Bump releases to version v0.22.0 (#137)

* Bump releases to version v0.22.0

* Auto generate

---------

Co-authored-by: metal-stack <[email protected]>

Author: metal-robot[bot]

docs/docs/07-Release Notes/v0.22/v0.22.0.md

@@ -0,0 +1,99 @@
+---
+slug: /release-notes/v0.22.0
+title: v0.22.0
+sidebar_position: 1
+---
+# metal-stack v0.22.0
+See original release note at [https://github.com/metal-stack/releases/releases/tag/v0.22.0](https://github.com/metal-stack/releases/releases/tag/v0.22.0)
+## General
+
+## Required Actions
+* This release expects the migration to the Gardener Operator. Please read the migration notes [here](https://github.com/metal-stack/metal-roles/tree/master/control-plane/roles/gardener-operator#migration-path).
+* The deployment-base image now comes with Ansible 11. The `ansible-core` was raised from `2.15.4` to `2.18.7`. We did not see any major issues with this update for our roles and playbooks. In case you encounter problems with the update, please adapt your playbooks or file an issue. You can always go back and use the previous release of `metal-deployment-base:v0.7.7` until we found a solution to your issue. Note that Python 2 is not supported anymore. You probably should take a look at the [porting guides](https://docs.ansible.com/ansible/latest/porting_guides/core_porting_guides.html) of Ansible, too. ([release notes](https://github.com/metal-stack/metal-deployment-base/releases/tag/v0.8.0))
+* Loopback addresses of all leaves must be known to all routers (and servers) that need to communicate with the leaves via default VRF. BGP or static routes must be established accordingly. (metal-stack/metal-core#168)
+## Noteworthy
+* The audit extension now scrapes the fluentbit v2 metrics, which are a superset of the v1 metrics, and also provides metrics for the storage use. Metric `process_start_time_seconds` is now called `fluentbit_process_start_time_seconds`. (metal-stack/gardener-extension-audit#56)
+* Add missing securityContext controls in order to comply with the restricted Pod Security Standards policy. Move default serverPort to 10443. (metal-stack/gardener-extension-audit#57)
+## Component Releases
+### metal-core v0.13.5
+* Redistribute loopback address on SONiC (metal-stack/metal-core#165) @iljarotar
+* Revert "Set loopback as source address in SONiC frr.conf (metal-stack/metal-core#159)" (#167) @iljarotar
+* Revert "Redistribute loopback address on SONiC (metal-stack/metal-core#165)" (#166) @iljarotar
+* Set Loopback0 address as default source address in frr.conf on SONiC Leaves (metal-stack/metal-core#168) @iljarotar
+### gardener-extension-ontap v0.2.8
+* Use name of shoot to create user secret (metal-stack/gardener-extension-ontap#71) @Honigeintopf
+### metal-deployment-base v0.8.0
+* Add metalstack.cloud CLI. (metal-stack/metal-deployment-base#45) @Gerrit91
+* Update dependencies. (metal-stack/metal-deployment-base#44) @Gerrit91
+* include sbom in container image (metal-stack/metal-deployment-base#41) @mac641
+### gardener-extension-audit v0.3.0
+* Helm chart: add missing securityContext to comply with restricted PSS… (metal-stack/gardener-extension-audit#57) @mstueer
+* Enable storage metrics (metal-stack/gardener-extension-audit#56) @MichaelEischer
+* Bump fluentbit version (metal-stack/gardener-extension-audit#55) @MichaelEischer
+* Update README (adding S3 backend + notes to Cilium). (metal-stack/gardener-extension-audit#54) @Gerrit91
+### metal-apiserver v0.0.9
+* Enable end user e2e tests with multiple tenants (metal-stack/metal-apiserver#81) @majst01
+* Include proto validation during tests (metal-stack/metal-apiserver#77) @majst01
+* Add ip create benchmark as first step (metal-stack/metal-apiserver#83) @majst01
+* Update api to main (metal-stack/metal-apiserver#82) @majst01
+* Fix wrong project mapper function being used. (metal-stack/metal-apiserver#79) @Gerrit91
+* Properly log app version at launch. (metal-stack/metal-apiserver#78) @Gerrit91
+* Implement switch service get, create, update, delete (metal-stack/metal-apiserver#57) @iljarotar
+* Adopt to breaking api changes (metal-stack/metal-apiserver#76) @majst01
