working baseline of minimal tinkerbell chart without lb

harvester · Mar 21, 2024 · ce84a0e · ce84a0e
1 parent b4fe5f7
commit ce84a0e
Show file tree

Hide file tree

Showing 13 changed files with 198 additions and 440 deletions.
diff --git a/chart/tinkerbell-stack/charts/hegel-0.3.3.tgz b/chart/tinkerbell-stack/charts/hegel-0.3.3.tgz
diff --git a/chart/tinkerbell-stack/charts/rufio-0.2.6.tgz b/chart/tinkerbell-stack/charts/rufio-0.2.6.tgz
diff --git a/chart/tinkerbell-stack/charts/smee-0.3.1.tgz b/chart/tinkerbell-stack/charts/smee-0.3.1.tgz
diff --git a/chart/tinkerbell-stack/charts/tink-0.2.2.tgz b/chart/tinkerbell-stack/charts/tink-0.2.2.tgz
diff --git a/chart/tinkerbell-stack/dependency_charts/smee/templates/deployment.yaml b/chart/tinkerbell-stack/dependency_charts/smee/templates/deployment.yaml
@@ -33,60 +33,60 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
+      {{- if .Values.hostNetwork }}
+      hostNetwork: true
+      {{- end }}    
       containers:
-        - image: {{ .Values.image }}
-          imagePullPolicy: {{ .Values.imagePullPolicy }}
-          args:
-            - -log-level={{ .Values.logLevel }}
-            - -backend-kube-namespace={{ .Release.Namespace }}
-            - -dhcp-addr={{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port }}
-            - -dhcp-enabled={{ .Values.dhcp.enabled }}
-            - -dhcp-http-ipxe-binary-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.binaryUrl)}}
-            - -dhcp-http-ipxe-script-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.scriptUrl)}}
-            - -dhcp-ip-for-packet={{ .Values.dhcp.ipForPacket }}
-            - -dhcp-syslog-ip={{ .Values.dhcp.syslogIp }}
-            - -dhcp-tftp-ip={{ .Values.dhcp.tftpIp }}:69
-            - -extra-kernel-args={{ join " " ( append .Values.http.additionlKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) }}
-            - -http-addr={{ printf "%v:%v" .Values.http.ip .Values.http.port }}
-            - -http-ipxe-binary-enabled={{ .Values.http.ipxeBinaryEnabled }}
-            - -http-ipxe-script-enabled={{ .Values.http.ipxeScriptEnabled }}
-            - -osie-url={{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl)}}
-            - -tink-server={{ printf "tink-server:%v" .Values.http.tinkServer.port }}
-            - -tink-server-tls={{ .Values.http.tinkServer.tls }}
-            - -trusted-proxies={{ required "missing trustedProxies" ( join "," .Values.trustedProxies ) }}
-            - -syslog-addr={{ printf "%v:%v" .Values.syslog.ip .Values.syslog.port }}
-            - -syslog-enabled={{ .Values.syslog.enabled }}
-            - -ipxe-script-patch={{ .Values.ipxeScriptPatch }}
-            - -tftp-addr={{ printf "%v:%v" .Values.tftp.ip .Values.tftp.port }}
-            - -tftp-enabled={{ .Values.tftp.enabled }}
-            - -tftp-timeout={{ .Values.tftp.timeout }}
-          {{- range .Values.additionalArgs }}
-            - {{ . }}
-          {{- end }}
-          env:
-            - name: PUBLIC_IP
-              valueFrom:
-                fieldRef:
-                  apiVersion: v1
-                  fieldPath: status.hostIP
-            {{- range .Values.additionalEnv }}
-            - name: {{ .name | quote }}
-              value: {{ .value | quote }}
-            {{- end }}
-          {{- if not .Values.hostNetwork }}
-          ports:
-            {{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values  ) | indent 12 }}
+      - image: {{ .Values.image }}
+        imagePullPolicy: {{ .Values.imagePullPolicy }}
+        args:
+          - -log-level={{ .Values.logLevel }}
+          - -backend-kube-namespace={{ .Release.Namespace }}
+          - -dhcp-addr={{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port }}
+          - -dhcp-enabled={{ .Values.dhcp.enabled }}
+          - -dhcp-http-ipxe-binary-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.binaryUrl)}}
+          - -dhcp-http-ipxe-script-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.scriptUrl)}}
+          - -dhcp-ip-for-packet={{ .Values.dhcp.ipForPacket }}
+          - -dhcp-syslog-ip={{ .Values.dhcp.syslogIp }}
+          - -dhcp-tftp-ip={{ .Values.dhcp.tftpIp }}:69
+          - -extra-kernel-args={{ join " " ( append .Values.http.additionlKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) }}
+          - -http-addr={{ printf "%v:%v" .Values.http.ip .Values.http.port }}
+          - -http-ipxe-binary-enabled={{ .Values.http.ipxeBinaryEnabled }}
+          - -http-ipxe-script-enabled={{ .Values.http.ipxeScriptEnabled }}
+          - -osie-url={{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl)}}
+          - -tink-server={{ printf "$(PUBLIC_IP):%v" .Values.http.tinkServer.port }}
+          - -tink-server-tls={{ .Values.http.tinkServer.tls }}
+          - -trusted-proxies={{ required "missing trustedProxies" ( join "," .Values.trustedProxies ) }}
+          - -syslog-addr={{ printf "%v:%v" .Values.syslog.ip .Values.syslog.port }}
+          - -syslog-enabled={{ .Values.syslog.enabled }}
+          - -ipxe-script-patch={{ .Values.ipxeScriptPatch }}
+          - -tftp-addr={{ printf "%v:%v" .Values.tftp.ip .Values.tftp.port }}
+          - -tftp-enabled={{ .Values.tftp.enabled }}
+          - -tftp-timeout={{ .Values.tftp.timeout }}
+        {{- range .Values.additionalArgs }}
+          - {{ . }}
+        {{- end }}
