fix:Test semantic release dry-run

.drone.yml

@@ -32,157 +32,189 @@ steps:
       packer/preseed/UbuntuServer22.04/user-data \
       scripts
 
-- name: Install Ansible Galaxy collections
+- name: Semantic Release (Dry-run)
   depends_on:
   - Linting
-  image: bv11-cr01.bessems.eu/library/packer-extended
+  image: bv11-cr01.bessems.eu/proxy/library/node:20-slim
   pull: always
   commands:
   - |
-    ansible-galaxy collection install \
+    apt-get update
-      -r ansible/requirements.yml \
-      -p ./ansible/collections
-  volumes:
-  - name: scratch
-    path: /scratch
-
-- name: Kubernetes Bootstrap Appliance
-  depends_on:
-  - Install Ansible Galaxy collections
-  image: bv11-cr01.bessems.eu/library/packer-extended
-  pull: always
-  commands:
   - |
-    sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
+    apt-get install -y --no-install-recommends \
-      packer/preseed/UbuntuServer22.04/user-data
+      git-core \
+      ca-certificates
   - |
-    export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
+    npm install \
+      semantic-release \
+      @semantic-release/commit-analyzer \
+      @semantic-release/release-notes-generator\
+      @semantic-release/exec
   - |
-    packer init -upgrade \
+    export GIT_CREDENTIALS=$${GIT_USERNAME}:$${GIT_APIKEY}
-      ./packer
   - |
-    packer validate \
+    npx semantic-release \
-      -only=vsphere-iso.bootstrap \
+      --branches ${DRONE_BRANCH} \
-      -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
+      --plugins @semantic-release/commit-analyzer,@semantic-release/release-notes-generator,@semantic-release/exec \
-      -var docker_username=$${DOCKER_USERNAME} \
+      --dry-run
-      -var docker_password=$${DOCKER_PASSWORD} \
-      -var repo_username=$${REPO_USERNAME} \
-      -var repo_password=$${REPO_PASSWORD} \
-      -var ssh_password=$${SSH_PASSWORD} \
-      -var vsphere_password=$${VSPHERE_PASSWORD} \
-      -var k8s_version=$K8S_VERSION \
-      ./packer
-  - |
-    packer build \
-      -on-error=cleanup -timestamp-ui \
-      -only=vsphere-iso.bootstrap \
-      -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-      -var docker_username=$${DOCKER_USERNAME} \
-      -var docker_password=$${DOCKER_PASSWORD} \
-      -var repo_username=$${REPO_USERNAME} \
-      -var repo_password=$${REPO_PASSWORD} \
-      -var ssh_password=$${SSH_PASSWORD} \
-      -var vsphere_password=$${VSPHERE_PASSWORD} \
-      -var k8s_version=$K8S_VERSION \
-      ./packer
   environment:
-    DOCKER_USERNAME:
+    GIT_APIKEY:
-      from_secret: docker_username
+      from_secret: git_apikey
-    DOCKER_PASSWORD:
+    GIT_USERNAME: djpbessems
-      from_secret: docker_password
-    # PACKER_LOG: 1
-    REPO_USERNAME:
-      from_secret: repo_username
-    REPO_PASSWORD:
-      from_secret: repo_password
-    SSH_PASSWORD:
-      from_secret: ssh_password
-    VSPHERE_PASSWORD:
-      from_secret: vsphere_password
-  volumes:
-  - name: output
-    path: /output
-  - name: scratch
-    path: /scratch
 
