Merge branch 'main' into tg/support-provider-id-format-of-upstream-ccm

guettli · web-flow · commit 3268799a1f77 · 2025-11-11T11:10:30.000+01:00
diff --git a/Makefile b/Makefile
@@ -118,7 +118,7 @@ $(CTLPTL):
 CLUSTERCTL := $(abspath $(TOOLS_BIN_DIR)/clusterctl)
 clusterctl: $(CLUSTERCTL) ## Build a local copy of clusterctl
 $(CLUSTERCTL):
-	go install sigs.k8s.io/cluster-api/cmd/clusterctl@v1.8.10
+	go install sigs.k8s.io/cluster-api/cmd/clusterctl@v1.10.7
 
 HCLOUD := $(abspath $(TOOLS_BIN_DIR)/hcloud)
 hcloud: $(HCLOUD) ## Build a local copy of hcloud
diff --git a/hack/update-operator-dev-deployment.sh b/hack/update-operator-dev-deployment.sh
@@ -66,11 +66,18 @@ if ! echo "$current_context" | grep -P '.*-admin@.*-mgt-cluster'; then
 fi
 
 branch=$(git branch --show-current)
+
+# No branch name was found. Try to get a git-tag.
 if [ "$branch" == "" ]; then
-    echo "failed to get branch name"
+    branch=$(git describe --tags --exact-match 2>/dev/null || echo "")
+fi
+
+if [ "$branch" == "" ]; then
+    echo "failed to find git branch/tag name"
     exit 1
 fi
 
+# Build tag for container image.
 tag="dev-$USER-$branch"
 tag="$(echo -n "$tag" | tr -c 'a-zA-Z0-9_.-' '-')"
 
@@ -81,27 +88,43 @@ image="$image_path/caph-staging:$tag"
     make generate-manifests
     kustomize build config/crd | kubectl apply -f -
 } &
+pid_generate=$!
 
-# run in background2
+# run in background
 {
     docker build -f images/caph/Dockerfile -t "$image" .
     docker push "$image"
 } &
+pid_docker_push=$!
 
-wait
+# wait for both processes and check their exit codes
+if ! wait $pid_generate; then
+    echo "Error: generate-manifests/kustomize failed"
+    exit 1
+fi
+
+if ! wait $pid_docker_push; then
+    echo "Error: docker build/push failed"
+    exit 1
+fi
 
+# Find namespace of caph deployment.
 ns=$(kubectl get deployments.apps -A | { grep caph-controller || true; } | cut -d' ' -f1)
 if [[ -z $ns ]]; then
     echo "failed to get namespace for caph-controller"
     exit 1
 fi
 
+# Scale deployment to 1.
 kubectl scale --replicas=1 -n "$ns" deployment/caph-controller-manager
 
 kubectl set image -n "$ns" deployment/caph-controller-manager manager="$image"
 
+# Set imagePullPolicy to "Always", so that a new image (with same name/tag) gets pulled.
 kubectl patch deployment -n "$ns" -p '[{"op": "replace", "path": "/spec/template/spec/containers/0/imagePullPolicy", "value": "Always"}]' --type='json' caph-controller-manager
 
+# If you update the image again, there might be no change the deployment spec.
+# Force a rollout:
 kubectl rollout restart -n "$ns" deployment caph-controller-manager
 
 trap "echo 'Interrupted! Exiting...'; exit 1" SIGINT
diff --git a/pkg/services/baremetal/host/host.go b/pkg/services/baremetal/host/host.go
@@ -316,6 +316,8 @@ func rebootTypesFromStringList(rebootTypeStringList []string) ([]infrav1.RebootT
 	return rebootTypes, nil
 }
 
+// ensureSSHKey ensures that the given ssh key is known to the Robot-API.
+// s.scope.RobotClient.SetSSHKey() gets used to upload the public-key, if it is not there yet.
 func (s *Service) ensureSSHKey(sshSecretRef infrav1.SSHSecretRef, sshSecret *corev1.Secret) (infrav1.SSHKey, actionResult) {
 	if sshSecret == nil {
 		return infrav1.SSHKey{}, actionError{err: errNilSSHSecret}
@@ -324,7 +326,7 @@ func (s *Service) ensureSSHKey(sshSecretRef infrav1.SSHSecretRef, sshSecret *cor
 	if err != nil {
 		s.handleRobotRateLimitExceeded(err, "ListSSHKeys")
 		if !models.IsError(err, models.ErrorCodeNotFound) {
-			return infrav1.SSHKey{}, actionError{err: fmt.Errorf("failed to list ssh heys: %w", err)}
+			return infrav1.SSHKey{}, actionError{err: fmt.Errorf("failed to list ssh keys: %w", err)}
 		}
 	}
 
@@ -345,6 +347,9 @@ func (s *Service) ensureSSHKey(sshSecretRef infrav1.SSHSecretRef, sshSecret *cor
 		if err != nil {
 			s.handleRobotRateLimitExceeded(err, "SetSSHKey")
 			if models.IsError(err, models.ErrorCodeKeyAlreadyExists) {
+				// Robot SSH-keys API is a bit strange: the public key value must be unique; you
+				// can’t add the same key twice. Uniqueness is checked by key value, not by the
+				// key’s name.
 				msg := fmt.Sprintf("cannot upload ssh key %q (from secret %q) - exists already under a different name: %s",
 					string(sshSecret.Data[sshSecretRef.Key.Name]), sshSecretRef.Name, err.Error())
 				conditions.MarkFalse(
@@ -2149,7 +2154,7 @@ func (s *Service) actionProvisioned(ctx context.Context) actionResult {
 		}
 		err = fmt.Errorf("failed to handle incomplete boot - actionProvisioned: %w", err)
 		conditions.MarkFalse(host, infrav1.RebootSucceededCondition,
-			"FailureFailGettingHostnameViaSSH",
+			"FailureGettingHostnameViaSSH",
 			clusterv1.ConditionSeverityWarning, "%s",
 			err.Error())
 		return actionError{err: err}
