Bump releases to version v0.22.4

docs/docs/07-Release Notes/v0.22/v0.22.4.md

@@ -0,0 +1,109 @@
+---
+slug: /release-notes/v0.22.4
+title: v0.22.4
+sidebar_position: 1
+---
+# metal-stack v0.22.4
+See original release note at [https://github.com/metal-stack/releases/releases/tag/v0.22.4](https://github.com/metal-stack/releases/releases/tag/v0.22.4)
+## General
+* [Gardener v1.123](https://github.com/gardener/gardener/releases/tag/v1.123.0)
+   * Please note that this release contains the gardener-apiserver built from the metal-stack fork in order to prevent the defaulting of worker machine images by Gardener. This will be resolved upstream with https://github.com/gardener/gardener/pull/13785. If you do not use short image versions in the `CloudProfile` you can also use the upstream version of the gardener-apiserver.
+* Virtual Garden `v1.33.7`
+## Noteworthy
+* When using the `cluster-forwarding` audit backend in combination with `blocking-strict` policy, the controller now lowers the audit policy mode to `blocking` in order to prevent a scenario that produces a deadlock with a crashing kube-apiserver. Since `cluster-forwarding` is not intended for production use cases, this behavior is appropriate. Note that the policy mode is also lowered when using `cluster-forwarding` in combination with another backend. (metal-stack/gardener-extension-audit#71)
+## Breaking Changes
+* The `metal_stack_release_vector` module now uses `oci_registry_credentials` to provide registry credentials instead of `oci_registry_username` and `oci_registry_password`. This way, it is possible to pass credentials for multiple registries. (metal-stack/ansible-common#43)
+* CSI-Plugin architecture changed from a split controller-daemonset to an only `DaemonSet` architecture. Each `DaemonSet` now also provides its own controller (figure 3 of the possible csi-plugin architectures [here](https://github.com/container-storage-interface/spec/blob/master/spec.md#architecture)). With this architecture it is not necessary anymore to spawn pods for volume provisioning and deletion. For users of the Helm chart and the gardener-extension-csi-driver-lvm this migration can be deployed seamlessly. Manually deployed csi-driver-lvm installations need to adapt to the new architecture and delete the existing controller stateful set. (metal-stack/csi-driver-lvm#128)
+* There are some breaking changes in the `monitoring` roles in order to make them compatible with the mini-lab. If you deployed monitoring components using this role, please review the changes of introduced in metal-stack/metal-roles#502 and adapt your deployment parameters accordingly. (metal-stack/metal-roles#502)
+* connect.OutBand now requires to specify a connection timeout for redfish calls, if nil is specified it defaults to 10secs. (metal-stack/go-hal#82)
+## Actions Required
+- In case you set the `NodeAgentAuthorizer` feature gate on the gardenlet, this now has to be removed.
+## Component Releases
+### oci-mirror v0.2.9
+* Update go modules and gh actions (metal-stack/oci-mirror#19) @majst01
+### metal-core v0.15.1
+* Fix waitgroup panics with negative counter (metal-stack/metal-core#179) @majst01
+### ansible-common v0.8.0
+* Allow login with cosign. (metal-stack/ansible-common#43) @Gerrit91
+* Add missing documentation on `helm_additional_params`. (metal-stack/ansible-common#45) @Gerrit91
+### metal-deployment-base v0.9.1
+* Bump metal stack release vector plugin. (metal-stack/metal-deployment-base#47) @Gerrit91
+### csi-driver-lvm v0.8.2
+* Install kustomize to local bin. (metal-stack/csi-driver-lvm#146) @Gerrit91
+* Fix eviction controller evicts volume on VPA eviction (metal-stack/csi-driver-lvm#145) @Gerrit91
+* Add warning admonition on working with local data. (metal-stack/csi-driver-lvm#143) @Gerrit91
+### metal-api v0.43.0
+* Provide splunk audit configuration. (metal-stack/metal-api#641) @Gerrit91
+* Provide reason field for retrieving VPN auth key. (metal-stack/metal-api#640) @Gerrit91
+* Use newer approach to use sync.WaitGroup which prevents leaking counters (metal-stack/metal-api#637) @majst01
+* Include consolepassword endpoint into auditing. (metal-stack/metal-api#638) @Gerrit91
+### helm-charts v0.5.4
+* Sync csi-driver-lvm chart to `v0.8.2` (metal-stack/helm-charts#146) @Gerrit91
+* Add splunk audit configuration for metal-api. (metal-stack/helm-charts#144) @Gerrit91
+### metalctl v0.18.4
+* Allow field to provide a reason for a VPN key. (metal-stack/metalctl#293) @Gerrit91
+* Update to go-1.25 (metal-stack/metalctl#291) @majst01
+* fix issue where binary name was missing in generated sbom (metal-stack/metalctl#290) @mac641
+### gardener-extension-audit v0.5.0
+* Move S3 secret key ref constants to public API package. (metal-stack/gardener-extension-audit#72) @Gerrit91
