Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for release CRs #290

Merged
merged 16 commits into from
Oct 15, 2024
Merged

Add support for release CRs #290

merged 16 commits into from
Oct 15, 2024

Conversation

njuettner
Copy link
Member

@njuettner njuettner commented Sep 26, 2024
edited
Loading

Towards: giantswarm/roadmap#3646
Aligning with CAPA/CAPZ Releases.

Since it's a breaking change I added a note to the changelog.

From now on we would fetch all app / helmrelease versions from the Release CR in releases repo for vsphere.

This has been tested on gcapverde, I applied the first release starting with v27, see giantswarm/releases#1422

Trigger e2e tests

/run cluster-test-suites

@tinkerers-ci
Copy link

tinkerers-ci bot commented Sep 26, 2024

Note

As this is a draft PR no triggers from the PR body will be handled.

If you'd like to trigger them while draft please add them as a PR comment.

@njuettner njuettner marked this pull request as ready for review October 9, 2024 12:23
@njuettner njuettner requested a review from a team as a code owner October 9, 2024 12:23
@njuettner
Copy link
Member Author

njuettner commented Oct 9, 2024
edited
Loading

This has been tested on gcapverde, I applied the first release starting with v27, see giantswarm/releases#1422

@github-actions GitHub Actions
Copy link
Contributor

There were differences in the rendered Helm template, please check! ⚠️

Output 
=== Differences when rendered with values file helm/cluster-vsphere/ci/test-wc-values.yaml ===

(file level)
  - one document removed:
    ---
    # Source: cluster-vsphere/charts/cluster/templates/clusterapi/workers/kubeadmconfigtemplate.yaml
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
      name: test-worker-85fb5
      namespace: org-giantswarm
      labels:
        giantswarm.io/machine-deployment: test-worker
        # deprecated: "app: cluster-vsphere" label is deprecated and it will be removed after upgrading
    # to Kubernetes 1.25. We still need it here because existing ClusterResourceSet selectors
    # need this label on the Cluster resource.
    app: cluster-vsphere
        app.kubernetes.io/name: cluster
        app.kubernetes.io/version: 1.2.1
        app.kubernetes.io/part-of: cluster-vsphere
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cluster-1.2.1
        application.giantswarm.io/team: turtles
        giantswarm.io/cluster: test
        giantswarm.io/organization: giantswarm
        giantswarm.io/service-priority: highest
        cluster.x-k8s.io/cluster-name: test
        cluster.x-k8s.io/watch-filter: capi
    spec:
      template:
        spec:
          format: ignition
          ignition:
            containerLinuxConfig:
              additionalConfig: |
                systemd:
                  units:      
                  - name: os-hardening.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Apply os hardening
                      [Service]
                      Type=oneshot
                      ExecStartPre=-/bin/bash -c "gpasswd -d core rkt; gpasswd -d core docker; gpasswd -d core wheel"
                      ExecStartPre=/bin/bash -c "until [ -f '/etc/sysctl.d/hardening.conf' ]; do echo Waiting for sysctl file; sleep 1s;done;"
                      ExecStart=/usr/sbin/sysctl -p /etc/sysctl.d/hardening.conf
                      [Install]
                      WantedBy=multi-user.target
                  - name: update-engine.service
                    enabled: false
                    mask: true
                  - name: locksmithd.service
                    enabled: false
                    mask: true
                  - name: sshkeys.service
                    enabled: false
                    mask: true
                  - name: teleport.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Teleport Service
                      After=network.target
                      [Service]
                      Type=simple
                      Restart=on-failure
                      ExecStart=/opt/bin/teleport start --roles=node --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
                      ExecReload=/bin/kill -HUP $MAINPID
                      PIDFile=/run/teleport.pid
                      LimitNOFILE=524288
                      [Install]
                      WantedBy=multi-user.target
                  - name: kubeadm.service
                    dropins:
                    - name: 10-flatcar.conf
                      contents: |
                        [Unit]
                        # kubeadm must run after coreos-metadata populated /run/metadata directory.
                        Requires=coreos-metadata.service
                        After=coreos-metadata.service
                        # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939.
                        After=containerd.service
                        # kubeadm requires having an IP
                        After=network-online.target
                        Wants=network-online.target
                        [Service]
                        # Ensure kubeadm service has access to kubeadm binary in /opt/bin on Flatcar.
                        Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/bin
                        # To make metadata environment variables available for pre-kubeadm commands.
                        EnvironmentFile=/run/metadata/*
                  - name: containerd.service
                    enabled: true
                    contents: |
                    dropins:
                    - name: 10-change-cgroup.conf
                      contents: |
                        [Service]
                        CPUAccounting=true
                        MemoryAccounting=true
                        Slice=kubereserved.slice
                  - name: audit-rules.service
                    enabled: true
                    dropins:
                    - name: 10-wait-for-containerd.conf
                      contents: |
                        [Service]
                        ExecStartPre=/bin/bash -c "while [ ! -f /etc/audit/rules.d/containerd.rules ]; do echo 'Waiting for /etc/audit/rules.d/containerd.rules to be written' && sleep 1; done"
                        Restart=on-failure      
                  - name: coreos-metadata.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=VMWare metadata agent
                      [Install]
                      WantedBy=multi-user.target
                    dropins:
                    - name: 10-coreos-metadata.conf
                      contents: |
                        [Unit]
                        After=nss-lookup.target
                        After=network-online.target
                        Wants=network-online.target
                        [Service]
                        Type=oneshot
                        Restart=on-failure
                        RemainAfterExit=yes
                        Environment=OUTPUT=/run/metadata/coreos
                        ExecStart=/usr/bin/mkdir --parent /run/metadata
                        ExecStart=/usr/bin/bash -cv 'echo "COREOS_CUSTOM_HOSTNAME=$("$(find /usr/bin /usr/share/oem -name vmtoolsd -type f -executable 2>/dev/null | head -n 1)" --cmd "info-get guestinfo.metadata" | base64 -d | awk \'/local-hostname/ {print $2}\' | tr -d \'"\')" >> ${OUTPUT}'
                        ExecStart=/usr/bin/bash -cv 'echo "COREOS_CUSTOM_IPV4=$("$(find /usr/bin /usr/share/oem -name vmtoolsd -type f -executable 2>/dev/null | head -n 1)" --cmd "info-get guestinfo.ip")" >> ${OUTPUT}'
                  - name: set-hostname.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Set machine hostname
                      [Install]
                      WantedBy=multi-user.target
                    dropins:
                    - name: 10-set-hostname.conf
                      contents: |
                        [Unit]
                        Requires=coreos-metadata.service
                        After=coreos-metadata.service
                        Before=teleport.service
                        [Service]
                        Type=oneshot
                        RemainAfterExit=yes
                        EnvironmentFile=/run/metadata/coreos
                        ExecStart=/opt/bin/set-hostname.sh
                  - name: ethtool-segmentation.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Disable TCP segmentation offloading
                      [Install]
                      WantedBy=default.target
                    dropins:
                    - name: 10-ethtool-segmentation.conf
                      contents: |
                        [Unit]
                        After=network.target
                        [Service]
                        Type=oneshot
                        RemainAfterExit=yes
                        ExecStart=/usr/sbin/ethtool -K ens192 tx-udp_tnl-csum-segmentation off
                        ExecStart=/usr/sbin/ethtool -K ens192 tx-udp_tnl-segmentation off
                storage:
                  filesystems:      
                  directories:      
                  - path: /var/lib/kubelet
                    mode: 0750      
                
