From cc5eb4765c94b8a975830fd7e5824b8282d0b912 Mon Sep 17 00:00:00 2001 From: Andrei Kvapil Date: Mon, 27 Jan 2025 10:56:23 +0100 Subject: [PATCH] Introduce BootBox (#601) - Introduce tinkerbell essentials - Introduce bootbox ## Summary by CodeRabbit # Release Notes: BootBox Package (v0.1.0) ## New Features - Added BootBox, a PXE hardware provisioning service. - Introduced network boot configuration with Matchbox and Smee. - Enabled hardware management through Kubernetes Custom Resource Definitions. - Added support for managing physical machine specifications and configurations. - New HelmRelease configuration for streamlined deployment. - Added new application entry for BootBox in the configuration. ## Configuration - Supports configuring physical machine instances. - Provides flexible network boot and DHCP settings. - Includes role-based access control (RBAC) configurations. - New parameters for trusted proxies and syslog settings. - Enhanced configuration options for deployment parameters and resource allocations. - Introduced new schema for validating configuration values. ## Deployment - Deployed in `tenant-root` namespace. - Optional and privileged installation. - Depends on Cilium and KubeOVN networking components. - Configurable deployment strategies and resource allocations. - Introduced new Service and Ingress resources for improved traffic management. - Added support for host networking and public IP configurations. ## Compatibility - Supports single-node and multi-node cluster configurations. - Compatible with Kubernetes environments. --------- Signed-off-by: Andrei Kvapil --- packages/core/installer/Makefile | 2 + .../core/platform/bundles/distro-full.yaml | 8 + packages/core/platform/bundles/paas-full.yaml | 8 + packages/extra/bootbox/Chart.yaml | 6 + packages/extra/bootbox/Makefile | 11 + packages/extra/bootbox/README.md | 11 + packages/extra/bootbox/hack/test.sh | 18 + packages/extra/bootbox/images/matchbox.tag | 1 + packages/extra/bootbox/logos/bootbox.svg | 91 ++++ .../bootbox/templates/check-release-name.yaml | 6 + .../templates/dashboard-resourcemap.yaml | 35 ++ .../templates/matchbox/configmaps.yaml | 42 ++ .../templates/matchbox/deployment.yaml | 54 +++ .../bootbox/templates/matchbox/ingress.yaml | 37 ++ .../bootbox/templates/matchbox/machines.yaml | 47 +++ .../bootbox/templates/matchbox/service.yaml | 12 + packages/extra/bootbox/values.schema.json | 25 ++ packages/extra/bootbox/values.yaml | 30 ++ packages/extra/versions_map | 1 + packages/system/bootbox/Chart.yaml | 3 + packages/system/bootbox/Makefile | 16 + .../system/bootbox/charts/smee/Chart.yaml | 25 ++ .../charts/smee/crds/hardware-crd.yaml | 388 ++++++++++++++++++ .../bootbox/charts/smee/templates/_ports.tpl | 24 ++ .../charts/smee/templates/_scheduling.tpl | 12 + .../charts/smee/templates/deployment.yaml | 182 ++++++++ .../charts/smee/templates/role-binding.yaml | 21 + .../bootbox/charts/smee/templates/role.yaml | 17 + .../smee/templates/service-account.yaml | 7 + .../charts/smee/templates/service.yaml | 31 ++ .../bootbox/charts/smee/values.schema.json | 41 ++ .../system/bootbox/charts/smee/values.yaml | 166 ++++++++ .../system/bootbox/templates/bootbox.yaml | 21 + packages/system/bootbox/values.yaml | 6 + .../cozystack-api/templates/configmap.yaml | 14 + packages/system/dashboard/values.yaml | 14 + 36 files changed, 1433 insertions(+) create mode 100644 packages/extra/bootbox/Chart.yaml create mode 100644 packages/extra/bootbox/Makefile create mode 100644 packages/extra/bootbox/README.md create mode 100644 packages/extra/bootbox/hack/test.sh create mode 100644 packages/extra/bootbox/images/matchbox.tag create mode 100644 packages/extra/bootbox/logos/bootbox.svg create mode 100644 packages/extra/bootbox/templates/check-release-name.yaml create mode 100644 packages/extra/bootbox/templates/dashboard-resourcemap.yaml create mode 100644 packages/extra/bootbox/templates/matchbox/configmaps.yaml create mode 100644 packages/extra/bootbox/templates/matchbox/deployment.yaml create mode 100644 packages/extra/bootbox/templates/matchbox/ingress.yaml create mode 100644 packages/extra/bootbox/templates/matchbox/machines.yaml create mode 100644 packages/extra/bootbox/templates/matchbox/service.yaml create mode 100644 packages/extra/bootbox/values.schema.json create mode 100644 packages/extra/bootbox/values.yaml create mode 100644 packages/system/bootbox/Chart.yaml create mode 100644 packages/system/bootbox/Makefile create mode 100644 packages/system/bootbox/charts/smee/Chart.yaml create mode 100644 packages/system/bootbox/charts/smee/crds/hardware-crd.yaml create mode 100644 packages/system/bootbox/charts/smee/templates/_ports.tpl create mode 100644 packages/system/bootbox/charts/smee/templates/_scheduling.tpl create mode 100644 packages/system/bootbox/charts/smee/templates/deployment.yaml create mode 100644 packages/system/bootbox/charts/smee/templates/role-binding.yaml create mode 100644 packages/system/bootbox/charts/smee/templates/role.yaml create mode 100644 packages/system/bootbox/charts/smee/templates/service-account.yaml create mode 100644 packages/system/bootbox/charts/smee/templates/service.yaml create mode 100644 packages/system/bootbox/charts/smee/values.schema.json create mode 100644 packages/system/bootbox/charts/smee/values.yaml create mode 100644 packages/system/bootbox/templates/bootbox.yaml create mode 100644 packages/system/bootbox/values.yaml diff --git a/packages/core/installer/Makefile b/packages/core/installer/Makefile index caf15bc45..e87c38b9a 100644 --- a/packages/core/installer/Makefile +++ b/packages/core/installer/Makefile @@ -55,6 +55,8 @@ image-matchbox: run-builder --metadata-file images/matchbox.json \ --push=$(PUSH) \ --load=$(LOAD) + echo "$(REGISTRY)/matchbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/matchbox.json -o json -r)" \ + > ../../extra/bootbox/images/matchbox.tag rm -f images/matchbox.json assets: talos-iso talos-nocloud talos-metal diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml index a74da8b16..19ad78ec3 100644 --- a/packages/core/platform/bundles/distro-full.yaml +++ b/packages/core/platform/bundles/distro-full.yaml @@ -199,3 +199,11 @@ releases: namespace: cozy-keycloak optional: true dependsOn: [keycloak] + +- name: bootbox + releaseName: bootbox + chart: cozy-bootbox + namespace: cozy-bootbox + privileged: true + optional: true + dependsOn: [cilium] diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml index 6b73f6ef0..328d0bbbf 100644 --- a/packages/core/platform/bundles/paas-full.yaml +++ b/packages/core/platform/bundles/paas-full.yaml @@ -281,6 +281,14 @@ releases: optional: true dependsOn: [cilium,kubeovn] +- name: bootbox + releaseName: bootbox + chart: cozy-bootbox + namespace: cozy-bootbox + privileged: true + optional: true + dependsOn: [cilium,kubeovn] + {{- if $oidcEnabled }} - name: keycloak releaseName: keycloak diff --git a/packages/extra/bootbox/Chart.yaml b/packages/extra/bootbox/Chart.yaml new file mode 100644 index 000000000..f5d8dd397 --- /dev/null +++ b/packages/extra/bootbox/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: bootbox +description: PXE hardware provisioning +icon: /logos/bootbox.svg +type: application +version: 0.1.0 diff --git a/packages/extra/bootbox/Makefile b/packages/extra/bootbox/Makefile new file mode 100644 index 000000000..dec085a9c --- /dev/null +++ b/packages/extra/bootbox/Makefile @@ -0,0 +1,11 @@ +NAME=bootbox +NAMESPACE=tenant-root + +include ../../../scripts/package.mk + +generate: + readme-generator -v values.yaml -s values.schema.json.tmp -r README.md + cat values.schema.json.tmp | \ + jq '.properties.machines.items.type = "object"' \ + > values.schema.json + rm -f values.schema.json.tmp diff --git a/packages/extra/bootbox/README.md b/packages/extra/bootbox/README.md new file mode 100644 index 000000000..c3f25b323 --- /dev/null +++ b/packages/extra/bootbox/README.md @@ -0,0 +1,11 @@ +# BootBox + +## Parameters + +### Common parameters + +| Name | Description | Value | +| --------------- | ----------------------------------------------------- | ------ | +| `whitelistHTTP` | Secure HTTP by enabling client networks whitelisting | `true` | +| `whitelist` | List of client networks | `[]` | +| `machines` | Configuration of physical machine instances | `[]` | diff --git a/packages/extra/bootbox/hack/test.sh b/packages/extra/bootbox/hack/test.sh new file mode 100644 index 000000000..0bfd75906 --- /dev/null +++ b/packages/extra/bootbox/hack/test.sh @@ -0,0 +1,18 @@ +apk add iptables iproute2 qemu-system-x86_64 qemu-img + +iptables -t nat -D POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE 2>/dev/null || true +iptables -t nat -A POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE + +ip link del tap0 2>/dev/null || true +ip tuntap add dev tap0 mode tap +ip link set tap0 up +ip addr add 10.8.2.1/24 dev tap0 + + +rm -f data.img +qemu-img create data.img 100G + +qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \ + -device virtio-net,netdev=net0,mac=d6:fa:af:52:25:93 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \ + -drive file=data.img,if=virtio,format=raw \ + -nographic diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag new file mode 100644 index 000000000..b50d58129 --- /dev/null +++ b/packages/extra/bootbox/images/matchbox.tag @@ -0,0 +1 @@ +ghcr.io/aenix-io/cozystack/matchbox:v0.23.1 diff --git a/packages/extra/bootbox/logos/bootbox.svg b/packages/extra/bootbox/logos/bootbox.svg new file mode 100644 index 000000000..23c891605 --- /dev/null +++ b/packages/extra/bootbox/logos/bootbox.svg @@ -0,0 +1,91 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packages/extra/bootbox/templates/check-release-name.yaml b/packages/extra/bootbox/templates/check-release-name.yaml new file mode 100644 index 000000000..d903237a8 --- /dev/null +++ b/packages/extra/bootbox/templates/check-release-name.yaml @@ -0,0 +1,6 @@ +{{- if ne .Release.Name .Chart.Name }} +{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }} +{{- end -}} +{{- if ne .Release.Namespace "tenant-root" }} +{{- fail "The namespace of the release MUST BE tenant-root" }} +{{- end -}} diff --git a/packages/extra/bootbox/templates/dashboard-resourcemap.yaml b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml new file mode 100644 index 000000000..ad04d65b7 --- /dev/null +++ b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml @@ -0,0 +1,35 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }}-dashboard-resources +rules: +- apiGroups: + - networking.k8s.io + resources: + - ingresses + resourceNames: + - bootbox + verbs: ["get", "list", "watch"] +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - grafana-admin-password + verbs: ["get", "list", "watch"] +- apiGroups: + - "" + resources: + - services + resourceNames: + - bootbox + verbs: ["get", "list", "watch"] +- apiGroups: + - cozystack.io + resources: + - workloadmonitors + resourceNames: + - bootbox-matchbox + verbs: ["get", "list", "watch"] + + diff --git a/packages/extra/bootbox/templates/matchbox/configmaps.yaml b/packages/extra/bootbox/templates/matchbox/configmaps.yaml new file mode 100644 index 