+* Prevent `blocking-strict` with cluster-forwarding backend. (metal-stack/gardener-extension-audit#71) @Gerrit91
+### gardener-extension-provider-metal v0.27.4
+* Revendor g/g v1.123. (metal-stack/gardener-extension-provider-metal#486) @Gerrit91
+### metal-roles v0.18.4
+* Adaptions for running monitoring in the mini-lab (metal-stack/metal-roles#502) @ostempel
+* Configurable vali storage capacity (metal-stack/metal-roles#516) @simcod
+* Add splunk audit configuration for metal-api. (metal-stack/metal-roles#514) @Gerrit91
+* Frr reload on all sonic switches (metal-stack/metal-roles#479) @iljarotar
+* Fix wrong `metal_registry_url` name (metal-stack/metal-roles#515) @AnnaSchreiner
+* Zitadel role: some leftovers from the last review. (metal-stack/metal-roles#505) @Gerrit91
+* Add configurable `metal_registry_url` (metal-stack/metal-roles#509) @AnnaSchreiner
+* Make nsq tls requirement for client connections configurable (metal-stack/metal-roles#513) @AnnaSchreiner
+* Modify nsq and postgres backup restore namespace creation (metal-stack/metal-roles#511) @AnnaSchreiner
+* Monitoring promtail client configuration (metal-stack/metal-roles#518) @simcod
+* Fix promtail config when no timeout is configured. (metal-stack/metal-roles#520) @Gerrit91
+* Allow setting `shootAdminKubeconfigMaxExpiration` in `Garden` resource. (metal-stack/metal-roles#519) @Gerrit91
+* Structured authentication for Garden kube-apiserver (metal-stack/metal-roles#517) @simcod
+* feat: add envoy gateway to service clusters (for isolated clusters) (metal-stack/metal-roles#522) @mwennrich
+### api v0.0.41
+* Boot Services (metal-stack/api#83) @majst01
+### gardener-extension-ontap v0.2.12
+* Set DNS policy to Default in mutator for the trident-node-linux daemonSet (metal-stack/gardener-extension-ontap#80) @mwennrich
+# Merged Pull Requests
+This is a list of pull requests that were merged since the last release. The list does not contain pull requests from release-vector-repositories.
+
+The fact that these pull requests were merged does not necessarily imply that they have already become part of this metal-stack release.
+
+* Bump releases to version v0.22.3 (metal-stack/website#184) @metal-robot[bot]
+* Updates regarding OCI artifacts. (metal-stack/website#146) @Gerrit91
+* Register handlers by serve path. (metal-stack/metal-robot#100) @Gerrit91
+* Slight refactor of comment command exec. (metal-stack/metal-robot#101) @Gerrit91
+* fix typo in release pipeline (metal-stack/metal-images#384) @mac641
+* Bump metal-api to version v0.43.0 (metal-stack/metal-python#161) @metal-robot[bot]
+* Bump metal-api to version v0.43.0 (metal-stack/metal-go#222) @metal-robot[bot]
+* Add section on pre-releases. (metal-stack/website#187) @Gerrit91
+* Bump axios from 1.13.2 to 1.13.3 (metal-stack/website#186) @dependabot[bot]
+* Bump @scalar/api-reference-react from 0.8.27 to 0.8.34 (metal-stack/website#185) @dependabot[bot]
+* Cancel redfish calls after timeout (metal-stack/go-hal#82) @majst01
+* fix container image retag in release pipeline (metal-stack/metal-images#385) @mac641
+* fix typo in release pipeline (metal-stack/metal-images#386) @mac641
+* Updates golang base image version to 1.25.6-bookworm (metal-stack/builder#88) @thheinel
+* FOSDEM 2026 recap. (metal-stack/website#193) @Gerrit91
+* Bump axios from 1.13.3 to 1.13.4 (metal-stack/website#189) @dependabot[bot]
+* Bump @carbon/icons-react from 11.73.0 to 11.74.0 (metal-stack/website#191) @dependabot[bot]
+* fix: containerlab link in blog post (metal-stack/website#194) @vknabel
+* Bump react from 19.2.3 to 19.2.4 (metal-stack/website#188) @dependabot[bot]
+* Bump @scalar/api-reference-react from 0.8.36 to 0.8.46 (metal-stack/website#192) @dependabot[bot]
+* Update gofish and adjust for changes (metal-stack/go-hal#84) @stmcginnis
+* fix api version pinning and small ts errors (metal-stack/metal-ui#9) @ostempel
+* Update dependencies (metal-stack/firewall-controller#208) @mwennrich
+* docs: fix outdated links to metal-stack.io (metal-stack/metal-images#383) @vknabel
+* Implement gcp auth and remove unused actions in release pipeline (metal-stack/metal-images#387) @mac641
+* Gov1.25.7 (metal-stack/builder#89) @thheinel
+* size, admin not finished yet (metal-stack/cli#4) @majst01
+* Bump semver from 7.7.3 to 7.7.4 (metal-stack/website#195) @dependabot[bot]
+* Bump @scalar/api-reference-react from 0.8.46 to 0.8.52 (metal-stack/website#196) @dependabot[bot]
+* Bump axios from 1.13.4 to 1.13.5 (metal-stack/website#197) @dependabot[bot]
+* Fix gcs authentication, gcs object paths and rework tests for release pipeline (metal-stack/metal-images#388) @mac641
+* Fix log output formatting and download url links in release pipeline (metal-stack/metal-images#389) @mac641
+* build(Dockerfile): Upgrade Go version to 1.26.0 (metal-stack/builder#90) @thheinel
+* Next release (metal-stack/releases#265) @metal-robot[bot]

