fix: qualify Flux HelmChart bootstrap resources

2026-04-24 10:47:13 +00:00
parent 1f465cc0c1
commit 68b293efe4
3 changed files with 24 additions and 19 deletions
@@ -270,7 +270,7 @@ jobs:
            kubectl -n flux-system get kustomizations,helmrepositories,helmcharts,helmreleases || true
            kubectl -n flux-system describe kustomization addon-external-secrets || true
            kubectl -n flux-system describe helmrepository external-secrets || true
-            kubectl -n flux-system describe helmchart flux-system-external-secrets || true
+            kubectl -n flux-system describe helmchart.source.toolkit.fluxcd.io flux-system-external-secrets || true
            kubectl -n flux-system describe helmrelease external-secrets || true
            kubectl -n external-secrets get pods -o wide || true
          }
@@ -283,7 +283,7 @@ jobs:

            kubectl -n flux-system get helmrepositories,helmcharts,helmreleases || true
            kubectl -n flux-system describe helmrepository "${repo_name}" || true
-            kubectl -n flux-system describe helmchart "${chart_name}" || true
+            kubectl -n flux-system describe helmchart.source.toolkit.fluxcd.io "${chart_name}" || true
            kubectl -n flux-system describe helmrelease "${release_name}" || true
            kubectl -n "${target_namespace}" get pods -o wide || true
          }
@@ -306,10 +306,10 @@ jobs:

            wait_for_resource flux-system "helmchart.source.toolkit.fluxcd.io/${chart_name}" 600
            reconcile_at="$(date +%s)"
-            kubectl -n flux-system annotate "helmchart/${chart_name}" reconcile.fluxcd.io/requestedAt="${reconcile_at}" --overwrite
+            kubectl -n flux-system annotate "helmchart.source.toolkit.fluxcd.io/${chart_name}" reconcile.fluxcd.io/requestedAt="${reconcile_at}" --overwrite
            kubectl -n flux-system annotate "helmrelease/${release_name}" reconcile.fluxcd.io/requestedAt="${reconcile_at}" --overwrite

-            if ! kubectl -n flux-system wait --for=condition=Ready "helmchart/${chart_name}" --timeout="${chart_timeout}"; then
+            if ! kubectl -n flux-system wait --for=condition=Ready "helmchart.source.toolkit.fluxcd.io/${chart_name}" --timeout="${chart_timeout}"; then
              flux_helm_diagnostics "${repo_name}" "${chart_name}" "${release_name}" "${target_namespace}"
              exit 1
            fi
@@ -1,15 +1,19 @@
 ---
 - name: Pre-pull Rancher images into containerd
-  command: /usr/local/bin/ctr -n k8s.io images pull {{ item }}
+  command: timeout 180s /usr/local/bin/ctr -n k8s.io images pull {{ item }}
  register: rancher_image_pull
  loop: "{{ rancher_images_to_prepull }}"
+  retries: 6
+  delay: 20
+  until: rancher_image_pull.rc == 0
  changed_when: rancher_image_pull.rc == 0
  failed_when: false

- name: Report Rancher images that did not pre-pull
+- name: Report Rancher images that did not pre-pull after retries
  debug:
    msg: >-
-      Rancher image pre-pull failed for {{ item.item }}: {{ item.stderr | default('no stderr') }}
+      Best-effort Rancher image pre-pull did not complete for {{ item.item }} after
+      {{ item.attempts | default(1) }} attempt(s): {{ item.stderr | default('no stderr') }}
  loop: "{{ rancher_image_pull.results | default([]) }}"
  loop_control:
    label: "{{ item.item }}"
@@ -13,18 +13,19 @@
    - name: Find stale devices matching reserved hostnames
      set_fact:
        stale_devices: >-
-          {{ ts_devices.json.devices | default([])
-             | selectattr('hostname', 'defined')
-             | selectattr('hostname', 'in', tailscale_reserved_hostnames)
-             | rejectattr('online', 'defined')
-             | list
-             +
-             ts_devices.json.devices | default([])
-             | selectattr('hostname', 'defined')
-             | selectattr('hostname', 'in', tailscale_reserved_hostnames)
-             | selectattr('online', 'defined')
-             | rejectattr('online', 'equalto', true)
-             | list }}
+          {{ (ts_devices.json.devices | default([])
+              | selectattr('hostname', 'defined')
+              | selectattr('hostname', 'in', tailscale_reserved_hostnames)
+              | selectattr('connectedToControl', 'defined')
+              | rejectattr('connectedToControl', 'equalto', true)
+              | list
+              +
+              ts_devices.json.devices | default([])
+              | selectattr('hostname', 'defined')
+              | selectattr('hostname', 'in', tailscale_reserved_hostnames)
+              | selectattr('online', 'defined')
+              | rejectattr('online', 'equalto', true)
+              | list) | unique(attribute='id') | list }}

    - name: Delete stale devices
      uri: