From 8434fe9ddb70d9404ab6fa5b5d7d9d926845afc1 Mon Sep 17 00:00:00 2001 From: Todd Malsbary Date: Fri, 4 Feb 2022 16:25:01 -0800 Subject: [PATCH] Upgrade ironic, baremetal-operator, cluster-api Signed-off-by: Todd Malsbary Change-Id: I1970cf6708cb69a39fbadf05fe5e1baf5779f3a5 --- .../base/crd/bases/metal3.io_baremetalhosts.yaml | 13 +- .../crd/bases/metal3.io_bmceventsubscriptions.yaml | 90 ++++++++++ .../base/crd/bases/metal3.io_firmwareschemas.yaml | 4 - .../crd/bases/metal3.io_hostfirmwaresettings.yaml | 86 +++++++++- .../crd/bases/metal3.io_preprovisioningimages.yaml | 181 +++++++++++++++++++++ .../baremetal-operator/base/crd/kustomization.yaml | 12 +- .../base/crd/kustomizeconfig.yaml | 6 +- .../crd/patches/cainjection_in_baremetalhosts.yaml | 1 - .../cainjection_in_bmceventsubscriptions.yaml | 7 + .../cainjection_in_preprovisioningimages.yaml | 8 + .../crd/patches/webhook_in_baremetalhosts.yaml | 20 +-- .../patches/webhook_in_bmceventsubscriptions.yaml | 14 ++ .../crd/patches/webhook_in_firmwareschemas.yaml | 17 +- .../patches/webhook_in_hostfirmwaresettings.yaml | 18 +- .../patches/webhook_in_preprovisioningimages.yaml | 18 ++ .../base/default/kustomization.yaml | 16 +- .../base/default/manager_auth_proxy_patch.yaml | 2 +- .../base/default/manager_config_patch.yaml | 20 +++ .../base/manager/controller_manager_config.yaml | 11 ++ .../base/manager/kustomization.yaml | 8 + .../baremetal-operator/base/manager/manager.yaml | 19 ++- .../base/rbac/auth_proxy_client_clusterrole.yaml | 6 +- .../base/rbac/auth_proxy_role.yaml | 12 +- .../base/rbac/auth_proxy_role_binding.yaml | 2 +- .../rbac/bmceventsubscription_editor_role.yaml | 24 +++ .../rbac/bmceventsubscription_viewer_role.yaml | 20 +++ .../base/rbac/kustomization.yaml | 6 + .../base/rbac/leader_election_role_binding.yaml | 2 +- .../rbac/preprovisioningimage_editor_role.yaml | 24 +++ .../rbac/preprovisioningimage_viewer_role.yaml | 20 +++ deploy/baremetal-operator/base/rbac/role.yaml | 80 +++++++++ .../baremetal-operator/base/rbac/role_binding.yaml | 2 +- .../base/rbac/service_account.yaml | 5 + .../baremetal-operator/base/webhook/manifests.yaml | 21 +++ deploy/baremetal-operator/icn/kustomization.yaml | 2 +- deploy/ironic/base/ironic/ironic.yaml | 84 +++++++++- deploy/ironic/icn/kustomization.yaml | 2 +- env/lib/common.sh | 6 +- 38 files changed, 820 insertions(+), 69 deletions(-) create mode 100644 deploy/baremetal-operator/base/crd/bases/metal3.io_bmceventsubscriptions.yaml create mode 100644 deploy/baremetal-operator/base/crd/bases/metal3.io_preprovisioningimages.yaml create mode 100644 deploy/baremetal-operator/base/crd/patches/cainjection_in_bmceventsubscriptions.yaml create mode 100644 deploy/baremetal-operator/base/crd/patches/cainjection_in_preprovisioningimages.yaml create mode 100644 deploy/baremetal-operator/base/crd/patches/webhook_in_bmceventsubscriptions.yaml create mode 100644 deploy/baremetal-operator/base/crd/patches/webhook_in_preprovisioningimages.yaml create mode 100644 deploy/baremetal-operator/base/default/manager_config_patch.yaml create mode 100644 deploy/baremetal-operator/base/manager/controller_manager_config.yaml create mode 100644 deploy/baremetal-operator/base/rbac/bmceventsubscription_editor_role.yaml create mode 100644 deploy/baremetal-operator/base/rbac/bmceventsubscription_viewer_role.yaml create mode 100644 deploy/baremetal-operator/base/rbac/preprovisioningimage_editor_role.yaml create mode 100644 deploy/baremetal-operator/base/rbac/preprovisioningimage_viewer_role.yaml create mode 100644 deploy/baremetal-operator/base/rbac/service_account.yaml diff --git a/deploy/baremetal-operator/base/crd/bases/metal3.io_baremetalhosts.yaml b/deploy/baremetal-operator/base/crd/bases/metal3.io_baremetalhosts.yaml index 4ff1fba..6fe6077 100644 --- a/deploy/baremetal-operator/base/crd/bases/metal3.io_baremetalhosts.yaml +++ b/deploy/baremetal-operator/base/crd/bases/metal3.io_baremetalhosts.yaml @@ -244,7 +244,8 @@ spec: type: object metaData: description: MetaData holds the reference to the Secret containing - host metadata (e.g. meta_data.json which is passed to Config