chore(deps): update helm release cluster to v4.6.0 #1601

renovate · 2025-11-20T11:32:23Z

This PR contains the following updates:

Package	Update	Change
cluster	minor	`4.5.1` -> `4.6.0`

Release Notes

giantswarm/cluster (cluster)

`v4.6.0`

Compare Source

Changed

Refactor containerd configuration to use config_path (/etc/containerd/certs.d) and hosts.toml for registry mirrors, ensuring proper fallback order (local cache -> mirrors -> upstream).
Move containerd registry authentication to hosts.toml headers, as registry.configs is ignored when config_path is enabled.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Gacko · 2025-11-21T18:54:49Z

/run cluster-test-suites

github-actions · 2025-11-21T18:55:56Z

There were differences in the rendered Helm template, please check! ⚠️

Output

=== Differences when rendered with values file helm/cluster-aws/ci/test-auditd-values.yaml ===

(file level)
  - two documents removed:
    ---
    # Source: cluster-aws/charts/cluster/templates/containerd.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: test-wc-minimal-containerd-609abaf3
    data:
      config.toml: dmVyc2lvbiA9IDIKCiMgcmVjb21tZW5kZWQgZGVmYXVsdHMgZnJvbSBodHRwczovL2dpdGh1Yi5jb20vY29udGFpbmVyZC9jb250YWluZXJkL2Jsb2IvbWFpbi9kb2NzL29wcy5tZCNiYXNlLWNvbmZpZ3VyYXRpb24KIyBzZXQgY29udGFpbmVyZCBhcyBhIHN1YnJlYXBlciBvbiBsaW51eCB3aGVuIGl0IGlzIG5vdCBydW5uaW5nIGFzIFBJRCAxCnN1YnJlYXBlciA9IHRydWUKIyBzZXQgY29udGFpbmVyZCdzIE9PTSBzY29yZQpvb21fc2NvcmUgPSAtOTk5CmRpc2FibGVkX3BsdWdpbnMgPSBbXQpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ydW50aW1lLnYxLmxpbnV4Il0KIyBzaGltIGJpbmFyeSBuYW1lL3BhdGgKc2hpbSA9ICJjb250YWluZXJkLXNoaW0iCiMgcnVudGltZSBiaW5hcnkgbmFtZS9wYXRoCnJ1bnRpbWUgPSAicnVuYyIKIyBkbyBub3QgdXNlIGEgc2hpbSB3aGVuIHN0YXJ0aW5nIGNvbnRhaW5lcnMsIHNhdmVzIG9uIG1lbW9yeSBidXQKIyBsaXZlIHJlc3RvcmUgaXMgbm90IHN1cHBvcnRlZApub19zaGltID0gZmFsc2UKCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzLnJ1bmNdCiMgc2V0dGluZyBydW5jLm9wdGlvbnMgdW5zZXRzIHBhcmVudCBzZXR0aW5ncwpydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdClN5c3RlbWRDZ3JvdXAgPSB0cnVlCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIl0Kc2FuZGJveF9pbWFnZSA9ICJnc29jaS5henVyZWNyLmlvL2dpYW50c3dhcm0vcGF1c2U6My45IgplbmFibGVfc2VsaW51eCA9IGZhbHNlCgpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnldCiAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLnJlZ2lzdHJ5Lm1pcnJvcnNdCiAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnkubWlycm9ycy4iZG9ja2VyLmlvIl0KICAgICAgZW5kcG9pbnQgPSBbImh0dHBzOi8vcmVnaXN0cnktMS5kb2NrZXIuaW8iLCJodHRwczovL2dpYW50c3dhcm0uYXp1cmVjci5pbyIsXQogICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLnJlZ2lzdHJ5Lm1pcnJvcnMuImdzb2NpLmF6dXJlY3IuaW8iXQogICAgICBlbmRwb2ludCA9IFsiaHR0cHM6Ly96b3QudGVzdC5leGFtcGxlLmNvbSIsImh0dHBzOi8vZ3NvY2kuYXp1cmVjci5pbyIsXQogICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLnJlZ2lzdHJ5Lm1pcnJvcnMuIndpdGgtYXV0aC5leGFtcGxlLmNvbSJdCiAgICAgIGVuZHBvaW50ID0gWyJodHRwczovL3dpdGgtYXV0aC5leGFtcGxlLmNvbSIsImh0dHBzOi8vcXVheS5pbyIsXQpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnkuY29uZmlnc10KICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5yZWdpc3RyeS5jb25maWdzLiJ3aXRoLWF1dGguZXhhbXBsZS5jb20iLmF1dGhdCiAgICAgIGF1dGggPSAiWjJsaGJuUnpkMkZ5YlhCMWJHdzZZV0pqWkdWbSIKCiMgYWRkIE52aWRpYSBjb250YWluZXIgcnVudGltZSB0byBzdXBwb3J0IEdQVXMKW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMubnZpZGlhXQogIHJ1bnRpbWVfdHlwZSA9ICJpby5jb250YWluZXJkLnJ1bmMudjIiCiAgcHJpdmlsZWdlZF93aXRob3V0X2hvc3RfZGV2aWNlcyA9IGZhbHNlCiAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMubnZpZGlhLm9wdGlvbnNdCiAgICBCaW5hcnlOYW1lID0gIi91c3IvYmluL252aWRpYS1jb250YWluZXItcnVudGltZSIKICAgIFN5c3RlbWRDZ3JvdXAgPSB0cnVlCg==
    # Source: cluster-aws/charts/cluster/templates/clusterapi/workers/kubeadmconfig.yaml
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfig
    metadata:
      annotations:
        machine-pool.giantswarm.io/name: test-wc-minimal-pool0
      labels:
        # deprecated: "app: cluster-aws" label is deprecated and it will be removed after upgrading
    # to Kubernetes 1.25. We still need it here because existing ClusterResourceSet selectors
    # need this label on the Cluster resource.
    app: cluster-aws
        app.kubernetes.io/name: cluster
        app.kubernetes.io/version: 4.5.1
        app.kubernetes.io/part-of: cluster-aws
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cluster-4.5.1
        application.giantswarm.io/team: turtles
        giantswarm.io/cluster: test-wc-minimal
        giantswarm.io/organization: test
        giantswarm.io/service-priority: lowest
        cluster.x-k8s.io/cluster-name: test-wc-minimal
        cluster.x-k8s.io/watch-filter: capi
        release.giantswarm.io/version: 27.0.0-alpha.1
        giantswarm.io/machine-pool: test-wc-minimal-pool0
      name: test-wc-minimal-pool0-68ccf
      namespace: org-giantswarm
    spec:
      format: ignition
      ignition:
        containerLinuxConfig:
          additionalConfig: |
            systemd:
              units:      
              - name: os-hardening.service
                enabled: true
                contents: |
                  [Unit]
                  Description=Apply os hardening
                  [Service]
                  Type=oneshot
                  ExecStartPre=-/bin/bash -c "gpasswd -d core rkt; gpasswd -d core docker; gpasswd -d core wheel"
                  ExecStartPre=/bin/bash -c "until [ -f '/etc/sysctl.d/hardening.conf' ]; do echo Waiting for sysctl file; sleep 1s;done;"
                  ExecStart=/usr/sbin/sysctl -p /etc/sysctl.d/hardening.conf
                  [Install]
                  WantedBy=multi-user.target
              - name: update-engine.service
                enabled: false
                mask: true
              - name: locksmithd.service
                enabled: false
                mask: true
              - name: sshkeys.service
                enabled: false
                mask: true
              - name: kubeadm.service
                dropins:
                - name: 10-flatcar.conf
                  contents: |
                    [Unit]
                    # kubeadm must run after coreos-metadata populated /run/metadata directory.
                    Requires=coreos-metadata.service
                    After=coreos-metadata.service
                    # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939.
                    After=containerd.service
                    # kubeadm requires having an IP
                    After=network-online.target
                    Wants=network-online.target
                    [Service]
                    # Ensure kubeadm service has access to kubeadm binary in /opt/bin on Flatcar.
                    Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/bin
                    # To make metadata environment variables available for pre-kubeadm commands.
                    EnvironmentFile=/run/metadata/*
              - name: containerd.service
                enabled: true
                contents: |
                dropins:
                - name: 10-change-cgroup.conf
                  contents: |
                    [Service]
                    CPUAccounting=true
                    MemoryAccounting=true
                    Slice=kubereserved.slice
              - name: audit-rules.service
                enabled: true
                dropins:
                - name: 10-wait-for-containerd.conf
                  contents: |
                    [Service]
                    ExecStartPre=/bin/bash -c "while [ ! -f /etc/audit/rules.d/containerd.rules ]; do echo 'Waiting for /etc/audit/rules.d/containerd.rules to be written' && sleep 1; done"
                    Restart=on-failure
              - name: teleport.service
                enabled: true
                contents: |
                  [Unit]
                  Description=Teleport Service
                  After=network.target
                  [Service]
                  Type=simple
                  Restart=on-failure
                  ExecStart=/opt/bin/teleport start --roles=node --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
                  ExecReload=/bin/kill -HUP $MAINPID
                  PIDFile=/run/teleport.pid
                  LimitNOFILE=524288
                  [Install]
                  WantedBy=multi-user.target      
              - name: kubelet-aws-config.service
                enabled: true
              - name: var-lib.mount
                enabled: true
                contents: |
                  [Unit]
                  Description=lib volume
                  DefaultDependencies=no
                  [Mount]
                  What=/dev/disk/by-label/lib
                  Where=/var/lib
                  Type=xfs
                  [Install]
                  WantedBy=local-fs-pre.target
              - name: var-log.mount
                enabled: true
                contents: |
                  [Unit]
