From 3f804b040f8e7cb27f9fc1ee52cf1f46833c5c52 Mon Sep 17 00:00:00 2001 From: Yolean k8s-qa Date: Thu, 7 May 2026 10:20:14 +0000 Subject: [PATCH 1/5] y-cluster: pin v0.3.7 -> v0.4.0, y-k8s-ingress-hosts direct GatewayClass walk Two changes that land together because the script change requires the appliance contract introduced in v0.4.0 (Yolean/y-cluster#19): 1. bin/y-k8s-ingress-hosts: add a direct GatewayClass walk between the existing Gateway-hop step and the legacy override-ip fallback. Enumerates GatewayClasses, collects those carrying yolean.se/dns-hint-ip, dedupes IPs. Exactly one distinct IP -> use it. More than one -> warn with the = conflict list and fall through (operator can disambiguate via --host-ip). Zero -> fall through. The consumer-Gateway shape still resolves via the original step. Use case: y-cluster's appliance flow doesn't fit the original shape -- the provisioner installs a GatewayClass with the annotation but no ystack-namespaced Gateway exists, so the walk fell through and the underlying bin defaulted to the Gateway's status address (typically 10.0.2.15 on a qemu SLIRP setup). 2. y-cluster pin v0.3.7 -> v0.4.0 in bin/y-bin.runner.yaml and the y-kustomize Deployment image. v0.4.0 is the release that lands the appliance primitives the script change consumes. Image digest verified via `crane digest ghcr.io/yolean/y-cluster:v0.4.0`. sha256 sums copied from the release's checksums.txt. Co-Authored-By: Claude Opus 4.7 (1M context) --- bin/y-bin.runner.yaml | 10 ++--- bin/y-k8s-ingress-hosts | 49 ++++++++++++++++++++----- y-kustomize/y-kustomize-deployment.yaml | 2 +- 3 files changed, 45 insertions(+), 16 deletions(-) diff --git a/bin/y-bin.runner.yaml b/bin/y-bin.runner.yaml index 46526e11..fd2c61d3 100755 --- a/bin/y-bin.runner.yaml +++ b/bin/y-bin.runner.yaml @@ -156,14 +156,14 @@ cue: path: cue cluster: - version: 0.3.7 + version: 0.4.0 templates: download: https://github.com/Yolean/y-cluster/releases/download/v${version}/y-cluster_v${version}_${os}_${arch} sha256: - darwin_amd64: 8b46a3e771a4afc1da855a6cb22f7729bce5b8f09f1b53ab7c02d0d20068b15d - darwin_arm64: b220ffd5062e6de3b55d84d2dbb489977ec84517553d48880735a44dd7a0a961 - linux_amd64: 7c0c97efc6fa3689d6eeb00a7c3a0f1ec9ad4e02d8cc0373434e880d4b807727 - linux_arm64: 224fb614edfd840e4f06488cc2b51e911286352e2ddb1e724fe9861c71707a2b + darwin_amd64: a1d70198db9bda0ac02a2a1820db88b7efe40a3eea6ef16c875e67479f3cf495 + darwin_arm64: 3835d80062788fff6f346ef24cd2927816abd5ba7877d40f7f8c58aad9f19729 + linux_amd64: 38effa1127ea5d5eea354ffe74c05cb9ff5be7c91cd3bb2bbd78597ddd82aa7f + linux_arm64: d313a90d6ff6deb8d5a3733ca48e285c1a39adbc146b3af7e64ca12963a12949 contain: version: 0.9.1 diff --git a/bin/y-k8s-ingress-hosts b/bin/y-k8s-ingress-hosts index 02601d99..6405bfae 100755 --- a/bin/y-k8s-ingress-hosts +++ b/bin/y-k8s-ingress-hosts @@ -26,13 +26,16 @@ Flags: the GatewayClass yolean.se/dns-hint-ip annotation) -h, --help