Skip to content

feat: add snapshot-controller #731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
fitbeard wants to merge 25 commits into
base: main
Choose a base branch
from
Open

feat: add snapshot-controller #731

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
6d38505
feat: add snapshot-controller
fitbeard Jun 10, 2025
bf3b632
chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.7.12 (#728)
renovate[bot] Jun 9, 2025
9c58671
chore(deps): update vexxhost/chart-vendor digest to f3ac9b6 (#729)
renovate[bot] Jun 9, 2025
0dc26cb
chore(deps): update dependency projectcalico/calico to v3.30.1 (#724)
renovate[bot] Jun 9, 2025
3b20ed3
chore(deps): update docker/dockerfile docker tag to v1.16 (#713)
renovate[bot] Jun 9, 2025
4e7b6a9
fix(deps): update rust crate syn to v2.0.102 (#730)
renovate[bot] Jun 10, 2025
f3b13e8
chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.7.16 (#733)
renovate[bot] Jun 28, 2025
8dfe239
fix(deps): update rust crate syn to v2.0.104 (#735)
renovate[bot] Jun 28, 2025
165f9fa
fix(deps): update rust crate pyo3 to v0.25.1 (#734)
renovate[bot] Jun 28, 2025
1c55bf6
chore(deps): update dependency projectcalico/calico to v3.30.2 (#741)
renovate[bot] Jun 30, 2025
b5d7787
chore(deps): update pyo3/maturin-action action to v1.49.3 (#742)
renovate[bot] Jun 30, 2025
be39654
chore(deps): update astral-sh/setup-uv action to v6.3.1 (#743)
renovate[bot] Jun 30, 2025
14c27c3
chore(deps): update stefanzweifel/git-auto-commit-action action to v6…
renovate[bot] Jun 30, 2025
40720fa
chore(deps): update ghcr.io/astral-sh/uv docker tag to v0.8.12 (#744)
renovate[bot] Aug 20, 2025
f7942e2
doc: update about images (#447)
okozachenko1203 Aug 21, 2025
a3159d3
set failureDomain as none instead of empty string (#758)
okozachenko1203 Aug 22, 2025
2c80c90
Remove unnecessary line from images.md
mnaser Aug 22, 2025
f6f755a
Upgrade capi version (#757)
okozachenko1203 Aug 22, 2025
555a89b
feat: drop guards around k8s versions (#761)
mnaser Aug 23, 2025
b84a457
ci: use latest k8s version (#762)
mnaser Aug 23, 2025
b906090
Add ability to set admission control plugins (#751)
klindgren-godaddy Aug 25, 2025
e241be5
chore(deps): update docker/setup-buildx-action action to v3.11.1 (#736)
renovate[bot] Aug 25, 2025
142a786
Set GH_TOKEN for cluster-autoscaler bump script
mnaser Aug 26, 2025
d3cd0bc
chore(deps): pin dev-hanz-ops/install-gh-cli-action action to af38ce0…
renovate[bot] Aug 26, 2025
c313e53
chore(deps): update vexxhost/chart-vendor digest to 14e1c5d (#756)
renovate[bot] Aug 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
48 changes: 48 additions & 0 deletions .github/workflows/bump.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: bump

on:
workflow_dispatch:
schedule:
- cron: '0 0 * * *'

jobs:
kubernetes:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
token: ${{ secrets.VEXXHOST_BOT_PAT }}
- run: ./hack/bump/kubernetes.sh
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
token: ${{ secrets.VEXXHOST_BOT_PAT }}
commit-message: "chore(deps): update kubernetes"
signoff: true
title: "chore(deps): update kubernetes"
body: |
## Automated Kubernetes Version Update
This PR updates the Kubernetes versions in the CI workflow to the latest maintained versions.
Source: https://endoflife.date/kubernetes
delete-branch: true
branch: bump/kubernetes

cluster-autoscaler:
Comment on lines +10 to +29

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 5 months ago

The optimal way to fix the issue is to add an explicit permissions block to the workflow, at the top level (so it applies to all jobs by default), restricting the GITHUB_TOKEN to the least privilege. Since both jobs use the actions/checkout and peter-evans/create-pull-request actions, and the PR creation is done via a custom token (not GITHUB_TOKEN), only read access to git contents is required. Therefore, set permissions: contents: read at the root workflow level (just after the workflow name:), unless there are steps that require more permissions using the GITHUB_TOKEN (none seem present).

