Skip to main content
Version: Next

metal-stack v0.21.5

See original release note at https://github.com/metal-stack/releases/releases/tag/v0.21.5

General

Noteworthy

  • The release vector is now available as an OCI artifact, which is signed using cosign. This is for now only preview but we are planning to apply signing to our metal-stack container images as well. In addition to that, we are also planning to release SBOMs along with these artifacts. Details are still being discussed, so we will keep you updated on this process in the upcoming releases.

    Many repositories are migrating to the docker meta action, which effectively changes the created container image tags slightly. Pull request image tags are created as pr-<number>, the latest tag gets only produced on the latest release and not on the mainline, the mainline image is tagged after the branch name of the mainline (e.g. main). (metal-stack/releases#226)

Required Actions

  • The gardener-extension-admission-metal now registers its mutating and webhook with a service reference instead of a webhook server url. Thus, it might happen that the rollout of the gardener role does not succeed on first try giving the following error: tls: failed to verify certificate: x509: certificate is valid for gardener-extension-admission-metal.garden, not gardener-extension-admission-metal.garden.svc. In this case, you might roll the virtual garden kube-apiserver instances and re-run the deployment.

  • A bug has been fixed in the backup-restore-sidecar that occurred when the backup-restore-sidecar was configured to store multiple backups in the same bucket with different object prefixes. The sidecar now creates individual lifecycle rules for the object prefixes such that they do not overwrite each others configurations.

    If you use such a configuration, it is required to clean up the old lifecycle rule that does not match an object prefix after rolling out this version of the backup-restore-sidecar. (release notes)

  • The new sonic-config role is to replace the existing sonic role. Read the sonic-config README for a migration guide from the old sonic role to the new sonic-config role. (metal-stack/metal-roles#390)

cluster-api-provider-metal-stack

  • The new Cluster API cluster template now requires CONTROL_PLANE_IP to be set. The Control Plane IP will no longer be attached automatically to control plane machines. Rewrite your Cluster API cluster definition to include KubeVIP or alternatives. The images must replace METAL_MACHINE_ASN with the machine ASN number in the KubeVIP static pod configuration to be compatible with the default template. (metal-stack/cluster-api-provider-metal-stack#87)
  • Existing clusters using cluster-provider-metal-stack need to manually update the tags of all cluster associated entities in metal-stack. Before upgrading set Cluster.spec.paused to true. Then upgrade your metal-stack provider and manually patch every metal-stack machine: replace any / with a . within the value of the tags metal-stack.infrastructure.cluster.x-k8s.io/machine-resource and metal-stack.infrastructure.cluster.x-k8s.io/cluster-resource by using metalctl machine edit $MACHINE_ID. Now set Cluster.spec.paused to false. (metal-stack/cluster-api-provider-metal-stack#90)
  • Make sure the metal-ccm is at least v0.9.7 and its METAL_CLUSTER_ID env is set to ${NAMESPACE}.${CLUSTER_NAME}. (metal-stack/cluster-api-provider-metal-stack#90)

Component Releases

backup-restore-sidecar v0.11.1

  • Use individual lifecycle policies per object prefix to allow sidecars to act on a single bucket (metal-stack/backup-restore-sidecar#111) @simcod
  • Fix typo in container name (metal-stack/backup-restore-sidecar#107) @simcod
  • Migrate to aws-sdk-go-v2 (metal-stack/backup-restore-sidecar#81) @robertvolkmann
  • Update go deps and proto creation (metal-stack/backup-restore-sidecar#99) @majst01
  • add streaming to upload/download of backup (metal-stack/backup-restore-sidecar#102) @ostempel

metal-api v0.41.2

  • Add check to prevent migrating existing machine from one rack to another (metal-stack/metal-api#615) @iljarotar
  • Migrate to golangci-lint v2 (metal-stack/metal-api#616) @majst01
  • Add masterdata-api version (metal-stack/metal-api#617) (#618) @BotondGalxc

metal-roles v0.15.17

  • Allow providing backup encryption key for auditing-timescaledb. (metal-stack/metal-roles#413) @Gerrit91
  • Move encryption-key to secret (metal-stack/metal-roles#408) @ostempel
  • Configurable deletionGracePeriodHours for backupEntries (metal-stack/metal-roles#409) @simcod
  • Align to changes in metal-admission chart. (metal-stack/metal-roles#426) @Gerrit91
  • Run DHCP tests. (metal-stack/metal-roles#423) @Gerrit91
  • Add a new sonic-config role for SONiC configuration. (metal-stack/metal-roles#390) @iljarotar
  • Removed unsupported taint keys (metal-stack/metal-roles#418) @robertvolkmann
  • Add authenticationConfig for Gardener (metal-stack/metal-roles#417) @simcod
  • Static machine ports (metal-stack/metal-roles#414) @mreiger
  • Add option to configure imagePullSecrets when deploying valkey (metal-stack/metal-roles#412) @mac641

