ci: add full-node tests (#920)

diff --git a/.ansible-lint b/.ansible-lint
index b2dde88..c21cd67 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -5,10 +5,17 @@
   - charts
   - molecule
   - playbooks
+  - plugins/filter
   - roles/defaults/vars/main.yml
   - roles/kube_prometheus_stack/files/jsonnet
   - vendir.lock.yml
 
-warn_list:
+mock_roles:
+  - opendev.container_registry
+
+skip_list:
   - jinja[invalid]
   - jinja[spacing]
+  - var-naming[no-reserved]
+  - var-naming[no-role-prefix]
+  - yaml[line-length]
diff --git a/.earthlyignore b/.earthlyignore
new file mode 120000
index 0000000..3e4e48b
--- /dev/null
+++ b/.earthlyignore
@@ -0,0 +1 @@
+.gitignore
\ No newline at end of file
diff --git a/.envrc b/.envrc
index 1d953f4..3550a30 100644
--- a/.envrc
+++ b/.envrc
@@ -1 +1 @@
-use nix
+use flake
diff --git a/.github/workflows/ceph.yml b/.github/workflows/ceph.yml
deleted file mode 100644
index 143350b..0000000
--- a/.github/workflows/ceph.yml
+++ /dev/null
@@ -1,123 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: ceph
-
-on:
-  pull_request:
-    paths-ignore:
-      - images/**
-      - go.mod
-      - go.sum
-  workflow_dispatch:
-    inputs:
-      debug_enabled:
-        type: boolean
-        description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)'
-        required: false
-        default: false
-      network_backend:
-        type: choice
-        description: 'Network backend type'
-        required: true
-        default: 'ovn'
-        options:
-          - openvswitch
-          - ovn
-
-jobs:
-  debug:
-    runs-on: v3-standard-16
-    if: github.event_name == 'workflow_dispatch' && inputs.debug_enabled
-    strategy:
-      fail-fast: false
-    concurrency:
-      group: ${{ github.ref }}-${{ inputs.network_backend }}
-      cancel-in-progress: true
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Poetry
-        run: pipx install poetry
-
-      - name: Setup Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
-        with:
-          cache: poetry
-
-      - name: Install dependencies
-        run: poetry install --no-interaction --with dev
-
-      # NOTE(mnaser): LVM commands take a long time if there are any existing
-      #               loop devices created by "snapd", so we uninstall it.
-      - name: Uninstall "snapd"
-        run: sudo apt-get purge -y snapd
-
-      - name: Turn off swap
-        run: sudo swapoff -a
-
-      - name: Run Molecule Converge
-        run: poetry run molecule converge -s ceph
-        env:
-          ATMOSPHERE_NETWORK_BACKEND: ${{ inputs.network_backend }}
-
-      # Enable tmate debugging of manually-triggered workflows if the input option was provided
-      - name: Setup tmate session
-        if: ${{ failure() }}
-        uses: mxschmitt/action-tmate@a283f9441d2d96eb62436dc46d7014f5d357ac22 # v3
-        timeout-minutes: 60
-
-      - name: Run Molecule Destroy
-        run: poetry run molecule destroy -s ceph
-
-  test:
-    runs-on: v3-standard-16
-    if: github.event_name != 'workflow_dispatch' || !inputs.debug_enabled
-    strategy:
-      fail-fast: false
-      matrix:
-        network_backend:
-          - openvswitch
-          - ovn
-    concurrency:
-      group: ${{ github.ref }}-${{ matrix.network_backend }}
-      cancel-in-progress: true
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Poetry
-        run: pipx install poetry
-
-      - name: Setup Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
-        with:
-          cache: poetry
-
-      - name: Install dependencies
-        run: poetry install --no-interaction --with dev
-
-      # NOTE(mnaser): LVM commands take a long time if there are any existing
-      #               loop devices created by "snapd", so we uninstall it.
-      - name: Uninstall "snapd"
-        run: sudo apt-get purge -y snapd
-
-      - name: Turn off swap
-        run: sudo swapoff -a
-
-      - name: Run Molecule
-        run: poetry run molecule test -s ceph
-        env:
-          ATMOSPHERE_NETWORK_BACKEND: ${{ matrix.network_backend }}
diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
deleted file mode 100644
index 7a7f3a6..0000000
--- a/.github/workflows/check.yml
+++ /dev/null
@@ -1,14 +0,0 @@
-name: check
-
-on:
-  pull_request:
-
-jobs:
-  unit:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-      - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5
-        with:
-          go-version-file: go.mod
-      - run: go test -v ./...
diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
deleted file mode 100644
index f76234c..0000000
--- a/.github/workflows/docs.yml
+++ /dev/null
@@ -1,34 +0,0 @@
-name: docs
-
-on:
-  pull_request:
-    paths:
-      - 'docs/**'
-  push:
-    branches:
-      - main
-    paths:
-      - 'docs/**'
-
-permissions:
-  contents: write
-  pull-requests: write
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Earthly
-        uses: earthly/actions-setup@v1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build image
-        run: earthly --secret GITHUB_TOKEN +mkdocs-build
-        env:
-          EARTHLY_CI: true
-          EARTHLY_PUSH: "${{ github.event_name == 'push' }}"
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/image-manifest.yml b/.github/workflows/image-manifest.yml
deleted file mode 100644
index 91bd721..0000000
--- a/.github/workflows/image-manifest.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: image-manifest
-
-on:
-  pull_request:
-    paths-ignore:
-      - images/**
-      - go.mod
-      - go.sum
-
-jobs:
-  test:
-    runs-on: v3-standard-8
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Poetry
-        run: pipx install poetry
-
-      - name: Setup Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
-        with:
-          cache: poetry
-
-      - name: Install dependencies
-        run: ansible-galaxy install -r molecule/image-manifest/requirements.yml
-
-      - name: Install dependencies
-        run: poetry install --no-interaction --with dev
-
-      - name: Run Molecule
-        run: poetry run molecule test -s image-manifest
diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml
deleted file mode 100644
index 0847808..0000000
--- a/.github/workflows/images.yml
+++ /dev/null
@@ -1,87 +0,0 @@
-name: images
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-permissions:
-  packages: write
-  contents: read
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Earthly
-        uses: earthly/actions-setup@v1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Configure Earthly
-        run: |
-          mkdir -p ~/.earthly/certs
-          cat << EOF > ~/.earthly/certs/ca_cert.pem
-          ${{ secrets.EARTHLY_CA_CERT }}
-          EOF
-          cat << EOF > ~/.earthly/certs/earthly_cert.pem
-          ${{ secrets.EARTHLY_CERT }}
-          EOF
-          cat << EOF > ~/.earthly/certs/earthly_key.pem
-          ${{ secrets.EARTHLY_CERT_KEY }}
-          EOF
-          cat << EOF > ~/.earthly/config.yml
-          global:
-            buildkit_host: tcp://162.253.55.125:8372
-          EOF
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Build images
-        run: earthly +images
-        env:
-          EARTHLY_CI: true
-          EARTHLY_PUSH: "${{ github.event_name == 'push' }}"
-
-  scan:
-    runs-on: ubuntu-latest
-    needs: build
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Earthly
-        uses: earthly/actions-setup@v1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Configure Earthly
-        run: |
-          mkdir -p ~/.earthly/certs
-          cat << EOF > ~/.earthly/certs/ca_cert.pem
-          ${{ secrets.EARTHLY_CA_CERT }}
-          EOF
-          cat << EOF > ~/.earthly/certs/earthly_cert.pem
-          ${{ secrets.EARTHLY_CERT }}
-          EOF
-          cat << EOF > ~/.earthly/certs/earthly_key.pem
-          ${{ secrets.EARTHLY_CERT_KEY }}
-          EOF
-          cat << EOF > ~/.earthly/config.yml
-          global:
-            buildkit_host: tcp://162.253.55.125:8372
-          EOF
-
-      - name: Scan images
-        run: earthly +scan-images
-        env:
-          EARTHLY_CI: true
diff --git a/.github/workflows/pxc.yml b/.github/workflows/pxc.yml
deleted file mode 100644
index 6f33b7a..0000000
--- a/.github/workflows/pxc.yml
+++ /dev/null
@@ -1,46 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-name: PXC
-
-on:
-  pull_request:
-    paths-ignore:
-      - images/**
-      - go.mod
-      - go.sum
-
-jobs:
-  molecule:
-    runs-on: v3-standard-8
-    steps:
-      - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4
-
-      - name: Install Poetry
-        run: pipx install poetry
-
-      - name: Setup Python
-        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5
-        with:
-          cache: poetry
-
-      - name: Install dependencies
-        run: poetry install --no-interaction --with dev
-
-      - name: Turn off swap
-        run: sudo swapoff -a
-
-      - name: Run Molecule
-        run: poetry run molecule test -s pxc
diff --git a/.gitignore b/.gitignore
index 04b46cc..173d6f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -13,3 +13,7 @@
 *.orig
 *.rej
 .direnv
+junit.xml
+junit-go.xml
+ansible-lint.xml
+output
diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc
new file mode 100644
index 0000000..c198e0b
--- /dev/null
+++ b/.markdownlint-cli2.jsonc
@@ -0,0 +1,9 @@
+{
+  "ignores": [
+    "docs/static/*.png",
+  ],
+  "outputFormatters": [
+    [ "markdownlint-cli2-formatter-junit", { "name": "junit.xml" } ],
+    [ "markdownlint-cli2-formatter-default" ]
+  ]
+}
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 761474e..60a0756 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,12 +16,6 @@
         stages:
           - commit-msg
 
-  - repo: https://github.com/ansible/ansible-lint
-    rev: v6.13.1
-    hooks:
-      - id: ansible-lint
-        files: \.(yaml|yml)$
-
   - repo: https://github.com/psf/black
     rev: 22.8.0
     hooks:
@@ -36,9 +30,3 @@
     rev: 5.12.0
     hooks:
       - id: isort
-
-  - repo: https://github.com/igorshubovych/markdownlint-cli
-    rev: v0.32.2
-    hooks:
-      - id: markdownlint
-        args: ["--ignore=CHANGELOG.md"]
diff --git a/Earthfile b/Earthfile
index 824902f..71ba7bb 100644
--- a/Earthfile
+++ b/Earthfile
@@ -1,4 +1,91 @@
-VERSION --use-copy-link 0.7
+VERSION --use-copy-link --try 0.8
+
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
+
+lint:
+  BUILD +lint.ansible-lint
+  BUILD +lint.markdownlint
+  BUILD +lint.image-manifest
+
+lint.helm:
+  FROM alpine:3
+  RUN mkdir -p /output
+  COPY --dir charts/ /src
+  FOR CHART IN $(ls /src)
+    FOR VERSION IN $(seq 22 28)
+      COPY (+lint.helm.chart/junit.xml --CHART ${CHART} --VERSION "1.${VERSION}.0") /output/junit-helm-${CHART}-1-${VERSION}-0.xml
+    END
+  END
+  SAVE ARTIFACT /output AS LOCAL output
+
+lint.helm.chart:
+  FROM alpine:3
+  RUN apk add --no-cache git helm python3
+  RUN helm plugin install https://github.com/melmorabity/helm-kubeconform
+  RUN mkdir -p /cache /output
+  ARG --required CHART
+  COPY --dir charts/${CHART} /src
+  ARG --required VERSION
+  RUN \
+    --mount=type=cache,target=/cache \
+    helm kubeconform /src \
+      --cache /cache \
+      --schema-location default \
+      --schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
+      --ignore-missing-schemas \
+      --kube-version ${VERSION} \
+      --output junit 2> /output/junit.xml
+  SAVE ARTIFACT /output/junit.xml
+
+lint.markdownlint:
+  FROM davidanson/markdownlint-cli2
+  COPY --dir docs/ .markdownlint.yaml .markdownlint-cli2.jsonc /src
+  WORKDIR /src
+  TRY
+    RUN markdownlint-cli2 **
+  FINALLY
+    SAVE ARTIFACT /src/junit.xml AS LOCAL junit.xml
+  END
+
+lint.ansible-lint:
+  FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
+  COPY --dir meta/ molecule/ playbooks/ plugins/ roles/ tests/ .ansible-lint CHANGELOG.md galaxy.yml /code
+  TRY
+    RUN ansible-lint -v --show-relpath -f pep8 --nocolor | ansible-lint-junit -o ansible-lint.xml
+  FINALLY
+    SAVE ARTIFACT ansible-lint.xml AS LOCAL ansible-lint.xml
+  END
+
+lint.image-manifest:
+  FROM quay.io/skopeo/stable:latest
+  COPY roles/defaults/vars/main.yml /defaults.yml
+  FOR IMAGE IN $(cat /defaults.yml | grep sha256 | cut -d' ' -f4 | sort | uniq | sed 's/:[^@]*//')
+    BUILD +lint.image-manifest.image --IMAGE ${IMAGE}
+  END
+
+lint.image-manifest.image:
+  FROM quay.io/skopeo/stable:latest
+  ARG --required IMAGE
+  RUN skopeo inspect --no-tags docker://${IMAGE} >/dev/null && echo "Manifest is valid for ${IMAGE}" || echo "Manifest is not valid for ${IMAGE}"
+
+unit.go:
+  FROM golang:1.21
+  RUN go install github.com/jstemmer/go-junit-report/v2@latest
+  COPY --dir go.mod go.sum /src
+  WORKDIR /src
+  RUN go mod download
+  COPY --dir charts/ cmd/ internal/ roles/ tools/ /src
+  TRY
+    RUN go test -v 2>&1 ./... | go-junit-report -set-exit-code > junit-go.xml
+  FINALLY
+    SAVE ARTIFACT /src/junit-go.xml AS LOCAL junit-go.xml
+  END
+
+build.collection:
+  FROM registry.gitlab.com/pipeline-components/ansible-lint:latest
+  COPY . /src
+  RUN ansible-galaxy collection build /src
+  SAVE ARTIFACT /code/*.tar.gz AS LOCAL dist/
 
 go.build:
   FROM golang:1.21
@@ -27,7 +114,7 @@
     --platform=linux/amd64 \
     (+libvirt-tls-sidecar.build/main --GOARCH=$TARGETARCH --VARIANT=$TARGETVARIANT) /usr/bin/libvirt-tls-sidecar
   ENTRYPOINT ["/usr/bin/libvirt-tls-sidecar"]
-  SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/libvirt-tls-sidecar:latest
+  SAVE IMAGE --push ${REGISTRY}/libvirt-tls-sidecar:latest
 
 libvirt-tls-sidecar.image:
     BUILD --platform=linux/amd64 --platform=linux/arm64 +libvirt-tls-sidecar.platform-image
@@ -79,37 +166,37 @@
   ENV PATH=/venv/bin:$PATH
   COPY +build.collections/ /usr/share/ansible
   ARG tag=latest
-  SAVE IMAGE --push ghcr.io/vexxhost/atmosphere:${tag}
+  SAVE IMAGE --push ${REGISTRY}:${tag}
 
 images:
-  BUILD +libvirt-tls-sidecar.image
-  BUILD ./images/barbican+image
-  BUILD ./images/cinder+image
-  BUILD ./images/cluster-api-provider-openstack+image
-  BUILD ./images/designate+image
-  BUILD ./images/glance+image
-  BUILD ./images/heat+image
-  BUILD ./images/horizon+image
-  BUILD ./images/ironic+image
-  BUILD ./images/keystone+image
-  BUILD ./images/kubernetes-entrypoint+image
-  BUILD ./images/libvirtd+image
-  BUILD ./images/magnum+image
-  BUILD ./images/manila+image
-  BUILD ./images/netoffload+image
-  BUILD ./images/neutron+image
-  BUILD ./images/nova-ssh+image
-  BUILD ./images/nova+image
-  BUILD ./images/octavia+image
-  BUILD ./images/openvswitch+image
-  BUILD ./images/ovn+images
-  BUILD ./images/placement+image
-  BUILD ./images/senlin+image
-  BUILD ./images/staffeln+image
-  BUILD ./images/tempest+image
+  BUILD +libvirt-tls-sidecar.image --REGISTRY=${REGISTRY}
+  BUILD ./images/barbican+image --REGISTRY=${REGISTRY}
+  BUILD ./images/cinder+image --REGISTRY=${REGISTRY}
+  BUILD ./images/cluster-api-provider-openstack+image --REGISTRY=${REGISTRY}
+  BUILD ./images/designate+image --REGISTRY=${REGISTRY}
+  BUILD ./images/glance+image --REGISTRY=${REGISTRY}
+  BUILD ./images/heat+image --REGISTRY=${REGISTRY}
+  BUILD ./images/horizon+image --REGISTRY=${REGISTRY}
+  BUILD ./images/ironic+image --REGISTRY=${REGISTRY}
+  BUILD ./images/keystone+image --REGISTRY=${REGISTRY}
+  BUILD ./images/kubernetes-entrypoint+image --REGISTRY=${REGISTRY}
+  BUILD ./images/libvirtd+image --REGISTRY=${REGISTRY}
+  BUILD ./images/magnum+image --REGISTRY=${REGISTRY}
+  BUILD ./images/manila+image --REGISTRY=${REGISTRY}
+  BUILD ./images/netoffload+image --REGISTRY=${REGISTRY}
+  BUILD ./images/neutron+image --REGISTRY=${REGISTRY}
+  BUILD ./images/nova-ssh+image --REGISTRY=${REGISTRY}
+  BUILD ./images/nova+image --REGISTRY=${REGISTRY}
+  BUILD ./images/octavia+image --REGISTRY=${REGISTRY}
+  BUILD ./images/openvswitch+image --REGISTRY=${REGISTRY}
+  BUILD ./images/ovn+images --REGISTRY=${REGISTRY}
+  BUILD ./images/placement+image --REGISTRY=${REGISTRY}
+  BUILD ./images/senlin+image --REGISTRY=${REGISTRY}
+  BUILD ./images/staffeln+image --REGISTRY=${REGISTRY}
+  BUILD ./images/tempest+image --REGISTRY=${REGISTRY}
 
 SCAN_IMAGE:
-  COMMAND
+  FUNCTION
   ARG --required IMAGE
   # TODO(mnaser): Include secret scanning when it's more reliable.
   RUN \
@@ -130,16 +217,15 @@
   FROM ./images/trivy+image
   COPY roles/defaults/vars/main.yml /defaults.yml
   # TODO(mnaser): Scan all images eventually
-  FOR IMAGE IN $(cat /defaults.yml | grep 'ghcr.io/vexxhost' | cut -d' ' -f4 | sort | uniq)
+  FOR IMAGE IN $(cat /defaults.yml | egrep -E 'ghcr.io/vexxhost|registry.atmosphere.dev' | cut -d' ' -f4 | sort | uniq)
     BUILD +scan-image --IMAGE ${IMAGE}
-    # DO +SCAN_IMAGE --IMAGE ${IMAGE}
   END
 
 pin-images:
   FROM +build.venv.dev
   COPY roles/defaults/vars/main.yml /defaults.yml
   COPY build/pin-images.py /usr/local/bin/pin-images
-  RUN --no-cache /usr/local/bin/pin-images /defaults.yml /pinned.yml
+  RUN --no-cache /usr/local/bin/pin-images --registry ${REGISTRY} /defaults.yml /pinned.yml
   SAVE ARTIFACT /pinned.yml AS LOCAL roles/defaults/vars/main.yml
 
 gh:
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..75b3574
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,202 @@
+pipeline {
+	agent none
+
+	options {
+		disableConcurrentBuilds(abortPrevious: true);
+	}
+
+	// TODO: periodic multi-node jobs
+
+	environment {
+		TEST_REGISTRY = "registry.atmosphere.dev:5000/${env.BRANCH_NAME.toLowerCase()}"
+		PROD_REGISTRY = "ghcr.io/vexxhost/atmosphere"
+		REGISTRY = "${env.BRANCH_NAME == 'main' ? PROD_REGISTRY : TEST_REGISTRY}"
+
+		EARTHLY_CI = 'true'
+		EARTHLY_BUILD_ARGS = "REGISTRY=${REGISTRY}"
+	}
+
+	stages {
+		stage('lint') {
+			parallel {
+				stage('ansible-lint') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly --output +lint.ansible-lint'
+					}
+
+					post {
+						always {
+							junit testResults: 'ansible-lint.xml', allowEmptyResults: true
+						}
+					}
+				}
+
+				stage('helm') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly --output +lint.helm'
+					}
+
+					post {
+						always {
+							junit testResults: 'output/junit-helm-*.xml', allowEmptyResults: true
+						}
+					}
+				}
+
+				stage('markdownlint') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly --output +lint.markdownlint'
+					}
+
+					post {
+						always {
+							junit testResults: 'junit.xml', allowEmptyResults: true
+						}
+					}
+				}
+
+				stage('image-manifest') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly +lint.image-manifest'
+					}
+				}
+			}
+		}
+
+		stage('unit') {
+			parallel {
+				stage('go') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly --output +unit.go'
+					}
+
+					post {
+						always {
+							junit 'junit-go.xml'
+						}
+					}
+				}
+			}
+		}
+
+		stage('build') {
+			parallel {
+				stage('collection') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly --output +build.collection'
+						archiveArtifacts artifacts: 'dist/**'
+					}
+				}
+
+				stage('images') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						script {
+							if (env.BRANCH_NAME == 'main') {
+								docker.withRegistry('https://ghcr.io', 'github-packages-token') {
+									sh 'earthly --push +images'
+								}
+							} else {
+								sh 'earthly --push +images'
+							}
+						}
+
+						sh 'earthly --output +pin-images'
+						sh 'earthly +scan-images'
+						stash name: 'src-with-pinned-images', includes: '**'
+					}
+				}
+
+				stage('docs') {
+					agent {
+						label 'earthly'
+					}
+
+					steps {
+						sh 'earthly +mkdocs-build'
+					}
+				}
+			}
+		}
+
+		stage('integration') {
+			matrix {
+				axes {
+					axis {
+						name 'NETWORK_BACKEND'
+						values 'openvswitch', 'ovn'
+					}
+				}
+
+				agent {
+					label 'jammy-16c-64g'
+				}
+
+				environment {
+					ATMOSPHERE_DEBUG = "true"
+					ATMOSPHERE_NETWORK_BACKEND = "${NETWORK_BACKEND}"
+				}
+
+				stages {
+					stage('molecule') {
+						steps {
+							// Checkout code with built/pinned images
+							unstash 'src-with-pinned-images'
+
+							// Install dependencies
+							sh 'sudo apt-get install -y git python3-pip'
+							sh 'sudo pip install poetry'
+
+							// Run tests
+							sh 'sudo poetry install --with dev'
+							sh 'sudo --preserve-env=ATMOSPHERE_DEBUG,ATMOSPHERE_NETWORK_BACKEND poetry run molecule test -s aio'
+						}
+					}
+				}
+
+				post {
+					always {
+						// Kubernetes logs
+						sh "sudo ./build/fetch-kubernetes-logs.sh logs/${NETWORK_BACKEND}/kubernetes || true"
+						archiveArtifacts artifacts: 'logs/**', allowEmptyArchive: true
+
+						// JUnit results for Tempest
+						sh "sudo ./build/fetch-junit-xml.sh tempest-${NETWORK_BACKEND}.xml || true"
+						junit "tempest-${NETWORK_BACKEND}.xml"
+					}
+				}
+			}
+		}
+
+		// promote images
+		// release?
+		// todo: manual pin commit to main (avoiding loop)
+	}
+}
diff --git a/molecule/ceph/verify.yml b/build/fetch-junit-xml.sh
old mode 100644
new mode 100755
similarity index 72%
copy from molecule/ceph/verify.yml
copy to build/fetch-junit-xml.sh
index b88e217..785df28
--- a/molecule/ceph/verify.yml
+++ b/build/fetch-junit-xml.sh
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
+# Copyright (c) 2022 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -12,4 +12,7 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- import_playbook: vexxhost.atmosphere.tempest
+REPORT_FILE_NAME="${1:-report.xml}"
+
+sudo apt-get install -y subunit python3-junitxml
+sudo subunit-1to2 /tmp/stestr/0 | subunit2junitxml > "${REPORT_FILE_NAME}"
diff --git a/build/fetch-kubernetes-logs.sh b/build/fetch-kubernetes-logs.sh
new file mode 100755
index 0000000..5b028b5
--- /dev/null
+++ b/build/fetch-kubernetes-logs.sh
@@ -0,0 +1,78 @@
+#!/bin/bash -x
+
+# Check if an argument was provided
+if [ "$#" -ne 1 ]; then
+    echo "Usage: $0 <path_to_save_logs>"
+    exit 1
+fi
+
+# Define the base directory where you want to save the logs
+BASE_DIR="$1"
+
+# Create the base directory if it doesn't exist
+mkdir -p "$BASE_DIR"
+
+# Function to fetch logs for a pod and container
+fetch_logs() {
+    local ns="$1"
+    local pod="$2"
+    local container="$3"
+    local pod_dir="$BASE_DIR/$ns/$pod"
+    local log_file="$pod_dir/$container.log"
+    local prev_log_file="$pod_dir/${container}-previous.log"
+
+    # Ensure the pod directory exists
+    mkdir -p "$pod_dir"
+
+    # Fetch current logs
+    kubectl logs "$pod" -n "$ns" -c "$container" > "$log_file" 2>/dev/null
+
+    # Fetch previous logs if they exist
+    if kubectl logs "$pod" -n "$ns" -c "$container" --previous &>/dev/null; then
+        kubectl logs "$pod" -n "$ns" -c "$container" --previous > "$prev_log_file" 2>/dev/null
+    fi
+}
+
+export -f fetch_logs
+export BASE_DIR
+
+# Get all namespaces
+namespaces=$(kubectl get ns -o jsonpath='{.items[*].metadata.name}')
+
+# Loop through each namespace
+for ns in $namespaces; do
+    (
+        # Create a directory for the namespace
+        mkdir -p "$BASE_DIR/$ns"
+
+        # Get all pods in the namespace
+        pods=$(kubectl get pods -n "$ns" -o jsonpath='{.items[*].metadata.name}')
+
+        # Loop through each pod
+        for pod in $pods; do
+            (
+                # Create a directory for the pod
+                mkdir -p "$BASE_DIR/$ns/$pod"
+
+                # Get all containers in the pod
+                containers=$(kubectl get pod "$pod" -n "$ns" -o jsonpath='{.spec.containers[*].name}')
+
+                # Loop through each container
+                for container in $containers; do
+                    # Fetch logs in parallel
+                    fetch_logs "$ns" "$pod" "$container" &
+                done
+
+                # Wait for all background log fetches to complete before moving to the next pod
+                wait
+            ) &
+        done
+        # Wait for all background pods processing to complete before moving to the next namespace
+        wait
+    ) &
+done
+
+# Wait for all background namespaces processing to complete
+wait
+
+echo "Logs have been saved to $BASE_DIR"
diff --git a/build/pin-images.py b/build/pin-images.py
index 53363a3..83ae2d4 100755
--- a/build/pin-images.py
+++ b/build/pin-images.py
@@ -3,11 +3,11 @@
 import argparse
 import functools
 
+import requests
 from docker_image import reference
 from oslo_config import cfg
 from oslo_log import log as logging
 from ruyaml import YAML
-import requests
 
 LOG = logging.getLogger(__name__)
 CONF = cfg.CONF
@@ -46,7 +46,11 @@
 def get_pinned_image(image_src):
     image_ref = reference.Reference.parse(image_src)
 
-    if image_ref.domain() in ("registry.k8s.io", "us-docker.pkg.dev"):
+    if image_ref.domain() in (
+        "registry.k8s.io",
+        "us-docker.pkg.dev",
+        "registry.atmosphere.dev",
+    ):
         digest = get_digest(image_ref)
 
     if image_ref.domain() == "quay.io":
@@ -109,16 +113,30 @@
         "src", help="Path for default values file", type=argparse.FileType("r")
     )
     parser.add_argument("dst", help="Path for output file", type=argparse.FileType("w"))
+    parser.add_argument(
+        "-r",
+        "--registry",
+        default="ghcr.io/vexxhost/atmosphere",
+        help="Registry containing Atmosphere images",
+    )
 
     args = parser.parse_args()
 
+    registry = args.registry
+    if "registry.atmosphere.dev:5000" in registry:
+        registry = registry.replace(
+            "registry.atmosphere.dev:5000", "registry.atmosphere.dev"
+        )
+
     yaml = YAML(typ="rt")
     data = yaml.load(args.src)
 
     for image in data["_atmosphere_images"]:
         if image in SKIP_IMAGE_LIST:
             continue
-        image_src = data["_atmosphere_images"][image]
+        image_src = data["_atmosphere_images"][image].replace(
+            "ghcr.io/vexxhost/atmosphere", registry
+        )
         pinned_image = get_pinned_image(image_src)
 
         LOG.info("Pinning image %s from %s to %s", image, image_src, pinned_image)
diff --git a/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl b/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
index 5b6ce43..1cb25e3 100644
--- a/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
+++ b/charts/neutron/templates/bin/_neutron-metadata-agent-init.sh.tpl
@@ -17,6 +17,9 @@
 set -ex
 
 chown ${NEUTRON_USER_UID} /var/lib/neutron/openstack-helm
+{{- if (has "ovn" .Values.network.backend) }}
+chown ${NEUTRON_USER_UID} /run/openvswitch/db.sock
+{{- end }}
 
