fix: image cache volume provisioning

Makefile

@@ -490,7 +490,7 @@ uki-certs: talosctl ## Generate test certificates for SecureBoot/PCR Signing
 .PHONY: cache-create
 cache-create: installer imager ## Generate image cache.
 	@docker run --entrypoint /usr/local/bin/e2e.test registry.k8s.io/conformance:$(KUBECTL_VERSION) --list-images | \
-		$(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG) --registry-and-user=$(REGISTRY_AND_USERNAME) | \
+		$(TALOSCTL_EXECUTABLE) images integration --installer-tag=$(IMAGE_TAG)-amd64-secureboot --registry-and-user=$(REGISTRY_AND_USERNAME) | \
 		$(TALOSCTL_EXECUTABLE) images cache-create --image-cache-path=/tmp/cache.tar --images=- --force
 	@crane push /tmp/cache.tar $(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG)
 	@$(MAKE) image-iso IMAGER_ARGS="--image-cache=$(REGISTRY_AND_USERNAME)/image-cache:$(IMAGE_TAG) --extra-kernel-arg='console=ttyS0'"

internal/app/machined/pkg/controllers/block/volume_manager.go

@@ -285,6 +285,11 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
 
 		fullyProvisionedWave := math.MaxInt
 		allClosed := true
+		minWave := math.MinInt
+
+		if len(volumeConfigs) > 0 {
+			minWave = volumeConfigs[0].TypedSpec().Provisioning.Wave
+		}
 
 		for _, vc := range volumeConfigs {
 			// abort on context cancel, as each volume processing might take a while
@@ -341,7 +346,8 @@ func (ctrl *VolumeManagerController) Run(ctx context.Context, r controller.Runti
 				volumeStatus.PreFailPhase = block.VolumePhase(0)
 			}
 
-			if volumeStatus.Phase != block.VolumePhaseReady {
+			// if the wave we're working on is a minimum wave, let's not push the limit further, as minWave can be processed (partially)
+			if volumeStatus.Phase != block.VolumePhaseReady && vc.TypedSpec().Provisioning.Wave != minWave {
 				fullyProvisionedWave = vc.TypedSpec().Provisioning.Wave - 1
 			}
 

internal/app/machined/pkg/controllers/cri/image_cache_config.go

@@ -184,6 +184,8 @@ func (ctrl *ImageCacheConfigController) Run(ctx context.Context, r controller.Ru
 			}
 		}
 
+		logger.Debug("image cache status", zap.String("status", status.String()), zap.String("copy_status", copyStatus.String()))
+
 		if err = safe.WriterModify(ctx, r, cri.NewImageCacheConfig(), func(cfg *cri.ImageCacheConfig) error {
 			cfg.TypedSpec().Status = status
 			cfg.TypedSpec().CopyStatus = copyStatus
@@ -349,10 +351,12 @@ func (ctrl *ImageCacheConfigController) analyzeImageCacheVolumes(ctx context.Con
 	roots := make([]string, 0, len(volumeIDs))
 
 	var (
-		allReady, isoReady, diskReady bool
-		copySource, copyTarget        string
+		isoReady, diskReady    bool
+		copySource, copyTarget string
 	)
 
+	allReady := true
+
 	// analyze volume statuses, and build the roots
 	for _, volumeStatus := range volumeStatuses {
 		// mount as rw only disk cache if the ISO cache is present