** Ensure that the feature is backwards compatible for original XPN cases. The new field
firewallRulesManagement is an explicit setting of whether the user has the firewall rules
or not. In old versions this did not exist but XPN installs did not need firewall rules.
Now we will default to checking permissions when no field value is provided. If the rules
do not exist, the rules management is set to unmanaged.
Remove the --pod-infra-container-image flag from the bootstrap kubelet
startup script. This change only applies to bootstrap node as cluster
nodes are managed by MCO.
Background: The --pod-infra-container-image kubelet flag has been
deprecated and will be fully removed in k8s v1.35. Attempting to set
this flag will result in kubelet crashing.
GP3 volumes have the ability to configure throughput from 125 MiB/s to
2000 MiB/s. This allows the ability to set this at install time in the
install-config.
https://issues.redhat.com/browse/CORS-4212
Installations using ABI/assisted with 16GiB of RAM on the bootstrap node
were failing with "no space left on device" during bootstrapping. The
live ISO environment uses a tmpfs mounted at /var that is sized at 50%
of available RAM. On systems with 16GiB of RAM, this provides only 8GiB
of tmpfs space.
At the beginning of the bootstrap process, node-image-pull.sh creates an
ostree checkout underneath /var/ostree-container. When this is added to
the regular disk space usage of the later parts of the bootstrap, the
peak tmpfs usage hits around 9.4GiB.
This fix creates a separate 4GiB tmpfs for /var/ostree-container, so
that it is not subject to the limits on the size of /var.
GP3 volumes have the ability to configure throughput from 125 MiB/s to
2000 MiB/s. This allows the ability to set this at install time in the
install-config.
https://issues.redhat.com/browse/CORS-4212
pkg/types/gcp/platform.go:
Add FirewallManagementPolicy. The policy will indicate whether the cluster or user
will manage the firewall rules.
Add validation to ensure that a network is provided when the install config
is set to Unmanaged to FirewallManagement.
pkg/types/gcp/metadata.go:
Add the management policy to the metadata so that the bootstrap destroy process
knows whether to delete the bootstrap firewall rules or not.
Achieved by bumping the library itself:
pushd cluster-api/providers/openstack
go get -u sigs.k8s.io/cluster-api-provider-openstack@latest
go mod tidy
go mod vendor
popd
Followed by the assets:
pushd <path-to-upstream-capo-repo>
git checkout v0.13.0
make release-manifests
popd
cp <path-to-upstream-capo-repo>/out/infrastructure-components.yaml \
data/data/cluster-api/openstack-infrastructure-components.yaml
This has the side effect of bumping golang to 1.24.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
This is split out from CAPO starting with CAPO v0.12.0. Start deploying it manually
in preparation for a CAPO bump.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
The agent-interactive-console and agent-interactive-console-serial@
services should have consistent Before/After edges. Previously,
agent-auth-token-status.service had agent-interactive-console.service
in its After= directive, but there was no corresponding dependency for
the serial console variant.
This adds agent-auth-token-status.service to the Before= directive in
both console services, and removes the now-redundant After= directive
from agent-auth-token-status.service, so both services define the
dependency consistently in the same direction.
Assisted-by: Claude Code
The agent-interactive-console and agent-interactive-console-serial@
services should have consistent Before/After edges since only one runs
on each system (depending on whether there is a graphical console).
Previously, set-hostname.service had a Before= dependency on
agent-interactive-console.service only, which created an edge in the
systemd diagrams from set-hostname to agent-interactive-console but not
to agent-interactive-console-serial@.
This fixes the inconsistency by:
- Adding set-hostname.service to the After= directive in both console
services
- Removing the redundant Before= directive from set-hostname.service
Both services now define the dependency consistently in the same
direction.
Assisted-by: Claude Code
Adding support to install multiple NAT gateways per subnet in
the specific zones they need to be in.
Also, allowing the users to bring their own subnets.
(NAT gateways on BYO subnets are not supported by CAPZ, it just
creates a dummy NAT gateway and doesn't attach it to the subnet).
