Merge pull request #1822 from salasberryfin/backport-to-v0.25

[release/v0.25] backport multiple commits

Author: salasberryfin

.github/scripts/fetch-core-capi.sh

@@ -0,0 +1,43 @@
+#!/bin/bash
+
+# script-specific variables
+CAPI_VERSION="${CAPI_VERSION:-latest}"
+CAPI_RELEASE_URL="${CAPI_RELEASE_URL:-https://github.com/rancher-sandbox/cluster-api/releases/${CAPI_VERSION}/core-components.yaml}"
+CORE_CAPI_NAMESPACE="${CORE_CAPI_NAMESPACE:-capi-system}"
+OUTPUT_DIR="${OUTPUT_DIR:-/tmp}"
+OUTPUT_FILE="${OUTPUT_FILE:-core-provider-configmap.yaml}"
+MANAGED_BY_LABEL="managed-by.turtles.cattle.io"
+
+# parameters that must be substituted in CAPI manifest
+export CAPI_DIAGNOSTICS_ADDRESS=${CAPI_DIAGNOSTICS_ADDRESS:=:8443}
+export CAPI_INSECURE_DIAGNOSTICS=${CAPI_INSECURE_DIAGNOSTICS:=false}
+export EXP_MACHINE_POOL=${EXP_MACHINE_POOL:=true}
+export EXP_CLUSTER_RESOURCE_SET=${EXP_CLUSTER_RESOURCE_SET:=true}
+export CLUSTER_TOPOLOGY=${CLUSTER_TOPOLOGY:=true}
+export EXP_RUNTIME_SDK=${EXP_RUNTIME_SDK:=false}
+export EXP_MACHINE_SET_PREFLIGHT_CHECKS=${EXP_MACHINE_SET_PREFLIGHT_CHECKS:=true}
+export EXP_MACHINE_WAITFORVOLUMEDETACH_CONSIDER_VOLUMEATTACHMENTS=${EXP_MACHINE_WAITFORVOLUMEDETACH_CONSIDER_VOLUMEATTACHMENTS:=true}
+export EXP_PRIORITY_QUEUE=${EXP_PRIORITY_QUEUE:=false}
+
+# install krew and CAPI Operator plugin
+set -x
+OS="$(uname | tr '[:upper:]' '[:lower:]')" &&
+    ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" &&
+    KREW="krew-${OS}_${ARCH}" &&
+    curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" &&
+    tar zxvf "${KREW}.tar.gz" &&
+    ./"${KREW}" install krew
+export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+kubectl krew index add operator https://github.com/kubernetes-sigs/cluster-api-operator.git
+kubectl krew install operator/clusterctl-operator
+kubectl operator version
+
+# use CAPI Operator plugin to generate ConfigMap with core CAPI components
+kubectl operator preload --core cluster-api:${CORE_CAPI_NAMESPACE} -u ${CAPI_RELEASE_URL} >>${OUTPUT_DIR}/${OUTPUT_FILE}
+# this is needed to remove comments in the yaml manifest that contain '{{' which breaks Helm parsing
+sed -i '/{{[^-]/d' ${OUTPUT_DIR}/${OUTPUT_FILE}
+# label as managed by turtles for easier filtering
+sed -i -r 's/^(\s*)(provider\.cluster\.x-k8s\.io\/version:.*)/\1\2\n\1'"${MANAGED_BY_LABEL}"': "true"/' ${OUTPUT_DIR}/${OUTPUT_FILE}
+
+# embed this in Turtles chart
+mv ${OUTPUT_DIR}/${OUTPUT_FILE} ./charts/rancher-turtles/templates/${OUTPUT_FILE}

.github/workflows/codeql.yml

@@ -29,13 +29,13 @@ jobs:
       with:
         go-version-file: go.mod
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
+      uses: github/codeql-action/init@v4
       with:
         languages: go
     - name: Build
       run: |
         make build
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
+      uses: github/codeql-action/analyze@v4
       with:
         category: "/language:go"

