CAPI Scaleway provider for Apple Silicon 0.4.1 is available as ghcr.io/tuist/capi-provider-scaleway-applesilicon:0.4.1. This release fixes three problems that could leave runner-fleet hosts stuck or unrecoverable.
- Recovers hosts with leftover persistent PF tables. If an earlier version of the firewall bootstrap left
vm_sourcesorblocked_dsttables in a persistent state, the provider now kills them at both anchor and top-level scope and flushes the anchor, so the real ruleset loads cleanly. - Manual cleanup of machine custom resources is now race-free. Setting the standard
cluster.x-k8s.io/pausedannotation on an infrastructure CR pauses normal reconciliation while still allowing deletion to proceed, preventing an operator patch-and-delete cleanup from accidentally adopting a new pool host. - The fleet host preparation script no longer depends on
sshpass. It now relies on project-level SSH keys that Scaleway injects automatically and uses one-time passwordless sudo setup, giving clearer error recovery instructions when key injection fails.