Changes needed:

  • In .github/workflows/bump.yml, insert a permissions: block after the name: bump line, with at least contents: read.
  • No additional packages or methods are required for this change.
Suggested changeset 1
.github/workflows/bump.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml
--- a/.github/workflows/bump.yml
+++ b/.github/workflows/bump.yml
@@ -1,3 +1,5 @@
+permissions:
+  contents: read
 name: bump
 
 on:
EOF
@@ -1,3 +1,5 @@
permissions:
contents: read
name: bump

on:
Copilot is powered by AI and may make mistakes. Always verify output.
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
token: ${{ secrets.VEXXHOST_BOT_PAT }}
- run: ./hack/bump/cluster-autoscaler.sh
env:
GH_TOKEN: ${{ github.token }}
- uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v7.0.8
with:
token: ${{ secrets.VEXXHOST_BOT_PAT }}
commit-message: "chore(deps): update cluster-autoscaler"
signoff: true
title: "chore(deps): update cluster-autoscaler"
body: |
## Automated `cluster-autoscaler` update
This PR updates the `cluster-autoscaler` images to the latest versions.
delete-branch: true
branch: bump/cluster-autoscaler
Comment on lines +30 to +48

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 5 months ago

To fix the issue, add a permissions key to the workflow file. This block can be added either at the root level (applying to all jobs) or at the individual job level. Since both jobs in this workflow perform actions requiring repository access (checkout, create-pull-request, etc.), but only limited permissions are necessary, the block should grant only what is strictly required: contents: write (for pushing branches, committing to repository), and pull-requests: write (to create and update PRs). Some actions may work with less, but the two used here often require these permissions. Insert the following block after the workflow name on line 2:

permissions:
  contents: write
  pull-requests: write

No method imports or external definitions are required.

Suggested changeset 1
.github/workflows/bump.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml
--- a/.github/workflows/bump.yml
+++ b/.github/workflows/bump.yml
@@ -1,3 +1,6 @@
+permissions:
+  contents: write
+  pull-requests: write
 name: bump
 
 on:
EOF
@@ -1,3 +1,6 @@
permissions:
contents: write
pull-requests: write
name: bump

on:
Copilot is powered by AI and may make mistakes. Always verify output.
35 changes: 23 additions & 12 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
- uses: rui314/setup-mold@v1
- uses: Swatinem/rust-cache@9d47c6ad4b02e050fd481d890b2ea34778fd09d6 # v2.7.8
- run: rustup show
- uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
- uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
command: build
manylinux: "2_28"
Expand All @@ -50,7 +50,7 @@ jobs:
openstack-version:
["zed", "2023.1", "2023.2", "2024.1", "2024.2", "2025.1", "master"]
steps:
- uses: astral-sh/setup-uv@f0ec1fc3b38f5e7cd731bb6ce540c5af426746bb # v6.1.0
- uses: astral-sh/setup-uv@bd01e18f51369d5a26f1651c3cb451d3417e3bba # v6.3.1
with:
ignore-empty-workdir: true
version: "0.7.3"
Expand All @@ -70,7 +70,7 @@ jobs:
repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
token: ${{ secrets.VEXXHOST_BOT_PAT || github.token }}
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
- uses: stefanzweifel/git-auto-commit-action@b863ae1933cb653a53c021fe36dbb774e1fb9403 # v5.2.0
- uses: stefanzweifel/git-auto-commit-action@778341af668090896ca464160c2def5d1d1a3eb0 # v6.0.1
if: github.event_name == 'pull_request' && github.event.pull_request.user.id == '29139614' && always()
with:
commit_message: "chore: apply pre-commit hook updates"
Expand All @@ -80,7 +80,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: vexxhost/chart-vendor@7d55458bfe5a95d215135da6cf5248d0fdecb551 # main
- uses: vexxhost/chart-vendor@14e1c5d5cfd7079f283ab92b9261afebccd3cc9c # main
with:
charts-root: magnum_cluster_api/charts

Expand All @@ -90,8 +90,11 @@ jobs:
strategy:
fail-fast: false
matrix:
kubernetes-version: [1.28.11, 1.29.6, 1.30.2, 1.31.1]
network-driver: [calico, cilium]
kubernetes-version:
- 1.31.12
- 1.32.8
- 1.33.4
concurrency:
group: sonobuoy-${{ matrix.kubernetes-version }}-${{ matrix.network-driver }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
Expand All @@ -105,14 +108,22 @@ jobs:
- run: |
sudo apt-get update
sudo apt-get install -y python3-pip
- uses: dev-hanz-ops/install-gh-cli-action@af38ce09b1ec248aeb08eea2b16bbecea9e059f8 # v0.2.1
with:
gh-cli-version: 2.78.0
- id: image-info
run: |
VERSION=${{ matrix.kubernetes-version }}
IMAGE_FILE=$(curl -s https://static.atmosphere.dev/artifacts/magnum-cluster-api/ | grep "$VERSION" | tail -1 | cut -d'"' -f2)
IMAGE_NAME=$(echo $IMAGE_FILE | cut -d'.' -f1)

echo "file=$IMAGE_FILE" >> $GITHUB_OUTPUT
echo "name=$IMAGE_NAME" >> $GITHUB_OUTPUT
TAG_NAME=$(gh release list --repo vexxhost/capo-image-elements \
--limit 100 \
--exclude-pre-releases \
--exclude-drafts \
--json name,publishedAt \
--jq '([.[] | select(.name | startswith("ubuntu-jammy-${{ matrix.kubernetes-version }}"))] | sort_by(.publishedAt) | last | .name)')

echo "file=$TAG_NAME.qcow2.xz" >> $GITHUB_OUTPUT
echo "name=$TAG_NAME" >> $GITHUB_OUTPUT
env:
GH_TOKEN: ${{ github.token }}
- uses: gophercloud/devstack-action@f4c936d2edcc7b7c657493b0073c38093c3c5ebd # v0.16
with:
conf_overrides: |
Expand All @@ -122,7 +133,7 @@ jobs:

enable_plugin magnum https://review.opendev.org/openstack/magnum refs/changes/10/949110/2
# TODO(mnaser): fix this when we have the matrix
MAGNUM_GUEST_IMAGE_URL=https://static.atmosphere.dev/artifacts/magnum-cluster-api/${{ steps.image-info.outputs.file }}
MAGNUM_GUEST_IMAGE_URL=https://github.com/vexxhost/capo-image-elements/releases/download/${{ steps.image-info.outputs.name }}/${{ steps.image-info.outputs.file }}

enable_plugin manila https://github.com/openstack/manila
MANILA_ENABLED_BACKENDS=generic
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Configure Buildkit
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1

- name: Checkout project
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:

- name: Build package (x86_64)
if: ${{ steps.release.outputs.release_created }}
uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
command: publish
args: --non-interactive --skip-existing
Expand All @@ -39,7 +39,7 @@ jobs:

- name: Build package (aarch64)
if: ${{ steps.release.outputs.release_created }}
uses: PyO3/maturin-action@aef21716ff3dcae8a1c301d23ec3e4446972a6e3 # v1.49.1
uses: PyO3/maturin-action@e10f6c464b90acceb5f640d31beda6d586ba7b4a # v1.49.3
with:
command: publish
args: --non-interactive --skip-existing
Expand Down
26 changes: 14 additions & 12 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 2 additions & 0 deletions Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ inventory = "0.3.19"
json-patch = "4.0.0"
k8s-openapi = { version = "0.24.0", features = ["schemars", "latest"] }
kube = { version = "0.99.0", features = ["runtime", "derive"] }
lazy_static = "1.4.0"
log = "0.4.27"
maplit = "1.0.2"
pyo3-async-runtimes = { version = "0.25.0", features = ["tokio-runtime"] }
Expand Down Expand Up @@ -52,6 +53,7 @@ http = "1.3.1"
mockall = "0.13.1"
pretty_assertions = "1.4.1"
rstest = "0.25.0"
semver = "1.0.26"
serde_gtmpl = { path = "crates/serde_gtmpl" }
tower-test = "0.4.0"

Expand Down
4 changes: 2 additions & 2 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# syntax=docker/dockerfile:1.15
# syntax=docker/dockerfile:1.16

FROM alpine:3.22 AS registry-base
RUN apk add --no-cache docker-registry
ADD registry/config.yml /etc/docker-registry/config.yml

FROM registry-base AS registry-loader
COPY --from=ghcr.io/astral-sh/uv:0.7.8 /uv /uvx /bin/
COPY --from=ghcr.io/astral-sh/uv:0.8.12 /uv /uvx /bin/
RUN apk add --no-cache cargo crane gcc linux-headers musl-dev netcat-openbsd py3-pip python3-dev
COPY . /src
WORKDIR /src
Expand Down
36 changes: 4 additions & 32 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,39 +14,11 @@ For more information, please refer to the following resources:

## Images

The images are built and published to an object storage bucket hosted at the
[VEXXHOST](https://vexxhost.com) public cloud. These images are built and
published for the latest stable release of Kubernetes.
The Cluster API driver for Magnum relies on specific OpenStack images containing
all necessary dependencies for deploying Kubernetes clusters.

### Pre-built images

You can find the pre-built images for the latest stable release of Kubernetes
at the following URL:

#### Ubuntu 22.04

* [v1.23.17](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.23.17.qcow2)
* [v1.24.16](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.24.16.qcow2)
* [v1.25.12](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.25.12.qcow2)
* [v1.26.7](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.26.7.qcow2)
* [v1.27.4](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.27.4.qcow2)

#### Flatcar

* [v1.24.16](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/flatcar-kube-v1.24.16.qcow2)
* [v1.25.12](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/flatcar-kube-v1.25.12.qcow2)
* [v1.26.7](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/flatcar-kube-v1.26.7.qcow2)
* [v1.27.4](https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/flatcar-kube-v1.27.4.qcow2)

### Building images

The Cluster API driver for Magnum provides a tool in order to build images, you
can use it by installing the `magnum-cluster-api` package and running the
the following command:

```bash
magnum-cluster-api-image-builder
```
For more information on how to build images and where to find pre-built images,
refer to the [user guide](https://vexxhost.github.io/magnum-cluster-api/user/images/)

## Testing & Development

Expand Down
Loading
Loading