 {{- if and ( empty .Values.conf.neutron.DEFAULT.host ) ( .Values.pod.use_fqdn.neutron_agent ) }}
 mkdir -p /tmp/pod-shared
diff --git a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
index 1fa7f52..598c74c 100644
--- a/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
+++ b/charts/neutron/templates/daemonset-ovn-metadata-agent.yaml
@@ -100,6 +100,8 @@
           command:
             - /tmp/neutron-metadata-agent-init.sh
           volumeMounts:
+            - name: run
+              mountPath: /run
             - name: pod-tmp
               mountPath: /tmp
             - name: neutron-bin
diff --git a/charts/ovn/templates/bin/_ovn-controller.sh.tpl b/charts/ovn/templates/bin/_ovn-controller.sh.tpl
deleted file mode 100644
index ecb659d..0000000
--- a/charts/ovn/templates/bin/_ovn-controller.sh.tpl
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/bash -xe
-
-# Copyright 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMMAND="${@:-start}"
-
-function start () {
-  /usr/share/ovn/scripts/ovn-ctl start_controller \
-    --ovn-manage-ovsdb=no
-
-  tail --follow=name /var/log/ovn/ovn-controller.log
-}
-
-function stop () {
-  /usr/share/ovn/scripts/ovn-ctl stop_controller
-  pkill tail
-}
-
-function liveness () {
-  ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
-}
-
-function readiness () {
-  ovs-appctl -t /var/run/ovn/ovn-controller.$(cat /var/run/ovn/ovn-controller.pid).ctl status
-}
-
-$COMMAND
diff --git a/charts/ovn/templates/bin/_ovn-northd.sh.tpl b/charts/ovn/templates/bin/_ovn-northd.sh.tpl
deleted file mode 100644
index fefd793..0000000
--- a/charts/ovn/templates/bin/_ovn-northd.sh.tpl
+++ /dev/null
@@ -1,57 +0,0 @@
-#!/bin/bash -xe
-
-# Copyright 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMMAND="${@:-start}"
-
-{{- $nb_svc_name := "ovn-ovsdb-nb" -}}
-{{- $nb_svc := (tuple $nb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
-{{- $nb_port := (tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
-{{- $nb_service_list := list -}}
-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_nb | int) -}}
-  {{- $nb_service_list = printf "tcp:%s-%d.%s:%s" $nb_svc_name $i $nb_svc $nb_port | append $nb_service_list -}}
-{{- end -}}
-
-{{- $sb_svc_name := "ovn-ovsdb-sb" -}}
-{{- $sb_svc := (tuple $sb_svc_name "internal" . | include "helm-toolkit.endpoints.hostname_fqdn_endpoint_lookup") -}}
-{{- $sb_port := (tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup") -}}
-{{- $sb_service_list := list -}}
-{{- range $i := until (.Values.pod.replicas.ovn_ovsdb_sb | int) -}}
-  {{- $sb_service_list = printf "tcp:%s-%d.%s:%s" $sb_svc_name $i $sb_svc $sb_port | append $sb_service_list -}}
-{{- end }}
-
-function start () {
-  /usr/share/ovn/scripts/ovn-ctl start_northd \
-    --ovn-manage-ovsdb=no \
-    --ovn-northd-nb-db={{ include "helm-toolkit.utils.joinListWithComma" $nb_service_list }} \
-    --ovn-northd-sb-db={{ include "helm-toolkit.utils.joinListWithComma" $sb_service_list }}
-
-  tail --follow=name /var/log/ovn/ovn-northd.log
-}
-
-function stop () {
-  /usr/share/ovn/scripts/ovn-ctl stop_northd
-  pkill tail
-}
-
-function liveness () {
-  ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
-}
-
-function readiness () {
-  ovs-appctl -t /var/run/ovn/ovn-northd.$(cat /var/run/ovn/ovn-northd.pid).ctl status
-}
-
-$COMMAND
diff --git a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl b/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
deleted file mode 100644
index e023505..0000000
--- a/charts/ovn/templates/bin/_ovsdb-server.sh.tpl
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/bash -xe
-
-# Copyright 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#    http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-
-COMMAND="${@:-start}"
-
-OVSDB_HOST=$(hostname -f)
-ARGS=(
-  --db-${OVS_DATABASE}-create-insecure-remote=yes
-  --db-${OVS_DATABASE}-cluster-local-proto=tcp
-  --db-${OVS_DATABASE}-cluster-local-addr=$(hostname -f)
-)
-
-if [[ ! $HOSTNAME == *-0 && $OVSDB_HOST =~ (.+)-([0-9]+)\. ]]; then
-  OVSDB_BOOTSTRAP_HOST="${BASH_REMATCH[1]}-0.${OVSDB_HOST#*.}"
-
-  ARGS+=(
-    --db-${OVS_DATABASE}-cluster-remote-proto=tcp
-    --db-${OVS_DATABASE}-cluster-remote-addr=${OVSDB_BOOTSTRAP_HOST}
-  )
-fi
-
-function start () {
-  /usr/share/ovn/scripts/ovn-ctl start_${OVS_DATABASE}_ovsdb ${ARGS[@]}
-
-  tail --follow=name /var/log/ovn/ovsdb-server-${OVS_DATABASE}.log
-}
-
-function stop () {
-  /usr/share/ovn/scripts/ovn-ctl stop_${OVS_DATABASE}_ovsdb
-  pkill tail
-}
-
-function liveness () {
-  if [[ $OVS_DATABASE == "nb" ]]; then
-    OVN_DATABASE="Northbound"
-  elif [[ $OVS_DATABASE == "sb" ]]; then
-    OVN_DATABASE="Southbound"
-  else
-    echo "OVS_DATABASE must be nb or sb"
-    exit 1
-  fi
-
-  ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
-}
-
-function readiness () {
-  if [[ $OVS_DATABASE == "nb" ]]; then
-    OVN_DATABASE="Northbound"
-  elif [[ $OVS_DATABASE == "sb" ]]; then
-    OVN_DATABASE="Southbound"
-  else
-    echo "OVS_DATABASE must be nb or sb"
-    exit 1
-  fi
-
-  ovs-appctl -t /var/run/ovn/ovn${OVS_DATABASE}_db.ctl cluster/status OVN_${OVN_DATABASE}
-}
-
-$COMMAND
diff --git a/charts/ovn/templates/configmap-bin.yaml b/charts/ovn/templates/configmap-bin.yaml
index a849dd8..82001f9 100644
--- a/charts/ovn/templates/configmap-bin.yaml
+++ b/charts/ovn/templates/configmap-bin.yaml
@@ -24,12 +24,6 @@
   image-repo-sync.sh: |
 {{- include "helm-toolkit.scripts.image_repo_sync" . | indent 4 }}
 {{- end }}
-  ovsdb-server.sh: |
-{{ tuple "bin/_ovsdb-server.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  ovn-northd.sh: |
-{{ tuple "bin/_ovn-northd.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
   ovn-controller-init.sh: |
 {{ tuple "bin/_ovn-controller-init.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
-  ovn-controller.sh: |
-{{ tuple "bin/_ovn-controller.sh.tpl" . | include "helm-toolkit.utils.template" | indent 4 }}
 {{- end }}
diff --git a/charts/ovn/templates/daemonset-controller-gw.yaml b/charts/ovn/templates/daemonset-controller-gw.yaml
index 5701a87..eb309c5 100644
--- a/charts/ovn/templates/daemonset-controller-gw.yaml
+++ b/charts/ovn/templates/daemonset-controller-gw.yaml
@@ -12,6 +12,15 @@
 limitations under the License.
 */}}
 
+{{- define "controllerGatewayReadinessProbeTemplate" }}
+exec:
+  command:
+    - /usr/bin/ovn-kube-util
+    - readiness-probe
+    - -t
+    - ovn-controller
+{{- end }}
+
 {{- if .Values.manifests.daemonset_ovn_controller_gw }}
 {{- $envAll := . }}
 
@@ -76,25 +85,33 @@
               readOnly: true
       containers:
         - name: controller
+          command:
+            - /root/ovnkube.sh
+            - ovn-controller
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_controller_gw" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-          command:
-            - /tmp/ovn-controller.sh
-            - start
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /tmp/ovn-controller.sh
-                  - stop
+{{ dict "envAll" . "component" "ovn_controller_gw" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerGatewayReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+          env:
+            - name: OVN_DAEMONSET_VERSION
+              value: "3"
+            - name: OVN_LOGLEVEL_CONTROLLER
+              value: "-vconsole:info -vfile:info"
+            - name: OVN_KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OVN_KUBERNETES_NB_STATEFULSET
+              value: ovn-ovsdb-nb
+            - name: OVN_KUBERNETES_SB_STATEFULSET
+              value: ovn-ovsdb-sb
+            - name: OVN_SSL_ENABLE
+              value: "no"
           volumeMounts:
-            - name: ovn-bin
-              mountPath: /tmp/ovn-controller.sh
-              subPath: ovn-controller.sh
-              readOnly: true
             - name: run-openvswitch
-              mountPath: /run/openvswitch
+              mountPath: /var/run/ovn
+            - name: run-openvswitch
+              mountPath: /var/run/openvswitch
       volumes:
         - name: ovn-bin
           configMap:
diff --git a/charts/ovn/templates/daemonset-controller.yaml b/charts/ovn/templates/daemonset-controller.yaml
index 580d5ae..b6b0b04 100644
--- a/charts/ovn/templates/daemonset-controller.yaml
+++ b/charts/ovn/templates/daemonset-controller.yaml
@@ -12,6 +12,15 @@
 limitations under the License.
 */}}
 
+{{- define "controllerReadinessProbeTemplate" }}
+exec:
+  command:
+    - /usr/bin/ovn-kube-util
+    - readiness-probe
+    - -t
+    - ovn-controller
+{{- end }}
+
 {{- if .Values.manifests.daemonset_ovn_controller }}
 {{- $envAll := . }}
 
@@ -76,25 +85,33 @@
               readOnly: true
       containers:
         - name: controller
+          command:
+            - /root/ovnkube.sh
+            - ovn-controller
 {{ tuple $envAll "ovn_controller" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_controller" "container" "controller" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-          command:
-            - /tmp/ovn-controller.sh
-            - start
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /tmp/ovn-controller.sh
-                  - stop
+{{ dict "envAll" . "component" "ovn_controller" "container" "controller" "type" "readiness" "probeTemplate" (include "controllerReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+          env:
+            - name: OVN_DAEMONSET_VERSION
+              value: "3"
+            - name: OVN_LOGLEVEL_CONTROLLER
+              value: "-vconsole:info -vfile:info"
+            - name: OVN_KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OVN_KUBERNETES_NB_STATEFULSET
+              value: ovn-ovsdb-nb
+            - name: OVN_KUBERNETES_SB_STATEFULSET
+              value: ovn-ovsdb-sb
+            - name: OVN_SSL_ENABLE
+              value: "no"
           volumeMounts:
-            - name: ovn-bin
-              mountPath: /tmp/ovn-controller.sh
-              subPath: ovn-controller.sh
-              readOnly: true
             - name: run-openvswitch
-              mountPath: /run/openvswitch
+              mountPath: /var/run/ovn
+            - name: run-openvswitch
+              mountPath: /var/run/openvswitch
       volumes:
         - name: ovn-bin
           configMap:
diff --git a/charts/ovn/templates/deployment-northd.yaml b/charts/ovn/templates/deployment-northd.yaml
index e3afdd0..ae31b35 100644
--- a/charts/ovn/templates/deployment-northd.yaml
+++ b/charts/ovn/templates/deployment-northd.yaml
@@ -12,18 +12,13 @@
 limitations under the License.
 */}}
 
-{{- define "livenessProbeTemplate" }}
+{{- define "northdReadinessProbeTemplate" }}
 exec:
   command:
-    - /tmp/ovn-northd.sh
-    - liveness
-{{- end }}
-
-{{- define "readinessProbeTemplate" }}
-exec:
-  command:
-    - /tmp/ovn-northd.sh
-    - readiness
+    - /usr/bin/ovn-kube-util
+    - readiness-probe
+    - -t
+    - ovn-northd
 {{- end }}
 
 {{- if .Values.manifests.deployment_northd }}
@@ -60,28 +55,26 @@
 {{- tuple $envAll "ovn_northd" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: northd
+          command:
+            - /root/ovnkube.sh
+            - run-ovn-northd
 {{ tuple $envAll "ovn_northd" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
 {{ dict "envAll" $envAll "application" "ovn_northd" "container" "northd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "liveness" "probeTemplate" (include "livenessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "readinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
-          command:
-            - /tmp/ovn-northd.sh
-            - start
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /tmp/ovn-northd.sh
-                  - stop
-          volumeMounts:
-            - name: ovn-bin
-              mountPath: /tmp/ovn-northd.sh
-              subPath: ovn-northd.sh
-              readOnly: true
-      volumes:
-        - name: ovn-bin
-          configMap:
-            name: ovn-bin
-            defaultMode: 0555
+{{ dict "envAll" . "component" "ovn_northd" "container" "northd" "type" "readiness" "probeTemplate" (include "northdReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
+          env:
+            - name: OVN_DAEMONSET_VERSION
+              value: "3"
+            - name: OVN_LOGLEVEL_NORTHD
+              value: "-vconsole:info -vfile:info"
+            - name: OVN_KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OVN_KUBERNETES_NB_STATEFULSET
+              value: ovn-ovsdb-nb
+            - name: OVN_KUBERNETES_SB_STATEFULSET
+              value: ovn-ovsdb-sb
+            - name: OVN_SSL_ENABLE
+              value: "no"
 {{- end }}
diff --git a/charts/ovn/templates/role-controller.yaml b/charts/ovn/templates/role-controller.yaml
new file mode 100644
index 0000000..de3cfa6
--- /dev/null
+++ b/charts/ovn/templates/role-controller.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ovn-controller
+rules:
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - list
diff --git a/charts/ovn/templates/role-northd.yaml b/charts/ovn/templates/role-northd.yaml
new file mode 100644
index 0000000..ca02fae
--- /dev/null
+++ b/charts/ovn/templates/role-northd.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ovn-northd
+rules:
+- apiGroups:
+  - discovery.k8s.io
+  resources:
+  - endpointslices
+  verbs:
+  - list
diff --git a/charts/ovn/templates/role-ovsdb.yaml b/charts/ovn/templates/role-ovsdb.yaml
new file mode 100644
index 0000000..10e0e23
--- /dev/null
+++ b/charts/ovn/templates/role-ovsdb.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: ovn-ovsdb
+rules:
+- apiGroups:
+  - "apps"
+  resources:
+  - statefulsets
+  verbs:
+  - get
+- apiGroups:
+  - ""
+  resources:
+  - pods
+  - endpoints
+  verbs:
+  - list
+  - get
diff --git a/charts/ovn/templates/rolebinding-controller.yaml b/charts/ovn/templates/rolebinding-controller.yaml
new file mode 100644
index 0000000..7973c7e
--- /dev/null
+++ b/charts/ovn/templates/rolebinding-controller.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ovn-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ovn-controller
+subjects:
+- kind: ServiceAccount
+  name: ovn-controller
+- kind: ServiceAccount
+  name: ovn-controller-gw
diff --git a/charts/ovn/templates/rolebinding-northd.yaml b/charts/ovn/templates/rolebinding-northd.yaml
new file mode 100644
index 0000000..428a470
--- /dev/null
+++ b/charts/ovn/templates/rolebinding-northd.yaml
@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ovn-northd
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ovn-northd
+subjects:
+- kind: ServiceAccount
+  name: ovn-northd
diff --git a/charts/ovn/templates/rolebinding-ovsdb.yaml b/charts/ovn/templates/rolebinding-ovsdb.yaml
new file mode 100644
index 0000000..f32382b
--- /dev/null
+++ b/charts/ovn/templates/rolebinding-ovsdb.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: ovn-ovsdb
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: ovn-ovsdb
+subjects:
+- kind: ServiceAccount
+  name: ovn-ovsdb-nb
+- kind: ServiceAccount
+  name: ovn-ovsdb-sb
diff --git a/charts/ovn/templates/service-ovsdb-nb.yaml b/charts/ovn/templates/service-ovsdb-nb.yaml
index b93da9b..56f7cd0 100644
--- a/charts/ovn/templates/service-ovsdb-nb.yaml
+++ b/charts/ovn/templates/service-ovsdb-nb.yaml
@@ -20,6 +20,7 @@
 metadata:
   name: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
+  publishNotReadyAddresses: true
   ports:
     - name: ovsdb
       port: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/templates/service-ovsdb-sb.yaml b/charts/ovn/templates/service-ovsdb-sb.yaml
index 70f62c6..4a6b586 100644
--- a/charts/ovn/templates/service-ovsdb-sb.yaml
+++ b/charts/ovn/templates/service-ovsdb-sb.yaml
@@ -20,6 +20,7 @@
 metadata:
   name: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
 spec:
+  publishNotReadyAddresses: true
   ports:
     - name: ovsdb
       port: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
diff --git a/charts/ovn/templates/statefulset-ovsdb-nb.yaml b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
index 9380515..8955d30 100644
--- a/charts/ovn/templates/statefulset-ovsdb-nb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-nb.yaml
@@ -12,6 +12,19 @@
 limitations under the License.
 */}}
 
+{{- define "ovnnbReadinessProbeTemplate" }}
+exec:
+  command:
+    - /usr/bin/ovn-kube-util
+    - readiness-probe
+    - -t
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
+    - ovnnb-db-raft
+{{- else }}
+    - ovnnb-db
+{{- end }}
+{{- end }}
+
 {{- if .Values.manifests.statefulset_ovn_ovsdb_nb }}
 {{- $envAll := . }}
 
@@ -28,6 +41,7 @@
 {{ tuple $envAll "ovn" "ovn-ovsdb-nb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
 spec:
   serviceName: {{ tuple "ovn-ovsdb-nb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+  podManagementPolicy: Parallel
   replicas: {{ .Values.pod.replicas.ovn_ovsdb_nb }}
   selector:
     matchLabels:
@@ -49,41 +63,54 @@
 {{- tuple $envAll "ovn_ovsdb_nb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: ovsdb
+          command:
+            - /root/ovnkube.sh
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_nb) 1 }}
+            - nb-ovsdb-raft
+{{- else }}
+            - nb-ovsdb
+{{- end }}
 {{ tuple $envAll "ovn_ovsdb_nb" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_ovsdb_nb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnnbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
           ports:
             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             - containerPort: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
           env:
-            - name: OVS_DATABASE
-              value: nb
-            - name: OVS_PORT
+            - name: OVN_DAEMONSET_VERSION
+              value: "3"
+            - name: OVN_LOGLEVEL_NB
+              value: "-vconsole:info -vfile:info"
+            - name: OVN_KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OVN_KUBERNETES_STATEFULSET
+              value: ovn-ovsdb-nb
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OVN_SSL_ENABLE
+              value: "no"
+            - name: ENABLE_IPSEC
+              value: "false"
+            - name: OVN_NB_RAFT_ELECTION_TIMER
+              value: "1000"
+            - name: OVN_NB_PORT
               value: {{ tuple "ovn-ovsdb-nb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
-          command:
-            - /tmp/ovsdb-server.sh
-            - start
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /tmp/ovsdb-server.sh
-                  - stop
+            - name: OVN_NB_RAFT_PORT
+              value: {{ tuple "ovn-ovsdb-nb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
           volumeMounts:
-            - name: ovn-bin
-              mountPath: /tmp/ovsdb-server.sh
-              subPath: ovsdb-server.sh
-              readOnly: true
             - name: run-openvswitch
-              mountPath: /run/openvswitch
+              mountPath: /var/run/openvswitch
+            - name: run-openvswitch
+              mountPath: /var/run/ovn
             - name: data
               mountPath: /var/lib/ovn
       volumes:
         - name: run-openvswitch
           emptyDir: {}
-        - name: ovn-bin
-          configMap:
-            name: ovn-bin
-            defaultMode: 0555
 {{- if not .Values.volume.ovn_ovsdb_nb.enabled }}
         - name: data
           emptyDir: {}
diff --git a/charts/ovn/templates/statefulset-ovsdb-sb.yaml b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
index 400b127..ab571c2 100644
--- a/charts/ovn/templates/statefulset-ovsdb-sb.yaml
+++ b/charts/ovn/templates/statefulset-ovsdb-sb.yaml
@@ -12,6 +12,19 @@
 limitations under the License.
 */}}
 
+{{- define "ovnsbReadinessProbeTemplate" }}
+exec:
+  command:
+    - /usr/bin/ovn-kube-util
+    - readiness-probe
+    - -t
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
+    - ovnsb-db-raft
+{{- else }}
+    - ovnsb-db
+{{- end }}
+{{- end }}
+
 {{- if .Values.manifests.statefulset_ovn_ovsdb_sb }}
 {{- $envAll := . }}
 
@@ -28,6 +41,7 @@
 {{ tuple $envAll "ovn" "ovn-ovsdb-sb" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 4 }}
 spec:
   serviceName: {{ tuple "ovn-ovsdb-sb" "direct" . | include "helm-toolkit.endpoints.hostname_short_endpoint_lookup" }}
+  podManagementPolicy: Parallel
   replicas: {{ .Values.pod.replicas.ovn_ovsdb_sb }}
   selector:
     matchLabels:
@@ -49,41 +63,54 @@
 {{- tuple $envAll "ovn_ovsdb_sb" list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
       containers:
         - name: ovsdb
+          command:
+            - /root/ovnkube.sh
+{{- if gt (int .Values.pod.replicas.ovn_ovsdb_sb) 1 }}
+            - sb-ovsdb-raft
+{{- else }}
+            - sb-ovsdb
+{{- end }}
 {{ tuple $envAll "ovn_ovsdb_sb" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" . "component" "ovn_ovsdb_sb" "container" "ovsdb" "type" "readiness" "probeTemplate" (include "ovnsbReadinessProbeTemplate" . | fromYaml) | include "helm-toolkit.snippets.kubernetes_probe" | indent 10 }}
           ports:
             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
             - containerPort: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" }}
           env:
-            - name: OVS_DATABASE
-              value: sb
-            - name: OVS_PORT
+            - name: OVN_DAEMONSET_VERSION
+              value: "3"
+            - name: OVN_LOGLEVEL_SB
+              value: "-vconsole:info -vfile:info"
+            - name: OVN_KUBERNETES_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: OVN_KUBERNETES_STATEFULSET
+              value: ovn-ovsdb-sb
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: OVN_SSL_ENABLE
+              value: "no"
+            - name: ENABLE_IPSEC
+              value: "false"
+            - name: OVN_SB_RAFT_ELECTION_TIMER
+              value: "1000"
+            - name: OVN_SB_PORT
               value: {{ tuple "ovn-ovsdb-sb" "internal" "ovsdb" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
-          command:
-            - /tmp/ovsdb-server.sh
-            - start
-          lifecycle:
-            preStop:
-              exec:
-                command:
-                  - /tmp/ovsdb-server.sh
-                  - stop
+            - name: OVN_SB_RAFT_PORT
+              value: {{ tuple "ovn-ovsdb-sb" "internal" "raft" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
           volumeMounts:
-            - name: ovn-bin
-              mountPath: /tmp/ovsdb-server.sh
-              subPath: ovsdb-server.sh
-              readOnly: true
             - name: run-openvswitch
-              mountPath: /run/openvswitch
+              mountPath: /var/run/openvswitch
+            - name: run-openvswitch
+              mountPath: /var/run/ovn
             - name: data
               mountPath: /var/lib/ovn
       volumes:
         - name: run-openvswitch
           emptyDir: {}
-        - name: ovn-bin
-          configMap:
-            name: ovn-bin
-            defaultMode: 0555
 {{- if not .Values.volume.ovn_ovsdb_sb.enabled }}
         - name: data
           emptyDir: {}
@@ -93,10 +120,10 @@
         name: data
       spec:
         accessModes: ["ReadWriteOnce"]
+        storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
         resources:
           requests:
             storage: {{ $envAll.Values.volume.ovn_ovsdb_sb.size }}
-        storageClassName: {{ $envAll.Values.volume.ovn_ovsdb_sb.class_name }}
 {{- end }}
 
 {{- end }}
diff --git a/charts/ovn/values.yaml b/charts/ovn/values.yaml
index cc0eea4..214dd16 100644
--- a/charts/ovn/values.yaml
+++ b/charts/ovn/values.yaml
@@ -138,13 +138,41 @@
         readiness:
           enabled: true
           params:
-            initialDelaySeconds: 5
-            timeoutSeconds: 10
-        liveness:
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+            periodSeconds: 60
+    ovn_ovsdb_nb:
+      ovsdb:
+        readiness:
           enabled: true
           params:
-            initialDelaySeconds: 5
-            timeoutSeconds: 10
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+            periodSeconds: 60
+    ovn_ovsdb_sb:
+      ovsdb:
+        readiness:
+          enabled: true
+          params:
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+            periodSeconds: 60
+    ovn_controller:
+      controller:
+        readiness:
+          enabled: true
+          params:
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+            periodSeconds: 60
+    ovn_controller_gw:
+      controller:
+        readiness:
+          enabled: true
+          params:
+            initialDelaySeconds: 30
+            timeoutSeconds: 30
+            periodSeconds: 60
   dns_policy: "ClusterFirstWithHostNet"
   replicas:
     ovn_ovsdb_nb: 1
@@ -179,18 +207,18 @@
     ovs:
       ovn_ovsdb_nb:
         requests:
-          memory: "128Mi"
+          memory: "384Mi"
           cpu: "100m"
         limits:
           memory: "1024Mi"
-          cpu: "2000m"
+          cpu: "1000m"
       ovn_ovsdb_sb:
         requests:
-          memory: "128Mi"
+          memory: "384Mi"
           cpu: "100m"
         limits:
           memory: "1024Mi"
-          cpu: "2000m"
+          cpu: "1000m"
       ovn_northd:
         requests:
           memory: "128Mi"
diff --git a/charts/tempest/templates/job-run-tests.yaml b/charts/tempest/templates/job-run-tests.yaml
index fc37523..fa1c361 100644
--- a/charts/tempest/templates/job-run-tests.yaml
+++ b/charts/tempest/templates/job-run-tests.yaml
@@ -97,6 +97,8 @@
               subPath: test-whitelist
               readOnly: true
 {{- end }}
+            - name: stestr
+              mountPath: /.stestr
             - name: tempest-reports
               mountPath: /var/lib/tempest/data
 {{- dict "enabled" (or .Values.manifests.certificates .Values.tls.identity) "name" .Values.secrets.tls.identity.api.internal "path" "/etc/tempest/certs" | include "helm-toolkit.snippets.tls_volume_mount" | indent 12 }}
@@ -113,6 +115,9 @@
           configMap:
             name: tempest-bin
             defaultMode: 0555
+        - name: stestr
+          hostPath:
+            path: /tmp/stestr
         - name: tempest-reports
         {{- if not .Values.pvc.enabled }}
           emptyDir: {}
diff --git a/docs/SUMMARY.md b/docs/SUMMARY.md
index 8e262a8..d9b7054 100644
--- a/docs/SUMMARY.md
+++ b/docs/SUMMARY.md
@@ -1,6 +1,8 @@
 # Summary
 
-- [Deployment Guide](deploy.md)
+- Deployment
+    - [Quick start](deploy/quick-start.md)
+    - [Production](deploy/production.md)
 - [Ingress](ingress.md)
 - [Monitoring](monitoring.md)
 - OpenStack
diff --git a/docs/deploy.md b/docs/deploy/production.md
similarity index 100%
rename from docs/deploy.md
rename to docs/deploy/production.md
diff --git a/docs/deploy/quick-start.md b/docs/deploy/quick-start.md
new file mode 100644
index 0000000..58321f1
--- /dev/null
+++ b/docs/deploy/quick-start.md
@@ -0,0 +1,81 @@
+# Quick-start
+
+## All-in-one
+
+The easiest way to get started with Atmosphere is to deploy the all-in-one
+installation.  This will install an entire stack of Atmosphere, with Ceph
+and all the OpenStack services inside a single machine.
+
+!!! info
+
+    The all-in-one installation is not for production use, it's perfect
+    for testing and development.
+
+!!! warning
+
+    The all-in-one will fully take-over the machine by making system-level
+    changes.  It's recommended to run it inside a virtual machine or a
+    physical machine that can be dedicated to this purpose.
+
+In order to get started, you'll need a **Ubuntu 22.04** system with the
+following minimum system requirements:
+
+- Cores: 8 threads / vCPUs
+- Memory: 32GB
+
+If you're looking to run Kubernetes clusters, you'll need more memory
+for the workloads, it following minimum is recommended (but more memory
+is always better!):
+
+- Cores: 16 threads / vCPUs
+- Memory: 64GB
+
+!!! info
+
+    If you're running this inside a virtual machine, it is **extremely**
+    important that the virtual machines supported nested virtualization,
+    otherwise the performance of the VMs will be un-usable.
+
+You can use the following commands to deploy the all-in-one environment:
+
+```bash
+# Install dependencies
+sudo apt-get update
+sudo apt-get install git python3-pip
+sudo pip install poetry
+
+# Clone the repository
+git clone https://github.com/vexxhost/atmosphere.git
+
+# Deploy AIO
+cd atmosphere
+sudo poetry install --with dev
+sudo poetry run molecule converge -s aio
+```
+
+Once the deployment is done, you can either use the CLI to interact with
+the OpenStack environment, or you can access the Horizon dashboard.
+
+For the CLI, you can `source /root/openrc` and then use the `openstack`
+CLI.  For example, if you want to list the networks, you can run the
+following command:
+
+```bash
+source /root/openrc
+openstack network list
+```
+
+For the Horizon dashboard, you can find the URL to access it by running
+the following command:
+
+```bash
+kubectl -n openstack get ingress/dashboard -ojsonpath='{.spec.rules[0].host}'
+```
+
+You can find the credentials to login to the dashboard reading the
+`/root/openrc` file.  You can use the following variables to match
+the credentials:
+
+- Username: `OS_USERNAME`
+- Password: `OS_PASSWORD`
+- Domain: `OS_USER_DOMAIN_NAME`
diff --git a/docs/index.md b/docs/index.md
new file mode 100644
index 0000000..08f3633
--- /dev/null
+++ b/docs/index.md
@@ -0,0 +1,23 @@
+# Atmosphere
+
+Atmosphere is an advanced OpenStack distribution built by [VEXXHOST](https://vexxhost.com)
+powered by Kuberentes, which allows you to easily deliver virtual machines,
+Kubernetes and bare-metal on your on-premise hardware.
+
+The difference between Atmosphere and other deployment tools is that it is
+fully open source with batteries included.  It ships with settings that are
+curated by years of experience from our team alongside comprehensive day-2
+operations such as monitoring, centralized logging and simplified upgrades
+that only require upgrading your Atmosphere version.
+
+If you're looking to get started quickly, you can review our
+[Quick Start](deploy/quick-start.md) guide.
+
+## Community
+
+If you have any questions and discussions about Atmosphere, you can join the
+community:
+
+* [`#atmosphere`](https://kubernetes.slack.com/archives/C056YSPJB7U) channel
+  on the Kubernetes Slack. If you are new to Kubernetes Slack workspace,
+  [Join the Kubernetes Slack workspace](https://slack.kubernetes.io/) first.
diff --git a/docs/openstack/ovn.md b/docs/openstack/ovn.md
new file mode 100644
index 0000000..bd103c1
--- /dev/null
+++ b/docs/openstack/ovn.md
@@ -0,0 +1,34 @@
+# OVN
+
+## Recovering cluster
+
+If any of the OVN database pods fail, they will no longer be ready.  You can
+recover the cluster by deleting the pods and allowing them to be recreated.
+
+For example, if the `ovn-ovsdb-nb-0` pod fails, you can recover the cluster by
+deleting the pod:
+
+```bash
+kubectl -n openstack delete pods/ovn-ovsdb-nb-0
+```
+
+If the entire cluster fails, you can recover the cluster by deleting all of the
+pods.  For example, if the southbound database fails, you can recover the
+cluster with this command:
+
+```bash
+kubectl -n openstack delete pods -lcomponent=ovn-ovsdb-sb
+```
+
+If the state of Neutron is lost from the cluster, you can recover it by running
+the repair command:
+
+```bash
+kubectl -n openstack exec deploy/neutron-server -- \
+  neutron-ovn-db-sync-util \
+    --debug \
+    --config-file /etc/neutron/neutron.conf \
+    --config-file /tmp/pod-shared/ovn.ini \
+    --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
+    --ovn-neutron_sync_mode repair
+```
diff --git a/flake.lock b/flake.lock
index b114686..1f709e6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -5,11 +5,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1694529238,
-        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
+        "lastModified": 1705309234,
+        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
+        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
         "type": "github"
       },
       "original": {
@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1701040486,
-        "narHash": "sha256-vawYwoHA5CwvjfqaT3A5CT9V36Eq43gxdwpux32Qkjw=",
+        "lastModified": 1706925685,
+        "narHash": "sha256-hVInjWMmgH4yZgA4ZtbgJM1qEAel72SYhP5nOWX4UIM=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "45827faa2132b8eade424f6bdd48d8828754341a",
+        "rev": "79a13f1437e149dc7be2d1290c74d378dad60814",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index a11b761..d00bebc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -16,6 +16,9 @@
           devShell = pkgs.mkShell {
             buildInputs = with pkgs; [
               earthly
+              go
+              nixpkgs-fmt
+              poetry
               vendir
             ];
           };
diff --git a/images/Earthfile b/images/Earthfile
index 1141ecd..0a4374a 100644
--- a/images/Earthfile
+++ b/images/Earthfile
@@ -1,7 +1,7 @@
-VERSION 0.7
+VERSION 0.8
 
 APT_INSTALL:
-  COMMAND
+  FUNCTION
   ARG PACKAGES
   RUN \
     apt-get update && \
@@ -10,7 +10,7 @@
     rm -rf /var/lib/apt/lists/*
 
 DNF_INSTALL:
-  COMMAND
+  FUNCTION
   ARG PACKAGES
   RUN \
     dnf -y install \
@@ -21,7 +21,7 @@
     rm -rf /var/cache/dnf
 