docs/docs/08-References/Clients/metalctl/metalctl_vpn_key.md

@@ -31,6 +31,7 @@ metalctl vpn key \
       --ephemeral        create an ephemeral key (default true)
   -h, --help             help for key
       --project string   project ID for which auth key should be created
+      --reason string    a short description why access to the vpn is required
 ```
 
 ### Options inherited from parent commands

docs/docs/08-References/Deployment/metal-images/metal-images.md

@@ -30,7 +30,7 @@ We also publish images that we need for special purposes but do not officially s
 
 ### GPU Support
 
-With the nvidia image a worker has GPU support. Please check our official documentation on [docs.metal-stack.io](https://docs.metal-stack.io/stable/overview/gpu-support/) on how to get this running on Kubernetes.
+With the nvidia image a worker has GPU support. Please check our official documentation on [docs.metal-stack.io](https://metal-stack.io/docs/gpu-workers) on how to get this running on Kubernetes.
 
 ## How new images become usable in a metal-stack partition
 
@@ -52,7 +52,7 @@ These URLs can be used to define an image at the metal-api.
 
 ## Local development and integration testing
 
-Please also refer to our documentation on docs.metal-stack.io on [Build Your Own Images](https://docs.metal-stack.io/stable/overview/os/#Building-Your-Own-Images) to check for the contract an OS image is expected to fulfill.
+Please also refer to our documentation on docs.metal-stack.io on [Build Your Own Images](https://metal-stack.io/docs/operating-systems#building-your-own-images) to check for the contract an OS image is expected to fulfill.
 
 Before you can start developing changes for metal-images or even introduce new operating systems, you should install the following tools:
 
@@ -124,4 +124,4 @@ vgchange -ay
 mount /dev/csi-lvm/varlib /var/lib/
 ```
 
