OSASINFRA-3437: Rebase on CAPO v0.10 #305
Conversation
…r-update 🌱 test: bump Flatcar version
…block-device-volume-name fix: fix the block device type name in doc
Add --tls-min-version and --tls-max-versin configuration flags. Same flags can be found in k8s, CAPI, CAPM3 etc. Co-authored-by: Jawad Zaheer <[email protected]> Signed-off-by: Tuomo Tanskanen <[email protected]>
When a reconcile loop for the bastion is requeued, we have this error: ``` OpenStackCluster.infrastructure.cluster.x-k8s.io \"cluster-e2e-rha0r3\" is invalid: ready: Required value" ``` The OpenStackMachine.Status is false by default now, so if the status has not been set to anything, patching the object will not fail with the previous error.
We now have a webhook that checks that a bastion has been disabled if a change has to be made (update or delete) in the bastion field. We also document it better. Also, we added some code to prevent that we don't have a nil pointer if the Spec.Bastion or Status.Bastion are unset.
🐛 api: openstackcluster.status default to false
🐛 Adds Kind to ipaddress pool name index
…ration-flags ✨ add TLS configuration flags
…_addresses OpenstackFloatingIPPool: Adds popped ip to claimedIPs kubernetes-sigs#1869
🐛Make sure that allowedCidrs lists are compared correctly to avoid patching LB listener when not needed
`ControlPlaneEndpoint.Host` is not guaranteed to be an IP address, it can also be an hostname. Now we'll try to lookup the hostname if it's not an IP and set that for the LB VipAddress.
🐛 Prevent the bastion to be removed before it's been disabled
This commit introduces SubnetSpec field onto the OpenStackClusterSpec that is supposed to hold all options related to subnets created by CAPO. This means nodeCidr and DNSNameservers are moved into that struct.
✨ Move subnet options to SubnetSpec
✨ Bump Go to 1.22.0
…rk-cleanup 🐛 Fix cluster network cleanup
Users should configure things via a secret, not via environment variables. Signed-off-by: Stephen Finucane <[email protected]>
🐛 Ignore 'OS_*' environment variables
⚠️ Stop serving v1alpha5
🌱 Fix doc references to NodeCIDR in v1alpha8
Signed-off-by: Lennart Jern <[email protected]>
mdbooth
force-pushed
the
rebase-capo-v0.10
branch
from
10afca4 to
9753c5c
Compare
openshift-merge-robot
removed
the
needs-rebase
|
/test test-openshift |
This commit makes security linting easier by never setting a TLS version outside v1.2 or v1.3, even in case of an unacceptable user input. Upstream PR: kubernetes-sigs#2037 (cherry picked from commit 27526d5)
mdbooth
force-pushed
the
rebase-capo-v0.10
branch
from
33f0ab9 to
0a9e144
Compare
|
I've speculatively cherry-picked kubernetes-sigs#2037 here in the expectation that it will merge. We should ensure that it does (and re-cherry-pick as required if it doesn't) before merging. |
|
@mdbooth: This pull request references OSASINFRA-3437 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the task to target the "4.16.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test security |
|
/test security Hello? Anybody home? |
Looks like snyk is down/broken: |
|
/test security |
|
@mdbooth: This pull request references OSASINFRA-3437 which is a valid jira issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/test security |
|
/test security |
1 similar comment
|
/test security |
|
/test security |
|
@mdbooth: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/approve |
openshift-ci
bot
removed
the
do-not-merge/hold
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: mdbooth The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
the
approved
|
The security scan succeeds locally. |
|
[ART PR BUILD NOTIFIER] This PR has been included in build openstack-cluster-api-controllers-container-v4.16.0-202404261114.p0.gc42a465.assembly.stream.el9 for distgit openstack-cluster-api-controllers. |
TODO: