-topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-topology.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta2 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/clusterclass-centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../clusterclass-cluster 3 | patchesStrategicMerge: 4 | - clusterclass-centos-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/clusterclass-cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta2 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/clusterclass-cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/clusterclass-ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../clusterclass-cluster 4 | patchesStrategicMerge: 5 | - clusterclass-ubuntu-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/ippool/ippool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: ipam.metal3.io/v1alpha1 3 | kind: IPPool 4 | metadata: 5 | name: provisioning-pool 6 | namespace: ${NAMESPACE} 7 | spec: 8 | clusterName: ${CLUSTER_NAME} 9 | namePrefix: ${CLUSTER_NAME}-prov 10 | pools: 11 | - start: ${IPAM_PROVISIONING_POOL_RANGE_START} 12 | end: ${IPAM_PROVISIONING_POOL_RANGE_END} 13 | prefix: ${BARE_METAL_PROVISIONER_CIDR} 14 | --- 15 | apiVersion: ipam.metal3.io/v1alpha1 16 | kind: IPPool 17 | metadata: 18 | name: baremetalv4-pool 19 | namespace: ${NAMESPACE} 20 | spec: 21 | clusterName: ${CLUSTER_NAME} 22 | namePrefix: ${CLUSTER_NAME}-bmv4 23 | pools: 24 | - start: ${IPAM_EXTERNALV4_POOL_RANGE_START} 25 | end: ${IPAM_EXTERNALV4_POOL_RANGE_END} 26 | prefix: ${EXTERNAL_SUBNET_V4_PREFIX} 27 | gateway: ${EXTERNAL_SUBNET_V4_HOST} 28 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/ippool/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ippool.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/opensuse-leap-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../cluster 3 | patches: 4 | - path: opensuse-leap-kubeadm-config.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/bases/ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../cluster 4 | patches: 5 | - path: ubuntu-kubeadm-config.yaml 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-centos-fake/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/cluster-with-topology 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-centos-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-centos-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta2 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-centos-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyNodeConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta2 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | remediation: 13 | triggerIf: 14 | unhealthyLessThanOrEqualTo: 100% 15 | selector: 16 | matchLabels: 17 | e2e.remediation.label: "" 18 | checks: 19 | unhealthyNodeConditions: 20 | - type: e2e.remediation.condition 21 | status: "False" 22 | timeoutSeconds: 10 23 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-opensuse-leap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/opensuse-leap-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-ubuntu-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-ubuntu-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta2 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-ubuntu-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyNodeConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta2 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | remediation: 13 | triggerIf: 14 | unhealthyLessThanOrEqualTo: "100%" 15 | selector: 16 | matchLabels: 17 | e2e.remediation.label: "" 18 | checks: 19 | unhealthyNodeConditions: 20 | - type: e2e.remediation.condition 21 | status: "False" 22 | timeoutSeconds: 10 23 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/cluster-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/clusterclass-metal3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass-metal3.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/clusterclass-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/clusterclass-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-ubuntu-kubeadm-config -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/clusterclass-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass-ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/main/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../cluster 3 | patches: 4 | - path: centos-kubeadm-config.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/cluster-with-topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-topology.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta1 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/clusterclass-centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../clusterclass-cluster 3 | patchesStrategicMerge: 4 | - clusterclass-centos-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/clusterclass-cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta1 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/clusterclass-cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/clusterclass-ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../clusterclass-cluster 4 | patchesStrategicMerge: 5 | - clusterclass-ubuntu-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/ippool/ippool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: ipam.metal3.io/v1alpha1 3 | kind: IPPool 4 | metadata: 5 | name: provisioning-pool 6 | namespace: ${NAMESPACE} 7 | spec: 8 | clusterName: ${CLUSTER_NAME} 9 | namePrefix: ${CLUSTER_NAME}-prov 10 | pools: 11 | - start: ${IPAM_PROVISIONING_POOL_RANGE_START} 12 | end: ${IPAM_PROVISIONING_POOL_RANGE_END} 13 | prefix: ${BARE_METAL_PROVISIONER_CIDR} 14 | --- 15 | apiVersion: ipam.metal3.io/v1alpha1 16 | kind: IPPool 17 | metadata: 18 | name: baremetalv4-pool 19 | namespace: ${NAMESPACE} 20 | spec: 21 | clusterName: ${CLUSTER_NAME} 22 | namePrefix: ${CLUSTER_NAME}-bmv4 23 | pools: 24 | - start: ${IPAM_EXTERNALV4_POOL_RANGE_START} 25 | end: ${IPAM_EXTERNALV4_POOL_RANGE_END} 26 | prefix: ${EXTERNAL_SUBNET_V4_PREFIX} 27 | gateway: ${EXTERNAL_SUBNET_V4_HOST} 28 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/ippool/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ippool.