Drive). + host metadata (e.g. meta_data.json) which is passed to the Config + Drive. properties: name: description: Name is unique within a namespace to reference a @@ -257,8 +258,8 @@ spec: type: object networkData: description: NetworkData holds the reference to the Secret containing - network configuration (e.g content of network_data.json which is - passed to Config Drive). + network configuration (e.g content of network_data.json) which is + passed to the Config Drive. properties: name: description: Name is unique within a namespace to reference a @@ -272,6 +273,12 @@ spec: online: description: Should the server be online? type: boolean + preprovisioningNetworkDataName: + description: PreprovisioningNetworkDataName is the name of the Secret + in the local namespace containing network configuration (e.g content + of network_data.json) which is passed to the preprovisioning image, + and to the Config Drive if not overridden by specifying NetworkData. + type: string raid: description: RAID configuration for bare metal server properties: diff --git a/deploy/baremetal-operator/base/crd/bases/metal3.io_bmceventsubscriptions.yaml b/deploy/baremetal-operator/base/crd/bases/metal3.io_bmceventsubscriptions.yaml new file mode 100644 index 0000000..819db44 --- /dev/null +++ b/deploy/baremetal-operator/base/crd/bases/metal3.io_bmceventsubscriptions.yaml @@ -0,0 +1,90 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: bmceventsubscriptions.metal3.io +spec: + group: metal3.io + names: + kind: BMCEventSubscription + listKind: BMCEventSubscriptionList + plural: bmceventsubscriptions + shortNames: + - bes + - bmcevent + singular: bmceventsubscription + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The most recent error message + jsonPath: .status.error + name: Error + type: string + - description: Time duration since creation of BMCEventSubscription + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: BMCEventSubscription is the Schema for the fast eventing API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + context: + description: Arbitrary user-provided context for the event + type: string + destination: + description: A webhook URL to send events to + type: string + hostName: + description: A reference to a BareMetalHost + type: string + httpHeadersRef: + description: A secret containing HTTP headers which should be passed + along to the Destination when making a request + properties: + name: + description: Name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: Namespace defines the space within which the secret + name must be unique. + type: string + type: object + type: object + status: + properties: + error: + type: string + subscriptionID: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deploy/baremetal-operator/base/crd/bases/metal3.io_firmwareschemas.yaml b/deploy/baremetal-operator/base/crd/bases/metal3.io_firmwareschemas.yaml index 362b5e6..1b012a8 100644 --- a/deploy/baremetal-operator/base/crd/bases/metal3.io_firmwareschemas.yaml +++ b/deploy/baremetal-operator/base/crd/bases/metal3.io_firmwareschemas.yaml @@ -72,10 +72,6 @@ spec: read_only: description: Whether or not this setting is read only. type: boolean - reset_required: - description: Whether or not a reset is required after changing - this setting. - type: boolean unique: description: Whether or not this setting's value is unique to this node, e.g. a serial number. diff --git a/deploy/baremetal-operator/base/crd/bases/metal3.io_hostfirmwaresettings.yaml b/deploy/baremetal-operator/base/crd/bases/metal3.io_hostfirmwaresettings.yaml index 9735f3d..0c8ab5c 100644 --- a/deploy/baremetal-operator/base/crd/bases/metal3.io_hostfirmwaresettings.yaml +++ b/deploy/baremetal-operator/base/crd/bases/metal3.io_hostfirmwaresettings.yaml @@ -13,6 +13,8 @@ spec: kind: HostFirmwareSettings listKind: HostFirmwareSettingsList plural: hostfirmwaresettings + shortNames: + - hfs singular: hostfirmwaresettings scope: Namespaced versions: @@ -44,9 +46,7 @@ spec: - type: string x-kubernetes-int-or-string: true description: Settings are the desired firmware settings stored as - name/value