-Keep in mind that you are still running on the metal-hammer kernel, which is different from the kernel that will be run in the operating system after provisioning. For further information on the metal-stack machine provisioning sequence, check out documentation on [docs.metal-stack.io](https://docs.metal-stack.io/stable/overview/architecture/#Machine-Provisioning-Sequence). The kernel used by the metal-hammer is built on our own inside the [kernel repository](https://github.com/metal-stack/kernel).
+Keep in mind that you are still running on the metal-hammer kernel, which is different from the kernel that will be run in the operating system after provisioning. For further information on the metal-stack machine provisioning sequence, check out documentation on [docs.metal-stack.io](https://metal-stack.io/docs/architecture/#Machine-Provisioning-Sequence). The kernel used by the metal-hammer is built on our own inside the [kernel repository](https://github.com/metal-stack/kernel).

docs/docs/08-References/Partition/go-hal/go-hal.md

@@ -17,22 +17,22 @@ package main
 
 import (
     "fmt"
-    "github.com/metal-stack/go-hal/detect"
+    "github.com/metal-stack/go-hal/connect"
 )
 
 func main() {
-    smcInBand, err := detect.ConnectInBand()
+    ib, err := connect.InBand()
     if err != nil {
         panic(err)
     }
 
-    firmware, err := smcInBand.Firmware()
+    firmware, err := ib.Firmware()
     if err != nil {
         panic(err)
     }
     fmt.Println(firmware)
     // UEFI
 