.github/workflows/fetch-core-capi-airgapped.yml

@@ -0,0 +1,65 @@
+name: Fetch core CAPI components manifest and embed in Turtles chart for air-gapped installations.
+on:
+  schedule:
+    - cron: "0 0 * * *" # Run every day at midnight (UTC)
+  # allow running manually on demand
+  workflow_dispatch:
+
+env:
+  TURTLES_REF: "${{ github.ref_name }}"
+  GH_TOKEN: "${{ secrets.GH_TOKEN }}"
+
+jobs:
+  create-core-capi-turtles-pr:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
+        with:
+          ref: "${{ env.TURTLES_REF }}"
+          token: ${{ env.GH_TOKEN }}
+          # Allow making git push request later on
+          persist-credentials: true
+
+      - name: Configure the committer
+        run: |
+          user_id=$(gh api "/users/$APP_USER" --jq .id)
+          git config --global user.name "$APP_USER"
+          git config --global user.email "${user_id}+${APP_USER}@users.noreply.github.com"
+        env:
+          GH_TOKEN: "${{ env.GH_TOKEN }}"
+          APP_USER: "${{ github.actor }}"
+
+      - name: Run script to fetch components manifest
+        run: |
+          CAPI_VERSION=$(curl -s "https://api.github.com/repos/rancher-sandbox/cluster-api/releases/latest" | jq -r ".tag_name")
+          echo "CAPI_VERSION=${CAPI_VERSION}" >> $GITHUB_ENV
+          BRANCH="fetch-core-capi-${GITHUB_RUN_ID}-${GITHUB_RUN_ATTEMPT}"
+          echo "BRANCH=${BRANCH}" >> $GITHUB_ENV
+          git checkout -b "$BRANCH" "$TURTLES_REF"
+          CAPI_VERSION=$CAPI_VERSION ./.github/scripts/fetch-core-capi.sh
+          git add charts/rancher-turtles
+          if git diff --cached --quiet; then
+            echo "No changes detected"
+            echo "SKIP_PUSH=true" >> $GITHUB_ENV
+          else
+            git commit -m "chore: embed core CAPI ${CAPI_VERSION} in Turtles chart"
+            echo "SKIP_PUSH=false" >> $GITHUB_ENV
+          fi
+
+      - name: Push and create pull request
+        if: env.SKIP_PUSH == 'false'
+        env:
+          GH_TOKEN: "${{ env.GH_TOKEN }}"
+        run: |
+          git push origin "$BRANCH"
+          body="This PR fetches core CAPI $CAPI_VERSION components manifest from release and embeds the template in the Turtles chart for a simplified air-gapped installation."
+
+          gh pr create \
+            --title "chore: embed core CAPI provider $CAPI_VERSION manifest in chart" \
+            --body "$body" \
+            --head "${{ github.repository_owner }}:$BRANCH" \
+            --base "$TURTLES_REF" \
+            --label "area/installation" \
+            --label "kind/ci"

.github/workflows/nightly-chart-and-image-publish.yaml

@@ -63,4 +63,4 @@ jobs:
       - name: Print helm install command
         run: |
           echo "Nightly build can be installed using the following command:"
-          echo "helm install rancher-turtles oci://ghcr.io/${{ github.repository_owner }}/rancher-turtles-chart/rancher-turtles --version 0.0.0-${{ github.sha }}  -n rancher-turtles-system --create-namespace --wait"
+          echo "helm install rancher-turtles oci://ghcr.io/${{ github.repository_owner }}/rancher-turtles-chart/rancher-turtles --version 0.0.0-${{ github.sha }}  -n cattle-turtles-system --create-namespace --wait"

.github/workflows/test_chart.yaml

@@ -89,7 +89,7 @@ jobs:
         run: helm install rancher rancher-latest/rancher --namespace cattle-system --create-namespace --set bootstrapPassword=rancheradmin --set replicas=1 --set hostname="e2e.dev.rancher" --set 'extraEnv[0].name=CATTLE_FEATURES' --version ${{ env.RANCHER_VERSION }} --wait
 
       - name: Run chart-testing (install)
-        run: helm install rancher-turtles out/charts/rancher-turtles/ -n rancher-turtles-system --create-namespace --wait --debug
+        run: helm install rancher-turtles out/charts/rancher-turtles/ -n cattle-turtles-system --create-namespace --wait --debug
 