pairs. This will be populated with the actual firmware - settings and only contain the settings that can be modified (i.e. - not ReadOnly), to facilitate making changes. + name/value pairs. type: object required: - settings @@ -55,6 +55,84 @@ spec: description: HostFirmwareSettingsStatus defines the observed state of HostFirmwareSettings properties: + conditions: + description: Track whether settings stored in the spec are valid based + on the schema + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + lastUpdated: + description: Time that the status was last updated + format: date-time + type: string schema: description: FirmwareSchema is a reference to the Schema used to describe each FirmwareSetting. By default, this will be a Schema in the same @@ -74,7 +152,7 @@ spec: settings: additionalProperties: type: string - description: Settings are the actual firmware settings stored as name/value + description: Settings are the firmware settings stored as name/value pairs type: object required: diff --git a/deploy/baremetal-operator/base/crd/bases/metal3.io_preprovisioningimages.yaml b/deploy/baremetal-operator/base/crd/bases/metal3.io_preprovisioningimages.yaml new file mode 100644 index 0000000..5447d17 --- /dev/null +++ b/deploy/baremetal-operator/base/crd/bases/metal3.io_preprovisioningimages.yaml @@ -0,0 +1,181 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: preprovisioningimages.metal3.io +spec: + group: metal3.io + names: + kind: PreprovisioningImage + listKind: PreprovisioningImageList + plural: preprovisioningimages + shortNames: + - ppimg + singular: preprovisioningimage + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Whether the image is ready + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: The reason for the image readiness status + jsonPath: .status.conditions[?(@.type=='Ready')].reason + name: Reason + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: PreprovisioningImage is the Schema for the preprovisioningimages + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: PreprovisioningImageSpec defines the desired state of PreprovisioningImage + properties: + acceptFormats: + description: acceptFormats is a list of acceptable image formats. + items: + description: ImageFormat enumerates the allowed image formats + enum: + - iso + - initrd + type: string + type: array + architecture: + description: architecture is the processor architecture for which + to build the image. + type: string + networkDataName: + description: networkDataName is the name of a Secret in the local + namespace that contains network data to build in to the image. + type: string + type: object + status: + description: PreprovisioningImageStatus defines the observed state of + PreprovisioningImage + properties: + architecture: + description: architecture is the processor architecture for which + the image is built + type: string + conditions: + description: conditions describe the state of the built image + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: + \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type + \ // +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + format: + description: 'format is the type of image that is available at the + download url: either iso or initrd.' + enum: + - iso + - initrd + type: string + imageUrl: + description: imageUrl is the URL from which the built image can be + downloaded. + type: string + networkData: + description: networkData is a reference to the version of the Secret + containing the network data used to build the image. + properties: + name: + type: string + version: + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/deploy/baremetal-operator/base/crd/kustomization.yaml b/deploy/baremetal-operator/base/crd/kustomization.yaml index d155aa6..edc11d7 100644 --- a/deploy/baremetal-operator/base/crd/kustomization.yaml +++ b/deploy/baremetal-operator/base/crd/kustomization.yaml @@ -5,7 +5,9 @@ resources: - bases/metal3.io_baremetalhosts.yaml - bases/metal3.io_hostfirmwaresettings.yaml - bases/metal3.io_firmwareschemas.yaml -# +kubebuilder:scaffold:crdkustomizeresource +- bases/metal3.io_preprovisioningimages.yaml +- bases/metal3.io_bmceventsubscriptions.yaml +#+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. @@ -13,14 +15,18 @@ patchesStrategicMerge: #- patches/webhook_in_baremetalhosts.yaml #- patches/webhook_in_hostfirmwaresettings.yaml #- patches/webhook_in_firmwareschemas.yaml -# +kubebuilder:scaffold:crdkustomizewebhookpatch +#- patches/webhook_in_preprovisioningimages.yaml +#- patches/webhook_in_bmceventsubscriptions.yaml +#+kubebuilder:scaffold:crdkustomizewebhookpatch # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD - patches/cainjection_in_baremetalhosts.yaml #- patches/cainjection_in_hostfirmwaresettings.yaml #- patches/cainjection_in_firmwareschemas.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch +#- patches/cainjection_in_preprovisioningimages.yaml +#- patches/cainjection_in_bmceventsubscriptions.yaml +#+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: diff --git a/deploy/baremetal-operator/base/crd/kustomizeconfig.yaml b/deploy/baremetal-operator/base/crd/kustomizeconfig.yaml index 6f83d9a..ec5c150 100644 --- a/deploy/baremetal-operator/base/crd/kustomizeconfig.yaml +++ b/deploy/baremetal-operator/base/crd/kustomizeconfig.yaml @@ -4,13 +4,15 @@ nameReference: version: v1 fieldSpecs: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/name + path: spec/conversion/webhook/clientConfig/service/name namespace: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/namespace + path: spec/conversion/webhook/clientConfig/service/namespace create: false varReference: diff --git a/deploy/baremetal-operator/base/crd/patches/cainjection_in_baremetalhosts.yaml b/deploy/baremetal-operator/base/crd/patches/cainjection_in_baremetalhosts.yaml index 6c3666e..74f1a27 100644 --- a/deploy/baremetal-operator/base/crd/patches/cainjection_in_baremetalhosts.yaml +++ b/deploy/baremetal-operator/base/crd/patches/cainjection_in_baremetalhosts.yaml @@ -1,5 +1,4 @@ # The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/deploy/baremetal-operator/base/crd/patches/cainjection_in_bmceventsubscriptions.yaml b/deploy/baremetal-operator/base/crd/patches/cainjection_in_bmceventsubscriptions.yaml new file mode 100644 index 0000000..3eca636 --- /dev/null +++ b/deploy/baremetal-operator/base/crd/patches/cainjection_in_bmceventsubscriptions.yaml @@ -0,0 +1,7 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: bmceventsubscriptions.metal3.io diff --git a/deploy/baremetal-operator/base/crd/patches/cainjection_in_preprovisioningimages.yaml b/deploy/baremetal-operator/base/crd/patches/cainjection_in_preprovisioningimages.yaml new file mode 100644 index 0000000..66b6e24 --- /dev/null +++ b/deploy/baremetal-operator/base/crd/patches/cainjection_in_preprovisioningimages.yaml @@ -0,0 +1,8 @@ +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: preprovisioningimages.metal3.io diff --git a/deploy/baremetal-operator/base/crd/patches/webhook_in_baremetalhosts.yaml b/deploy/baremetal-operator/base/crd/patches/webhook_in_baremetalhosts.yaml index d99d8f1..fdf4a74 100644 --- a/deploy/baremetal-operator/base/crd/patches/webhook_in_baremetalhosts.yaml +++ b/deploy/baremetal-operator/base/crd/patches/webhook_in_baremetalhosts.yaml @@ -1,5 +1,4 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. +# The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -7,11 +6,12 @@ metadata: spec: conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + caBundle: Cg== + conversionReviewVersions: + - v1 diff --git a/deploy/baremetal-operator/base/crd/patches/webhook_in_bmceventsubscriptions.yaml b/deploy/baremetal-operator/base/crd/patches/webhook_in_bmceventsubscriptions.yaml new file mode 100644 index 0000000..f111d04 --- /dev/null +++ b/deploy/baremetal-operator/base/crd/patches/webhook_in_bmceventsubscriptions.yaml @@ -0,0 +1,14 @@ +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: bmceventsubscriptions.metal3.