-- name: Kubernetes Upgrade Appliance
+# Add random change for testing semantic release commit
-  depends_on:
-  - Install Ansible Galaxy collections
-  image: bv11-cr01.bessems.eu/library/packer-extended
-  pull: alwaysquery(
-  commands:
-  - |
-    sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
-      packer/preseed/UbuntuServer22.04/user-data
-  - |
-    export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
-  - |
-    packer init -upgrade \
-      ./packer
-  - |
-    packer validate \
-      -only=vsphere-iso.upgrade \
-      -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-      -var docker_username=$${DOCKER_USERNAME} \
-      -var docker_password=$${DOCKER_PASSWORD} \
-      -var repo_username=$${REPO_USERNAME} \
-      -var repo_password=$${REPO_PASSWORD} \
-      -var ssh_password=$${SSH_PASSWORD} \
-      -var vsphere_password=$${VSPHERE_PASSWORD} \
-      -var k8s_version=$K8S_VERSION \
-      ./packer
-  - |
-    packer build \
-      -on-error=cleanup -timestamp-ui \
-      -only=vsphere-iso.upgrade \
-      -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
-      -var docker_username=$${DOCKER_USERNAME} \
-      -var docker_password=$${DOCKER_PASSWORD} \
-      -var repo_username=$${REPO_USERNAME} \
-      -var repo_password=$${REPO_PASSWORD} \
-      -var ssh_password=$${SSH_PASSWORD} \
-      -var vsphere_password=$${VSPHERE_PASSWORD} \
-      -var k8s_version=$K8S_VERSION \
-      ./packer
-  environment:
-    DOCKER_USERNAME:
-      from_secret: docker_username
-    DOCKER_PASSWORD:
-      from_secret: docker_password
-    # PACKER_LOG: 1
-    REPO_USERNAME:
-      from_secret: repo_username
-    REPO_PASSWORD:
-      from_secret: repo_password
-    SSH_PASSWORD:
-      from_secret: ssh_password
-    VSPHERE_PASSWORD:
-      from_secret: vsphere_password
-  volumes:
-  - name: output
-    path: /output
-  - name: scratch
-    path: /scratch
 