+* Update dependencies, adopt breaking changes in validation (metal-stack/metal-apiserver#75) @majst01
+* UpdateRequest must now have Meta set (metal-stack/metal-apiserver#71) @majst01
+* Update to use masterdata membership namespaces. (metal-stack/metal-apiserver#72) @Gerrit91
+* Migrate to simple connect go (metal-stack/metal-apiserver#85) @majst01
+* Do not expose internal types from the repository package. (metal-stack/metal-apiserver#74) @Gerrit91
+### metal-roles v0.17.19
+* Add proper config map ref for shoot audit policy. (metal-stack/metal-roles#482) @Gerrit91
+* Fix typos (metal-stack/metal-roles#480) @majst01
+* Gardener operator review (metal-stack/metal-roles#481) @Gerrit91
+* Deploy seed-api-server config map on GCP. (metal-stack/metal-roles#483) @Gerrit91
+### cluster-api-provider-metal-stack v0.6.2
+* feat: integration tests (metal-stack/cluster-api-provider-metal-stack#94) @vknabel
+* feat: bump images (metal-stack/cluster-api-provider-metal-stack#97) @vknabel
+# Merged Pull Requests
+This is a list of pull requests that were merged since the last release. The list does not contain pull requests from release-vector-repositories.
+
+The fact that these pull requests were merged does not necessarily imply that they have already become part of this metal-stack release.
+
+* Fix typos. (metal-stack/website#123) @Gerrit91
+* Use Slack join link instead of slack workspace link. (metal-stack/website#124) @Gerrit91
+* Migrate to docker bake and include sboms in generated images (metal-stack/metal-images#341) @mac641
+* Bump releases to version v0.21.11 (metal-stack/website#121) @metal-robot[bot]
+* Fix bad link on blog article. (metal-stack/website#126) @Gerrit91
+* Adopt to recent api changes (metal-stack/cli#9) @majst01
+* fix build pipeline by ensuring tarball output directory is created properly (metal-stack/metal-images#353) @mac641
+* ConnectPy is now moved to the connect org (metal-stack/api#48) @majst01
+* Add definitions for api and admin switch services (metal-stack/api#30) @iljarotar
+* Predefined validation rules (metal-stack/api#52) @majst01
+* Use client interceptor instead of RoundTripper for auth header injection (metal-stack/api#51) @majst01
+* Log only if logger is set (metal-stack/api#53) @majst01
+* Missing switch port status (metal-stack/api#54) @iljarotar
+* Switch cannot be updated (metal-stack/api#55) @iljarotar
+* Simplify and fix some proto validations (metal-stack/api#57) @majst01
+* Simplify validation tests (metal-stack/api#56) @majst01
+* Fix validation isssues found in apiserver (metal-stack/api#59) @majst01
+* Switch from ignite to cloud-hypervisor (metal-stack/metal-images#348) @mwindower
+* Add switch ID to heartbeat (metal-stack/api#58) @iljarotar
+* Remove periodic vulnerability scans, we have sboms now (metal-stack/metal-images#356) @majst01
+* Go 1.25.3 (metal-stack/builder#86) @majst01
+* Token with labels, console token is user token now (metal-stack/api#60) @majst01
+* IPIssues is not yet decided (metal-stack/api#61) @majst01
+* update to latest main of parent project (metal-stack/monsoon#1) @ostempel
+* Make switch port desired state optional (metal-stack/api#62) @iljarotar
+* Migrate to simple (metal-stack/api#50) @majst01
+* Update to simple (metal-stack/cli#10) @majst01
+* generate unique files in /etc/nvme/  (metal-stack/metal-images#360) @mwennrich
+* Bump lint-staged from 16.1.6 to 16.2.4 (metal-stack/website#127) @dependabot[bot]
+* Bump @docusaurus/tsconfig from 3.8.1 to 3.9.2 (metal-stack/website#131) @dependabot[bot]
+* Bump @scalar/api-reference-react from 0.7.45 to 0.8.1 (metal-stack/website#130) @dependabot[bot]
+* Add admin tenant cmds. (metal-stack/cli#12) @Gerrit91
+* fix-docs-links (metal-stack/cli#7) @BotondGalxc
+* Update debian and ubuntu kernel (metal-stack/metal-images#362) @majst01
+* adjust to debian and add ci (metal-stack/monsoon#2) @ostempel
+* CAPMS images (metal-stack/metal-images#352) @mac641
+* publish capms images as part of release as well (metal-stack/metal-images#363) @mac641
+* Fix link to suricata (metal-stack/firewall-controller#206) @GeertJohan
+* Next release (metal-stack/releases#255) @metal-robot[bot]

