Skip to main content
Version: v0.22

metal-stack v0.22.16

See original release note at https://github.com/metal-stack/releases/releases/tag/v0.22.16

General

  • Gardener v1.135
    • Please note that this release contains the gardener-apiserver built from the metal-stack fork in order to prevent the defaulting of worker machine images by Gardener. This will be resolved upstream with https://github.com/gardener/gardener/pull/13785. If you do not use short image versions in the CloudProfile you can also use the upstream version of the gardener-apiserver.

Required Actions

  • Upgrade headscale from 0.23.0 -> v0.28.0 with all minor versions in between prior to updating the metal-stack control plane. You can use the following approach:

    #!/usr/bin/env bash

    # async start a loop to fix broken postgres migration (see https://github.com/juanfont/headscale/issues/2351)
    while true; do k exec headscale-db-0 -- psql -U postgres headscale -c "alter table users add constraint uni_users_name unique (name);"; done

    # cycle through headscale versions, after every update check the headscale logs and see if it comes up properly
    NAMESPACE=metal-control-plane

    for VERSION in v0.24.3 v0.25.1 v0.26.1 v0.27.1 v0.28.0
    do
        echo "upgrade to ${VERSION}"
        kubectl patch deployments.apps -n "${NAMESPACE}" headscale \
            --patch="{\"spec\":{\"template\":{\"spec\":{\"containers\":[{\"name\": \"headscale\",\"image\":\"docker.io/headscale/headscale:${VERSION}\"}]}}}}"
        kubectl delete pod -n "${NAMESPACE}" -l app=headscale
        kubectl wait --for=condition=Ready pod -l app=headscale
        printf "%s " "check that headscale is running properly, press enter to continue"
        read ans
    done

    # recreate headscale api token for metal-api 
    kubectl delete secret headscale-api-key

    echo "done, now run the metal-stack deployment"

    Creating firewalls with working VPN does not work until both headscale and metal-stack control plane were updated. There is a possibility that with v0.27.1 the connected clients loose connectivity. This can be solved by restarting tailscaled on the clients, e.g. firewalls. With https://github.com/metal-stack/firewall-controller/pull/220 this can be done fleet-wide as platform admin from all seeds.

    ⚠️ Firewall Images must be >= firewall-ubuntu-3.0.20241106 because headscale v0.28.0 requires tailscale >= v1.74.0. (metal-stack/metal-api#648)

  • The variable gardener_managed_seed_default_dns_domain in the gardener-managed-seeds role is now required. It is usually parametrized identical to the gardener_gardenlet_default_dns_domain in our environments. If not defined, the role execution will fail. (release notes)

Component Releases

metal-core v0.16.1

  • Migrate to valkey-go (metal-stack/metal-core#184) @majst01

metal-api v0.44.1

  • Upgrade to Headscale v0.28.0. (metal-stack/metal-api#648) @Gerrit91
  • Migrate reserved to tainted (metal-stack/metal-api#646) @majst01
  • fix: only enforce machine quota when explicitly configured (avoids default to zero) (metal-stack/metal-api#650) @mwennrich
  • Fix VPN Error user already exists (metal-stack/metal-api#652) @majst01

metal-roles v0.23.2

  • Adaptions for g/g v1.135. (metal-stack/metal-roles#629) @Gerrit91
  • ansible-lint: fix names. (metal-stack/metal-roles#632) @Gerrit91
  • ansible-lint: fix FQCN. (metal-stack/metal-roles#631) @Gerrit91
  • ansible-lint: fix key-order. (metal-stack/metal-roles#630) @Gerrit91
  • Fix more ansible-lint errors and allow pipeline failure (metal-stack/metal-roles#628) @Gerrit91
  • Stabilize frr-reload on sonic (metal-stack/metal-roles#603) @iljarotar
  • Sonic config prefix lists (metal-stack/metal-roles#570) @iljarotar
  • fix: gardener managed thanos receive ingress tls (metal-stack/metal-roles#606) @ma-hartma
  • Fix task renaming regression: Apply renaming to handler names (metal-stack/metal-roles#638) @iljarotar

api v0.1.7

  • ProviderTenant Annotation (metal-stack/api#139) @majst01
  • Move more tags from metal-lib (metal-stack/api#137) @majst01
  • Add ability to configure client from env variables (metal-stack/api#136) @majst01
  • add MachineRoom tag (metal-stack/api#138) @mwennrich

Merged Pull Requests

This is a list of pull requests that were merged since the last release. The list does not contain pull requests from release-vector-repositories.

The fact that these pull requests were merged does not necessarily imply that they have already become part of this metal-stack release.

  • Bump releases to version v0.22.15 (metal-stack/website#292) @metal-robot[bot]
  • chore(deps): bump @scalar/api-reference-react from 0.9.45 to 0.9.47 in the docusaurus-dependencies group (metal-stack/website#293) @dependabot[bot]
  • chore(deps): bump the other-dependencies group across 1 directory with 3 updates (metal-stack/website#294) @dependabot[bot]
  • Bump metal-api to version v0.44.0 (metal-stack/metal-python#165) @metal-robot[bot]
  • Bump metal-api to version v0.44.0 (metal-stack/metal-go#226) @metal-robot[bot]
  • Migrate tags to api (metal-stack/metal-lib#205) @majst01
  • Almalinux 10 (metal-stack/metal-images#412) @majst01
  • Fix build regression. (metal-stack/metal-robot#115) @Gerrit91
  • chore: update debian/ubuntu kernel versions (metal-stack/metal-images#420) @mwennrich
  • feat: document maintenance boundaries and disaster recovery (metal-stack/website#291) @l0wl3vel
  • feat: add firewall explanation (metal-stack/website#286) @l0wl3vel
  • Bump metal-api to version v0.44.1 (metal-stack/metal-python#166) @metal-robot[bot]
  • Bump metal-api to version v0.44.1 (metal-stack/metal-go#227) @metal-robot[bot]
  • Next release (metal-stack/releases#299) @metal-robot[bot]