metal-stack v0.21.6

See original release note at https://github.com/metal-stack/releases/releases/tag/v0.21.6

General

• Gardener v1.114

Required Actions

• Before rolling out this version make sure there are no shoots anymore with K8s < 1.27.
• Before updating to this version, make sure that no shoot has the RestrictEgress feature gate set. (metal-stack/gardener-extension-provider-metal#460)

Noteworthy

• It is now possible to deploy the gardener operator through the metal-stack deployment roles. In case you use the Gardener integration of metal-stack, please check out the new deployment roles because the existing gardener role is going to be deprecated soon. Migration path is described in the new gardener-operator role and can be done with Gardener v1.119. (metal-stack/metal-roles#422)
• Upgrading postgres databases from 12-alpine to 13-alpine is not possible because of library differences in icu-lib. The solution is to upgrade to a older 14.10-alpine which has the same icu-lib version as 12-alpine and then update to 14.18-alpine or newer which does not require to run pg_upgrade. It is also recommended to pin the original database to postgres:12.22-alpine to ensure the latest minor. This approach will be applied through our release vector in the upcoming releases of metal-stack. (metal-stack/backup-restore-sidecar#116)

Breaking Changes

• As symlinks that bring defaults into the role scope (including the release vector mapping) were removed from the metal-roles repository, it might be required to adjust your playbooks. In case you used simply metal-roles to bring these variables into the role scope, this now needs to be changed to the new defaults location at metal-roles/common/roles/defaults.
• The release vector variables gardener_networking_calico_image_*, gardener_networking_cilium_image_*, gardener_shoot_cert_service_image_* and gardener_shoot_dns_service_image_* were renamed. Usually, these variables are being set automatically through setup_yaml and there is nothing to do. However, please check if you have an existing overwrite and adapt accordingly. (metal-stack/metal-roles#422)
• The deprecated RestrictEgress feature gate has been removed. (metal-stack/gardener-extension-provider-metal#460)

Component Releases

metal-apiserver v0.0.3

• Add test coverage reporting (metal-stack/metal-apiserver#37) @majst01
• Fix log interceptor. (metal-stack/metal-apiserver#33) @Gerrit91
• Fix datastore migration not working. (metal-stack/metal-apiserver#34) @Gerrit91
• Use new enum helpers for file system layouts. (metal-stack/metal-apiserver#31) @Gerrit91
• Cleanup unnecessary json tags in image struct. (metal-stack/metal-apiserver#30) @Gerrit91
• Adding more healthchecks. (metal-stack/metal-apiserver#29) @Gerrit91
• Introduce log interceptor. (metal-stack/metal-apiserver#16) @Gerrit91
• Add useful validation helper (metal-stack/metal-apiserver#28) @majst01
• Adapt to API removing default project. (metal-stack/metal-apiserver#27) @Gerrit91
• Use uuidv7 for entity ids, speed up build (metal-stack/metal-apiserver#26) @majst01
• Add VRF and ASN pools. (metal-stack/metal-apiserver#25) @Gerrit91
• Create container tags through meta action. (metal-stack/metal-apiserver#24) @Gerrit91
• Simplify generic datastore creation for tests (metal-stack/metal-apiserver#21) @majst01
• Improve function signature for entity updates. (metal-stack/metal-apiserver#17) @Gerrit91
• Finalize asynq deletion implementation (metal-stack/metal-apiserver#13) @majst01
• Network services (metal-stack/metal-apiserver#14) @majst01
• include sbom in container image (metal-stack/metal-apiserver#38) @mac641

pixie v0.3.6

• include sbom in container image (metal-stack/pixie#35) @mac641
• Update to go-1.24, linter v2 and satisfy new linter warnings (metal-stack/pixie#33) @majst01

go-ipam v1.14.12

• Add a NewTestserver helper and fix context handling in tests (metal-stack/go-ipam#182) @majst01
• include sbom in container image (metal-stack/go-ipam#181) @mac641
• Update deps and fix cli not able to connect to server by default (metal-stack/go-ipam#179) @majst01

metal-roles v0.17.4

• Publish as OCI artifact. (metal-stack/metal-roles#427) @Gerrit91
• Replace symlinks by role dependencies. (metal-stack/metal-roles#429) @Gerrit91
• feat: remove unused meilisearch (metal-stack/metal-roles#428) @vknabel
• fix: json-file logs for bmc #424 (metal-stack/metal-roles#425) @vknabel
• Provide missing role meta for metal-python. (metal-stack/metal-roles#432) @Gerrit91
• Role to deploy the Gardener Operator (metal-stack/metal-roles#422) @Gerrit91
• Default ipv4 prefix for headscale was malformed (metal-stack/metal-roles#438) @majst01
• Allow the Soil to be visible in the Gardener Dashboard (metal-stack/metal-roles#419) @robertvolkmann
• Use correct variable to reference the CSI driver LVM repository (metal-stack/metal-roles#437) @robertvolkmann
• Support ACLs and make it work with newer headscale (metal-stack/metal-roles#439) @majst01
• Add patched node-agent (metal-stack/metal-roles#440) @majst01
• Remove mini-lab patches from Gardener role. (metal-stack/metal-roles#442) @Gerrit91