       - name: Wait for core provider rollout
         run: sleep 30 && kubectl rollout status deployment capi-controller-manager -n capi-system --timeout=10m
@@ -102,10 +102,10 @@ jobs:
           fi
 
       - name: Run chart-testing (un-install)
-        run: helm uninstall rancher-turtles -n rancher-turtles-system --cascade foreground --wait --debug --timeout=10m
+        run: helm uninstall rancher-turtles -n cattle-turtles-system --cascade foreground --wait --debug --timeout=10m
 
       - name: Run chart re-install
-        run: helm install rancher-turtles out/charts/rancher-turtles/ -n rancher-turtles-system --create-namespace --wait --debug
+        run: helm install rancher-turtles out/charts/rancher-turtles/ -n cattle-turtles-system --create-namespace --wait --debug
 
   community-test:
     runs-on: ubuntu-latest
@@ -158,7 +158,7 @@ jobs:
         run: helm repo add rancher-latest https://releases.rancher.com/server-charts/latest && helm install rancher rancher-latest/rancher --namespace cattle-system --create-namespace --set bootstrapPassword=rancheradmin --set replicas=1 --set hostname="e2e.dev.rancher" --version ${{ env.RANCHER_VERSION }} --wait
 
       - name: Install rancher-turtles chart
-        run: helm install rancher-turtles out/charts/rancher-turtles/ -n rancher-turtles-system --create-namespace --wait --debug
+        run: helm install rancher-turtles out/charts/rancher-turtles/ -n cattle-turtles-system --create-namespace --wait --debug
 
       - name: Wait for core provider rollout
         run: sleep 30 && kubectl rollout status deployment capi-controller-manager -n capi-system --timeout=10m

.github/workflows/trivy.yml

@@ -46,6 +46,6 @@ jobs:
           output: 'trivy-results.sarif'
           severity: 'CRITICAL,HIGH'
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           sarif_file: 'trivy-results.sarif'

Tiltfile

@@ -35,7 +35,7 @@ if settings.get("trigger_mode") == "manual":
 if settings.get("default_registry") != "":
     default_registry(settings.get("default_registry"))
 
-always_enable_projects = ["turtles", "turtles-capiproviders"]
+always_enable_projects = ["turtles"]
 
 projects = {
     "turtles": {
@@ -51,15 +51,6 @@ projects = {
         "kustomize_dir": "config/default",
         "label": "turtles",
         "binary_name" : "manager"
-    },
-    "turtles-capiproviders": {
-        "context": ".",
-        "live_reload_deps": [
-            "config"
-        ],
-        "kustomize_dir": "config/capiproviders",
-        "label": "turtles-capiproviders",
-        "op": "apply"
     }
 }
 

api/v1alpha1/provider_types.go

@@ -55,7 +55,7 @@ func (t Type) ToName() string {
 	case Infrastructure:
 		return "infrastructure-"
 	case Core:
-		return "core-"
+		return ""
 	case ControlPlane:
 		return "control-plane-"
 	case Bootstrap:

charts/rancher-turtles-providers/Chart.yaml

@@ -14,11 +14,9 @@ keywords:
 annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles Certified Providers
-  catalog.cattle.io/kube-version: '>= 1.23.0-0'
-  catalog.cattle.io/namespace: rancher-turtles-system
+  catalog.cattle.io/namespace: cattle-turtles-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux
-  catalog.cattle.io/rancher-version: '>= 2.11.0-1'
-  catalog.cattle.io/release-name: rancher-turtles
+  catalog.cattle.io/release-name: rancher-turtles-providers
   catalog.cattle.io/scope: management
   catalog.cattle.io/type: cluster-tool

charts/rancher-turtles/Chart.yaml

@@ -15,7 +15,7 @@ annotations:
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: Rancher Turtles - the Cluster API Extension
   catalog.cattle.io/kube-version: '>= 1.31.4-0 < 1.34.0-0'
-  catalog.cattle.io/namespace: rancher-turtles-system
+  catalog.cattle.io/namespace: cattle-turtles-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux
   catalog.cattle.io/rancher-version: '>= 2.13.0-0 < 2.14.0-0'