-- name: Remove temporary resources
+# - name: Install Ansible Galaxy collections
-  depends_on:
+#   depends_on:
-  - Kubernetes Bootstrap Appliance
+#   - Semantic Release (Dry-run)
-  - Kubernetes Upgrade Appliance
+#   image: bv11-cr01.bessems.eu/library/packer-extended
-  image: bv11-cr01.bessems.eu/library/packer-extended
+#   pull: always
-  commands:
+#   commands:
-  - |
+#   - |
-    pwsh -file scripts/Remove-Resources.ps1 \
+#     ansible-galaxy collection install \
-      -VMName $DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
+#       -r ansible/requirements.yml \
-      -VSphereFQDN 'bv11-vc.bessems.lan' \
+#       -p ./ansible/collections
-      -VSphereUsername 'administrator@vsphere.local' \
+#   volumes:
-      -VSpherePassword $${VSPHERE_PASSWORD}
+#   - name: scratch
-  environment:
+#     path: /scratch
-    VSPHERE_PASSWORD:
+
-      from_secret: vsphere_password
+# - name: Kubernetes Bootstrap Appliance
-  volumes:
+#   depends_on:
-  - name: scratch
+#   - Install Ansible Galaxy collections
-    path: /scratch
+#   image: bv11-cr01.bessems.eu/library/packer-extended
-  when:
+#   pull: always
-    status:
+#   commands:
-    - success
+#   - |
-    - failure
+#     sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
+#       packer/preseed/UbuntuServer22.04/user-data
+#   - |
+#     export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
+#   - |
+#     packer init -upgrade \
+#       ./packer
+#   - |
+#     packer validate \
+#       -only=vsphere-iso.bootstrap \
+#       -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
+#       -var docker_username=$${DOCKER_USERNAME} \
+#       -var docker_password=$${DOCKER_PASSWORD} \
+#       -var repo_username=$${REPO_USERNAME} \
+#       -var repo_password=$${REPO_PASSWORD} \
+#       -var ssh_password=$${SSH_PASSWORD} \
+#       -var vsphere_password=$${VSPHERE_PASSWORD} \
+#       -var k8s_version=$K8S_VERSION \
+#       ./packer
+#   - |
+#     packer build \
+#       -on-error=cleanup -timestamp-ui \
+#       -only=vsphere-iso.bootstrap \
+#       -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
+#       -var docker_username=$${DOCKER_USERNAME} \
+#       -var docker_password=$${DOCKER_PASSWORD} \
+#       -var repo_username=$${REPO_USERNAME} \
+#       -var repo_password=$${REPO_PASSWORD} \
+#       -var ssh_password=$${SSH_PASSWORD} \
+#       -var vsphere_password=$${VSPHERE_PASSWORD} \
+#       -var k8s_version=$K8S_VERSION \
+#       ./packer
+#   environment:
+#     DOCKER_USERNAME:
+#       from_secret: docker_username
+#     DOCKER_PASSWORD:
+#       from_secret: docker_password
+#     # PACKER_LOG: 1
+#     REPO_USERNAME:
+#       from_secret: repo_username
+#     REPO_PASSWORD:
+#       from_secret: repo_password
+#     SSH_PASSWORD:
+#       from_secret: ssh_password
+#     VSPHERE_PASSWORD:
+#       from_secret: vsphere_password
+#   volumes:
+#   - name: output
+#     path: /output
+#   - name: scratch
+#     path: /scratch
+
+# - name: Kubernetes Upgrade Appliance
+#   depends_on:
+#   - Install Ansible Galaxy collections
+#   image: bv11-cr01.bessems.eu/library/packer-extended
+#   pull: alwaysquery(
+#   commands:
+#   - |
+#     sed -i -e "s/<<img-password>>/$${SSH_PASSWORD}/g" \
+#       packer/preseed/UbuntuServer22.04/user-data
+#   - |
+#     export K8S_VERSION=$(yq '.components.clusterapi.workload.version.k8s' < ./ansible/vars/metacluster.yml)
+#   - |
+#     packer init -upgrade \
+#       ./packer
+#   - |
+#     packer validate \
+#       -only=vsphere-iso.upgrade \
+#       -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
+#       -var docker_username=$${DOCKER_USERNAME} \
+#       -var docker_password=$${DOCKER_PASSWORD} \
+#       -var repo_username=$${REPO_USERNAME} \
+#       -var repo_password=$${REPO_PASSWORD} \
+#       -var ssh_password=$${SSH_PASSWORD} \
+#       -var vsphere_password=$${VSPHERE_PASSWORD} \
+#       -var k8s_version=$K8S_VERSION \
+#       ./packer
+#   - |
+#     packer build \
+#       -on-error=cleanup -timestamp-ui \
+#       -only=vsphere-iso.upgrade \
+#       -var vm_name=${DRONE_BUILD_NUMBER}-${DRONE_COMMIT_SHA:0:10}-$(openssl rand -hex 3) \
+#       -var docker_username=$${DOCKER_USERNAME} \
+#       -var docker_password=$${DOCKER_PASSWORD} \
+#       -var repo_username=$${REPO_USERNAME} \
+#       -var repo_password=$${REPO_PASSWORD} \
+#       -var ssh_password=$${SSH_PASSWORD} \
+#       -var vsphere_password=$${VSPHERE_PASSWORD} \
+#       -var k8s_version=$K8S_VERSION \
+#       ./packer
+#   environment:
+#     DOCKER_USERNAME:
+#       from_secret: docker_username
+#     DOCKER_PASSWORD:
+#       from_secret: docker_password
+#     # PACKER_LOG: 1
+#     REPO_USERNAME:
+#       from_secret: repo_username
+#     REPO_PASSWORD:
+#       from_secret: repo_password
+#     SSH_PASSWORD:
+#       from_secret: ssh_password
+#     VSPHERE_PASSWORD:
+#       from_secret: vsphere_password
+#   volumes:
+#   - name: output
+#     path: /output
+#   - name: scratch
+#     path: /scratch
+
+# - name: Remove temporary resources
+#   depends_on:
+#   - Kubernetes Bootstrap Appliance
+#   - Kubernetes Upgrade Appliance
+#   image: bv11-cr01.bessems.eu/library/packer-extended
+#   commands:
+#   - |
+#     pwsh -file scripts/Remove-Resources.ps1 \
+#       -VMName $DRONE_BUILD_NUMBER-${DRONE_COMMIT_SHA:0:10} \
+#       -VSphereFQDN 'bv11-vc.bessems.lan' \
+#       -VSphereUsername 'administrator@vsphere.local' \
+#       -VSpherePassword $${VSPHERE_PASSWORD}
+#   environment:
+#     VSPHERE_PASSWORD:
+#       from_secret: vsphere_password
+#   volumes:
+#   - name: scratch
+#     path: /scratch
+#   when:
+#     status:
+#     - success
+#     - failure

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/filter_plugins/netaddr.py

@@ -1,14 +0,0 @@
-import netaddr
-
-def netaddr_iter_iprange(ip_start, ip_end):
-    return [str(ip) for ip in netaddr.iter_iprange(ip_start, ip_end)]
-
-class FilterModule(object):
-        ''' Ansible filter. Interface to netaddr methods.
-            https://pypi.org/project/netaddr/
-        '''
-
-        def filters(self):
-            return {
-                'netaddr_iter_iprange': netaddr_iter_iprange
-            }

ansible/roles/firstboot/files/ansible_payload/bootstrap/roles/metacluster/tasks/git.yml

@@ -55,7 +55,6 @@
         force_basic_auth: yes
         body:
           name: token_init_{{ lookup('password', '/dev/null length=5 chars=ascii_letters,digits') }}
-          scopes: ["write:public_key","write:org"]
       register: gitea_api_token
 
     - name: Retrieve existing gitea configuration

ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.cluster-template.j2

@@ -3,8 +3,8 @@ kind: Kustomization
 resources:
 - cluster-template.yaml
 
-patches:
+patchesStrategicMerge:
-- patch: |-
+  - |-
     apiVersion: v1
     kind: Secret
     metadata:
@@ -32,7 +32,7 @@ patches:
             [Network]
             public-network = "${VSPHERE_NETWORK}"
         type: Opaque
-- patch: |-
+  - |-
     apiVersion: controlplane.cluster.x-k8s.io/v1beta1
     kind: KubeadmControlPlane
     metadata:
@@ -42,12 +42,7 @@ patches:
       kubeadmConfigSpec:
         clusterConfiguration:
           imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-        ntp:
+  - |-
-          enabled: true
-          servers:
-            - 0.nl.pool.ntp.org
-            - 1.nl.pool.ntp.org
-- patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
     metadata:
@@ -58,12 +53,7 @@ patches:
         spec:
           clusterConfiguration:
             imageRepository: registry.{{ _template.network.fqdn }}/kubeadm
-          ntp:
+  - |-
-            enabled: true
-            servers:
-              - 0.nl.pool.ntp.org
-              - 1.nl.pool.ntp.org
-- patch: |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
     metadata:
@@ -96,7 +86,7 @@ patches:
               {{ _template.rootca | indent(width=14, first=False) | trim }}
             owner: root:root
             path: /usr/local/share/ca-certificates/root_ca.crt
-- patch: |-
+  - |-
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: VSphereMachineTemplate
     metadata:
@@ -115,7 +105,7 @@ patches:
               nameservers:
               - {{ _template.network.dnsserver }}
               networkName: '${VSPHERE_NETWORK}'
-- patch: |-
+  - |-
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: VSphereMachineTemplate
     metadata:
@@ -135,131 +125,132 @@ patches:
               - {{ _template.network.dnsserver }}
               networkName: '${VSPHERE_NETWORK}'
 
-- target:
+patchesJson6902:
-    group: controlplane.cluster.x-k8s.io
+  - target:
-    version: v1beta1
+      group: controlplane.cluster.x-k8s.io
-    kind: KubeadmControlPlane
+      version: v1beta1
-    name: .*
+      kind: KubeadmControlPlane
-  patch: |-
+      name: .*
-    - op: add
+    patch: |-
-      path: /spec/kubeadmConfigSpec/files/-
+      - op: add
-      value:
+        path: /spec/kubeadmConfigSpec/files/-
-        content: |
+        value:
-            [plugins."io.containerd.grpc.v1.cri".registry]
+          content: |
-              config_path = "/etc/containerd/certs.d"
+              [plugins."io.containerd.grpc.v1.cri".registry]
-        append: true
+                config_path = "/etc/containerd/certs.d"
-        path: /etc/containerd/config.toml
+          append: true
+          path: /etc/containerd/config.toml
 {% for registry in _template.registries %}
-    - op: add
+      - op: add
-      path: /spec/kubeadmConfigSpec/files/-
+        path: /spec/kubeadmConfigSpec/files/-
-      value:
+        value:
-        content: |
+          content: |
-          server = "https://{{ registry }}"
+            server = "https://{{ registry }}"
 