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/bases/ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../cluster 4 | patches: 5 | - path: ubuntu-kubeadm-config.yaml 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-centos-fake/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/cluster-with-topology 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-centos-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-centos-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta1 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-centos-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta1 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | maxUnhealthy: 100% 13 | selector: 14 | matchLabels: 15 | e2e.remediation.label: "" 16 | unhealthyConditions: 17 | - type: e2e.remediation.condition 18 | status: "False" 19 | timeout: 10s 20 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-ubuntu-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-ubuntu-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta1 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-ubuntu-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta1 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | maxUnhealthy: 100% 13 | selector: 14 | matchLabels: 15 | e2e.remediation.label: "" 16 | unhealthyConditions: 17 | - type: e2e.remediation.condition 18 | status: "False" 19 | timeout: 10s 20 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/cluster-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/clusterclass-metal3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass-metal3.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/clusterclass-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/clusterclass-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-ubuntu-kubeadm-config -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/clusterclass-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass-ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.10/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../cluster 3 | patches: 4 | - path: centos-kubeadm-config.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/cluster-with-topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-topology.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta2 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/clusterclass-centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../clusterclass-cluster 3 | patchesStrategicMerge: 4 | - clusterclass-centos-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/clusterclass-cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta2 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/clusterclass-cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/clusterclass-ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../clusterclass-cluster 4 | patchesStrategicMerge: 5 | - clusterclass-ubuntu-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/ippool/ippool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: ipam.metal3.io/v1alpha1 3 | kind: IPPool 4 | metadata: 5 | name: provisioning-pool 6 | namespace: ${NAMESPACE} 7 | spec: 8 | clusterName: ${CLUSTER_NAME} 9 | namePrefix: ${CLUSTER_NAME}-prov 10 | pools: 11 | - start: ${IPAM_PROVISIONING_POOL_RANGE_START} 12 | end: ${IPAM_PROVISIONING_POOL_RANGE_END} 13 | prefix: ${BARE_METAL_PROVISIONER_CIDR} 14 | --- 15 | apiVersion: ipam.metal3.io/v1alpha1 16 | kind: IPPool 17 | metadata: 18 | name: baremetalv4-pool 19 | namespace: ${NAMESPACE} 20 | spec: 21 | clusterName: ${CLUSTER_NAME} 22 | namePrefix: ${CLUSTER_NAME}-bmv4 23 | pools: 24 | - start: ${IPAM_EXTERNALV4_POOL_RANGE_START} 25 | end: ${IPAM_EXTERNALV4_POOL_RANGE_END} 26 | prefix: ${EXTERNAL_SUBNET_V4_PREFIX} 27 | gateway: ${EXTERNAL_SUBNET_V4_HOST} 28 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/ippool/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ippool.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/opensuse-leap-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../cluster 3 | patches: 4 | - path: opensuse-leap-kubeadm-config.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/bases/ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../cluster 4 | patches: 5 | - path: ubuntu-kubeadm-config.yaml 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-centos-fake/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/cluster-with-topology 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-centos-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-centos-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta2 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-centos-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyNodeConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta2 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | remediation: 13 | triggerIf: 14 | unhealthyLessThanOrEqualTo: 100% 15 | selector: 16 | matchLabels: 17 | e2e.remediation.label: "" 18 | checks: 19 | unhealthyNodeConditions: 20 | - type: e2e.remediation.condition 21 | status: "False" 22 | timeoutSeconds: 10 23 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-opensuse-leap/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/opensuse-leap-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-ubuntu-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-ubuntu-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta2 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-ubuntu-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyNodeConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta2 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | remediation: 13 | triggerIf: 14 | unhealthyLessThanOrEqualTo: "100%" 15 | selector: 16 | matchLabels: 17 | e2e.remediation.label: "" 18 | checks: 19 | unhealthyNodeConditions: 20 | - type: e2e.remediation.condition 21 | status: "False" 22 | timeoutSeconds: 10 23 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/cluster-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/clusterclass-metal3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass-metal3.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/clusterclass-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/clusterclass-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-ubuntu-kubeadm-config -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/clusterclass-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass-ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.11/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../cluster 3 | patches: 4 | - path: centos-kubeadm-config.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/cluster-with-topology/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-topology.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta1 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/clusterclass-centos-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../clusterclass-cluster 3 | patchesStrategicMerge: 4 | - clusterclass-centos-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/clusterclass-cluster/crs.