gardener-extension-audit v0.1.14

• Restart audit-webhook-backend StatefulSet on config change (metal-stack/gardener-extension-audit#45) @dergeberl
• include sbom in container image (metal-stack/gardener-extension-audit#44) @mac641

ansible-common v0.7.0

• Actually run tests in CI and provide common Gardener Operator modules (metal-stack/ansible-common#32) @Gerrit91

gardener-extension-provider-metal v0.26.0

• Update to g/g v1.113. (metal-stack/gardener-extension-provider-metal#453) @Gerrit91
• include sbom in container image (metal-stack/gardener-extension-provider-metal#458) @mac641
• Remove deprecated RestrictEgress featureGate (metal-stack/gardener-extension-provider-metal#460) @mwennrich

metal-ccm v0.9.8

• Update deps, migrate to linter v2 (metal-stack/metal-ccm#118) @majst01
• include sbom in container image (metal-stack/metal-ccm#117) @mac641
• fix: missing error propagation (metal-stack/metal-ccm#116) @vknabel

backup-restore-sidecar v0.12.0

• Remove meilisearch support (metal-stack/backup-restore-sidecar#117) @majst01
• include sbom in container image (metal-stack/backup-restore-sidecar#115) @mac641
• Update to go-1.24 (metal-stack/backup-restore-sidecar#116) @majst01
• Bump golang.org/x/net from 0.33.0 to 0.38.0 (metal-stack/backup-restore-sidecar#114) @dependabot[bot]

duros-controller v0.11.7

• Update duros-go to v3.15, lb-csi to v1.19 and all csi sidecars (metal-stack/duros-controller#95) @majst01
• add security contexts for csi-driver containers and pods (metal-stack/duros-controller#96) @mwennrich
• include sbom in container image (metal-stack/duros-controller#94) @mac641
• pointer package is removed (metal-stack/duros-controller#97) @majst01

Merged Pull Requests

This is a list of pull requests that were merged since the last release. The list does not contain pull requests from release-vector-repositories.

The fact that these pull requests were merged does not necessarily imply that they have already become part of this metal-stack release.

• Next release (metal-stack/releases#226) @metal-robot[bot]
• Always use full name of container images (metal-stack/releases#230) @robertvolkmann
• Bump releases to version v0.21.5 (metal-stack/docs#268) @metal-robot[bot]
• Use ghcr image repository reference (metal-stack/docs#269) @simcod
• Unexport more, refactor to use retry-go, support iscsi (metal-stack/gardener-extension-ontap#9) @majst01
• Update kernel to 6.12.32 and frr to 10.3.1 (metal-stack/metal-images#314) @majst01
• Do not break release, actual implementation of closing the issues was wrong (metal-stack/metal-images#313) @majst01
• feat: remove unused meilisearch (metal-stack/releases#231) @vknabel
• Add handler to add issues and pull requests to a project. (metal-stack/metal-robot#76) @Gerrit91
• Update protovalidate and mockery (metal-stack/api#9) @majst01
• Move to new docs structure (metal-stack/docs#273) @Gerrit91
• Update machine provisioning sequence diagram (metal-stack/docs#272) @simcod
• Prevent a nil pointer access in GetStringValue (metal-stack/api#10) @majst01
• Add tenant scoped message validation (metal-stack/api#12) @majst01
• Adapt DIY configuration to starter config (metal-stack/docs#289) @mwindower
• include sbom in container image (metal-stack/go-dhcp-relay#9) @mac641
• include sbom as release asset (metal-stack/nftables-exporter#33) @mac641
• include sbom as container image and as release asset (metal-stack/firewall-controller#201) @mac641
• Update Ubuntu and Firewall kernel to 6.12.34 (metal-stack/metal-images#316) @majst01
• include sbom in container image (metal-stack/metallb-health-sidecar#4) @mac641
• include sbom in container image (metal-stack/metal-robot#78) @mac641
• include sbom in container image (metal-stack/gardener-vpn-gateway#3) @mac641
• include sbom in container image (metal-stack/mini-lab-ovmf#2) @mac641
• include sbom in container image (metal-stack/chrony#4) @mac641
• Fix build and update build deps. (metal-stack/rethinkdb-backup-tools-build#3) @Gerrit91
• include sbom in container image (metal-stack/rethinkdb-backup-tools-build#2) @mac641
• Update to lightos v3.15 (metal-stack/duros-go#46) @majst01
• Information on planning meetings. (metal-stack/docs#292) @Gerrit91
• Unwrap connect response body for audit indexing. (metal-stack/metal-lib#182) @Gerrit91
• Bump github.com/gorilla/csrf from 1.7.2 to 1.7.3 (metal-stack/metal-lib#177) @dependabot[bot]
• Bump github.com/containerd/containerd from 1.7.20 to 1.7.27 (metal-stack/metal-lib#176) @dependabot[bot]
• Add section on release repo requirements. (metal-stack/docs#294) @Gerrit91
• chore: update svg (metal-stack/docs#295) @vknabel
• include sbom in container image (metal-stack/gardener-extension-ontap#12) @mac641
• Rename section and add information regarding rollback (metal-stack/docs#287) @simcod
• More tests (metal-stack/updater#12) @Azneo
• Update metal-lib (metal-stack/metal-images#318) @majst01
• Update to go-1.24.4 and install typst (metal-stack/builder#84) @majst01
• Next release (metal-stack/releases#232) @metal-robot[bot]