000000000..6b95b4f53 --- /dev/null +++ b/packages/extra/bootbox/templates/matchbox/configmaps.yaml @@ -0,0 +1,42 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootbox-profiles +data: + default.json: | + { + "id": "default", + "name": "default", + "boot": { + "kernel": "/assets/vmlinuz", + "initrd": ["/assets/initramfs.xz"], + "args": [ + "initrd=initramfs.xz", + "init_on_alloc=1", + "slab_nomerge", + "pti=on", + "console=tty0", + "console=ttyS0", + "printk.devkmsg=on", + "talos.platform=metal" + ] + } + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootbox-groups +data: + default.json: | + { + "id": "default", + "name": "default", + "profile": "default" + } +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: bootbox-configs +data: diff --git a/packages/extra/bootbox/templates/matchbox/deployment.yaml b/packages/extra/bootbox/templates/matchbox/deployment.yaml new file mode 100644 index 000000000..470c2814f --- /dev/null +++ b/packages/extra/bootbox/templates/matchbox/deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: bootbox-matchbox +spec: + replicas: 1 + selector: + matchLabels: + app: bootbox-matchbox + template: + metadata: + labels: + app: bootbox-matchbox + spec: + containers: + - name: matchbox + image: "{{ $.Files.Get "images/matchbox.tag" | trim }}" + args: + - "-address=:8080" + - "-log-level=debug" + volumeMounts: + - name: profiles-volume + mountPath: /var/lib/matchbox/profiles + - name: groups-volume + mountPath: /var/lib/matchbox/groups + - name: configs-volume + mountPath: /var/lib/matchbox/assets/configs + ports: + - name: http + containerPort: 8080 + protocol: TCP + volumes: + - name: profiles-volume + configMap: + name: bootbox-profiles + - name: groups-volume + configMap: + name: bootbox-groups + - name: configs-volume + configMap: + name: bootbox-configs +--- +apiVersion: cozystack.io/v1alpha1 +kind: WorkloadMonitor +metadata: + name: bootbox-matchbox +spec: + replicas: 1 + minReplicas: 1 + kind: bootbox + type: matchbox + selector: + app: bootbox-matchbox + version: {{ $.Chart.Version }} diff --git a/packages/extra/bootbox/templates/matchbox/ingress.yaml b/packages/extra/bootbox/templates/matchbox/ingress.yaml new file mode 100644 index 000000000..31de77166 --- /dev/null +++ b/packages/extra/bootbox/templates/matchbox/ingress.yaml @@ -0,0 +1,37 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} +{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: bootbox + labels: + app: bootbox + annotations: + {{- if ne $issuerType "cloudflare" }} + acme.cert-manager.io/http01-ingress-class: {{ $ingress }} + {{- end }} + cert-manager.io/cluster-issuer: letsencrypt-prod + {{- if .Values.whitelistHTTP }} + nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.whitelist | default "0.0.0.0/32") }}" + {{- end }} +spec: + ingressClassName: {{ $ingress }} + tls: + - hosts: + - "{{ printf "bootbox.%s" (.Values.host | default $host) }}" + secretName: bootbox-tls + rules: + - host: "{{ printf "bootbox.%s" (.Values.host | default $host) }}" + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: bootbox + port: + name: http diff --git a/packages/extra/bootbox/templates/matchbox/machines.yaml b/packages/extra/bootbox/templates/matchbox/machines.yaml new file mode 100644 index 000000000..64231f23e --- /dev/null +++ b/packages/extra/bootbox/templates/matchbox/machines.yaml @@ -0,0 +1,47 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} +{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} + +{{ range $m := .Values.machines }} +--- +apiVersion: tinkerbell.org/v1alpha1 +kind: Hardware +metadata: + name: {{ $m.hostname }} + namespace: cozy-bootbox +spec: + interfaces: + {{- range $mac := $m.mac }} + - dhcp: + hostname: {{ $m.hostname }} + mac: {{ $mac }} + {{- with $m.arch }} + arch: {{ . }} + {{- end }} + {{- with $m.ip }} + ip: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $m.leaseTime }} + lease_time: {{ . }} + {{- end }} + {{- with $m.uefi }} + uefi: {{ . }} + {{- end }} + {{- with $m.nameServers }} + name_servers: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $m.timeServers }} + time_servers: + {{- toYaml . | nindent 8 }} + {{- end }} + netboot: + allowPXE: true + ipxe: + url: "https://{{ printf "bootbox.%s" ($.Values.host | default $host) }}/boot.ipxe" + {{- end }} +{{- end }} diff --git a/packages/extra/bootbox/templates/matchbox/service.yaml b/packages/extra/bootbox/templates/matchbox/service.yaml new file mode 100644 index 000000000..160de0677 --- /dev/null +++ b/packages/extra/bootbox/templates/matchbox/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: bootbox +spec: + selector: + app: bootbox-matchbox + ports: + - protocol: TCP + port: 80 + targetPort: http + name: http diff --git a/packages/extra/bootbox/values.schema.json b/packages/extra/bootbox/values.schema.json new file mode 100644 index 000000000..e365ece4f --- /dev/null +++ b/packages/extra/bootbox/values.schema.json @@ -0,0 +1,25 @@ +{ + "title": "Chart Values", + "type": "object", + "properties": { + "whitelistHTTP": { + "type": "boolean", + "description": "Secure HTTP by enabling client networks whitelisting", + "default": true + }, + "whitelist": { + "type": "array", + "description": "List of client networks", + "default": [], + "items": {} + }, + "machines": { + "type": "array", + "description": "Configuration of physical machine instances", + "default": "[]", + "items": { + "type": "object" + } + } + } +} diff --git a/packages/extra/bootbox/values.yaml b/packages/extra/bootbox/values.yaml new file mode 100644 index 000000000..f4d55572f --- /dev/null +++ b/packages/extra/bootbox/values.yaml @@ -0,0 +1,30 @@ +## @section Common parameters + +## @param whitelistHTTP Secure HTTP by enabling client networks whitelisting +## @param whitelist List of client networks +## Example: +## whitelistHTTP: true +## whitelist: +## - "1.2.3.4" +## - "10.8.0.0/16" +## +whitelistHTTP: true +whitelist: [] + +## @param machines [array] Configuration of physical machine instances +## +## Example: +## machines: +## - hostname: machine1 +## arch: x86_64 +## ip: +## address: 10.8.2.2 +## gateway: 10.8.2.1 +## netmask: 255.255.255.0 +## leaseTime: 86400 +## mac: [d6:fa:af:52:25:93] +## nameServers: [1.1.1.1,8.8.8.8] +## timeServers: [pool.ntp.org] +## uefi: true + +machines: [] diff --git a/packages/extra/versions_map b/packages/extra/versions_map index 40edd1d84..68171be0a 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -1,3 +1,4 @@ +bootbox 0.1.0 HEAD etcd 1.0.0 f7eaab0 etcd 2.0.0 a6d0f7cf etcd 2.0.1 6fc1cc7d diff --git a/packages/system/bootbox/Chart.yaml b/packages/system/bootbox/Chart.yaml new file mode 100644 index 000000000..dabadb656 --- /dev/null +++ b/packages/system/bootbox/Chart.yaml @@ -0,0 +1,3 @@ +apiVersion: v2 +name: cozy-smee +version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process diff --git a/packages/system/bootbox/Makefile b/packages/system/bootbox/Makefile new file mode 100644 index 000000000..ce4e1af0e --- /dev/null +++ b/packages/system/bootbox/Makefile @@ -0,0 +1,16 @@ +export NAME=bootbox +export NAMESPACE=cozy-$(NAME) + +include ../../../scripts/package.mk + +update: + rm -rf charts + mkdir -p charts + cd charts && \ + tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/tinkerbell/charts | awk -F'[/^]' 'END{print $$3}') && \ + curl -sSL https://github.com/tinkerbell/charts/archive/refs/tags/$${tag}.tar.gz | \ + tar xzvf - --strip 2 charts-$${tag#*v}/tinkerbell + find charts -maxdepth 1 -mindepth 1 ! -name tink -and ! -name smee -exec rm -rf {} \; + mkdir -p charts/smee/crds + mv charts/tink/crds/hardware-crd.yaml charts/smee/crds + rm -rf charts/tink diff --git a/packages/system/bootbox/charts/smee/Chart.yaml b/packages/system/bootbox/charts/smee/Chart.yaml new file mode 100644 index 000000000..93b673061 --- /dev/null +++ b/packages/system/bootbox/charts/smee/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v2 +name: smee +description: Smee is the network boot service for Tinkerbell +icon: https://github.com/tinkerbell/artwork/blob/6f07de53d75cb8932dbc7d14201e038cf3a3b230/Tinkerbell-Icon-Dark.png + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.6.2 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.15.1" diff --git a/packages/system/bootbox/charts/smee/crds/hardware-crd.yaml b/packages/system/bootbox/charts/smee/crds/hardware-crd.yaml new file mode 100644 index 000000000..a32dcfbf0 --- /dev/null +++ b/packages/system/bootbox/charts/smee/crds/hardware-crd.yaml @@ -0,0 +1,388 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.3 + name: hardware.tinkerbell.org +spec: + group: tinkerbell.org + names: + categories: + - tinkerbell + kind: Hardware + listKind: HardwareList + plural: hardware + shortNames: + - hw + singular: hardware + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.state + name: State + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: Hardware is the Schema for the Hardware API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HardwareSpec defines the desired state of Hardware. + properties: + bmcRef: + description: |- + BMCRef contains a relation to a BMC state management type in the same + namespace as the Hardware. This may be used for BMC management by + orchestrators. + properties: + apiGroup: + description: |- + APIGroup is the group for the resource being referenced. + If APIGroup is not specified, the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + disks: + items: + description: Disk represents a disk device for Tinkerbell Hardware. + properties: + device: + type: string + type: object + type: array + interfaces: + items: + description: Interface represents a network interface configuration for Hardware. + properties: + dhcp: + description: DHCP configuration. + properties: + arch: + type: string + hostname: + type: string + iface_name: + type: string + ip: + description: IP configuration. + properties: + address: + type: string + family: + format: int64 + type: integer + gateway: + type: string + netmask: + type: string + type: object + lease_time: + format: int64 + type: integer + mac: + pattern: ([0-9a-f]{2}[:]){5}([0-9a-f]{2}) + type: string + name_servers: + items: + type: string + type: array + time_servers: + items: + type: string + type: array + uefi: + type: boolean + vlan_id: + description: validation pattern for VLANDID is a string number between 0-4096 + pattern: ^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$ + type: string + type: object + disableDhcp: + default: false + description: DisableDHCP disables DHCP for this interface. + type: boolean + netboot: + description: Netboot configuration. + properties: + allowPXE: + type: boolean + allowWorkflow: + type: boolean + ipxe: + description: IPXE configuration. + properties: + contents: + type: string + url: + type: string + type: object + osie: + description: OSIE configuration. + properties: + baseURL: + type: string + initrd: + type: string + kernel: + type: string + type: object + type: object + type: object + type: array + metadata: + properties: + bonding_mode: + format: int64 + type: integer + custom: + properties: + preinstalled_operating_system_version: + properties: + distro: + type: string + image_tag: + type: string + os_slug: + type: string + slug: + type: string + version: + type: string + type: object + private_subnets: + items: + type: string + type: array + type: object + facility: + properties: + facility_code: + type: string + plan_slug: + type: string + plan_version_slug: + type: string + type: object + instance: + properties: + allow_pxe: + type: boolean + always_pxe: + type: boolean + crypted_root_password: + type: string + hostname: + type: string + id: + type: string + ips: + items: + properties: + address: + type: string + family: + format: int64 + type: integer + gateway: + type: string + management: + type: boolean + netmask: + type: string + public: + type: boolean + type: object + type: array + ipxe_script_url: + type: string + network_ready: + type: boolean + operating_system: + properties: + distro: + type: string + image_tag: + type: string + os_slug: + type: string + slug: + type: string + version: + type: string + type: object + rescue: + type: boolean + ssh_keys: + items: + type: string + type: array + state: + type: string + storage: + properties: + disks: + items: + properties: + device: + type: string + partitions: + items: + properties: + label: + type: string + number: + format: int64 + type: integer + size: + format: int64 + type: integer + start: + format: int64 + type: integer + type_guid: + type: string + type: object + type: array + wipe_table: + type: boolean + type: object + type: array + filesystems: + items: + properties: + mount: + properties: + create: + properties: + force: + type: boolean + options: + items: + type: string + type: array + type: object + device: + type: string + files: + items: + properties: + contents: + type: string + gid: + format: int64 + type: integer + mode: + format: int64 + type: integer + path: + type: string + uid: + format: int64 + type: integer + type: object + type: array + format: + type: string + point: + type: string + type: object + type: object + type: array + raid: + items: + properties: + devices: + items: + type: string + type: array + level: + type: string + name: + type: string + spare: + format: int64 + type: integer + type: object + type: array + type: object + tags: + items: + type: string + type: array + userdata: + type: string + type: object + manufacturer: + properties: + id: + type: string + slug: + type: string + type: object + state: + type: string + type: object + resources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: |- + Resources represents known resources that are available on a machine. + Resources may be used for scheduling by orchestrators. + type: object + tinkVersion: + format: int64 + type: integer + userData: + description: |- + UserData is the user data to configure in the hardware's + metadata + type: string + vendorData: + description: |- + VendorData is the vendor data to configure in the hardware's + metadata + type: string + type: object + status: + description: HardwareStatus defines the observed state of Hardware. + properties: + state: + description: HardwareState represents the hardware state. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/packages/system/bootbox/charts/smee/templates/_ports.tpl b/packages/system/bootbox/charts/smee/templates/_ports.tpl new file mode 100644 index 000000000..aab0ea249 --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/_ports.tpl @@ -0,0 +1,24 @@ +{{ define "smee.ports" }} +- {{ .PortKey }}: {{ .http.port }} + name: {{ .http.name }} + protocol: TCP +- {{ .PortKey }}: {{ .syslog.port }} + name: {{ .syslog.name }} + protocol: UDP +- {{ .PortKey }}: {{ .dhcp.port }} + name: {{ .dhcp.name }} + protocol: UDP +- {{ .PortKey }}: {{ .tftp.port }} + name: {{ .tftp.name }} + protocol: UDP +{{- end }} + +{{- define "urlJoiner" }} +{{- if .urlDict.port }} +{{- $host := printf "%v:%v" .urlDict.host .urlDict.port }} +{{- $newDict := set .urlDict "host" $host }} +{{- print (urlJoin $newDict) }} +{{- else }} +{{- print (urlJoin .urlDict) }} +{{- end }} +{{- end }} diff --git a/packages/system/bootbox/charts/smee/templates/_scheduling.tpl b/packages/system/bootbox/charts/smee/templates/_scheduling.tpl new file mode 100644 index 000000000..395860de4 --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/_scheduling.tpl @@ -0,0 +1,12 @@ +{{- define "singleNodeClusterConfig" }} +- effect: NoSchedule + key: node-role.kubernetes.io/control-plane +{{- end }} + +{{- define "preferWorkerNodes" }} +- weight: {{ .nodeAffinityWeight }} + preference: + matchExpressions: + - key: node-role.kubernetes.io/control-plane + operator: DoesNotExist +{{- end }} diff --git a/packages/system/bootbox/charts/smee/templates/deployment.yaml b/packages/system/bootbox/charts/smee/templates/deployment.yaml new file mode 100644 index 000000000..9f099c3ff --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/deployment.yaml @@ -0,0 +1,182 @@ +{{- if .Values.deploy }} +{{- $publicIP := .Values.publicIP }} +{{- $trustedProxies := .Values.trustedProxies }} +{{- $roleType := .Values.rbac.type }} +{{- $nodeSelector := .Values.nodeSelector }} +{{- if .Values.global }} +{{- $publicIP = coalesce .Values.publicIP .Values.global.publicIP }} +{{- $trustedProxies = coalesce .Values.trustedProxies .Values.global.trustedProxies }} +{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }} +{{- $nodeSelector = coalesce .Values.nodeSelector .Values.global.nodeSelector }} +{{- end }} +{{- $_ := set .Values.dhcp "syslogIp" (default $publicIP .Values.dhcp.syslogIp) }} +{{- $_ := set .Values.dhcp "ipForPacket" (default $publicIP .Values.dhcp.ipForPacket) }} +{{- $_ := set .Values.dhcp "tftpIp" (default $publicIP .Values.dhcp.tftpIp) }} +{{- $_ := set .Values.dhcp.httpIPXE.binaryUrl "host" (default $publicIP .Values.dhcp.httpIPXE.binaryUrl.host) }} +{{- $_ := set .Values.dhcp.httpIPXE.scriptUrl "host" (default $publicIP .Values.dhcp.httpIPXE.scriptUrl.host) }} +{{- $_ := set .Values.http.tinkServer "ip" (default $publicIP .Values.http.tinkServer.ip) }} +{{- $_ := set .Values.http.osieUrl "host" (default $publicIP .Values.http.osieUrl.host) }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Values.name }} + name: {{ .Values.name }} + namespace: {{ .Release.Namespace | quote }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Values.name }} + stack: tinkerbell + {{- with .Values.selector }} + {{- toYaml . | nindent 6 }} + {{- end }} + strategy: + type: {{ .Values.deployment.strategy.type }} + template: + metadata: + labels: + app: {{ .Values.name }} + stack: tinkerbell + {{- with .Values.selector }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - image: {{ .Values.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + {{- range .Values.additionalArgs }} + - {{ . }} + {{- end }} + env: + - name: SMEE_LOG_LEVEL + value: {{ .Values.logLevel | quote }} + - name: SMEE_DHCP_ADDR + value: {{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port | quote }} + - name: SMEE_DHCP_ENABLED + value: {{ .Values.dhcp.enabled | quote }} + - name: SMEE_DHCP_TFTP_PORT + value: {{ .Values.dhcp.tftpPort | quote }} + - name: SMEE_DHCP_HTTP_IPXE_BINARY_PATH + value: {{ .Values.dhcp.httpIPXE.binaryUrl.path | quote }} + - name: SMEE_DHCP_HTTP_IPXE_BINARY_PORT + value: {{ .Values.dhcp.httpIPXE.binaryUrl.port | quote }} + - name: SMEE_DHCP_HTTP_IPXE_BINARY_SCHEME + value: {{ .Values.dhcp.httpIPXE.binaryUrl.scheme | quote }} + - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_PATH + value: {{ .Values.dhcp.httpIPXE.scriptUrl.path | quote }} + - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_PORT + value: {{ .Values.dhcp.httpIPXE.scriptUrl.port | quote }} + - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_SCHEME + value: {{ .Values.dhcp.httpIPXE.scriptUrl.scheme | quote }} + - name: SMEE_DHCP_MODE + value: {{ .Values.dhcp.mode | quote }} + - name: SMEE_EXTRA_KERNEL_ARGS + value: {{ join " " ( append .Values.http.additionalKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) | quote }} + - name: SMEE_HTTP_IPXE_BINARY_ENABLED + value: {{ .Values.http.ipxeBinaryEnabled | quote }} + - name: SMEE_HTTP_IPXE_SCRIPT_ENABLED + value: {{ .Values.http.ipxeScriptEnabled | quote }} + - name: SMEE_HTTP_PORT + value: {{ .Values.http.port | quote }} + - name: SMEE_OSIE_URL + value: {{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl) | quote }} + - name: SMEE_TINK_SERVER + value: {{ printf "%v:%v" .Values.http.tinkServer.ip .Values.http.tinkServer.port | quote }} + - name: SMEE_TINK_SERVER_TLS + value: {{ .Values.http.tinkServer.tls | quote }} + - name: SMEE_TINK_SERVER_INSECURE_TLS + value: {{ .Values.http.tinkServer.insecureTLS | quote }} + - name: SMEE_TRUSTED_PROXIES + value: {{ required "missing trustedProxies" ( join "," $trustedProxies ) | quote }} + - name: SMEE_SYSLOG_ENABLED + value: {{ .Values.syslog.enabled | quote }} + - name: SMEE_IPXE_SCRIPT_PATCH + value: {{ .Values.ipxeScriptPatch | quote }} + - name: SMEE_TFTP_ENABLED + value: {{ .Values.tftp.enabled | quote }} + - name: SMEE_TFTP_TIMEOUT + value: {{ .Values.tftp.timeout | quote }} + - name: SMEE_TFTP_PORT + value: {{ .Values.tftp.port | quote }} + - name: SMEE_SYSLOG_PORT + value: {{ .Values.syslog.port | quote }} + - name: SMEE_HTTP_ADDR + value: {{ .Values.http.ip | quote }} + - name: SMEE_SYSLOG_ADDR + value: {{ .Values.syslog.ip | quote }} + - name: SMEE_TFTP_ADDR + value: {{ .Values.tftp.ip | quote }} + - name: SMEE_DHCP_HTTP_IPXE_BINARY_HOST + value: {{ .Values.dhcp.httpIPXE.binaryUrl.host | quote }} + - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_HOST + value: {{ .Values.dhcp.httpIPXE.scriptUrl.host | quote }} + - name: SMEE_DHCP_SYSLOG_IP + value: {{ .Values.dhcp.syslogIp | quote }} + - name: SMEE_DHCP_TFTP_IP + value: {{ .Values.dhcp.tftpIp | quote }} + - name: SMEE_DHCP_IP_FOR_PACKET + value: {{ .Values.dhcp.ipForPacket | quote }} + - name: SMEE_ISO_ENABLED + value: {{ .Values.iso.enabled | quote }} + - name: SMEE_ISO_URL + value: {{ .Values.iso.url | quote }} + - name: SMEE_ISO_MAGIC_STRING + value: {{ .Values.iso.magicString | quote }} + - name: SMEE_ISO_STATIC_IPAM_ENABLED + value: {{ .Values.iso.staticIPAMEnabled | quote }} + {{- if eq $roleType "Role"}} + - name: SMEE_BACKEND_KUBE_NAMESPACE + value: {{ .Release.Namespace | quote }} + {{- end }} + {{- range .Values.additionalEnv }} + - name: {{ .name | quote }} + value: {{ .value | quote }} + {{- end }} + {{- if not .Values.hostNetwork }} + ports: + {{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values ) | indent 12 }} + {{- end }} + name: {{ .Values.name }} + resources: + limits: + cpu: {{ .Values.resources.limits.cpu }} + memory: {{ .Values.resources.limits.memory }} + requests: + cpu: {{ .Values.resources.requests.cpu }} + memory: {{ .Values.resources.requests.memory }} + {{- with .Values.additionalVolumeMounts }} + volumeMounts: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.additionalVolumes }} + volumes: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ .Values.name }} + {{- if .Values.hostNetwork }} + hostNetwork: true + {{- end }} + {{- with $nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.deployment.tolerations .