                  Description=log volume
                  DefaultDependencies=no
                  [Mount]
                  What=/dev/disk/by-label/log
                  Where=/var/log
                  Type=xfs
                  [Install]
                  WantedBy=local-fs-pre.target
            storage:
              filesystems:      
              - name: lib
                mount:
                  device: /dev/xvdd
                  format: xfs
                  wipeFilesystem: true
                  label: lib
              - name: log
                mount:
                  device: /dev/xvde
                  format: xfs
                  wipeFilesystem: true
                  label: log
              directories:      
              - path: /var/lib/kubelet
                mode: 0750      
      joinConfiguration:
        nodeRegistration:
          name: ${COREOS_EC2_HOSTNAME}
          kubeletExtraArgs:
            cloud-provider: external
            cgroup-driver: systemd
            healthz-bind-address: 0.0.0.0
            node-ip: ${COREOS_EC2_IPV4_LOCAL}
            node-labels: "ip=${COREOS_EC2_IPV4_LOCAL},role=worker,giantswarm.io/machine-pool=test-wc-minimal-pool0"
            v: 2
          taints:
          - effect: NoExecute
            key: ebs.csi.aws.com/agent-not-ready
        patches:
          directory: /etc/kubernetes/patches
      preKubeadmCommands:
      - "envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp"
      - "mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml"
      - "systemctl restart containerd"
      files:
      - path: /etc/sysctl.d/hardening.conf
        permissions: 0644
        encoding: base64
        content: ZnMuaW5vdGlmeS5tYXhfdXNlcl93YXRjaGVzID0gMTYzODQKZnMuaW5vdGlmeS5tYXhfdXNlcl9pbnN0YW5jZXMgPSA4MTkyCmtlcm5lbC5rcHRyX3Jlc3RyaWN0ID0gMgprZXJuZWwuc3lzcnEgPSAwCm5ldC5pcHY0LmNvbmYuYWxsLmxvZ19tYXJ0aWFucyA9IDEKbmV0LmlwdjQuY29uZi5hbGwuc2VuZF9yZWRpcmVjdHMgPSAwCm5ldC5pcHY0LmNvbmYuZGVmYXVsdC5hY2NlcHRfcmVkaXJlY3RzID0gMApuZXQuaXB2NC5jb25mLmRlZmF1bHQubG9nX21hcnRpYW5zID0gMQpuZXQuaXB2NC50Y3BfdGltZXN0YW1wcyA9IDAKbmV0LmlwdjYuY29uZi5hbGwuYWNjZXB0X3JlZGlyZWN0cyA9IDAKbmV0LmlwdjYuY29uZi5kZWZhdWx0LmFjY2VwdF9yZWRpcmVjdHMgPSAwCiMgSW5jcmVhc2VkIG1tYXBmcyBiZWNhdXNlIHNvbWUgYXBwbGljYXRpb25zLCBsaWtlIEVTLCBuZWVkIGhpZ2hlciBsaW1pdCB0byBzdG9yZSBkYXRhIHByb3Blcmx5CnZtLm1heF9tYXBfY291bnQgPSAyNjIxNDQKIyBSZXNlcnZlZCB0byBhdm9pZCBjb25mbGljdHMgd2l0aCBrdWJlLWFwaXNlcnZlciwgd2hpY2ggYWxsb2NhdGVzIHdpdGhpbiB0aGlzIHJhbmdlCm5ldC5pcHY0LmlwX2xvY2FsX3Jlc2VydmVkX3BvcnRzPTMwMDAwLTMyNzY3Cm5ldC5pcHY0LmNvbmYuYWxsLnJwX2ZpbHRlciA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2lnbm9yZSA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2Fubm91bmNlID0gMgoKIyBUaGVzZSBhcmUgcmVxdWlyZWQgZm9yIHRoZSBrdWJlbGV0ICctLXByb3RlY3Qta2VybmVsLWRlZmF1bHRzJyBmbGFnCiMgU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9naWFudHN3YXJtL2dpYW50c3dhcm0vaXNzdWVzLzEzNTg3CnZtLm92ZXJjb21taXRfbWVtb3J5PTEKa2VybmVsLnBhbmljPTEwCmtlcm5lbC5wYW5pY19vbl9vb3BzPTEK
      - path: /etc/containerd/config.toml
        permissions: 0644
        contentFrom:
          secret:
            name: test-wc-minimal-containerd-609abaf3
            key: config.toml
      - path: /etc/selinux/config
        permissions: 0644
        encoding: base64
        content: IyBUaGlzIGZpbGUgY29udHJvbHMgdGhlIHN0YXRlIG9mIFNFTGludXggb24gdGhlIHN5c3RlbSBvbiBib290LgoKIyBTRUxJTlVYIGNhbiB0YWtlIG9uZSBvZiB0aGVzZSB0aHJlZSB2YWx1ZXM6CiMgICAgICAgZW5mb3JjaW5nIC0gU0VMaW51eCBzZWN1cml0eSBwb2xpY3kgaXMgZW5mb3JjZWQuCiMgICAgICAgcGVybWlzc2l2ZSAtIFNFTGludXggcHJpbnRzIHdhcm5pbmdzIGluc3RlYWQgb2YgZW5mb3JjaW5nLgojICAgICAgIGRpc2FibGVkIC0gTm8gU0VMaW51eCBwb2xpY3kgaXMgbG9hZGVkLgpTRUxJTlVYPXBlcm1pc3NpdmUKCiMgU0VMSU5VWFRZUEUgY2FuIHRha2Ugb25lIG9mIHRoZXNlIGZvdXIgdmFsdWVzOgojICAgICAgIHRhcmdldGVkIC0gT25seSB0YXJnZXRlZCBuZXR3b3JrIGRhZW1vbnMgYXJlIHByb3RlY3RlZC4KIyAgICAgICBzdHJpY3QgICAtIEZ1bGwgU0VMaW51eCBwcm90ZWN0aW9uLgojICAgICAgIG1scyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1MZXZlbCBTZWN1cml0eQojICAgICAgIG1jcyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1DYXRlZ29yeSBTZWN1cml0eQojICAgICAgICAgICAgICAgICAgKG1scywgYnV0IG9ubHkgb25lIHNlbnNpdGl2aXR5IGxldmVsKQpTRUxJTlVYVFlQRT1tY3MK
      - path: /etc/systemd/timesyncd.conf
        permissions: 0644
        encoding: base64
        content: W1RpbWVdCk5UUD0xNjkuMjU0LjE2OS4xMjMK
      - path: /etc/kubernetes/patches/kubeletconfiguration.yaml
        permissions: 0644
        encoding: base64
        content: YXBpVmVyc2lvbjoga3ViZWxldC5jb25maWcuazhzLmlvL3YxYmV0YTEKa2luZDogS3ViZWxldENvbmZpZ3VyYXRpb24Kc2h1dGRvd25HcmFjZVBlcmlvZDogMzAwcwpzaHV0ZG93bkdyYWNlUGVyaW9kQ3JpdGljYWxQb2RzOiA2MHMKa2VybmVsTWVtY2dOb3RpZmljYXRpb246IHRydWUKZXZpY3Rpb25Tb2Z0OgogIG1lbW9yeS5hdmFpbGFibGU6ICI1MDBNaSIKZXZpY3Rpb25IYXJkOgogIG1lbW9yeS5hdmFpbGFibGU6ICIyMDBNaSIKICBpbWFnZWZzLmF2YWlsYWJsZTogIjE1JSIKZXZpY3Rpb25Tb2Z0R3JhY2VQZXJpb2Q6CiAgbWVtb3J5LmF2YWlsYWJsZTogIjVzIgpldmljdGlvbk1heFBvZEdyYWNlUGVyaW9kOiA2MApmZWF0dXJlR2F0ZXM6CiAgTXV0YWJsZUNTSU5vZGVBbGxvY2F0YWJsZUNvdW50OiB0cnVlCmt1YmVSZXNlcnZlZDoKICBjcHU6IDM1MG0KICBtZW1vcnk6IDEyODBNaQogIGVwaGVtZXJhbC1zdG9yYWdlOiAxMDI0TWkKa3ViZVJlc2VydmVkQ2dyb3VwOiAva3ViZXJlc2VydmVkLnNsaWNlCnByb3RlY3RLZXJuZWxEZWZhdWx0czogdHJ1ZQpzeXN0ZW1SZXNlcnZlZDoKICBjcHU6IDI1MG0KICBtZW1vcnk6IDM4NE1pCnN5c3RlbVJlc2VydmVkQ2dyb3VwOiAvc3lzdGVtLnNsaWNlCnRsc0NpcGhlclN1aXRlczogCiAgLSBUTFNfQUVTXzEyOF9HQ01fU0hBMjU2CiAgLSBUTFNfQUVTXzI1Nl9HQ01fU0hBMzg0CiAgLSBUTFNfQ0hBQ0hBMjBfUE9MWTEzMDVfU0hBMjU2CiAgLSBUTFNfRUNESEVfRUNEU0FfV0lUSF9BRVNfMTI4X0NCQ19TSEEKICAtIFRMU19FQ0RIRV9FQ0RTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgogIC0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9DQkNfU0hBCiAgLSBUTFNfRUNESEVfRUNEU0FfV0lUSF9BRVNfMjU2X0dDTV9TSEEzODQKICAtIFRMU19FQ0RIRV9FQ0RTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NgogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18yNTZfR0NNX1NIQTM4NAogIC0gVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NgogIC0gVExTX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQogIC0gVExTX1JTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgogIC0gVExTX0VDREhFX0VDRFNBX1dJVEhfQ0hBQ0hBMjBfUE9MWTEzMDUKICAtIFRMU19FQ0RIRV9SU0FfV0lUSF9DSEFDSEEyMF9QT0xZMTMwNQpzZXJpYWxpemVJbWFnZVB1bGxzOiBmYWxzZQpzdHJlYW1pbmdDb25uZWN0aW9uSWRsZVRpbWVvdXQ6IDFoCmFsbG93ZWRVbnNhZmVTeXNjdGxzOgotICJuZXQuKiIK
      - path: /etc/systemd/logind.conf.d/zzz-kubelet-graceful-shutdown.conf
        permissions: 0700
        encoding: base64
        content: W0xvZ2luXQojIGRlbGF5CkluaGliaXREZWxheU1heFNlYz0zMDAK
      - path: /etc/teleport-join-token
        permissions: 0644
        contentFrom:
          secret:
            name: test-wc-minimal-teleport-join-token
            key: joinToken
      - path: /opt/teleport-node-role.sh
        permissions: 0755
        encoding: base64
        content: IyEvYmluL2Jhc2gKCmlmIHN5c3RlbWN0bCBpcy1hY3RpdmUgLXEga3ViZWxldC5zZXJ2aWNlOyB0aGVuCiAgICBpZiBbIC1lICIvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzL2t1YmUtYXBpc2VydmVyLnlhbWwiIF07IHRoZW4KICAgICAgICBlY2hvICJjb250cm9sLXBsYW5lIgogICAgZWxzZQogICAgICAgIGVjaG8gIndvcmtlciIKICAgIGZpCmVsc2UKICAgIGVjaG8gIiIKZmkK
      - path: /etc/teleport.yaml
        permissions: 0644
        encoding: base64
        content: dmVyc2lvbjogdjMKdGVsZXBvcnQ6CiAgZGF0YV9kaXI6IC90ZWxlcG9ydAogIGpvaW5fcGFyYW1zOgogICAgdG9rZW5fbmFtZTogL2V0Yy90ZWxlcG9ydC1qb2luLXRva2VuCiAgICBtZXRob2Q6IHRva2VuCiAgcHJveHlfc2VydmVyOiB0ZWxlcG9ydC5naWFudHN3YXJtLmlvOjQ0MwogIGxvZzoKICAgIG91dHB1dDogc3RkZXJyCmF1dGhfc2VydmljZToKICBlbmFibGVkOiAibm8iCnNzaF9zZXJ2aWNlOgogIGVuYWJsZWQ6ICJ5ZXMiCiAgY29tbWFuZHM6CiAgLSBuYW1lOiBub2RlCiAgICBjb21tYW5kOiBbaG9zdG5hbWVdCiAgICBwZXJpb2Q6IDI0aDBtMHMKICAtIG5hbWU6IGFyY2gKICAgIGNvbW1hbmQ6IFt1bmFtZSwgLW1dCiAgICBwZXJpb2Q6IDI0aDBtMHMKICAtIG5hbWU6IHJvbGUKICAgIGNvbW1hbmQ6IFsvb3B0L3RlbGVwb3J0LW5vZGUtcm9sZS5zaF0KICAgIHBlcmlvZDogMW0wcwogIGxhYmVsczoKICAgIGluczogdGVzdAogICAgbWM6IHRlc3QKICAgIGNsdXN0ZXI6IHRlc3Qtd2MtbWluaW1hbAogICAgYmFzZURvbWFpbjogZXhhbXBsZS5jb20KcHJveHlfc2VydmljZToKICBlbmFibGVkOiAibm8iCg==
      - path: /etc/audit/rules.d/99-default.rules
        permissions: 0640
        encoding: base64
        content: IyBPdmVycmlkZGVuIGJ5IEdpYW50IFN3YXJtLgotYSBleGl0LGFsd2F5cyAtRiBhcmNoPWI2NCAtUyBleGVjdmUgLWsgYXVkaXRpbmcKLWEgZXhpdCxhbHdheXMgLUYgYXJjaD1iMzIgLVMgZXhlY3ZlIC1rIGF1ZGl0aW5nCg==
      - contentFrom:
          secret:
            key: kubelet-aws-config.sh
            name: test-wc-minimal-provider-specific-files-4
        path: /opt/bin/kubelet-aws-config.sh
        permissions: 0755
      - contentFrom:
          secret:
            key: kubelet-aws-config.service
            name: test-wc-minimal-provider-specific-files-4
        path: /etc/systemd/system/kubelet-aws-config.service
        permissions: 0644
      - contentFrom:
          secret:
            key: 99-unmanaged-devices.network
            name: test-wc-minimal-provider-specific-files-4
        path: /etc/systemd/network/99-unmanaged-devices.network
        permissions: 0644
    
  
    ---
    # Source: cluster-aws/charts/cluster/templates/containerd.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: test-wc-minimal-containerd-fe1ed987
    data:
      config.toml: dmVyc2lvbiA9IDIKCiMgcmVjb21tZW5kZWQgZGVmYXVsdHMgZnJvbSBodHRwczovL2dpdGh1Yi5jb20vY29udGFpbmVyZC9jb250YWluZXJkL2Jsb2IvbWFpbi9kb2NzL29wcy5tZCNiYXNlLWNvbmZpZ3VyYXRpb24KIyBzZXQgY29udGFpbmVyZCBhcyBhIHN1YnJlYXBlciBvbiBsaW51eCB3aGVuIGl0IGlzIG5vdCBydW5uaW5nIGFzIFBJRCAxCnN1YnJlYXBlciA9IHRydWUKIyBzZXQgY29udGFpbmVyZCdzIE9PTSBzY29yZQpvb21fc2NvcmUgPSAtOTk5CmRpc2FibGVkX3BsdWdpbnMgPSBbXQpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ydW50aW1lLnYxLmxpbnV4Il0KIyBzaGltIGJpbmFyeSBuYW1lL3BhdGgKc2hpbSA9ICJjb250YWluZXJkLXNoaW0iCiMgcnVudGltZSBiaW5hcnkgbmFtZS9wYXRoCnJ1bnRpbWUgPSAicnVuYyIKIyBkbyBub3QgdXNlIGEgc2hpbSB3aGVuIHN0YXJ0aW5nIGNvbnRhaW5lcnMsIHNhdmVzIG9uIG1lbW9yeSBidXQKIyBsaXZlIHJlc3RvcmUgaXMgbm90IHN1cHBvcnRlZApub19zaGltID0gZmFsc2UKCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzLnJ1bmNdCiMgc2V0dGluZyBydW5jLm9wdGlvbnMgdW5zZXRzIHBhcmVudCBzZXR0aW5ncwpydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdClN5c3RlbWRDZ3JvdXAgPSB0cnVlCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIl0Kc2FuZGJveF9pbWFnZSA9ICJnc29jaS5henVyZWNyLmlvL2dpYW50c3dhcm0vcGF1c2U6My45IgplbmFibGVfc2VsaW51eCA9IGZhbHNlCgpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnldCiAgY29uZmlnX3BhdGggPSAiL2V0Yy9jb250YWluZXJkL2NlcnRzLmQiCgojIGFkZCBOdmlkaWEgY29udGFpbmVyIHJ1bnRpbWUgdG8gc3VwcG9ydCBHUFVzCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzLm52aWRpYV0KICBydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgogIHByaXZpbGVnZWRfd2l0aG91dF9ob3N0X2RldmljZXMgPSBmYWxzZQogIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzLm52aWRpYS5vcHRpb25zXQogICAgQmluYXJ5TmFtZSA9ICIvdXNyL2Jpbi9udmlkaWEtY29udGFpbmVyLXJ1bnRpbWUiCiAgICBTeXN0ZW1kQ2dyb3VwID0gdHJ1ZQo=
    # Source: cluster-aws/charts/cluster/templates/clusterapi/workers/kubeadmconfig.yaml
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfig
    metadata:
      annotations:
        machine-pool.giantswarm.io/name: test-wc-minimal-pool0
      labels:
        # deprecated: "app: cluster-aws" label is deprecated and it will be removed after upgrading
    # to Kubernetes 1.25. We still need it here because existing ClusterResourceSet selectors
    # need this label on the Cluster resource.
    app: cluster-aws
        app.kubernetes.io/name: cluster
        app.kubernetes.io/version: 4.6.0
        app.kubernetes.io/part-of: cluster-aws
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cluster-4.6.0
        application.giantswarm.io/team: turtles
        giantswarm.io/cluster: test-wc-minimal
        giantswarm.io/organization: test
        giantswarm.io/service-priority: lowest
        cluster.x-k8s.io/cluster-name: test-wc-minimal
        cluster.x-k8s.io/watch-filter: capi
        release.giantswarm.io/version: 27.0.0-alpha.1
        giantswarm.io/machine-pool: test-wc-minimal-pool0
      name: test-wc-minimal-pool0-9059f
      namespace: org-giantswarm
    spec:
      format: ignition
      ignition:
        containerLinuxConfig:
          additionalConfig: |
            systemd:
              units:      
              - name: os-hardening.service
                enabled: true
                contents: |
                  [Unit]
                  Description=Apply os hardening
                  [Service]
                  Type=oneshot
                  ExecStartPre=-/bin/bash -c "gpasswd -d core rkt; gpasswd -d core docker; gpasswd -d core wheel"
                  ExecStartPre=/bin/bash -c "until [ -f '/etc/sysctl.d/hardening.conf' ]; do echo Waiting for sysctl file; sleep 1s;done;"
                  ExecStart=/usr/sbin/sysctl -p /etc/sysctl.d/hardening.conf
                  [Install]
                  WantedBy=multi-user.target
              - name: update-engine.service
                enabled: false
                mask: true
              - name: locksmithd.service
                enabled: false
                mask: true
              - name: sshkeys.service
                enabled: false
                mask: true
              - name: kubeadm.service
                dropins:
                - name: 10-flatcar.conf
                  contents: |
                    [Unit]
                    # kubeadm must run after coreos-metadata populated /run/metadata directory.
                    Requires=coreos-metadata.service
                    After=coreos-metadata.service
                    # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939.
                    After=containerd.service
                    # kubeadm requires having an IP
                    After=network-online.target
                    Wants=network-online.target
                    [Service]
                    # Ensure kubeadm service has access to kubeadm binary in /opt/bin on Flatcar.
                    Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/bin
                    # To make metadata environment variables available for pre-kubeadm commands.
                    EnvironmentFile=/run/metadata/*
              - name: containerd.service
                enabled: true
                contents: |
                dropins:
                - name: 10-change-cgroup.conf
                  contents: |
                    [Service]
                    CPUAccounting=true
                    MemoryAccounting=true
                    Slice=kubereserved.slice
              - name: audit-rules.service
                enabled: true
                dropins:
                - name: 10-wait-for-containerd.conf
                  contents: |
                    [Service]
                    ExecStartPre=/bin/bash -c "while [ ! -f /etc/audit/rules.d/containerd.rules ]; do echo 'Waiting for /etc/audit/rules.d/containerd.rules to be written' && sleep 1; done"
                    Restart=on-failure
              - name: teleport.service
                enabled: true
                contents: |
                  [Unit]
                  Description=Teleport Service
                  After=network.target
                  [Service]
                  Type=simple
                  Restart=on-failure
                  ExecStart=/opt/bin/teleport start --roles=node --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
                  ExecReload=/bin/kill -HUP $MAINPID
                  PIDFile=/run/teleport.pid
                  LimitNOFILE=524288
                  [Install]
                  WantedBy=multi-user.target      
              - name: kubelet-aws-config.service
                enabled: true
              - name: var-lib.mount
                enabled: true
                contents: |
                  [Unit]
                  Description=lib volume
                  DefaultDependencies=no
                  [Mount]
                  What=/dev/disk/by-label/lib
                  Where=/var/lib
                  Type=xfs
                  [Install]
                  WantedBy=local-fs-pre.target
              - name: var-log.mount
                enabled: true
                contents: |
                  [Unit]
                  Description=log volume
                  DefaultDependencies=no
                  [Mount]
                  What=/dev/disk/by-label/log
                  Where=/var/log
                  Type=xfs
                  [Install]
                  WantedBy=local-fs-pre.target
            storage:
              filesystems:      
              - name: lib
                mount:
                  device: /dev/xvdd
                  format: xfs
                  wipeFilesystem: true
                  label: lib
              - name: log
                mount:
                  device: /dev/xvde
                  format: xfs
                  wipeFilesystem: true
                  label: log
              directories:      
              - path: /var/lib/kubelet
                mode: 0750      
      joinConfiguration:
        nodeRegistration:
          name: ${COREOS_EC2_HOSTNAME}
          kubeletExtraArgs:
            cloud-provider: external
            cgroup-driver: systemd
            healthz-bind-address: 0.0.0.0
            node-ip: ${COREOS_EC2_IPV4_LOCAL}
            node-labels: "ip=${COREOS_EC2_IPV4_LOCAL},role=worker,giantswarm.io/machine-pool=test-wc-minimal-pool0"
            v: 2
          taints:
          - effect: NoExecute
            key: ebs.csi.aws.com/agent-not-ready
        patches:
          directory: /etc/kubernetes/patches
      preKubeadmCommands:
      - "envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp"
      - "mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml"
      - "systemctl restart containerd"
      files:
      - path: /etc/sysctl.d/hardening.conf
        permissions: 0644
        encoding: base64
        content: ZnMuaW5vdGlmeS5tYXhfdXNlcl93YXRjaGVzID0gMTYzODQKZnMuaW5vdGlmeS5tYXhfdXNlcl9pbnN0YW5jZXMgPSA4MTkyCmtlcm5lbC5rcHRyX3Jlc3RyaWN0ID0gMgprZXJuZWwuc3lzcnEgPSAwCm5ldC5pcHY0LmNvbmYuYWxsLmxvZ19tYXJ0aWFucyA9IDEKbmV0LmlwdjQuY29uZi5hbGwuc2VuZF9yZWRpcmVjdHMgPSAwCm5ldC5pcHY0LmNvbmYuZGVmYXVsdC5hY2NlcHRfcmVkaXJlY3RzID0gMApuZXQuaXB2NC5jb25mLmRlZmF1bHQubG9nX21hcnRpYW5zID0gMQpuZXQuaXB2NC50Y3BfdGltZXN0YW1wcyA9IDAKbmV0LmlwdjYuY29uZi5hbGwuYWNjZXB0X3JlZGlyZWN0cyA9IDAKbmV0LmlwdjYuY29uZi5kZWZhdWx0LmFjY2VwdF9yZWRpcmVjdHMgPSAwCiMgSW5jcmVhc2VkIG1tYXBmcyBiZWNhdXNlIHNvbWUgYXBwbGljYXRpb25zLCBsaWtlIEVTLCBuZWVkIGhpZ2hlciBsaW1pdCB0byBzdG9yZSBkYXRhIHByb3Blcmx5CnZtLm1heF9tYXBfY291bnQgPSAyNjIxNDQKIyBSZXNlcnZlZCB0byBhdm9pZCBjb25mbGljdHMgd2l0aCBrdWJlLWFwaXNlcnZlciwgd2hpY2ggYWxsb2NhdGVzIHdpdGhpbiB0aGlzIHJhbmdlCm5ldC5pcHY0LmlwX2xvY2FsX3Jlc2VydmVkX3BvcnRzPTMwMDAwLTMyNzY3Cm5ldC5pcHY0LmNvbmYuYWxsLnJwX2ZpbHRlciA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2lnbm9yZSA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2Fubm91bmNlID0gMgoKIyBUaGVzZSBhcmUgcmVxdWlyZWQgZm9yIHRoZSBrdWJlbGV0ICctLXByb3RlY3Qta2VybmVsLWRlZmF1bHRzJyBmbGFnCiMgU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9naWFudHN3YXJtL2dpYW50c3dhcm0vaXNzdWVzLzEzNTg3CnZtLm92ZXJjb21taXRfbWVtb3J5PTEKa2VybmVsLnBhbmljPTEwCmtlcm5lbC5wYW5pY19vbl9vb3BzPTEK
      - path: /etc/containerd/config.toml
        permissions: 0644
        contentFrom:
          secret:
            name: test-wc-minimal-containerd-fe1ed987
            key: config.toml
      - path: /etc/containerd/certs.d/docker.io/hosts.toml
        permissions: 0644
        encoding: base64
        content: c2VydmVyID0gImh0dHBzOi8vZG9ja2VyLmlvIgpbaG9zdC4iaHR0cHM6Ly9yZWdpc3RyeS0xLmRvY2tlci5pbyJdCiAgY2FwYWJpbGl0aWVzID0gWyJwdWxsIiwgInJlc29sdmUiXQogIG92ZXJyaWRlX3BhdGggPSB0cnVlCiAgc2tpcF92ZXJpZnkgPSBmYWxzZQpbaG9zdC4iaHR0cHM6Ly9naWFudHN3YXJtLmF6dXJlY3IuaW8iXQogIGNhcGFiaWxpdGllcyA9IFsicHVsbCIsICJyZXNvbHZlIl0KICBvdmVycmlkZV9wYXRoID0gdHJ1ZQogIHNraXBfdmVyaWZ5ID0gZmFsc2U=
      - path: /etc/containerd/certs.d/gsoci.azurecr.io/hosts.toml
        permissions: 0644
        encoding: base64
        content: c2VydmVyID0gImh0dHBzOi8vZ3NvY2kuYXp1cmVjci5pbyIKW2hvc3QuImh0dHBzOi8vem90LnRlc3QuZXhhbXBsZS5jb20iXQogIGNhcGFiaWxpdGllcyA9IFsicHVsbCIsICJyZXNvbHZlIl0KICBvdmVycmlkZV9wYXRoID0gdHJ1ZQpbaG9zdC4iaHR0cHM6Ly9nc29jaS5henVyZWNyLmlvIl0KICBjYXBhYmlsaXRpZXMgPSBbInB1bGwiLCAicmVzb2x2ZSJdCiAgc2tpcF92ZXJpZnkgPSBmYWxzZQ==
      - path: /etc/containerd/certs.d/with-auth.example.com/hosts.toml
        permissions: 0644
        encoding: base64
        content: c2VydmVyID0gImh0dHBzOi8vd2l0aC1hdXRoLmV4YW1wbGUuY29tIgpbaG9zdC4iaHR0cHM6Ly93aXRoLWF1dGguZXhhbXBsZS5jb20iXQogIGNhcGFiaWxpdGllcyA9IFsicHVsbCIsICJyZXNvbHZlIl0KICBza2lwX3ZlcmlmeSA9IGZhbHNlCiAgW2hvc3QuImh0dHBzOi8vd2l0aC1hdXRoLmV4YW1wbGUuY29tIi5oZWFkZXJdCiAgICBBdXRob3JpemF0aW9uID0gWyJCYXNpYyBaMmxoYm5SemQyRnliWEIxYkd3NllXSmpaR1ZtIl0KW2hvc3QuImh0dHBzOi8vcXVheS5pbyJdCiAgY2FwYWJpbGl0aWVzID0gWyJwdWxsIiwgInJlc29sdmUiXQogIG92ZXJyaWRlX3BhdGggPSB0cnVlCiAgc2tpcF92ZXJpZnkgPSBmYWxzZQ==
      - path: /etc/selinux/config
        permissions: 0644
        encoding: base64
        content: IyBUaGlzIGZpbGUgY29udHJvbHMgdGhlIHN0YXRlIG9mIFNFTGludXggb24gdGhlIHN5c3RlbSBvbiBib290LgoKIyBTRUxJTlVYIGNhbiB0YWtlIG9uZSBvZiB0aGVzZSB0aHJlZSB2YWx1ZXM6CiMgICAgICAgZW5mb3JjaW5nIC0gU0VMaW51eCBzZWN1cml0eSBwb2xpY3kgaXMgZW5mb3JjZWQuCiMgICAgICAgcGVybWlzc2l2ZSAtIFNFTGludXggcHJpbnRzIHdhcm5pbmdzIGluc3RlYWQgb2YgZW5mb3JjaW5nLgojICAgICAgIGRpc2FibGVkIC0gTm8gU0VMaW51eCBwb2xpY3kgaXMgbG9hZGVkLgpTRUxJTlVYPXBlcm1pc3NpdmUKCiMgU0VMSU5VWFRZUEUgY2FuIHRha2Ugb25lIG9mIHRoZXNlIGZvdXIgdmFsdWVzOgojICAgICAgIHRhcmdldGVkIC0gT25seSB0YXJnZXRlZCBuZXR3b3JrIGRhZW1vbnMgYXJlIHByb3RlY3RlZC4KIyAgICAgICBzdHJpY3QgICAtIEZ1bGwgU0VMaW51eCBwcm90ZWN0aW9uLgojICAgICAgIG1scyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1MZXZlbCBTZWN1cml0eQojICAgICAgIG1jcyAgICAgIC0gRnVsbCBTRUxpbnV4IHByb3RlY3Rpb24gd2l0aCBNdWx0aS1DYXRlZ29yeSBTZWN1cml0eQojICAgICAgICAgICAgICAgICAgKG1scywgYnV0IG9ubHkgb25lIHNlbnNpdGl2aXR5IGxldmVsKQpTRUxJTlVYVFlQRT1tY3MK
      - path: /etc/systemd/timesyncd.conf
        permissions: 0644
        encoding: base64
        content: W1RpbWVdCk5UUD0xNjkuMjU0LjE2OS4xMjMK
      - path: /etc/kubernetes/patches/kubeletconfiguration.yaml
        permissions: 0644
        encoding: base64
        content: YXBpVmVyc2lvbjoga3ViZWxldC5jb25maWcuazhzLmlvL3YxYmV0YTEKa2luZDogS3ViZWxldENvbmZpZ3VyYXRpb24Kc2h1dGRvd25HcmFjZVBlcmlvZDogMzAwcwpzaHV0ZG93bkdyYWNlUGVyaW9kQ3JpdGljYWxQb2RzOiA2MHMKa2VybmVsTWVtY2dOb3RpZmljYXRpb246IHRydWUKZXZpY3Rpb25Tb2Z0OgogIG1lbW9yeS5hdmFpbGFibGU6ICI1MDBNaSIKZXZpY3Rpb25IYXJkOgogIG1lbW9yeS5hdmFpbGFibGU6ICIyMDBNaSIKICBpbWFnZWZzLmF2YWlsYWJsZTogIjE1JSIKZXZpY3Rpb25Tb2Z0R3JhY2VQZXJpb2Q6CiAgbWVtb3J5LmF2YWlsYWJsZTogIjVzIgpldmljdGlvbk1heFBvZEdyYWNlUGVyaW9kOiA2MApmZWF0dXJlR2F0ZXM6CiAgTXV0YWJsZUNTSU5vZGVBbGxvY2F0YWJsZUNvdW50OiB0cnVlCmt1YmVSZXNlcnZlZDoKICBjcHU6IDM1MG0KICBtZW1vcnk6IDEyODBNaQogIGVwaGVtZXJhbC1zdG9yYWdlOiAxMDI0TWkKa3ViZVJlc2VydmVkQ2dyb3VwOiAva3ViZXJlc2VydmVkLnNsaWNlCnByb3RlY3RLZXJuZWxEZWZhdWx0czogdHJ1ZQpzeXN0ZW1SZXNlcnZlZDoKICBjcHU6IDI1MG0KICBtZW1vcnk6IDM4NE1pCnN5c3RlbVJlc2VydmVkQ2dyb3VwOiAvc3lzdGVtLnNsaWNlCnRsc0NpcGhlclN1aXRlczogCiAgLSBUTFNfQUVTXzEyOF9HQ01fU0hBMjU2CiAgLSBUTFNfQUVTXzI1Nl9HQ01fU0hBMzg0CiAgLSBUTFNfQ0hBQ0hBMjBfUE9MWTEzMDVfU0hBMjU2CiAgLSBUTFNfRUNESEVfRUNEU0FfV0lUSF9BRVNfMTI4X0NCQ19TSEEKICAtIFRMU19FQ0RIRV9FQ0RTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgogIC0gVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9DQkNfU0hBCiAgLSBUTFNfRUNESEVfRUNEU0FfV0lUSF9BRVNfMjU2X0dDTV9TSEEzODQKICAtIFRMU19FQ0RIRV9FQ0RTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NgogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18yNTZfQ0JDX1NIQQogIC0gVExTX0VDREhFX1JTQV9XSVRIX0FFU18yNTZfR0NNX1NIQTM4NAogIC0gVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NgogIC0gVExTX1JTQV9XSVRIX0FFU18xMjhfQ0JDX1NIQQogIC0gVExTX1JTQV9XSVRIX0FFU18xMjhfR0NNX1NIQTI1NgogIC0gVExTX0VDREhFX0VDRFNBX1dJVEhfQ0hBQ0hBMjBfUE9MWTEzMDUKICAtIFRMU19FQ0RIRV9SU0FfV0lUSF9DSEFDSEEyMF9QT0xZMTMwNQpzZXJpYWxpemVJbWFnZVB1bGxzOiBmYWxzZQpzdHJlYW1pbmdDb25uZWN0aW9uSWRsZVRpbWVvdXQ6IDFoCmFsbG93ZWRVbnNhZmVTeXNjdGxzOgotICJuZXQuKiIK
      - path: /etc/systemd/logind.conf.d/zzz-kubelet-graceful-shutdown.conf
        permissions: 0700
        encoding: base64
        content: W0xvZ2luXQojIGRlbGF5CkluaGliaXREZWxheU1heFNlYz0zMDAK
      - path: /etc/teleport-join-token
        permissions: 0644
        contentFrom:
          secret:
            name: test-wc-minimal-teleport-join-token
            key: joinToken
      - path: /opt/teleport-node-role.sh
        permissions: 0755
        encoding: base64
        content: IyEvYmluL2Jhc2gKCmlmIHN5c3RlbWN0bCBpcy1hY3RpdmUgLXEga3ViZWxldC5zZXJ2aWNlOyB0aGVuCiAgICBpZiBbIC1lICIvZXRjL2t1YmVybmV0ZXMvbWFuaWZlc3RzL2t1YmUtYXBpc2VydmVyLnlhbWwiIF07IHRoZW4KICAgICAgICBlY2hvICJjb250cm9sLXBsYW5lIgogICAgZWxzZQogICAgICAgIGVjaG8gIndvcmtlciIKICAgIGZpCmVsc2UKICAgIGVjaG8gIiIKZmkK
      - path: /etc/teleport.yaml
        permissions: 0644
        encoding: base64
        content: dmVyc2lvbjogdjMKdGVsZXBvcnQ6CiAgZGF0YV9kaXI6IC90ZWxlcG9ydAogIGpvaW5fcGFyYW1zOgogICAgdG9rZW5fbmFtZTogL2V0Yy90ZWxlcG9ydC1qb2luLXRva2VuCiAgICBtZXRob2Q6IHRva2VuCiAgcHJveHlfc2VydmVyOiB0ZWxlcG9ydC5naWFudHN3YXJtLmlvOjQ0MwogIGxvZzoKICAgIG91dHB1dDogc3RkZXJyCmF1dGhfc2VydmljZToKICBlbmFibGVkOiAibm8iCnNzaF9zZXJ2aWNlOgogIGVuYWJsZWQ6ICJ5ZXMiCiAgY29tbWFuZHM6CiAgLSBuYW1lOiBub2RlCiAgICBjb21tYW5kOiBbaG9zdG5hbWVdCiAgICBwZXJpb2Q6IDI0aDBtMHMKICAtIG5hbWU6IGFyY2gKICAgIGNvbW1hbmQ6IFt1bmFtZSwgLW1dCiAgICBwZXJpb2Q6IDI0aDBtMHMKICAtIG5hbWU6IHJvbGUKICAgIGNvbW1hbmQ6IFsvb3B0L3RlbGVwb3J0LW5vZGUtcm9sZS5zaF0KICAgIHBlcmlvZDogMW0wcwogIGxhYmVsczoKICAgIGluczogdGVzdAogICAgbWM6IHRlc3QKICAgIGNsdXN0ZXI6IHRlc3Qtd2MtbWluaW1hbAogICAgYmFzZURvbWFpbjogZXhhbXBsZS5jb20KcHJveHlfc2VydmljZToKICBlbmFibGVkOiAibm8iCg==
      - path: /etc/audit/rules.d/99-default.rules
        permissions: 0640
        encoding: base64
        content: IyBPdmVycmlkZGVuIGJ5IEdpYW50IFN3YXJtLgotYSBleGl0LGFsd2F5cyAtRiBhcmNoPWI2NCAtUyBleGVjdmUgLWsgYXVkaXRpbmcKLWEgZXhpdCxhbHdheXMgLUYgYXJjaD1iMzIgLVMgZXhlY3ZlIC1rIGF1ZGl0aW5nCg==
      - contentFrom:
          secret:
            key: kubelet-aws-config.sh
            name: test-wc-minimal-provider-specific-files-4
        path: /opt/bin/kubelet-aws-config.sh
        permissions: 0755
      - contentFrom:
          secret:
            key: kubelet-aws-config.service
            name: test-wc-minimal-provider-specific-files-4
        path: /etc/systemd/system/kubelet-aws-config.service
        permissions: 0644
      - contentFrom:
          secret:
            key: 99-unmanaged-devices.network
            name: test-wc-minimal-provider-specific-files-4
        path: /etc/systemd/network/99-unmanaged-devices.network
        permissions: 0644
    
  

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-cert-manager-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-cert-manager-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-cluster-autoscaler-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-cluster-autoscaler-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-etcd-defrag-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-etcd-defrag-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-etcd-k8s-res-count-exporter-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-etcd-k8s-res-count-exporter-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-external-dns-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-external-dns-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-metrics-server-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-metrics-server-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-net-exporter-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-net-exporter-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (v1/ConfigMap/org-giantswarm/test-wc-minimal-security-bundle-user-values)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ConfigMap/org-giantswarm/test-wc-minimal-security-bundle-user-values)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cert-exporter)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cert-exporter)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cert-manager)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cert-manager)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-chart-operator-extensions)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-chart-operator-extensions)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cilium-servicemonitors)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cilium-servicemonitors)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cluster-autoscaler)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-cluster-autoscaler)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-coredns-extensions)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-coredns-extensions)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-etcd-defrag)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-etcd-defrag)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-etcd-k8s-res-count-exporter)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-etcd-k8s-res-count-exporter)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-external-dns)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-external-dns)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-k8s-audit-metrics)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-k8s-audit-metrics)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-k8s-dns-node-cache)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-k8s-dns-node-cache)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-metrics-server)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-metrics-server)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-net-exporter)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-net-exporter)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-node-exporter)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-node-exporter)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-observability-bundle)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-observability-bundle)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-observability-policies)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-observability-policies)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-prometheus-blackbox-exporter)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-prometheus-blackbox-exporter)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-security-bundle)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-security-bundle)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-teleport-kube-agent)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-teleport-kube-agent)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-vertical-pod-autoscaler)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (application.giantswarm.io/v1alpha1/App/org-giantswarm/test-wc-minimal-vertical-pod-autoscaler)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/Cluster/org-giantswarm/test-wc-minimal)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/Cluster/org-giantswarm/test-wc-minimal)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-cilium)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-cilium)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-coredns)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-coredns)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-network-policies)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-network-policies)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-priority-classes)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-priority-classes)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-vertical-pod-autoscaler-crd)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (helm.toolkit.fluxcd.io/v2/HelmRelease/org-giantswarm/test-wc-minimal-vertical-pod-autoscaler-crd)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-default)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-default)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-default-test)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-default-test)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-cluster)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-cluster)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-cluster-test)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (source.toolkit.fluxcd.io/v1/HelmRepository/org-giantswarm/test-wc-minimal-cluster-test)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test-wc-minimal)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test-wc-minimal)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/spec/machineTemplate/metadata/labels/app.kubernetes.io/version  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test-wc-minimal)
  ± value change
    - 4.5.1
    + 4.6.0

/spec/machineTemplate/metadata/labels/helm.sh/chart  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test-wc-minimal)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/spec/kubeadmConfigSpec/files  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test-wc-minimal)
  + three list entries added:
    - path: /etc/containerd/certs.d/docker.io/hosts.toml
      permissions: 0644
      encoding: base64
      content: c2VydmVyID0gImh0dHBzOi8vZG9ja2VyLmlvIgpbaG9zdC4iaHR0cHM6Ly9yZWdpc3RyeS0xLmRvY2tlci5pbyJdCiAgY2FwYWJpbGl0aWVzID0gWyJwdWxsIiwgInJlc29sdmUiXQogIG92ZXJyaWRlX3BhdGggPSB0cnVlCiAgc2tpcF92ZXJpZnkgPSBmYWxzZQpbaG9zdC4iaHR0cHM6Ly9naWFudHN3YXJtLmF6dXJlY3IuaW8iXQogIGNhcGFiaWxpdGllcyA9IFsicHVsbCIsICJyZXNvbHZlIl0KICBvdmVycmlkZV9wYXRoID0gdHJ1ZQogIHNraXBfdmVyaWZ5ID0gZmFsc2U=
    - path: /etc/containerd/certs.d/gsoci.azurecr.io/hosts.toml
      permissions: 0644
      encoding: base64
      content: c2VydmVyID0gImh0dHBzOi8vZ3NvY2kuYXp1cmVjci5pbyIKW2hvc3QuImh0dHBzOi8vem90LnRlc3QuZXhhbXBsZS5jb20iXQogIGNhcGFiaWxpdGllcyA9IFsicHVsbCIsICJyZXNvbHZlIl0KICBvdmVycmlkZV9wYXRoID0gdHJ1ZQpbaG9zdC4iaHR0cHM6Ly9nc29jaS5henVyZWNyLmlvIl0KICBjYXBhYmlsaXRpZXMgPSBbInB1bGwiLCAicmVzb2x2ZSJdCiAgc2tpcF92ZXJpZnkgPSBmYWxzZQ==
    - path: /etc/containerd/certs.d/with-auth.example.com/hosts.toml
      permissions: 0644
      encoding: base64
      content: c2VydmVyID0gImh0dHBzOi8vd2l0aC1hdXRoLmV4YW1wbGUuY29tIgpbaG9zdC4iaHR0cHM6Ly93aXRoLWF1dGguZXhhbXBsZS5jb20iXQogIGNhcGFiaWxpdGllcyA9IFsicHVsbCIsICJyZXNvbHZlIl0KICBza2lwX3ZlcmlmeSA9IGZhbHNlCiAgW2hvc3QuImh0dHBzOi8vd2l0aC1hdXRoLmV4YW1wbGUuY29tIi5oZWFkZXJdCiAgICBBdXRob3JpemF0aW9uID0gWyJCYXNpYyBaMmxoYm5SemQyRnliWEIxYkd3NllXSmpaR1ZtIl0KW2hvc3QuImh0dHBzOi8vcXVheS5pbyJdCiAgY2FwYWJpbGl0aWVzID0gWyJwdWxsIiwgInJlc29sdmUiXQogIG92ZXJyaWRlX3BhdGggPSB0cnVlCiAgc2tpcF92ZXJpZnkgPSBmYWxzZQ==
    
  

/spec/kubeadmConfigSpec/files/path=/etc/containerd/config.toml/contentFrom/secret/name  (controlplane.cluster.x-k8s.io/v1beta1/KubeadmControlPlane/org-giantswarm/test-wc-minimal)
  ± value change
    - test-wc-minimal-containerd-609abaf3
    + test-wc-minimal-containerd-fe1ed987

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-wc-minimal-control-plane)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/MachineHealthCheck/org-giantswarm/test-wc-minimal-control-plane)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (cluster.x-k8s.io/v1beta1/MachinePool/org-giantswarm/test-wc-minimal-pool0)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (cluster.x-k8s.io/v1beta1/MachinePool/org-giantswarm/test-wc-minimal-pool0)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/spec/template/spec/bootstrap/configRef/name  (cluster.x-k8s.io/v1beta1/MachinePool/org-giantswarm/test-wc-minimal-pool0)
  ± value change
    - test-wc-minimal-pool0-68ccf
    + test-wc-minimal-pool0-9059f

/metadata/labels/app.kubernetes.io/version  (v1/ServiceAccount/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (v1/ServiceAccount/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (rbac.authorization.k8s.io/v1/Role/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (rbac.authorization.k8s.io/v1/Role/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (rbac.authorization.k8s.io/v1/RoleBinding/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (rbac.authorization.k8s.io/v1/RoleBinding/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/metadata/labels/app.kubernetes.io/version  (batch/v1/Job/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - 4.5.1
    + 4.6.0

/metadata/labels/helm.sh/chart  (batch/v1/Job/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0

/spec/template/metadata/labels/app.kubernetes.io/version  (batch/v1/Job/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - 4.5.1
    + 4.6.0

/spec/template/metadata/labels/helm.sh/chart  (batch/v1/Job/org-giantswarm/test-wc-minimal-helmreleases-cleanup)
  ± value change
    - cluster-4.5.1
    + cluster-4.6.0



=== Differences when rendered with values file helm/cluster-aws/ci/test-eni-mode-values.yaml ===