 CREATE_PROJECT_USER:
-  COMMAND
+  FUNCTION
   ARG PROJECT
   ARG SHELL=/usr/sbin/nologin
   RUN \
diff --git a/images/barbican/Earthfile b/images/barbican/Earthfile
index 0c843ff..5ae11d0 100644
--- a/images/barbican/Earthfile
+++ b/images/barbican/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=barbican
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=a00fcade4138ffc52cd9c84b5999297966f019b5
@@ -15,5 +16,5 @@
   FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
   COPY +build/venv /var/lib/openstack
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/base/Earthfile b/images/base/Earthfile
index f34cf37..1810ea7 100644
--- a/images/base/Earthfile
+++ b/images/base/Earthfile
@@ -1,14 +1,5 @@
 VERSION 0.7
 
 image:
-  FROM ubuntu:jammy-20240111
+  FROM ubuntu:jammy-20240125
   LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
-  # TODO(mnaser): Remove this when a new image that includes 1.4.0-11ubuntu2.4 is released.
-  #               https://avd.aquasec.com/nvd/cve-2024-22365
-  DO ../+APT_INSTALL \
-    --PACKAGES "libpam0g libpam-modules libpam-modules-bin libpam-runtime"
-  # TODO(mnaser): Remove this when a new image that includes 3.7.3-4ubuntu1.4 is released.
-  #               https://avd.aquasec.com/nvd/cve-2024-0553
-  #               https://avd.aquasec.com/nvd/cve-2024-0567
-  DO ../+APT_INSTALL \
-    --PACKAGES "libgnutls30"
diff --git a/images/cinder/Earthfile b/images/cinder/Earthfile
index ae432c4..66fdc29 100644
--- a/images/cinder/Earthfile
+++ b/images/cinder/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=cinder
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=8d453fa7b6daf1c1b6105a71f7c660b9036541f3
@@ -18,5 +19,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/cluster-api-provider-openstack/Earthfile b/images/cluster-api-provider-openstack/Earthfile
index bae0ce1..26cfd25 100644
--- a/images/cluster-api-provider-openstack/Earthfile
+++ b/images/cluster-api-provider-openstack/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global CAPO_VERSION=v0.8.0
 ARG --global EPOCH=2
 
@@ -14,4 +15,4 @@
 image:
   FROM DOCKERFILE -f +clone/src/Dockerfile +clone/src/*
   LABEL org.opencontainers.image.source=https://github.com/vexxhost/atmosphere
-  SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/capi-openstack-controller:${CAPO_VERSION}-${EPOCH}
+  SAVE IMAGE --push ${REGISTRY}/capi-openstack-controller:${CAPO_VERSION}-${EPOCH}
diff --git a/images/designate/Earthfile b/images/designate/Earthfile
index d88dc10..21d8973 100644
--- a/images/designate/Earthfile
+++ b/images/designate/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=designate
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=2c817b3d7f01de44023f195c6e8de8853683a54a
@@ -16,5 +17,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "bind9utils"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/glance/Earthfile b/images/glance/Earthfile
index c40c403..25e298e 100644
--- a/images/glance/Earthfile
+++ b/images/glance/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=glance
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=9a4a3067b5c7c7f8ee9363bd939a3d86b260d660
@@ -27,5 +28,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "ceph-common lsscsi nvme-cli python3-rados python3-rbd qemu-utils sysfsutils udev util-linux"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/heat/Earthfile b/images/heat/Earthfile
index c55fc42..f2eb878 100644
--- a/images/heat/Earthfile
+++ b/images/heat/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=heat
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=d1363cc17646893054f9e8daf40de67699078e7c
@@ -16,5 +17,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "curl jq"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/horizon/Earthfile b/images/horizon/Earthfile
index fe9ac5f..6d0d246 100644
--- a/images/horizon/Earthfile
+++ b/images/horizon/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=horizon
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=3c6029cd94846235e25058b71522c13556f41f58
@@ -33,5 +34,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "apache2 gettext libapache2-mod-wsgi-py3"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/ironic/Earthfile b/images/ironic/Earthfile
index 5edcd7c..947a079 100644
--- a/images/ironic/Earthfile
+++ b/images/ironic/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=ironic
 ARG --global RELEASE=zed
 ARG --global PROJECT_REF=e38735cb95263b0c54f2fd719ff6b714efbddbb3
@@ -17,5 +18,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "ethtool ipmitool iproute2 ipxe lshw qemu-utils tftpd-hpa"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/keystone/Earthfile b/images/keystone/Earthfile
index 7aae428..25f2532 100644
--- a/images/keystone/Earthfile
+++ b/images/keystone/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global RELEASE=2023.2
 ARG --global PROJECT=keystone
 ARG --global PROJECT_REF=653d82b1b4e09b2ff37b56868e57d08c8e3af7dd
@@ -29,5 +30,5 @@
     apt-get clean && \
     rm -rfv /var/lib/apt/lists/* libapache2-mod-auth-openidc_${MOD_AUTH_OPENIDC_VERSION}-1.$(lsb_release -sc)_${TARGETARCH}.deb
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/kubernetes-entrypoint/Earthfile b/images/kubernetes-entrypoint/Earthfile
index 6844da2..83624d6 100644
--- a/images/kubernetes-entrypoint/Earthfile
+++ b/images/kubernetes-entrypoint/Earthfile
@@ -1,4 +1,6 @@
 VERSION 0.7
+
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global COMMIT=e8c2b17e1261c6a1b0fed1fcd5e1c337fc014219
 
 build:
@@ -26,8 +28,8 @@
   USER 65534
   ENTRYPOINT ["/kubernetes-entrypoint"]
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:${COMMIT} \
-    ghcr.io/vexxhost/atmosphere/kubernetes-entrypoint:latest
+    ${REGISTRY}/kubernetes-entrypoint:${COMMIT} \
+    ${REGISTRY}/kubernetes-entrypoint:latest
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/libvirtd/Earthfile b/images/libvirtd/Earthfile
index 31792d2..e6b01fe 100644
--- a/images/libvirtd/Earthfile
+++ b/images/libvirtd/Earthfile
@@ -1,5 +1,7 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
+
 platform-image:
   ARG RELEASE=zed
   FROM ../cloud-archive-base+image --RELEASE=${RELEASE}
@@ -14,7 +16,7 @@
   END
   DO ../+APT_INSTALL --PACKAGES="ceph-common cgroup-tools dmidecode ebtables iproute2 ipxe-qemu kmod libvirt-clients libvirt-daemon-system openssh-client openvswitch-switch ovmf pm-utils qemu-block-extra qemu-efi qemu-kvm seabios"
   DO ../+CREATE_PROJECT_USER --PROJECT=nova
-  SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/libvirtd:${RELEASE}
+  SAVE IMAGE --push ${REGISTRY}/libvirtd:${RELEASE}
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/magnum/Earthfile b/images/magnum/Earthfile
index b3d386c..52e0ac5 100644
--- a/images/magnum/Earthfile
+++ b/images/magnum/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=magnum
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=156f6f52d38a670e6fe10725966aeea4ddf65146
@@ -18,5 +19,5 @@
     --PACKAGES "haproxy"
   COPY ../helm+binary/helm /usr/local/bin/helm
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/manila/Earthfile b/images/manila/Earthfile
index 5718142..cd5dd98 100644
--- a/images/manila/Earthfile
+++ b/images/manila/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=manila
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=98bc755673fe48a9c67203e4262315b048efe25d
@@ -16,5 +17,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "iproute2 openvswitch-switch"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/netoffload/Earthfile b/images/netoffload/Earthfile
index 557a394..ef68195 100644
--- a/images/netoffload/Earthfile
+++ b/images/netoffload/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=netoffload
 ARG --global RELEASE=main
 ARG --global PROJECT_REF=94b8c0fdb0b83bd1b7e14b9a58077a047c78a800
@@ -20,8 +21,8 @@
   COPY +build/offloadctl /usr/local/bin/offloadctl
   ENTRYPOINT ["/usr/local/bin/offloadctl"]
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/neutron/Earthfile b/images/neutron/Earthfile
index a9b4712..d4b1bff 100644
--- a/images/neutron/Earthfile
+++ b/images/neutron/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=neutron
 ARG --global RELEASE=zed
 ARG --global PROJECT_REF=222c997022392561c2de2cb493f0f5214eb20dfc
@@ -17,8 +18,8 @@
   DO ../+APT_INSTALL \
     --PACKAGES "conntrack dnsmasq dnsmasq-utils ebtables ethtool haproxy iproute2 ipset iptables iputils-arping jq keepalived lshw openvswitch-switch strongswan uuid-runtime"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/nova-ssh/Earthfile b/images/nova-ssh/Earthfile
index 7572665..ac8bac9 100644
--- a/images/nova-ssh/Earthfile
+++ b/images/nova-ssh/Earthfile
@@ -1,5 +1,7 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
+
 platform-image:
   FROM ../base+image
   DO ../+CREATE_PROJECT_USER \
@@ -11,7 +13,7 @@
     chown -R nova: /etc/ssh && \
     mkdir /var/run/sshd && \
     chmod 0755 /var/run/sshd
-  SAVE IMAGE --push ghcr.io/vexxhost/atmosphere/nova-ssh:latest
+  SAVE IMAGE --push ${REGISTRY}/nova-ssh:latest
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/nova/Earthfile b/images/nova/Earthfile
index 2780578..9b3f764 100644
--- a/images/nova/Earthfile
+++ b/images/nova/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=nova
 ARG --global RELEASE=zed
 ARG --global PROJECT_REF=226f3e95c1cdadd1845c7adee55f5c5f29f3a7a8
@@ -17,8 +18,8 @@
     --PACKAGES "ceph-common genisoimage iproute2 libosinfo-bin lsscsi ndctl nvme-cli openssh-client ovmf python3-libvirt python3-rados python3-rbd qemu-efi-aarch64 qemu-utils sysfsutils udev util-linux"
   GIT CLONE --branch v1.4.0 https://github.com/novnc/noVNC.git /usr/share/novnc
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/octavia/Earthfile b/images/octavia/Earthfile
index d37ba36..906e325 100644
--- a/images/octavia/Earthfile
+++ b/images/octavia/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=octavia
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=88d7315a60314e44fcce88ad198ceb3c0c107fe6
@@ -17,5 +18,5 @@
   DO ../+APT_INSTALL \
     --PACKAGES "isc-dhcp-client openssh-client"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/openstack-service/Earthfile b/images/openstack-service/Earthfile
index df267aa..350eb7b 100644
--- a/images/openstack-service/Earthfile
+++ b/images/openstack-service/Earthfile
@@ -1,7 +1,7 @@
-VERSION 0.7
+VERSION 0.8
 
 PIP_INSTALL:
-  COMMAND
+  FUNCTION
   ARG PACKAGES
   RUN --mount=type=cache,target=/root/.cache \
     /var/lib/openstack/bin/pip3 install \
@@ -9,7 +9,7 @@
       ${PACKAGES}
 
 GIT_CHECKOUT:
-  COMMAND
+  FUNCTION
   ARG PROJECT
   ARG PROJECT_REPO=https://github.com/openstack/${PROJECT}
   ARG PROJECT_REF
@@ -24,7 +24,7 @@
   END
 
 BUILD_VENV:
-  COMMAND
+  FUNCTION
   ARG PROJECT
   ARG PROJECT_REPO=https://github.com/openstack/${PROJECT}
   ARG PROJECT_REF
diff --git a/images/openvswitch/Earthfile b/images/openvswitch/Earthfile
index d53786f..b72a75d 100644
--- a/images/openvswitch/Earthfile
+++ b/images/openvswitch/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global SERIES=3.1
 ARG --global VERSION=3.1.0-65
 
@@ -9,8 +10,8 @@
   DO ../+DNF_INSTALL --PACKAGES "centos-release-nfv-openvswitch.noarch"
   DO ../+DNF_INSTALL --PACKAGES "openvswitch${SERIES}-${VERSION}.el9s iptables"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/openvswitch:${SERIES} \
-    ghcr.io/vexxhost/atmosphere/openvswitch:${VERSION}
+    ${REGISTRY}/openvswitch:${SERIES} \
+    ${REGISTRY}/openvswitch:${VERSION}
 
 image:
   BUILD --platform linux/amd64 --platform linux/arm64 +platform-image
diff --git a/images/ovn/Earthfile b/images/ovn/Earthfile
index 436535a..aa4507f 100644
--- a/images/ovn/Earthfile
+++ b/images/ovn/Earthfile
@@ -1,19 +1,35 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global SERIES=23.03
 ARG --global VERSION=23.03.0-69
 
+ovn-kubernetes:
+  FROM golang:1.20
+  GIT CLONE --branch master https://github.com/ovn-org/ovn-kubernetes /src
+  WORKDIR /src
+  COPY patches/ovn-kubernetes /patches
+  DO ../+APT_INSTALL --PACKAGES "git"
+  RUN git apply --verbose /patches/*.patch
+  SAVE ARTIFACT /src/dist/images/ovndb-raft-functions.sh
+  SAVE ARTIFACT /src/dist/images/ovnkube.sh
+  RUN \
+    cd /src/go-controller && \
+    go build -o /build/ovn-kube-util ./cmd/ovn-kube-util
+  SAVE ARTIFACT /build/ovn-kube-util
+
 component-image:
   FROM ../openvswitch+platform-image
   DO ../+DNF_INSTALL --PACKAGES "firewalld-filesystem hostname ovn${SERIES}-${VERSION}.el9s procps-ng"
   ARG --required NAME
   DO ../+DNF_INSTALL --PACKAGES "ovn${SERIES}-${NAME}-${VERSION}.el9s"
-  IF [ "${NAME}" = "host" ]
-    COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
-  END
+  COPY ../kubernetes+image/kubectl /usr/local/bin/kubectl
+  COPY +ovn-kubernetes/ovndb-raft-functions.sh /root
+  COPY +ovn-kubernetes/ovnkube.sh /root
+  COPY +ovn-kubernetes/ovn-kube-util /usr/bin
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/ovn-${NAME}:${SERIES} \
-    ghcr.io/vexxhost/atmosphere/ovn-${NAME}:${VERSION}
+    ${REGISTRY}/ovn-${NAME}:${SERIES} \
+    ${REGISTRY}/ovn-${NAME}:${VERSION}
 
 central:
   BUILD +component-image --NAME central
diff --git a/images/ovn/patches/ovn-kubernetes/0001-chore-refactor-to-using-OVN_KUBERNETES_STATEFULSET.patch b/images/ovn/patches/ovn-kubernetes/0001-chore-refactor-to-using-OVN_KUBERNETES_STATEFULSET.patch
new file mode 100644
index 0000000..8071192
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0001-chore-refactor-to-using-OVN_KUBERNETES_STATEFULSET.patch
@@ -0,0 +1,161 @@
+From 0227559bb404c3d7d5f32737809c38024bbabef0 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 18 Jan 2024 12:42:24 -0500
+Subject: [PATCH 1/2] chore: refactor to using OVN_KUBERNETES_STATEFULSET
+
+---
+ dist/images/ovndb-raft-functions.sh | 32 ++++++++++++++---------------
+ dist/images/ovnkube.sh              |  5 ++++-
+ 2 files changed, 20 insertions(+), 17 deletions(-)
+
+diff --git a/dist/images/ovndb-raft-functions.sh b/dist/images/ovndb-raft-functions.sh
+index dceb4ec2e..65e9b6d9b 100644
+--- a/dist/images/ovndb-raft-functions.sh
++++ b/dist/images/ovndb-raft-functions.sh
+@@ -10,7 +10,7 @@ verify-ovsdb-raft() {
+   fi
+ 
+   replicas=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+-    get statefulset -n ${ovn_kubernetes_namespace} ovnkube-db -o=jsonpath='{.spec.replicas}')
++    get statefulset -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset} -o=jsonpath='{.spec.replicas}')
+   if [[ ${replicas} -lt 3 || $((${replicas} % 2)) -eq 0 ]]; then
+     echo "at least 3 nodes need to be configured, and it must be odd number of nodes"
+     exit 1
+@@ -45,14 +45,14 @@ db_part_of_cluster() {
+ }
+ 
+ # Checks if cluster has already been initialized.
+-# If not it returns false and sets init_ip to ovnkube-db-0
++# If not it returns false and sets init_ip to ${ovn_kubernetes_statefulset}-0
+ cluster_exists() {
+   # See if ep is available ...
+   local db=${1}
+   local port=${2}
+ 
+   db_pods=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+-    get pod -n ${ovn_kubernetes_namespace} -o=jsonpath='{.items[*].metadata.name}' | egrep -o 'ovnkube-db[^ ]+')
++    get pod -n ${ovn_kubernetes_namespace} -o=jsonpath='{.items[*].metadata.name}' | egrep -o "${ovn_kubernetes_statefulset}[^ ]+")
+ 
+   for db_pod in $db_pods; do
+     if db_part_of_cluster $db_pod $db $port; then
+@@ -63,7 +63,7 @@ cluster_exists() {
+ 
+   # if we get here  there is no cluster, set init_ip and get out
+   init_ip="$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+-    get pod -n ${ovn_kubernetes_namespace} ovnkube-db-0 -o=jsonpath='{.status.podIP}')"
++    get pod -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset}-0 -o=jsonpath='{.status.podIP}')"
+   if [[ $? != 0 ]]; then
+     return 1
+   fi
+@@ -90,17 +90,17 @@ check_and_apply_ovnkube_db_ep() {
+ 
+   # return if ovn db service endpoint already exists
+   result=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+-      get ep -n ${ovn_kubernetes_namespace} ovnkube-db 2>&1)
++      get ep -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset} 2>&1)
+   test $? -eq 0 && return
+   if ! echo ${result} | grep -q "NotFound"; then
+-      echo "Failed to find ovnkube-db endpoint: ${result}, Exiting..."
++      echo "Failed to find ${ovn_kubernetes_statefulset} endpoint: ${result}, Exiting..."
+       exit 12
+   fi
+-  # Get IPs of all ovnkube-db PODs
++  # Get IPs of all ${ovn_kubernetes_statefulset} PODs
+   ips=()
+   for ((i = 0; i < ${replicas}; i++)); do
+     ip=$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+-      get pod -n ${ovn_kubernetes_namespace} ovnkube-db-${i} -o=jsonpath='{.status.podIP}')
++      get pod -n ${ovn_kubernetes_namespace} ${ovn_kubernetes_statefulset}-${i} -o=jsonpath='{.status.podIP}')
+     if [[ ${ip} == "" ]]; then
+       break
+     fi
+@@ -108,7 +108,7 @@ check_and_apply_ovnkube_db_ep() {
+   done
+ 
+   if [[ ${i} -eq ${replicas} ]]; then
+-    # Number of POD IPs is same as number of statefulset replicas. Now, if the number of ovnkube-db endpoints
++    # Number of POD IPs is same as number of statefulset replicas. Now, if the number of ${ovn_kubernetes_statefulset} endpoints
+     # is 0, then we are applying the endpoint for the first time. So, we need to make sure that each of the
+     # pod IP responds to the `ovsdb-client list-dbs` call before we set the endpoint. If they don't, retry several
+     # times and then give up.
+@@ -170,7 +170,7 @@ set_election_timer() {
+   return 0
+ }
+ 
+-# set_connection() will be called for ovnkube-db-0 pod when :
++# set_connection() will be called for ${ovn_kubernetes_statefulset}-0 pod when :
+ #    1. it is first started or
+ #    2. it restarts after the initial start has failed or
+ #    3. subsequent restarts during the lifetime of the pod
+@@ -307,7 +307,7 @@ ovsdb-raft() {
+       --ovn-${db}-log="${ovn_loglevel_db}" &
+     else
+       # either we need to initialize a new cluster or wait for db-0 to create it
+-      if [[ "${POD_NAME}" == "ovnkube-db-0" ]]; then
++      if [[ "${POD_NAME}" == "${ovn_kubernetes_statefulset}-0" ]]; then
+         echo "Cluster does not exist for DB: ${db}, creating new raft cluster"
+         run_as_ovs_user_if_needed \
+         ${OVNCTL_PATH} run_${db}_ovsdb --no-monitor \
+@@ -317,7 +317,7 @@ ovsdb-raft() {
+         ${db_ssl_opts} \
+         --ovn-${db}-log="${ovn_loglevel_db}" &
+       else
+-        echo "Cluster does not exist for DB: ${db}, waiting for ovnkube-db-0 pod to create it"
++        echo "Cluster does not exist for DB: ${db}, waiting for ${ovn_kubernetes_statefulset}-0 pod to create it"
+         # all non pod-0 pods will be blocked here till connection is set
+         wait_for_event cluster_exists ${db} ${port}
+         run_as_ovs_user_if_needed \
+@@ -356,8 +356,8 @@ ovsdb-raft() {
+   fi
+   echo "=============== ${db}-ovsdb-raft ========== RUNNING"
+ 
+-  if [[ "${POD_NAME}" == "ovnkube-db-0" ]]; then
+-    # post raft create work has to be done only once and in ovnkube-db-0 while it is still
++  if [[ "${POD_NAME}" == "${ovn_kubernetes_statefulset}-0" ]]; then
++    # post raft create work has to be done only once and in ${ovn_kubernetes_statefulset}-0 while it is still
+     # a single-node cluster, additional protection against the case when pod-0 isn't a leader
+     # is needed in the cases of sudden pod-0 initialization logic restarts
+     current_raft_role=$(ovs-appctl -t ${OVN_RUNDIR}/ovn${db}_db.ctl cluster/status ${database} 2>&1 | grep "^Role")
+@@ -381,9 +381,9 @@ ovsdb-raft() {
+   fi
+ 
+   last_node_index=$(expr ${replicas} - 1)
+-  # Create endpoints only if all ovnkube-db pods have started and are running. We do this
++  # Create endpoints only if all ${ovn_kubernetes_statefulset} pods have started and are running. We do this
+   # from the last pod of the statefulset.
+-  if [[ ${db} == "nb" && "${POD_NAME}" == "ovnkube-db-"${last_node_index} ]]; then
++  if [[ ${db} == "nb" && "${POD_NAME}" == "${ovn_kubernetes_statefulset}-"${last_node_index} ]]; then
+     check_and_apply_ovnkube_db_ep ${port}
+   fi
+ 
+diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
+index bf3989e37..720b3e14d 100755
+--- a/dist/images/ovnkube.sh
++++ b/dist/images/ovnkube.sh
+@@ -40,6 +40,7 @@ fi
+ # OVN_NET_CIDR - the network cidr - v3
+ # OVN_SVC_CIDR - the cluster-service-cidr - v3
+ # OVN_KUBERNETES_NAMESPACE - k8s namespace - v3
++# OVN_KUBERNETES_STATEFULSET - k8s statefulset - v3
+ # K8S_NODE - hostname of the node - v3
+ #
+ # OVN_DAEMONSET_VERSION - version match daemonset and image - v3
+@@ -198,12 +199,14 @@ metrics_bind_port=${OVN_METRICS_BIND_PORT:-9476}
+ metrics_exporter_port=${OVN_METRICS_EXPORTER_PORT:-9310}
+ 
+ ovn_kubernetes_namespace=${OVN_KUBERNETES_NAMESPACE:-ovn-kubernetes}
++ovn_kubernetes_statefulset=${OVN_KUBERNETES_STATEFULSET:-ovnkube-db}
++
+ # namespace used for classifying host network traffic
+ ovn_host_network_namespace=${OVN_HOST_NETWORK_NAMESPACE:-ovn-host-network}
+ 
+ # host on which ovnkube-db POD is running and this POD contains both
+ # OVN NB and SB DB running in their own container.
+-ovn_db_host=${K8S_NODE_IP:-""}
++ovn_db_host=${K8S_NODE_IP:-$(hostname -f)}
+ 
+ # OVN_NB_PORT - ovn north db port (default 6641)
+ ovn_nb_port=${OVN_NB_PORT:-6641}
+-- 
+2.42.0
+
diff --git a/images/ovn/patches/ovn-kubernetes/0002-chore-northd-refactor-to-being-able-to-use-split-svc.patch b/images/ovn/patches/ovn-kubernetes/0002-chore-northd-refactor-to-being-able-to-use-split-svc.patch
new file mode 100644
index 0000000..c615f63
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0002-chore-northd-refactor-to-being-able-to-use-split-svc.patch
@@ -0,0 +1,144 @@
+From 90851bd77718bc834446ebe2ddf34b8e9383dee8 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Thu, 18 Jan 2024 16:16:11 -0500
+Subject: [PATCH 2/2] chore(northd): refactor to being able to use split svcs
+
+---
+ dist/images/ovnkube.sh | 75 +++++++++++++++++++++++++++++++++---------
+ 1 file changed, 59 insertions(+), 16 deletions(-)
+
+diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
+index 720b3e14d..1d3059cf8 100755
+--- a/dist/images/ovnkube.sh
++++ b/dist/images/ovnkube.sh
+@@ -200,6 +200,8 @@ metrics_exporter_port=${OVN_METRICS_EXPORTER_PORT:-9310}
+ 
+ ovn_kubernetes_namespace=${OVN_KUBERNETES_NAMESPACE:-ovn-kubernetes}
+ ovn_kubernetes_statefulset=${OVN_KUBERNETES_STATEFULSET:-ovnkube-db}
++ovn_kubernetes_nb_statefulset=${OVN_KUBERNETES_NB_STATEFULSET:-ovnkube-db}
++ovn_kubernetes_sb_statefulset=${OVN_KUBERNETES_SB_STATEFULSET:-ovnkube-db}
+ 
+ # namespace used for classifying host network traffic
+ ovn_host_network_namespace=${OVN_HOST_NETWORK_NAMESPACE:-ovn-host-network}
+@@ -374,6 +376,24 @@ wait_for_event() {
+   done
+ }
+ 
++wait_for_db () {
++  local db=$1
++  local ep=$(get_ovnkube_zone_db_ep ${db})
++
++  echo "Getting the ${ep} ep"
++  # See if ep is available ...
++  IFS=" " read -a ep_hosts <<<"$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
++    get endpointslice -n ${ovn_kubernetes_namespace} -l kubernetes.io/service-name=${ep} -o=jsonpath='{range .items[0].endpoints[*]}{.addresses[0]} ')"
++  if [[ ${#ep_hosts[@]} == 0 ]]; then
++    return 1
++  fi
++
++  ep_hosts_string="${ep_hosts[*]}"
++  declare -g -a "ovn_${db}db_hosts=($ep_hosts_string)"
++
++  return 0
++}
++
+ # The ovnkube-db kubernetes service must be populated with OVN DB service endpoints
+ # before various OVN K8s containers can come up. This functions checks for that.
+ # If OVN dbs are configured to listen only on unix sockets, then there will not be
+@@ -384,15 +404,18 @@ ready_to_start_node() {
+     return 0
+   fi
+ 
+-  ovnkube_db_ep=$(get_ovnkube_zone_db_ep)
+-  echo "Getting the ${ovnkube_db_ep} ep"
+-  # See if ep is available ...
+-  IFS=" " read -a ovn_db_hosts <<<"$(kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} \
+-    get ep -n ${ovn_kubernetes_namespace} ${ovnkube_db_ep} -o=jsonpath='{range .subsets[0].addresses[*]}{.ip}{" "}')"
+-  if [[ ${#ovn_db_hosts[@]} == 0 ]]; then
++  wait_for_db nb
++  if [[ $? != 0 ]]; then
++    return 1
++  fi
++
++  wait_for_db sb
++  if [[ $? != 0 ]]; then
+     return 1
+   fi
++
+   get_ovn_db_vars
++
+   return 0
+ }
+ # wait_for_event ready_to_start_node
+@@ -410,17 +433,29 @@ check_ovn_daemonset_version() {
+ }
+ 
+ get_ovn_db_vars() {
++
++  index=0
+   ovn_nbdb_str=""
+-  ovn_sbdb_str=""
+-  for i in "${ovn_db_hosts[@]}"; do
++  for i in "${ovn_nbdb_hosts[@]}"; do
+     if [ -n "$ovn_nbdb_str" ]; then
+       ovn_nbdb_str=${ovn_nbdb_str}","
++    fi
++    host="${ovn_kubernetes_nb_statefulset}-${index}.${ovn_kubernetes_nb_statefulset}.${ovn_kubernetes_namespace}.svc.cluster.local"
++    ovn_nbdb_str=${ovn_nbdb_str}${transport}://${host}:${ovn_nb_port}
++    index=$((index + 1))
++  done
++
++  index=0
++  ovn_sbdb_str=""
++  for i in "${ovn_sbdb_hosts[@]}"; do
++    if [ -n "$ovn_sbdb_str" ]; then
+       ovn_sbdb_str=${ovn_sbdb_str}","
+     fi
+-    ip=$(bracketify $i)
+-    ovn_nbdb_str=${ovn_nbdb_str}${transport}://${ip}:${ovn_nb_port}
+-    ovn_sbdb_str=${ovn_sbdb_str}${transport}://${ip}:${ovn_sb_port}
++    host="${ovn_kubernetes_sb_statefulset}-${index}.${ovn_kubernetes_sb_statefulset}.${ovn_kubernetes_namespace}.svc.cluster.local"
++    ovn_sbdb_str=${ovn_sbdb_str}${transport}://${host}:${ovn_sb_port}
++    index=$((index + 1))
+   done
++
+   # OVN_NORTH and OVN_SOUTH override derived host
+   ovn_nbdb=${OVN_NORTH:-$ovn_nbdb_str}
+   ovn_sbdb=${OVN_SOUTH:-$ovn_sbdb_str}
+@@ -730,7 +765,7 @@ set_ovnkube_db_ep() {
+   ips=("$@")
+ 
+   ovn_zone=$(get_node_zone)
+-  ovnkube_db_ep=$(get_ovnkube_zone_db_ep)
++  ovnkube_db_ep=$(get_ovnkube_zone_db_ep sb)
+   echo "=============== setting ${ovnkube_db_ep} endpoints to ${ips[@]}"
+   # create a new endpoint for the headless onvkube-db service without selectors
+   kubectl --server=${K8S_APISERVER} --token=${k8s_token} --certificate-authority=${K8S_CACERT} apply -f - <<EOF
+@@ -779,12 +814,20 @@ function get_node_zone() {
+ }
+ 
+ function get_ovnkube_zone_db_ep() {
+-  zone=$(get_node_zone)
+-  if [ "$zone" == "global" ]; then
+-      echo "ovnkube-db"
++  local db=$1
++
++  if [ "$db" == "nb" ]; then
++      ep="${ovn_kubernetes_nb_statefulset}"
+   else
+-      echo "ovnkube-db-$zone"
++      ep="${ovn_kubernetes_sb_statefulset}"
+   fi
++
++  zone=$(get_node_zone)
++  if [ "$zone" != "global" ]; then
++      ep="${ep}-${zone}"
++  fi
++
++  echo "${ep}"
+ }
+ 
+ # v3 - run nb_ovsdb in a separate container
+-- 
+2.42.0
+
diff --git a/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch b/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch
new file mode 100644
index 0000000..66e0b00
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0003-chore-bump-golang.org-x-crypto-for-security.patch
@@ -0,0 +1,6184 @@
+From 6d47afb26fb1bb1e6d5668f336ee292ad48954f3 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Sun, 4 Feb 2024 02:22:36 -0500
+Subject: [PATCH] chore: bump golang.org/x/crypto for security
+
+---
+ go-controller/go.mod                          |  8 +-
+ go-controller/go.sum                          | 16 ++--
+ .../golang.org/x/sys/execabs/execabs_go118.go |  1 -
+ .../golang.org/x/sys/execabs/execabs_go119.go |  1 -
+ .../golang.org/x/sys/plan9/pwd_go15_plan9.go  |  1 -
+ .../golang.org/x/sys/plan9/pwd_plan9.go       |  1 -
+ .../vendor/golang.org/x/sys/plan9/race.go     |  1 -
+ .../vendor/golang.org/x/sys/plan9/race0.go    |  1 -
+ .../vendor/golang.org/x/sys/plan9/str.go      |  1 -
+ .../vendor/golang.org/x/sys/plan9/syscall.go  |  1 -
+ .../x/sys/plan9/zsyscall_plan9_386.go         |  1 -
+ .../x/sys/plan9/zsyscall_plan9_amd64.go       |  1 -
+ .../x/sys/plan9/zsyscall_plan9_arm.go         |  1 -
+ .../vendor/golang.org/x/sys/unix/aliases.go   |  2 -
+ .../golang.org/x/sys/unix/asm_aix_ppc64.s     |  1 -
+ .../golang.org/x/sys/unix/asm_bsd_386.s       |  2 -
+ .../golang.org/x/sys/unix/asm_bsd_amd64.s     |  2 -
+ .../golang.org/x/sys/unix/asm_bsd_arm.s       |  2 -
+ .../golang.org/x/sys/unix/asm_bsd_arm64.s     |  2 -
+ .../golang.org/x/sys/unix/asm_bsd_ppc64.s     |  2 -
+ .../golang.org/x/sys/unix/asm_bsd_riscv64.s   |  2 -
+ .../golang.org/x/sys/unix/asm_linux_386.s     |  1 -
+ .../golang.org/x/sys/unix/asm_linux_amd64.s   |  1 -
+ .../golang.org/x/sys/unix/asm_linux_arm.s     |  1 -
+ .../golang.org/x/sys/unix/asm_linux_arm64.s   |  3 -
+ .../golang.org/x/sys/unix/asm_linux_loong64.s |  3 -
+ .../golang.org/x/sys/unix/asm_linux_mips64x.s |  3 -
+ .../golang.org/x/sys/unix/asm_linux_mipsx.s   |  3 -
+ .../golang.org/x/sys/unix/asm_linux_ppc64x.s  |  3 -
+ .../golang.org/x/sys/unix/asm_linux_riscv64.s |  2 -
+ .../golang.org/x/sys/unix/asm_linux_s390x.s   |  3 -
+ .../x/sys/unix/asm_openbsd_mips64.s           |  1 -
+ .../golang.org/x/sys/unix/asm_solaris_amd64.s |  1 -
+ .../golang.org/x/sys/unix/asm_zos_s390x.s     |  3 -
+ .../golang.org/x/sys/unix/cap_freebsd.go      |  1 -
+ .../vendor/golang.org/x/sys/unix/constants.go |  1 -
+ .../golang.org/x/sys/unix/dev_aix_ppc.go      |  1 -
+ .../golang.org/x/sys/unix/dev_aix_ppc64.go    |  1 -
+ .../vendor/golang.org/x/sys/unix/dev_zos.go   |  1 -
+ .../vendor/golang.org/x/sys/unix/dirent.go    |  1 -
+ .../golang.org/x/sys/unix/endian_big.go       |  1 -
+ .../golang.org/x/sys/unix/endian_little.go    |  1 -
+ .../vendor/golang.org/x/sys/unix/env_unix.go  |  1 -
+ .../vendor/golang.org/x/sys/unix/epoll_zos.go |  1 -
+ .../vendor/golang.org/x/sys/unix/fcntl.go     |  3 +-
+ .../x/sys/unix/fcntl_linux_32bit.go           |  1 -
+ .../vendor/golang.org/x/sys/unix/fdset.go     |  1 -
+ .../golang.org/x/sys/unix/fstatfs_zos.go      |  1 -
+ .../vendor/golang.org/x/sys/unix/gccgo.go     |  1 -
+ .../vendor/golang.org/x/sys/unix/gccgo_c.c    |  1 -
+ .../x/sys/unix/gccgo_linux_amd64.go           |  1 -
+ .../golang.org/x/sys/unix/ifreq_linux.go      |  1 -
+ .../golang.org/x/sys/unix/ioctl_linux.go      |  5 +
+ .../golang.org/x/sys/unix/ioctl_signed.go     |  1 -
+ .../golang.org/x/sys/unix/ioctl_unsigned.go   |  1 -
+ .../vendor/golang.org/x/sys/unix/ioctl_zos.go |  1 -
+ .../vendor/golang.org/x/sys/unix/mkerrors.sh  |  4 +-
+ .../golang.org/x/sys/unix/mmap_nomremap.go    |  1 -
+ .../vendor/golang.org/x/sys/unix/mremap.go    |  1 -
+ .../golang.org/x/sys/unix/pagesize_unix.go    |  1 -
+ .../golang.org/x/sys/unix/pledge_openbsd.go   | 92 ++++---------------
+ .../golang.org/x/sys/unix/ptrace_darwin.go    |  1 -
+ .../golang.org/x/sys/unix/ptrace_ios.go       |  1 -
+ .../vendor/golang.org/x/sys/unix/race.go      |  1 -
+ .../vendor/golang.org/x/sys/unix/race0.go     |  1 -
+ .../x/sys/unix/readdirent_getdents.go         |  1 -
+ .../x/sys/unix/readdirent_getdirentries.go    |  1 -
+ .../golang.org/x/sys/unix/sockcmsg_unix.go    |  1 -
+ .../x/sys/unix/sockcmsg_unix_other.go         |  1 -
+ .../vendor/golang.org/x/sys/unix/syscall.go   |  1 -
+ .../golang.org/x/sys/unix/syscall_aix.go      |  4 +-
+ .../golang.org/x/sys/unix/syscall_aix_ppc.go  |  1 -
+ .../x/sys/unix/syscall_aix_ppc64.go           |  1 -
+ .../golang.org/x/sys/unix/syscall_bsd.go      |  3 +-
+ .../x/sys/unix/syscall_darwin_amd64.go        |  1 -
+ .../x/sys/unix/syscall_darwin_arm64.go        |  1 -
+ .../x/sys/unix/syscall_darwin_libSystem.go    |  1 -
+ .../x/sys/unix/syscall_dragonfly_amd64.go     |  1 -
+ .../x/sys/unix/syscall_freebsd_386.go         |  1 -
+ .../x/sys/unix/syscall_freebsd_amd64.go       |  1 -
+ .../x/sys/unix/syscall_freebsd_arm.go         |  1 -
+ .../x/sys/unix/syscall_freebsd_arm64.go       |  1 -
+ .../x/sys/unix/syscall_freebsd_riscv64.go     |  1 -
+ .../golang.org/x/sys/unix/syscall_hurd.go     |  1 -
+ .../golang.org/x/sys/unix/syscall_hurd_386.go |  1 -
+ .../golang.org/x/sys/unix/syscall_illumos.go  |  1 -
+ .../golang.org/x/sys/unix/syscall_linux.go    | 33 ++++---
+ .../x/sys/unix/syscall_linux_386.go           |  1 -
+ .../x/sys/unix/syscall_linux_alarm.go         |  2 -
+ .../x/sys/unix/syscall_linux_amd64.go         |  1 -
+ .../x/sys/unix/syscall_linux_amd64_gc.go      |  1 -
+ .../x/sys/unix/syscall_linux_arm.go           |  1 -
+ .../x/sys/unix/syscall_linux_arm64.go         |  1 -
+ .../golang.org/x/sys/unix/syscall_linux_gc.go |  1 -
+ .../x/sys/unix/syscall_linux_gc_386.go        |  1 -
+ .../x/sys/unix/syscall_linux_gc_arm.go        |  1 -
+ .../x/sys/unix/syscall_linux_gccgo_386.go     |  1 -
+ .../x/sys/unix/syscall_linux_gccgo_arm.go     |  1 -
+ .../x/sys/unix/syscall_linux_loong64.go       |  1 -
+ .../x/sys/unix/syscall_linux_mips64x.go       |  2 -
+ .../x/sys/unix/syscall_linux_mipsx.go         |  2 -
+ .../x/sys/unix/syscall_linux_ppc.go           |  1 -
+ .../x/sys/unix/syscall_linux_ppc64x.go        |  2 -
+ .../x/sys/unix/syscall_linux_riscv64.go       |  1 -
+ .../x/sys/unix/syscall_linux_s390x.go         |  1 -
+ .../x/sys/unix/syscall_linux_sparc64.go       |  1 -
+ .../x/sys/unix/syscall_netbsd_386.go          |  1 -
+ .../x/sys/unix/syscall_netbsd_amd64.go        |  1 -
+ .../x/sys/unix/syscall_netbsd_arm.go          |  1 -
+ .../x/sys/unix/syscall_netbsd_arm64.go        |  1 -
+ .../golang.org/x/sys/unix/syscall_openbsd.go  | 28 ++++--
+ .../x/sys/unix/syscall_openbsd_386.go         |  1 -
+ .../x/sys/unix/syscall_openbsd_amd64.go       |  1 -
+ .../x/sys/unix/syscall_openbsd_arm.go         |  1 -
+ .../x/sys/unix/syscall_openbsd_arm64.go       |  1 -
+ .../x/sys/unix/syscall_openbsd_libc.go        |  1 -
+ .../x/sys/unix/syscall_openbsd_ppc64.go       |  1 -
+ .../x/sys/unix/syscall_openbsd_riscv64.go     |  1 -
+ .../golang.org/x/sys/unix/syscall_solaris.go  |  5 +-
+ .../x/sys/unix/syscall_solaris_amd64.go       |  1 -
+ .../golang.org/x/sys/unix/syscall_unix.go     |  1 -
+ .../golang.org/x/sys/unix/syscall_unix_gc.go  |  2 -
+ .../x/sys/unix/syscall_unix_gc_ppc64x.go      |  3 -
+ .../x/sys/unix/syscall_zos_s390x.go           |  3 +-
+ .../golang.org/x/sys/unix/sysvshm_linux.go    |  1 -
+ .../golang.org/x/sys/unix/sysvshm_unix.go     |  1 -
+ .../x/sys/unix/sysvshm_unix_other.go          |  1 -
+ .../golang.org/x/sys/unix/timestruct.go       |  1 -
+ .../golang.org/x/sys/unix/unveil_openbsd.go   | 41 +++++----
+ .../vendor/golang.org/x/sys/unix/xattr_bsd.go |  1 -
+ .../golang.org/x/sys/unix/zerrors_aix_ppc.go  |  1 -
+ .../x/sys/unix/zerrors_aix_ppc64.go           |  1 -
+ .../x/sys/unix/zerrors_darwin_amd64.go        |  1 -
+ .../x/sys/unix/zerrors_darwin_arm64.go        |  1 -
+ .../x/sys/unix/zerrors_dragonfly_amd64.go     |  1 -
+ .../x/sys/unix/zerrors_freebsd_386.go         |  1 -
+ .../x/sys/unix/zerrors_freebsd_amd64.go       |  1 -
+ .../x/sys/unix/zerrors_freebsd_arm.go         |  1 -
+ .../x/sys/unix/zerrors_freebsd_arm64.go       |  1 -
+ .../x/sys/unix/zerrors_freebsd_riscv64.go     |  1 -
+ .../golang.org/x/sys/unix/zerrors_linux.go    | 14 ++-
+ .../x/sys/unix/zerrors_linux_386.go           |  1 -
+ .../x/sys/unix/zerrors_linux_amd64.go         |  1 -
+ .../x/sys/unix/zerrors_linux_arm.go           |  1 -
+ .../x/sys/unix/zerrors_linux_arm64.go         |  1 -
+ .../x/sys/unix/zerrors_linux_loong64.go       |  2 +-
+ .../x/sys/unix/zerrors_linux_mips.go          |  1 -
+ .../x/sys/unix/zerrors_linux_mips64.go        |  1 -
+ .../x/sys/unix/zerrors_linux_mips64le.go      |  1 -
+ .../x/sys/unix/zerrors_linux_mipsle.go        |  1 -
+ .../x/sys/unix/zerrors_linux_ppc.go           |  1 -
+ .../x/sys/unix/zerrors_linux_ppc64.go         |  1 -
+ .../x/sys/unix/zerrors_linux_ppc64le.go       |  1 -
+ .../x/sys/unix/zerrors_linux_riscv64.go       |  4 +-
+ .../x/sys/unix/zerrors_linux_s390x.go         |  1 -
+ .../x/sys/unix/zerrors_linux_sparc64.go       |  1 -
+ .../x/sys/unix/zerrors_netbsd_386.go          |  1 -
+ .../x/sys/unix/zerrors_netbsd_amd64.go        |  1 -
+ .../x/sys/unix/zerrors_netbsd_arm.go          |  1 -
+ .../x/sys/unix/zerrors_netbsd_arm64.go        |  1 -
+ .../x/sys/unix/zerrors_openbsd_386.go         |  1 -
+ .../x/sys/unix/zerrors_openbsd_amd64.go       |  1 -
+ .../x/sys/unix/zerrors_openbsd_arm.go         |  1 -
+ .../x/sys/unix/zerrors_openbsd_arm64.go       |  1 -
+ .../x/sys/unix/zerrors_openbsd_mips64.go      |  1 -
+ .../x/sys/unix/zerrors_openbsd_ppc64.go       |  1 -
+ .../x/sys/unix/zerrors_openbsd_riscv64.go     |  1 -
+ .../x/sys/unix/zerrors_solaris_amd64.go       |  1 -
+ .../x/sys/unix/zerrors_zos_s390x.go           |  1 -
+ .../x/sys/unix/zptrace_armnn_linux.go         |  2 -
+ .../x/sys/unix/zptrace_mipsnn_linux.go        |  2 -
+ .../x/sys/unix/zptrace_mipsnnle_linux.go      |  2 -
+ .../x/sys/unix/zptrace_x86_linux.go           |  2 -
+ .../golang.org/x/sys/unix/zsyscall_aix_ppc.go |  1 -
+ .../x/sys/unix/zsyscall_aix_ppc64.go          |  1 -
+ .../x/sys/unix/zsyscall_aix_ppc64_gc.go       |  1 -
+ .../x/sys/unix/zsyscall_aix_ppc64_gccgo.go    |  1 -
+ .../x/sys/unix/zsyscall_darwin_amd64.go       |  1 -
+ .../x/sys/unix/zsyscall_darwin_arm64.go       |  1 -
+ .../x/sys/unix/zsyscall_dragonfly_amd64.go    |  1 -
+ .../x/sys/unix/zsyscall_freebsd_386.go        |  1 -
+ .../x/sys/unix/zsyscall_freebsd_amd64.go      |  1 -
+ .../x/sys/unix/zsyscall_freebsd_arm.go        |  1 -
+ .../x/sys/unix/zsyscall_freebsd_arm64.go      |  1 -
+ .../x/sys/unix/zsyscall_freebsd_riscv64.go    |  1 -
+ .../x/sys/unix/zsyscall_illumos_amd64.go      |  1 -
+ .../golang.org/x/sys/unix/zsyscall_linux.go   | 26 +++++-
+ .../x/sys/unix/zsyscall_linux_386.go          |  1 -
+ .../x/sys/unix/zsyscall_linux_amd64.go        |  1 -
+ .../x/sys/unix/zsyscall_linux_arm.go          |  1 -
+ .../x/sys/unix/zsyscall_linux_arm64.go        |  1 -
+ .../x/sys/unix/zsyscall_linux_loong64.go      |  1 -
+ .../x/sys/unix/zsyscall_linux_mips.go         |  1 -
+ .../x/sys/unix/zsyscall_linux_mips64.go       |  1 -
+ .../x/sys/unix/zsyscall_linux_mips64le.go     |  1 -
+ .../x/sys/unix/zsyscall_linux_mipsle.go       |  1 -
+ .../x/sys/unix/zsyscall_linux_ppc.go          |  1 -
+ .../x/sys/unix/zsyscall_linux_ppc64.go        |  1 -
+ .../x/sys/unix/zsyscall_linux_ppc64le.go      |  1 -
+ .../x/sys/unix/zsyscall_linux_riscv64.go      |  1 -
+ .../x/sys/unix/zsyscall_linux_s390x.go        |  1 -
+ .../x/sys/unix/zsyscall_linux_sparc64.go      |  1 -
+ .../x/sys/unix/zsyscall_netbsd_386.go         |  1 -
+ .../x/sys/unix/zsyscall_netbsd_amd64.go       |  1 -
+ .../x/sys/unix/zsyscall_netbsd_arm.go         |  1 -
+ .../x/sys/unix/zsyscall_netbsd_arm64.go       |  1 -
+ .../x/sys/unix/zsyscall_openbsd_386.go        | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_386.s         | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_amd64.go      | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_amd64.s       | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_arm.go        | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_arm.s         | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_arm64.go      | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_arm64.s       | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_mips64.go     | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_mips64.s      | 20 ++++
+ .../x/sys/unix/zsyscall_openbsd_ppc64.go      | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_ppc64.s       | 24 +++++
+ .../x/sys/unix/zsyscall_openbsd_riscv64.go    | 72 ++++++++++++++-
+ .../x/sys/unix/zsyscall_openbsd_riscv64.s     | 20 ++++
+ .../x/sys/unix/zsyscall_solaris_amd64.go      |  1 -
+ .../x/sys/unix/zsyscall_zos_s390x.go          |  1 -
+ .../x/sys/unix/zsysctl_openbsd_386.go         |  1 -
+ .../x/sys/unix/zsysctl_openbsd_amd64.go       |  1 -
+ .../x/sys/unix/zsysctl_openbsd_arm.go         |  1 -
+ .../x/sys/unix/zsysctl_openbsd_arm64.go       |  1 -
+ .../x/sys/unix/zsysctl_openbsd_mips64.go      |  1 -
+ .../x/sys/unix/zsysctl_openbsd_ppc64.go       |  1 -
+ .../x/sys/unix/zsysctl_openbsd_riscv64.go     |  1 -
+ .../x/sys/unix/zsysnum_darwin_amd64.go        |  1 -
+ .../x/sys/unix/zsysnum_darwin_arm64.go        |  1 -
+ .../x/sys/unix/zsysnum_dragonfly_amd64.go     |  1 -
+ .../x/sys/unix/zsysnum_freebsd_386.go         |  1 -
+ .../x/sys/unix/zsysnum_freebsd_amd64.go       |  1 -
+ .../x/sys/unix/zsysnum_freebsd_arm.go         |  1 -
+ .../x/sys/unix/zsysnum_freebsd_arm64.go       |  1 -
+ .../x/sys/unix/zsysnum_freebsd_riscv64.go     |  1 -
+ .../x/sys/unix/zsysnum_linux_386.go           |  2 +-
+ .../x/sys/unix/zsysnum_linux_amd64.go         |  3 +-
+ .../x/sys/unix/zsysnum_linux_arm.go           |  2 +-
+ .../x/sys/unix/zsysnum_linux_arm64.go         |  2 +-
+ .../x/sys/unix/zsysnum_linux_loong64.go       |  2 +-
+ .../x/sys/unix/zsysnum_linux_mips.go          |  2 +-
+ .../x/sys/unix/zsysnum_linux_mips64.go        |  2 +-
+ .../x/sys/unix/zsysnum_linux_mips64le.go      |  2 +-
+ .../x/sys/unix/zsysnum_linux_mipsle.go        |  2 +-
+ .../x/sys/unix/zsysnum_linux_ppc.go           |  2 +-
+ .../x/sys/unix/zsysnum_linux_ppc64.go         |  2 +-
+ .../x/sys/unix/zsysnum_linux_ppc64le.go       |  2 +-
+ .../x/sys/unix/zsysnum_linux_riscv64.go       |  2 +-
+ .../x/sys/unix/zsysnum_linux_s390x.go         |  2 +-
+ .../x/sys/unix/zsysnum_linux_sparc64.go       |  2 +-
+ .../x/sys/unix/zsysnum_netbsd_386.go          |  1 -
+ .../x/sys/unix/zsysnum_netbsd_amd64.go        |  1 -
+ .../x/sys/unix/zsysnum_netbsd_arm.go          |  1 -
+ .../x/sys/unix/zsysnum_netbsd_arm64.go        |  1 -
+ .../x/sys/unix/zsysnum_openbsd_386.go         |  1 -
+ .../x/sys/unix/zsysnum_openbsd_amd64.go       |  1 -
+ .../x/sys/unix/zsysnum_openbsd_arm.go         |  1 -
+ .../x/sys/unix/zsysnum_openbsd_arm64.go       |  1 -
+ .../x/sys/unix/zsysnum_openbsd_mips64.go      |  1 -
+ .../x/sys/unix/zsysnum_openbsd_ppc64.go       |  1 -
+ .../x/sys/unix/zsysnum_openbsd_riscv64.go     |  1 -
+ .../x/sys/unix/zsysnum_zos_s390x.go           |  1 -
+ .../golang.org/x/sys/unix/ztypes_aix_ppc.go   |  1 -
+ .../golang.org/x/sys/unix/ztypes_aix_ppc64.go |  1 -
+ .../x/sys/unix/ztypes_darwin_amd64.go         |  1 -
+ .../x/sys/unix/ztypes_darwin_arm64.go         |  1 -
+ .../x/sys/unix/ztypes_dragonfly_amd64.go      |  1 -
+ .../x/sys/unix/ztypes_freebsd_386.go          |  1 -
+ .../x/sys/unix/ztypes_freebsd_amd64.go        |  1 -
+ .../x/sys/unix/ztypes_freebsd_arm.go          |  1 -
+ .../x/sys/unix/ztypes_freebsd_arm64.go        |  1 -
+ .../x/sys/unix/ztypes_freebsd_riscv64.go      |  1 -
+ .../golang.org/x/sys/unix/ztypes_linux.go     | 45 ++++++++-
+ .../golang.org/x/sys/unix/ztypes_linux_386.go |  1 -
+ .../x/sys/unix/ztypes_linux_amd64.go          |  1 -
+ .../golang.org/x/sys/unix/ztypes_linux_arm.go |  1 -
+ .../x/sys/unix/ztypes_linux_arm64.go          |  1 -
+ .../x/sys/unix/ztypes_linux_loong64.go        |  1 -
+ .../x/sys/unix/ztypes_linux_mips.go           |  1 -
+ .../x/sys/unix/ztypes_linux_mips64.go         |  1 -
+ .../x/sys/unix/ztypes_linux_mips64le.go       |  1 -
+ .../x/sys/unix/ztypes_linux_mipsle.go         |  1 -
+ .../golang.org/x/sys/unix/ztypes_linux_ppc.go |  1 -
+ .../x/sys/unix/ztypes_linux_ppc64.go          |  1 -
+ .../x/sys/unix/ztypes_linux_ppc64le.go        |  1 -
+ .../x/sys/unix/ztypes_linux_riscv64.go        |  1 -
+ .../x/sys/unix/ztypes_linux_s390x.go          |  1 -
+ .../x/sys/unix/ztypes_linux_sparc64.go        |  1 -
+ .../x/sys/unix/ztypes_netbsd_386.go           |  1 -
+ .../x/sys/unix/ztypes_netbsd_amd64.go         |  1 -
+ .../x/sys/unix/ztypes_netbsd_arm.go           |  1 -
+ .../x/sys/unix/ztypes_netbsd_arm64.go         |  1 -
+ .../x/sys/unix/ztypes_openbsd_386.go          |  1 -
+ .../x/sys/unix/ztypes_openbsd_amd64.go        |  1 -
+ .../x/sys/unix/ztypes_openbsd_arm.go          |  1 -
+ .../x/sys/unix/ztypes_openbsd_arm64.go        |  1 -
+ .../x/sys/unix/ztypes_openbsd_mips64.go       |  1 -
+ .../x/sys/unix/ztypes_openbsd_ppc64.go        |  1 -
+ .../x/sys/unix/ztypes_openbsd_riscv64.go      |  1 -
+ .../x/sys/unix/ztypes_solaris_amd64.go        |  1 -
+ .../golang.org/x/sys/unix/ztypes_zos_s390x.go |  1 -
+ .../golang.org/x/sys/windows/aliases.go       |  1 -
+ .../vendor/golang.org/x/sys/windows/empty.s   |  1 -
+ .../golang.org/x/sys/windows/eventlog.go      |  1 -
+ .../golang.org/x/sys/windows/mksyscall.go     |  1 -
+ .../vendor/golang.org/x/sys/windows/race.go   |  1 -
+ .../vendor/golang.org/x/sys/windows/race0.go  |  1 -
+ .../golang.org/x/sys/windows/registry/key.go  |  1 -
+ .../x/sys/windows/registry/mksyscall.go       |  1 -
+ .../x/sys/windows/registry/syscall.go         |  1 -
+ .../x/sys/windows/registry/value.go           |  1 -
+ .../golang.org/x/sys/windows/service.go       |  1 -
+ .../vendor/golang.org/x/sys/windows/str.go    |  1 -
+ .../golang.org/x/sys/windows/svc/security.go  |  1 -
+ .../golang.org/x/sys/windows/svc/service.go   |  1 -
+ .../golang.org/x/sys/windows/syscall.go       |  1 -
+ .../x/sys/windows/syscall_windows.go          |  6 +-
+ .../golang.org/x/sys/windows/types_windows.go | 28 +++++-
+ .../x/sys/windows/zsyscall_windows.go         | 28 ++++++
+ .../vendor/golang.org/x/term/term_unix.go     |  1 -
+ .../vendor/golang.org/x/term/term_unix_bsd.go |  1 -
+ .../golang.org/x/term/term_unix_other.go      |  1 -
+ .../golang.org/x/term/term_unsupported.go     |  1 -
+ .../x/text/secure/bidirule/bidirule10.0.0.go  |  1 -
+ .../x/text/secure/bidirule/bidirule9.0.0.go   |  1 -
+ .../x/text/unicode/bidi/tables10.0.0.go       |  1 -
+ .../x/text/unicode/bidi/tables11.0.0.go       |  1 -
+ .../x/text/unicode/bidi/tables12.0.0.go       |  1 -
+ .../x/text/unicode/bidi/tables13.0.0.go       |  1 -
+ .../x/text/unicode/bidi/tables15.0.0.go       |  1 -
+ .../x/text/unicode/bidi/tables9.0.0.go        |  1 -
+ .../x/text/unicode/norm/tables10.0.0.go       |  1 -
+ .../x/text/unicode/norm/tables11.0.0.go       |  1 -
+ .../x/text/unicode/norm/tables12.0.0.go       |  1 -
+ .../x/text/unicode/norm/tables13.0.0.go       |  1 -
+ .../x/text/unicode/norm/tables15.0.0.go       |  1 -
+ .../x/text/unicode/norm/tables9.0.0.go        |  1 -
+ .../k8s.io/client-go/informers/factory.go     | 10 --
+ go-controller/vendor/modules.txt              | 16 ++--
+ 341 files changed, 924 insertions(+), 501 deletions(-)
+
+diff --git a/go-controller/go.mod b/go-controller/go.mod
+index e3c730420..394778ac7 100644
+--- a/go-controller/go.mod
++++ b/go-controller/go.mod
+@@ -41,7 +41,7 @@ require (
+ 	golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
+ 	golang.org/x/net v0.17.0
+ 	golang.org/x/sync v0.2.0
+-	golang.org/x/sys v0.13.0
++	golang.org/x/sys v0.15.0
+ 	golang.org/x/time v0.3.0
+ 	google.golang.org/grpc v1.56.3
+ 	google.golang.org/protobuf v1.30.0
+@@ -105,11 +105,11 @@ require (
+ 	github.com/stretchr/objx v0.5.0 // indirect
+ 	github.com/vishvananda/netns v0.0.4 // indirect
+ 	go.opencensus.io v0.24.0 // indirect
+-	golang.org/x/crypto v0.14.0 // indirect
++	golang.org/x/crypto v0.17.0 // indirect
+ 	golang.org/x/mod v0.11.0 // indirect
+ 	golang.org/x/oauth2 v0.8.0 // indirect
+-	golang.org/x/term v0.13.0 // indirect
+-	golang.org/x/text v0.13.0 // indirect
++	golang.org/x/term v0.15.0 // indirect
++	golang.org/x/text v0.14.0 // indirect
+ 	golang.org/x/tools v0.9.1 // indirect
+ 	gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect
+ 	google.golang.org/appengine v1.6.7 // indirect
+diff --git a/go-controller/go.sum b/go-controller/go.sum
+index da8817fbb..a3818d28a 100644
+--- a/go-controller/go.sum
++++ b/go-controller/go.sum
+@@ -811,8 +811,8 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh
+ golang.org/x/crypto v0.0.0-20210322153248-0c34fe9e7dc2/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
+ golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
+-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
+-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
++golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
++golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
+ golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+ golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+ golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+@@ -1022,12 +1022,12 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc
+ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
++golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
++golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
+-golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+-golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
++golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4=
++golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0=
+ golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+@@ -1038,8 +1038,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
+-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
++golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
++golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+ golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+ golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+diff --git a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go
+index 2000064a8..5627d70e3 100644
+--- a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go
++++ b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go118.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build !go1.19
+-// +build !go1.19
+ 
+ package execabs
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go
+index f364b3418..d60ab1b41 100644
+--- a/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go
++++ b/go-controller/vendor/golang.org/x/sys/execabs/execabs_go119.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build go1.19
+-// +build go1.19
+ 
+ package execabs
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go b/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+index c9b69937a..73687de74 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/pwd_go15_plan9.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build go1.5
+-// +build go1.5
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go b/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+index 98bf56b73..fb9458218 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/pwd_plan9.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build !go1.5
+-// +build !go1.5
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/race.go b/go-controller/vendor/golang.org/x/sys/plan9/race.go
+index 62377d2ff..c02d9ed33 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/race.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/race.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build plan9 && race
+-// +build plan9,race
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/race0.go b/go-controller/vendor/golang.org/x/sys/plan9/race0.go
+index f8da30876..7b15e15f6 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/race0.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/race0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build plan9 && !race
+-// +build plan9,!race
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/str.go b/go-controller/vendor/golang.org/x/sys/plan9/str.go
+index 55fa8d025..ba3e8ff8a 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/str.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/str.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build plan9
+-// +build plan9
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/syscall.go b/go-controller/vendor/golang.org/x/sys/plan9/syscall.go
+index 67e5b0115..d631fd664 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build plan9
+-// +build plan9
+ 
+ // Package plan9 contains an interface to the low-level operating system
+ // primitives. OS details vary depending on the underlying system, and
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+index 3f40b9bd7..f780d5c80 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build plan9 && 386
+-// +build plan9,386
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+index 0e6a96aa4..7de61065f 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build plan9 && amd64
+-// +build plan9,amd64
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+index 244c501b7..ea85780f0 100644
+--- a/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/plan9/zsyscall_plan9_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build plan9 && arm
+-// +build plan9,arm
+ 
+ package plan9
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/aliases.go b/go-controller/vendor/golang.org/x/sys/unix/aliases.go
+index abc89c104..e7d3df4bd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/aliases.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/aliases.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos) && go1.9
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+-// +build go1.9
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+index db9171c2e..269e173ca 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_aix_ppc64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gc
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+index e0fcd9b3d..a4fcef0e0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_386.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (freebsd || netbsd || openbsd) && gc
+-// +build freebsd netbsd openbsd
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+index 2b99c349a..1e63615c5 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_amd64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin || dragonfly || freebsd || netbsd || openbsd) && gc
+-// +build darwin dragonfly freebsd netbsd openbsd
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+index d702d4adc..6496c3100 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (freebsd || netbsd || openbsd) && gc
+-// +build freebsd netbsd openbsd
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+index fe36a7391..4fd1f54da 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_arm64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin || freebsd || netbsd || openbsd) && gc
+-// +build darwin freebsd netbsd openbsd
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+index e5b9a8489..42f7eb9e4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_ppc64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin || freebsd || netbsd || openbsd) && gc
+-// +build darwin freebsd netbsd openbsd
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+index d560019ea..f8902667e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_bsd_riscv64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin || freebsd || netbsd || openbsd) && gc
+-// +build darwin freebsd netbsd openbsd
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s
+index 8fd101d07..3b4734870 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_386.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gc
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+index 7ed38e43c..67e29f317 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_amd64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gc
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+index 8ef1d5140..d6ae269ce 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gc
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+index 98ae02760..01e5e253c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_arm64.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && arm64 && gc
+-// +build linux
+-// +build arm64
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+index 565357288..2abf12f6e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_loong64.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && loong64 && gc
+-// +build linux
+-// +build loong64
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+index 21231d2ce..f84bae712 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mips64x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (mips64 || mips64le) && gc
+-// +build linux
+-// +build mips64 mips64le
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+index 6783b26c6..f08f62807 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_mipsx.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (mips || mipsle) && gc
+-// +build linux
+-// +build mips mipsle
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+index 19d498934..bdfc024d2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_ppc64x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (ppc64 || ppc64le) && gc
+-// +build linux
+-// +build ppc64 ppc64le
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+index e42eb81d5..2e8c99612 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_riscv64.s
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build riscv64 && gc
+-// +build riscv64
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+index c46aab339..2c394b11e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_linux_s390x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && s390x && gc
+-// +build linux
+-// +build s390x
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+index 5e7a1169c..fab586a2c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_openbsd_mips64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gc
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+index f8c5394c1..f949ec547 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_solaris_amd64.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gc
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s b/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+index 3b54e1858..2f67ba86d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/asm_zos_s390x.s
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x && gc
+-// +build zos
+-// +build s390x
+-// +build gc
+ 
+ #include "textflag.h"
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go b/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go
+index 0b7c6adb8..a08657890 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/cap_freebsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build freebsd
+-// +build freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/constants.go b/go-controller/vendor/golang.org/x/sys/unix/constants.go
+index 394a3965b..6fb7cb77d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/constants.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/constants.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+index 65a998508..d78513461 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix && ppc
+-// +build aix,ppc
+ 
+ // Functions to access/create device major and minor numbers matching the
+ // encoding used by AIX.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+index 8fc08ad0a..623a5e697 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dev_aix_ppc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix && ppc64
+-// +build aix,ppc64
+ 
+ // Functions to access/create device major and minor numbers matching the
+ // encoding used AIX.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go b/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go
+index a388e59a0..bb6a64fe9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dev_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ // Functions to access/create device major and minor numbers matching the
+ // encoding used by z/OS.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/dirent.go b/go-controller/vendor/golang.org/x/sys/unix/dirent.go
+index 2499f977b..1ebf11782 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/dirent.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/dirent.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/endian_big.go b/go-controller/vendor/golang.org/x/sys/unix/endian_big.go
+index a52026557..1095fd31d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/endian_big.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/endian_big.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ //
+ //go:build armbe || arm64be || m68k || mips || mips64 || mips64p32 || ppc || ppc64 || s390 || s390x || shbe || sparc || sparc64
+-// +build armbe arm64be m68k mips mips64 mips64p32 ppc ppc64 s390 s390x shbe sparc sparc64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/endian_little.go b/go-controller/vendor/golang.org/x/sys/unix/endian_little.go
+index b0f2bc4ae..b9f0e277b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/endian_little.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/endian_little.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ //
+ //go:build 386 || amd64 || amd64p32 || alpha || arm || arm64 || loong64 || mipsle || mips64le || mips64p32le || nios2 || ppc64le || riscv || riscv64 || sh
+-// +build 386 amd64 amd64p32 alpha arm arm64 loong64 mipsle mips64le mips64p32le nios2 ppc64le riscv riscv64 sh
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/env_unix.go b/go-controller/vendor/golang.org/x/sys/unix/env_unix.go
+index 29ccc4d13..a96da71f4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/env_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/env_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ // Unix environment variables.
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go b/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go
+index cedaf7e02..7753fddea 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/epoll_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fcntl.go b/go-controller/vendor/golang.org/x/sys/unix/fcntl.go
+index e9b991258..6200876fb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fcntl.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fcntl.go
+@@ -2,8 +2,7 @@
+ // Use of this source code is governed by a BSD-style
+ // license that can be found in the LICENSE file.
+ 
+-//go:build dragonfly || freebsd || linux || netbsd || openbsd
+-// +build dragonfly freebsd linux netbsd openbsd
++//go:build dragonfly || freebsd || linux || netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go b/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+index 29d44808b..13b4acd5c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fcntl_linux_32bit.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (linux && 386) || (linux && arm) || (linux && mips) || (linux && mipsle) || (linux && ppc)
+-// +build linux,386 linux,arm linux,mips linux,mipsle linux,ppc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fdset.go b/go-controller/vendor/golang.org/x/sys/unix/fdset.go
+index a8068f94f..9e83d18cd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fdset.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fdset.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go b/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+index e377cc9f4..c8bde601e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/fstatfs_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo.go b/go-controller/vendor/golang.org/x/sys/unix/gccgo.go
+index b06f52d74..aca5721dd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/gccgo.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gccgo && !aix && !hurd
+-// +build gccgo,!aix,!hurd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c b/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c
+index f98a1c542..d468b7b47 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c
++++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo_c.c
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gccgo && !aix && !hurd
+-// +build gccgo,!aix,!hurd
+ 
+ #include <errno.h>
+ #include <stdint.h>
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+index e60e49a3d..972d61bd7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/gccgo_linux_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build gccgo && linux && amd64
+-// +build gccgo,linux,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go
+index 15721a510..848840ae4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ifreq_linux.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux
+-// +build linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go
+index 0d12c0851..dbe680eab 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_linux.go
+@@ -231,3 +231,8 @@ func IoctlLoopGetStatus64(fd int) (*LoopInfo64, error) {
+ func IoctlLoopSetStatus64(fd int, value *LoopInfo64) error {
+ 	return ioctlPtr(fd, LOOP_SET_STATUS64, unsafe.Pointer(value))
+ }
++
++// IoctlLoopConfigure configures all loop device parameters in a single step
++func IoctlLoopConfigure(fd int, value *LoopConfig) error {
++	return ioctlPtr(fd, LOOP_CONFIGURE, unsafe.Pointer(value))
++}
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go
+index 7def9580e..5b0759bd8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_signed.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || solaris
+-// +build aix solaris
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+index 649913d1e..20f470b9d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_unsigned.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin || dragonfly || freebsd || hurd || linux || netbsd || openbsd
+-// +build darwin dragonfly freebsd hurd linux netbsd openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go b/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go
+index cdc21bf76..c8b2a750f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ioctl_zos.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh b/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh
+index 47fa6a7eb..6202638ba 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh
++++ b/go-controller/vendor/golang.org/x/sys/unix/mkerrors.sh
+@@ -519,6 +519,7 @@ ccflags="$@"
+ 		$2 ~ /^LOCK_(SH|EX|NB|UN)$/ ||
+ 		$2 ~ /^LO_(KEY|NAME)_SIZE$/ ||
+ 		$2 ~ /^LOOP_(CLR|CTL|GET|SET)_/ ||
++		$2 == "LOOP_CONFIGURE" ||
+ 		$2 ~ /^(AF|SOCK|SO|SOL|IPPROTO|IP|IPV6|TCP|MCAST|EVFILT|NOTE|SHUT|PROT|MAP|MREMAP|MFD|T?PACKET|MSG|SCM|MCL|DT|MADV|PR|LOCAL|TCPOPT|UDP)_/ ||
+ 		$2 ~ /^NFC_(GENL|PROTO|COMM|RF|SE|DIRECTION|LLCP|SOCKPROTO)_/ ||
+ 		$2 ~ /^NFC_.*_(MAX)?SIZE$/ ||
+@@ -560,7 +561,7 @@ ccflags="$@"
+ 		$2 ~ /^RLIMIT_(AS|CORE|CPU|DATA|FSIZE|LOCKS|MEMLOCK|MSGQUEUE|NICE|NOFILE|NPROC|RSS|RTPRIO|RTTIME|SIGPENDING|STACK)|RLIM_INFINITY/ ||
+ 		$2 ~ /^PRIO_(PROCESS|PGRP|USER)/ ||
+ 		$2 ~ /^CLONE_[A-Z_]+/ ||
+-		$2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+)$/ &&
++		$2 !~ /^(BPF_TIMEVAL|BPF_FIB_LOOKUP_[A-Z]+|BPF_F_LINK)$/ &&
+ 		$2 ~ /^(BPF|DLT)_/ ||
+ 		$2 ~ /^AUDIT_/ ||
+ 		$2 ~ /^(CLOCK|TIMER)_/ ||
+@@ -663,7 +664,6 @@ echo '// mkerrors.sh' "$@"
+ echo '// Code generated by the command above; see README.md. DO NOT EDIT.'
+ echo
+ echo "//go:build ${GOARCH} && ${GOOS}"
+-echo "// +build ${GOARCH},${GOOS}"
+ echo
+ go tool cgo -godefs -- "$@" _const.go >_error.out
+ cat _error.out | grep -vf _error.grep | grep -vf _signal.grep
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go b/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+index ca0513632..4b68e5978 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/mmap_nomremap.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || openbsd || solaris
+-// +build aix darwin dragonfly freebsd openbsd solaris
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/mremap.go b/go-controller/vendor/golang.org/x/sys/unix/mremap.go
+index fa93d0aa9..fd45fe529 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/mremap.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/mremap.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux || netbsd
+-// +build linux netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go b/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go
+index 53f1b4c5b..4d0a3430e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/pagesize_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+ 
+ // For Unix, get the pagesize from the runtime.
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+index eb48294b2..6a09af53e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/pledge_openbsd.go
+@@ -8,54 +8,31 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"strconv"
+-	"syscall"
+-	"unsafe"
+ )
+ 
+ // Pledge implements the pledge syscall.
+ //
+-// The pledge syscall does not accept execpromises on OpenBSD releases
+-// before 6.3.
+-//
+-// execpromises must be empty when Pledge is called on OpenBSD
+-// releases predating 6.3, otherwise an error will be returned.
++// This changes both the promises and execpromises; use PledgePromises or
++// PledgeExecpromises to only change the promises or execpromises
++// respectively.
+ //
+ // For more information see pledge(2).
+ func Pledge(promises, execpromises string) error {
+-	maj, min, err := majmin()
+-	if err != nil {
++	if err := pledgeAvailable(); err != nil {
+ 		return err
+ 	}
+ 
+-	err = pledgeAvailable(maj, min, execpromises)
++	pptr, err := BytePtrFromString(promises)
+ 	if err != nil {
+ 		return err
+ 	}
+ 
+-	pptr, err := syscall.BytePtrFromString(promises)
++	exptr, err := BytePtrFromString(execpromises)
+ 	if err != nil {
+ 		return err
+ 	}
+ 
+-	// This variable will hold either a nil unsafe.Pointer or
+-	// an unsafe.Pointer to a string (execpromises).
+-	var expr unsafe.Pointer
+-
+-	// If we're running on OpenBSD > 6.2, pass execpromises to the syscall.
+-	if maj > 6 || (maj == 6 && min > 2) {
+-		exptr, err := syscall.BytePtrFromString(execpromises)
+-		if err != nil {
+-			return err
+-		}
+-		expr = unsafe.Pointer(exptr)
+-	}
+-
+-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+-	if e != 0 {
+-		return e
+-	}
+-
+-	return nil
++	return pledge(pptr, exptr)
+ }
+ 
+ // PledgePromises implements the pledge syscall.
+@@ -64,30 +41,16 @@ func Pledge(promises, execpromises string) error {
+ //
+ // For more information see pledge(2).
+ func PledgePromises(promises string) error {
+-	maj, min, err := majmin()
+-	if err != nil {
+-		return err
+-	}
+-
+-	err = pledgeAvailable(maj, min, "")
+-	if err != nil {
++	if err := pledgeAvailable(); err != nil {
+ 		return err
+ 	}
+ 
+-	// This variable holds the execpromises and is always nil.
+-	var expr unsafe.Pointer
+-
+-	pptr, err := syscall.BytePtrFromString(promises)
++	pptr, err := BytePtrFromString(promises)
+ 	if err != nil {
+ 		return err
+ 	}
+ 
+-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(unsafe.Pointer(pptr)), uintptr(expr), 0)
+-	if e != 0 {
+-		return e
+-	}
+-
+-	return nil
++	return pledge(pptr, nil)
+ }
+ 
+ // PledgeExecpromises implements the pledge syscall.
+@@ -96,30 +59,16 @@ func PledgePromises(promises string) error {
+ //
+ // For more information see pledge(2).
+ func PledgeExecpromises(execpromises string) error {
+-	maj, min, err := majmin()
+-	if err != nil {
++	if err := pledgeAvailable(); err != nil {
+ 		return err
+ 	}
+ 
+-	err = pledgeAvailable(maj, min, execpromises)
++	exptr, err := BytePtrFromString(execpromises)
+ 	if err != nil {
+ 		return err
+ 	}
+ 
+-	// This variable holds the promises and is always nil.
+-	var pptr unsafe.Pointer
+-
+-	exptr, err := syscall.BytePtrFromString(execpromises)
+-	if err != nil {
+-		return err
+-	}
+-
+-	_, _, e := syscall.Syscall(SYS_PLEDGE, uintptr(pptr), uintptr(unsafe.Pointer(exptr)), 0)
+-	if e != 0 {
+-		return e
+-	}
+-
+-	return nil
++	return pledge(nil, exptr)
+ }
+ 
+ // majmin returns major and minor version number for an OpenBSD system.
+@@ -147,16 +96,15 @@ func majmin() (major int, minor int, err error) {
+ 
+ // pledgeAvailable checks for availability of the pledge(2) syscall
+ // based on the running OpenBSD version.
+-func pledgeAvailable(maj, min int, execpromises string) error {
+-	// If OpenBSD <= 5.9, pledge is not available.
+-	if (maj == 5 && min != 9) || maj < 5 {
+-		return fmt.Errorf("pledge syscall is not available on OpenBSD %d.%d", maj, min)
++func pledgeAvailable() error {
++	maj, min, err := majmin()
++	if err != nil {
++		return err
+ 	}
+ 
+-	// If OpenBSD <= 6.2 and execpromises is not empty,
+-	// return an error - execpromises is not available before 6.3
+-	if (maj < 6 || (maj == 6 && min <= 2)) && execpromises != "" {
+-		return fmt.Errorf("cannot use execpromises on OpenBSD %d.%d", maj, min)
++	// Require OpenBSD 6.4 as a minimum.
++	if maj < 6 || (maj == 6 && min <= 3) {
++		return fmt.Errorf("cannot call Pledge on OpenBSD %d.%d", maj, min)
+ 	}
+ 
+ 	return nil
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go b/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+index 463c3eff7..3f0975f3d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ptrace_darwin.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin && !ios
+-// +build darwin,!ios
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go b/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go
+index ed0509a01..a4d35db5d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ptrace_ios.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build ios
+-// +build ios
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/race.go b/go-controller/vendor/golang.org/x/sys/unix/race.go
+index 6f6c5fec5..714d2aae7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/race.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/race.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin && race) || (linux && race) || (freebsd && race)
+-// +build darwin,race linux,race freebsd,race
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/race0.go b/go-controller/vendor/golang.org/x/sys/unix/race0.go
+index 706e1322a..4a9f6634c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/race0.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/race0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || (darwin && !race) || (linux && !race) || (freebsd && !race) || netbsd || openbsd || solaris || dragonfly || zos
+-// +build aix darwin,!race linux,!race freebsd,!race netbsd openbsd solaris dragonfly zos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+index 4d6257569..dbd2b6ccb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdents.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || dragonfly || freebsd || linux || netbsd || openbsd
+-// +build aix dragonfly freebsd linux netbsd openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+index 2a4ba47c4..130398b6b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/readdirent_getdirentries.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin
+-// +build darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+index 3865943f6..c3a62dbb1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ // Socket control messages
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+index 0840fe4a5..4a1eab37e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sockcmsg_unix_other.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin freebsd linux netbsd openbsd solaris zos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall.go b/go-controller/vendor/golang.org/x/sys/unix/syscall.go
+index 63e8c8383..5ea74da98 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ // Package unix contains an interface to the low-level operating system
+ // primitives. OS details vary depending on the underlying system, and
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go
+index e94e6cdac..67ce6cef2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix
+-// +build aix
+ 
+ // Aix system calls.
+ // This file is compiled as ordinary Go code,
+@@ -107,7 +106,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+ 	if n > 0 {
+ 		sl += _Socklen(n) + 1
+ 	}
+-	if sa.raw.Path[0] == '@' {
++	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++		// Check sl > 3 so we don't change unnamed socket behavior.
+ 		sa.raw.Path[0] = 0
+ 		// Don't count trailing NUL for abstract address.
+ 		sl--
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+index f2871fa95..1fdaa4760 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix && ppc
+-// +build aix,ppc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+index 75718ec0f..c87f9a9f4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_aix_ppc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix && ppc64
+-// +build aix,ppc64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go
+index 4217de518..a00c3e545 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_bsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin || dragonfly || freebsd || netbsd || openbsd
+-// +build darwin dragonfly freebsd netbsd openbsd
+ 
+ // BSD system call wrappers shared by *BSD based systems
+ // including OS X (Darwin) and FreeBSD.  Like the other
+@@ -317,7 +316,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ 	if err != nil {
+ 		return "", err
+ 	}
+-	return string(buf[:vallen-1]), nil
++	return ByteSliceToString(buf[:vallen]), nil
+ }
+ 
+ //sys	recvfrom(fd int, p []byte, flags int, from *RawSockaddrAny, fromlen *_Socklen) (n int, err error)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+index b37310ce9..0eaecf5fc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+index d51ec9963..f36c6707c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+index 53c96641f..16dc69937 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_darwin_libSystem.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin && go1.12
+-// +build darwin,go1.12
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+index 4e2d32120..14bab6b2d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_dragonfly_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+index b8da51004..3967bca77 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+index 47155c483..eff19ada2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+index 08932093f..4f24b517a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm && freebsd
+-// +build arm,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+index d151a0d0e..ac30759ec 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+index d5cd64b37..aab725ca7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_freebsd_riscv64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go
+index 381fd4673..ba46651f8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build hurd
+-// +build hurd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+index 7cf54a3e4..df89f9e6b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_hurd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build 386 && hurd
+-// +build 386,hurd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go
+index 87db5a6a8..a863f7052 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_illumos.go
+@@ -5,7 +5,6 @@
+ // illumos system calls not present on Solaris.
+ 
+ //go:build amd64 && illumos
+-// +build amd64,illumos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go
+index fb4e50224..0f85e29e6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux.go
+@@ -61,15 +61,23 @@ func FanotifyMark(fd int, flags uint, mask uint64, dirFd int, pathname string) (
+ }
+ 
+ //sys	fchmodat(dirfd int, path string, mode uint32) (err error)
+-
+-func Fchmodat(dirfd int, path string, mode uint32, flags int) (err error) {
+-	// Linux fchmodat doesn't support the flags parameter. Mimick glibc's behavior
+-	// and check the flags. Otherwise the mode would be applied to the symlink
+-	// destination which is not what the user expects.
+-	if flags&^AT_SYMLINK_NOFOLLOW != 0 {
+-		return EINVAL
+-	} else if flags&AT_SYMLINK_NOFOLLOW != 0 {
+-		return EOPNOTSUPP
++//sys	fchmodat2(dirfd int, path string, mode uint32, flags int) (err error)
++
++func Fchmodat(dirfd int, path string, mode uint32, flags int) error {
++	// Linux fchmodat doesn't support the flags parameter, but fchmodat2 does.
++	// Try fchmodat2 if flags are specified.
++	if flags != 0 {
++		err := fchmodat2(dirfd, path, mode, flags)
++		if err == ENOSYS {
++			// fchmodat2 isn't available. If the flags are known to be valid,
++			// return EOPNOTSUPP to indicate that fchmodat doesn't support them.
++			if flags&^(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
++				return EINVAL
++			} else if flags&(AT_SYMLINK_NOFOLLOW|AT_EMPTY_PATH) != 0 {
++				return EOPNOTSUPP
++			}
++		}
++		return err
+ 	}
+ 	return fchmodat(dirfd, path, mode)
+ }
+@@ -417,7 +425,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+ 	if n > 0 {
+ 		sl += _Socklen(n) + 1
+ 	}
+-	if sa.raw.Path[0] == '@' {
++	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++		// Check sl > 3 so we don't change unnamed socket behavior.
+ 		sa.raw.Path[0] = 0
+ 		// Don't count trailing NUL for abstract address.
+ 		sl--
+@@ -1301,7 +1310,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ 			return "", err
+ 		}
+ 	}
+-	return string(buf[:vallen-1]), nil
++	return ByteSliceToString(buf[:vallen]), nil
+ }
+ 
+ func GetsockoptTpacketStats(fd, level, opt int) (*TpacketStats, error) {
+@@ -2482,3 +2491,5 @@ func SchedGetAttr(pid int, flags uint) (*SchedAttr, error) {
+ 	}
+ 	return attr, nil
+ }
++
++//sys	Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+index c7d9945ea..506dafa7b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build 386 && linux
+-// +build 386,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+index 08086ac6a..38d55641b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_alarm.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (386 || amd64 || mips || mipsle || mips64 || mipsle || ppc64 || ppc64le || ppc || s390x || sparc64)
+-// +build linux
+-// +build 386 amd64 mips mipsle mips64 mipsle ppc64 ppc64le ppc s390x sparc64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+index 70601ce36..d557cf8de 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && linux
+-// +build amd64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+index 8b0f0f3aa..facdb83b2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_amd64_gc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && linux && gc
+-// +build amd64,linux,gc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+index da2986415..cd2dd797f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm && linux
+-// +build arm,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+index f5266689a..cf2ee6c75 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm64 && linux
+-// +build arm64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+index 2b1168d7d..ffc4c2b63 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && gc
+-// +build linux,gc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+index 9843fb489..9ebfdcf44 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && gc && 386
+-// +build linux,gc,386
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+index a6008fccd..5f2b57c4c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gc_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm && gc && linux
+-// +build arm,gc,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+index 7740af242..d1a3ad826 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && gccgo && 386
+-// +build linux,gccgo,386
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+index e16a12299..f2f67423e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_gccgo_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && gccgo && arm
+-// +build linux,gccgo,arm
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+index f6ab02ec1..3d0e98451 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_loong64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build loong64 && linux
+-// +build loong64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+index 93fe59d25..70963a95a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mips64x.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (mips64 || mips64le)
+-// +build linux
+-// +build mips64 mips64le
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+index aae7f0ffd..c218ebd28 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_mipsx.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (mips || mipsle)
+-// +build linux
+-// +build mips mipsle
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+index 66eff19a3..e6c48500c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && ppc
+-// +build linux,ppc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+index 806aa2574..7286a9aa8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_ppc64x.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (ppc64 || ppc64le)
+-// +build linux
+-// +build ppc64 ppc64le
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+index 5e6ceee12..6f5a28894 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_riscv64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+index 2f89e8f5d..66f31210d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build s390x && linux
+-// +build s390x,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+index 7ca064ae7..11d1f1698 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_linux_sparc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+index 5199d282f..7a5eb5743 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+index 70a9c52e9..62d8957ae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+index 3eb5942f9..ce6a06885 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm && netbsd
+-// +build arm,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+index fc6ccfd81..d46d689d1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_netbsd_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+index 6f34479b5..b25343c71 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd.go
+@@ -137,18 +137,13 @@ func sendfile(outfd int, infd int, offset *int64, count int) (written int, err e
+ }
+ 
+ func Getfsstat(buf []Statfs_t, flags int) (n int, err error) {
+-	var _p0 unsafe.Pointer
++	var bufptr *Statfs_t
+ 	var bufsize uintptr
+ 	if len(buf) > 0 {
+-		_p0 = unsafe.Pointer(&buf[0])
++		bufptr = &buf[0]
+ 		bufsize = unsafe.Sizeof(Statfs_t{}) * uintptr(len(buf))
+ 	}
+-	r0, _, e1 := Syscall(SYS_GETFSSTAT, uintptr(_p0), bufsize, uintptr(flags))
+-	n = int(r0)
+-	if e1 != 0 {
+-		err = e1
+-	}
+-	return
++	return getfsstat(bufptr, bufsize, flags)
+ }
+ 
+ //sysnb	getresuid(ruid *_C_int, euid *_C_int, suid *_C_int)
+@@ -171,6 +166,20 @@ func Getresgid() (rgid, egid, sgid int) {
+ 
+ //sys	sysctl(mib []_C_int, old *byte, oldlen *uintptr, new *byte, newlen uintptr) (err error) = SYS___SYSCTL
+ 
++//sys	fcntl(fd int, cmd int, arg int) (n int, err error)
++//sys	fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) = SYS_FCNTL
++
++// FcntlInt performs a fcntl syscall on fd with the provided command and argument.
++func FcntlInt(fd uintptr, cmd, arg int) (int, error) {
++	return fcntl(int(fd), cmd, arg)
++}
++
++// FcntlFlock performs a fcntl syscall for the F_GETLK, F_SETLK or F_SETLKW command.
++func FcntlFlock(fd uintptr, cmd int, lk *Flock_t) error {
++	_, err := fcntlPtr(int(fd), cmd, unsafe.Pointer(lk))
++	return err
++}
++
+ //sys	ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error)
+ 
+ func Ppoll(fds []PollFd, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+@@ -326,4 +335,7 @@ func Uname(uname *Utsname) error {
+ //sys	write(fd int, p []byte) (n int, err error)
+ //sys	mmap(addr uintptr, length uintptr, prot int, flag int, fd int, pos int64) (ret uintptr, err error)
+ //sys	munmap(addr uintptr, length uintptr) (err error)
++//sys	getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error)
+ //sys	utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error)
++//sys	pledge(promises *byte, execpromises *byte) (err error)
++//sys	unveil(path *byte, flags *byte) (err error)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+index 6baabcdcb..9ddc89f4f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_386.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+index bab25360e..70a3c96ee 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+index 8eed3c4d4..265caa87f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm && openbsd
+-// +build arm,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+index 483dde99d..ac4fda171 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_arm64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+index 04aa43f41..0a451e6dd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_libc.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build openbsd
+-// +build openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+index c2796139c..30a308cbb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_ppc64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+index 23199a7ff..ea954330f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_openbsd_riscv64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go
+index b99cfa134..21974af06 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris.go
+@@ -128,7 +128,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, _Socklen, error) {
+ 	if n > 0 {
+ 		sl += _Socklen(n) + 1
+ 	}
+-	if sa.raw.Path[0] == '@' {
++	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++		// Check sl > 3 so we don't change unnamed socket behavior.
+ 		sa.raw.Path[0] = 0
+ 		// Don't count trailing NUL for abstract address.
+ 		sl--
+@@ -157,7 +158,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ 	if err != nil {
+ 		return "", err
+ 	}
+-	return string(buf[:vallen-1]), nil
++	return ByteSliceToString(buf[:vallen]), nil
+ }
+ 
+ const ImplementsGetwd = true
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+index 0bd25ef81..e02d8ceae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_solaris_amd64.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build amd64 && solaris
+-// +build amd64,solaris
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go
+index f6eda2705..77081de8c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+index b6919ca58..05c95bccf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc.go
+@@ -3,8 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin || dragonfly || freebsd || (linux && !ppc64 && !ppc64le) || netbsd || openbsd || solaris) && gc
+-// +build darwin dragonfly freebsd linux,!ppc64,!ppc64le netbsd openbsd solaris
+-// +build gc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+index f6f707acf..23f39b7af 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_unix_gc_ppc64x.go
+@@ -3,9 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux && (ppc64le || ppc64) && gc
+-// +build linux
+-// +build ppc64le ppc64
+-// +build gc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+index 4596d041c..b473038c6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/syscall_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ package unix
+ 
+@@ -1105,7 +1104,7 @@ func GetsockoptString(fd, level, opt int) (string, error) {
+ 		return "", err
+ 	}
+ 
+-	return string(buf[:vallen-1]), nil