metalctl v0.18.1

  • Allow setting ca certificates when connecting to metal-api (metal-stack/metalctl#279) @mac641
  • Update linter to v2 and fix all new warnings (metal-stack/metalctl#283) @majst01
  • Add SHA512 checksums (metal-stack/metalctl#280) @mac641
  • Small improvements for switch and tenants table. (metal-stack/metalctl#282) @Gerrit91

metal-bmc v0.5.8

  • Update to go-1.24 and golangci-lint v2 (metal-stack/metal-bmc#78) @majst01
  • Update go deps and gh actions (metal-stack/metal-bmc#72) @majst01
  • Try to use docker/meta for tag creation (metal-stack/metal-bmc#79) @majst01
  • Push tags with v prefix (metal-stack/metal-bmc#80) @majst01

masterdata-api v0.11.11

  • Bump golang.org/x/net from 0.37.0 to 0.38.0 (metal-stack/masterdata-api#120) @dependabot[bot]
  • Add version endpoint (metal-stack/masterdata-api#119) @BotondGalxc
  • Version grpc client (metal-stack/masterdata-api#121) @BotondGalxc

droptailer v0.2.18

  • Update to go-1.24 and golangci-lint v2 (metal-stack/droptailer#43) @majst01

ansible-common v0.6.13

  • Add wantedby var to systemd service (metal-stack/ansible-common#31) @iljarotar

gardener-extension-provider-metal v0.25.14

  • Print error message when decoding cp config does not work. (metal-stack/gardener-extension-provider-metal#454) @Gerrit91
  • Release Helm OCI artifacts (metal-stack/gardener-extension-provider-metal#455) @Gerrit91
  • Push all container tags. (metal-stack/gardener-extension-provider-metal#456) @Gerrit91
  • Again more fixes with the meta action. 😔 (metal-stack/gardener-extension-provider-metal#457) @Gerrit91

sonic-configdb-utils v0.2.2

  • Output generated config_db.json to different file than the current one (metal-stack/sonic-configdb-utils#13) @iljarotar
  • Adjust config parameters and improve documentation (metal-stack/sonic-configdb-utils#14) @iljarotar
  • Correctly deal with empty mclag values (metal-stack/sonic-configdb-utils#8) @iljarotar
  • Allow specifying custom features (metal-stack/sonic-configdb-utils#7) @iljarotar
  • add split-unified mode (metal-stack/sonic-configdb-utils#5) @iljarotar

metal-ccm v0.9.7

  • fix: do not abort on tag update failure (metal-stack/metal-ccm#115) @vknabel

helm-charts v0.4.24

  • Postgreslet next release (metal-stack/helm-charts#120) @eberlep

gardener-extension-dns-powerdns v0.7.2

  • Release Helm OCI artifacts + Revendor g/g v1.113. (metal-stack/gardener-extension-dns-powerdns#10) @Gerrit91

gardener-extension-backup-s3 v0.7.2

  • Release Helm OCI artifacts and revendor g/g v1.113. (metal-stack/gardener-extension-backup-s3#15) @Gerrit91

os-metal-extension v0.8.8

  • Release Helm OCI artifacts. (metal-stack/os-metal-extension#59) @Gerrit91

gardener-extension-csi-driver-lvm v0.1.4

  • Release Helm OCI artifacts. (metal-stack/gardener-extension-csi-driver-lvm#12) @Gerrit91

gardener-extension-audit v0.1.13

  • Release Helm OCI artifacts and revendor g/g v1.113. (metal-stack/gardener-extension-audit#43) @Gerrit91

metal-deployment-base v0.7.7

  • Prefer IPv4 dns lookups over IPv6. (metal-stack/metal-deployment-base#39) @Gerrit91

duros-controller v0.11.5

  • Lb csi v1.18 (metal-stack/duros-controller#90) @majst01

Merged Pull Requests

This is a list of pull requests that were merged since the last release. The list does not contain pull requests from release-vector-repositories.

The fact that these pull requests were merged does not necessarily imply that they have already become part of this metal-stack release.