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # ConfigMap object referenced by the ClusterResourceSet object and with 3 | # the CNI resource defined in the test config file 4 | apiVersion: v1 5 | kind: ConfigMap 6 | metadata: 7 | name: "cni-${CLUSTER_NAME}-crs-0" 8 | data: ${CNI_RESOURCES} 9 | binaryData: 10 | --- 11 | # ClusterResourceSet object with 12 | # a selector that targets all the Cluster with label cni=${CLUSTER_NAME}-crs-0 13 | apiVersion: addons.cluster.x-k8s.io/v1beta1 14 | kind: ClusterResourceSet 15 | metadata: 16 | name: "${CLUSTER_NAME}-crs-0" 17 | spec: 18 | strategy: ApplyOnce 19 | clusterSelector: 20 | matchLabels: 21 | cni: "${CLUSTER_NAME}-crs-0" 22 | resources: 23 | - name: "cni-${CLUSTER_NAME}-crs-0" 24 | kind: ConfigMap 25 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/clusterclass-cluster/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - cluster-with-kcp.yaml 3 | - md.yaml 4 | - crs.yaml 5 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/clusterclass-ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../clusterclass-cluster 4 | patchesStrategicMerge: 5 | - clusterclass-ubuntu-kubeadm-config.yaml -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/ippool/ippool.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: ipam.metal3.io/v1alpha1 3 | kind: IPPool 4 | metadata: 5 | name: provisioning-pool 6 | namespace: ${NAMESPACE} 7 | spec: 8 | clusterName: ${CLUSTER_NAME} 9 | namePrefix: ${CLUSTER_NAME}-prov 10 | pools: 11 | - start: ${IPAM_PROVISIONING_POOL_RANGE_START} 12 | end: ${IPAM_PROVISIONING_POOL_RANGE_END} 13 | prefix: ${BARE_METAL_PROVISIONER_CIDR} 14 | --- 15 | apiVersion: ipam.metal3.io/v1alpha1 16 | kind: IPPool 17 | metadata: 18 | name: baremetalv4-pool 19 | namespace: ${NAMESPACE} 20 | spec: 21 | clusterName: ${CLUSTER_NAME} 22 | namePrefix: ${CLUSTER_NAME}-bmv4 23 | pools: 24 | - start: ${IPAM_EXTERNALV4_POOL_RANGE_START} 25 | end: ${IPAM_EXTERNALV4_POOL_RANGE_END} 26 | prefix: ${EXTERNAL_SUBNET_V4_PREFIX} 27 | gateway: ${EXTERNAL_SUBNET_V4_HOST} 28 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/ippool/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ippool.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/bases/ubuntu-kubeadm-config/kustomization.yaml: -------------------------------------------------------------------------------- 1 | 2 | resources: 3 | - ../cluster 4 | patches: 5 | - path: ubuntu-kubeadm-config.yaml 6 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-centos-fake/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/cluster-with-topology 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-centos-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-centos-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta1 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-centos-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta1 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | maxUnhealthy: 100% 13 | selector: 14 | matchLabels: 15 | e2e.remediation.label: "" 16 | unhealthyConditions: 17 | - type: e2e.remediation.condition 18 | status: "False" 19 | timeout: 10s 20 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-ubuntu-md-remediation/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | 5 | - mhc.yaml 6 | patchesStrategicMerge: 7 | - md.yaml 8 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-ubuntu-md-remediation/md.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: cluster.x-k8s.io/v1beta1 3 | kind: MachineDeployment 4 | metadata: 5 | labels: 6 | cluster.x-k8s.io/cluster-name: ${CLUSTER_NAME} 7 | nodepool: nodepool-0 8 | name: ${CLUSTER_NAME} 9 | namespace: ${NAMESPACE} 10 | spec: 11 | template: 12 | metadata: 13 | labels: 14 | "e2e.remediation.label": "" 15 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-ubuntu-md-remediation/mhc.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | # MachineHealthCheck object with 3 | # - a selector that targets all the machines with label e2e.remediation.label="" 4 | # - unhealthyConditions triggering remediation after 10s the condition is set 5 | apiVersion: cluster.x-k8s.io/v1beta1 6 | kind: MachineHealthCheck 7 | metadata: 8 | name: "${CLUSTER_NAME}-mhc-0" 9 | namespace: ${NAMESPACE} 10 | spec: 11 | clusterName: "${CLUSTER_NAME}" 12 | maxUnhealthy: 100% 13 | selector: 14 | matchLabels: 15 | e2e.remediation.label: "" 16 | unhealthyConditions: 17 | - type: e2e.remediation.condition 18 | status: "False" 19 | timeout: 10s 20 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/ubuntu-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/cluster-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/clusterclass-metal3/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - clusterclass-metal3.yaml 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/clusterclass-template-centos/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-centos-kubeadm-config 4 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/clusterclass-template-ubuntu/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/ippool 3 | - ../bases/clusterclass-ubuntu-kubeadm-config -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/clusterclass-template-upgrade-workload/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass-ubuntu-kubeadm-config 3 | -------------------------------------------------------------------------------- /test/e2e/data/infrastructure-metal3/v1.9/clusterclass/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../bases/clusterclass 3 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/components/basic-auth/auth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | - name: ironic 10 | envFrom: 11 | # This is the htpassword matching the ironic password 12 | - secretRef: 13 | name: ironic-htpasswd 14 | - configMapRef: 15 | name: ironic-bmo-configmap 16 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/components/basic-auth/ironic-auth-config-tpl: -------------------------------------------------------------------------------- 1 | [ironic] 2 | auth_type=http_basic 3 | username=${IRONIC_USERNAME} 4 | password=${IRONIC_PASSWORD} 5 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/components/basic-auth/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1alpha1 2 | kind: Component 3 | 4 | # NOTE: This component requires secrets with the basic auth credential! 5 | # How you create them is up to you. The required secret is ironic-htpasswd. 