++	return ByteSliceToString(buf[:vallen]), nil
+ }
+ 
+ func Recvmsg(fd int, p, oob []byte, flags int) (n, oobn int, recvflags int, from Sockaddr, err error) {
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+index 2c3a4437f..4fcd38de2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_linux.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build linux
+-// +build linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+index 5bb41d17b..79a84f18b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build (darwin && !ios) || linux
+-// +build darwin,!ios linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+index 71bddefdb..9eb0db664 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/sysvshm_unix_other.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin && !ios
+-// +build darwin,!ios
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/timestruct.go b/go-controller/vendor/golang.org/x/sys/unix/timestruct.go
+index 616b1b284..7997b1902 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/timestruct.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/timestruct.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go b/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+index 168d5ae77..cb7e598ce 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/unveil_openbsd.go
+@@ -4,39 +4,48 @@
+ 
+ package unix
+ 
+-import (
+-	"syscall"
+-	"unsafe"
+-)
++import "fmt"
+ 
+ // Unveil implements the unveil syscall.
+ // For more information see unveil(2).
+ // Note that the special case of blocking further
+ // unveil calls is handled by UnveilBlock.
+ func Unveil(path string, flags string) error {
+-	pathPtr, err := syscall.BytePtrFromString(path)
+-	if err != nil {
++	if err := supportsUnveil(); err != nil {
+ 		return err
+ 	}
+-	flagsPtr, err := syscall.BytePtrFromString(flags)
++	pathPtr, err := BytePtrFromString(path)
+ 	if err != nil {
+ 		return err
+ 	}
+-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(unsafe.Pointer(pathPtr)), uintptr(unsafe.Pointer(flagsPtr)), 0)
+-	if e != 0 {
+-		return e
++	flagsPtr, err := BytePtrFromString(flags)
++	if err != nil {
++		return err
+ 	}
+-	return nil
++	return unveil(pathPtr, flagsPtr)
+ }
+ 
+ // UnveilBlock blocks future unveil calls.
+ // For more information see unveil(2).
+ func UnveilBlock() error {
+-	// Both pointers must be nil.
+-	var pathUnsafe, flagsUnsafe unsafe.Pointer
+-	_, _, e := syscall.Syscall(SYS_UNVEIL, uintptr(pathUnsafe), uintptr(flagsUnsafe), 0)
+-	if e != 0 {
+-		return e
++	if err := supportsUnveil(); err != nil {
++		return err
+ 	}
++	return unveil(nil, nil)
++}
++
++// supportsUnveil checks for availability of the unveil(2) system call based
++// on the running OpenBSD version.
++func supportsUnveil() error {
++	maj, min, err := majmin()
++	if err != nil {
++		return err
++	}
++
++	// unveil is not available before 6.4
++	if maj < 6 || (maj == 6 && min <= 3) {
++		return fmt.Errorf("cannot call Unveil on OpenBSD %d.%d", maj, min)
++	}
++
+ 	return nil
+ }
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go b/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go
+index f5f8e9f36..e16879396 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/xattr_bsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build freebsd || netbsd
+-// +build freebsd netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+index ca9799b79..2fb219d78 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc && aix
+-// +build ppc,aix
+ 
+ // Created by cgo -godefs - DO NOT EDIT
+ // cgo -godefs -- -maix32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+index 200c8c26f..b0e6f5c85 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_aix_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && aix
+-// +build ppc64,aix
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -maix64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+index 143007627..e40fa8524 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+index ab044a742..bb02aa6c0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+index 17bba0e44..c0e0f8694 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+index f8c2c5138..6c6923906 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+index 96310c3be..dd9163f8e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+index 777b69def..493a2a793 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && freebsd
+-// +build arm,freebsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+index c557ac2db..8b437b307 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+index 341b4d962..67c02dd57 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go
+index f9c7f479b..c73cfe2f1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux.go
+@@ -1,7 +1,6 @@
+ // Code generated by mkmerge; DO NOT EDIT.
+ 
+ //go:build linux
+-// +build linux
+ 
+ package unix
+ 
+@@ -481,10 +480,13 @@ const (
+ 	BPF_FROM_BE                                 = 0x8
+ 	BPF_FROM_LE                                 = 0x0
+ 	BPF_FS_MAGIC                                = 0xcafe4a11
++	BPF_F_AFTER                                 = 0x10
+ 	BPF_F_ALLOW_MULTI                           = 0x2
+ 	BPF_F_ALLOW_OVERRIDE                        = 0x1
+ 	BPF_F_ANY_ALIGNMENT                         = 0x2
+-	BPF_F_KPROBE_MULTI_RETURN                   = 0x1
++	BPF_F_BEFORE                                = 0x8
++	BPF_F_ID                                    = 0x20
++	BPF_F_NETFILTER_IP_DEFRAG                   = 0x1
+ 	BPF_F_QUERY_EFFECTIVE                       = 0x1
+ 	BPF_F_REPLACE                               = 0x4
+ 	BPF_F_SLEEPABLE                             = 0x10
+@@ -521,6 +523,7 @@ const (
+ 	BPF_MAJOR_VERSION                           = 0x1
+ 	BPF_MAXINSNS                                = 0x1000
+ 	BPF_MEM                                     = 0x60
++	BPF_MEMSX                                   = 0x80
+ 	BPF_MEMWORDS                                = 0x10
+ 	BPF_MINOR_VERSION                           = 0x1
+ 	BPF_MISC                                    = 0x7
+@@ -776,6 +779,8 @@ const (
+ 	DEVLINK_GENL_MCGRP_CONFIG_NAME              = "config"
+ 	DEVLINK_GENL_NAME                           = "devlink"
+ 	DEVLINK_GENL_VERSION                        = 0x1
++	DEVLINK_PORT_FN_CAP_IPSEC_CRYPTO            = 0x4
++	DEVLINK_PORT_FN_CAP_IPSEC_PACKET            = 0x8
+ 	DEVLINK_PORT_FN_CAP_MIGRATABLE              = 0x2
+ 	DEVLINK_PORT_FN_CAP_ROCE                    = 0x1
+ 	DEVLINK_SB_THRESHOLD_TO_ALPHA_MAX           = 0x14
+@@ -1698,6 +1703,7 @@ const (
+ 	KEXEC_ON_CRASH                              = 0x1
+ 	KEXEC_PRESERVE_CONTEXT                      = 0x2
+ 	KEXEC_SEGMENT_MAX                           = 0x10
++	KEXEC_UPDATE_ELFCOREHDR                     = 0x4
+ 	KEYCTL_ASSUME_AUTHORITY                     = 0x10
+ 	KEYCTL_CAPABILITIES                         = 0x1f
+ 	KEYCTL_CAPS0_BIG_KEY                        = 0x10
+@@ -1795,6 +1801,7 @@ const (
+ 	LOCK_SH                                     = 0x1
+ 	LOCK_UN                                     = 0x8
+ 	LOOP_CLR_FD                                 = 0x4c01
++	LOOP_CONFIGURE                              = 0x4c0a
+ 	LOOP_CTL_ADD                                = 0x4c80
+ 	LOOP_CTL_GET_FREE                           = 0x4c82
+ 	LOOP_CTL_REMOVE                             = 0x4c81
+@@ -2275,6 +2282,7 @@ const (
+ 	PERF_MEM_LVLNUM_PMEM                        = 0xe
+ 	PERF_MEM_LVLNUM_RAM                         = 0xd
+ 	PERF_MEM_LVLNUM_SHIFT                       = 0x21
++	PERF_MEM_LVLNUM_UNC                         = 0x8
+ 	PERF_MEM_LVL_HIT                            = 0x2
+ 	PERF_MEM_LVL_IO                             = 0x1000
+ 	PERF_MEM_LVL_L1                             = 0x8
+@@ -3461,6 +3469,7 @@ const (
+ 	XDP_PACKET_HEADROOM                         = 0x100
+ 	XDP_PGOFF_RX_RING                           = 0x0
+ 	XDP_PGOFF_TX_RING                           = 0x80000000
++	XDP_PKT_CONTD                               = 0x1
+ 	XDP_RING_NEED_WAKEUP                        = 0x1
+ 	XDP_RX_RING                                 = 0x2
+ 	XDP_SHARED_UMEM                             = 0x1
+@@ -3473,6 +3482,7 @@ const (
+ 	XDP_UMEM_REG                                = 0x4
+ 	XDP_UMEM_UNALIGNED_CHUNK_FLAG               = 0x1
+ 	XDP_USE_NEED_WAKEUP                         = 0x8
++	XDP_USE_SG                                  = 0x10
+ 	XDP_ZEROCOPY                                = 0x4
+ 	XENFS_SUPER_MAGIC                           = 0xabba1974
+ 	XFS_SUPER_MAGIC                             = 0x58465342
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+index 30aee00a5..4920821cf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && linux
+-// +build 386,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/386/include -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+index 8ebfa5127..a0c1e4112 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && linux
+-// +build amd64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/amd64/include -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+index 271a21cdc..c63985560 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && linux
+-// +build arm,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/arm/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+index 910c330a3..47cc62e25 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && linux
+-// +build arm64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/arm64/include -fsigned-char _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+index a640798c9..27ac4a09e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build loong64 && linux
+-// +build loong64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/loong64/include _const.go
+@@ -119,6 +118,7 @@ const (
+ 	IXOFF                            = 0x1000
+ 	IXON                             = 0x400
+ 	LASX_CTX_MAGIC                   = 0x41535801
++	LBT_CTX_MAGIC                    = 0x42540001
+ 	LSX_CTX_MAGIC                    = 0x53580001
+ 	MAP_ANON                         = 0x20
+ 	MAP_ANONYMOUS                    = 0x20
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+index 0d5925d34..54694642a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips && linux
+-// +build mips,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mips/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+index d72a00e0b..3adb81d75 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64 && linux
+-// +build mips64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+index 02ba129f8..2dfe98f0d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64le && linux
+-// +build mips64le,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mips64le/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+index 8daa6dd96..f5398f84f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mipsle && linux
+-// +build mipsle,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/mipsle/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+index 63c8fa2f7..c54f152d6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc && linux
+-// +build ppc,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+index 930799ec1..76057dc72 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && linux
+-// +build ppc64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+index 8605a7dd7..e0c3725e2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64le && linux
+-// +build ppc64le,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/ppc64le/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+index 95a016f1c..18f2813ed 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/riscv64/include _const.go
+@@ -228,6 +227,9 @@ const (
+ 	PPPIOCUNBRIDGECHAN               = 0x7434
+ 	PPPIOCXFERUNIT                   = 0x744e
+ 	PR_SET_PTRACER_ANY               = 0xffffffffffffffff
++	PTRACE_GETFDPIC                  = 0x21
++	PTRACE_GETFDPIC_EXEC             = 0x0
++	PTRACE_GETFDPIC_INTERP           = 0x1
+ 	RLIMIT_AS                        = 0x9
+ 	RLIMIT_MEMLOCK                   = 0x8
+ 	RLIMIT_NOFILE                    = 0x7
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+index 1ae0108f5..11619d4ec 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build s390x && linux
+-// +build s390x,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/s390x/include -fsigned-char _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+index 1bb7c6333..396d994da 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -Wall -Werror -static -I/tmp/sparc64/include _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+index 72f7420d2..130085df4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+index 8d4eb0c08..84769a1a3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+index 9eef9749f..602ded003 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && netbsd
+-// +build arm,netbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -marm _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+index 3b62ba192..efc0406ee 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+index af20e474b..5a6500f83 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m32 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+index 6015fcb2b..a5aeeb979 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+index 8d44955e4..0e9748a72 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && openbsd
+-// +build arm,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+index ae16fe754..4f4449abc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+index 03d90fe35..76a363f0f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+index 8e2c51b1e..43ca0cdfd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+index 13d403031..b1b8bb200 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+index 1afee6a08..d2ddd3176 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_solaris_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && solaris
+-// +build amd64,solaris
+ 
+ // Code generated by cmd/cgo -godefs; DO NOT EDIT.
+ // cgo -godefs -- -m64 _const.go
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+index fc7d0506f..4dfd2e051 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zerrors_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ // Hand edited based on zerrors_linux_s390x.go
+ // TODO: auto-generate.
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+index 97f20ca28..586317c78 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_armnn_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("arm", "arm64"). DO NOT EDIT.
+ 
+ //go:build linux && (arm || arm64)
+-// +build linux
+-// +build arm arm64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+index 0b5f79430..d7c881be7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnn_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("mips", "mips64"). DO NOT EDIT.
+ 
+ //go:build linux && (mips || mips64)
+-// +build linux
+-// +build mips mips64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+index 2807f7e64..2d2de5d29 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_mipsnnle_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("mipsle", "mips64le"). DO NOT EDIT.
+ 
+ //go:build linux && (mipsle || mips64le)
+-// +build linux
+-// +build mipsle mips64le
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+index 281ea64e3..5adc79fb5 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zptrace_x86_linux.go
+@@ -1,8 +1,6 @@
+ // Code generated by linux/mkall.go generatePtracePair("386", "amd64"). DO NOT EDIT.
+ 
+ //go:build linux && (386 || amd64)
+-// +build linux
+-// +build 386 amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+index d1d1d2331..6ea64a3c0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build aix && ppc
+-// +build aix,ppc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+index f99a18adc..99ee4399a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build aix && ppc64
+-// +build aix,ppc64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+index c4d50ae50..b68a78362 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build aix && ppc64 && gc
+-// +build aix,ppc64,gc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+index 6903d3b09..0a87450bf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_aix_ppc64_gccgo.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build aix && ppc64 && gccgo
+-// +build aix,ppc64,gccgo
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+index 1cad561e9..ccb02f240 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build darwin && amd64
+-// +build darwin,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+index b18edbd0e..1b40b997b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build darwin && arm64
+-// +build darwin,arm64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+index 0c67df64a..aad65fc79 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build dragonfly && amd64
+-// +build dragonfly,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+index e6e05d145..c0096391a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build freebsd && 386
+-// +build freebsd,386
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+index 7508accac..7664df749 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build freebsd && amd64
+-// +build freebsd,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+index 7b56aead4..ae099182c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build freebsd && arm
+-// +build freebsd,arm
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+index cc623dcaa..11fd5d45b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build freebsd && arm64
+-// +build freebsd,arm64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+index 581849197..c3d2d6530 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build freebsd && riscv64
+-// +build freebsd,riscv64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+index 6be25cd19..c698cbc01 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_illumos_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build illumos && amd64
+-// +build illumos,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+index 1ff3aec74..1488d2712 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux.go
+@@ -1,7 +1,6 @@
+ // Code generated by mkmerge; DO NOT EDIT.
+ 
+ //go:build linux
+-// +build linux
+ 
+ package unix
+ 
+@@ -38,6 +37,21 @@ func fchmodat(dirfd int, path string, mode uint32) (err error) {
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fchmodat2(dirfd int, path string, mode uint32, flags int) (err error) {
++	var _p0 *byte
++	_p0, err = BytePtrFromString(path)
++	if err != nil {
++		return
++	}
++	_, _, e1 := Syscall6(SYS_FCHMODAT2, uintptr(dirfd), uintptr(unsafe.Pointer(_p0)), uintptr(mode), uintptr(flags), 0, 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ioctl(fd int, req uint, arg uintptr) (err error) {
+ 	_, _, e1 := Syscall(SYS_IOCTL, uintptr(fd), uintptr(req), uintptr(arg))
+ 	if e1 != 0 {
+@@ -2195,3 +2209,13 @@ func schedGetattr(pid int, attr *SchedAttr, size uint, flags uint) (err error) {
+ 	}
+ 	return
+ }
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func Cachestat(fd uint, crange *CachestatRange, cstat *Cachestat_t, flags uint) (err error) {
++	_, _, e1 := Syscall6(SYS_CACHESTAT, uintptr(fd), uintptr(unsafe.Pointer(crange)), uintptr(unsafe.Pointer(cstat)), uintptr(flags), 0, 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+index 07b549cc2..4def3e9fc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && 386
+-// +build linux,386
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+index 5f481bf83..fef2bc8ba 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && amd64
+-// +build linux,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+index 824cd52c7..a9fd76a88 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && arm
+-// +build linux,arm
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+index e77aecfe9..460065028 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && arm64
+-// +build linux,arm64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+index 806ffd1e1..c8987d264 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && loong64
+-// +build linux,loong64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+index 961a3afb7..921f43061 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && mips
+-// +build linux,mips
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+index ed05005e9..44f067829 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && mips64
+-// +build linux,mips64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+index d365b718f..e7fa0abf0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && mips64le
+-// +build linux,mips64le
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+index c3f1b8bbd..8c5125675 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && mipsle
+-// +build linux,mipsle
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+index a6574cf98..7392fd45e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && ppc
+-// +build linux,ppc
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+index f40990264..41180434e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && ppc64
+-// +build linux,ppc64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+index 9dfcc2997..40c6ce7ae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && ppc64le
+-// +build linux,ppc64le
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+index 0ab4f2ed7..2cfe34adb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && riscv64
+-// +build linux,riscv64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+index 6cde32237..61e6f0709 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && s390x
+-// +build linux,s390x
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+index 5253d65bf..834b84204 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build linux && sparc64
+-// +build linux,sparc64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+index 2df3c5bac..e91ebc14a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build netbsd && 386
+-// +build netbsd,386
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+index a60556bab..be28babbc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build netbsd && amd64
+-// +build netbsd,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+index 9f788917a..fb587e826 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build netbsd && arm
+-// +build netbsd,arm
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+index 82a4cb2dc..d576438bb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build netbsd && arm64
+-// +build netbsd,arm64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+index 66b3b6456..a1d061597 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && 386
+-// +build openbsd,386
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+index 3dcacd30d..41b561731 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_386.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $4
+ DATA	·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_fcntl(SB)
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $4
++DATA	·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_ppoll(SB)
+ GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $4
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
+ DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_getfsstat(SB)
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
++DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_utimensat(SB)
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
+ DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_pledge(SB)
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
++DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_unveil(SB)
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
++DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+index c5c4cc112..5b2a74097 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && amd64
+-// +build openbsd,amd64
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+index 2763620b0..4019a656f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_amd64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_fcntl(SB)
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_ppoll(SB)
+ GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_getfsstat(SB)
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_utimensat(SB)
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_pledge(SB)
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_unveil(SB)
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+index 93bfbb328..f6eda1344 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && arm
+-// +build openbsd,arm
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+index c92231404..ac4af24f9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $4
+ DATA	·libc_sysctl_trampoline_addr(SB)/4, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_fcntl(SB)
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $4
++DATA	·libc_fcntl_trampoline_addr(SB)/4, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_ppoll(SB)
+ GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $4
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $4
+ DATA	·libc_munmap_trampoline_addr(SB)/4, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_getfsstat(SB)
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $4
++DATA	·libc_getfsstat_trampoline_addr(SB)/4, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_utimensat(SB)
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $4
+ DATA	·libc_utimensat_trampoline_addr(SB)/4, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_pledge(SB)
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $4
++DATA	·libc_pledge_trampoline_addr(SB)/4, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_unveil(SB)
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $4
++DATA	·libc_unveil_trampoline_addr(SB)/4, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+index a107b8fda..55df20ae9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && arm64
+-// +build openbsd,arm64
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+index a6bc32c92..f77d53212 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_arm64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_fcntl(SB)
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_ppoll(SB)
+ GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_getfsstat(SB)
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_utimensat(SB)
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_pledge(SB)
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_unveil(SB)
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+index c427de509..8c1155cbc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && mips64
+-// +build openbsd,mips64
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+index b4e7bceab..fae140b62 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_mips64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_fcntl(SB)
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_ppoll(SB)
+ GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_getfsstat(SB)
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_utimensat(SB)
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_pledge(SB)
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_unveil(SB)
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+index 60c1a99ae..7cc80c58d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && ppc64
+-// +build openbsd,ppc64
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+index ca3f76600..9d1e0ff06 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_ppc64.s
+@@ -213,6 +213,12 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	CALL	libc_fcntl(SB)
++	RET
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	CALL	libc_ppoll(SB)
+ 	RET
+@@ -801,8 +807,26 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	CALL	libc_getfsstat(SB)
++	RET
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	CALL	libc_utimensat(SB)
+ 	RET
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	CALL	libc_pledge(SB)
++	RET
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	CALL	libc_unveil(SB)
++	RET
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+index 52eba360f..0688737f4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build openbsd && riscv64
+-// +build openbsd,riscv64
+ 
+ package unix
+ 
+@@ -585,6 +584,32 @@ var libc_sysctl_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func fcntl(fd int, cmd int, arg int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_fcntl_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_fcntl fcntl "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func fcntlPtr(fd int, cmd int, arg unsafe.Pointer) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_fcntl_trampoline_addr, uintptr(fd), uintptr(cmd), uintptr(arg))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func ppoll(fds *PollFd, nfds int, timeout *Timespec, sigmask *Sigset_t) (n int, err error) {
+ 	r0, _, e1 := syscall_syscall6(libc_ppoll_trampoline_addr, uintptr(unsafe.Pointer(fds)), uintptr(nfds), uintptr(unsafe.Pointer(timeout)), uintptr(unsafe.Pointer(sigmask)), 0, 0)
+ 	n = int(r0)
+@@ -2213,6 +2238,21 @@ var libc_munmap_trampoline_addr uintptr
+ 
+ // THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
+ 
++func getfsstat(stat *Statfs_t, bufsize uintptr, flags int) (n int, err error) {
++	r0, _, e1 := syscall_syscall(libc_getfsstat_trampoline_addr, uintptr(unsafe.Pointer(stat)), uintptr(bufsize), uintptr(flags))
++	n = int(r0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_getfsstat_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_getfsstat getfsstat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
+ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error) {
+ 	var _p0 *byte
+ 	_p0, err = BytePtrFromString(path)
+@@ -2229,3 +2269,33 @@ func utimensat(dirfd int, path string, times *[2]Timespec, flags int) (err error
+ var libc_utimensat_trampoline_addr uintptr
+ 
+ //go:cgo_import_dynamic libc_utimensat utimensat "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func pledge(promises *byte, execpromises *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_pledge_trampoline_addr, uintptr(unsafe.Pointer(promises)), uintptr(unsafe.Pointer(execpromises)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_pledge_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_pledge pledge "libc.so"
++
++// THIS FILE IS GENERATED BY THE COMMAND AT THE TOP; DO NOT EDIT
++
++func unveil(path *byte, flags *byte) (err error) {
++	_, _, e1 := syscall_syscall(libc_unveil_trampoline_addr, uintptr(unsafe.Pointer(path)), uintptr(unsafe.Pointer(flags)), 0)
++	if e1 != 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
++var libc_unveil_trampoline_addr uintptr
++
++//go:cgo_import_dynamic libc_unveil unveil "libc.so"
++
++
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+index 477a7d5b2..da115f9a4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_openbsd_riscv64.s
+@@ -178,6 +178,11 @@ TEXT libc_sysctl_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_sysctl_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_sysctl_trampoline_addr(SB)/8, $libc_sysctl_trampoline<>(SB)
+ 
++TEXT libc_fcntl_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_fcntl(SB)
++GLOBL	·libc_fcntl_trampoline_addr(SB), RODATA, $8
++DATA	·libc_fcntl_trampoline_addr(SB)/8, $libc_fcntl_trampoline<>(SB)
++
+ TEXT libc_ppoll_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_ppoll(SB)
+ GLOBL	·libc_ppoll_trampoline_addr(SB), RODATA, $8
+@@ -668,7 +673,22 @@ TEXT libc_munmap_trampoline<>(SB),NOSPLIT,$0-0
+ GLOBL	·libc_munmap_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_munmap_trampoline_addr(SB)/8, $libc_munmap_trampoline<>(SB)
+ 
++TEXT libc_getfsstat_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_getfsstat(SB)
++GLOBL	·libc_getfsstat_trampoline_addr(SB), RODATA, $8
++DATA	·libc_getfsstat_trampoline_addr(SB)/8, $libc_getfsstat_trampoline<>(SB)
++
+ TEXT libc_utimensat_trampoline<>(SB),NOSPLIT,$0-0
+ 	JMP	libc_utimensat(SB)
+ GLOBL	·libc_utimensat_trampoline_addr(SB), RODATA, $8
+ DATA	·libc_utimensat_trampoline_addr(SB)/8, $libc_utimensat_trampoline<>(SB)
++
++TEXT libc_pledge_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_pledge(SB)
++GLOBL	·libc_pledge_trampoline_addr(SB), RODATA, $8
++DATA	·libc_pledge_trampoline_addr(SB)/8, $libc_pledge_trampoline<>(SB)
++
++TEXT libc_unveil_trampoline<>(SB),NOSPLIT,$0-0
++	JMP	libc_unveil(SB)
++GLOBL	·libc_unveil_trampoline_addr(SB), RODATA, $8
++DATA	·libc_unveil_trampoline_addr(SB)/8, $libc_unveil_trampoline<>(SB)
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+index b40189464..829b87feb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_solaris_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build solaris && amd64
+-// +build solaris,amd64
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+index 1d8fe1d4b..94f011238 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsyscall_zos_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+index 55e048471..3a58ae819 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+index d2243cf83..dcb7a0eb7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+index 82dc51bd8..db5a7bf13 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build arm && openbsd
+-// +build arm,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+index cbdda1a4a..7be575a77 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+index f55eae1a8..d6e3174c6 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+index e44054470..ee97157d0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+index a0db82fce..35c3b91d0 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysctl_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+index f8298ff9b..5edda7687 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+index 5eb433bbf..0dc9e8b4d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+index 703675c0c..308ddf3a1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+index 4e0d96107..418664e3d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+index 01636b838..34d0b86d7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+index ad99bc106..b71cf45e2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && freebsd
+-// +build arm,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+index 89dcc4274..e32df1c1e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+index ee37aaa0c..15ad6111f 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+index 9862853d3..fcf3ecbdd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && linux
+-// +build 386,linux
+ 
+ package unix
+ 
+@@ -448,4 +447,5 @@ const (
+ 	SYS_FUTEX_WAITV                  = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
+ 	SYS_CACHESTAT                    = 451
++	SYS_FCHMODAT2                    = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+index 8901f0f4e..f56dc2504 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && linux
+-// +build amd64,linux
+ 
+ package unix
+ 
+@@ -370,4 +369,6 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
++	SYS_MAP_SHADOW_STACK        = 453
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+index 6902c37ee..974bf2467 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && linux
+-// +build arm,linux
+ 
+ package unix
+ 
+@@ -412,4 +411,5 @@ const (
+ 	SYS_FUTEX_WAITV                  = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
+ 	SYS_CACHESTAT                    = 451
++	SYS_FCHMODAT2                    = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+index a6d3dff81..39a2739e2 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && linux
+-// +build arm64,linux
+ 
+ package unix
+ 
+@@ -315,4 +314,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+index b18f3f710..cf9c9d77e 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build loong64 && linux
+-// +build loong64,linux
+ 
+ package unix
+ 
+@@ -309,4 +308,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+index 0302e5e3d..10b7362ef 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips && linux
+-// +build mips,linux
+ 
+ package unix
+ 
+@@ -432,4 +431,5 @@ const (
+ 	SYS_FUTEX_WAITV                  = 4449
+ 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
+ 	SYS_CACHESTAT                    = 4451
++	SYS_FCHMODAT2                    = 4452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+index 6693ba4a0..cd4d8b4fd 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64 && linux
+-// +build mips64,linux
+ 
+ package unix
+ 
+@@ -362,4 +361,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 5449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
+ 	SYS_CACHESTAT               = 5451
++	SYS_FCHMODAT2               = 5452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+index fd93f4987..2c0efca81 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64le && linux
+-// +build mips64le,linux
+ 
+ package unix
+ 
+@@ -362,4 +361,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 5449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 5450
+ 	SYS_CACHESTAT               = 5451
++	SYS_FCHMODAT2               = 5452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+index 760ddcadc..a72e31d39 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mipsle && linux
+-// +build mipsle,linux
+ 
+ package unix
+ 
+@@ -432,4 +431,5 @@ const (
+ 	SYS_FUTEX_WAITV                  = 4449
+ 	SYS_SET_MEMPOLICY_HOME_NODE      = 4450
+ 	SYS_CACHESTAT                    = 4451
++	SYS_FCHMODAT2                    = 4452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+index cff2b2555..c7d1e3747 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc && linux
+-// +build ppc,linux
+ 
+ package unix
+ 
+@@ -439,4 +438,5 @@ const (
+ 	SYS_FUTEX_WAITV                  = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE      = 450
+ 	SYS_CACHESTAT                    = 451
++	SYS_FCHMODAT2                    = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+index a4b2405d0..f4d4838c8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && linux
+-// +build ppc64,linux
+ 
+ package unix
+ 
+@@ -411,4 +410,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+index aca54b4e3..b64f0e591 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64le && linux
+-// +build ppc64le,linux
+ 
+ package unix
+ 
+@@ -411,4 +410,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+index 9d1738d64..95711195a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+ 
+ package unix
+ 
+@@ -316,4 +315,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+index 022878dc8..f94e943bc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build s390x && linux
+-// +build s390x,linux
+ 
+ package unix
+ 
+@@ -377,4 +376,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+index 4100a761c..ba0c2bc51 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+ 
+ package unix
+ 
+@@ -390,4 +389,5 @@ const (
+ 	SYS_FUTEX_WAITV             = 449
+ 	SYS_SET_MEMPOLICY_HOME_NODE = 450
+ 	SYS_CACHESTAT               = 451
++	SYS_FCHMODAT2               = 452
+ )
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+index 3a6699eba..b2aa8cd49 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+index 5677cd4f1..524a1b1c9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+index e784cb6db..d59b943ac 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && netbsd
+-// +build arm,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+index bd4952efa..31e771d53 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; DO NOT EDIT.
+ 
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+index 597733813..9fd77c6cb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+index 16af29189..af10af28c 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+index f59b18a97..cc2028af4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && openbsd
+-// +build arm,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+index 721ef5910..c06dd4415 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+index 01c43a01f..9ddbf3e08 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+index f258cfa24..19a6ee413 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+index 07919e0ec..05192a782 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+index 073daad43..b2e308581 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/zsysnum_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+index 7a8161c1d..3e6d57cae 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc && aix
+-// +build ppc,aix
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+index 07ed733c5..3a219bdce 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_aix_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && aix
+-// +build ppc64,aix
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+index 690cefc3d..091d107f3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && darwin
+-// +build amd64,darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+index 5bffc10ea..28ff4ef74 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_darwin_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && darwin
+-// +build arm64,darwin
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+index d0ba8e9b8..30e405bb4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_dragonfly_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && dragonfly
+-// +build amd64,dragonfly
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+index 29dc48337..6cbd094a3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && freebsd
+-// +build 386,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+index 0a89b2890..7c03b6ee7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && freebsd
+-// +build amd64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+index c8666bb15..422107ee8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && freebsd
+-// +build arm,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+index 88fb48a88..505a12acf 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && freebsd
+-// +build arm64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+index 698dc975e..cc986c790 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_freebsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && freebsd
+-// +build riscv64,freebsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go
+index 18aa70b42..bbf8399ff 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux.go
+@@ -1,7 +1,6 @@
+ // Code generated by mkmerge; DO NOT EDIT.
+ 
+ //go:build linux
+-// +build linux
+ 
+ package unix
+ 
+@@ -2672,6 +2671,7 @@ const (
+ 	BPF_PROG_TYPE_LSM                          = 0x1d
+ 	BPF_PROG_TYPE_SK_LOOKUP                    = 0x1e
+ 	BPF_PROG_TYPE_SYSCALL                      = 0x1f
++	BPF_PROG_TYPE_NETFILTER                    = 0x20
+ 	BPF_CGROUP_INET_INGRESS                    = 0x0
+ 	BPF_CGROUP_INET_EGRESS                     = 0x1
+ 	BPF_CGROUP_INET_SOCK_CREATE                = 0x2
+@@ -2716,6 +2716,11 @@ const (
+ 	BPF_PERF_EVENT                             = 0x29
+ 	BPF_TRACE_KPROBE_MULTI                     = 0x2a
+ 	BPF_LSM_CGROUP                             = 0x2b
++	BPF_STRUCT_OPS                             = 0x2c
++	BPF_NETFILTER                              = 0x2d
++	BPF_TCX_INGRESS                            = 0x2e
++	BPF_TCX_EGRESS                             = 0x2f
++	BPF_TRACE_UPROBE_MULTI                     = 0x30
+ 	BPF_LINK_TYPE_UNSPEC                       = 0x0
+ 	BPF_LINK_TYPE_RAW_TRACEPOINT               = 0x1
+ 	BPF_LINK_TYPE_TRACING                      = 0x2
+@@ -2726,6 +2731,18 @@ const (
+ 	BPF_LINK_TYPE_PERF_EVENT                   = 0x7
+ 	BPF_LINK_TYPE_KPROBE_MULTI                 = 0x8
+ 	BPF_LINK_TYPE_STRUCT_OPS                   = 0x9
++	BPF_LINK_TYPE_NETFILTER                    = 0xa
++	BPF_LINK_TYPE_TCX                          = 0xb
++	BPF_LINK_TYPE_UPROBE_MULTI                 = 0xc
++	BPF_PERF_EVENT_UNSPEC                      = 0x0
++	BPF_PERF_EVENT_UPROBE                      = 0x1
++	BPF_PERF_EVENT_URETPROBE                   = 0x2
++	BPF_PERF_EVENT_KPROBE                      = 0x3
++	BPF_PERF_EVENT_KRETPROBE                   = 0x4
++	BPF_PERF_EVENT_TRACEPOINT                  = 0x5
++	BPF_PERF_EVENT_EVENT                       = 0x6
++	BPF_F_KPROBE_MULTI_RETURN                  = 0x1
++	BPF_F_UPROBE_MULTI_RETURN                  = 0x1
+ 	BPF_ANY                                    = 0x0
+ 	BPF_NOEXIST                                = 0x1
+ 	BPF_EXIST                                  = 0x2
+@@ -2743,6 +2760,8 @@ const (
+ 	BPF_F_MMAPABLE                             = 0x400
+ 	BPF_F_PRESERVE_ELEMS                       = 0x800
+ 	BPF_F_INNER_MAP                            = 0x1000
++	BPF_F_LINK                                 = 0x2000
++	BPF_F_PATH_FD                              = 0x4000
+ 	BPF_STATS_RUN_TIME                         = 0x0
+ 	BPF_STACK_BUILD_ID_EMPTY                   = 0x0
+ 	BPF_STACK_BUILD_ID_VALID                   = 0x1
+@@ -2763,6 +2782,7 @@ const (
+ 	BPF_F_ZERO_CSUM_TX                         = 0x2
+ 	BPF_F_DONT_FRAGMENT                        = 0x4
+ 	BPF_F_SEQ_NUMBER                           = 0x8
++	BPF_F_NO_TUNNEL_KEY                        = 0x10
+ 	BPF_F_TUNINFO_FLAGS                        = 0x10
+ 	BPF_F_INDEX_MASK                           = 0xffffffff
+ 	BPF_F_CURRENT_CPU                          = 0xffffffff
+@@ -2779,6 +2799,8 @@ const (
+ 	BPF_F_ADJ_ROOM_ENCAP_L4_UDP                = 0x10
+ 	BPF_F_ADJ_ROOM_NO_CSUM_RESET               = 0x20
+ 	BPF_F_ADJ_ROOM_ENCAP_L2_ETH                = 0x40
++	BPF_F_ADJ_ROOM_DECAP_L3_IPV4               = 0x80
++	BPF_F_ADJ_ROOM_DECAP_L3_IPV6               = 0x100
+ 	BPF_ADJ_ROOM_ENCAP_L2_MASK                 = 0xff
+ 	BPF_ADJ_ROOM_ENCAP_L2_SHIFT                = 0x38
+ 	BPF_F_SYSCTL_BASE_NAME                     = 0x1
+@@ -2867,6 +2889,8 @@ const (
+ 	BPF_DEVCG_DEV_CHAR                         = 0x2
+ 	BPF_FIB_LOOKUP_DIRECT                      = 0x1
+ 	BPF_FIB_LOOKUP_OUTPUT                      = 0x2
++	BPF_FIB_LOOKUP_SKIP_NEIGH                  = 0x4
++	BPF_FIB_LOOKUP_TBID                        = 0x8
+ 	BPF_FIB_LKUP_RET_SUCCESS                   = 0x0
+ 	BPF_FIB_LKUP_RET_BLACKHOLE                 = 0x1
+ 	BPF_FIB_LKUP_RET_UNREACHABLE               = 0x2
+@@ -2902,6 +2926,7 @@ const (
+ 	BPF_CORE_ENUMVAL_EXISTS                    = 0xa
+ 	BPF_CORE_ENUMVAL_VALUE                     = 0xb
+ 	BPF_CORE_TYPE_MATCHES                      = 0xc
++	BPF_F_TIMER_ABS                            = 0x1
+ )
+ 
+ const (
+@@ -2980,6 +3005,12 @@ type LoopInfo64 struct {
+ 	Encrypt_key      [32]uint8
+ 	Init             [2]uint64
+ }
++type LoopConfig struct {
++	Fd   uint32
++	Size uint32
++	Info LoopInfo64
++	_    [8]uint64
++}
+ 
+ type TIPCSocketAddr struct {
+ 	Ref  uint32
+@@ -5883,3 +5914,15 @@ type SchedAttr struct {
+ }
+ 
+ const SizeofSchedAttr = 0x38
++
++type Cachestat_t struct {
++	Cache            uint64
++	Dirty            uint64
++	Writeback        uint64
++	Evicted          uint64
++	Recently_evicted uint64
++}
++type CachestatRange struct {
++	Off uint64
++	Len uint64
++}
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+index 6d8acbcc5..438a30aff 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && linux
+-// +build 386,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+index 59293c688..adceca355 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && linux
+-// +build amd64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+index 40cfa38c2..eeaa00a37 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && linux
+-// +build arm,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+index 055bc4216..6739aa91d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && linux
+-// +build arm64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+index f28affbc6..9920ef631 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_loong64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build loong64 && linux
+-// +build loong64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+index 9d71e7ccd..2923b799a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips && linux
+-// +build mips,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+index fd5ccd332..ce2750ee4 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64 && linux
+-// +build mips64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+index 7704de77a..3038811d7 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mips64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64le && linux
+-// +build mips64le,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+index df00b8757..efc6fed18 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_mipsle.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mipsle && linux
+-// +build mipsle,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+index 0942840db..9a654b75a 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc && linux
+-// +build ppc,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+index 034874395..40d358e33 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && linux
+-// +build ppc64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+index bad067047..148c6ceb8 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_ppc64le.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64le && linux
+-// +build ppc64le,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+index 1b4c97c32..72ba81543 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && linux
+-// +build riscv64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+index aa268d025..71e765508 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_s390x.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build s390x && linux
+-// +build s390x,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+index 444045b6c..4abbdb9de 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_linux_sparc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build sparc64 && linux
+-// +build sparc64,linux
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+index 9bc4c8f9d..f22e7947d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && netbsd
+-// +build 386,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+index bb05f655d..066a7d83d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && netbsd
+-// +build amd64,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+index db40e3a19..439548ec9 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && netbsd
+-// +build arm,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+index 11121151c..16085d3bb 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_netbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && netbsd
+-// +build arm64,netbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+index 26eba23b7..afd13a3af 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_386.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build 386 && openbsd
+-// +build 386,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+index 5a5479886..5d97f1f9b 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && openbsd
+-// +build amd64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+index be58c4e1f..34871cdc1 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm && openbsd
+-// +build arm,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+index 52338266c..5911bceb3 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_arm64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build arm64 && openbsd
+-// +build arm64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+index 605cfdb12..e4f24f3bc 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_mips64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build mips64 && openbsd
+-// +build mips64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+index d6724c010..ca50a7930 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_ppc64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build ppc64 && openbsd
+-// +build ppc64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+index ddfd27a43..d7d7f7902 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_openbsd_riscv64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build riscv64 && openbsd
+-// +build riscv64,openbsd
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+index 0400747c6..14160576d 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_solaris_amd64.go
+@@ -2,7 +2,6 @@
+ // Code generated by the command above; see README.md. DO NOT EDIT.
+ 
+ //go:build amd64 && solaris
+-// +build amd64,solaris
+ 
+ package unix
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go b/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+index aec1efcb3..54f31be63 100644
+--- a/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
++++ b/go-controller/vendor/golang.org/x/sys/unix/ztypes_zos_s390x.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build zos && s390x
+-// +build zos,s390x
+ 
+ // Hand edited based on ztypes_linux_s390x.go
+ // TODO: auto-generate.
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/aliases.go b/go-controller/vendor/golang.org/x/sys/windows/aliases.go
+index a20ebea63..ce2d713d6 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/aliases.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/aliases.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows && go1.9
+-// +build windows,go1.9
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/empty.s b/go-controller/vendor/golang.org/x/sys/windows/empty.s
+index fdbbbcd31..ba64caca5 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/empty.s
++++ b/go-controller/vendor/golang.org/x/sys/windows/empty.s
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build !go1.12
+-// +build !go1.12
+ 
+ // This file is here to allow bodyless functions with go:linkname for Go 1.11
+ // and earlier (see https://golang.org/issue/23311).
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/eventlog.go b/go-controller/vendor/golang.org/x/sys/windows/eventlog.go
+index 2cd60645e..6c366955d 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/eventlog.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/eventlog.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go b/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go
+index 8563f79c5..dbcdb090c 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/mksyscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build generate
+-// +build generate
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/race.go b/go-controller/vendor/golang.org/x/sys/windows/race.go
+index 9196b089c..0f1bdc386 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/race.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/race.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows && race
+-// +build windows,race
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/race0.go b/go-controller/vendor/golang.org/x/sys/windows/race0.go
+index 7bae4817a..0c78da78b 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/race0.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/race0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows && !race
+-// +build windows,!race
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/key.go b/go-controller/vendor/golang.org/x/sys/windows/registry/key.go
+index 6c8d97b6a..fd8632444 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/key.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/key.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ // Package registry provides access to the Windows registry.
+ //
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go b/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+index ee74927d3..bbf86ccf0 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/mksyscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build generate
+-// +build generate
+ 
+ package registry
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go b/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go
+index 417335123..f533091c1 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ package registry
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/registry/value.go b/go-controller/vendor/golang.org/x/sys/windows/registry/value.go
+index 2789f6f18..74db26b94 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/registry/value.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/registry/value.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ package registry
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/service.go b/go-controller/vendor/golang.org/x/sys/windows/service.go
+index c44a1b963..a9dc6308d 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/service.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/service.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/str.go b/go-controller/vendor/golang.org/x/sys/windows/str.go
+index 4fc01434e..6a4f9ce6a 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/str.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/str.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ package windows
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/svc/security.go b/go-controller/vendor/golang.org/x/sys/windows/svc/security.go
+index 1c51006ea..6a1f3c627 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/svc/security.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/svc/security.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ package svc
+ 
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/svc/service.go b/go-controller/vendor/golang.org/x/sys/windows/svc/service.go
+index e9e47f0b4..c96932d96 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/svc/service.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/svc/service.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ // Package svc provides everything required to build Windows service.
+ package svc
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/syscall.go b/go-controller/vendor/golang.org/x/sys/windows/syscall.go
+index 8732cdb95..e85ed6b9c 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/syscall.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/syscall.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build windows
+-// +build windows
+ 
+ // Package windows contains an interface to the low-level operating system
+ // primitives. OS details vary depending on the underlying system, and
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go b/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go
+index 35cfc57ca..47dc57967 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/syscall_windows.go
+@@ -155,6 +155,8 @@ func NewCallbackCDecl(fn interface{}) uintptr {
+ //sys	GetModuleFileName(module Handle, filename *uint16, size uint32) (n uint32, err error) = kernel32.GetModuleFileNameW
+ //sys	GetModuleHandleEx(flags uint32, moduleName *uint16, module *Handle) (err error) = kernel32.GetModuleHandleExW
+ //sys	SetDefaultDllDirectories(directoryFlags uint32) (err error)
++//sys	AddDllDirectory(path *uint16) (cookie uintptr, err error) = kernel32.AddDllDirectory
++//sys	RemoveDllDirectory(cookie uintptr) (err error) = kernel32.RemoveDllDirectory
+ //sys	SetDllDirectory(path string) (err error) = kernel32.SetDllDirectoryW
+ //sys	GetVersion() (ver uint32, err error)
+ //sys	FormatMessage(flags uint32, msgsrc uintptr, msgid uint32, langid uint32, buf []uint16, args *byte) (n uint32, err error) = FormatMessageW
+@@ -233,6 +235,7 @@ func NewCallbackCDecl(fn interface{}) uintptr {
+ //sys	CreateEnvironmentBlock(block **uint16, token Token, inheritExisting bool) (err error) = userenv.CreateEnvironmentBlock
+ //sys	DestroyEnvironmentBlock(block *uint16) (err error) = userenv.DestroyEnvironmentBlock
+ //sys	getTickCount64() (ms uint64) = kernel32.GetTickCount64
++//sys   GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
+ //sys	SetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error)
+ //sys	GetFileAttributes(name *uint16) (attrs uint32, err error) [failretval==INVALID_FILE_ATTRIBUTES] = kernel32.GetFileAttributesW
+ //sys	SetFileAttributes(name *uint16, attrs uint32) (err error) = kernel32.SetFileAttributesW
+@@ -969,7 +972,8 @@ func (sa *SockaddrUnix) sockaddr() (unsafe.Pointer, int32, error) {
+ 	if n > 0 {
+ 		sl += int32(n) + 1
+ 	}
+-	if sa.raw.Path[0] == '@' {
++	if sa.raw.Path[0] == '@' || (sa.raw.Path[0] == 0 && sl > 3) {
++		// Check sl > 3 so we don't change unnamed socket behavior.
+ 		sa.raw.Path[0] = 0
+ 		// Don't count trailing NUL for abstract address.
+ 		sl--
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/types_windows.go b/go-controller/vendor/golang.org/x/sys/windows/types_windows.go
+index b88dc7c85..359780f6a 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/types_windows.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/types_windows.go
+@@ -1094,7 +1094,33 @@ const (
+ 
+ 	SOMAXCONN = 0x7fffffff
+ 
+-	TCP_NODELAY = 1
++	TCP_NODELAY                    = 1
++	TCP_EXPEDITED_1122             = 2
++	TCP_KEEPALIVE                  = 3
++	TCP_MAXSEG                     = 4
++	TCP_MAXRT                      = 5
++	TCP_STDURG                     = 6
++	TCP_NOURG                      = 7
++	TCP_ATMARK                     = 8
++	TCP_NOSYNRETRIES               = 9
++	TCP_TIMESTAMPS                 = 10
++	TCP_OFFLOAD_PREFERENCE         = 11
++	TCP_CONGESTION_ALGORITHM       = 12
++	TCP_DELAY_FIN_ACK              = 13
++	TCP_MAXRTMS                    = 14
++	TCP_FASTOPEN                   = 15
++	TCP_KEEPCNT                    = 16
++	TCP_KEEPIDLE                   = TCP_KEEPALIVE
++	TCP_KEEPINTVL                  = 17
++	TCP_FAIL_CONNECT_ON_ICMP_ERROR = 18
++	TCP_ICMP_ERROR_INFO            = 19
++
++	UDP_NOCHECKSUM              = 1
++	UDP_SEND_MSG_SIZE           = 2
++	UDP_RECV_MAX_COALESCED_SIZE = 3
++	UDP_CHECKSUM_COVERAGE       = 20
++
++	UDP_COALESCED_INFO = 3
+ 
+ 	SHUT_RD   = 0
+ 	SHUT_WR   = 1
+diff --git a/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go b/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+index 8b1688de4..146a1f019 100644
+--- a/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go
++++ b/go-controller/vendor/golang.org/x/sys/windows/zsyscall_windows.go
+@@ -184,6 +184,7 @@ var (
+ 	procGetAdaptersInfo                                      = modiphlpapi.NewProc("GetAdaptersInfo")
+ 	procGetBestInterfaceEx                                   = modiphlpapi.NewProc("GetBestInterfaceEx")
+ 	procGetIfEntry                                           = modiphlpapi.NewProc("GetIfEntry")
++	procAddDllDirectory                                      = modkernel32.NewProc("AddDllDirectory")
+ 	procAssignProcessToJobObject                             = modkernel32.NewProc("AssignProcessToJobObject")
+ 	procCancelIo                                             = modkernel32.NewProc("CancelIo")
+ 	procCancelIoEx                                           = modkernel32.NewProc("CancelIoEx")
+@@ -253,6 +254,7 @@ var (
+ 	procGetFileAttributesW                                   = modkernel32.NewProc("GetFileAttributesW")
+ 	procGetFileInformationByHandle                           = modkernel32.NewProc("GetFileInformationByHandle")
+ 	procGetFileInformationByHandleEx                         = modkernel32.NewProc("GetFileInformationByHandleEx")
++	procGetFileTime                                          = modkernel32.NewProc("GetFileTime")
+ 	procGetFileType                                          = modkernel32.NewProc("GetFileType")
+ 	procGetFinalPathNameByHandleW                            = modkernel32.NewProc("GetFinalPathNameByHandleW")
+ 	procGetFullPathNameW                                     = modkernel32.NewProc("GetFullPathNameW")
+@@ -329,6 +331,7 @@ var (
+ 	procReadProcessMemory                                    = modkernel32.NewProc("ReadProcessMemory")
+ 	procReleaseMutex                                         = modkernel32.NewProc("ReleaseMutex")
+ 	procRemoveDirectoryW                                     = modkernel32.NewProc("RemoveDirectoryW")
++	procRemoveDllDirectory                                   = modkernel32.NewProc("RemoveDllDirectory")
+ 	procResetEvent                                           = modkernel32.NewProc("ResetEvent")
+ 	procResizePseudoConsole                                  = modkernel32.NewProc("ResizePseudoConsole")
+ 	procResumeThread                                         = modkernel32.NewProc("ResumeThread")
+@@ -1604,6 +1607,15 @@ func GetIfEntry(pIfRow *MibIfRow) (errcode error) {
+ 	return
+ }
+ 
++func AddDllDirectory(path *uint16) (cookie uintptr, err error) {
++	r0, _, e1 := syscall.Syscall(procAddDllDirectory.Addr(), 1, uintptr(unsafe.Pointer(path)), 0, 0)
++	cookie = uintptr(r0)
++	if cookie == 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
+ func AssignProcessToJobObject(job Handle, process Handle) (err error) {
+ 	r1, _, e1 := syscall.Syscall(procAssignProcessToJobObject.Addr(), 2, uintptr(job), uintptr(process), 0)
+ 	if r1 == 0 {
+@@ -2185,6 +2197,14 @@ func GetFileInformationByHandleEx(handle Handle, class uint32, outBuffer *byte,
+ 	return
+ }
+ 
++func GetFileTime(handle Handle, ctime *Filetime, atime *Filetime, wtime *Filetime) (err error) {
++	r1, _, e1 := syscall.Syscall6(procGetFileTime.Addr(), 4, uintptr(handle), uintptr(unsafe.Pointer(ctime)), uintptr(unsafe.Pointer(atime)), uintptr(unsafe.Pointer(wtime)), 0, 0)
++	if r1 == 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
+ func GetFileType(filehandle Handle) (n uint32, err error) {
+ 	r0, _, e1 := syscall.Syscall(procGetFileType.Addr(), 1, uintptr(filehandle), 0, 0)
+ 	n = uint32(r0)
+@@ -2870,6 +2890,14 @@ func RemoveDirectory(path *uint16) (err error) {
+ 	return
+ }
+ 
++func RemoveDllDirectory(cookie uintptr) (err error) {
++	r1, _, e1 := syscall.Syscall(procRemoveDllDirectory.Addr(), 1, uintptr(cookie), 0, 0)
++	if r1 == 0 {
++		err = errnoErr(e1)
++	}
++	return
++}
++
+ func ResetEvent(event Handle) (err error) {
+ 	r1, _, e1 := syscall.Syscall(procResetEvent.Addr(), 1, uintptr(event), 0, 0)
+ 	if r1 == 0 {
+diff --git a/go-controller/vendor/golang.org/x/term/term_unix.go b/go-controller/vendor/golang.org/x/term/term_unix.go
+index 62c2b3f41..1ad0ddfe3 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unix.go
++++ b/go-controller/vendor/golang.org/x/term/term_unix.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd || solaris || zos
+-// +build aix darwin dragonfly freebsd linux netbsd openbsd solaris zos
+ 
+ package term
+ 
+diff --git a/go-controller/vendor/golang.org/x/term/term_unix_bsd.go b/go-controller/vendor/golang.org/x/term/term_unix_bsd.go
+index 853b3d698..9dbf54629 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unix_bsd.go
++++ b/go-controller/vendor/golang.org/x/term/term_unix_bsd.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build darwin || dragonfly || freebsd || netbsd || openbsd
+-// +build darwin dragonfly freebsd netbsd openbsd
+ 
+ package term
+ 
+diff --git a/go-controller/vendor/golang.org/x/term/term_unix_other.go b/go-controller/vendor/golang.org/x/term/term_unix_other.go
+index 1e8955c93..1b36de799 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unix_other.go
++++ b/go-controller/vendor/golang.org/x/term/term_unix_other.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build aix || linux || solaris || zos
+-// +build aix linux solaris zos
+ 
+ package term
+ 
+diff --git a/go-controller/vendor/golang.org/x/term/term_unsupported.go b/go-controller/vendor/golang.org/x/term/term_unsupported.go
+index f1df85065..3c409e588 100644
+--- a/go-controller/vendor/golang.org/x/term/term_unsupported.go
++++ b/go-controller/vendor/golang.org/x/term/term_unsupported.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd && !zos && !windows && !solaris && !plan9
+-// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd,!zos,!windows,!solaris,!plan9
+ 
+ package term
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+index 8a7392c4a..784bb8808 100644
+--- a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule10.0.0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build go1.10
+-// +build go1.10
+ 
+ package bidirule
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+index bb0a92001..8e1e94395 100644
+--- a/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/secure/bidirule/bidirule9.0.0.go
+@@ -3,7 +3,6 @@
+ // license that can be found in the LICENSE file.
+ 
+ //go:build !go1.10
+-// +build !go1.10
+ 
+ package bidirule
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+index 42fa8d72c..d2bd71181 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables10.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.10 && !go1.13
+-// +build go1.10,!go1.13
+ 
+ package bidi
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+index 56a0e1ea2..f76bdca27 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables11.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.13 && !go1.14
+-// +build go1.13,!go1.14
+ 
+ package bidi
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+index baacf32b4..3aa2c3bdf 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables12.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.14 && !go1.16
+-// +build go1.14,!go1.16
+ 
+ package bidi
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+index ffadb7beb..a71375790 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables13.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.16 && !go1.21
+-// +build go1.16,!go1.21
+ 
+ package bidi
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
+index 92cce5802..f15746f7d 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables15.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.21
+-// +build go1.21
+ 
+ package bidi
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+index f517fdb20..c164d3791 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/bidi/tables9.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build !go1.10
+-// +build !go1.10
+ 
+ package bidi
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+index f5a078827..1af161c75 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables10.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.10 && !go1.13
+-// +build go1.10,!go1.13
+ 
+ package norm
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+index cb7239c43..eb73ecc37 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables11.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.13 && !go1.14
+-// +build go1.13,!go1.14
+ 
+ package norm
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+index 11b273300..276cb8d8c 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables12.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.14 && !go1.16
+-// +build go1.14,!go1.16
+ 
+ package norm
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+index f65785e8a..0cceffd73 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables13.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.16 && !go1.21
+-// +build go1.16,!go1.21
+ 
+ package norm
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
+index e1858b879..b0819e42d 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables15.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build go1.21
+-// +build go1.21
+ 
+ package norm
+ 
+diff --git a/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go b/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+index 0175eae50..bf65457d9 100644
+--- a/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
++++ b/go-controller/vendor/golang.org/x/text/unicode/norm/tables9.0.0.go
+@@ -1,7 +1,6 @@
+ // Code generated by running "go generate" in golang.org/x/text. DO NOT EDIT.
+ 
+ //go:build !go1.10
+-// +build !go1.10
+ 
+ package norm
+ 
+diff --git a/go-controller/vendor/k8s.io/client-go/informers/factory.go b/go-controller/vendor/k8s.io/client-go/informers/factory.go
+index 9fc86441a..7dd0ae635 100644
+--- a/go-controller/vendor/k8s.io/client-go/informers/factory.go
++++ b/go-controller/vendor/k8s.io/client-go/informers/factory.go
+@@ -60,7 +60,6 @@ type sharedInformerFactory struct {
+ 	lock             sync.Mutex
+ 	defaultResync    time.Duration
+ 	customResync     map[reflect.Type]time.Duration
+-	transform        cache.TransformFunc
+ 
+ 	informers map[reflect.Type]cache.SharedIndexInformer
+ 	// startedInformers is used for tracking which informers have been started.
+@@ -99,14 +98,6 @@ func WithNamespace(namespace string) SharedInformerOption {
+ 	}
+ }
+ 
+-// WithTransform sets a transform on all informers.
+-func WithTransform(transform cache.TransformFunc) SharedInformerOption {
+-	return func(factory *sharedInformerFactory) *sharedInformerFactory {
+-		factory.transform = transform
+-		return factory
+-	}
+-}
+-
+ // NewSharedInformerFactory constructs a new instance of sharedInformerFactory for all namespaces.
+ func NewSharedInformerFactory(client kubernetes.Interface, defaultResync time.Duration) SharedInformerFactory {
+ 	return NewSharedInformerFactoryWithOptions(client, defaultResync)
+@@ -211,7 +202,6 @@ func (f *sharedInformerFactory) InformerFor(obj runtime.Object, newFunc internal
+ 	}
+ 
+ 	informer = newFunc(f.client, resyncPeriod)
+-	informer.SetTransform(f.transform)
+ 	f.informers[informerType] = informer
+ 
+ 	return informer
+diff --git a/go-controller/vendor/modules.txt b/go-controller/vendor/modules.txt
+index c88f00fa8..a9683f0a0 100644
+--- a/go-controller/vendor/modules.txt
++++ b/go-controller/vendor/modules.txt
+@@ -385,8 +385,8 @@ go.opencensus.io/internal
+ go.opencensus.io/trace
+ go.opencensus.io/trace/internal
+ go.opencensus.io/trace/tracestate
+-# golang.org/x/crypto v0.14.0
+-## explicit; go 1.17
++# golang.org/x/crypto v0.17.0
++## explicit; go 1.18
+ golang.org/x/crypto/ed25519
+ # golang.org/x/exp v0.0.0-20230811145659-89c5cff77bcb
+ ## explicit; go 1.20
+@@ -420,19 +420,19 @@ golang.org/x/oauth2/internal
+ # golang.org/x/sync v0.2.0
+ ## explicit
+ golang.org/x/sync/errgroup
+-# golang.org/x/sys v0.13.0
+-## explicit; go 1.17
++# golang.org/x/sys v0.15.0
++## explicit; go 1.18
+ golang.org/x/sys/execabs
+ golang.org/x/sys/plan9
+ golang.org/x/sys/unix
+ golang.org/x/sys/windows
+ golang.org/x/sys/windows/registry
+ golang.org/x/sys/windows/svc
+-# golang.org/x/term v0.13.0
+-## explicit; go 1.17
++# golang.org/x/term v0.15.0
++## explicit; go 1.18
+ golang.org/x/term
+-# golang.org/x/text v0.13.0
+-## explicit; go 1.17
++# golang.org/x/text v0.14.0
++## explicit; go 1.18
+ golang.org/x/text/encoding
+ golang.org/x/text/encoding/charmap
+ golang.org/x/text/encoding/htmlindex
+-- 
+2.43.0
+
diff --git a/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch b/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch
new file mode 100644
index 0000000..60dd327
--- /dev/null
+++ b/images/ovn/patches/ovn-kubernetes/0004-stop-creating-ovnkube-eps.patch
@@ -0,0 +1,26 @@
+From 71b19667c04fd114e49d3fda957e26e7fa595675 Mon Sep 17 00:00:00 2001
+From: Mohammed Naser <mnaser@vexxhost.com>
+Date: Sun, 4 Feb 2024 14:15:49 -0500
+Subject: [PATCH] stop creating ovnkube eps
+
+---
+ dist/images/ovnkube.sh | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/dist/images/ovnkube.sh b/dist/images/ovnkube.sh
+index 1d3059cf8..069d36648 100755
+--- a/dist/images/ovnkube.sh
++++ b/dist/images/ovnkube.sh
+@@ -908,9 +908,6 @@ sb-ovsdb() {
+   }
+   ovn-sbctl --inactivity-probe=0 set-connection p${transport}:${ovn_sb_port}:$(bracketify ${ovn_db_host})
+ 
+-  # create the ovnkube-db endpoints
+-  wait_for_event attempts=10 check_ovnkube_db_ep ${ovn_db_host} ${ovn_nb_port}
+-  set_ovnkube_db_ep ${ovn_db_host}
+   if memory_trim_on_compaction_supported "sbdb"
+   then
+     # Enable SBDB memory trimming on DB compaction, Every 10mins DBs are compacted
+-- 
+2.43.0
+
diff --git a/images/placement/Earthfile b/images/placement/Earthfile
index 64d6afd..e843c08 100644
--- a/images/placement/Earthfile
+++ b/images/placement/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=placement
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=a361622d749d3b24aad638ec1b03a7d7124a87b3
@@ -14,5 +15,5 @@
   FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
   COPY +build/venv /var/lib/openstack
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/senlin/Earthfile b/images/senlin/Earthfile
index 7e67788..8decded 100644
--- a/images/senlin/Earthfile
+++ b/images/senlin/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=senlin
 ARG --global RELEASE=2023.2
 ARG --global PROJECT_REF=5382259276d6be6807634c58c7b69b03b57ad6f5
@@ -14,5 +15,5 @@
   FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
   COPY +build/venv /var/lib/openstack
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/staffeln/Earthfile b/images/staffeln/Earthfile
index 9be3407..2f60cc3 100644
--- a/images/staffeln/Earthfile
+++ b/images/staffeln/Earthfile
@@ -1,5 +1,6 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=staffeln
 ARG --global RELEASE=master
 ARG --global PROJECT_REF=v2.2.3
@@ -15,5 +16,5 @@
   FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
   COPY +build/venv /var/lib/openstack
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/images/tempest/Earthfile b/images/tempest/Earthfile
index 61dd5df..2160336 100644
--- a/images/tempest/Earthfile
+++ b/images/tempest/Earthfile
@@ -1,21 +1,49 @@
 VERSION 0.7
 
+ARG --global REGISTRY=ghcr.io/vexxhost/atmosphere
 ARG --global PROJECT=tempest
 ARG --global RELEASE=master
 ARG --global PROJECT_REF=699749ec27897efe9bd7824664237c16c3339c03
 
+build.plugin:
+  ARG PLUGIN
+  FROM ../openstack-service+builder --RELEASE=${RELEASE}
+  DO ../openstack-service+GIT_CHECKOUT \
+    --PROJECT=${PLUGIN} \
+    --PROJECT_REF=${RELEASE}
+  SAVE ARTIFACT /src
+
+octavia-test-server:
+  FROM golang:1.18
+  COPY (+build.plugin/src --PLUGIN=octavia-tempest-plugin) /src
+  ENV GO111MODULE=off
+  ENV CGO_ENABLED=0
+  ENV GOOS=linux
+  RUN go build \
+    -a -ldflags '-s -w -extldflags -static' \
+    -o /build/test_server.bin \
+    /src/octavia_tempest_plugin/contrib/test_server/test_server.go
+  SAVE ARTIFACT /build/test_server.bin
+
 build:
   FROM ../openstack-service+builder --RELEASE=${RELEASE}
+  COPY (+build.plugin/src --PLUGIN=barbican-tempest-plugin) /barbican-tempest-plugin
+  COPY (+build.plugin/src --PLUGIN=cinder-tempest-plugin) /cinder-tempest-plugin
+  COPY (+build.plugin/src --PLUGIN=heat-tempest-plugin) /heat-tempest-plugin
+  COPY (+build.plugin/src --PLUGIN=keystone-tempest-plugin) /keystone-tempest-plugin
+  COPY (+build.plugin/src --PLUGIN=neutron-tempest-plugin) /neutron-tempest-plugin
+  COPY (+build.plugin/src --PLUGIN=octavia-tempest-plugin) /octavia-tempest-plugin
   DO ../openstack-service+BUILD_VENV \
     --PROJECT=${PROJECT} \
     --PROJECT_REF=${PROJECT_REF} \
-    --PIP_PACKAGES="git+https://github.com/openstack/barbican-tempest-plugin.git git+https://github.com/openstack/cinder-tempest-plugin.git git+https://github.com/openstack/heat-tempest-plugin.git git+https://github.com/openstack/keystone-tempest-plugin.git git+https://github.com/openstack/neutron-tempest-plugin.git git+https://github.com/openstack/octavia-tempest-plugin.git"
+    --PIP_PACKAGES="/barbican-tempest-plugin /cinder-tempest-plugin /heat-tempest-plugin /keystone-tempest-plugin /neutron-tempest-plugin /octavia-tempest-plugin junitxml"
 