-          [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
+            [host."https://registry.{{ _template.network.fqdn }}/v2/library/{{ registry }}"]
-            capabilities = ["pull", "resolve"]
+              capabilities = ["pull", "resolve"]
-            override_path = true
+              override_path = true
-        owner: root:root
+          owner: root:root
-        path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
+          path: /etc/containerd/certs.d/{{ registry }}/hosts.toml
 {% endfor %}
-    - op: add
+      - op: add
-      path: /spec/kubeadmConfigSpec/files/-
+        path: /spec/kubeadmConfigSpec/files/-
-      value:
+        value:
-        content: |
+          content: |
-          network: {config: disabled}
+            network: {config: disabled}
-        owner: root:root
+          owner: root:root
-        path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
+          path: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg
-    - op: add
+      - op: add
-      path: /spec/kubeadmConfigSpec/files/-
+        path: /spec/kubeadmConfigSpec/files/-
-      value:
+        value:
-        content: |
+          content: |
-          {{ _template.rootca | indent(width=10, first=False) | trim }}
+            {{ _template.rootca | indent(width=12, first=False) | trim }}
-        owner: root:root
+          owner: root:root
-        path: /usr/local/share/ca-certificates/root_ca.crt
+          path: /usr/local/share/ca-certificates/root_ca.crt
-- target:
+  - target:
-    group: bootstrap.cluster.x-k8s.io
+      group: bootstrap.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: KubeadmConfigTemplate
+      kind: KubeadmConfigTemplate
-    name: .*
+      name: .*
-  patch: |-
+    patch: |-
 {% for cmd in _template.runcmds %}
-    - op: add
+      - op: add
-      path: /spec/template/spec/preKubeadmCommands/-
+        path: /spec/template/spec/preKubeadmCommands/-
-      value: {{ cmd }}
+        value: {{ cmd }}
 {% endfor %}
-- target:
+  - target:
-    group: controlplane.cluster.x-k8s.io
+      group: controlplane.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: KubeadmControlPlane
+      kind: KubeadmControlPlane
-    name: .*
+      name: .*
-  patch: |-
+    patch: |-
 {% for cmd in _template.runcmds %}
-    - op: add
+      - op: add
-      path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
+        path: /spec/kubeadmConfigSpec/preKubeadmCommands/-
-      value: {{ cmd }}
+        value: {{ cmd }}
 {% endfor %}
 
-- target:
+  - target:
-    group: infrastructure.cluster.x-k8s.io
+      group: infrastructure.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: VSphereMachineTemplate
+      kind: VSphereMachineTemplate
-    name: \${CLUSTER_NAME}
+      name: \${CLUSTER_NAME}
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /metadata/name
+        path: /metadata/name
-      value: ${CLUSTER_NAME}-master
+        value: ${CLUSTER_NAME}-master
-- target:
+  - target:
-    group: controlplane.cluster.x-k8s.io
+      group: controlplane.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: KubeadmControlPlane
+      kind: KubeadmControlPlane
-    name: \${CLUSTER_NAME}
+      name: \${CLUSTER_NAME}
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /metadata/name
+        path: /metadata/name
-      value: ${CLUSTER_NAME}-master
+        value: ${CLUSTER_NAME}-master
-    - op: replace
+      - op: replace
-      path: /spec/machineTemplate/infrastructureRef/name
+        path: /spec/machineTemplate/infrastructureRef/name
-      value: ${CLUSTER_NAME}-master
+        value: ${CLUSTER_NAME}-master
-- target:
+  - target:
-    group: cluster.x-k8s.io
+      group: cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: Cluster
+      kind: Cluster
-    name: \${CLUSTER_NAME}
+      name: \${CLUSTER_NAME}
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /spec/controlPlaneRef/name
+        path: /spec/controlPlaneRef/name
-      value: ${CLUSTER_NAME}-master
+        value: ${CLUSTER_NAME}-master
 
-- target:
+  - target:
-    group: infrastructure.cluster.x-k8s.io
+      group: infrastructure.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: VSphereMachineTemplate
+      kind: VSphereMachineTemplate
-    name: \${CLUSTER_NAME}-worker
+      name: \${CLUSTER_NAME}-worker
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /spec/template/spec/numCPUs
+        path: /spec/template/spec/numCPUs
-      value: {{ _template.nodesize.cpu }}
+        value: {{ _template.nodesize.cpu }}
-    - op: replace
+      - op: replace
-      path: /spec/template/spec/memoryMiB
+        path: /spec/template/spec/memoryMiB
-      value: {{ _template.nodesize.memory }}
+        value: {{ _template.nodesize.memory }}
-- target:
+  - target:
-    group: cluster.x-k8s.io
+      group: cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: MachineDeployment
+      kind: MachineDeployment
-    name: \${CLUSTER_NAME}-md-0
+      name: \${CLUSTER_NAME}-md-0
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /metadata/name
+        path: /metadata/name
-      value: ${CLUSTER_NAME}-worker
+        value: ${CLUSTER_NAME}-worker
-    - op: replace
+      - op: replace
-      path: /spec/template/spec/bootstrap/configRef/name
+        path: /spec/template/spec/bootstrap/configRef/name
-      value: ${CLUSTER_NAME}-worker
+        value: ${CLUSTER_NAME}-worker
-- target:
+  - target:
-    group: bootstrap.cluster.x-k8s.io
+      group: bootstrap.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: KubeadmConfigTemplate
+      kind: KubeadmConfigTemplate
-    name: \${CLUSTER_NAME}-md-0
+      name: \${CLUSTER_NAME}-md-0
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /metadata/name
+        path: /metadata/name
-      value: ${CLUSTER_NAME}-worker
+        value: ${CLUSTER_NAME}-worker

ansible/roles/firstboot/files/ansible_payload/bootstrap/templates/kustomization.nodepool.j2

@@ -5,8 +5,8 @@ resources:
 - manifests/machinedeployment-{{ _template.cluster.name }}-worker.yaml
 - manifests/vspheremachinetemplate-{{ _template.cluster.name }}-worker.yaml
 
-patches:
+patchesStrategicMerge:
-- patch: |-
+  - |-
     apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
     kind: KubeadmConfigTemplate
     metadata:
@@ -31,7 +31,7 @@ patches:
           mounts:
           - - LABEL=blockstorage
             - /mnt/blockstorage
-- patch: |-
+  - |-
     apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
     kind: VSphereMachineTemplate
     metadata:
@@ -43,41 +43,42 @@ patches:
           additionalDisksGiB:
           - {{ _template.nodepool.additionaldisk }}
 
-- target:
+patchesJson6902:
-    group: bootstrap.cluster.x-k8s.io
+  - target:
-    version: v1beta1
+      group: bootstrap.cluster.x-k8s.io
-    kind: KubeadmConfigTemplate
+      version: v1beta1
-    name: {{ _template.cluster.name }}-worker
+      kind: KubeadmConfigTemplate
-  patch: |-
+      name: {{ _template.cluster.name }}-worker
-    - op: replace
+    patch: |-
-      path: /metadata/name
+      - op: replace
-      value: {{ _template.cluster.name }}-worker-storage
+        path: /metadata/name
+        value: {{ _template.cluster.name }}-worker-storage
 