6 | # 7 | # The content should be as in these examples: 8 | # 9 | # apiVersion: v1 10 | # kind: Secret 11 | # metadata: 12 | # name: ironic-htpasswd 13 | # data: 14 | # IRONIC_HTPASSWD: 15 | 16 | patches: 17 | - path: auth.yaml 18 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/pr-test/ironic_bmo_configmap.env: -------------------------------------------------------------------------------- 1 | HTTP_PORT=6180 2 | PROVISIONING_IP=172.22.0.2 3 | CACHEURL=http://172.22.0.2/images 4 | IRONIC_FAST_TRACK=true 5 | IRONIC_KERNEL_PARAMS=console=ttyS0 6 | IRONIC_INSPECTOR_VLAN_INTERFACES=all 7 | PROVISIONING_INTERFACE=ironicendpoint 8 | DHCP_RANGE=172.22.0.10,172.22.0.100 9 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 10 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 11 | IRONIC_ENDPOINT=http://172.22.0.2:6385/v1/ 12 | USE_IRONIC_INSPECTOR=false 13 | IPA_BASEURI=https://artifactory.nordix.org/artifactory/openstack-remote-cache/ironic-python-agent/dib 14 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/pr-test/keepalived_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | # Change the value of image field below to your controller image URL 10 | - image: quay.io/metal3-io/keepalived 11 | name: ironic-endpoint-keepalived 12 | securityContext: 13 | # Must be true so dnsmasq may get the capabilities via file caps 14 | # KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-security/2763-ambient-capabilities/README.md 15 | allowPrivilegeEscalation: true 16 | capabilities: 17 | drop: 18 | - ALL 19 | add: 20 | - NET_ADMIN 21 | - NET_BROADCAST 22 | - NET_RAW 23 | privileged: false 24 | runAsUser: 65532 25 | runAsGroup: 65532 26 | envFrom: 27 | - configMapRef: 28 | name: ironic-bmo-configmap 29 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/pr-test/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | namePrefix: baremetal-operator- 5 | resources: 6 | - https://github.com/metal3-io/baremetal-operator/config/namespace?ref=${BMORELEASEBRANCH} 7 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/base?ref=${BMORELEASEBRANCH} 8 | 9 | components: 10 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/basic-auth?ref=${BMORELEASEBRANCH} 11 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/tls?ref=${BMORELEASEBRANCH} 12 | 13 | configMapGenerator: 14 | - behavior: create 15 | envs: 16 | - ironic_bmo_configmap.env 17 | name: ironic-bmo-configmap 18 | 19 | patches: 20 | - path: keepalived_patch.yaml 21 | 22 | images: 23 | - name: quay.io/metal3-io/ironic 24 | newTag: main 25 | 26 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 27 | secretGenerator: 28 | - behavior: create 29 | envs: 30 | - ironic-htpasswd 31 | name: ironic-htpasswd 32 | - files: 33 | - auth-config=ironic-auth-config 34 | name: ironic-auth-config 35 | 36 | # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap 37 | replacements: 38 | - source: 39 | fieldPath: .data.PROVISIONING_IP 40 | kind: ConfigMap 41 | name: ironic-bmo-configmap 42 | targets: 43 | - fieldPaths: 44 | - .spec.ipAddresses.0 45 | select: 46 | group: cert-manager.io 47 | kind: Certificate 48 | name: ironic-cert 49 | version: v1 50 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-27.0/ironic_bmo_configmap.env: -------------------------------------------------------------------------------- 1 | HTTP_PORT=6180 2 | PROVISIONING_IP=172.22.0.2 3 | CACHEURL=http://172.22.0.2/images 4 | IRONIC_FAST_TRACK=true 5 | IRONIC_KERNEL_PARAMS=console=ttyS0 6 | IRONIC_INSPECTOR_VLAN_INTERFACES=all 7 | PROVISIONING_INTERFACE=ironicendpoint 8 | DHCP_RANGE=172.22.0.10,172.22.0.100 9 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 10 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 11 | IRONIC_ENDPOINT=http://172.22.0.2:6385/v1/ 12 | USE_IRONIC_INSPECTOR=false 13 | IPA_BASEURI=https://artifactory.nordix.org/artifactory/openstack-remote-cache/ironic-python-agent/dib 14 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-27.0/keepalived_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | # Change the value of image field below to your controller image URL 10 | - image: quay.io/metal3-io/keepalived 11 | name: ironic-endpoint-keepalived 12 | securityContext: 13 | # Must be true so dnsmasq may get the capabilities via file caps 14 | # KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-security/2763-ambient-capabilities/README.md 15 | allowPrivilegeEscalation: true 16 | capabilities: 17 | drop: 18 | - ALL 19 | add: 20 | - NET_ADMIN 21 | - NET_BROADCAST 22 | - NET_RAW 23 | privileged: false 24 | runAsUser: 65532 25 | runAsGroup: 65532 26 | envFrom: 27 | - configMapRef: 28 | name: ironic-bmo-configmap 29 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-27.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | namePrefix: baremetal-operator- 5 | resources: 6 | - https://github.com/metal3-io/baremetal-operator/config/namespace?ref=release-0.9 7 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/base?ref=release-0.9 8 | 9 | components: 10 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/basic-auth?ref=release-0.9 11 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/tls?ref=release-0.9 12 | 13 | configMapGenerator: 14 | - envs: 15 | - ironic_bmo_configmap.env 16 | name: ironic-bmo-configmap 17 | behavior: create 18 | 19 | patches: 20 | - path: keepalived_patch.yaml 21 | 22 | images: 23 | - name: quay.io/metal3-io/ironic 24 | newTag: release-27.0 25 | 26 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 27 | secretGenerator: 28 | - name: ironic-htpasswd 29 | behavior: create 30 | envs: 31 | - ironic-htpasswd 32 | - name: ironic-auth-config 33 | files: 34 | - auth-config=ironic-auth-config 35 | 36 | replacements: 37 | # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap 38 | - source: 39 | kind: ConfigMap 40 | name: ironic-bmo-configmap 41 | fieldPath: .data.PROVISIONING_IP 42 | targets: 43 | - select: 44 | version: v1 45 | group: cert-manager.io 46 | kind: Certificate 47 | name: ironic-cert 48 | fieldPaths: 49 | - .spec.ipAddresses.0 50 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-29.0/ironic_bmo_configmap.env: -------------------------------------------------------------------------------- 1 | HTTP_PORT=6180 2 | PROVISIONING_IP=172.22.0.2 3 | CACHEURL=http://172.22.0.2/images 4 | IRONIC_FAST_TRACK=true 5 | IRONIC_KERNEL_PARAMS=console=ttyS0 6 | IRONIC_INSPECTOR_VLAN_INTERFACES=all 7 | PROVISIONING_INTERFACE=ironicendpoint 8 | DHCP_RANGE=172.22.0.10,172.22.0.100 9 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 10 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 11 | IRONIC_ENDPOINT=http://172.22.0.2:6385/v1/ 12 | USE_IRONIC_INSPECTOR=false 13 | IPA_BASEURI=https://artifactory.nordix.org/artifactory/openstack-remote-cache/ironic-python-agent/dib 14 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-29.0/keepalived_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | # Change the value of image field below to your controller image URL 10 | - image: quay.io/metal3-io/keepalived 11 | name: ironic-endpoint-keepalived 12 | securityContext: 13 | # Must be true so dnsmasq may get the capabilities via file caps 14 | # KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-security/2763-ambient-capabilities/README.md 15 | allowPrivilegeEscalation: true 16 | capabilities: 17 | drop: 18 | - ALL 19 | add: 20 | - NET_ADMIN 21 | - NET_BROADCAST 22 | - NET_RAW 23 | privileged: false 24 | runAsUser: 65532 25 | runAsGroup: 65532 26 | envFrom: 27 | - configMapRef: 28 | name: ironic-bmo-configmap 29 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-29.