ensure that capm3 workload cluster OS images are identified without coupling with the mgmt cluster OS images

Thomas Morinrequested to merge
capm3-workload-cluster-os-image-decoupling-1.3 into release-1.3

Closes #2260 (closed)

This MR addresses #2257 (closed) for Sylva 1.3 (the solution cannot be the same as !4200 (merged) implemented for main)

The approach is the one described in #2260 (closed) for Sylva 1.3:

  • (this does not change:) (A) have each workload cluster sylva-units cluster unit also receive the os-images-info ConfigMap produced in the mgmt cluster context, and Kyverno-cloned in workload cluster namespaces as kyverno-cloned-os-images-info-capm3
  • (B) ensure that a workload cluster sylva-units context also gets its own os-images-info unit producing an os-images-info ConfigMap reflecting the image(s) that it would select
  • ensure that the information from (B) has precedence in cluster unit valuesFrom over the information from (A) -- this ensures that even when the mgmt cluster sylva-units is updated/upgraded with different image information, the image checksum seen by sylva-capi-cluster Helm release for the workload cluster does not depend on that and does not change

Note well that this evolution does not solve #1942 (closed).

CI configuration

Below you can choose test deployment variants to run in this MR's CI.

Click to open to CI configuration

Legend:

Icon Meaning Available values
☁️ Infra Provider capd, capo, capm3
🚀 Bootstrap Provider kubeadm (alias kadm), rke2
🐧 Node OS ubuntu, suse
🛠️ Deployment Options light-deploy, oci, ha, misc
🎬 Pipeline Scenarios rolling-update, mgmt-rolling-update, k8s-upgrade, sylva-upgrade-from-x.x.x, simple-update, preview, nightly

  • 🎬 preview ☁️ capd 🚀 kadm 🐧 ubuntu 🛠️ oci

  • 🎬 preview ☁️ capo 🚀 rke2 🐧 suse

  • 🎬 preview ☁️ capm3 🚀 rke2 🐧 ubuntu

  • ☁️ capd 🚀 kadm 🛠️ light-deploy 🐧 ubuntu

  • ☁️ capd 🚀 rke2 🛠️ oci,light-deploy 🐧 suse

  • ☁️ capo 🚀 rke2 🛠️ oci 🐧 suse

  • ☁️ capo 🚀 kadm 🛠️ oci 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capo 🚀 kadm 🎬 k8s-upgrade 🐧 ubuntu

  • ☁️ capo 🚀 rke2 🎬 mgmt-rolling-update 🛠️ ha,misc 🐧 suse

  • ☁️ capo 🚀 rke2 🎬 sylva-upgrade-from-1.3.x 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🐧 suse

  • ☁️ capm3 🚀 kadm 🛠️ oci 🐧 ubuntu

  • ☁️ capm3 🚀 kadm 🎬 mgmt-rolling-update 🛠️ ha,misc 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🎬 k8s-upgrade 🛠️ ha 🐧 suse

  • ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 ubuntu

  • ☁️ capm3 🚀 rke2 🎬 sylva-upgrade-from-1.3.x 🛠️ misc,ha 🐧 suse

  • ☁️ capm3 🚀 kadm 🎬 rolling-update 🛠️ ha 🐧 suse

Global config for deployment pipelines

  • autorun pipelines
  • allow failure on pipelines

Notes:

  • Enabling autorun will make deployment pipelines to be run automatically without human interaction
  • Disabling allow failure will make deployment pipelines mandatory for pipeline success.
  • if both autorun and allow failure are disabled, deployment pipelines will need manual triggering but will be blocking the pipeline

Be aware: after configuration change, pipeline is not triggered automatically. Please run it manually (by clicking the run pipeline button in Pipelines tab) or push new code.

Edited by Thomas Morin

Merge request reports