show this help -If --host-ip is not given, resolution walks - Gateway/ystack.ystack -> spec.gatewayClassName -> GatewayClass - -> metadata.annotations[yolean.se/dns-hint-ip] -which y-cluster provision stamps when the host forwards guest:80. -The legacy yolean.se/override-ip annotation on Gateway/ystack.ystack -is consulted as a fallback for clusters provisioned before that -contract landed. +If --host-ip is not given, resolution walks (in order): + 1. Gateway/ystack.ystack -> spec.gatewayClassName -> GatewayClass + metadata.annotations[yolean.se/dns-hint-ip] + 2. Any GatewayClass carrying yolean.se/dns-hint-ip (used when no + consumer Gateway/ystack.ystack exists, e.g. y-cluster's + appliance flow where the GatewayClass is the only artefact). + 3. Gateway/ystack.ystack metadata.annotations[yolean.se/override-ip] + (legacy, pre-dates the dns-hint-ip contract). +y-cluster provision stamps the dns-hint-ip annotation when the +host forwards guest:80. EOF exit 0 ;; --context=*) CTX="${1#*=}"; shift ;; @@ -60,9 +63,14 @@ kubectl config view --raw --minify --context="$CTX" --request-timeout=5s > "$CON # Resolve the host-side dial IP, in priority order: # 1. --host-ip flag (or Y_HOST_IP env) -# 2. Provisioner-published annotation on the GatewayClass (per -# specs/ystack/CHANGE_REQUEST_HINT_IP.md) -# 3. Legacy yolean.se/override-ip annotation on the consumer Gateway +# 2. Gateway/ystack.ystack -> GatewayClass -> yolean.se/dns-hint-ip +# (per specs/ystack/CHANGE_REQUEST_HINT_IP.md; this is the +# consumer-installs-ystack-Gateway shape, e.g. checkit) +# 3. Any GatewayClass carrying yolean.se/dns-hint-ip directly. +# Picks up the y-cluster appliance shape, where the +# provisioner stamps the annotation on the GatewayClass it +# installs but no consumer Gateway/ystack.ystack exists yet. +# 4. Legacy yolean.se/override-ip annotation on the consumer Gateway # The resolved value is fed to the underlying Go binary as # `-override-ip `, which still names the override flag in the # k8s-ingress-hosts v0.5.x release. @@ -78,6 +86,27 @@ if [ -z "$HOST_IP" ]; then fi fi fi +# Direct GatewayClass walk: emit `=` for every +# GatewayClass that carries the annotation, then dedupe IPs. Any +# count !=1 of distinct IPs is treated as ambiguous -- the operator +# disambiguates with --host-ip. Single-cluster setups (the common +# case) collapse to one line and one IP. +if [ -z "$HOST_IP" ]; then + HINT_LIST=$(kubectl --context="$CTX" --request-timeout=5s get gatewayclass \ + -o go-template='{{range .items}}{{$ip := index .metadata.annotations "yolean.se/dns-hint-ip"}}{{if $ip}}{{.metadata.name}}={{$ip}}{{"\n"}}{{end}}{{end}}' \ + 2>/dev/null || true) # y-script-lint:disable=or-true # no GatewayClasses is a normal pre-install state + DISTINCT_IPS=$(echo "$HINT_LIST" | awk -F= 'NF==2 && $2!="" {print $2}' | sort -u) + IP_COUNT=$(echo "$DISTINCT_IPS" | grep -c .) + if [ "$IP_COUNT" = "1" ]; then + HOST_IP="$DISTINCT_IPS" + GC_NAME=$(echo "$HINT_LIST" | awk -F= 'NF==2 && $2!="" {print $1; exit}') + echo "# Using host-ip=$HOST_IP from GatewayClass/$GC_NAME yolean.se/dns-hint-ip (direct)" + elif [ "$IP_COUNT" -gt 1 ]; then + echo "# warn: multiple GatewayClasses carry yolean.se/dns-hint-ip with different values:" >&2 + echo "$HINT_LIST" | sed 's/^/# /' >&2 + echo "# pass --host-ip to disambiguate; falling through to legacy resolution" >&2 + fi +fi if [ -z "$HOST_IP" ]; then HOST_IP=$(kubectl --context="$CTX" --request-timeout=5s -n ystack get gateway ystack \ -o jsonpath='{.metadata.annotations.yolean\.se/override-ip}' 2>/dev/null || true) # y-script-lint:disable=or-true # legacy annotation is best-effort diff --git a/y-kustomize/y-kustomize-deployment.yaml b/y-kustomize/y-kustomize-deployment.yaml index 30adc1f7..14a8eeb9 100644 --- a/y-kustomize/y-kustomize-deployment.yaml +++ b/y-kustomize/y-kustomize-deployment.yaml @@ -20,7 +20,7 @@ spec: runAsUser: 65532 containers: - name: y-kustomize - image: ghcr.io/yolean/y-cluster:v0.3.7@sha256:4b1bb1202e2318de403c1254629fad6e7bac6a26e71ece9fd8eff2ce00891200 + image: ghcr.io/yolean/y-cluster:v0.4.0@sha256:b603ea16d3ec08ce63270e42959ee1610551d5a84b73e3aa61c3a24c22483a33 command: ["/usr/local/bin/y-cluster"] args: - serve From 59a5de0291e8386684f1bc59d74d46dea22a5f00 Mon Sep 17 00:00:00 2001 From: Yolean k8s-qa Date: Thu, 7 May 2026 10:18:58 +0000 Subject: [PATCH 2/5] y-cluster: pin v0.4.0 -> v0.4.1 Bumps host bin (bin/y-bin.runner.yaml) and the in-cluster y-kustomize Deployment image. v0.4.1 adds a gateway-state json subcommand (Yolean/y-cluster#20) and an appliance-primitives followup (Yolean/y-cluster#21) -- the released form of the v0.4.1-dev stub previously carried on this branch. Image digest verified via `crane digest ghcr.io/yolean/y-cluster:v0.4.1`. sha256 sums copied from the release's checksums.txt. --- bin/y-bin.runner.yaml | 10 +++++----- y-kustomize/y-kustomize-deployment.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bin/y-bin.runner.yaml b/bin/y-bin.runner.yaml index fd2c61d3..071fe91f 100755 --- a/bin/y-bin.runner.yaml +++ b/bin/y-bin.runner.yaml @@ -156,14 +156,14 @@ cue: path: cue cluster: - version: 0.4.0 + version: 0.4.1 templates: download: https://github.com/Yolean/y-cluster/releases/download/v${version}/y-cluster_v${version}_${os}_${arch} sha256: - darwin_amd64: a1d70198db9bda0ac02a2a1820db88b7efe40a3eea6ef16c875e67479f3cf495 - darwin_arm64: 3835d80062788fff6f346ef24cd2927816abd5ba7877d40f7f8c58aad9f19729 - linux_amd64: 38effa1127ea5d5eea354ffe74c05cb9ff5be7c91cd3bb2bbd78597ddd82aa7f - linux_arm64: d313a90d6ff6deb8d5a3733ca48e285c1a39adbc146b3af7e64ca12963a12949 + darwin_amd64: 440f5f5a4f183c5fa222d1796fd1ac6a688c89bf58de4d80e16c186d699007cd + darwin_arm64: b14d9fa245b456c12cf1eaafbcde52e3ec748150c9323a1f98caae08a0342e36 + linux_amd64: 6a24c027444d99245d18f7793e157bbee3a6cbeb0b166e430d4b215958bc9032 + linux_arm64: 