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | namePrefix: baremetal-operator- 5 | resources: 6 | - https://github.com/metal3-io/baremetal-operator/config/namespace?ref=release-0.10 7 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/base?ref=release-0.10 8 | 9 | components: 10 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/basic-auth?ref=release-0.10 11 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/tls?ref=release-0.10 12 | 13 | configMapGenerator: 14 | - envs: 15 | - ironic_bmo_configmap.env 16 | name: ironic-bmo-configmap 17 | behavior: create 18 | 19 | patches: 20 | - path: keepalived_patch.yaml 21 | 22 | images: 23 | - name: quay.io/metal3-io/ironic 24 | newTag: release-29.0 25 | 26 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 27 | secretGenerator: 28 | - name: ironic-htpasswd 29 | behavior: create 30 | envs: 31 | - ironic-htpasswd 32 | - name: ironic-auth-config 33 | files: 34 | - auth-config=ironic-auth-config 35 | 36 | replacements: 37 | # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap 38 | - source: 39 | kind: ConfigMap 40 | name: ironic-bmo-configmap 41 | fieldPath: .data.PROVISIONING_IP 42 | targets: 43 | - select: 44 | version: v1 45 | group: cert-manager.io 46 | kind: Certificate 47 | name: ironic-cert 48 | fieldPaths: 49 | - .spec.ipAddresses.0 50 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-31.0/ironic_bmo_configmap.env: -------------------------------------------------------------------------------- 1 | HTTP_PORT=6180 2 | PROVISIONING_IP=172.22.0.2 3 | CACHEURL=http://172.22.0.2/images 4 | IRONIC_FAST_TRACK=true 5 | IRONIC_KERNEL_PARAMS=console=ttyS0 6 | IRONIC_INSPECTOR_VLAN_INTERFACES=all 7 | PROVISIONING_INTERFACE=ironicendpoint 8 | DHCP_RANGE=172.22.0.10,172.22.0.100 9 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 10 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 11 | IRONIC_ENDPOINT=http://172.22.0.2:6385/v1/ 12 | USE_IRONIC_INSPECTOR=false 13 | IPA_BASEURI=https://artifactory.nordix.org/artifactory/openstack-remote-cache/ironic-python-agent/dib 14 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-31.0/keepalived_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | # Change the value of image field below to your controller image URL 10 | - image: quay.io/metal3-io/keepalived 11 | name: ironic-endpoint-keepalived 12 | securityContext: 13 | # Must be true so dnsmasq may get the capabilities via file caps 14 | # KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-security/2763-ambient-capabilities/README.md 15 | allowPrivilegeEscalation: true 16 | capabilities: 17 | drop: 18 | - ALL 19 | add: 20 | - NET_ADMIN 21 | - NET_BROADCAST 22 | - NET_RAW 23 | privileged: false 24 | runAsUser: 65532 25 | runAsGroup: 65532 26 | envFrom: 27 | - configMapRef: 28 | name: ironic-bmo-configmap 29 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-31.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | namePrefix: baremetal-operator- 5 | resources: 6 | - https://github.com/metal3-io/baremetal-operator/config/namespace?ref=release-0.10 7 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/base?ref=release-0.10 8 | 9 | components: 10 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/basic-auth?ref=release-0.10 11 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/tls?ref=release-0.10 12 | 13 | configMapGenerator: 14 | - envs: 15 | - ironic_bmo_configmap.env 16 | name: ironic-bmo-configmap 17 | behavior: create 18 | 19 | patches: 20 | - path: keepalived_patch.yaml 21 | 22 | images: 23 | - name: quay.io/metal3-io/ironic 24 | newTag: release-31.0 25 | 26 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 27 | secretGenerator: 28 | - name: ironic-htpasswd 29 | behavior: create 30 | envs: 31 | - ironic-htpasswd 32 | - name: ironic-auth-config 33 | files: 34 | - auth-config=ironic-auth-config 35 | 36 | replacements: 37 | # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap 38 | - source: 39 | kind: ConfigMap 40 | name: ironic-bmo-configmap 41 | fieldPath: .data.PROVISIONING_IP 42 | targets: 43 | - select: 44 | version: v1 45 | group: cert-manager.io 46 | kind: Certificate 47 | name: ironic-cert 48 | fieldPaths: 49 | - .spec.ipAddresses.0 50 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-32.0/ironic_bmo_configmap.env: -------------------------------------------------------------------------------- 1 | HTTP_PORT=6180 2 | PROVISIONING_IP=172.22.0.2 3 | CACHEURL=http://172.22.0.2/images 4 | IRONIC_FAST_TRACK=true 5 | IRONIC_KERNEL_PARAMS=console=ttyS0 6 | IRONIC_INSPECTOR_VLAN_INTERFACES=all 7 | PROVISIONING_INTERFACE=ironicendpoint 8 | DHCP_RANGE=172.22.0.10,172.22.0.100 9 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 10 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 11 | IRONIC_ENDPOINT=http://172.22.0.2:6385/v1/ 12 | USE_IRONIC_INSPECTOR=false 13 | IPA_BASEURI=https://artifactory.nordix.org/artifactory/openstack-remote-cache/ironic-python-agent/dib 14 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-32.0/keepalived_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | # Change the value of image field below to your controller image URL 10 | - image: quay.io/metal3-io/keepalived 11 | name: ironic-endpoint-keepalived 12 | securityContext: 13 | # Must be true so dnsmasq may get the capabilities via file caps 14 | # KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-security/2763-ambient-capabilities/README.md 15 | allowPrivilegeEscalation: true 16 | capabilities: 17 | drop: 18 | - ALL 19 | add: 20 | - NET_ADMIN 21 | - NET_BROADCAST 22 | - NET_RAW 23 | privileged: false 24 | runAsUser: 65532 25 | runAsGroup: 65532 26 | envFrom: 27 | - configMapRef: 28 | name: ironic-bmo-configmap 29 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-32.0/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | namePrefix: baremetal-operator- 5 | resources: 6 | - https://github.com/metal3-io/baremetal-operator/config/namespace?ref=release-0.11 7 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/base?ref=release-0.11 8 | 9 | components: 10 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/basic-auth?ref=release-0.11 11 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/tls?ref=release-0.11 12 | 13 | configMapGenerator: 14 | - envs: 15 | - ironic_bmo_configmap.env 16 | name: ironic-bmo-configmap 17 | behavior: create 18 | 19 | patches: 20 | - path: keepalived_patch.yaml 21 | 22 | images: 23 | - name: quay.io/metal3-io/ironic 24 | newTag: release-32.0 25 | 26 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 27 | secretGenerator: 28 | - name: ironic-htpasswd 29 | behavior: create 30 | envs: 31 | - ironic-htpasswd 32 | - name: ironic-auth-config 33 | files: 34 | - auth-config=ironic-auth-config 35 | 36 | replacements: 37 | # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap 38 | - source: 39 | kind: ConfigMap 40 | name: ironic-bmo-configmap 41 | fieldPath: .data.PROVISIONING_IP 42 | targets: 43 | - select: 44 | version: v1 45 | group: cert-manager.io 46 | kind: Certificate 47 | name: ironic-cert 48 | fieldPaths: 49 | - .spec.ipAddresses.0 50 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-latest/ironic_bmo_configmap.env: -------------------------------------------------------------------------------- 1 | HTTP_PORT=6180 2 | PROVISIONING_IP=172.22.0.2 3 | CACHEURL=http://172.22.0.2/images 4 | IRONIC_FAST_TRACK=true 5 | IRONIC_KERNEL_PARAMS=console=ttyS0 6 | IRONIC_INSPECTOR_VLAN_INTERFACES=all 7 | PROVISIONING_INTERFACE=ironicendpoint 8 | DHCP_RANGE=172.22.0.10,172.22.0.100 9 | DEPLOY_KERNEL_URL=http://172.22.0.2:6180/images/ironic-python-agent.kernel 10 | DEPLOY_RAMDISK_URL=http://172.22.0.2:6180/images/ironic-python-agent.initramfs 11 | IRONIC_ENDPOINT=http://172.22.0.2:6385/v1/ 12 | IPA_BASEURI=https://artifactory.nordix.org/artifactory/openstack-remote-cache/ironic-python-agent/dib 13 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-latest/keepalived_patch.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: ironic 5 | spec: 6 | template: 7 | spec: 8 | containers: 9 | # Change the value of image field below to your controller image URL 10 | - image: quay.io/metal3-io/keepalived 11 | name: ironic-endpoint-keepalived 12 | securityContext: 13 | # Must be true so dnsmasq may get the capabilities via file caps 14 | # KEP: https://github.com/kubernetes/enhancements/blob/master/keps/sig-security/2763-ambient-capabilities/README.md 15 | allowPrivilegeEscalation: true 16 | capabilities: 17 | drop: 18 | - ALL 19 | add: 20 | - NET_ADMIN 21 | - NET_BROADCAST 22 | - NET_RAW 23 | privileged: false 24 | runAsUser: 65532 25 | runAsGroup: 65532 26 | envFrom: 27 | - configMapRef: 28 | name: ironic-bmo-configmap 29 | -------------------------------------------------------------------------------- /test/e2e/data/ironic-deployment/overlays/release-latest/kustomization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: kustomize.config.k8s.io/v1beta1 2 | kind: Kustomization 3 | namespace: baremetal-operator-system 4 | namePrefix: baremetal-operator- 5 | resources: 6 | - https://github.com/metal3-io/baremetal-operator/config/namespace?ref=main 7 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/base?ref=main 8 | 9 | components: 10 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/basic-auth?ref=main 11 | - https://github.com/metal3-io/baremetal-operator/ironic-deployment/components/tls?ref=main 12 | 13 | configMapGenerator: 14 | - envs: 15 | - ironic_bmo_configmap.env 16 | name: ironic-bmo-configmap 17 | behavior: create 18 | 19 | patches: 20 | - path: keepalived_patch.yaml 21 | 22 | images: 23 | - name: quay.io/metal3-io/ironic 24 | newTag: latest 25 | 26 | # NOTE: These credentials are generated automatically in scripts/ci-e2e.sh 27 | secretGenerator: 28 | - name: ironic-htpasswd 29 | behavior: create 30 | envs: 31 | - ironic-htpasswd 32 | - name: ironic-auth-config 33 | files: 34 | - auth-config=ironic-auth-config 35 | 36 | replacements: 37 | # Replace IRONIC_HOST_IP in certificates with the PROVISIONING_IP from the configmap 38 | - source: 39 | kind: ConfigMap 40 | name: ironic-bmo-configmap 41 | fieldPath: .data.PROVISIONING_IP 42 | targets: 43 | - select: 44 | version: v1 45 | group: cert-manager.io 46 | kind: Certificate 47 | name: ironic-cert 48 | fieldPaths: 49 | - .spec.ipAddresses.0 50 | -------------------------------------------------------------------------------- /test/e2e/data/kubetest/conformance.yaml: -------------------------------------------------------------------------------- 1 | ginkgo.focus: \[Conformance\] 2 | ginkgo.skip: \[Serial\] 3 | disable-log-dump: true 4 | ginkgo.flake-attempts: 3 5 | ginkgo.trace: true 6 | ginkgo.v: true 7 | # Use 5m instead of the default 10m to fail faster 8 | # if kube-system Pods are not coming up. 9 | system-pods-startup-timeout: 5m 10 | ginkgo.no-color: true 11 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.10/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 10 6 | contract: v1beta1 7 | - major: 1 8 | minor: 9 9 | contract: v1beta1 10 | - major: 1 11 | minor: 8 12 | contract: v1beta1 13 | - major: 1 14 | minor: 7 15 | contract: v1beta1 16 | - major: 1 17 | minor: 6 18 | contract: v1beta1 19 | - major: 1 20 | minor: 5 21 | contract: v1beta1 22 | - major: 1 23 | minor: 4 24 | contract: v1beta1 25 | - major: 1 26 | minor: 3 27 | contract: v1beta1 28 | - major: 1 29 | minor: 2 30 | contract: v1beta1 31 | - major: 1 32 | minor: 1 33 | contract: v1beta1 34 | - major: 1 35 | minor: 0 36 | contract: v1beta1 37 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.11/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 11 11 | contract: v1beta2 12 | - major: 1 13 | minor: 10 14 | contract: v1beta1 15 | - major: 1 16 | minor: 9 17 | contract: v1beta1 18 | - major: 1 19 | minor: 8 20 | contract: v1beta1 21 | - major: 1 22 | minor: 7 23 | contract: v1beta1 24 | - major: 1 25 | minor: 6 26 | contract: v1beta1 27 | - major: 1 28 | minor: 5 29 | contract: v1beta1 30 | - major: 1 31 | minor: 4 32 | contract: v1beta1 33 | - major: 1 34 | minor: 3 35 | contract: v1beta1 36 | - major: 1 37 | minor: 2 38 | contract: v1beta1 39 | - major: 1 40 | minor: 1 41 | contract: v1beta1 42 | - major: 1 43 | minor: 0 44 | contract: v1beta1 -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.12/metadata.yaml: -------------------------------------------------------------------------------- 1 | # maps release series of major.minor to cluster-api contract version 2 | # the contract version may change between minor or major versions, but *not* 3 | # between patch versions. 