Skip to main content
Version: v0.22.4

metal-stack v0.22.4

See original release note at https://github.com/metal-stack/releases/releases/tag/v0.22.4

General

  • Gardener v1.123
    • Please note that this release contains the gardener-apiserver built from the metal-stack fork in order to prevent the defaulting of worker machine images by Gardener. This will be resolved upstream with https://github.com/gardener/gardener/pull/13785. If you do not use short image versions in the CloudProfile you can also use the upstream version of the gardener-apiserver.
  • Virtual Garden v1.33.7

Noteworthy

  • When using the cluster-forwarding audit backend in combination with blocking-strict policy, the controller now lowers the audit policy mode to blocking in order to prevent a scenario that produces a deadlock with a crashing kube-apiserver. Since cluster-forwarding is not intended for production use cases, this behavior is appropriate. Note that the policy mode is also lowered when using cluster-forwarding in combination with another backend. (metal-stack/gardener-extension-audit#71)

Breaking Changes

  • The metal_stack_release_vector module now uses oci_registry_credentials to provide registry credentials instead of oci_registry_username and oci_registry_password. This way, it is possible to pass credentials for multiple registries. (metal-stack/ansible-common#43)
  • CSI-Plugin architecture changed from a split controller-daemonset to an only DaemonSet architecture. Each DaemonSet now also provides its own controller (figure 3 of the possible csi-plugin architectures here). With this architecture it is not necessary anymore to spawn pods for volume provisioning and deletion. For users of the Helm chart and the gardener-extension-csi-driver-lvm this migration can be deployed seamlessly. Manually deployed csi-driver-lvm installations need to adapt to the new architecture and delete the existing controller stateful set. (metal-stack/csi-driver-lvm#128)
  • There are some breaking changes in the monitoring roles in order to make them compatible with the mini-lab. If you deployed monitoring components using this role, please review the changes of introduced in metal-stack/metal-roles#502 and adapt your deployment parameters accordingly. (metal-stack/metal-roles#502)
  • connect.OutBand now requires to specify a connection timeout for redfish calls, if nil is specified it defaults to 10secs. (metal-stack/go-hal#82)

Actions Required

  • In case you set the NodeAgentAuthorizer feature gate on the gardenlet, this now has to be removed.

Component Releases

oci-mirror v0.2.9

  • Update go modules and gh actions (metal-stack/oci-mirror#19) @majst01

metal-core v0.15.1

  • Fix waitgroup panics with negative counter (metal-stack/metal-core#179) @majst01

ansible-common v0.8.0

  • Allow login with cosign. (metal-stack/ansible-common#43) @Gerrit91
  • Add missing documentation on helm_additional_params. (metal-stack/ansible-common#45) @Gerrit91

metal-deployment-base v0.9.1

  • Bump metal stack release vector plugin. (metal-stack/metal-deployment-base#47) @Gerrit91

csi-driver-lvm v0.8.2

  • Install kustomize to local bin. (metal-stack/csi-driver-lvm#146) @Gerrit91
  • Fix eviction controller evicts volume on VPA eviction (metal-stack/csi-driver-lvm#145) @Gerrit91
  • Add warning admonition on working with local data. (metal-stack/csi-driver-lvm#143) @Gerrit91

metal-api v0.43.0

  • Provide splunk audit configuration. (metal-stack/metal-api#641) @Gerrit91
  • Provide reason field for retrieving VPN auth key. (metal-stack/metal-api#640) @Gerrit91
  • Use newer approach to use sync.WaitGroup which prevents leaking counters (metal-stack/metal-api#637) @majst01
  • Include consolepassword endpoint into auditing. (metal-stack/metal-api#638) @Gerrit91

helm-charts v0.5.4

  • Sync csi-driver-lvm chart to v0.8.2 (metal-stack/helm-charts#146) @Gerrit91
  • Add splunk audit configuration for metal-api. (metal-stack/helm-charts#144) @Gerrit91

metalctl v0.18.4

  • Allow field to provide a reason for a VPN key. (metal-stack/metalctl#293) @Gerrit91
  • Update to go-1.25 (metal-stack/metalctl#291) @majst01
  • fix issue where binary name was missing in generated sbom (metal-stack/metalctl#290) @mac641

gardener-extension-audit v0.5.0

  • Move S3 secret key ref constants to public API package. (metal-stack/gardener-extension-audit#72) @Gerrit91
  • Prevent blocking-strict with cluster-forwarding backend. (metal-stack/gardener-extension-audit#71) @Gerrit91

gardener-extension-provider-metal v0.27.4

  • Revendor g/g v1.123. (metal-stack/gardener-extension-provider-metal#486) @Gerrit91

metal-roles v0.18.4

  • Adaptions for running monitoring in the mini-lab (metal-stack/metal-roles#502) @ostempel
  • Configurable vali storage capacity (metal-stack/metal-roles#516) @simcod
  • Add splunk audit configuration for metal-api. (metal-stack/metal-roles#514) @Gerrit91
  • Frr reload on all sonic switches (metal-stack/metal-roles#479) @iljarotar
  • Fix wrong metal_registry_url name (metal-stack/metal-roles#515) @AnnaSchreiner
  • Zitadel role: some leftovers from the last review. (metal-stack/metal-roles#505) @Gerrit91
  • Add configurable metal_registry_url (metal-stack/metal-roles#509) @AnnaSchreiner
  • Make nsq tls requirement for client connections configurable (metal-stack/metal-roles#513) @AnnaSchreiner
  • Modify nsq and postgres backup restore namespace creation (metal-stack/metal-roles#511) @AnnaSchreiner
  • Monitoring promtail client configuration (metal-stack/metal-roles#518) @simcod
  • Fix promtail config when no timeout is configured. (metal-stack/metal-roles#520) @Gerrit91
  • Allow setting shootAdminKubeconfigMaxExpiration in Garden resource. (metal-stack/metal-roles#519) @Gerrit91
  • Structured authentication for Garden kube-apiserver (metal-stack/metal-roles#517) @simcod
  • feat: add envoy gateway to service clusters (for isolated clusters) (metal-stack/metal-roles#522) @mwennrich

api v0.0.41

  • Boot Services (metal-stack/api#83) @majst01

gardener-extension-ontap v0.2.12

  • Set DNS policy to Default in mutator for the trident-node-linux daemonSet (metal-stack/gardener-extension-ontap#80) @mwennrich

Merged Pull Requests

This is a list of pull requests that were merged since the last release. The list does not contain pull requests from release-vector-repositories.

The fact that these pull requests were merged does not necessarily imply that they have already become part of this metal-stack release.

  • Bump releases to version v0.22.3 (metal-stack/website#184) @metal-robot[bot]
  • Updates regarding OCI artifacts. (metal-stack/website#146) @Gerrit91
  • Register handlers by serve path. (metal-stack/metal-robot#100) @Gerrit91
  • Slight refactor of comment command exec. (metal-stack/metal-robot#101) @Gerrit91
  • fix typo in release pipeline (metal-stack/metal-images#384) @mac641
  • Bump metal-api to version v0.43.0 (metal-stack/metal-python#161) @metal-robot[bot]
  • Bump metal-api to version v0.43.0 (metal-stack/metal-go#222) @metal-robot[bot]
  • Add section on pre-releases. (metal-stack/website#187) @Gerrit91
  • Bump axios from 1.13.2 to 1.13.3 (metal-stack/website#186) @dependabot[bot]
  • Bump @scalar/api-reference-react from 0.8.27 to 0.8.34 (metal-stack/website#185) @dependabot[bot]
  • Cancel redfish calls after timeout (metal-stack/go-hal#82) @majst01
  • fix container image retag in release pipeline (metal-stack/metal-images#385) @mac641
  • fix typo in release pipeline (metal-stack/metal-images#386) @mac641
  • Updates golang base image version to 1.25.6-bookworm (metal-stack/builder#88) @thheinel
  • FOSDEM 2026 recap. (metal-stack/website#193) @Gerrit91
  • Bump axios from 1.13.3 to 1.13.4 (metal-stack/website#189) @dependabot[bot]
  • Bump @carbon/icons-react from 11.73.0 to 11.74.0 (metal-stack/website#191) @dependabot[bot]
  • fix: containerlab link in blog post (metal-stack/website#194) @vknabel
  • Bump react from 19.2.3 to 19.2.4 (metal-stack/website#188) @dependabot[bot]
  • Bump @scalar/api-reference-react from 0.8.36 to 0.8.46 (metal-stack/website#192) @dependabot[bot]
  • Update gofish and adjust for changes (metal-stack/go-hal#84) @stmcginnis
  • fix api version pinning and small ts errors (metal-stack/metal-ui#9) @ostempel
  • Update dependencies (metal-stack/firewall-controller#208) @mwennrich
  • docs: fix outdated links to metal-stack.io (metal-stack/metal-images#383) @vknabel
  • Implement gcp auth and remove unused actions in release pipeline (metal-stack/metal-images#387) @mac641
  • Gov1.25.7 (metal-stack/builder#89) @thheinel
  • size, admin not finished yet (metal-stack/cli#4) @majst01
  • Bump semver from 7.7.3 to 7.7.4 (metal-stack/website#195) @dependabot[bot]
  • Bump @scalar/api-reference-react from 0.8.46 to 0.8.52 (metal-stack/website#196) @dependabot[bot]
  • Bump axios from 1.13.4 to 1.13.5 (metal-stack/website#197) @dependabot[bot]
  • Fix gcs authentication, gcs object paths and rework tests for release pipeline (metal-stack/metal-images#388) @mac641
  • Fix log output formatting and download url links in release pipeline (metal-stack/metal-images#389) @mac641
  • build(Dockerfile): Upgrade Go version to 1.26.0 (metal-stack/builder#90) @thheinel
  • Next release (metal-stack/releases#265) @metal-robot[bot]