27b04cbf5f6de2a3dcda85c418275f6464f4458380b33cef9c2a7788172438af contain: version: 0.9.1 diff --git a/y-kustomize/y-kustomize-deployment.yaml b/y-kustomize/y-kustomize-deployment.yaml index 14a8eeb9..6315ed2f 100644 --- a/y-kustomize/y-kustomize-deployment.yaml +++ b/y-kustomize/y-kustomize-deployment.yaml @@ -20,7 +20,7 @@ spec: runAsUser: 65532 containers: - name: y-kustomize - image: ghcr.io/yolean/y-cluster:v0.4.0@sha256:b603ea16d3ec08ce63270e42959ee1610551d5a84b73e3aa61c3a24c22483a33 + image: ghcr.io/yolean/y-cluster:v0.4.1@sha256:e1ac555b3ff18d5943fcdaa6390def4b471817efbfcb972e46ce5c74174630ef command: ["/usr/local/bin/y-cluster"] args: - serve From 47069461ca4afcf74aa04436672e40fa945aca80 Mon Sep 17 00:00:00 2001 From: Yolean k8s-qa Date: Thu, 7 May 2026 11:04:33 +0000 Subject: [PATCH 3/5] adds a note for this use of || echo warning --- k3s/20-gateway/yconverge.cue | 1 + k3s/29-y-kustomize/yconverge.cue | 1 + 2 files changed, 2 insertions(+) diff --git a/k3s/20-gateway/yconverge.cue b/k3s/20-gateway/yconverge.cue index 3bf5f310..2069cfae 100644 --- a/k3s/20-gateway/yconverge.cue +++ b/k3s/20-gateway/yconverge.cue @@ -13,6 +13,7 @@ _dep_ns: namespace_ystack.step step: verify.#Step & { checks: [ + // TODO pending https://github.com/Yolean/y-cluster/issues/11 { kind: "exec" command: "y-k8s-ingress-hosts --context=$CONTEXT -write || echo 'WARNING: /etc/hosts update failed (may need manual sudo)'" diff --git a/k3s/29-y-kustomize/yconverge.cue b/k3s/29-y-kustomize/yconverge.cue index 71319214..986aa6b6 100644 --- a/k3s/29-y-kustomize/yconverge.cue +++ b/k3s/29-y-kustomize/yconverge.cue @@ -12,6 +12,7 @@ step: verify.#Step & { checks: [ // /etc/hosts must be updated before the /health probe -- the probe // resolves "y-kustomize" via the file we just wrote. + // TODO pending https://github.com/Yolean/y-cluster/issues/11 { kind: "exec" command: "y-k8s-ingress-hosts --context=$CONTEXT -write || echo 'WARNING: /etc/hosts update failed (may need manual sudo)'" From dda1841ecfca6ba91effdb12eed2fd266fddb395 Mon Sep 17 00:00:00 2001 From: Staffan Olsson Date: Fri, 8 May 2026 17:58:28 +0200 Subject: [PATCH 4/5] turborepo fork adds another cache invalidation rule see https://github.com/solsson/turbo/pull/3 --- bin/y-bin.runner.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/bin/y-bin.runner.yaml b/bin/y-bin.runner.yaml index 071fe91f..fdf85d47 100755 --- a/bin/y-bin.runner.yaml +++ b/bin/y-bin.runner.yaml @@ -123,14 +123,14 @@ esbuild: path: package/bin/esbuild turbo: - version: 2.9.5-hashdepends.1 + version: 2.9.10-hashdepends.2 templates: download: https://github.com/solsson/turbo/releases/download/v${version}/turbo-${os}-${arch} sha256: - darwin_amd64: 45ca441c683ec728d35056406de588b3d40dfbee0d2c6f2e1b5cf36c9b826843 - darwin_arm64: c866d3f6ac4dc89233775cab233bdf886c0bc8f027cdeba96a897b0f90c7a5f8 - linux_amd64: ac3b3ea6db7bf1b59ae7ac0024a0af649fc5543fac70aae2e4785ed8a4f0a27b - linux_arm64: c5f746d9a1a1628900ac464bb4af989c60a0e888898f68474ee58548fce4b690 + darwin_amd64: dc40b453579a7944d440b7dba6f1a47f1c15751713e860a49221bb45f845058a + darwin_arm64: e0e6ff9ff079757325b73e80ce9722ab728d07113b423e477db04052d5040581 + linux_amd64: f173eaea91b52d5eeeaaf7c384383a2aabad456ee660c2882af64760d2a0adf0 + linux_arm64: 2e846b20575759ce2833167b09e35caf5ce216587e52c297cd2774f81efd5f87 yarn: version: 0.2.1 From 3c32693700436eed28df9ee2abc0c20991516e94 Mon Sep 17 00:00:00 2001 From: Yolean k8s-qa Date: Tue, 12 May 2026 11:02:47 +0000 Subject: [PATCH 5/5] y-cluster v0.4.1 -> v0.4.5 Bumps host bin (bin/y-bin.runner.yaml) and the in-cluster y-kustomize Deployment image across four consecutive y-cluster releases: - v0.4.2: `images load` accepts remote refs (Yolean/y-cluster#22) - v0.4.3: fix `images load` for digest-only refs (Yolean/y-cluster#23) - v0.4.4: `images list --context=` subcommand (Yolean/y-cluster#24) and tunable Gateway API resource requests (Yolean/y-cluster#25) - v0.4.5: re-fix digest-only image tagging and gateway resource requests (Yolean/y-cluster#26) Image digest verified via `crane digest ghcr.io/yolean/y-cluster:v0.4.5`. sha256 sums copied from v0.4.5's checksums.txt. --- bin/y-bin.runner.yaml | 10 +++++----- y-kustomize/y-kustomize-deployment.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bin/y-bin.runner.yaml b/bin/y-bin.runner.yaml index fdf85d47..d052f118 100755 --- a/bin/y-bin.runner.yaml +++ b/bin/y-bin.runner.yaml @@ -156,14 +156,14 @@ cue: path: cue cluster: - version: 0.4.1 + version: 0.4.5 templates: download: https://github.com/Yolean/y-cluster/releases/download/v${version}/y-cluster_v${version}_${os}_${arch} sha256: - darwin_amd64: 440f5f5a4f183c5fa222d1796fd1ac6a688c89bf58de4d80e16c186d699007cd - darwin_arm64: b14d9fa245b456c12cf1eaafbcde52e3ec748150c9323a1f98caae08a0342e36 - linux_amd64: 6a24c027444d99245d18f7793e157bbee3a6cbeb0b166e430d4b215958bc9032 - linux_arm64: 27b04cbf5f6de2a3dcda85c418275f6464f4458380b33cef9c2a7788172438af + darwin_amd64: 2e0fe150b581d85bdde8fb794533491d00a958f16674bb38c159e5280a83caa8 + darwin_arm64: e1cb12fd454c9479387abdfdc5b9ff5a31a2f2bfd3d2e49a42e07e2592c7a281 + linux_amd64: f1992af6140a59c03a2cbc8a9fc1e55ab25c0edfcdb20160b8392ba21349a346 + linux_arm64: 563edbcdeb402f57937c2e7c2865bf3ac1c97692a850c0ca48bcbf0494dcda7f contain: version: 0.9.1 diff --git a/y-kustomize/y-kustomize-deployment.yaml b/y-kustomize/y-kustomize-deployment.yaml index 6315ed2f..d6e2b047 100644 --- a/y-kustomize/y-kustomize-deployment.yaml +++ b/y-kustomize/y-kustomize-deployment.yaml @@ -20,7 +20,7 @@ spec: runAsUser: 65532 containers: - name: y-kustomize - image: ghcr.io/yolean/y-cluster:v0.4.1@sha256:e1ac555b3ff18d5943fcdaa6390def4b471817efbfcb972e46ce5c74174630ef + image: ghcr.io/yolean/y-cluster:v0.4.5@sha256:ba5052b1d884447d0ba8d0869447d9e874442c79d7eccfbe12621ac091678650 command: ["/usr/local/bin/y-cluster"] args: - serve