 image:
   FROM ../openstack-service+image --RELEASE ${RELEASE} --PROJECT ${PROJECT}
+  COPY +octavia-test-server/test_server.bin /opt/octavia-tempest-plugin/test_server.bin
   COPY +build/venv /var/lib/openstack
   DO ../+APT_INSTALL \
-    --PACKAGES "iputils-ping"
+    --PACKAGES "iputils-ping openssh-client"
   SAVE IMAGE --push \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${RELEASE} \
-    ghcr.io/vexxhost/atmosphere/${PROJECT}:${PROJECT_REF}
+    ${REGISTRY}/${PROJECT}:${RELEASE} \
+    ${REGISTRY}/${PROJECT}:${PROJECT_REF}
diff --git a/meta/runtime.yml b/meta/runtime.yml
index 33f1892..ce6befd 100644
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -1,2 +1,2 @@
 ---
-requires_ansible: ">=2.13.4"
+requires_ansible: ">=2.14.0"
diff --git a/molecule/aio/converge.yml b/molecule/aio/converge.yml
new file mode 100644
index 0000000..d6415d8
--- /dev/null
+++ b/molecule/aio/converge.yml
@@ -0,0 +1,45 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Install Ceph
+  ansible.builtin.import_playbook: vexxhost.ceph.site
+  vars:
+    # TODO(mnaser): Drop this once we switch to vexxhost.ceph 3.0.0
+    ceph_version: 18.2.1
+    ceph_repository_version: 18.2.1
+
+- name: Install Kubernetes
+  ansible.builtin.import_playbook: vexxhost.atmosphere.kubernetes
+
+- name: Install CSI
+  ansible.builtin.import_playbook: vexxhost.atmosphere.csi
+
+- name: Deploy Infrastructure
+  ansible.builtin.import_playbook: vexxhost.atmosphere.infrastructure
+
+- name: Deploy OpenStack
+  ansible.builtin.import_playbook: vexxhost.atmosphere.openstack
+
+- name: Configure networking
+  hosts: all
+  tasks:
+    - name: Add IP address to "br-ex"
+      changed_when: false
+      ansible.builtin.shell:
+        cmd: ip addr add 10.96.250.10/24 dev br-ex || true
+
+    - name: Set "br-ex" interface to "up"
+      changed_when: false
+      ansible.builtin.shell:
+        cmd: ip link set br-ex up || true
diff --git a/molecule/aio/create.yml b/molecule/aio/create.yml
new file mode 100644
index 0000000..4e4235c
--- /dev/null
+++ b/molecule/aio/create.yml
@@ -0,0 +1,99 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Wait for user to read warning
+  hosts: localhost
+  tasks:
+    - name: Wait for user to read warning
+      ignore_errors: true # noqa: ignore-errors
+      ansible.builtin.fail:
+        msg: >-
+          ⚠️
+          This code will make substantial changes to your machine, it is strongly
+          recommended that you run this on a server or virtual machine that you
+          dedicate to this purpose.
+          ⚠️
+
+    - name: Wait for user to read warning
+      ansible.builtin.wait_for:
+        timeout: 15
+
+- name: Generate workspace
+  ansible.builtin.import_playbook: vexxhost.atmosphere.generate_workspace
+  vars:
+    workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
+    domain_name: "{{ ansible_default_ipv4['address'].replace('.', '-') }}.{{ lookup('env', 'ATMOSPHERE_DNS_SUFFIX_NAME') | default('nip.io', True) }}"
+
+- name: Setup networking
+  hosts: all
+  become: true
+  vars:
+    management_bridge: "br-mgmt"
+  tasks:
+    - name: Create bridge for management network
+      ignore_errors: true # noqa: ignore-errors
+      changed_when: false
+      ansible.builtin.command:
+        cmd: "ip link add name {{ management_bridge }} type bridge"
+
+    - name: Create fake interface for management bridge
+      ignore_errors: true # noqa: ignore-errors
+      changed_when: false
+      ansible.builtin.command:
+        cmd: "ip link add dummy0 type dummy"
+
+    # NOTE(mnaser): The bridge will not go up until it has an interface
+    #             so we need to assign the dummy interface to the bridge
+    - name: Assign dummy interface to management bridge
+      ignore_errors: true # noqa: ignore-errors
+      changed_when: false
+      ansible.builtin.command:
+        cmd: "ip link set dummy0 master {{ management_bridge }}"
+
+    - name: Assign IP address for management bridge
+      ignore_errors: true # noqa: ignore-errors
+      changed_when: false
+      ansible.builtin.command:
+        cmd: "ip addr add 10.96.240.200/24 dev {{ management_bridge }}"
+
+    - name: Bring up interfaces
+      ignore_errors: true # noqa: ignore-errors
+      changed_when: false
+      ansible.builtin.command:
+        cmd: "ip link set {{ item }} up"
+      loop:
+        - br-mgmt
+        - dummy0
+
+- name: Setup host for deployment
+  hosts: all
+  become: true
+  tasks:
+    - name: Purge "snapd" package
+      become: true
+      ansible.builtin.apt:
+        name: snapd
+        state: absent
+        purge: true
+
+    # TODO(mnaser): Get rid of this once default workspace uses this.
+    - name: Overwrite existing osds.yml file
+      ansible.builtin.copy:
+        dest: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/group_vars/cephs/osds.yml"
+        mode: '0644'
+        content: |
+          ceph_osd_devices:
+            - "/dev/ceph-{{ inventory_hostname_short }}-osd0/data"
+            - "/dev/ceph-{{ inventory_hostname_short }}-osd1/data"
+            - "/dev/ceph-{{ inventory_hostname_short }}-osd2/data"
diff --git a/molecule/ceph/group_vars/.gitkeep b/molecule/aio/group_vars/.gitkeep
similarity index 100%
rename from molecule/ceph/group_vars/.gitkeep
rename to molecule/aio/group_vars/.gitkeep
diff --git a/molecule/aio/group_vars/all/molecule.yml b/molecule/aio/group_vars/all/molecule.yml
new file mode 100644
index 0000000..583eea8
--- /dev/null
+++ b/molecule/aio/group_vars/all/molecule.yml
@@ -0,0 +1,249 @@
+ceph_conf_overrides:
+  - section: global
+    option: mon allow pool size one
+    value: true
+  - section: global
+    option: osd crush chooseleaf type
+    value: 0
+  - section: mon
+    option: auth allow insecure global id reclaim
+    value: false
+
+kubernetes_keepalived_interface: br-mgmt
+
+cilium_helm_values:
+  operator:
+    replicas: 1
+
+csi_driver: local-path-provisioner
+
+cluster_issuer_type: self-signed
+
+ingress_nginx_helm_values:
+  controller:
+    config:
+      worker-processes: 2
+
+percona_xtradb_cluster_spec:
+  allowUnsafeConfigurations: true
+  pxc:
+    size: 1
+  haproxy:
+    size: 1
+
+keystone_helm_values:
+  conf:
+    keystone:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+  pod:
+    replicas:
+      api: 1
+
+barbican_helm_values:
+  conf:
+    barbican:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+  pod:
+    replicas:
+      api: 1
+
+rook_ceph_cluster_radosgw_spec:
+  metadataPool:
+    failureDomain: osd
+  dataPool:
+    failureDomain: osd
+  gateway:
+    instances: 1
+
+glance_helm_values:
+  conf:
+    glance:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+        workers: 2
+      glance_store:
+        rbd_store_replication: 1
+  pod:
+    replicas:
+      api: 1
+glance_images:
+  - name: cirros
+    url: http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
+    min_disk: 1
+    disk_format: raw
+    container_format: bare
+    is_public: true
+
+staffeln_helm_values:
+  conf:
+    staffeln:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+  pod:
+    replicas:
+      api: 1
+      conductor: 1
+
+cinder_helm_values:
+  conf:
+    ceph:
+      pools:
+        backup:
+          replication: 1
+        cinder.volumes:
+          replication: 1
+    cinder:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+        osapi_volume_workers: 2
+  pod:
+    replicas:
+      api: 1
+      scheduler: 1
+
+placement_helm_values:
+  conf:
+    placement:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+    placement_api_uwsgi:
+      uwsgi:
+        processes: 2
+  pod:
+    replicas:
+      api: 1
+
+atmosphere_network_backend: "{{ lookup('env', 'ATMOSPHERE_NETWORK_BACKEND') | default('openvswitch', True) }}"
+ovn_helm_values:
+  conf:
+    auto_bridge_add:
+      br-ex: null
+  pod:
+    replicas:
+      ovn_ovsdb_nb: 1
+      ovn_ovsdb_sb: 1
+      ovn_northd: 1
+
+coredns_helm_values:
+  replicaCount: 1
+
+nova_helm_values:
+  # TODO: reserve memory for host for aio scenario?
+  conf:
+    nova:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+        osapi_compute_workers: 2
+        metadata_workers: 2
+      conductor:
+        workers: 2
+      scheduler:
+        workers: 2
+  pod:
+    replicas:
+      api_metadata: 1
+      osapi: 1
+      conductor: 1
+      scheduler: 1
+      novncproxy: 1
+      spiceproxy: 1
+
+neutron_helm_values:
+  conf:
+    neutron:
+      DEFAULT:
+        api_workers: 2
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+        rpc_workers: 2
+        metadata_workers: 2
+  pod:
+    replicas:
+      server: 1
+
+senlin_helm_values:
+  conf:
+    senlin:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+  pod:
+    replicas:
+      api: 1
+      conductor: 1
+      engine: 1
+      health_manager: 1
+
+heat_helm_values:
+  conf:
+    heat:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+        num_engine_workers: 2
+      heat_api:
+        workers: 2
+      heat_api_cfn:
+        workers: 2
+      heat_api_cloudwatch:
+        workers: 2
+  pod:
+    replicas:
+      api: 1
+      cfn: 1
+      cloudwatch: 1
+      engine: 1
+
+octavia_helm_values:
+  conf:
+    octavia:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+      controller_worker:
+        workers: 2
+    octavia_api_uwsgi:
+      uwsgi:
+        processes: 2
+  pod:
+    replicas:
+      api: 1
+      worker: 1
+      housekeeping: 1
+
+magnum_helm_values:
+  conf:
+    magnum:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+      api:
+        workers: 2
+      conductor:
+        workers: 2
+  pod:
+    replicas:
+      api: 1
+      conductor: 1
+magnum_image_disk_format: qcow2
+magnum_images:
+  - name: ubuntu-2204-kube-v1.27.8s
+    url: https://object-storage.public.mtl1.vexxhost.net/swift/v1/a91f106f55e64246babde7402c21b87a/magnum-capi/ubuntu-2204-kube-v1.27.8.qcow2
+    distro: ubuntu
+
+manila_helm_values:
+  conf:
+    manila:
+      DEFAULT:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+        osapi_share_workers: 2
+  pod:
+    replicas:
+      api: 1
+      scheduler: 1
+
+horizon_helm_values:
+  conf:
+    horizon:
+      local_settings:
+        debug: "{{ lookup('env', 'ATMOSPHERE_DEBUG') | default('false', True) }}"
+  pod:
+    replicas:
+      server: 1
diff --git a/molecule/ceph/host_vars/.gitkeep b/molecule/aio/host_vars/.gitkeep
similarity index 100%
rename from molecule/ceph/host_vars/.gitkeep
rename to molecule/aio/host_vars/.gitkeep
diff --git a/molecule/aio/molecule.yml b/molecule/aio/molecule.yml
new file mode 100644
index 0000000..e88073a
--- /dev/null
+++ b/molecule/aio/molecule.yml
@@ -0,0 +1,40 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+dependency:
+  name: galaxy
+driver:
+  name: default
+  options:
+    managed: False
+    ansible_connection_options:
+      ansible_become: "true"
+      ansible_connection: local
+platforms:
+  - name: instance
+    groups:
+      - controllers
+      - cephs
+      - computes
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      callbacks_enabled: ansible.posix.profile_tasks
+  inventory:
+    links:
+      host_vars: "${ATMOSPHERE_ANSIBLE_VARS_PATH-$MOLECULE_SCENARIO_DIRECTORY}/host_vars"
+      group_vars: "${ATMOSPHERE_ANSIBLE_VARS_PATH-$MOLECULE_SCENARIO_DIRECTORY}/group_vars"
+verifier:
+  name: ansible
diff --git a/molecule/aio/prepare.yml b/molecule/aio/prepare.yml
new file mode 100644
index 0000000..e621e60
--- /dev/null
+++ b/molecule/aio/prepare.yml
@@ -0,0 +1,32 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Create fake devices for Ceph
+  ansible.builtin.import_playbook: vexxhost.ceph.create_fake_devices
+
+- name: Prepare system for Neutron
+  ansible.builtin.import_playbook: ../shared/prepare/neutron.yml
+
+# TODO(mnaser): Drop this once we switch to vexxhost.ceph 3.0.0
+- name: Configure Ceph workarounds
+  hosts: cephs
+  roles:
+    - vexxhost.ceph.repository
+  post_tasks:
+    - name: Install "ceph-volume"
+      ansible.builtin.package:
+        name: ceph-volume
+        state: present
+  vars:
+    ceph_version: 18.2.1
diff --git a/molecule/ceph/verify.yml b/molecule/aio/verify.yml
similarity index 81%
rename from molecule/ceph/verify.yml
rename to molecule/aio/verify.yml
index b88e217..3a4757b 100644
--- a/molecule/ceph/verify.yml
+++ b/molecule/aio/verify.yml
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
+# Copyright (c) 2024 VEXXHOST, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License"); you may
 # not use this file except in compliance with the License. You may obtain
@@ -12,4 +12,5 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- import_playbook: vexxhost.atmosphere.tempest
+- name: Run Tempest tests
+  ansible.builtin.import_playbook: vexxhost.atmosphere.tempest
diff --git a/molecule/ceph/cleanup.yml b/molecule/ceph/cleanup.yml
deleted file mode 100644
index f9359ab..0000000
--- a/molecule/ceph/cleanup.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- ansible.builtin.import_playbook: vexxhost.ceph.destroy_fake_devices
-
-- hosts: localhost
-  connection: local
-  gather_facts: false
-  no_log: "{{ molecule_no_log }}"
-  vars:
-    workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
-  tasks:
-    - name: Capture var files to delete
-      find:
-        paths:
-          - "{{ workspace_path }}/group_vars"
-          - "{{ workspace_path }}/host_vars"
-        file_type: file
-        recurse: true
-        excludes:
-          - "molecule.yml"
-      register: _var_files
-
-    - name: Delete var files
-      file:
-        path: "{{ item.path }}"
-        state: absent
-      with_items: "{{ _var_files['files'] }}"
diff --git a/molecule/ceph/converge.yml b/molecule/ceph/converge.yml
deleted file mode 100644
index fc75f20..0000000
--- a/molecule/ceph/converge.yml
+++ /dev/null
@@ -1,65 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- ansible.builtin.import_playbook: vexxhost.ceph.site
-- ansible.builtin.import_playbook: vexxhost.atmosphere.kubernetes
-
-# NOTE(mnaser): When using Docker with custom networks, it will use 127.0.0.11
-#               as the DNS server which trips up the CoreDNS "loop" plugin.
-- name: Switch CoreDNS to use CloudFlare DNS
-  hosts: controllers[0]
-  become: true
-  tasks:
-    - name: Update CoreDNS ConfigMap
-      kubernetes.core.k8s:
-        state: present
-        definition:
-          apiVersion: v1
-          kind: ConfigMap
-          metadata:
-            name: coredns
-            namespace: kube-system
-          data:
-            Corefile: |
-              .:53 {
-                  errors
-                  health {
-                    lameduck 5s
-                  }
-                  ready
-                  kubernetes cluster.local in-addr.arpa ip6.arpa {
-                    pods insecure
-                    fallthrough in-addr.arpa ip6.arpa
-                    ttl 30
-                  }
-                  prometheus :9153
-                  forward . 1.1.1.1 {
-                    max_concurrent 1000
-                  }
-                  cache 30
-                  loop
-                  reload
-                  loadbalance
-              }
-      notify:
-        - Rollout CoreDNS
-        - Wait for CoreDNS to be ready
-  handlers:
-    - name: Rollout CoreDNS
-      command: kubectl -n kube-system rollout restart deploy/coredns
-    - name: Wait for CoreDNS to be ready
-      command: kubectl -n kube-system rollout status deploy/coredns
-
-- ansible.builtin.import_playbook: vexxhost.atmosphere.csi
-- ansible.builtin.import_playbook: vexxhost.atmosphere.openstack
diff --git a/molecule/ceph/group_vars/all/molecule.yml b/molecule/ceph/group_vars/all/molecule.yml
deleted file mode 100644
index 5264d6d..0000000
--- a/molecule/ceph/group_vars/all/molecule.yml
+++ /dev/null
@@ -1,126 +0,0 @@
-ceph_conf_overrides:
-  - section: global
-    option: osd crush chooseleaf type
-    value: 0
-  - section: mon
-    option: auth allow insecure global id reclaim
-    value: false
-
-kubernetes_keepalived_interface: eth0
-
-cilium_helm_values:
-  operator:
-    replicas: 1
-
-csi_driver: local-path-provisioner
-
-cluster_issuer_type: self-signed
-
-ingress_nginx_helm_values:
-  controller:
-    config:
-      worker-processes: 2
-
-percona_xtradb_cluster_spec:
-  allowUnsafeConfigurations: true
-  pxc:
-    size: 1
-  haproxy:
-    size: 1
-
-keystone_helm_values:
-  pod:
-    replicas:
-      api: 1
-
-barbican_helm_values:
-  pod:
-    replicas:
-      api: 1
-
-rook_ceph_cluster_radosgw_spec:
-  metadataPool:
-    failureDomain: osd
-  dataPool:
-    failureDomain: osd
-  gateway:
-    instances: 1
-
-glance_helm_values:
-  conf:
-    glance:
-      DEFAULT:
-        workers: 2
-  pod:
-    replicas:
-      api: 1
-glance_images:
-  - name: cirros
-    url: http://download.cirros-cloud.net/0.6.1/cirros-0.6.1-x86_64-disk.img
-    min_disk: 1
-    disk_format: raw
-    container_format: bare
-    is_public: true
-
-cinder_helm_values:
-  pod:
-    replicas:
-      api: 1
-      scheduler: 1
-
-placement_helm_values:
-  pod:
-    replicas:
-      api: 1
-
-coredns_helm_values:
-  replicaCount: 1
-
-atmosphere_network_backend: "{{ lookup('env', 'ATMOSPHERE_NETWORK_BACKEND') | default('openvswitch', True) }}"
-ovn_helm_values:
-  conf:
-    auto_bridge_add:
-      br-ex: eth1
-  pod:
-    replicas:
-      ovn_ovsdb_nb: 1
-      ovn_ovsdb_sb: 1
-      ovn_northd: 1
-
-nova_helm_values:
-  conf:
-    nova:
-      DEFAULT:
-        osapi_compute_workers: 2
-        metadata_workers: 2
-      conductor:
-        workers: 2
-      scheduler:
-        workers: 2
-  pod:
-    replicas:
-      api_metadata: 1
-      osapi: 1
-      conductor: 1
-      scheduler: 1
-      novncproxy: 1
-      spiceproxy: 1
-
-neutron_helm_values:
-  conf:
-    auto_bridge_add:
-      br-ex: eth1
-    neutron:
-      DEFAULT:
-        api_workers: 2
-        rpc_workers: 2
-        metadata_workers: 2
-  pod:
-    replicas:
-      server: 1
-
-tempest_helm_values:
-  conf:
-    tempest:
-      service_available:
-        horizon: false
diff --git a/molecule/ceph/molecule.yml b/molecule/ceph/molecule.yml
deleted file mode 100644
index 90c6a83..0000000
--- a/molecule/ceph/molecule.yml
+++ /dev/null
@@ -1,84 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-dependency:
-  name: galaxy
-driver:
-  name: docker
-platforms:
-  - name: instance
-    image: geerlingguy/docker-${MOLECULE_DISTRO:-ubuntu2004}-ansible:latest
-    command: ${MOLECULE_DOCKER_COMMAND:-""}
-    privileged: true
-    cgroupns_mode: host
-    pre_build_image: true
-    purge_networks: true
-    dns_servers:
-      - 1.1.1.1
-    docker_networks:
-      - name: mgmt
-        ipam_config:
-          - subnet: 10.96.240.0/24
-            gateway: 10.96.240.1
-      - name: public
-        ipam_config:
-          - subnet: 10.96.250.0/24
-            gateway: 10.96.250.1
-    networks:
-      - name: mgmt
-      - name: public
-    security_opts:
-      - apparmor=unconfined
-    volumes:
-      - /dev:/dev
-      - /lib/modules:/lib/modules:ro
-      - /sys/fs/cgroup:/sys/fs/cgroup:rw
-      - /usr/src:/usr/src:ro
-    groups:
-      - controllers
-      - cephs
-      - computes
-provisioner:
-  name: ansible
-  config_options:
-    connection:
-      pipelining: true
-    tags:
-      skip: >-
-        sysctl,
-        ethtool,
-        node-feature-discovery,
-        kube-prometheus-stack,
-        loki,
-        vector,
-        ipmi-exporter,
-        prometheus-pushgateway,
-        multipathd,
-        lpfc,
-        senlin,
-        designate,
-        heat,
-        octavia,
-        magnum,
-        manila,
-        horizon,
-        openstack-exporter
-  options:
-    inventory: "${MOLECULE_EPHEMERAL_DIRECTORY}/workspace"
-  inventory:
-    links:
-      host_vars: "${MOLECULE_SCENARIO_DIRECTORY}/host_vars"
-      group_vars: "${MOLECULE_SCENARIO_DIRECTORY}/group_vars"
-verifier:
-  name: ansible
diff --git a/molecule/ceph/prepare.yml b/molecule/ceph/prepare.yml
deleted file mode 100644
index f3337d9..0000000
--- a/molecule/ceph/prepare.yml
+++ /dev/null
@@ -1,75 +0,0 @@
-# Copyright (c) 2023 VEXXHOST, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License"); you may
-# not use this file except in compliance with the License. You may obtain
-# a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-# License for the specific language governing permissions and limitations
-# under the License.
-
-- import_playbook: vexxhost.atmosphere.generate_workspace
-  vars:
-    workspace_path: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}"
-    domain_name: "{{ '{{' }} ansible_default_ipv4['address'].replace('.', '-') {{ '}}' }}.{{ lookup('env', 'ATMOSPHERE_DNS_SUFFIX_NAME') | default('nip.io', True) }}"
-
-- name: Prepare
-  hosts: all
-  become: true
-  pre_tasks:
-    - name: Wait for systemd to complete initialization
-      ansible.builtin.command: systemctl is-system-running
-      register: systemctl_status
-      until: >
-        'running' in systemctl_status.stdout or
-        'degraded' in systemctl_status.stdout
-      retries: 30
-      delay: 5
-      changed_when: false
-      failed_when: systemctl_status.rc > 1
-  tasks:
-    - name: Refresh cache & install "iptables"
-      ansible.builtin.package:
-        name: iptables
-        update_cache: true
-
-    # NOTE(mnaser): The base image installs Ansible using `pip` which breaks
-    #               the system Python, we uninstall all Python packages.
-    - name: Fix Python installation
-      block:
-        - name: Get all Python packages
-          ansible.builtin.command: pip freeze
-          register: pip_freeze
-
-        - name: Uninstall all Python packages
-          ansible.builtin.pip:
-            name: "{{ pip_freeze.stdout_lines }}"
-            state: absent
-
-- ansible.builtin.import_playbook: vexxhost.ceph.create_fake_devices
-
-- hosts: controllers
-  become: true
-  tasks:
-    - name: Overwrite existing osds.yml file
-      delegate_to: localhost
-      ansible.builtin.copy:
-        dest: "{{ lookup('env', 'MOLECULE_SCENARIO_DIRECTORY') }}/group_vars/cephs/osds.yml"
-        content: |
-          ceph_osd_devices:
-            - "/dev/ceph-{{ inventory_hostname_short }}-osd0/data"
-            - "/dev/ceph-{{ inventory_hostname_short }}-osd1/data"
-            - "/dev/ceph-{{ inventory_hostname_short }}-osd2/data"
-
-    - name: Set masquerade rule
-      become: yes
-      ansible.builtin.iptables:
-        table: nat
-        chain: POSTROUTING
-        source: 10.96.250.0/24
-        out_interface: "{{ ansible_default_ipv4.interface }}"
-        jump: MASQUERADE
diff --git a/playbooks/generate_workspace.yml b/playbooks/generate_workspace.yml
index 3df0c4a..0b11184 100644
--- a/playbooks/generate_workspace.yml
+++ b/playbooks/generate_workspace.yml
@@ -168,7 +168,6 @@
 