-- target:
+  - target:
-    group: cluster.x-k8s.io
+      group: cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: MachineDeployment
+      kind: MachineDeployment
-    name: {{ _template.cluster.name }}-worker
+      name: {{ _template.cluster.name }}-worker
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /metadata/name
+        path: /metadata/name
-      value: {{ _template.cluster.name }}-worker-storage
+        value: {{ _template.cluster.name }}-worker-storage
-    - op: replace
+      - op: replace
-      path: /spec/template/spec/bootstrap/configRef/name
+        path: /spec/template/spec/bootstrap/configRef/name
-      value: {{ _template.cluster.name }}-worker-storage
+        value: {{ _template.cluster.name }}-worker-storage
-    - op: replace
+      - op: replace
-      path: /spec/template/spec/infrastructureRef/name
+        path: /spec/template/spec/infrastructureRef/name
-      value: {{ _template.cluster.name }}-worker-storage
+        value: {{ _template.cluster.name }}-worker-storage
-    - op: replace
+      - op: replace
-      path: /spec/replicas
+        path: /spec/replicas
-      value: {{ _template.nodepool.size }}
+        value: {{ _template.nodepool.size }}
 
-- target:
+  - target:
-    group: infrastructure.cluster.x-k8s.io
+      group: infrastructure.cluster.x-k8s.io
-    version: v1beta1
+      version: v1beta1
-    kind: VSphereMachineTemplate
+      kind: VSphereMachineTemplate
-    name: {{ _template.cluster.name }}-worker
+      name: {{ _template.cluster.name }}-worker
-  patch: |-
+    patch: |-
-    - op: replace
+      - op: replace
-      path: /metadata/name
+        path: /metadata/name
-      value: {{ _template.cluster.name }}-worker-storage
+        value: {{ _template.cluster.name }}-worker-storage

ansible/vars/metacluster.yml

@@ -1,7 +1,7 @@
 platform:
 
   k3s:
-    version: v1.26.5+k3s1
+    version: v1.25.9+k3s1
 
   packaged_components:
     - name: traefik
@@ -56,7 +56,7 @@ components:
 
   argo-cd:
     helm:
-      version: 5.34.6  # (= ArgoCD v2.7.3)
+      version: 5.27.4  # (= ArgoCD v2.6.7)
       chart: argo/argo-cd
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       chart_values: !unsafe |
@@ -99,7 +99,7 @@ components:
 
   cert-manager:
     helm:
-      version: 1.12.1
+      version: 1.11.0
       chart: jetstack/cert-manager
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       # chart_values: !unsafe |
@@ -109,19 +109,19 @@ components:
     management:
       version:
         # Must match the version referenced at `dependencies.static_binaries[.filename==clusterctl].url`
-        base: v1.4.1
+        base: v1.4.0
         # Must match the version referenced at `components.cert-manager.helm.version`
-        cert_manager: v1.11.1
+        cert_manager: v1.11.0
-        infrastructure_vsphere: v1.6.1
+        infrastructure_vsphere: v1.6.0
         ipam_incluster: v0.1.0-alpha.2
         # Refer to `https://console.cloud.google.com/gcr/images/cloud-provider-vsphere/GLOBAL/cpi/release/manager` for available tags
-        cpi_vsphere: v1.26.2
+        cpi_vsphere: v1.25.2
     workload:
       version:
-        calico: v3.26.0
+        calico: v3.25.0
-        k8s: v1.26.5
+        k8s: v1.25.9
       node_template:
-        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.26.5.ova
+        url: https://{{ repo_username }}:{{ repo_password }}@sn.itch.fyi/Repository/rel/ubuntu-2204-kube-v1.25.9.ova
 
   # dex:
   #   helm:
@@ -173,7 +173,7 @@ components:
 
   gitea:
     helm:
-      version: v8.3.0 # (= Gitea v1.19.3)
+      version: v7.0.2 # (= Gitea v1.18.3)
       chart: gitea-charts/gitea
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | sed '/:/!s/$/:latest/'
       chart_values: !unsafe |
@@ -204,7 +204,7 @@ components:
 
   harbor:
     helm:
-      version: 1.12.1  # (= Harbor v2.8.1)
+      version: 1.11.0  # (= Harbor v2.7.0)
       chart: harbor/harbor
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       chart_values: !unsafe |
@@ -259,7 +259,7 @@ components:
 