docs/docs/08-References/Deployment/metal-images/metal-images.md

@@ -61,7 +61,7 @@ Before you can start developing changes for metal-images or even introduce new o
 - **kvm**: hypervisor used for integration tests
 - **lz4**: to compress tarballs
 - enable docker's [**containerd image store**](https://docs.docker.com/engine/storage/containerd/#enable-containerd-image-store-on-docker-engine)
-- **[weaveworks/ignite](https://github.com/weaveworks/ignite)**: handles [firecracker vms](https://firecracker-microvm.github.io/) to spin up a metal-image virtually as VM
+- **[cloud-hypervisor](https://github.com/cloud-hypervisor/cloud-hypervisor)**: virtual machine monitor running on top of KVM to spin up MicroVMs for integration tests
 
 You can build metal-images like that:
 
@@ -88,7 +88,7 @@ make almalinux
 BUILDKIT_PROGRESS=plain make debian
 ```
 
-For integration testing the images are started as [firecracker vm](https://firecracker-microvm.github.io/) with [weaveworks/ignite](https://github.com/weaveworks/ignite) and basic properties like interfaces to other metal-stack components, kernel parameters, internet accessibility, DNS resolution etc. are checked with [goss](https://github.com/aelsabbahy/goss) in a GitHub action workflow. Integration tests are also executed if you build an image locally.
+For integration testing the images are started as [cloud-hypervisor](https://www.cloudhypervisor.org) VMs and basic properties like interfaces to other metal-stack components, kernel parameters, internet accessibility, DNS resolution etc. are checked with [goss](https://github.com/aelsabbahy/goss) in a GitHub action workflow. Integration tests are also executed if you build an image locally.
 
 ### Debugging Image Provisioning
 

docs/docs/08-References/Gardener/gardener-extension-audit/gardener-extension-audit.md

@@ -8,7 +8,7 @@ sidebar_position: 1
 
 Provides a Gardener extension for managing kube-apiserver audit logs for a shoot cluster.
 
-The extension spins up a fluentbit-based audit sink in the seed's shoot namespace prior to starting the shoot's API server. Therefore, it is required to run this extension with the reconcile lifecycle policy `BeforeKubeAPIServer`. Also the deletion has to happen `BeforeKubeAPIServer` as otherwise the managed resources of this extension block the shoot deletion flow.
+The extension spins up a fluent-bit-based audit sink in the seed's shoot namespace prior to starting the shoot's API server. Therefore, it is required to run this extension with the reconcile lifecycle policy `BeforeKubeAPIServer`. Also the deletion has to happen `BeforeKubeAPIServer` as otherwise the managed resources of this extension block the shoot deletion flow.
 