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert diff --git a/deploy/baremetal-operator/base/crd/patches/webhook_in_firmwareschemas.yaml b/deploy/baremetal-operator/base/crd/patches/webhook_in_firmwareschemas.yaml index 2744739..e221c84 100644 --- a/deploy/baremetal-operator/base/crd/patches/webhook_in_firmwareschemas.yaml +++ b/deploy/baremetal-operator/base/crd/patches/webhook_in_firmwareschemas.yaml @@ -7,11 +7,12 @@ metadata: spec: conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + caBundle: Cg== + conversionReviewVersions: + - v1 diff --git a/deploy/baremetal-operator/base/crd/patches/webhook_in_hostfirmwaresettings.yaml b/deploy/baremetal-operator/base/crd/patches/webhook_in_hostfirmwaresettings.yaml index 7387084..24da15b 100644 --- a/deploy/baremetal-operator/base/crd/patches/webhook_in_hostfirmwaresettings.yaml +++ b/deploy/baremetal-operator/base/crd/patches/webhook_in_hostfirmwaresettings.yaml @@ -7,11 +7,13 @@ metadata: spec: conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + caBundle: Cg== + conversionReviewVersions: + - v1 + diff --git a/deploy/baremetal-operator/base/crd/patches/webhook_in_preprovisioningimages.yaml b/deploy/baremetal-operator/base/crd/patches/webhook_in_preprovisioningimages.yaml new file mode 100644 index 0000000..33a66ce --- /dev/null +++ b/deploy/baremetal-operator/base/crd/patches/webhook_in_preprovisioningimages.yaml @@ -0,0 +1,18 @@ +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: preprovisioningimages.metal3.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + caBundle: Cg== + conversionReviewVersions: + - v1 diff --git a/deploy/baremetal-operator/base/default/kustomization.yaml b/deploy/baremetal-operator/base/default/kustomization.yaml index c151099..2e88f2f 100644 --- a/deploy/baremetal-operator/base/default/kustomization.yaml +++ b/deploy/baremetal-operator/base/default/kustomization.yaml @@ -16,21 +16,25 @@ bases: - ../crd - ../rbac - ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml - ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. - ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, please comment the following line. +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. - manager_auth_proxy_patch.yaml -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml - manager_webhook_patch.yaml diff --git a/deploy/baremetal-operator/base/default/manager_auth_proxy_patch.yaml b/deploy/baremetal-operator/base/default/manager_auth_proxy_patch.yaml index 4161fd4..9ace727 100644 --- a/deploy/baremetal-operator/base/default/manager_auth_proxy_patch.yaml +++ b/deploy/baremetal-operator/base/default/manager_auth_proxy_patch.yaml @@ -1,4 +1,4 @@ -# This patch inject a sidecar container which is a HTTP proxy for the +# This patch inject a sidecar container which is a HTTP proxy for the # controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment diff --git a/deploy/baremetal-operator/base/default/manager_config_patch.yaml b/deploy/baremetal-operator/base/default/manager_config_patch.yaml new file mode 100644 index 0000000..6c40015 --- /dev/null +++ b/deploy/baremetal-operator/base/default/manager_config_patch.yaml @@ -0,0 +1,20 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: controller-manager + namespace: system +spec: + template: + spec: + containers: + - name: manager + args: + - "--config=controller_manager_config.yaml" + volumeMounts: + - name: manager-config + mountPath: /controller_manager_config.yaml + subPath: controller_manager_config.yaml + volumes: + - name: manager-config + configMap: + name: manager-config diff --git a/deploy/baremetal-operator/base/manager/controller_manager_config.yaml b/deploy/baremetal-operator/base/manager/controller_manager_config.yaml new file mode 100644 index 0000000..43be936 --- /dev/null +++ b/deploy/baremetal-operator/base/manager/controller_manager_config.yaml @@ -0,0 +1,11 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :9440 +metrics: + bindAddress: 127.0.0.1:8085 +webhook: + port: 9443 +leaderElection: + leaderElect: true + resourceName: a9498140.metal3.io diff --git a/deploy/baremetal-operator/base/manager/kustomization.yaml b/deploy/baremetal-operator/base/manager/kustomization.yaml index 5c5f0b8..2bcd3ee 100644 --- a/deploy/baremetal-operator/base/manager/kustomization.yaml +++ b/deploy/baremetal-operator/base/manager/kustomization.yaml @@ -1,2 +1,10 @@ resources: - manager.yaml + +generatorOptions: + disableNameSuffixHash: true + +configMapGenerator: +- name: manager-config + files: + - controller_manager_config.yaml diff --git a/deploy/baremetal-operator/base/manager/manager.yaml b/deploy/baremetal-operator/base/manager/manager.yaml index cff809b..ea2c7fd 100644 --- a/deploy/baremetal-operator/base/manager/manager.yaml +++ b/deploy/baremetal-operator/base/manager/manager.yaml @@ -37,10 +37,25 @@ spec: - configMapRef: name: ironic name: manager + securityContext: + allowPrivilegeEscalation: false livenessProbe: httpGet: path: /healthz port: 9440 - initialDelaySeconds: 3 - periodSeconds: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + httpGet: + path: /readyz + port: 9440 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 10 + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/deploy/baremetal-operator/base/rbac/auth_proxy_client_clusterrole.yaml b/deploy/baremetal-operator/base/rbac/auth_proxy_client_clusterrole.yaml index bd4af13..51a75db 100644 --- a/deploy/baremetal-operator/base/rbac/auth_proxy_client_clusterrole.yaml +++ b/deploy/baremetal-operator/base/rbac/auth_proxy_client_clusterrole.yaml @@ -3,5 +3,7 @@ kind: ClusterRole metadata: name: metrics-reader rules: -- nonResourceURLs: ["/metrics"] - verbs: ["get"] +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/deploy/baremetal-operator/base/rbac/auth_proxy_role.yaml b/deploy/baremetal-operator/base/rbac/auth_proxy_role.yaml index 618f5e4..80e1857 100644 --- a/deploy/baremetal-operator/base/rbac/auth_proxy_role.yaml +++ b/deploy/baremetal-operator/base/rbac/auth_proxy_role.yaml @@ -3,11 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: ["authentication.k8s.io"] +- apiGroups: + - authentication.k8s.io resources: - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] + verbs: + - create +- apiGroups: + - authorization.k8s.io resources: - subjectaccessreviews - verbs: ["create"] + verbs: + - create diff --git a/deploy/baremetal-operator/base/rbac/auth_proxy_role_binding.yaml b/deploy/baremetal-operator/base/rbac/auth_proxy_role_binding.yaml index 48ed1e4..ec7acc0 100644 --- a/deploy/baremetal-operator/base/rbac/auth_proxy_role_binding.yaml +++ b/deploy/baremetal-operator/base/rbac/auth_proxy_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: proxy-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/deploy/baremetal-operator/base/rbac/bmceventsubscription_editor_role.yaml b/deploy/baremetal-operator/base/rbac/bmceventsubscription_editor_role.yaml new file mode 100644 index 0000000..95e06b4 --- /dev/null +++ b/deploy/baremetal-operator/base/rbac/bmceventsubscription_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit bmceventsubscriptions. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: bmceventsubscription-editor-role +rules: +- apiGroups: + - metal3.io + resources: + - bmceventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - bmceventsubscriptions/status + verbs: + - get diff --git a/deploy/baremetal-operator/base/rbac/bmceventsubscription_viewer_role.yaml b/deploy/baremetal-operator/base/rbac/bmceventsubscription_viewer_role.yaml new file mode 100644 index 0000000..ed4941f --- /dev/null +++ b/deploy/baremetal-operator/base/rbac/bmceventsubscription_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view bmceventsubscriptions. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: bmceventsubscription-viewer-role +rules: +- apiGroups: + - metal3.io + resources: + - bmceventsubscriptions + verbs: + - get + - list + - watch +- apiGroups: + - metal3.io + resources: + - bmceventsubscriptions/status + verbs: + - get diff --git a/deploy/baremetal-operator/base/rbac/kustomization.yaml b/deploy/baremetal-operator/base/rbac/kustomization.yaml index 66c2833..731832a 100644 --- a/deploy/baremetal-operator/base/rbac/kustomization.yaml +++ b/deploy/baremetal-operator/base/rbac/kustomization.yaml @@ -1,4 +1,10 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +- service_account.yaml - role.yaml - role_binding.yaml - leader_election_role.yaml diff --git