(file level)
  - two documents removed:
    ---
    # Source: cluster-aws/charts/cluster/templates/containerd.yaml
    apiVersion: v1
    kind: Secret
    metadata:
      name: test-wc-containerd-609abaf3
    data:
      config.toml: dmVyc2lvbiA9IDIKCiMgcmVjb21tZW5kZWQgZGVmYXVsdHMgZnJvbSBodHRwczovL2dpdGh1Yi5jb20vY29udGFpbmVyZC9jb250YWluZXJkL2Jsb2IvbWFpbi9kb2NzL29wcy5tZCNiYXNlLWNvbmZpZ3VyYXRpb24KIyBzZXQgY29udGFpbmVyZCBhcyBhIHN1YnJlYXBlciBvbiBsaW51eCB3aGVuIGl0IGlzIG5vdCBydW5uaW5nIGFzIFBJRCAxCnN1YnJlYXBlciA9IHRydWUKIyBzZXQgY29udGFpbmVyZCdzIE9PTSBzY29yZQpvb21fc2NvcmUgPSAtOTk5CmRpc2FibGVkX3BsdWdpbnMgPSBbXQpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ydW50aW1lLnYxLmxpbnV4Il0KIyBzaGltIGJpbmFyeSBuYW1lL3BhdGgKc2hpbSA9ICJjb250YWluZXJkLXNoaW0iCiMgcnVudGltZSBiaW5hcnkgbmFtZS9wYXRoCnJ1bnRpbWUgPSAicnVuYyIKIyBkbyBub3QgdXNlIGEgc2hpbSB3aGVuIHN0YXJ0aW5nIGNvbnRhaW5lcnMsIHNhdmVzIG9uIG1lbW9yeSBidXQKIyBsaXZlIHJlc3RvcmUgaXMgbm90IHN1cHBvcnRlZApub19zaGltID0gZmFsc2UKCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5jb250YWluZXJkLnJ1bnRpbWVzLnJ1bmNdCiMgc2V0dGluZyBydW5jLm9wdGlvbnMgdW5zZXRzIHBhcmVudCBzZXR0aW5ncwpydW50aW1lX3R5cGUgPSAiaW8uY29udGFpbmVyZC5ydW5jLnYyIgpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jLm9wdGlvbnNdClN5c3RlbWRDZ3JvdXAgPSB0cnVlCltwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIl0Kc2FuZGJveF9pbWFnZSA9ICJnc29jaS5henVyZWNyLmlvL2dpYW50c3dhcm0vcGF1c2U6My45IgplbmFibGVfc2VsaW51eCA9IGZhbHNlCgpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnldCiAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLnJlZ2lzdHJ5Lm1pcnJvcnNdCiAgICBbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnkubWlycm9ycy4iZG9ja2VyLmlvIl0KICAgICAgZW5kcG9pbnQgPSBbImh0dHBzOi8vcmVnaXN0cnktMS5kb2NrZXIuaW8iLCJodHRwczovL2dpYW50c3dhcm0uYXp1cmVjci5pbyIsXQogICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLnJlZ2lzdHJ5Lm1pcnJvcnMuImdzb2NpLmF6dXJlY3IuaW8iXQogICAgICBlbmRwb2ludCA9IFsiaHR0cHM6Ly96b3QudGVzdC5leGFtcGxlLmNvbSIsImh0dHBzOi8vZ3NvY2kuYXp1cmVjci5pbyIsXQogICAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLnJlZ2lzdHJ5Lm1pcnJvcnMuIndpdGgtYXV0aC5leGFtcGxlLmNvbSJdCiAgICAgIGVuZHBvaW50ID0gWyJodHRwczovL3dpdGgtYXV0aC5leGFtcGxlLmNvbSIsImh0dHBzOi8vcXVheS5pbyIsXQpbcGx1Z2lucy4iaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSIucmVnaXN0cnkuY29uZmlnc10KICAgIFtwbHVnaW5zLiJpby5jb250YWluZXJkLmdycGMudjEuY3JpIi5yZWdpc3RyeS5jb25maWdzLiJ3aXRoLWF1dGguZXhhbXBsZS5jb20iLmF1dGhdCiAgICAgIGF1dGggPSAiWjJsaGJuUnpkMkZ5YlhCMWJHdzZZV0pqWkdWbSIKCiMgYWRkIE52aWRpYSBjb250YWluZXIgcnVudGltZSB0byBzdXBwb3J0IEdQVXMKW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMubnZpZGlhXQogIHJ1bnRpbWVfdHlwZSA9ICJpby5jb250YWluZXJkLnJ1bmMudjIiCiAgcHJpdmlsZWdlZF93aXRob3V0X2hvc3RfZGV2aWNlcyA9IGZhbHNlCiAgW3BsdWdpbnMuImlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmkiLmNvbnRhaW5lcmQucnVudGltZXMubnZpZGlhLm9wdGlvbnNdCiAgICBCaW5hcnlOYW1lID0gIi91c3IvYmluL252aWRpYS1jb250YWluZXItcnVudGltZSIKICAgIFN5c3RlbWRDZ3JvdXAgPSB0cnVlCg==
    # Source: cluster-aws/charts/cluster/templates/clusterapi/workers/kubeadmconfig.yaml
    apiVersion: bootstrap.cluster.x-k8s.io/v1beta1
    kind: KubeadmConfig
    metadata:
      annotations:
        machine-pool.giantswarm.io/name: test-wc-pool0
      labels:
        # deprecated: "app: cluster-aws" label is deprecated and it will be removed after upgrading
    # to Kubernetes 1.25. We still need it here because existing ClusterResourceSet selectors
    # need this label on the Cluster resource.
    app: cluster-aws
        app.kubernetes.io/name: cluster
        app.kubernetes.io/version: 4.5.1
        app.kubernetes.io/part-of: cluster-aws
        app.kubernetes.io/instance: release-name
        app.kubernetes.io/managed-by: Helm
        helm.sh/chart: cluster-4.5.1
        application.giantswarm.io/team: turtles
        giantswarm.io/cluster: test-wc
        giantswarm.io/organization: test
        giantswarm.io/service-priority: highest
        cluster.x-k8s.io/cluster-name: test-wc
        cluster.x-k8s.io/watch-filter: capi
        release.giantswarm.io/version: 29.1.0
        giantswarm.io/machine-pool: test-wc-pool0
      name: test-wc-pool0-b8ad0
      namespace: org-giantswarm
    spec:
      format: ignition
      ignition:
        containerLinuxConfig:
          additionalConfig: |
            systemd:
              units:      
              - name: os-hardening.service
                enabled: true
                contents: |
                  [Unit]
                  Description=Apply os hardening
                  [Service]
                  Type=oneshot
                  ExecStartPre=-/bin/bash -c "gpasswd -d core rkt; gpasswd -d core docker; gpasswd -d core wheel"
                  ExecStartPre=/bin/bash -c "until [ -f '/etc/sysctl.d/hardening.conf' ]; do echo Waiting for sysctl file; sleep 1s;done;"
                  ExecStart=/usr/sbin/sysctl -p /etc/sysctl.d/hardening.conf
                  [Install]
                  WantedBy=multi-user.target
              - name: update-engine.service
                enabled: false
                mask: true
              - name: locksmithd.service
                enabled: false
                mask: true
              - name: sshkeys.service
                enabled: false
                mask: true
              - name: kubeadm.service
                dropins:
                - name: 10-flatcar.conf
                  contents: |
                    [Unit]
                    # kubeadm must run after coreos-metadata populated /run/metadata directory.
                    Requires=coreos-metadata.service
                    After=coreos-metadata.service
                    # kubeadm must run after containerd - see https://github.com/kubernetes-sigs/image-builder/issues/939.
                    After=containerd.service
                    # kubeadm requires having an IP
                    After=network-online.target
                    Wants=network-online.target
                    [Service]
                    # Ensure kubeadm service has access to kubeadm binary in /opt/bin on Flatcar.
                    Environment=PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/opt/bin
                    # To make metadata environment variables available for pre-kubeadm commands.
                    EnvironmentFile=/run/metadata/*
              - name: containerd.service
                enabled: true
                contents: |
                dropins:
                - name: 10-change-cgroup.conf
                  contents: |
                    [Service]
                    CPUAccounting=true
                    MemoryAccounting=true
                    Slice=kubereserved.slice
              - name: auditd.service
                enabled: false
              - name: teleport.service
                enabled: true
                contents: |
                  [Unit]
                  Description=Teleport Service
                  After=network.target
                  [Service]
                  Type=simple
                  Restart=on-failure
                  ExecStart=/opt/bin/teleport start --roles=node --config=/etc/teleport.yaml --pid-file=/run/teleport.pid
                  ExecReload=/bin/kill -HUP $MAINPID
                  PIDFile=/run/teleport.pid
                  LimitNOFILE=524288
                  [Install]
                  WantedBy=multi-user.target      
              - name: kubelet-aws-config.service
                enabled: true
              - name: var-lib.mount
                enabled: true
                contents: |
                  [Unit]
                  Description=lib volume
                  DefaultDependencies=no
                  [Mount]
                  What=/dev/disk/by-label/lib
                  Where=/var/lib
                  Type=xfs
                  [Install]
                  WantedBy=local-fs-pre.target
              - name: var-log.mount
                enabled: true
                contents: |
                  [Unit]
                  Description=log volume
                  DefaultDependencies=no
                  [Mount]
                  What=/dev/disk/by-label/log
                  Where=/var/log
                  Type=xfs
                  [Install]
                  WantedBy=local-fs-pre.target
            storage:
              filesystems:      
              - name: lib
                mount:
                  device: /dev/xvdd
                  format: xfs
                  wipeFilesystem: true
                  label: lib
              - name: log
                mount:
                  device: /dev/xvde
                  format: xfs
                  wipeFilesystem: true
                  label: log
              directories:      
              - path: /var/lib/kubelet
                mode: 0750      
      joinConfiguration:
        nodeRegistration:
          name: ${COREOS_EC2_HOSTNAME}
          kubeletExtraArgs:
            cloud-provider: external
            cgroup-driver: systemd
            healthz-bind-address: 0.0.0.0
            node-ip: ${COREOS_EC2_IPV4_LOCAL}
            node-labels: "ip=${COREOS_EC2_IPV4_LOCAL},role=worker,giantswarm.io/machine-pool=test-wc-pool0"
            v: 2
          taints:
          - effect: NoExecute
            key: ebs.csi.aws.com/agent-not-ready
        patches:
          directory: /etc/kubernetes/patches
      preKubeadmCommands:
      - "envsubst < /etc/kubeadm.yml > /etc/kubeadm.yml.tmp"
      - "mv /etc/kubeadm.yml.tmp /etc/kubeadm.yml"
      - "systemctl restart containerd"
      files:
      - path: /etc/sysctl.d/hardening.conf
        permissions: 0644
        encoding: base64
        content: ZnMuaW5vdGlmeS5tYXhfdXNlcl93YXRjaGVzID0gMTYzODQKZnMuaW5vdGlmeS5tYXhfdXNlcl9pbnN0YW5jZXMgPSA4MTkyCmtlcm5lbC5rcHRyX3Jlc3RyaWN0ID0gMgprZXJuZWwuc3lzcnEgPSAwCm5ldC5pcHY0LmNvbmYuYWxsLmxvZ19tYXJ0aWFucyA9IDEKbmV0LmlwdjQuY29uZi5hbGwuc2VuZF9yZWRpcmVjdHMgPSAwCm5ldC5pcHY0LmNvbmYuZGVmYXVsdC5hY2NlcHRfcmVkaXJlY3RzID0gMApuZXQuaXB2NC5jb25mLmRlZmF1bHQubG9nX21hcnRpYW5zID0gMQpuZXQuaXB2NC50Y3BfdGltZXN0YW1wcyA9IDAKbmV0LmlwdjYuY29uZi5hbGwuYWNjZXB0X3JlZGlyZWN0cyA9IDAKbmV0LmlwdjYuY29uZi5kZWZhdWx0LmFjY2VwdF9yZWRpcmVjdHMgPSAwCiMgSW5jcmVhc2VkIG1tYXBmcyBiZWNhdXNlIHNvbWUgYXBwbGljYXRpb25zLCBsaWtlIEVTLCBuZWVkIGhpZ2hlciBsaW1pdCB0byBzdG9yZSBkYXRhIHByb3Blcmx5CnZtLm1heF9tYXBfY291bnQgPSAyNjIxNDQKIyBSZXNlcnZlZCB0byBhdm9pZCBjb25mbGljdHMgd2l0aCBrdWJlLWFwaXNlcnZlciwgd2hpY2ggYWxsb2NhdGVzIHdpdGhpbiB0aGlzIHJhbmdlCm5ldC5pcHY0LmlwX2xvY2FsX3Jlc2VydmVkX3BvcnRzPTMwMDAwLTMyNzY3Cm5ldC5pcHY0LmNvbmYuYWxsLnJwX2ZpbHRlciA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2lnbm9yZSA9IDEKbmV0LmlwdjQuY29uZi5hbGwuYXJwX2Fubm91bmNlID0gMgoKIyBUaGVzZSBhcmUgcmVxdWlyZWQgZm9yIHRoZSBrdWJlbGV0ICctLXByb3RlY3Qta2VybmVsLWRlZmF1bHRzJyBmbGFnCiMgU2VlIGh0dHBzOi8vZ2l0aHViLmNvbS9naWFudHN3YXJtL2dpYW50c3dhcm0vaXNzdWVzLzEzNTg3CnZtLm92ZXJjb21taXRfbWVtb3J5PTEKa2VybmVsLnBhbmljPTEwCmtlcm5lbC5wYW5pY19vbl9vb3BzPTEK
      - path: /etc/containerd/config.toml
        permissions: 0644
        contentFrom:
          secret:
            name: test-wc-containerd-609abaf3
            key: config.toml
      - path: /etc/selinux/config
        permissions: 0644
        encoding: base64
        content: IyBUaGlzIGZpbGUgY29udHJvbHMgdGhlIHN0YXRlIG9mIFNFTGludXggb24gdGhlIHN5c3RlbSBvbiBib290LgoKIyBTRUxJTlVYIGNhbiB0YWtlIG9uZSBvZiB0aGVzZSB0aHJlZSB2YWx1ZXM6CiMgICAgICAgZW5mb3JjaW5nIC0gU0VMaW51eCBzZWN1cml0eSBwb2xpY3kgaXMgZW5mb3JjZWQuCiMgICAgICAgcGVybWlzc2l2ZSAtIFNFTGludXggcHJpbnRzIHdhcm5pbmdzIGluc3RlYWQgb2YgZW5mb3JjaW5nLgojICAgICAgIGRpc2FibGVkIC0gTm8gU0VMaW51eCBwb2xpY3kgaXMgbG9hZGVkLgpTRUxJTlVYPXBlcm1pc3NpdmUKCiMgU0VMSU5VWFRZUEUgY2FuIHRha2Ugb25lIG9mIHRoZXNlIGZvdXIgdmFsdWVzOgojICAgICAgIHRhc...*[Comment body truncated]*

renovate · 2025-11-21T19:37:32Z

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

tinkerers-ci · 2025-11-21T19:37:57Z

cluster-test-suites

Run name	`pr-cluster-aws-1601-cluster-test-suites6w97c`
Commit SHA	`7cd542b`
Result	Failed ❌

