Merge branch 'main' into tilt-prepare-update-namespace-security-polic…

…y/max

.github/ISSUE_TEMPLATE/kubernetes_bump.md

@@ -26,9 +26,11 @@ changes should be cherry-picked to all release series that will support the new
     * `test/*`: search for occurrences of the previous Kubernetes version
     * `Tiltfile`
   * Ensure the latest available kind version is used (including the latest images for this kind release)
-    * Add new images in the [kind mapper.go](https://github.com/kubernetes-sigs/cluster-api/blob/48ae58e51f9723ab7b9635d0e05ee54c4843707a/test/infrastructure/kind/mapper.go#L79).
+    * Add new images in the [kind mapper.go](https://github.com/kubernetes-sigs/cluster-api/blob/0f47a19e038ee6b0d3b1e7675a62cdaf84face8c/test/infrastructure/kind/mapper.go#L79).
       * See the [kind releases page](https://github.com/kubernetes-sigs/kind/releases) for the list of released images.
-    * Set new default image for the [test framework](https://github.com/kubernetes-sigs/cluster-api/blob/48ae58e51f9723ab7b9635d0e05ee54c4843707a/test/framework/bootstrap/kind_provider.go#L40)
+    * Set new default image for the [test framework](https://github.com/kubernetes-sigs/cluster-api/blob/0f47a19e038ee6b0d3b1e7675a62cdaf84face8c/test/framework/bootstrap/kind_provider.go#L40)
+    * If code changes are required for CAPD to incorporate the new Kind version, update [kind latestMode](https://github.com/kubernetes-sigs/cluster-api/blob/0f47a19e038ee6b0d3b1e7675a62cdaf84face8c/test/infrastructure/kind/mapper.go#L66)
+    * Prior art: #10094
   * Verify the quickstart manually
   * Bump `InitWithKubernetesVersion` and `WorkloadKubernetesVersion` in `clusterctl_upgrade_test.go`
     * Note: Only bump for Cluster API versions that will support the new Kubernetes release.

.github/workflows/pr-dependabot.yaml

@@ -27,7 +27,7 @@ jobs:
       uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # tag=v5.0.0
       with:
         go-version: ${{ steps.vars.outputs.go_version }}
-    - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # tag=v4.0.0
+    - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # tag=v4.0.1
       name: Restore go cache
       with:
         path: |

.github/workflows/release.yaml

@@ -22,7 +22,7 @@ jobs:
           fetch-depth: 0
       - name: Get changed files
         id: changed-files
-        uses: tj-actions/changed-files@90a06d6ba9543371ab4df8eeca0be07ca6054959 # tag=v42.0.2
+        uses: tj-actions/changed-files@aa08304bd477b800d468db44fe10f6c61f7f7b11 # tag=v42.1.0
       - name: Get release version
         id: release-version
         run: |
@@ -105,7 +105,7 @@ jobs:
           curl -L "https://raw.githubusercontent.com/${{ github.repository }}/main/CHANGELOG/${{ env.RELEASE_TAG }}.md" \
           -o "${{ env.RELEASE_TAG }}.md"
       - name: Release
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # tag=v1
+        uses: softprops/action-gh-release@3198ee18f814cdf787321b4a32a26ddbf37acc52 # tag=v2.0.3
         with:
           draft: true
           files: out/*

CHANGELOG/v1.5.6.md

@@ -0,0 +1,24 @@
+## 👌 Kubernetes version support
+
+- Management Cluster: v1.24.x -> v1.28.x
+- Workload Cluster: v1.22.x -> v1.28.x
+
+[More information about version support can be found here](https://cluster-api.sigs.k8s.io/reference/versions.html)
+
+## Changes since v1.5.5
+## :chart_with_upwards_trend: Overview
+- 6 new commits merged
+- 1 bug fixed 🐛
+
+## :bug: Bug Fixes
+- ClusterCacheTracker: Fix ClusterCacheTracker memory leak (#10065)
+
+## :seedling: Others
+- clusterctl: Bump cert-manager to v1.14.2 (#10121) (#10128)
+- Community meeting: Promote chrischdi to Cluster API maintainer (#10090)
+- Dependency: Bump Go to 1.21.5 (#10153)
+
+:book: Additionally, there has been 1 contribution to our documentation and book. (#10117)
+
+
+_Thanks to all our contributors!_ 😊