          joinConfiguration:
            nodeRegistration:
              name: ${COREOS_CUSTOM_HOSTNAME}
              kubeletExtraArgs:
                cloud-provider: external
                healthz-bind-address: 0.0.0.0
                node-ip: ${COREOS_CUSTOM_IPV4}
                node-labels: "ip=${COREOS_CUSTOM_IPV4},role=worker,giantswarm.io/machine-pool=test-worker,"
                v: 2
            patches:
              directory: /etc/kubernetes/patches
          preKubeadmCommands:
          - "envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp"
          - "mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml"
          - "systemctl restart containerd"
          postKubeadmCommands:
          - "usermod -aG root nobody"
          users:
          - name: giantswarm
            groups: sudo
            sudo: "ALL=(ALL) NOPASSWD:ALL"
          files:
          - path: /etc/sysctl.d/hardening.conf
            permissions: 0644
            encoding: base64
            content: ZnMuaW5vdGlmeS5tYXhfdXNlcl93YXRjaGVzID0gMTYzODQKZnMuaW5vdGlmeS5tYXhfdXNlcl9pbnN0YW5jZXMgPSA4MTkyCmtlcm5lbC5rcHRyX3Jlc3RyaWN0ID0gMgprZXJuZWwuc3lzcnEgPSAwCm5ldC5pcHY0LmNvbmYuYWxsLmxvZ19tYXJ0aWFucyA9IDEKbmV0LmlwdjQuY29uZi5hbGwuc2VuZF9yZWRpcmVjdHMgPSAwCm5ldC5pcHY0LmNvbmYuZGVmYXVsdC5hY2NlcHRfcmVkaXJlY3RzID0gMApuZXQuaXB2NC5jb25mLmRlZmF1bHQubG9nX21hcnRpYW5zID0gMQpuZXQuaXB2NC50Y3BfdGltZXN0YW1wcyA9IDAKbmV0LmlwdjYuY29uZi5hbGwuYWNjZXB0X3JlZGlyZWN0cyA9IDAKbmV0LmlwdjYuY29uZi5kZWZhdWx0LmFjY2VwdF9yZWRpcmVjdHMgPSAwCiMgSW5jcmVhc2VkIG1tYXBmcyBiZWNhdXNlIHNvbWUgYXBwbGljYXRpb25zLCBsaWtlIEVTLCBuZWVkIGhpZ2hlciBsaW1pdCB0byBzdG9yZSBkYXRhIHByb3Blcmx5CnZtLm1heF9tYXBfY291bnQgPSAyNjIxNDQKIyBSZXNlcnZlZCB0byBhdm9pZCBjb25mbGljdHMgd2l0aCBrdWJlLWFwaXNlcnZlciwgd2hpY2ggYWxsb2NhdGVzIHdpdGhpbiB0aGlzIHJhbmdlCm5ldC5pcHY0LmlwX2xvY2FsX3Jlc2VydmVkX3BvcnRzPTMwMDAwLTMyNzY3Cm5ldC5pcHY0LmNvbmYuYWxsLnJwX2ZpbHRlciA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2lnbm9yZSA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2Fubm91bmNlID0gMgoKIyBUaGVzZSBhcmUgcmVxdWlyZWQgZm9yIHRoZSBrdWJlbGV0ICctLXByb3RlY3Qta2VybmVsLWRlZmF1bHRzJyBmbGFnCiMgU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9naWFudHN3YXJtL2dpYW50c3dhcm0vaXNzdWVzLzEzNTg3CnZtLm92ZXJjb21taXRfbWVtb3J5PTEKa2VybmVsLnBhbmljPTEwCmtlcm5lbC5wYW5pY19vbl9vb3BzPTEK
          - path: /etc/selinux/config
            permissions: 0644
            encoding: base64
            content: IyBUaGlzIGZpbGUgY29udHJvbHMgdGhlIHN0YXRlIG9mIFNFTGludXggb24gdGhlIHN5c3RlbSBvbiBib290LgoKIyBTRUxJTlVYIGNhbiB0YWtlIG9uZSBvZiB0aGVzZSB0aHJlZSB2YWx1ZXM6CiMgICAgICAgZW5mb3JjaW5nIC0gU0VMaW51eCBzZWN1cml0eSBwb2xpY3kgaXMgZW5mb3JjZWQuCiMgICAgICAgcGVybWlzc2l2ZSAtIFNFTGludXggcHJpbnRzIHdhcm5pbmdzIGluc3RlYWQgb2YgZW5mb3JjaW5nLgojICAgICAgIGRpc2FibGVkIC0gTm8gU0VMaW51eCBwb2xpY3kgaXMgbG9hZGVkLgpTRUxJTlVYPXBlcm1pc3NpdmUKCiMgU0VMSU5VWFRZUEUgY2FuIHRha2Ugb25lIG9mIHRoZXNlIGZvdXIgdmFsdWVzOgojICAgICAgIHRhcmdldGVkIC0gT25seSB0YXJnZXRlZCBuZXR3b3JrIGRhZW1vbnMgYXJlIHByb3RlY3RlZC4KIyAgICAgICBzdHJpY3QgICAtIEZ1bGwgU0VMaW51eCBwcm90ZWN0aW9uLgojICAgICAgIG1scyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1MZXZlbCBTZWN1cml0eQojICAgICAgIG1jcyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1DYXRlZ29yeSBTZWN1cml0eQojICAgICAgICAgICAgICAgICAgKG1scywgYnV0IG9ubHkgb25lIHNlbnNpdGl2aXR5IGxldmVsKQpTRUxJTlVYVFlQRT1tY3MK
          - path: /etc/ssh/trusted-user-ca-keys.pem
            permissions: 0600
            encoding: base64
            content: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU00Y3ZaMDFmTG1POWNKYldVajdzZkYrTmhFQ2d5K0NsMGJhelNyWlg3c1UgdmF1bHQtY2FAdmF1bHQub3BlcmF0aW9ucy5naWFudHN3YXJtLmlvCg==
          - path: /etc/ssh/sshd_config
            permissions: 0600
            encoding: base64
            content: IyBVc2UgbW9zdCBkZWZhdWx0cyBmb3Igc3NoZCBjb25maWd1cmF0aW9uLgpTdWJzeXN0ZW0gc2Z0cCBpbnRlcm5hbC1zZnRwCkNsaWVudEFsaXZlSW50ZXJ2YWwgMTgwClVzZUROUyBubwpVc2VQQU0geWVzClByaW50TGFzdExvZyBubyAjIGhhbmRsZWQgYnkgUEFNClByaW50TW90ZCBubyAjIGhhbmRsZWQgYnkgUEFNCiMgTm9uIGRlZmF1bHRzICgjMTAwKQpDbGllbnRBbGl2ZUNvdW50TWF4IDIKUGFzc3dvcmRBdXRoZW50aWNhdGlvbiBubwpUcnVzdGVkVXNlckNBS2V5cyAvZXRjL3NzaC90cnVzdGVkLXVzZXItY2Eta2V5cy5wZW0KTWF4QXV0aFRyaWVzIDUKTG9naW5HcmFjZVRpbWUgNjAKQWxsb3dUY3BGb3J3YXJkaW5nIG5vCkFsbG93QWdlbnRGb3J3YXJkaW5nIG5vCkNBU2lnbmF0dXJlQWxnb3JpdGhtcyBlY2RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQsZWNkc2Etc2hhMi1uaXN0cDUyMSxzc2gtZWQyNTUxOSxyc2Etc2hhMi01MTIscnNhLXNoYTItMjU2LHNzaC1yc2EK
          - path: /etc/containerd/config.toml
            permissions: 0644
            contentFrom:
              secret:
                name: test-containerd-b21d846e
                key: config.toml
          - path: /etc/kubernetes/patches/kubeletconfiguration.yaml
            permissions: 0644
            encoding: base64
            content: YXBpVmVyc2lvbjoga3ViZWxldC5jb25maWcuazhzLmlvL3YxYmV0YTEKa2luZDogS3ViZWxldENvbmZpZ3VyYXRpb24Kc2h1dGRvd25HcmFjZVBlcmlvZDogMzAwcwpzaHV0ZG93bkdyYWNlUGVyaW9kQ3JpdGljYWxQb2RzOiA2MHMKa2VybmVsTWVtY2dOb3RpZmljYXRpb246IHRydWUKZXZpY3Rpb25Tb2Z0OgogIG1lbW9yeS5hdmFpbGFibGU6ICI1MDBNaSIKZXZpY3Rpb25IYXJkOgogIG1lbW9yeS5hdmFpbGFibGU6ICIyMDBNaSIKICBpbWFnZWZzLmF2YWlsYWJsZTogIjE1JSIKZXZpY3Rpb25Tb2Z0R3JhY2VQZXJpb2Q6CiAgbWVtb3J5LmF2YWlsYWJsZTogIjVzIgpldmljdGlvbk1heFBvZEdyYWNlUGVyaW9kOiA2MAprdWJlUmVzZXJ2ZWQ6CiAgY3B1OiAzNTBtCiAgbWVtb3J5OiAxMjgwTWkKICBlcGhlbWVyYWwtc3RvcmFnZTogMTAyNE1pCmt1YmVSZXNlcnZlZENncm91cDogL2t1YmVyZXNlcnZlZC5zbGljZQpwcm90ZWN0S2VybmVsRGVmYXVsdHM6IHRydWUKc3lzdGVtUmVzZXJ2ZWQ6CiAgY3B1OiAyNTBtCiAgbWVtb3J5OiAzODRNaQpzeXN0ZW1SZXNlcnZlZENncm91cDogL3N5c3RlbS5zbGljZQp0bHNDaXBoZXJTdWl0ZXM6Ci0gVExTX0FFU18xMjhfR0NNX1NIQTI1NgotIFRMU19BRVNfMjU2X0dDTV9TSEEzODQKLSBUTFNfQ0hBQ0hBMjBfUE9MWTEzMDVfU0hBMjU2Ci0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzEyOF9DQkNfU0hBCi0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzEyOF9HQ01fU0hBMjU2Ci0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9DQkNfU0hBCi0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9HQ01fU0hBMzg0Ci0gVExTX0VDREhFX0VDRFNBX1dJVEhfQ0hBQ0hBMjBfUE9MWTEzMDUKLSBUTFNfRUNESEVfRUNEU0FfV0lUSF9DSEFDSEEyMF9QT0xZMTMwNV9TSEEyNTYKLSBUTFNfRUNESEVfUlNBX1dJVEhfQUVTXzEyOF9DQkNfU0hBCi0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgotIFRMU19FQ0RIRV9SU0FfV0lUSF9BRVNfMjU2X0NCQ19TSEEKLSBUTFNfRUNESEVfUlNBX1dJVEhfQUVTXzI1Nl9HQ01fU0hBMzg0Ci0gVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1Ci0gVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NgotIFRMU19SU0FfV0lUSF9BRVNfMTI4X0NCQ19TSEEKLSBUTFNfUlNBX1dJVEhfQUVTXzEyOF9HQ01fU0hBMjU2Ci0gVExTX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQotIFRMU19SU0FfV0lUSF9BRVNfMjU2X0dDTV9TSEEzODQKc2VyaWFsaXplSW1hZ2VQdWxsczogZmFsc2UKc3RyZWFtaW5nQ29ubmVjdGlvbklkbGVUaW1lb3V0OiAxaAphbGxvd2VkVW5zYWZlU3lzY3RsczoKLSAibmV0LioiCg==
          - path: /etc/systemd/logind.conf.d/zzz-kubelet-graceful-shutdown.conf
            permissions: 0700
            encoding: base64
            content: W0xvZ2luXQojIGRlbGF5CkluaGliaXREZWxheU1heFNlYz0zMDAK
          - path: /etc/teleport-join-token
            permissions: 0644
            contentFrom:
              secret:
                name: test-teleport-join-token
                key: joinToken
          - path: /opt/teleport-node-role.sh
            permissions: 0755
            encoding: base64
            content: IyEvYmluL2Jhc2gKCmlmIHN5c3RlbWN0bCBpcy1hY3RpdmUgLXEga3ViZWxldC5zZXJ2aWNlOyB0aGVuCiAgICBpZiBbIC1lICIvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzL2t1YmUtYXBpc2VydmVyLnlhbWwiIF07IHRoZW4KICAgICAgICBlY2hvICJjb250cm9sLXBsYW5lIgogICAgZWxzZQogICAgICAgIGVjaG8gIndvcmtlciIKICAgIGZpCmVsc2UKICAgIGVjaG8gIiIKZmkK
          - path: /etc/teleport.yaml
            permissions: 0644
            encoding: base64
            content: dmVyc2lvbjogdjMKdGVsZXBvcnQ6CiAgZGF0YV9kaXI6IC92YXIvbGliL3RlbGVwb3J0CiAgam9pbl9wYXJhbXM6CiAgICB0b2tlbl9uYW1lOiAvZXRjL3RlbGVwb3J0LWpvaW4tdG9rZW4KICAgIG1ldGhvZDogdG9rZW4KICBwcm94eV9zZXJ2ZXI6IHRlbGVwb3J0LmdpYW50c3dhcm0uaW86NDQzCiAgbG9nOgogICAgb3V0cHV0OiBzdGRlcnIKYXV0aF9zZXJ2aWNlOgogIGVuYWJsZWQ6ICJubyIKc3NoX3NlcnZpY2U6CiAgZW5hYmxlZDogInllcyIKICBjb21tYW5kczoKICAtIG5hbWU6IG5vZGUKICAgIGNvbW1hbmQ6IFtob3N0bmFtZV0KICAgIHBlcmlvZDogMjRoMG0wcwogIC0gbmFtZTogYXJjaAogICAgY29tbWFuZDogW3VuYW1lLCAtbV0KICAgIHBlcmlvZDogMjRoMG0wcwogIC0gbmFtZTogcm9sZQogICAgY29tbWFuZDogWy9vcHQvdGVsZXBvcnQtbm9kZS1yb2xlLnNoXQogICAgcGVyaW9kOiAxbTBzCiAgbGFiZWxzOgogICAgaW5zOiAKICAgIG1jOiAKICAgIGNsdXN0ZXI6IHRlc3QKICAgIGJhc2VEb21haW46IGs4cy50ZXN0CnByb3h5X3NlcnZpY2U6CiAgZW5hYmxlZDogIm5vIgo=
          - path: /etc/audit/rules.d/99-default.rules
            permissions: 0640
            encoding: base64
            content: IyBPdmVycmlkZGVuIGJ5IEdpYW50IFN3YXJtLgotYSBleGl0LGFsd2F5cyAtRiBhcmNoPWI2NCAtUyBleGVjdmUgLWsgYXVkaXRpbmcKLWEgZXhpdCxhbHdheXMgLUYgYXJjaD1iMzIgLVMgZXhlY3ZlIC1rIGF1ZGl0aW5nCg==
          - contentFrom:
              secret:
                name: test-provider-specific-files-1
                key: set-hostname.sh
            path: /opt/bin/set-hostname.sh
            permissions: 0755
    
  
    ---
    # Source: cluster-vsphere/charts/cluster/templates/clusterapi/workers/kubeadmconfigtemplate.yaml
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfigTemplate
    metadata:
      name: test-worker-6e425
      namespace: org-giantswarm
      labels:
        giantswarm.io/machine-deployment: test-worker
        # deprecated: "app: cluster-vsphere" label is deprecated and it will be removed after upgrading
    # to Kubernetes 1.25. We still need it here because existing ClusterResourceSet selectors
    # need this label on the Cluster resource.
    app: cluster-vsphere
        app.kubernetes.io/name: cluster
        app.kubernetes.io/version: 1.5.2
        app.kubernetes.io/part-of: cluster-vsphere
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cluster-1.5.2
        application.giantswarm.io/team: turtles
        giantswarm.io/cluster: test
        giantswarm.io/organization: giantswarm
        giantswarm.io/service-priority: highest
        cluster.x-k8s.io/cluster-name: test
        cluster.x-k8s.io/watch-filter: capi
        release.giantswarm.io/version: 27.0.0
    spec:
      template:
        spec:
          format: ignition
          ignition:
            containerLinuxConfig:
              additionalConfig: |
                systemd:
                  units:      
                  - name: os-hardening.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Apply os hardening
                      [Service]
                      Type=oneshot
                      ExecStartPre=-/bin/bash -c "gpasswd -d core rkt; gpasswd -d core docker; gpasswd -d core wheel"
                      ExecStartPre=/bin/bash -c "until [ -f '/etc/sysctl.d/hardening.conf' ]; do echo Waiting for sysctl file; sleep 1s;done;"
                      ExecStart=/usr/sbin/sysctl -p /etc/sysctl.d/hardening.conf
                      [Install]
                      WantedBy=multi-user.target
                  - name: update-engine.service
                    enabled: false
                    mask: true
                  - name: locksmithd.service
                    enabled: false
                    mask: true
                  - name: sshkeys.service
                    enabled: false
                    mask: true
                  - name: teleport.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Teleport Service
                      After=network.target
                      [Service]
                      Type=simple
                      Restart=on-failure
                      ExecStart=/opt/bin/teleport start --roles=node --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
                      ExecReload=/bin/kill -HUP $MAINPID
                      PIDFile=/run/teleport.pid
                      LimitNOFILE=524288
                      [Install]
                      WantedBy=multi-user.target
                  - name: kubeadm.service
                    dropins:
                    - name: 10-flatcar.conf
                      contents: |
                        [Unit]
                        # kubeadm must run after coreos-metadata populated /run/metadata directory.
                        Requires=coreos-metadata.service
                        After=coreos-metadata.service
                        # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939.
                        After=containerd.service
                        # kubeadm requires having an IP
                        After=network-online.target
                        Wants=network-online.target
                        [Service]
                        # Ensure kubeadm service has access to kubeadm binary in /opt/bin on Flatcar.
                        Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/bin
                        # To make metadata environment variables available for pre-kubeadm commands.
                        EnvironmentFile=/run/metadata/*
                  - name: containerd.service
                    enabled: true
                    contents: |
                    dropins:
                    - name: 10-change-cgroup.conf
                      contents: |
                        [Service]
                        CPUAccounting=true
                        MemoryAccounting=true
                        Slice=kubereserved.slice
                  - name: auditd.service
                    enabled: false      
                  - name: coreos-metadata.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=VMWare metadata agent
                      [Install]
                      WantedBy=multi-user.target
                    dropins:
                    - name: 10-coreos-metadata.conf
                      contents: |
                        [Unit]
                        After=nss-lookup.target
                        After=network-online.target
                        Wants=network-online.target
                        [Service]
                        Type=oneshot
                        Restart=on-failure
                        RemainAfterExit=yes
                        Environment=OUTPUT=/run/metadata/coreos
                        ExecStart=/usr/bin/mkdir --parent /run/metadata
                        ExecStart=/usr/bin/bash -cv 'echo "COREOS_CUSTOM_HOSTNAME=$("$(find /usr/bin /usr/share/oem -name vmtoolsd -type f -executable 2>/dev/null | head -n 1)" --cmd "info-get guestinfo.metadata" | base64 -d | awk \'/local-hostname/ {print $2}\' | tr -d \'"\')" >> ${OUTPUT}'
                        ExecStart=/usr/bin/bash -cv 'echo "COREOS_CUSTOM_IPV4=$("$(find /usr/bin /usr/share/oem -name vmtoolsd -type f -executable 2>/dev/null | head -n 1)" --cmd "info-get guestinfo.ip")" >> ${OUTPUT}'
                  - name: set-hostname.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Set machine hostname
                      [Install]
                      WantedBy=multi-user.target
                    dropins:
                    - name: 10-set-hostname.conf
                      contents: |
                        [Unit]
                        Requires=coreos-metadata.service
                        After=coreos-metadata.service
                        Before=teleport.service
                        [Service]
                        Type=oneshot
                        RemainAfterExit=yes
                        EnvironmentFile=/run/metadata/coreos
                        ExecStart=/opt/bin/set-hostname.sh
                  - name: ethtool-segmentation.service
                    enabled: true
                    contents: |
                      [Unit]
                      Description=Disable TCP segmentation offloading
                      [Install]
                      WantedBy=default.target
                    dropins:
                    - name: 10-ethtool-segmentation.conf
                      contents: |
                        [Unit]
                        After=network.target
                        [Service]
                        Type=oneshot
                        RemainAfterExit=yes
                        ExecStart=/usr/sbin/ethtool -K ens192 tx-udp_tnl-csum-segmentation off
                        ExecStart=/usr/sbin/ethtool -K ens192 tx-udp_tnl-segmentation off
                storage:
                  filesystems:      
                  directories:      
                  - path: /var/lib/kubelet
                    mode: 0750      
                
          joinConfiguration:
            nodeRegistration:
              name: ${COREOS_CUSTOM_HOSTNAME}
              kubeletExtraArgs:
                cloud-provider: external
                healthz-bind-address: 0.0.0.0
                node-ip: ${COREOS_CUSTOM_IPV4}
                node-labels: "ip=${COREOS_CUSTOM_IPV4},role=worker,giantswarm.io/machine-pool=test-worker"
                v: 2
            patches:
              directory: /etc/kubernetes/patches
          preKubeadmCommands:
          - "envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp"
          - "mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml"
          - "systemctl restart containerd"
          postKubeadmCommands:
          - "usermod -aG root nobody"
          users:
          - name: giantswarm
            groups: sudo
            sudo: "ALL=(ALL) NOPASSWD:ALL"
          files:
          - path: /etc/sysctl.d/hardening.conf
            permissions: 0644
            encoding: base64
            content: ZnMuaW5vdGlmeS5tYXhfdXNlcl93YXRjaGVzID0gMTYzODQKZnMuaW5vdGlmeS5tYXhfdXNlcl9pbnN0YW5jZXMgPSA4MTkyCmtlcm5lbC5rcHRyX3Jlc3RyaWN0ID0gMgprZXJuZWwuc3lzcnEgPSAwCm5ldC5pcHY0LmNvbmYuYWxsLmxvZ19tYXJ0aWFucyA9IDEKbmV0LmlwdjQuY29uZi5hbGwuc2VuZF9yZWRpcmVjdHMgPSAwCm5ldC5pcHY0LmNvbmYuZGVmYXVsdC5hY2NlcHRfcmVkaXJlY3RzID0gMApuZXQuaXB2NC5jb25mLmRlZmF1bHQubG9nX21hcnRpYW5zID0gMQpuZXQuaXB2NC50Y3BfdGltZXN0YW1wcyA9IDAKbmV0LmlwdjYuY29uZi5hbGwuYWNjZXB0X3JlZGlyZWN0cyA9IDAKbmV0LmlwdjYuY29uZi5kZWZhdWx0LmFjY2VwdF9yZWRpcmVjdHMgPSAwCiMgSW5jcmVhc2VkIG1tYXBmcyBiZWNhdXNlIHNvbWUgYXBwbGljYXRpb25zLCBsaWtlIEVTLCBuZWVkIGhpZ2hlciBsaW1pdCB0byBzdG9yZSBkYXRhIHByb3Blcmx5CnZtLm1heF9tYXBfY291bnQgPSAyNjIxNDQKIyBSZXNlcnZlZCB0byBhdm9pZCBjb25mbGljdHMgd2l0aCBrdWJlLWFwaXNlcnZlciwgd2hpY2ggYWxsb2NhdGVzIHdpdGhpbiB0aGlzIHJhbmdlCm5ldC5pcHY0LmlwX2xvY2FsX3Jlc2VydmVkX3BvcnRzPTMwMDAwLTMyNzY3Cm5ldC5pcHY0LmNvbmYuYWxsLnJwX2ZpbHRlciA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2lnbm9yZSA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2Fubm91bmNlID0gMgoKIyBUaGVzZSBhcmUgcmVxdWlyZWQgZm9yIHRoZSBrdWJlbGV0ICctLXByb3RlY3Qta2VybmVsLWRlZmF1bHRzJyBmbGFnCiMgU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9naWFudHN3YXJtL2dpYW50c3dhcm0vaXNzdWVzLzEzNTg3CnZtLm92ZXJjb21taXRfbWVtb3J5PTEKa2VybmVsLnBhbmljPTEwCmtlcm5lbC5wYW5pY19vbl9vb3BzPTEK
          - path: /etc/selinux/config
            permissions: 0644
            encoding: base64
            content: IyBUaGlzIGZpbGUgY29udHJvbHMgdGhlIHN0YXRlIG9mIFNFTGludXggb24gdGhlIHN5c3RlbSBvbiBib290LgoKIyBTRUxJTlVYIGNhbiB0YWtlIG9uZSBvZiB0aGVzZSB0aHJlZSB2YWx1ZXM6CiMgICAgICAgZW5mb3JjaW5nIC0gU0VMaW51eCBzZWN1cml0eSBwb2xpY3kgaXMgZW5mb3JjZWQuCiMgICAgICAgcGVybWlzc2l2ZSAtIFNFTGludXggcHJpbnRzIHdhcm5pbmdzIGluc3RlYWQgb2YgZW5mb3JjaW5nLgojICAgICAgIGRpc2FibGVkIC0gTm8gU0VMaW51eCBwb2xpY3kgaXMgbG9hZGVkLgpTRUxJTlVYPXBlcm1pc3NpdmUKCiMgU0VMSU5VWFRZUEUgY2FuIHRha2Ugb25lIG9mIHRoZXNlIGZvdXIgdmFsdWVzOgojICAgICAgIHRhcmdldGVkIC0gT25seSB0YXJnZXRlZCBuZXR3b3JrIGRhZW1vbnMgYXJlIHByb3RlY3RlZC4KIyAgICAgICBzdHJpY3QgICAtIEZ1bGwgU0VMaW51eCBwcm90ZWN0aW9uLgojICAgICAgIG1scyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1MZXZlbCBTZWN1cml0eQojICAgICAgIG1jcyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1DYXRlZ29yeSBTZWN1cml0eQojICAgICAgICAgICAgICAgICAgKG1scywgYnV0IG9ubHkgb25lIHNlbnNpdGl2aXR5IGxldmVsKQpTRUxJTlVYVFlQRT1tY3MK
          - path: /etc/ssh/trusted-user-ca-keys.pem
            permissions: 0600
            encoding: base64
            content: c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSU00Y3ZaMDFmTG1POWNKYldVajdzZkYrTmhFQ2d5K0NsMGJhelNyWlg3c1UgdmF1bHQtY2FAdmF1bHQub3BlcmF0aW9ucy5naWFudHN3YXJtLmlvCg==
          - path: /etc/ssh/sshd_config
            permissions: 0600
            encoding: base64
            content: IyBVc2UgbW9zdCBkZWZhdWx0cyBmb3Igc3NoZCBjb25maWd1cmF0aW9uLgpTdWJzeXN0ZW0gc2Z0cCBpbnRlcm5hbC1zZnRwCkNsaWVudEFsaXZlSW50ZXJ2YWwgMTgwClVzZUROUyBubwpVc2VQQU0geWVzClByaW50TGFzdExvZyBubyAjIGhhbmRsZWQgYnkgUEFNClByaW50TW90ZCBubyAjIGhhbmRsZWQgYnkgUEFNCiMgTm9uIGRlZmF1bHRzICgjMTAwKQpDbGllbnRBbGl2ZUNvdW50TWF4IDIKUGFzc3dvcmRBdXRoZW50aWNhdGlvbiBubwpUcnVzdGVkVXNlckNBS2V5cyAvZXRjL3NzaC90cnVzdGVkLXVzZXItY2Eta2V5cy5wZW0KTWF4QXV0aFRyaWVzIDUKTG9naW5HcmFjZVRpbWUgNjAKQWxsb3dUY3BGb3J3YXJkaW5nIG5vCkFsbG93QWdlbnRGb3J3YXJkaW5nIG5vCkNBU2lnbmF0dXJlQWxnb3JpdGhtcyBlY2RzYS1zaGEyLW5pc3RwMjU2LGVjZHNhLXNoYTItbmlzdHAzODQsZWNkc2Etc2hhMi1uaXN0cDUyMSxzc2gtZWQyNTUxOSxyc2Etc2hhMi01MTIscnNhLXNoYTItMjU2LHNzaC1yc2EK
          - path: /etc/containerd/config.toml
            permissions: 0644
            contentFrom:
              secret:
                name: test-containerd-b21d846e
                key: config.toml
          - path: /etc/kubernetes/patches/kubeletconfiguration.yaml
            permissions: 0644
            encoding: base64
            content: YXBpVmVyc2lvbjoga3ViZWxldC5jb25maWcuazhzLmlvL3YxYmV0YTEKa2luZDogS3ViZWxldENvbmZpZ3VyYXRpb24Kc2h1dGRvd25HcmFjZVBlcmlvZDogMzAwcwpzaHV0ZG93bkdyYWNlUGVyaW9kQ3JpdGljYWxQb2RzOiA2MHMKa2VybmVsTWVtY2dOb3RpZmljYXRpb246IHRydWUKZXZpY3Rpb25Tb2Z0OgogIG1lbW9yeS5hdmFpbGFibGU6ICI1MDBNaSIKZXZpY3Rpb25IYXJkOgogIG1lbW9yeS5hdmFpbGFibGU6ICIyMDBNaSIKICBpbWFnZWZzLmF2YWlsYWJsZTogIjE1JSIKZXZpY3Rpb25Tb2Z0R3JhY2VQZXJpb2Q6CiAgbWVtb3J5LmF2YWlsYWJsZTogIjVzIgpldmljdGlvbk1heFBvZEdyYWNlUGVyaW9kOiA2MAprdWJlUmVzZXJ2ZWQ6CiAgY3B1OiAzNTBtCiAgbWVtb3J5OiAxMjgwTWkKICBlcGhlbWVyYWwtc3RvcmFnZTogMTAyNE1pCmt1YmVSZXNlcnZlZENncm91cDogL2t1YmVyZXNlcnZlZC5zbGljZQpwcm90ZWN0S2VybmVsRGVmYXVsdHM6IHRydWUKc3lzdGVtUmVzZXJ2ZWQ6CiAgY3B1OiAyNTBtCiAgbWVtb3J5OiAzODRNaQpzeXN0ZW1SZXNlcnZlZENncm91cDogL3N5c3RlbS5zbGljZQp0bHNDaXBoZXJTdWl0ZXM6Ci0gVExTX0FFU18xMjhfR0NNX1NIQTI1NgotIFRMU19BRVNfMjU2X0dDTV9TSEEzODQKLSBUTFNfQ0hBQ0hBMjBfUE9MWTEzMDVfU0hBMjU2Ci0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzEyOF9DQkNfU0hBCi0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzEyOF9HQ01fU0hBMjU2Ci0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9DQkNfU0hBCi0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9HQ01fU0hBMzg0Ci0gVExTX0VDREhFX0VDRFNBX1dJVEhfQ0hBQ0hBMjBfUE9MWTEzMDUKLSBUTFNfRUNESEVfRUNEU0FfV0lUSF9DSEFDSEEyMF9QT0xZMTMwNV9TSEEyNTYKLSBUTFNfRUNESEVfUlNBX1dJVEhfQUVTXzEyOF9DQkNfU0hBCi0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgotIFRMU19FQ0RIRV9SU0FfV0lUSF9BRVNfMjU2X0NCQ19TSEEKLSBUTFNfRUNESEVfUlNBX1dJVEhfQUVTXzI1Nl9HQ01fU0hBMzg0Ci0gVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1Ci0gVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NgotIFRMU19SU0FfV0lUSF9BRVNfMTI4X0NCQ19TSEEKLSBUTFNfUlNBX1dJVEhfQUVTXzEyOF9HQ01fU0hBMjU2Ci0gVExTX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQotIFRMU19SU0FfV0lUSF9BRVNfMjU2X0dDTV9TSEEzODQKc2VyaWFsaXplSW1hZ2VQdWxsczogZmFsc2UKc3RyZWFtaW5nQ29ubmVjdGlvbklkbGVUaW1lb3V0OiAxaAphbGxvd2VkVW5zYWZlU3lzY3RsczoKLSAibmV0LioiCg==
          - path: /etc/systemd/logind.conf.d/zzz-kubelet-graceful-shutdown.conf
            permissions: 0700
            encoding: base64
            content: W0xvZ2luXQojIGRlbGF5CkluaGliaXREZWxheU1heFNlYz0zMDAK
          - path: /etc/teleport-join-token
            permissions: 0644
            contentFrom:
              secret:
                name: test-teleport-join-token
                key: joinToken
          - path: /opt/teleport-node-role.sh
            permissions: 0755
            encoding: base64
            content: IyEvYmluL2Jhc2gKCmlmIHN5c3RlbWN0bCBpcy1hY3RpdmUgLXEga3ViZWxldC5zZXJ2aWNlOyB0aGVuCiAgICBpZiBbIC1lICIvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzL2t1YmUtYXBpc2VydmVyLnlhbWwiIF07IHRoZW4KICAgICAgICBlY2hvICJjb250cm9sLXBsYW5lIgogICAgZWxzZQogICAgICAgIGVjaG8gIndvcmtlciIKICAgIGZpCmVsc2UKICAgIGVjaG8gIiIKZmkK
          - path: /etc/teleport.yaml
            permissions: 0644
            encoding: base64
            content: dmVyc2lvbjogdjMKdGVsZXBvcnQ6CiAgZGF0YV9kaXI6IC92YXIvbGliL3RlbGVwb3J0CiAgam9pbl9wYXJhbXM6CiAgICB0b2tlbl9uYW1lOiAvZXRjL3RlbGVwb3J0LWpvaW4tdG9rZW4KICAgIG1ldGhvZDogdG9rZW4KICBwcm94eV9zZXJ2ZXI6IHRlbGVwb3J0LmdpYW50c3dhcm0uaW86NDQzCiAgbG9nOgogICAgb3V0cHV0OiBzdGRlcnIKYXV0aF9zZXJ2aWNlOgogIGVuYWJsZWQ6ICJubyIKc3NoX3NlcnZpY2U6CiAgZW5hYmxlZDogInllcyIKICBjb21tYW5kczoKICAtIG5hbWU6IG5vZGUKICAgIGNvbW1hbmQ6IFtob3N0bmFtZV0KICAgIHBlcmlvZDogMjRoMG0wcwogIC0gbmFtZTogYXJjaAogICAgY29tbWFuZDogW3VuYW1lLCAtbV0KICAgIHBlcmlvZDogMjRoMG0wcwogIC0gbmFtZTogcm9sZQogICAgY29tbWFuZDogWy9vcHQvdGVsZXBvcnQtbm9kZS1yb2xlLnNoXQogICAgcGVyaW9kOiAxbTBzCiAgbGFiZWxzOgogICAgaW5zOiAKICAgIG1jOiAKICAgIGNsdXN0ZXI6IHRlc3QKICAgIGJhc2VEb21haW46IGs4cy50ZXN0CnByb3h5X3NlcnZpY2U6CiAgZW5hYmxlZDogIm5vIgo=
          - contentFrom:
              secret:
                name: test-provider-specific-files-1
                key: set-hostname.sh
            path: /opt/bin/set-hostname.sh
            permissions: 0755
    
  

/metadata/labels  (v1/Secret/release-name-kubevip-pod)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels  (v1/Secret/release-name-credentials)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels  (v1/ConfigMap/org-giantswarm/test-cert-exporter-user-values)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-cert-exporter-user-values)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-cert-exporter-user-values)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (v1/ConfigMap/org-giantswarm/test-cert-manager-user-values)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-cert-manager-user-values)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-cert-manager-user-values)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (v1/ConfigMap/org-giantswarm/test-etcd-k8s-res-count-exporter-user-values)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-etcd-k8s-res-count-exporter-user-values)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-etcd-k8s-res-count-exporter-user-values)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (v1/ConfigMap/org-giantswarm/test-metrics-server-user-values)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-metrics-server-user-values)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-metrics-server-user-values)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (v1/ConfigMap/org-giantswarm/test-net-exporter-user-values)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-net-exporter-user-values)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-net-exporter-user-values)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (v1/ConfigMap/org-giantswarm/test-node-exporter-user-values)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-node-exporter-user-values)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-node-exporter-user-values)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-capi-node-labeler)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-capi-node-labeler)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-capi-node-labeler)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-capi-node-labeler)
  ± value change
    - 0.5.0
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-exporter)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-kyverno-crds
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-exporter)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-exporter)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-exporter)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-exporter)
  ± value change
    - 2.9.2
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-manager)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-prometheus-operator-crd
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-manager)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-manager)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-manager)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cert-manager)
  ± value change
    - 3.8.1
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-chart-operator-extensions)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-prometheus-operator-crd
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-chart-operator-extensions)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-chart-operator-extensions)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-chart-operator-extensions)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-chart-operator-extensions)
  ± value change
    - 1.1.2
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cilium-servicemonitors)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-prometheus-operator-crd
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cilium-servicemonitors)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cilium-servicemonitors)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cilium-servicemonitors)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-cilium-servicemonitors)
  ± value change
    - 0.1.2
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-etcd-k8s-res-count-exporter)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-kyverno-crds
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-etcd-k8s-res-count-exporter)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-etcd-k8s-res-count-exporter)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-etcd-k8s-res-count-exporter)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-etcd-k8s-res-count-exporter)
  ± value change
    - 1.10.0
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-k8s-dns-node-cache)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-kyverno-crds
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-k8s-dns-node-cache)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-k8s-dns-node-cache)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-k8s-dns-node-cache)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-k8s-dns-node-cache)
  ± value change
    - 2.8.1
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-metrics-server)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-kyverno-crds
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-metrics-server)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-metrics-server)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-metrics-server)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-metrics-server)
  ± value change
    - 2.4.2
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-net-exporter)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-prometheus-operator-crd
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-net-exporter)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-net-exporter)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-net-exporter)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-net-exporter)
  ± value change
    - 1.21.0
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-node-exporter)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-kyverno-crds
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-node-exporter)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-node-exporter)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-node-exporter)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-node-exporter)
  ± value change
    - 1.19.0
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-bundle)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-coredns
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-bundle)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-bundle)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-bundle)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-bundle)
  ± value change
    - 1.5.3
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-policies)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-kyverno-crds
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-policies)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-policies)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-policies)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-observability-policies)
  ± value change
    - 0.0.1
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-security-bundle)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-prometheus-operator-crd
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-security-bundle)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-security-bundle)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-security-bundle)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/catalog  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-security-bundle)
  ± value change
    - giantswarm
    + default

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-security-bundle)
  ± value change
    - 1.8.1
    + N/A

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-teleport-kube-agent)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-teleport-kube-agent)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-teleport-kube-agent)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-teleport-kube-agent)
  ± value change
    - 0.9.2
    + N/A

/metadata/annotations  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-vertical-pod-autoscaler)
  - one map entry removed:
    # app-operator will make sure that the app on which it depends is installed before
    app-operator.giantswarm.io/depends-on: test-prometheus-operator-crd
    
  

/metadata/labels  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-vertical-pod-autoscaler)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-vertical-pod-autoscaler)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-vertical-pod-autoscaler)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-vertical-pod-autoscaler)
  ± value change
    - 5.2.4
    + N/A

/metadata/labels  (cluster.x-k8s.io/v1beta1/Cluster/org-giantswarm/test)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/Cluster/org-giantswarm/test)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/Cluster/org-giantswarm/test)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-cilium)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-cilium)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-cilium)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/chart/spec/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-cilium)
  ± value change
    - 0.26.0
    + N/A

/metadata/labels  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-coredns)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-coredns)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-coredns)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-coredns)
  - one map entry removed:
    dependsOn:
    - name: test-cilium
      namespace: org-giantswarm

/spec/chart/spec/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-coredns)
  ± value change
    - 1.21.0
    + N/A

/metadata/labels  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-network-policies)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-network-policies)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-network-policies)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-network-policies)
  - one map entry removed:
    dependsOn:
    - name: test-cilium
      namespace: org-giantswarm

/spec/chart/spec/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-network-policies)
  ± value change
    - 0.1.1
    + N/A

/spec/chart/spec/sourceRef/name  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-network-policies)
  ± value change
    - test-cluster
    + test-default

/metadata/labels  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-vertical-pod-autoscaler-crd)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-vertical-pod-autoscaler-crd)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-vertical-pod-autoscaler-crd)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/chart/spec/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/test-vertical-pod-autoscaler-crd)
  ± value change
    - 3.1.0
    + N/A

/metadata/labels  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/release-name-cloud-provider-vsphere)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/spec/chart/spec/version  (helm.toolkit.fluxcd.io/v2beta1/HelmRelease/org-giantswarm/release-name-cloud-provider-vsphere)
  ± value change
    - 1.11.0
    + N/A

/metadata/labels  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-default)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-default)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-default)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-default-test)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-default-test)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-default-test)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-cluster)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-cluster)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-cluster)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-cluster-test)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-cluster-test)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1beta2/HelmRepository/org-giantswarm/test-cluster-test)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/machineTemplate/metadata/labels  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/spec/machineTemplate/metadata/labels/app.kubernetes.io/version  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  ± value change
    - 1.2.1
    + 1.5.2

/spec/machineTemplate/metadata/labels/helm.sh/chart  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/kubeadmConfigSpec/ignition/containerLinuxConfig/additionalConfig  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  ± value change in multiline text (one insert, one deletion)
    -   - name: audit-rules.service
    -     enabled: true
    -     dropins:
    -     - name: 10-wait-for-containerd.conf
    -       contents: |
    -         [Service]
    -         ExecStartPre=/bin/bash -c "while [ ! -f /etc/audit/rules.d/containerd.rules ]; do echo 'Waiting for /etc/audit/rules.d/containerd.rules to be written' && sleep 1; done"
    -         Restart=on-failure      
    +   - name: auditd.service
    +     enabled: false      
  
  

/spec/kubeadmConfigSpec/files  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  - one list entry removed:
    - path: /etc/audit/rules.d/99-default.rules
      permissions: 0640
      encoding: base64
      content: IyBPdmVycmlkZGVuIGJ5IEdpYW50IFN3YXJtLgotYSBleGl0LGFsd2F5cyAtRiBhcmNoPWI2NCAtUyBleGVjdmUgLWsgYXVkaXRpbmcKLWEgZXhpdCxhbHdheXMgLUYgYXJjaD1iMzIgLVMgZXhlY3ZlIC1rIGF1ZGl0aW5nCg==
    
  
  + one list entry added:
    - path: /etc/kubernetes/patches/kube-controller-manager0+json.yaml
      permissions: 0644
      encoding: base64
      content: LSBvcDogYWRkCiAgcGF0aDogL3NwZWMvY29udGFpbmVycy8wL2NvbW1hbmQvLQogIHZhbHVlOiAtLW5vZGUtY2lkci1tYXNrLXNpemU9MjQK
    
  

/spec/version  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test)
  ± value change
    - v1.27.14
    + vN/A

/metadata/labels  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/template/metadata/labels  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/spec/template/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  ± value change
    - 1.2.1
    + 1.5.2

/spec/template/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/template/spec/bootstrap/configRef/name  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  ± value change
    - test-worker-85fb5
    + test-worker-6e425

/spec/template/spec/version  (cluster.x-k8s.io/v1beta1/MachineDeployment/org-giantswarm/test-worker)
  ± value change
    - 1.27.14
    + vN/A

/metadata/labels  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-control-plane)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-control-plane)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-control-plane)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-worker)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-worker)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-worker)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (infrastructure.cluster.x-k8s.io/v1beta1/VSphereCluster/org-giantswarm/release-name)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels  (infrastructure.cluster.x-k8s.io/v1beta1/VSphereMachineTemplate/org-giantswarm/release-name-control-plane-37795751)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels  (infrastructure.cluster.x-k8s.io/v1beta1/VSphereMachineTemplate/org-giantswarm/release-name-worker-84ff272a)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels  (v1/ServiceAccount/org-giantswarm/test-helmreleases-cleanup)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (v1/ServiceAccount/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (v1/ServiceAccount/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (rbac.authorization.k8s.io/v1/Role/org-giantswarm/test-helmreleases-cleanup)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (rbac.authorization.k8s.io/v1/Role/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (rbac.authorization.k8s.io/v1/Role/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (rbac.authorization.k8s.io/v1/RoleBinding/org-giantswarm/test-helmreleases-cleanup)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (rbac.authorization.k8s.io/v1/RoleBinding/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (rbac.authorization.k8s.io/v1/RoleBinding/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/metadata/labels  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/metadata/labels/app.kubernetes.io/version  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - 1.2.1
    + 1.5.2

/metadata/labels/helm.sh/chart  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/template/metadata/labels  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  + one map entry added:
    release.giantswarm.io/version: 27.0.0

/spec/template/metadata/labels/app.kubernetes.io/version  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - 1.2.1
    + 1.5.2

/spec/template/metadata/labels/helm.sh/chart  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - cluster-1.2.1
    + cluster-1.5.2

/spec/template/spec/containers/name=kubectl/image  (batch/v1/Job/org-giantswarm/test-helmreleases-cleanup)
  ± value change
    - gsoci.azurecr.io/giantswarm/kubectl:1.27.14
    + gsoci.azurecr.io/giantswarm/kubectl:1.25.16

glitchcrab
glitchcrab approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@glitchcrab glitchcrab left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

overall looks good to me 👍

@njuettner njuettner added the skip/ci Instructs pr-gatekeeper to ignore any required PR checks label Oct 15, 2024
@njuettner njuettner merged commit 1e49eda into main Oct 15, 2024
13 checks passed
@njuettner njuettner deleted the support-releases branch October 15, 2024 07:05
@vxav
Copy link
Contributor

vxav commented Oct 15, 2024

I suppose we need to add this to the cluster test values as my current E2E is failing

    Reason:         values don't meet the specifications of the schema(s) in the following chart(s):
cluster-vsphere:
- global.release: version is required

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@glitchcrab glitchcrab glitchcrab approved these changes

Assignees
No one assigned
Labels
skip/ci Instructs pr-gatekeeper to ignore any required PR checks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@njuettner @vxav @glitchcrab