 - name: Generate endpoints for workspace
   hosts: localhost
-  gather_facts: false
   vars:
     _endpoints_path: "{{ workspace_path }}/group_vars/all/endpoints.yml"
     # Input variables
diff --git a/playbooks/infrastructure.yml b/playbooks/infrastructure.yml
new file mode 100644
index 0000000..db62f05
--- /dev/null
+++ b/playbooks/infrastructure.yml
@@ -0,0 +1,49 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Infrastructure
+  hosts: controllers[0]
+  become: true
+  roles:
+    - role: cert_manager
+      tags:
+        - cert-manager
+
+    - role: cluster_issuer
+      tags:
+        - cluster-issuer
+
+    - role: ingress_nginx
+      tags:
+        - ingress-nginx
+
+    - role: rabbitmq_cluster_operator
+      tags:
+        - rabbitmq-cluster-operator
+
+    - role: percona_xtradb_cluster_operator
+      tags:
+        - percona-xtradb-cluster-operator
+
+    - role: percona_xtradb_cluster
+      tags:
+        - percona-xtradb-cluster
+
+    - role: keycloak
+      tags:
+        - keycloak
+
+    - role: keepalived
+      tags:
+        - keepalived
diff --git a/playbooks/monitoring.yml b/playbooks/monitoring.yml
new file mode 100644
index 0000000..c5249b9
--- /dev/null
+++ b/playbooks/monitoring.yml
@@ -0,0 +1,41 @@
+# Copyright (c) 2024 VEXXHOST, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+- name: Deploy Monitoring
+  hosts: controllers[0]
+  become: true
+  roles:
+    - role: node_feature_discovery
+      tags:
+        - node-feature-discovery
+
+    - role: kube_prometheus_stack
+      tags:
+        - kube-prometheus-stack
+
+    - role: loki
+      tags:
+        - loki
+
+    - role: vector
+      tags:
+        - vector
+
+    - role: ipmi_exporter
+      tags:
+        - ipmi-exporter
+
+    - role: prometheus_pushgateway
+      tags:
+        - prometheus-pushgateway
diff --git a/playbooks/openstack.yml b/playbooks/openstack.yml
index 5f3827b..be3cc7c 100644
--- a/playbooks/openstack.yml
+++ b/playbooks/openstack.yml
@@ -12,65 +12,10 @@
 # License for the specific language governing permissions and limitations
 # under the License.
 
-- hosts: controllers[0]
+- name: Deploy OpenStack
+  hosts: controllers[0]
   become: true
   roles:
-    - role: cert_manager
-      tags:
-        - cert-manager
-
-    - role: cluster_issuer
-      tags:
-        - cluster-issuer
-
-    - role: ingress_nginx
-      tags:
-        - ingress-nginx
-
-    - role: rabbitmq_cluster_operator
-      tags:
-        - rabbitmq-cluster-operator
-
-    - role: percona_xtradb_cluster_operator
-      tags:
-        - percona-xtradb-cluster-operator
-
-    - role: percona_xtradb_cluster
-      tags:
-        - percona-xtradb-cluster
-
-    - role: keycloak
-      tags:
-        - keycloak
-
-    - role: node_feature_discovery
-      tags:
-        - node-feature-discovery
-
-    - role: kube_prometheus_stack
-      tags:
-        - kube-prometheus-stack
-
-    - role: loki
-      tags:
-        - loki
-
-    - role: vector
-      tags:
-        - vector
-
-    - role: ipmi_exporter
-      tags:
-        - ipmi-exporter
-
-    - role: prometheus_pushgateway
-      tags:
-        - prometheus-pushgateway
-
-    - role: keepalived
-      tags:
-        - keepalived
-
     - role: memcached
       tags:
         - memcached
diff --git a/playbooks/site.yml b/playbooks/site.yml
index 8b7255b..5d44097 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -13,6 +13,18 @@
 # under the License.
 
 - import_playbook: vexxhost.ceph.site
-- import_playbook: vexxhost.atmosphere.kubernetes
-- import_playbook: vexxhost.atmosphere.csi
-- import_playbook: vexxhost.atmosphere.openstack
+
+- name: Install Kubernetes
+  import_playbook: vexxhost.atmosphere.kubernetes
+
+- name: Install CSI
+  import_playbook: vexxhost.atmosphere.csi
+
+- name: Deploy Infrastructure
+  ansible.builtin.import_playbook: vexxhost.atmosphere.infrastructure
+
+- name: Deploy Monitoring
+  ansible.builtin.import_playbook: vexxhost.atmosphere.monitoring
+
+- name: Deploy OpenStack
+  import_playbook: vexxhost.atmosphere.openstack
diff --git a/roles/cluster_issuer/handlers/main.yml b/roles/cluster_issuer/handlers/main.yml
index 711faa3..ce91b4f 100644
--- a/roles/cluster_issuer/handlers/main.yml
+++ b/roles/cluster_issuer/handlers/main.yml
@@ -13,5 +13,6 @@
 # under the License.
 
 - name: Update CA certificates on host
+  changed_when: true
   ansible.builtin.command:
     cmd: update-ca-certificates
diff --git a/roles/defaults/vars/main.yml b/roles/defaults/vars/main.yml
index b8bfad7..6d06192 100644
--- a/roles/defaults/vars/main.yml
+++ b/roles/defaults/vars/main.yml
@@ -192,7 +192,7 @@
   staffeln_db_sync: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:c09b73991d4ffa3b582e8d6c92888b6964f7023d69a84762de1a62678cad1777
   staffeln_conductor: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:c09b73991d4ffa3b582e8d6c92888b6964f7023d69a84762de1a62678cad1777
   staffeln_api: ghcr.io/vexxhost/atmosphere/staffeln:v2.2.3@sha256:c09b73991d4ffa3b582e8d6c92888b6964f7023d69a84762de1a62678cad1777
-  tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:82300000bc99670cc3f4be3ba0e8577a0e8e59ef9d58ca71d069a9a1928804f5
+  tempest_run_tests: ghcr.io/vexxhost/atmosphere/tempest:master@sha256:e60b44b4a181f04879db1aa364e9b29904e705243b7a06fb27ecf9ae002660d0
   vector: docker.io/timberio/vector:0.27.0-debian@sha256:29f23dab76fa306b67b10eac3e9decdb01c906f8aa3b00a2f5b2e8ae088b84e0
 
 atmosphere_images: '{{ _atmosphere_images | combine(atmosphere_image_overrides, recursive=True)
diff --git a/roles/keycloak/meta/main.yml b/roles/keycloak/meta/main.yml
index 1a2d277..7fd6458 100644
--- a/roles/keycloak/meta/main.yml
+++ b/roles/keycloak/meta/main.yml
@@ -26,8 +26,7 @@
 dependencies:
   - role: defaults
   - role: openstack_helm_endpoints
-    vars:
-      openstack_helm_endpoints_list: ["oslo_db"]
+    openstack_helm_endpoints_list: ["oslo_db"]
   - role: vexxhost.kubernetes.upload_helm_chart
     vars:
       upload_helm_chart_src: "{{ keycloak_helm_chart_path }}"
diff --git a/roles/openstack_helm_endpoints/tasks/main.yml b/roles/openstack_helm_endpoints/tasks/main.yml
index 6e4056f..afabb02 100644
--- a/roles/openstack_helm_endpoints/tasks/main.yml
+++ b/roles/openstack_helm_endpoints/tasks/main.yml
@@ -14,7 +14,6 @@
 
 - name: Retrieve list of all the needed endpoints
   ansible.builtin.set_fact:
-    # noqa: yaml[line-length]
     openstack_helm_endpoints_list: |-
       {{ lookup('ansible.builtin.file', '../../../charts/' ~ openstack_helm_endpoints_chart ~ '/values.yaml', split_lines=False) | from_yaml | community.general.json_query('keys(endpoints)') | difference(_openstack_helm_endpoints_ignore) }}
   when:
diff --git a/roles/staffeln/vars/main.yml b/roles/staffeln/vars/main.yml
index 5f26973..c0be4b3 100644
--- a/roles/staffeln/vars/main.yml
+++ b/roles/staffeln/vars/main.yml
@@ -23,8 +23,8 @@
   conf:
     staffeln:
       conductor:
-        backup_metadata_key: "{{staffeln_backup_metadata_key}}"
-        retention_metadata_key: "{{staffeln_retention_metadata_key}}"
+        backup_metadata_key: "{{ staffeln_backup_metadata_key }}"
+        retention_metadata_key: "{{ staffeln_retention_metadata_key }}"
   manifests:
     ingress_api: false
     service_ingress_api: false
diff --git a/roles/tempest/vars/main.yml b/roles/tempest/vars/main.yml
index c1eb848..39eb424 100644
--- a/roles/tempest/vars/main.yml
+++ b/roles/tempest/vars/main.yml
@@ -38,10 +38,15 @@
         v3_endpoint_type: internal
       image:
         endpoint_type: internal
+      load_balancer:
+        endpoint_type: internal
+        enable_security_groups: true
       network:
         endpoint_type: internal
         floating_network_name: public
         shared_physical_network: false
+      network-feature-enabled:
+        port_security: true
       placement:
         endpoint_type: internal
       validation:
diff --git a/shell.nix b/shell.nix
deleted file mode 100644
index f11ac39..0000000
--- a/shell.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ pkgs ? import <nixpkgs> { } }:
-
-pkgs.mkShell {
-  packages = with pkgs; [
-    pkgs.earthly
-    pkgs.go
-    pkgs.poetry
-  ];
-}