  • Add section how to recable a machine to another switch pair. (metal-stack/docs#257) @Gerrit91
  • Allow setting tls.ClientConfig when creating new client (metal-stack/metal-go#205) @mac641
  • Bump metal-api to version v0.41.1 (metal-stack/metal-python#152) @metal-robot[bot]
  • Bump metal-api to version v0.41.1 (metal-stack/metal-go#210) @metal-robot[bot]
  • Bump releases to version v0.21.4 (metal-stack/docs#263) @metal-robot[bot]
  • Prepare for release vector (metal-stack/go-dhcp-relay#6) @iljarotar
  • Update to go-1.24 and golangci-lint v2 (metal-stack/metal-networker#122) @majst01
  • Update dependencies. (metal-stack/metallb-health-sidecar#3) @Gerrit91
  • Add information about backup lifecycle rules and encryption (metal-stack/docs#264) @simcod
  • Rename dhcp-server flag and change help text (metal-stack/go-dhcp-relay#7) @iljarotar
  • Cleanup worlflow file (metal-stack/go-dhcp-relay#8) @iljarotar
  • Bump golang.org/x/net from 0.37.0 to 0.38.0 (metal-stack/metal-lib#178) @dependabot[bot]
  • MEP-16 Firewall Support for Cluster API Provider (metal-stack/docs#255) @vknabel
  • Update debian and firewall kernel (metal-stack/metal-images#300) @majst01
  • Use KubeVIP Load Balancing for Control Planes. (metal-stack/cluster-api-provider-metal-stack#87) @vknabel
  • Bump the metadata.yaml (metal-stack/cluster-api-provider-metal-stack#88) @vknabel
  • Bump metal-api to version v0.41.2 (metal-stack/metal-python#153) @metal-robot[bot]
  • Bump metal-api to version v0.41.2 (metal-stack/metal-go#211) @metal-robot[bot]
  • Implement auditing memory backend for dev purposes. (metal-stack/metal-lib#179) @Gerrit91
  • Allow search for status code 0. (metal-stack/metal-lib#180) @Gerrit91
  • Update cri droptailer tailscale (metal-stack/metal-images#301) @majst01
  • Update to go-1.24 and linter v2, also better error message (metal-stack/security#61) @majst01
  • Describe Tailscale for cluster ingress in an evaluation setup (metal-stack/docs#265) @BotondGalxc
  • Update debian Kernel (metal-stack/metal-images#302) @majst01
  • Metallb BGPPeers are generated for each node and don't have to be created manually (metal-stack/cluster-api-provider-metal-stack#91) @vknabel
  • Change Cluster ID to be a valid label value (metal-stack/cluster-api-provider-metal-stack#90) @vknabel
  • Kernel 6.12.28 for ubuntu and firewall (metal-stack/metal-images#303) @majst01
  • Update to go-1.24.3 (metal-stack/builder#82) @majst01
  • Implement audit backend for Splunk. (metal-stack/metal-lib#167) @Gerrit91
  • First code review (metal-stack/gardener-extension-ontap#3) @majst01
  • Default add options manager (metal-stack/gardener-extension-ontap#4) @Honigeintopf
  • Update gardener to 1.114 (metal-stack/gardener-extension-ontap#5) @majst01
  • remove fmt.Printf, use structured logging, unexport consts (metal-stack/gardener-extension-ontap#6) @majst01
  • Unexport, remove unneeded parameters, remove common pkg (metal-stack/gardener-extension-ontap#7) @majst01
  • Introduce svnManager to reuse clients and logger (metal-stack/gardener-extension-ontap#8) @majst01
  • Update deps, more enum funcs (metal-stack/api#4) @majst01
  • Remove default project part 2. (metal-stack/api#5) @Gerrit91
  • Fix linting issues. (metal-stack/cli#2) @Gerrit91
  • Update debian kernel (metal-stack/metal-images#305) @majst01
  • Migrate to linter v2, prove registry v3 compatibility, update go modules (metal-stack/oci-mirror#13) @majst01
  • Include SBOM in the container image (metal-stack/cluster-api-provider-metal-stack#89) @mac641
  • Add gardener-operator related release vector components. (metal-stack/releases#229) @Gerrit91
  • Fix firewall Dockerfile to include SEMVER_PATCH in base image version (metal-stack/metal-images#308) @mwennrich
  • remove SEMVER_PATCH_DIR from TARGET_PATH (metal-stack/metal-images#309) @mwennrich
  • use frr 10.3 from frr-stable (metal-stack/metal-images#307) @mwennrich
  • Ensure systemd-networkd-wait-online works properly (metal-stack/metal-networker#123) @robertvolkmann
  • Ensure systemd-networkd-wait-online works properly (metal-stack/metal-images#304) @robertvolkmann
  • Complete Network Services for api and admin (metal-stack/api#2) @majst01
  • Fix debian-nvidia Dockerfile to include SEMVER_PATCH in base image version (metal-stack/metal-images#310) @mwennrich
  • Kernel 6.12.30 for ubuntu and firewall, 6.1.0-37 for debian (metal-stack/metal-images#311) @majst01