❌ Failed test suites

CAPA Standard Suite ❌

Test Name	Status	Duration
BeforeSuite	✅	9m56s
It all HelmReleases are deployed without issues	✅	1m0s
It all default apps are deployed without issues	✅	1m37s
It all observability-bundle apps are deployed without issues	✅	1s
It all security-bundle apps are deployed without issues	✅	1s
It should be able to connect to the management cluster	✅	0s
It should be able to connect to the workload cluster	✅	0s
It has all the control-plane nodes running	✅	30s
It has all the worker nodes running	✅	1m5s
It has all its Deployments Ready (means all replicas are running)	✅	1m50s
It has all its StatefulSets Ready (means all replicas are running)	✅	11s
It has all its DaemonSets Ready (means all daemon pods are running)	✅	11s
It has all its Jobs completed successfully	✅	11s
It has all of its Pods in the Running state	✅	11s
It doesn't have restarting pods	✅	55s
It has Cluster Ready condition with Status='True'	✅	0s
It has all machine pools ready and running	✅	30s
It cert-manager default ClusterIssuers are present and ready	✅	0s
It sets up the api DNS records	✅	0s
It sets up the bastion DNS records	⏭️	0s
It should have cert-manager and external-dns deployed	✅	0s
It should deploy ingress-nginx	✅	16s
It cluster wildcard ingress DNS must be resolvable	✅	53s
It should deploy the hello-world app	✅	8s
It ingress resource has load balancer in status	✅	0s
It should have a ready Certificate generated	✅	30s
It hello world app responds successfully	✅	0s
It uninstall apps	✅	1s
It creates test pod	✅	5s
It ensure key metrics are available on mimir	❌	10m0s
It clean up test pod	✅	31s
It scales node by creating anti-affinity pods	✅	3m2s
It has a at least one storage class available	✅	11s
It creates the new namespace for the test	✅	0s
It creates the PVC	✅	0s
It creates the pod using the PVC	✅	0s
It binds the PVC	✅	10s
It runs successfully	✅	22s
It deletes all resources correct	✅	20s
It cluster is registered	✅	0s
It should be able to pull an image from a private ECR registry	✅	10s
AfterSuite	✅	7m29s

📋 View full results in Tekton Dashboard

Rerun trigger:
/run cluster-test-suites

Important

Save time and costs - re-run only the failed tests:

/run cluster-test-suites TARGET_SUITES=./providers/capa/standard

Available Test Suites

By default, only the standard test suite runs to reduce costs. If your changes affect specialized environments, you can specify additional test suites:

AWS (CAPA) Test Suites

standard - Basic cluster creation and functionality
karpenter - Karpenter cluster creation testing
china - China-specific environment testing
private - Private cloud environment testing
cilium-eni-mode - Cilium ENI mode testing
upgrade - Cluster upgrade testing
upgrade-major - Major version upgrade testing

How to Specify Additional Test Suites

# Run specific test suites
/run cluster-test-suites TARGET_SUITES=./providers/capa/standard,./providers/capa/china

# Run all test suites for CAPA
/run cluster-test-suites TARGET_SUITES=./providers/capa/

# Run upgrade tests
/run cluster-test-suites TARGET_SUITES=./providers/capa/upgrade,./providers/capa/upgrade-major

Note: Full test suites run automatically on releases. You are responsible for testing all relevant flavors before merging.

Gacko · 2025-11-21T20:16:10Z

/run cluster-test-suites TARGET_SUITES=./providers/capa/standard

tinkerers-ci · 2025-11-21T20:56:55Z

cluster-test-suites

Run name	`pr-cluster-aws-1601-cluster-test-suitesxl8gn`
Commit SHA	`7cd542b`
Result	Failed ❌

❌ Failed test suites

CAPA Standard Suite ❌

Test Name	Status	Duration
BeforeSuite	✅	10m38s
It all HelmReleases are deployed without issues	✅	1m0s
It all default apps are deployed without issues	✅	1m55s
It all observability-bundle apps are deployed without issues	✅	1s
It all security-bundle apps are deployed without issues	✅	1s
It should be able to connect to the management cluster	✅	0s
It should be able to connect to the workload cluster	✅	0s
It has all the control-plane nodes running	✅	30s
It has all the worker nodes running	✅	1m5s
It has all its Deployments Ready (means all replicas are running)	✅	11s
It has all its StatefulSets Ready (means all replicas are running)	✅	11s
It has all its DaemonSets Ready (means all daemon pods are running)	✅	11s
It has all its Jobs completed successfully	✅	11s
It has all of its Pods in the Running state	✅	11s
It doesn't have restarting pods	✅	55s
It has Cluster Ready condition with Status='True'	✅	0s
It has all machine pools ready and running	✅	30s
It cert-manager default ClusterIssuers are present and ready	✅	0s
It sets up the api DNS records	✅	0s
It sets up the bastion DNS records	⏭️	0s
It should have cert-manager and external-dns deployed	✅	0s
It should deploy ingress-nginx	✅	16s
It cluster wildcard ingress DNS must be resolvable	✅	42s
It should deploy the hello-world app	✅	7s
It ingress resource has load balancer in status	✅	10s
It should have a ready Certificate generated	✅	10s
It hello world app responds successfully	✅	5s
It uninstall apps	✅	1s
It creates test pod	✅	5s
It ensure key metrics are available on mimir	❌	10m0s
It clean up test pod	✅	31s
It scales node by creating anti-affinity pods	✅	1m30s
It has a at least one storage class available	✅	11s
It creates the new namespace for the test	✅	0s
It creates the PVC	✅	0s
It creates the pod using the PVC	✅	0s
It binds the PVC	✅	10s
It runs successfully	✅	22s
It deletes all resources correct	✅	20s
It cluster is registered	✅	0s
It should be able to pull an image from a private ECR registry	✅	10s
AfterSuite	✅	7m30s

📋 View full results in Tekton Dashboard

Rerun trigger:
/run cluster-test-suites

Important

Save time and costs - re-run only the failed tests:

/run cluster-test-suites TARGET_SUITES=./providers/capa/standard

Available Test Suites

By default, only the standard test suite runs to reduce costs. If your changes affect specialized environments, you can specify additional test suites:

AWS (CAPA) Test Suites

standard - Basic cluster creation and functionality
karpenter - Karpenter cluster creation testing
china - China-specific environment testing
private - Private cloud environment testing
cilium-eni-mode - Cilium ENI mode testing
upgrade - Cluster upgrade testing
upgrade-major - Major version upgrade testing

How to Specify Additional Test Suites

# Run specific test suites
/run cluster-test-suites TARGET_SUITES=./providers/capa/standard,./providers/capa/china

# Run all test suites for CAPA
/run cluster-test-suites TARGET_SUITES=./providers/capa/

# Run upgrade tests
/run cluster-test-suites TARGET_SUITES=./providers/capa/upgrade,./providers/capa/upgrade-major

Note: Full test suites run automatically on releases. You are responsible for testing all relevant flavors before merging.

Gacko · 2025-11-22T11:52:04Z

@giantswarm/team-atlas Can you please check what's wrong with Mimir on grizzly? This change isn't doing anything regarding monitoring and I think I saw something being wrong with the Mimir app on grizzly earlier this week.

Gacko · 2025-11-22T11:53:16Z

Ah, yeah, daily cluster test suites are failing for the same reason. And they use a released cluster-aws version which passed tests.

renovate bot added the dependencies Pull requests that update a dependency file label Nov 20, 2025

renovate bot requested a review from a team as a code owner November 20, 2025 11:32

renovate bot added the renovate PR created by RenovateBot label Nov 20, 2025

renovate bot force-pushed the renovate/cluster-4.x branch 3 times, most recently from 6d8fde7 to 315aac4 Compare November 21, 2025 14:05

chore(deps): update helm release cluster to v4.6.0

6f6a5a8

renovate bot force-pushed the renovate/cluster-4.x branch from 315aac4 to 6f6a5a8 Compare November 21, 2025 18:44

Chart: Update cluster to v4.6.0.

7cd542b

Gacko enabled auto-merge (squash) November 21, 2025 18:54

Gacko approved these changes Nov 21, 2025

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

chore(deps): update helm release cluster to v4.6.0 #1601

chore(deps): update helm release cluster to v4.6.0 #1601

renovate bot commented Nov 20, 2025

Uh oh!

Gacko commented Nov 21, 2025

Uh oh!

github-actions bot commented Nov 21, 2025

Uh oh!

renovate bot commented Nov 21, 2025

Uh oh!

tinkerers-ci bot commented Nov 21, 2025

Uh oh!

Gacko commented Nov 21, 2025

Uh oh!

tinkerers-ci bot commented Nov 21, 2025

Uh oh!

Gacko commented Nov 22, 2025

Uh oh!

Gacko commented Nov 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

chore(deps): update helm release cluster to v4.6.0 #1601

Are you sure you want to change the base?

chore(deps): update helm release cluster to v4.6.0 #1601

Conversation

renovate bot commented Nov 20, 2025

Release Notes

v4.6.0

Changed

Configuration

Uh oh!

Gacko commented Nov 21, 2025

Uh oh!

github-actions bot commented Nov 21, 2025

Uh oh!

renovate bot commented Nov 21, 2025

Edited/Blocked Notification

Uh oh!

tinkerers-ci bot commented Nov 21, 2025

cluster-test-suites

❌ Failed test suites

Available Test Suites

AWS (CAPA) Test Suites

How to Specify Additional Test Suites

Uh oh!

Gacko commented Nov 21, 2025

Uh oh!

tinkerers-ci bot commented Nov 21, 2025

cluster-test-suites

❌ Failed test suites

Available Test Suites

AWS (CAPA) Test Suites

How to Specify Additional Test Suites

Uh oh!

Gacko commented Nov 22, 2025

Uh oh!

Gacko commented Nov 22, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

`v4.6.0`