CHANGELOG/v1.6.2.md

@@ -0,0 +1,34 @@
+## 👌 Kubernetes version support
+
+- Management Cluster: v1.25.x -> v1.29.x
+- Workload Cluster: v1.23.x -> v1.29.x
+
+[More information about version support can be found here](https://cluster-api.sigs.k8s.io/reference/versions.html)
+
+## Highlights
+* :warning: Warning: This release fixes a bug (#10051) that was introduced in v1.6.0, which caused a regression in the conversion of v1alpha3/v1alpha4 objects. It is recommended to upgrade to v1.6.2 to avoid the issue.
+
+## Changes since v1.6.1
+## :chart_with_upwards_trend: Overview
+- 16 new commits merged
+- 3 bugs fixed 🐛
+
+## :bug: Bug Fixes
+- [API/e2e]: Restore v1alpha3/v1alpha4 conversion to fix SSA issue & add e2e test coverage (#10151)
+  - :warning: Warning: This change is a fix for the conversion bug that was introduced in v1.6.0.
+- ClusterCacheTracker: Fix ClusterCacheTracker memory leak (#10064)
+- Machine: Watch external objects for machine before deleting (#10177)
+
+## :seedling: Others
+- clusterctl: Bump cert-manager to v1.14.2 (#10120) (#10127)
+- clusterctl: Clarify rules for adding new clusterctl default providers (#10109)
+- Community meeting: Promote chrischdi to Cluster API maintainer (#10089)
+- Dependency: Bump controller runtime v0.16.5 (#10163)
+- Dependency: Bump Go to 1.21.5 (#10152)
+- e2e: Use manager in test extension (#10106)
+- Testing: Print conformance image used in kubetest (#10081)
+
+:book: Additionally, there have been 4 contributions to our documentation and book. (#10024, #10047, #10105, #10116)
+
+
+_Thanks to all our contributors!_ 😊

Makefile

@@ -23,7 +23,7 @@ SHELL:=/usr/bin/env bash
 #
 # Go.
 #
-GO_VERSION ?= 1.21.5
+GO_VERSION ?= 1.21.8
 GO_CONTAINER_IMAGE ?= docker.io/library/golang:$(GO_VERSION)
 
 # Use GOPROXY environment variable if set
@@ -108,7 +108,7 @@ KUSTOMIZE_BIN := kustomize
 KUSTOMIZE := $(abspath $(TOOLS_BIN_DIR)/$(KUSTOMIZE_BIN)-$(KUSTOMIZE_VER))
 KUSTOMIZE_PKG := sigs.k8s.io/kustomize/kustomize/v4
 
-SETUP_ENVTEST_VER := v0.0.0-20231012212722-e25aeebc7846
+SETUP_ENVTEST_VER := v0.0.0-20240215143116-d0396a3d6f9f
 SETUP_ENVTEST_BIN := setup-envtest
 SETUP_ENVTEST := $(abspath $(TOOLS_BIN_DIR)/$(SETUP_ENVTEST_BIN)-$(SETUP_ENVTEST_VER))
 SETUP_ENVTEST_PKG := sigs.k8s.io/controller-runtime/tools/setup-envtest
@@ -123,7 +123,7 @@ GOTESTSUM_BIN := gotestsum
 GOTESTSUM := $(abspath $(TOOLS_BIN_DIR)/$(GOTESTSUM_BIN)-$(GOTESTSUM_VER))
 GOTESTSUM_PKG := gotest.tools/gotestsum
 
-CONVERSION_GEN_VER := v0.29.0
+CONVERSION_GEN_VER := v0.29.2
 CONVERSION_GEN_BIN := conversion-gen
 # We are intentionally using the binary without version suffix, to avoid the version
 # in generated files.
@@ -145,7 +145,7 @@ HADOLINT_FAILURE_THRESHOLD = warning
 
 SHELLCHECK_VER := v0.9.0
 
-TRIVY_VER := 0.47.0
+TRIVY_VER := 0.49.1
 
 KPROMO_VER := v4.0.5
 KPROMO_BIN := kpromo
@@ -158,7 +158,7 @@ YQ_BIN := yq
 YQ :=  $(abspath $(TOOLS_BIN_DIR)/$(YQ_BIN)-$(YQ_VER))
 YQ_PKG := github.com/mikefarah/yq/v4
 
-PLANTUML_VER := 1.2023.10
+PLANTUML_VER := 1.2024.3
 
 GINKGO_BIN := ginkgo
 GINKGO_VER := $(call get_go_version,github.com/onsi/ginkgo/v2)
@@ -183,7 +183,7 @@ IMPORT_BOSS_PKG := k8s.io/code-generator/cmd/import-boss
 CONVERSION_VERIFIER_BIN := conversion-verifier
 CONVERSION_VERIFIER := $(abspath $(TOOLS_BIN_DIR)/$(CONVERSION_VERIFIER_BIN))
 
-OPENAPI_GEN_VER := 5e7f5fd
+OPENAPI_GEN_VER := 70dd376
 OPENAPI_GEN_BIN := openapi-gen
 # We are intentionally using the binary without version suffix, to avoid the version
 # in generated files.
@@ -546,10 +546,11 @@ generate-go-openapi: $(OPENAPI_GEN) $(CONTROLLER_GEN) ## Generate openapi go cod
 		(cd ../ && $(MAKE) clean-generated-openapi-definitions SRC_DIRS="./$${pkg}"); \
 		echo "** Generating openapi schema for types in ./$${pkg} **"; \
 		$(OPENAPI_GEN) \
-			--input-dirs=sigs.k8s.io/cluster-api/$${pkg} \
-			--output-file-base=zz_generated.openapi \
-			--output-package=sigs.k8s.io/cluster-api/$${pkg} \
-			--go-header-file=../hack/boilerplate/boilerplate.generatego.txt; \
+			--output-dir=../$${pkg} \
+			--output-file=zz_generated.openapi.go \
+			--output-pkg=sigs.k8s.io/cluster-api/$${pkg} \
+			--go-header-file=../hack/boilerplate/boilerplate.generatego.txt \
+			sigs.k8s.io/cluster-api/$${pkg}; \
 	done; \
 	rm sigs.k8s.io/cluster-api
 
@@ -1166,6 +1167,10 @@ release-notes: release-notes-tool
 test-release-notes-tool:
 	go test -C hack/tools -v -tags tools,integration sigs.k8s.io/cluster-api/hack/tools/release/notes
 
+.PHONY: release-provider-issues-tool
+release-provider-issues-tool: # Creates GitHub issues in a pre-defined list of CAPI provider repositories
+	@go run ./hack/tools/release/internal/update_providers/provider_issues.go
+
 .PHONY: release-weekly-update-tool
 release-weekly-update-tool:
 	go build -C hack/tools -o $(ROOT_DIR)/bin/weekly -tags tools sigs.k8s.io/cluster-api/hack/tools/release/weekly

Tiltfile

@@ -3,7 +3,7 @@
 envsubst_cmd = "./hack/tools/bin/envsubst"
 clusterctl_cmd = "./bin/clusterctl"
 kubectl_cmd = "kubectl"
-kubernetes_version = "v1.29.0"
+kubernetes_version = "v1.29.2"
 
 load("ext://uibutton", "cmd_button", "location", "text_input")
 
@@ -184,7 +184,7 @@ def load_provider_tiltfiles():
 
 tilt_helper_dockerfile_header = """
 # Tilt image
-FROM golang:1.21.5 as tilt-helper
+FROM golang:1.21.8 as tilt-helper
 # Install delve. Note this should be kept in step with the Go release minor version.
 RUN go install github.com/go-delve/delve/cmd/dlv@v1.21
 # Support live reloading with Tilt
@@ -195,7 +195,7 @@ RUN wget --output-document /restart.sh --quiet https://raw.githubusercontent.com
 """
 
 tilt_dockerfile_header = """
-FROM golang:1.21.5 as tilt
+FROM golang:1.21.8 as tilt
 WORKDIR /
 COPY --from=tilt-helper /process.txt .
 COPY --from=tilt-helper /start.sh .
@@ -342,23 +342,24 @@ def enable_provider(name, debug):
 
     port_forwards, links = get_port_forwards(debug)
 
-    build_go_binary(
-        context = p.get("context"),
-        reload_deps = p.get("live_reload_deps"),
-        debug = debug,
-        go_main = p.get("go_main", "main.go"),
-        binary_name = "manager",
-        label = label,
-    )
+    if p.get("image"):
+        build_go_binary(
+            context = p.get("context"),
+            reload_deps = p.get("live_reload_deps"),
+            debug = debug,
+            go_main = p.get("go_main", "main.go"),
+            binary_name = "manager",
+            label = label,
+        )
 