4 | # 5 | # update this file only when a new major or minor version is released 6 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 7 | kind: Metadata 8 | releaseSeries: 9 | - major: 1 10 | minor: 12 11 | contract: v1beta2 12 | - major: 1 13 | minor: 11 14 | contract: v1beta2 15 | - major: 1 16 | minor: 10 17 | contract: v1beta1 18 | - major: 1 19 | minor: 9 20 | contract: v1beta1 21 | - major: 1 22 | minor: 8 23 | contract: v1beta1 24 | - major: 1 25 | minor: 7 26 | contract: v1beta1 27 | - major: 1 28 | minor: 6 29 | contract: v1beta1 30 | - major: 1 31 | minor: 5 32 | contract: v1beta1 33 | - major: 1 34 | minor: 4 35 | contract: v1beta1 36 | - major: 1 37 | minor: 3 38 | contract: v1beta1 39 | - major: 1 40 | minor: 2 41 | contract: v1beta1 42 | - major: 1 43 | minor: 1 44 | contract: v1beta1 45 | - major: 1 46 | minor: 0 47 | contract: v1beta1 48 | -------------------------------------------------------------------------------- /test/e2e/data/shared/capi/v1.9/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 9 6 | contract: v1beta1 7 | - major: 1 8 | minor: 8 9 | contract: v1beta1 10 | - major: 1 11 | minor: 7 12 | contract: v1beta1 13 | - major: 1 14 | minor: 6 15 | contract: v1beta1 16 | - major: 1 17 | minor: 5 18 | contract: v1beta1 19 | - major: 1 20 | minor: 4 21 | contract: v1beta1 22 | - major: 1 23 | minor: 3 24 | contract: v1beta1 25 | - major: 1 26 | minor: 2 27 | contract: v1beta1 28 | - major: 1 29 | minor: 1 30 | contract: v1beta1 31 | - major: 1 32 | minor: 0 33 | contract: v1beta1 34 | -------------------------------------------------------------------------------- /test/e2e/data/shared/infrastructure-metal3/main/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 12 6 | contract: v1beta1 7 | - major: 1 8 | minor: 11 9 | contract: v1beta1 10 | - major: 1 11 | minor: 10 12 | contract: v1beta1 13 | - major: 1 14 | minor: 9 15 | contract: v1beta1 16 | - major: 1 17 | minor: 8 18 | contract: v1beta1 19 | - major: 1 20 | minor: 7 21 | contract: v1beta1 22 | - major: 1 23 | minor: 6 24 | contract: v1beta1 25 | - major: 1 26 | minor: 5 27 | contract: v1beta1 28 | - major: 1 29 | minor: 4 30 | contract: v1beta1 31 | - major: 1 32 | minor: 3 33 | contract: v1beta1 34 | - major: 1 35 | minor: 2 36 | contract: v1beta1 37 | - major: 1 38 | minor: 1 39 | contract: v1beta1 40 | - major: 1 41 | minor: 0 42 | contract: v1beta1 43 | -------------------------------------------------------------------------------- /test/e2e/data/shared/infrastructure-metal3/v1.10/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 10 6 | contract: v1beta1 7 | - major: 1 8 | minor: 9 9 | contract: v1beta1 10 | - major: 1 11 | minor: 8 12 | contract: v1beta1 13 | - major: 1 14 | minor: 7 15 | contract: v1beta1 16 | - major: 1 17 | minor: 6 18 | contract: v1beta1 19 | - major: 1 20 | minor: 5 21 | contract: v1beta1 22 | - major: 1 23 | minor: 4 24 | contract: v1beta1 25 | - major: 1 26 | minor: 3 27 | contract: v1beta1 28 | - major: 1 29 | minor: 2 30 | contract: v1beta1 31 | - major: 1 32 | minor: 1 33 | contract: v1beta1 34 | - major: 1 35 | minor: 0 36 | contract: v1beta1 37 | -------------------------------------------------------------------------------- /test/e2e/data/shared/infrastructure-metal3/v1.11/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 11 6 | contract: v1beta1 7 | - major: 1 8 | minor: 10 9 | contract: v1beta1 10 | - major: 1 11 | minor: 9 12 | contract: v1beta1 13 | - major: 1 14 | minor: 8 15 | contract: v1beta1 16 | - major: 1 17 | minor: 7 18 | contract: v1beta1 19 | - major: 1 20 | minor: 6 21 | contract: v1beta1 22 | - major: 1 23 | minor: 5 24 | contract: v1beta1 25 | - major: 1 26 | minor: 4 27 | contract: v1beta1 28 | - major: 1 29 | minor: 3 30 | contract: v1beta1 31 | - major: 1 32 | minor: 2 33 | contract: v1beta1 34 | - major: 1 35 | minor: 1 36 | contract: v1beta1 37 | - major: 1 38 | minor: 0 39 | contract: v1beta1 40 | -------------------------------------------------------------------------------- /test/e2e/data/shared/infrastructure-metal3/v1.9/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 9 6 | contract: v1beta1 7 | - major: 1 8 | minor: 8 9 | contract: v1beta1 10 | - major: 1 11 | minor: 7 12 | contract: v1beta1 13 | - major: 1 14 | minor: 6 15 | contract: v1beta1 16 | - major: 1 17 | minor: 5 18 | contract: v1beta1 19 | - major: 1 20 | minor: 4 21 | contract: v1beta1 22 | - major: 1 23 | minor: 3 24 | contract: v1beta1 25 | - major: 1 26 | minor: 2 27 | contract: v1beta1 28 | - major: 1 29 | minor: 1 30 | contract: v1beta1 31 | - major: 1 32 | minor: 0 33 | contract: v1beta1 34 | -------------------------------------------------------------------------------- /test/e2e/data/shared/ipam-metal3/v1.10/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 10 6 | contract: v1beta1 7 | - major: 1 8 | minor: 9 9 | contract: v1beta1 10 | - major: 1 11 | minor: 8 12 | contract: v1beta1 13 | - major: 1 14 | minor: 7 15 | contract: v1beta1 16 | - major: 1 17 | minor: 6 18 | contract: v1beta1 19 | - major: 1 20 | minor: 5 21 | contract: v1beta1 22 | - major: 1 23 | minor: 4 24 | contract: v1beta1 25 | - major: 1 26 | minor: 3 27 | contract: v1beta1 28 | - major: 1 29 | minor: 2 30 | contract: v1beta1 31 | - major: 1 32 | minor: 1 33 | contract: v1beta1 34 | - major: 1 35 | minor: 0 36 | contract: v1beta1 37 | -------------------------------------------------------------------------------- /test/e2e/data/shared/ipam-metal3/v1.11/metadata.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 2 | kind: Metadata 3 | releaseSeries: 4 | - major: 1 5 | minor: 11 6 | contract: v1beta1 7 | - major: 1 8 | minor: 10 9 | contract: v1beta1 10 | - major: 1 11 | minor: 9 12 | contract: v1beta1 13 | - major: 1 14 | minor: 8 15 | contract: v1beta1 16 | - major: 1 17 | minor: 7 18 | contract: v1beta1 19 | - major: 1 20 | minor: 6 21 | contract: v1beta1 22 | - major: 1 23 | minor: 5 24 | contract: v1beta1 25 | - major: 1 26 | minor: 4 27 | contract: v1beta1 28 | - major: 1 29 | minor: 3 30 | contract: v1beta1 31 | - major: 1 32 | minor: 2 33 | contract: v1beta1 34 | - major: 1 35 | minor: 1 36 | contract: v1beta1 37 | - major: 1 38 | minor: 0 39 | contract: v1beta1 40 | -------------------------------------------------------------------------------- /test/e2e/k8s_conformance_test.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "os" 5 | "path/filepath" 6 | "strings" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | capi_e2e "sigs.k8s.io/cluster-api/test/e2e" 11 | "sigs.k8s.io/controller-runtime/pkg/client" 12 | ) 13 | 14 | var _ = Describe("When testing K8S conformance", Label("k8s-conformance"), func() { 15 | BeforeEach(func() { 16 | osType = strings.ToLower(os.Getenv("OS")) 17 | Expect(osType).ToNot(Equal("")) 18 | validateGlobals(specName) 19 | k8sVersion := e2eConfig.MustGetVariable("KUBERNETES_VERSION") 20 | imageURL, imageChecksum := EnsureImage(k8sVersion) 21 | os.Setenv("IMAGE_RAW_CHECKSUM", imageChecksum) 22 | os.Setenv("IMAGE_RAW_URL", imageURL) 23 | // We need to override clusterctl apply log folder to avoid getting our credentials exposed. 24 | clusterctlLogFolder = filepath.Join(os.TempDir(), "target_cluster_logs", bootstrapClusterProxy.GetName()) 25 | }) 26 | // Note: This installs a cluster based on KUBERNETES_VERSION and runs conformance tests. 27 | capi_e2e.K8SConformanceSpec(ctx, func() capi_e2e.K8SConformanceSpecInput { 28 | return capi_e2e.K8SConformanceSpecInput{ 29 | E2EConfig: e2eConfig, 30 | ClusterctlConfigPath: clusterctlConfigPath, 31 | BootstrapClusterProxy: bootstrapClusterProxy, 32 | ArtifactFolder: artifactFolder, 33 | SkipCleanup: skipCleanup, 34 | PostNamespaceCreated: createBMHsInNamespace, 35 | Flavor: osType, 36 | } 37 | }) 38 | AfterEach(func() { 39 | ListBareMetalHosts(ctx, bootstrapClusterProxy.GetClient(), client.InNamespace(namespace)) 40 | ListMetal3Machines(ctx, bootstrapClusterProxy.GetClient(), client.InNamespace(namespace)) 41 | ListMachines(ctx, bootstrapClusterProxy.GetClient(), client.InNamespace(namespace)) 42 | }) 43 | }) 44 | -------------------------------------------------------------------------------- /test/e2e/md_rollout_test.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "os" 5 | "path/filepath" 6 | "strings" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | capi_e2e "sigs.k8s.io/cluster-api/test/e2e" 11 | ) 12 | 13 | var _ = Describe("When testing MachineDeployment rolling upgrades", Label("capi-md-tests"), func() { 14 | BeforeEach(func() { 15 | osType = strings.ToLower(os.Getenv("OS")) 16 | Expect(osType).ToNot(Equal("")) 17 | validateGlobals(specName) 18 | k8sVersion := e2eConfig.MustGetVariable("KUBERNETES_VERSION") 19 | imageURL, imageChecksum := EnsureImage(k8sVersion) 20 | os.Setenv("IMAGE_RAW_CHECKSUM", imageChecksum) 21 | os.Setenv("IMAGE_RAW_URL", imageURL) 22 | // We need to override clusterctl apply log folder to avoid getting our credentials exposed. 23 | clusterctlLogFolder = filepath.Join(os.TempDir(), "target_cluster_logs", bootstrapClusterProxy.GetName()) 24 | }) 25 | capi_e2e.MachineDeploymentRolloutSpec(ctx, func() capi_e2e.MachineDeploymentRolloutSpecInput { 26 | return capi_e2e.MachineDeploymentRolloutSpecInput{ 27 | E2EConfig: e2eConfig, 28 | ClusterctlConfigPath: clusterctlConfigPath, 29 | BootstrapClusterProxy: bootstrapClusterProxy, 30 | ArtifactFolder: artifactFolder, 31 | SkipCleanup: skipCleanup, 32 | Flavor: osType, 33 | PostNamespaceCreated: createBMHsInNamespace, 34 | } 35 | }) 36 | }) 37 | -------------------------------------------------------------------------------- /test/e2e/md_scale_test.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "os" 5 | "path/filepath" 6 | "strings" 7 | 8 | . "github.com/onsi/ginkgo/v2" 9 | . "github.com/onsi/gomega" 10 | capi_e2e "sigs.k8s.io/cluster-api/test/e2e" 11 | ) 12 | 13 | var _ = Describe("When testing MachineDeployment scale out/in", Label("capi-md-tests"), func() { 14 | BeforeEach(func() { 15 | osType = strings.ToLower(os.Getenv("OS")) 16 | Expect(osType).ToNot(Equal("")) 17 | validateGlobals(specName) 18 | k8sVersion := e2eConfig.MustGetVariable("KUBERNETES_VERSION") 19 | imageURL, imageChecksum := EnsureImage(k8sVersion) 20 | os.Setenv("IMAGE_RAW_CHECKSUM", imageChecksum) 21 | os.Setenv("IMAGE_RAW_URL", imageURL) 22 | // We need to override clusterctl apply log folder to avoid getting our credentials exposed. 23 | clusterctlLogFolder = filepath.Join(os.TempDir(), "target_cluster_logs", bootstrapClusterProxy.GetName()) 24 | }) 25 | capi_e2e.MachineDeploymentScaleSpec(ctx, func() capi_e2e.MachineDeploymentScaleSpecInput { 26 | return capi_e2e.MachineDeploymentScaleSpecInput{ 27 | E2EConfig: e2eConfig, 28 | ClusterctlConfigPath: clusterctlConfigPath, 29 | BootstrapClusterProxy: bootstrapClusterProxy, 30 | ArtifactFolder: artifactFolder, 31 | SkipCleanup: skipCleanup, 32 | Flavor: osType, 33 | PostNamespaceCreated: createBMHsInNamespace, 34 | } 35 | }) 36 | }) 37 | -------------------------------------------------------------------------------- /test/e2e/yaml.go: -------------------------------------------------------------------------------- 1 | package e2e 2 | 3 | import ( 4 | "bytes" 5 | "errors" 6 | "io" 7 | 8 | "gopkg.in/yaml.v3" 9 | ) 10 | 11 | func yamlContainKeyValue(yamlNodes []*yaml.Node, value string, keys ...string) ([]*yaml.Node, error) { 12 | if yamlNodes == nil { 13 | return nil, errors.New("input list of yaml node is null") 14 | } 15 | foundNode := []*yaml.Node{} 16 | for _, obj := range yamlNodes { 17 | if obj.Kind == yaml.DocumentNode { 18 | obj = obj.Content[0] // We can ignore the document node and focus on the block-mapping node. 19 | } 20 | field, err := yamlFindByValue(obj, keys...) 21 | if err == nil && field.Value == value { 22 | foundNode = append(foundNode, obj) 23 | } 24 | } 25 | if len(foundNode) == 0 { 26 | return nil, errors.New("could not find the appropriate yaml node") 27 | } 28 | return foundNode, nil 29 | } 30 | 31 | func yamlFindByValue(node *yaml.Node, values ...string) (*yaml.Node, error) { 32 | if node == nil { 33 | return nil, errors.New("input yaml node is null") 34 | } 35 | value := values[0] 36 | for i, child := range node.Content { 37 | if child.Value == value { 38 | targetNode := node.Content[i+1] 39 | if len(values[1:]) > 0 { 40 | return yamlFindByValue(targetNode, values[1:]...) 41 | } 42 | return targetNode, nil 43 | } 44 | } 45 | return nil, errors.New("could not find the appropriate yaml node") 46 | } 47 | 48 | func splitYAML(resources []byte) ([]*yaml.Node, error) { 49 | dec := yaml.NewDecoder(bytes.NewReader(resources)) 50 | listDocument := []*yaml.Node{} 51 | for { 52 | var value yaml.Node 53 | err := dec.Decode(&value) 54 | if errors.Is(err, io.EOF) { 55 | break 56 | } 57 | if err != nil { 58 | return nil, err 59 | } 60 | listDocument = append(listDocument, &value) 61 | } 62 | 63 | return listDocument, nil 64 | } 65 | 66 | func printYaml(listDocument []*yaml.Node) ([]byte, error) { 67 | var out []byte 68 | for _, doc := range listDocument { 69 | marshalDoc, err := yaml.Marshal(doc) 70 | if err != nil { 71 | return nil, err 72 | } 73 | out = append(append(out, []byte("\n---\n")...), marshalDoc...) 74 | } 75 | return out, nil 76 | } 77 | -------------------------------------------------------------------------------- /tilt-provider.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "metal3", 3 | "config": { 4 | "image": "quay.io/metal3-io/cluster-api-provider-metal3", 5 | "live_reload_deps": [ 6 | "api", 7 | "baremetal", 8 | "config", 9 | "controllers", 10 | "go.mod", 11 | "go.sum", 12 | "main.go" 13 | ], 14 | "label": "CAPM3", 15 | "manager_name": "capm3-controller-manager" 16 | } 17 | } --------------------------------------------------------------------------------