a/deploy/baremetal-operator/base/rbac/leader_election_role_binding.yaml b/deploy/baremetal-operator/base/rbac/leader_election_role_binding.yaml index eed1690..1d1321e 100644 --- a/deploy/baremetal-operator/base/rbac/leader_election_role_binding.yaml +++ b/deploy/baremetal-operator/base/rbac/leader_election_role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/deploy/baremetal-operator/base/rbac/preprovisioningimage_editor_role.yaml b/deploy/baremetal-operator/base/rbac/preprovisioningimage_editor_role.yaml new file mode 100644 index 0000000..7a868a8 --- /dev/null +++ b/deploy/baremetal-operator/base/rbac/preprovisioningimage_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit preprovisioningimages. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: preprovisioningimage-editor-role +rules: +- apiGroups: + - metal3.io + resources: + - preprovisioningimages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - preprovisioningimages/status + verbs: + - get diff --git a/deploy/baremetal-operator/base/rbac/preprovisioningimage_viewer_role.yaml b/deploy/baremetal-operator/base/rbac/preprovisioningimage_viewer_role.yaml new file mode 100644 index 0000000..40f7336 --- /dev/null +++ b/deploy/baremetal-operator/base/rbac/preprovisioningimage_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view preprovisioningimages. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: preprovisioningimage-viewer-role +rules: +- apiGroups: + - metal3.io + resources: + - preprovisioningimages + verbs: + - get + - list + - watch +- apiGroups: + - metal3.io + resources: + - preprovisioningimages/status + verbs: + - get diff --git a/deploy/baremetal-operator/base/rbac/role.yaml b/deploy/baremetal-operator/base/rbac/role.yaml index a98be9e..938a97e 100644 --- a/deploy/baremetal-operator/base/rbac/role.yaml +++ b/deploy/baremetal-operator/base/rbac/role.yaml @@ -46,3 +46,83 @@ rules: - get - patch - update +- apiGroups: + - metal3.io + resources: + - bmceventsubscriptions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - bmceventsubscriptions/status + verbs: + - get + - patch + - update +- apiGroups: + - metal3.io + resources: + - firmwareschemas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - firmwareschemas/status + verbs: + - get + - patch + - update +- apiGroups: + - metal3.io + resources: + - hostfirmwaresettings + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - hostfirmwaresettings/status + verbs: + - get + - patch + - update +- apiGroups: + - metal3.io + resources: + - preprovisioningimages + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - metal3.io + resources: + - preprovisioningimages/status + verbs: + - get + - patch + - update diff --git a/deploy/baremetal-operator/base/rbac/role_binding.yaml b/deploy/baremetal-operator/base/rbac/role_binding.yaml index 8f26587..2070ede 100644 --- a/deploy/baremetal-operator/base/rbac/role_binding.yaml +++ b/deploy/baremetal-operator/base/rbac/role_binding.yaml @@ -8,5 +8,5 @@ roleRef: name: manager-role subjects: - kind: ServiceAccount - name: default + name: controller-manager namespace: system diff --git a/deploy/baremetal-operator/base/rbac/service_account.yaml b/deploy/baremetal-operator/base/rbac/service_account.yaml new file mode 100644 index 0000000..7cd6025 --- /dev/null +++ b/deploy/baremetal-operator/base/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/deploy/baremetal-operator/base/webhook/manifests.yaml b/deploy/baremetal-operator/base/webhook/manifests.yaml index d39766c..ed0e1a3 100644 --- a/deploy/baremetal-operator/base/webhook/manifests.yaml +++ b/deploy/baremetal-operator/base/webhook/manifests.yaml @@ -27,3 +27,24 @@ webhooks: resources: - baremetalhosts sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-metal3-io-v1alpha1-bmceventsubscription + failurePolicy: Fail + name: bmceventsubscription.metal3.io + rules: + - apiGroups: + - metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - bmceventsubscriptions + sideEffects: None diff --git a/deploy/baremetal-operator/icn/kustomization.yaml b/deploy/baremetal-operator/icn/kustomization.yaml index 022d459..3268074 100644 --- a/deploy/baremetal-operator/icn/kustomization.yaml +++ b/deploy/baremetal-operator/icn/kustomization.yaml @@ -7,7 +7,7 @@ resources: images: - name: quay.io/metal3-io/baremetal-operator - newTag: capm3-v0.5.1 + newTag: capm3-v0.5.4 configMapGenerator: - envs: diff --git a/deploy/ironic/base/ironic/ironic.yaml b/deploy/ironic/base/ironic/ironic.yaml index 2013011..93d50ab 100644 --- a/deploy/ironic/base/ironic/ironic.yaml +++ b/deploy/ironic/base/ironic/ironic.yaml @@ -26,6 +26,22 @@ spec: add: ["NET_ADMIN"] command: - /bin/rundnsmasq + livenessProbe: + exec: + command: ["sh", "-c", "ss -lun | grep :67 && ss -lun | grep :69"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + exec: + command: ["sh", "-c", "ss -lun | grep :67 && ss -lun | grep :69"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 volumeMounts: - mountPath: /shared name: ironic-data-volume @@ -33,10 +49,24 @@ spec: - configMapRef: name: ironic-bmo-configmap - name: mariadb - image: quay.io/metal3-io/ironic + image: quay.io/metal3-io/mariadb imagePullPolicy: Always - command: - - /bin/runmariadb + livenessProbe: + exec: + command: ["sh", "-c", "mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + exec: + command: ["sh", "-c", "mysqladmin status -uironic -p$(printenv MARIADB_PASSWORD)"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 volumeMounts: - mountPath: /shared name: ironic-data-volume @@ -56,6 +86,22 @@ spec: imagePullPolicy: Always command: - /bin/runironic-api + livenessProbe: + exec: + command: ["sh", "-c", "curl -sSf http://127.0.0.1:6385 || curl -sSfk https://127.0.0.1:6385"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + readinessProbe: + exec: + command: ["sh", "-c", "curl -sSf http://127.0.0.1:6385 || curl -sSfk https://127.0.0.1:6385"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 volumeMounts: - mountPath: /shared name: ironic-data-volume @@ -73,6 +119,22 @@ spec: imagePullPolicy: Always command: - /bin/runironic-conductor + readinessProbe: + exec: + command: ["sh", "-c", "curl -sd '{}' -o – -k https://127.0.0.1:8089 || curl -sd '{}' -o – http://127.0.0.1:8089"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + livenessProbe: + exec: + command: ["sh", "-c", "curl -sd '{}' -o – -k https://127.0.0.1:8089 || curl -sd '{}' -o – http://127.0.0.1:8089"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 volumeMounts: - mountPath: /shared name: ironic-data-volume @@ -96,6 +158,22 @@ spec: - name: ironic-inspector image: quay.io/metal3-io/ironic imagePullPolicy: Always + readinessProbe: + exec: + command: ["sh", "-c", "curl -sSf http://127.0.0.1:5050 || curl -sSf -k https://127.0.0.1:5050"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 + livenessProbe: + exec: + command: ["sh", "-c", "curl -sSf http://127.0.0.1:5050 || curl -sSf -k https://127.0.0.1:5050"] + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 10 command: - /bin/runironic-inspector envFrom: diff --git a/deploy/ironic/icn/kustomization.yaml b/deploy/ironic/icn/kustomization.yaml index b896f68..cf2aa65 100644 --- a/deploy/ironic/icn/kustomization.yaml +++ b/deploy/ironic/icn/kustomization.yaml @@ -24,6 +24,6 @@ patchesStrategicMerge: images: - name: quay.io/metal3-io/ironic - newTag: capm3-v0.5.1 + newTag: capm3-v0.5.4 - name: quay.io/metal3-io/ironic-ipa-downloader digest: sha256:d2d871675b629bf66514ccda2e2616c50670f7fff9d95b983a216f3a7fdaa1aa diff --git a/env/lib/common.sh b/env/lib/common.sh index 26c9a65..2cbdc0b 100755 --- a/env/lib/common.sh +++ b/env/lib/common.sh @@ -17,7 +17,7 @@ BMOPATH="/opt/src/github.com/metal3-io/baremetal-operator" #Bare Metal Operator version to use # If changing this, the value in deploy/ironic/icn/kustomization.yaml # must also be changed -BMO_VERSION="capm3-v0.5.1" +BMO_VERSION="capm3-v0.5.4" #KuD repository URL KUDREPO="${KUDREPO:-https://github.com/onap/multicloud-k8s.git}" @@ -40,10 +40,10 @@ FORCE_REPO_UPDATE="${FORCE_REPO_UPDATE:-false}" KUSTOMIZE_VERSION="v4.3.0" #Cluster API version to use -CAPI_VERSION="v0.4.3" +CAPI_VERSION="v0.4.7" #Cluster API version to use -CAPM3_VERSION="v0.5.1" +CAPM3_VERSION="v0.5.4" #The flux version to use FLUX_VERSION="0.25.3" -- 2.16.6