-    err = smcInBand.PowerOff()
+    err = ib.PowerOff()
 }
 ```

scripts/components.json

@@ -7,7 +7,7 @@
         "releasePath": "binaries.metal-stack.metalctl.version",
         "repo": "metal-stack/metalctl",
         "branch": "main",
-        "tag": "v0.18.3",
+        "tag": "v0.18.4",
         "position": 1,
         "withDocs": true
       }
@@ -48,7 +48,7 @@
         "releasePath": "docker-images.metal-stack.control-plane.metal-api.tag",
         "repo": "metal-stack/metal-api",
         "branch": "main",
-        "tag": "v0.42.5",
+        "tag": "v0.43.0",
         "position": 4,
         "withDocs": false
       },
@@ -89,7 +89,7 @@
         "releasePath": "docker-images.metal-stack.partition.metal-core.tag",
         "repo": "metal-stack/metal-core",
         "branch": "main",
-        "tag": "v0.15.0",
+        "tag": "v0.15.1",
         "position": 3,
         "withDocs": false
       },
@@ -235,7 +235,7 @@
         "releasePath": "docker-images.metal-stack.gardener.gardener-extension-audit.tag",
         "repo": "metal-stack/gardener-extension-audit",
         "branch": "main",
-        "tag": "v0.4.2",
+        "tag": "v0.5.0",
         "position": 1,
         "withDocs": false
       },
@@ -253,7 +253,7 @@
         "releasePath": "docker-images.metal-stack.gardener.gardener-extension-ontap.tag",
         "repo": "metal-stack/gardener-extension-ontap",
         "branch": "main",
-        "tag": "v0.2.11",
+        "tag": "v0.2.12",
         "position": 3,
         "withDocs": false
       },

src/version.json

@@ -1 +1 @@
-{"version": "v0.22.3"}
+{"version": "v0.22.4"}

versioned_docs/version-v0.22.4/contributing/01-Proposals/MEP1/Distributed.drawio

@@ -0,0 +1 @@
+<mxfile host="www.draw.io" modified="2020-01-13T13:05:59.591Z" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) snap Chromium/79.0.3945.79 Chrome/79.0.3945.79 Safari/537.36" etag="Pcrs69XaZ4sZO_cn817q" version="12.5.1" type="device"><diagram name="Page-1" id="c4acf3e9-155e-7222-9cf6-157b1a14988f">7V3bcts2EP0aP8pDgPfH2ImbziRTt+m0zVMHpmCJMUUoFG1L/fqC4kUkAEoULwDkRC8WIBIkF2d3z+6C8JV5u9r+kqD18jOZ4+gKGvPtlfn+CtKPY9M/Wc8u7/FtM+9YJOE87wKHji/hf7joNIre53CON40DU0KiNFw3OwMSxzhIG30oSchr87BHEjWvukYLzHV8CVDE9/4dztNl3uvZxqH/Iw4Xy/LKwCh+eUDB0yIhz3FxvStoPu4/+c8rVI5VHL9Zojl5rXWZH67M24SQNP+22t7iKJNtKbb8vLuWX6v7TnCcdjkhWVoPJP5zF3/w/trOvG+vv70+z4rJe0HRMy4fw4noeDePhA5L5YmC/Afn+3N2pzcfcfSC0zBAh67s4dJd1DwuO3+22U/3O3oAgOtt/Qxnkf29R0kapiGJy6vS288vnP9eSK4aHFIhrrOvz6voLkEr+vXmdRmm+Ms6v89XClLat0xXEW0B+nU/QziTgUFb1SRkjYCswqD4HqEHHN1UU3pLIpLQn2ISZ9fYpAl5qvABise7Q6swymD/F07mKEZFd4FxkA2LonAR00ZAJwkn1RO94CTF29aJBBU8qNphssJpsqOHFCfMbLeAVKFywC0x+VpDcNm3rKHX9opOVGjNohr9gBz6pQDPGUACkEPSBif0OWkfHGEayyfzMqlWj2QaI4kUcCK1eJGajkikYASRrrboX/K79Qh+vYe77+Ef8RMBM4+TaECCp4SgYClDoJz0BDJuF6jFCNQ0O8oTGiPI055D4NsPc8+Yo0cAwMy0OJHhOfUDRZMk6ZIsSIyiD4dexnTUZDdHm+W+H3SwHNTE3YXZne5HwfH8Xea1souucZz3NH+v24+OZqZ1xrKHPDpfCY5QGr40naFI9PtT6a2jXe2ANQnjdFMb+T7rOMDAAoxaGdBvOqkzT6Bf8nsQn256LadXd7whz0mAi9MYQFVi6a+zrsCfDsTd4ZhPhKwL0H3DaborEICeU9LE5x50JcyCCG02mZ9rYBEcQ00upCOPWdAGOt4Cp0eOc8ZG4SCDypOdmkE1ADdTpVGlPGFNtTkTUuXQI/yYNTfUvobx4tO+9d50xrKeVhPHlsDBAyiwns5Uzsg5Krt2Dy9fdpUMVMgOuCh4QLZredg2fedhBji5MQT7bObckZJzBNt498OQ7HKm3Wm4jW0zXsbmEWaL6LdlTqWegLdesv1MC+Hp72T8SSgMxxkoN2yhquUYuZubjDP4nImgI6JohtahRmbVYsxqlcBR5pLKkPMtYb4U6uSgh23xmSTQlw9aRz3apJmNT5FGsIeedrA3j1ExzfMC0G6BnZS0gFieloCivcGYDXQN2oBeURu4mLCNtRXqozZwMWEbSy80kJ0ol6ModLv5GbqNgjIuza9B5OYp9zbjs1hJoRub7qVs4tqofWBzwKkp7UUEcmx6TD2hrQrkb0gDJqq/8PUSnk8r1IAKjXoHdWx2XQMVgAKuwerEoXLIhAd8dw3neBum/2R4vva8ovl137SL1vttgfZ9Y1dr3OMkpM+X+eWiNkmfNR8LOGW7NljWPIy2b+3qLXa8TurVllE/Hca4HVWw4fv5SS/7hmZc2KyxYzNoailNCkYymJHY2HhqNb/kDAS3MgFUpFBdDgL+IDkI2DUHAfXKQcCLyUFwpWMABSuZJHu3i8lCcMVjHaR3Mg8hbY3mzxLyVCVkv3Miwp0MZ9omIg4UtuSsX2vkVsxfB/goVXXnAxGRxeMuImHBEzZDoCxybXKZDdRPV/rj3pSUsuBKz9Jxb15GmoKiTD/g84mKywn9gK9f5GfysbRy0zJF5FcuwD8Z+Zn22GZo2PzwkbmmkV/1opk+oYt5PGzWKPCzWFOrgfD4qPln/fnC4z4AtAv7LNEKddYB/Zilh6PpmNOOrGsKU1H9AVg+g6neBQhQJR0lMXhLVIGIN4QCVhuXwr9TKqTvIm2fzKdYGr6f1vqiZKXxdkPhT6h7f822Or/VZnXU7IEqa9sN/Hjsy9tTKxmfHvoJlrPB4koCi8nSf8Pyr53Dx5WLHZ75o3V4nacX6ewFT9ch0chWM6badQSW2pVpqUvd11DXpGbj7dELwS3qw754LjspafPhnobJeMC9YK88Jeko8Uo1j+Oe5XL0UzGna0RTsu7JKwSA8WU+u8fKxLs4OKauxrd1lk/zEElvFtpmv7k7OdCe0Hjm4WNLtc8Onwiu7POMzn2WW9DGTHM1U19Q6QCmVDMtWgS0D9mv12WmcfZwiiHS50+bWjOCtNglU1WgVRMWFMXpk70U4vBxOi8spERYM2hoJy1tV64McMqSVqFwhQ/ZvNfhsww6FuNN/RahlHekcxKUyxSrz4G6auOFqtGtejEtKZS31o0tfPVlhTPTsBlEWdkrTwda6HQyX+fuZMc/QQHa9hvltrLzGmc0t7IbbQM6vjKSJd6Uswb2VU31rMG9JELP5l3U83lXSYJSiRmdPPdosablaKDb1VTyywfdPgH0uZaSf5rjhpJbBi3HTvLhaNNOqglF2bWxUs2keGNnTk7Vvs7ti9+02dfZZsEld19noUQhJ1EVlvSsFZ+MBTwZ0gqfu2AmdVIqPM4aaGQHTc7RV1tHXu45ENoMvxRuZjJZRNo+c5KWew4SHrcBgHLRqdkEY0TtFhSRhMf5KrUb8gost1bYY3WK1NnJNxdUNT181nuaEvi4hhf4ULn1UJvTOrcG3r++PYoy+BehDNLy4sO0wWTLtOq1QZMdPUdELOjKnZUittxtUpkVgr2sEKjZoNKSyTBDnSd1aEDUK43DRheGb9cBcvL4MhvZdrx7/PjBWZ+jIq9ZBmo4E7KlkqHgNUH+2tGpF1rVcw4otfwoliX//6mUqH/FJdzuZKI3cxlT/btycqX5EMGmlhdKNaESrtl5lod67l5GnjPC7P+QZIuaFjx+xkRmmw8ML8Jss2km9Ua73GjuMhIgvWz7iMor2q7uCEDHXzbB/vMJg90zcrzFWWIB6OHjVUwpHDqlw/SUf39Kx1QYYMtr6oN/qDoI7ctPFJm4zpnhiUycrdrECZLOGubZ9FO0Mu/3hnxD18SwWtdwZNe+KdatjVws8UTAtaQCF7414JYb2p0mNbZK5Ir23dMXuRy38UT/JmAk5NJmQrLtlw6uLUHr5Wcyx9kR/wM=</diagram></mxfile>