-    build_docker_image(
-        image = p.get("image"),
-        context = p.get("context"),
-        binary_name = "manager",
-        additional_docker_helper_commands = p.get("additional_docker_helper_commands", ""),
-        additional_docker_build_commands = p.get("additional_docker_build_commands", ""),
-        port_forwards = port_forwards,
-    )
+        build_docker_image(
+            image = p.get("image"),
+            context = p.get("context"),
+            binary_name = "manager",
+            additional_docker_helper_commands = p.get("additional_docker_helper_commands", ""),
+            additional_docker_build_commands = p.get("additional_docker_build_commands", ""),
+            port_forwards = port_forwards,
+        )
 
     additional_objs = []
     p_resources = p.get("additional_resources", [])

api/v1beta1/common_types.go

@@ -68,6 +68,10 @@ const (
 	// update that disallows a pre-existing Cluster to be populated with Topology information and Class.
 	ClusterTopologyUnsafeUpdateClassNameAnnotation = "unsafe.topology.cluster.x-k8s.io/disable-update-class-name-check"
 
+	// ClusterTopologyUnsafeUpdateVersionAnnotation can be used to disable the webhook checks on
+	// update that disallows updating the .topology.spec.version on certain conditions.
+	ClusterTopologyUnsafeUpdateVersionAnnotation = "unsafe.topology.cluster.x-k8s.io/disable-update-version-check"
+
 	// ProviderNameLabel is the label set on components in the provider manifest.
 	// This label allows to easily identify all the components belonging to a provider; the clusterctl
 	// tool uses this label for implementing provider's lifecycle operations.

bootstrap/kubeadm/config/manager/manager.yaml

@@ -26,6 +26,19 @@ spec:
             - "--bootstrap-token-ttl=${KUBEADM_BOOTSTRAP_TOKEN_TTL:=15m}"
           image: controller:latest
           name: manager
+          env:
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: POD_UID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.uid
           ports:
             - containerPort: 9440
               name: healthz

cmd/clusterctl/client/config/providers_client.go

@@ -45,6 +45,7 @@ const (
 	DOProviderName             = "digitalocean"
 	GCPProviderName            = "gcp"
 	HetznerProviderName        = "hetzner"
+	HivelocityProviderName     = "hivelocity-hivelocity"
 	OutscaleProviderName       = "outscale"
 	IBMCloudProviderName       = "ibmcloud"
 	InMemoryProviderName       = "in-memory"
@@ -91,6 +92,11 @@ const (
 	K0smotronControlPlaneProviderName         = "k0sproject-k0smotron"
 )
 
+// IPAM providers.
+const (
+	InClusterIPAMProviderName = "in-cluster"
+)
+
 // Add-on providers.
 const (
 	HelmAddonProviderName = "helm"
@@ -234,6 +240,11 @@ func (p *providersClient) defaults() []Provider {
 			url:          "https://github.com/syself/cluster-api-provider-hetzner/releases/latest/infrastructure-components.yaml",
 			providerType: clusterctlv1.InfrastructureProviderType,
 		},
+		&provider{
+			name:         HivelocityProviderName,
+			url:          "https://github.com/hivelocity/cluster-api-provider-hivelocity/releases/latest/infrastructure-components.yaml",
+			providerType: clusterctlv1.InfrastructureProviderType,
+		},
 		&provider{
 			name:         OutscaleProviderName,
 			url:          "https://github.com/outscale/cluster-api-provider-outscale/releases/latest/infrastructure-components.yaml",
@@ -369,6 +380,13 @@ func (p *providersClient) defaults() []Provider {
 			providerType: clusterctlv1.ControlPlaneProviderType,
 		},
 
+		// IPAM providers
+		&provider{
+			name:         InClusterIPAMProviderName,
+			url:          "https://github.com/kubernetes-sigs/cluster-api-ipam-provider-in-cluster/releases/latest/ipam-components.yaml",
+			providerType: clusterctlv1.IPAMProviderType,
+		},
+
 		// Add-on providers
 		&provider{
 			name:         HelmAddonProviderName,