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }} + tolerations: + {{- .Values.deployment.tolerations | toYaml | nindent 8 }} + {{- if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }} + {{- include "singleNodeClusterConfig" . | indent 6 }} + {{- end }} + {{- end }} + {{- if .Values.deployment.affinity }} + affinity: + {{- .Values.deployment.affinity | toYaml | nindent 8 }} + {{- else if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }} + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + {{- include "preferWorkerNodes" (dict "nodeAffinityWeight" .Values.singleNodeClusterConfig.nodeAffinityWeight) | indent 10 }} + {{- end }} +{{- end }} diff --git a/packages/system/bootbox/charts/smee/templates/role-binding.yaml b/packages/system/bootbox/charts/smee/templates/role-binding.yaml new file mode 100644 index 000000000..84f6a1337 --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/role-binding.yaml @@ -0,0 +1,21 @@ +{{- if .Values.deploy }} +{{- $roleType := .Values.rbac.type }} +{{- if .Values.global }} +{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }} +{{- end }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ printf "%sBinding" $roleType }} +metadata: + name: {{ .Values.rbac.bindingName }} + {{- if eq $roleType "Role" }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: {{ $roleType }} + name: {{ .Values.rbac.name }} +subjects: + - kind: ServiceAccount + name: {{ .Values.name }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packages/system/bootbox/charts/smee/templates/role.yaml b/packages/system/bootbox/charts/smee/templates/role.yaml new file mode 100644 index 000000000..600fc255e --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/role.yaml @@ -0,0 +1,17 @@ +{{- if .Values.deploy }} +{{- $roleType := .Values.rbac.type }} +{{- if .Values.global }} +{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }} +{{- end }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: {{ $roleType }} +metadata: + name: {{ .Values.rbac.name }} + {{- if eq $roleType "Role" }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} +rules: + - apiGroups: ["tinkerbell.org"] + resources: ["hardware", "hardware/status"] + verbs: ["get", "list", "watch"] +{{- end }} diff --git a/packages/system/bootbox/charts/smee/templates/service-account.yaml b/packages/system/bootbox/charts/smee/templates/service-account.yaml new file mode 100644 index 000000000..252282f5d --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/service-account.yaml @@ -0,0 +1,7 @@ +{{- if .Values.deploy }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.name }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/packages/system/bootbox/charts/smee/templates/service.yaml b/packages/system/bootbox/charts/smee/templates/service.yaml new file mode 100644 index 000000000..ab7dd1145 --- /dev/null +++ b/packages/system/bootbox/charts/smee/templates/service.yaml @@ -0,0 +1,31 @@ +{{- if .Values.deploy }} +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: {{ .Values.name }} + name: {{ .Values.name }} + namespace: {{ .Release.Namespace | quote }} +spec: + type: ClusterIP + ports: + - name: tftp + port: 69 + targetPort: 69 + protocol: UDP + - name: http + port: {{ .Values.http.port }} + targetPort: {{ .Values.http.port }} + protocol: TCP + - name: syslog + port: {{ .Values.syslog.port }} + targetPort: {{ .Values.syslog.port }} + protocol: UDP + - name: dhcp + port: 67 + targetPort: 67 + protocol: UDP + selector: + app: {{ .Values.name }} +{{- end }} diff --git a/packages/system/bootbox/charts/smee/values.schema.json b/packages/system/bootbox/charts/smee/values.schema.json new file mode 100644 index 000000000..3d2cee525 --- /dev/null +++ b/packages/system/bootbox/charts/smee/values.schema.json @@ -0,0 +1,41 @@ +{ + "$schema": "http://json-schema.org/draft-04/schema#", + "type": "object", + "properties": { + "http": { + "type": "object", + "properties": { + "trustedProxies": { + "type": "array", + "items": { + "type": "string", + "description": "Specifies one or more IPv4/IPv6 addresses expressed using CIDR notation.", + "anyOf": [ + { + "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$" + }, + { + "pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$" + } + ] + } + } + } + }, + "rbac": { + "type": "object", + "properties": { + "type": { + "type": "string", + "enum": ["Role", "ClusterRole"] + }, + "name": { + "type": "string" + }, + "bindingName": { + "type": "string" + } + } + } + } + } diff --git a/packages/system/bootbox/charts/smee/values.yaml b/packages/system/bootbox/charts/smee/values.yaml new file mode 100644 index 000000000..0bda77c90 --- /dev/null +++ b/packages/system/bootbox/charts/smee/values.yaml @@ -0,0 +1,166 @@ +# Toggle deployment of the service. +deploy: true + +# Name of the service used as the deployment name and label selectors. +name: smee + +# The image used to launch the container. +image: quay.io/tinkerbell/smee:v0.15.1 +imagePullPolicy: IfNotPresent + +# The number of pods to run. +replicas: 1 + +# Resources bounds applied to the container. +resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + +deployment: + strategy: + type: RollingUpdate + tolerations: [] + affinity: {} + +# The log level for the container. +logLevel: "info" + +# The network mode to launch the smee container. When true, the smee container will use the +# host network. +hostNetwork: false + +# nodeSelector when defined will be constrain Pods to nodes with specific labels +nodeSelector: {} + +# publicIP when defined will be used as the IP in the following locations if they are not defined: +# dhcp.httpIPXE.binaryUrl.host, dhcp.httpIPXE.scriptUrl.host, tinkServer.ip, http.osieUrl.host, dhcp.ipForPacket, dhcp.tftpIp +# This is useful when all Tinkerbell services are running behind the same IP. +publicIP: "" + +# DHCP server configuration. Name is an identifier used across Kubernetes manifests for port +# identification, ip is the IP address to bind to, and port is the port to bind to. +dhcp: + enabled: true + name: smee-dhcp + mode: reservation + ip: 0.0.0.0 + port: 67 + ipForPacket: "" + tftpIp: "" + tftpPort: 69 + syslogIp: "" + httpIPXE: + binaryUrl: # http://:/ipxe + scheme: "http" + host: "" + port: 7171 + path: "/ipxe" + scriptUrl: # http://:/auto.ipxe + scheme: "http" + host: "" + port: 7171 + path: "/auto.ipxe" + + +# TFTP server configuration used to serve iPXE binaries. Name is an identifier used across +# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the +# port to bind to. +tftp: + enabled: true + name: smee-tftp + ip: 0.0.0.0 + port: 69 + timeout: 5s + +# HTTP server configuration used to serve iPXE scripts. Name is an identifier used across +# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the +# port to bind to. +http: + enabled: true + name: smee-http + ip: 0.0.0.0 + port: 7171 + # Tink Server configuration passed to the Tink Worker to establish a gRPC connection. + tinkServer: + ip: "" + port: 42113 + tls: false + insecureTLS: false + osieUrl: + scheme: "http" + host: "" + port: 8080 + path: "" + # Additional kernel arguments to pass to the OSIE. (k=v k=v) that are appended to the kernel cmdline in the iPXE script + additionalKernelArgs: [] + # enable iPXE HTTP binary server + ipxeBinaryEnabled: true + # enable iPXE HTTP script server + ipxeScriptEnabled: true + +# ISO settings +iso: + enabled: false + # the string pattern to match for in the source ISO, defaults to the one defined in HookOS + magicString: "" + # enable static IPAM for HookOS + staticIPAMEnabled: false + # an HTTP(S) URL target to an OSIE that is used for patching + url: "" + +# Trusted proxies defines a list of IP or CIDR ranges that are allowed to set the X-Forwarded-For + # header. This typically requires all Pod CIDRs in the cluster. + trustedProxies: [] + +# Syslog server configuration for the smee hosted syslog server. Name is an identifier used across +# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the +# port to bind to. +syslog: + enabled: true + name: smee-syslog + ip: 0.0.0.0 + port: 514 + +# The Tink Worker image passed to OSIE as a kernel arg for launching. +tinkWorkerImage: quay.io/tinkerbell/tink-worker:v0.12.1 + + +# Additional arguments to pass to the smee container. Some arguments are already defined - refer +# to the deployment.yaml template for details. +additionalArgs: [] + +# Additional environment variables to pass to the smee container. Each entry is expected to have a +# name and value key. Some keys are already defined - refer to the deployment.yaml template for +# details. +# +# Example +# - name: MY_ENV_VAR +# value: my-value +additionalEnv: [] + +# singleNodeClusterConfig to add tolerations for deployments on control plane nodes. This is defaulted to false. +singleNodeClusterConfig: + controlPlaneTolerationsEnabled: false + nodeAffinityWeight: 1 + +# Additional volumes on the output Deployment definition. +additionalVolumes: [ ] +# - name: foo +# secret: +# secretName: mysecret +# optional: false + +# Additional volumeMounts on the Smee container +additionalVolumeMounts: [ ] +# - name: foo +# mountPath: "/etc/foo" +# readOnly: true + +rbac: + type: Role # or ClusterRole + name: smee-role # or smee-cluster-role + bindingName: smee-rolebinding # or smee-cluster-rolebinding diff --git a/packages/system/bootbox/templates/bootbox.yaml b/packages/system/bootbox/templates/bootbox.yaml new file mode 100644 index 000000000..7e7eb6603 --- /dev/null +++ b/packages/system/bootbox/templates/bootbox.yaml @@ -0,0 +1,21 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + annotations: + helm.sh/resource-policy: keep + labels: + cozystack.io/ui: "true" + name: bootbox + namespace: tenant-root +spec: + chart: + spec: + chart: bootbox + reconcileStrategy: Revision + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public + version: '*' + interval: 1m0s + timeout: 5m0s diff --git a/packages/system/bootbox/values.yaml b/packages/system/bootbox/values.yaml new file mode 100644 index 000000000..4b230f813 --- /dev/null +++ b/packages/system/bootbox/values.yaml @@ -0,0 +1,6 @@ +smee: + hostNetwork: true + trustedProxies: + - 0.0.0.0/0 + syslog: + enabled: false diff --git a/packages/system/cozystack-api/templates/configmap.yaml b/packages/system/cozystack-api/templates/configmap.yaml index b7789236a..f8514d00b 100644 --- a/packages/system/cozystack-api/templates/configmap.yaml +++ b/packages/system/cozystack-api/templates/configmap.yaml @@ -300,3 +300,17 @@ data: kind: HelmRepository name: cozystack-extra namespace: cozy-public + - application: + kind: BootBox + plural: bootboxes + singular: bootbox + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: bootbox + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml index dfdf34301..2674e6a81 100644 --- a/packages/system/dashboard/values.yaml +++ b/packages/system/dashboard/values.yaml @@ -347,3 +347,17 @@ kubeapps: kind: HelmRepository name: cozystack-extra namespace: cozy-public + - application: + kind: BootBox + plural: bootboxes + singular: bootbox + release: + prefix: "" + labels: + cozystack.io/ui: "true" + chart: + name: bootbox + sourceRef: + kind: HelmRepository + name: cozystack-extra + namespace: cozy-public