 This sink has the ability to buffer audit logs to a persistent volume and send them to the supported backends.
 
@@ -18,9 +18,13 @@ A custom audit policy can be natively configured by Gardener in the shoot spec's
 
 ## Supported Backends
 
-- Log (just logs to the container, only for devel-purposes)
-- Cluster Forwarding (forwards audit logs into a pod in the shoot cluster, should not be used for production purposes)
 - Splunk
+- S3
+- Log (just logs to the container, only for devel-purposes)
+- Cluster Forwarding (forwards audit logs into a pod in the shoot cluster)
+
+> [!IMPORTANT]
+> The Cluster Forwarding backend is mainly intended for showcasing and not for production purposes. It is known not to work with Gardener HA Control Planes and also there were issues reported when using it in combination with the Cilium CNI configured kubeproxyless with Native-Routing (audit entries do not arrive at the `audittailer` pod).
 
 ## Development
 

docs/docs/08-References/Storage/csi-driver-lvm/csi-driver-lvm.md

@@ -18,6 +18,17 @@ This CSI driver is derived from [csi-driver-host-path](https://github.com/kubern
 
 For the special case of block volumes, the filesystem-expansion has to be performed by the app using the block device
 
+## Automatic PVC Deletion on Pod Eviction
+
+The persistent volumes created by this CSI driver are strictly node-affine to the node on which the pod was scheduled. This is intentional and prevents pods from starting without the LV data, which resides only on the specific node in the Kubernetes cluster. 
+
+Consequently, if a pod is evicted (potentially due to cluster autoscaling or updates to the worker node), the pod may become stuck. In certain scenarios, it's acceptable for the pod to start on another node, despite the potential for data loss. The csi-driver-lvm-controller can capture these events and automatically delete the PVC without requiring manual intervention by an operator.
+
+To use this functionality, the following is needed:
+
+- This only works on `StatefulSet`s with volumeClaimTemplates and volume references to the `csi-driver-lvm` storage class
+- In addition to that, the `Pod` or `PersistentVolumeClaim` managed by the `StatefulSet` needs the annotation: `metal-stack.io/csi-driver-lvm.is-eviction-allowed: true`
+