   kube-prometheus-stack:
     helm:
-      version: 46.5.0  # (= Prometheus version v0.65.1)
+      version: 45.2.0
       chart: prometheus-community/kube-prometheus-stack
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'
       chart_values: !unsafe |
@@ -270,11 +270,11 @@ components:
 
   kubevip:
     # Must match the version referenced at `dependencies.container_images`
-    version: v0.6.0
+    version: v0.5.8
 
   longhorn:
     helm:
-      version: 1.4.2
+      version: 1.4.1
       chart: longhorn/longhorn
       parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
       chart_values: !unsafe |
@@ -290,7 +290,7 @@ components:
 
   step-certificates:
     helm:
-      version: 1.23.2+5  # (= step-ca v0.23.2)
+      version: 1.23.0
       chart: smallstep/step-certificates
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sed '/:/!s/$/:latest/' | sort -u
       chart_values: !unsafe |
@@ -320,7 +320,7 @@ dependencies:
   container_images:
     # This should match the image tag referenced at `platform.packaged_components[.name==traefik].config`
     - busybox:1
-    - ghcr.io/kube-vip/kube-vip:v0.6.0
+    - ghcr.io/kube-vip/kube-vip:v0.5.8
     # The following list is generated by running the following commands:
     #   $ clusterctl init -i vsphere:<version> [...]
     #   $ clusterctl generate cluster <name> [...] | yq eval '.data.data' | yq --no-doc eval '.. | .image? | select(.)' | sort -u
@@ -334,25 +334,25 @@ dependencies:
 
   static_binaries:
     - filename: clusterctl
-      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.1/clusterctl-linux-amd64
+      url: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.4.0/clusterctl-linux-amd64
     - filename: govc
-      url: https://github.com/vmware/govmomi/releases/download/v0.30.4/govc_Linux_x86_64.tar.gz
+      url: https://github.com/vmware/govmomi/releases/download/v0.29.0/govc_Linux_x86_64.tar.gz
       archive: compressed
     - filename: helm
-      url: https://get.helm.sh/helm-v3.12.0-linux-amd64.tar.gz
+      url: https://get.helm.sh/helm-v3.10.2-linux-amd64.tar.gz
       archive: compressed
       extra_opts: --strip-components=1
     - filename: kubectl-slice
-      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.6/kubectl-slice_linux_x86_64.tar.gz
+      url: https://github.com/patrickdappollonio/kubectl-slice/releases/download/v1.2.5/kubectl-slice_linux_x86_64.tar.gz
       archive: compressed
     - filename: skopeo
       url: https://code.spamasaurus.com/api/packages/djpbessems/generic/skopeo/v1.12.0/skopeo_linux_amd64
     - filename: step
-      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.2/step_linux_0.23.2_amd64.tar.gz
+      url: https://dl.step.sm/gh-release/cli/gh-release-header/v0.23.0/step_linux_0.23.0_amd64.tar.gz
       archive: compressed
       extra_opts: --strip-components=2
     - filename: yq
-      url: http://github.com/mikefarah/yq/releases/download/v4.34.1/yq_linux_amd64
+      url: http://github.com/mikefarah/yq/releases/download/v4.30.5/yq_linux_amd64
 
   packages:
     apt:

ansible/vars/workloadcluster.yml

@@ -9,7 +9,7 @@ downstream:
   helm_charts:
 
     longhorn:
-      version: 1.4.2
+      version: 1.4.1
       chart: longhorn/longhorn
       namespace: longhorn-system
       parse_logic: cat values.yaml | yq eval '.. | select(has("repository")) | .repository + ":" + .tag'
@@ -19,7 +19,7 @@ downstream:
           defaultDataPath: /mnt/blockstorage
 
     sealed-secrets:
-      version: 2.9.0  # (= Sealed Secrets v0.21.0)
+      version: 2.8.1  # (= Sealed Secrets v0.20.2)
       chart: sealed-secrets/sealed-secrets
       namespace: sealed-secrets
       parse_logic: helm template . | yq --no-doc eval '.. | .image? | select(.)' | sort -u | awk '!/ /'