 ## Installation ##
 
 **Helm charts for installation are located in a separate repository called [helm-charts](https://github.com/metal-stack/helm-charts). If you would like to contribute to the helm chart, please raise an issue or pull request there.**
@@ -71,6 +82,7 @@ You can create these loop devices like this:
 ```bash
 for i in 100 101; do fallocate -l 1G loop${i}.img ; sudo losetup /dev/loop${i} loop${i}.img; done
 sudo losetup -a
+# https://github.com/util-linux/util-linux/issues/3197
 # use this for recreation or cleanup
 # for i in 100 101; do sudo losetup -d /dev/loop${i}; rm -f loop${i}.img; done
 ```

scripts/components.json

@@ -89,7 +89,7 @@
         "releasePath": "docker-images.metal-stack.partition.metal-core.tag",
         "repo": "metal-stack/metal-core",
         "branch": "main",
-        "tag": "v0.13.1",
+        "tag": "v0.13.5",
         "position": 3,
         "withDocs": false
       },
@@ -235,7 +235,7 @@
         "releasePath": "docker-images.metal-stack.gardener.gardener-extension-audit.tag",
         "repo": "metal-stack/gardener-extension-audit",
         "branch": "main",
-        "tag": "v0.2.3",
+        "tag": "v0.3.0",
         "position": 1,
         "withDocs": false
       },
@@ -253,7 +253,7 @@
         "releasePath": "docker-images.metal-stack.gardener.gardener-extension-ontap.tag",
         "repo": "metal-stack/gardener-extension-ontap",
         "branch": "main",
-        "tag": "v0.2.6",
+        "tag": "v0.2.8",
         "position": 3,
         "withDocs": false
       },

src/version.json

@@ -1 +1 @@
-{"version": "v0.21.11"}
+{"version": "v0.22.0"}

versioned_docs/version-v0.22.0/contributing/01-Proposals/MEP1/Distributed-API-Working.png

@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2020-01-13T13:05:59.591Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36" etag="Pcrs69XaZ4sZO_cn817q" version="12.5.1" type="device"><diagram name="Page-1" id="c4acf3e9-155e-7222-9cf6-157b1a14988f">7V3bcts2EP0aP8pDgPfH2ImbziRTt+m0zVMHpmCJMUUoFG1L/fqC4kUkAEoULwDkRC8WIBIkF2d3z+6C8JV5u9r+kqD18jOZ4+gKGvPtlfn+CtKPY9M/Wc8u7/FtM+9YJOE87wKHji/hf7joNIre53CON40DU0KiNFw3OwMSxzhIG30oSchr87BHEjWvukYLzHV8CVDE9/4dztNl3uvZxqH/Iw4Xy/LKwCh+eUDB0yIhz3FxvStoPu4/+c8rVI5VHL9Zojl5rXWZH67M24SQNP+22t7iKJNtKbb8vLuWX6v7TnCcdjkhWVoPJP5zF3/w/trOvG+vv70+z4rJe0HRMy4fw4noeDePhA5L5YmC/Afn+3N2pzcfcfSC0zBAh67s4dJd1DwuO3+22U/3O3oAgOtt/Qxnkf29R0kapiGJy6vS288vnP9eSK4aHFIhrrOvz6voLkEr+vXmdRmm+Ms6v89XClLat0xXEW0B+nU/QziTgUFb1SRkjYCswqD4HqEHHN1UU3pLIpLQn2ISZ9fYpAl5qvABise7Q6swymD/F07mKEZFd4FxkA2LonAR00ZAJwkn1RO94CTF29aJBBU8qNphssJpsqOHFCfMbLeAVKFywC0x+VpDcNm3rKHX9opOVGjNohr9gBz6pQDPGUACkEPSBif0OWkfHGEayyfzMqlWj2QaI4kUcCK1eJGajkikYASRrrboX/K79Qh+vYe77+Ef8RMBM4+TaECCp4SgYClDoJz0BDJuF6jFCNQ0O8oTGiPI055D4NsPc8+Yo0cAwMy0OJHhOfUDRZMk6ZIsSIyiD4dexnTUZDdHm+W+H3SwHNTE3YXZne5HwfH8Xea1souucZz3NH+v24+OZqZ1xrKHPDpfCY5QGr40naFI9PtT6a2jXe2ANQnjdFMb+T7rOMDAAoxaGdBvOqkzT6Bf8nsQn256LadXd7whz0mAi9MYQFVi6a+zrsCfDsTd4ZhPhKwL0H3DaborEICeU9LE5x50JcyCCG02mZ9rYBEcQ00upCOPWdAGOt4Cp0eOc8ZG4SCDypOdmkE1ADdTpVGlPGFNtTkTUuXQI/yYNTfUvobx4tO+9d50xrKeVhPHlsDBAyiwns5Uzsg5Krt2Dy9fdpUMVMgOuCh4QLZredg2fedhBji5MQT7bObckZJzBNt498OQ7HKm3Wm4jW0zXsbmEWaL6LdlTqWegLdesv1MC+Hp72T8SSgMxxkoN2yhquUYuZubjDP4nImgI6JohtahRmbVYsxqlcBR5pLKkPMtYb4U6uSgh23xmSTQlw9aRz3apJmNT5FGsIeedrA3j1ExzfMC0G6BnZS0gFieloCivcGYDXQN2oBeURu4mLCNtRXqozZwMWEbSy80kJ0ol6ModLv5GbqNgjIuza9B5OYp9zbjs1hJoRub7qVs4tqofWBzwKkp7UUEcmx6TD2hrQrkb0gDJqq/8PUSnk8r1IAKjXoHdWx2XQMVgAKuwerEoXLIhAd8dw3neBum/2R4vva8ovl137SL1vttgfZ9Y1dr3OMkpM+X+eWiNkmfNR8LOGW7NljWPIy2b+3qLXa8TurVllE/Hca4HVWw4fv5SS/7hmZc2KyxYzNoailNCkYymJHY2HhqNb/kDAS3MgFUpFBdDgL+IDkI2DUHAfXKQcCLyUFwpWMABSuZJHu3i8lCcMVjHaR3Mg8hbY3mzxLyVCVkv3Miwp0MZ9omIg4UtuSsX2vkVsxfB/goVXXnAxGRxeMuImHBEzZDoCxybXKZDdRPV/rj3pSUsuBKz9Jxb15GmoKiTD/g84mKywn9gK9f5GfysbRy0zJF5FcuwD8Z+Zn22GZo2PzwkbmmkV/1opk+oYt5PGzWKPCzWFOrgfD4qPln/fnC4z4AtAv7LNEKddYB/Zilh6PpmNOOrGsKU1H9AVg+g6neBQhQJR0lMXhLVIGIN4QCVhuXwr9TKqTvIm2fzKdYGr6f1vqiZKXxdkPhT6h7f822Or/VZnXU7IEqa9sN/Hjsy9tTKxmfHvoJlrPB4koCi8nSf8Pyr53Dx5WLHZ75o3V4nacX6ewFT9ch0chWM6badQSW2pVpqUvd11DXpGbj7dELwS3qw754LjspafPhnobJeMC9YK88Jeko8Uo1j+Oe5XL0UzGna0RTsu7JKwSA8WU+u8fKxLs4OKauxrd1lk/zEElvFtpmv7k7OdCe0Hjm4WNLtc8Onwiu7POMzn2WW9DGTHM1U19Q6QCmVDMtWgS0D9mv12WmcfZwiiHS50+bWjOCtNglU1WgVRMWFMXpk70U4vBxOi8spERYM2hoJy1tV64McMqSVqFwhQ/ZvNfhsww6FuNN/RahlHekcxKUyxSrz4G6auOFqtGtejEtKZS31o0tfPVlhTPTsBlEWdkrTwda6HQyX+fuZMc/QQHa9hvltrLzGmc0t7IbbQM6vjKSJd6Uswb2VU31rMG9JELP5l3U83lXSYJSiRmdPPdosablaKDb1VTyywfdPgH0uZaSf5rjhpJbBi3HTvLhaNNOqglF2bWxUs2keGNnTk7Vvs7ti9+02dfZZsEld19noUQhJ1EVlvSsFZ+MBTwZ0gqfu2AmdVIqPM4aaGQHTc7RV1tHXu45ENoMvxRuZjJZRNo+c5KWew4SHrcBgHLRqdkEY0TtFhSRhMf5KrUb8gost1bYY3WK1NnJNxdUNT181nuaEvi4hhf4ULn1UJvTOrcG3r++PYoy+BehDNLy4sO0wWTLtOq1QZMdPUdELOjKnZUittxtUpkVgr2sEKjZoNKSyTBDnSd1aEDUK43DRheGb9cBcvL4MhvZdrx7/PjBWZ+jIq9ZBmo4E7KlkqHgNUH+2tGpF1rVcw4otfwoliX//6mUqH/FJdzuZKI3cxlT/btycqX5EMGmlhdKNaESrtl5lod67l5GnjPC7P+QZIuaFjx+xkRmmw8ML8Jss2km9Ua73GjuMhIgvWz7iMor2q7uCEDHXzbB/vMJg90zcrzFWWIB6OHjVUwpHDqlw/SUf39Kx1QYYMtr6oN/qDoI7ctPFJm4zpnhiUycrdrECZLOGubZ9FO0Mu/3hnxD18SwWtdwZNe+KdatjVws8UTAtaQCF7414JYb2p0mNbZK5Ir23dMXuRy38UT/JmAk5NJmQrLtlw6uLUHr5Wcyx9kR/wM=</diagram></mxfile>