+        env:
+          - name: PUBLIC_IP
+            valueFrom:
+              fieldRef:
+                apiVersion: v1
+                fieldPath: status.hostIP
+          {{- range .Values.additionalEnv }}
+          - name: {{ .name | quote }}
+            value: {{ .value | quote }}
           {{- end }}
-          name: {{ .Values.name }}
-          resources:
-            limits:
-              cpu: {{ .Values.resources.limits.cpu }}
-              memory: {{ .Values.resources.limits.memory }}
-            requests:
-              cpu: {{ .Values.resources.requests.cpu }}
-              memory: {{ .Values.resources.requests.memory }}
+        {{- if not .Values.hostNetwork }}
+        ports:
+          {{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values  ) | indent 12 }}
+        {{- end }}
+        name: {{ .Values.name }}
+        resources:
+          limits:
+            cpu: {{ .Values.resources.limits.cpu }}
+            memory: {{ .Values.resources.limits.memory }}
+          requests:
+            cpu: {{ .Values.resources.requests.cpu }}
+            memory: {{ .Values.resources.requests.memory }}       
       serviceAccountName: {{ .Values.name }}
-      {{- if .Values.hostNetwork }}
-      hostNetwork: true
-      {{- end }}
 {{- end }}
diff --git a/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-configmap.yaml b/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-configmap.yaml
@@ -0,0 +1,52 @@
+# The NGINX ConfigMap is in a separate file because its checksum is used to trigger updates in
+# the deployment.
+{{ if .Values.deploy -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: nginx-conf
+  namespace: {{ .Release.Namespace | quote }}
+data:
+  nginx.conf: |
+    worker_processes 1;
+    events {
+        worker_connections  1024;
+    }
+    user root;
+
+    http {
+      server {
+        listen 50061;
+        location / {
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          resolver $POD_NAMESERVER;
+          set $hegel_dns hegel.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution
+
+          proxy_pass http://$hegel_dns:50061;
+        }
+      }
+
+      server {
+        listen 42113;
+        http2 on;
+        location / {
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          resolver $POD_NAMESERVER;
+          set $tink_dns tink-server.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution
+
+          grpc_pass grpc://$tink_dns:42113;
+        }
+      }
+
+       server {
+        listen 8080;
+        location / {
+          sendfile           on;
+          sendfile_max_chunk 1m;
+          root /usr/share/nginx/html;
+        }
+      }
+    }
+{{- end }}
diff --git a/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-deploy.yaml b/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-deploy.yaml
@@ -0,0 +1,87 @@
+{{- if .Values.deploy }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: {{ .Values.name }}-nginx
+  name: {{ .Values.name }}-nginx
+  namespace: {{ .Release.Namespace | quote }}
+spec:
+  replicas: {{ .Values.replicas }}
+  selector:
+    matchLabels:
+      app: {{ .Values.name }}-nginx
+      stack: tinkerbell
+      {{- with .Values.selector }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
+  strategy:
+    type: {{ .Values.deployment.strategy.type }}
+  template:
+    metadata:
+      labels:
+        app: {{ .Values.name }}-nginx
+        stack: tinkerbell
+        {{- with .Values.selector }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+    spec:
+      affinity:
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchExpressions:
+              - key: app
+                operator: In
+                values:
+                - {{ .Values.name }}
+      containers:
+      - name: {{ .Values.name }}-nginx
+        image: {{ .Values.nginxImage }}
+        command: ["/bin/bash", "-xeuc"]
+        args:
+        - |
+          POD_NAMESERVER=$(awk '/nameserver/ {print $2}' /etc/resolv.conf) \
+            envsubst '$POD_NAMESERVER' \
+            </tmp/nginx.conf.template \
+            >/etc/nginx/nginx.conf
+          exec nginx -g 'daemon off;'
+        ports:
+        - containerPort: 50061
+          hostPort: 50061
+          protocol: TCP
+          name: hegel-port
+        - containerPort: 42113
+          hostPort: 42113
+          protocol: TCP
+          name: tink-server
+        - containerPort: 8080
+          hostPort: 8080
+          protocol: TCP
+          name: hook-http
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        volumeMounts:
+        - mountPath: /tmp
+          readOnly: true
+          name: nginx-conf
+        - mountPath: /usr/share/nginx/html
+          name: hook-artifacts
+      volumes:
+      - name: nginx-conf
+        configMap:
+          name: nginx-conf
+          items:
+            - key: nginx.conf
+              path: nginx.conf.template
+      - name: hook-artifacts
+        hostPath:
+          path: /opt/hook
+          type: DirectoryOrCreate            
+      serviceAccountName: {{ .Values.name }}
+{{- end }}
diff --git a/chart/tinkerbell-stack/dependency_charts/smee/values.yaml b/chart/tinkerbell-stack/dependency_charts/smee/values.yaml
@@ -128,3 +128,4 @@ additionalArgs: []
 additionalEnv: []
 trustedProxies:
   - "10.42.0.0/24"
+nginxImage: nginx:1.25.1
diff --git a/chart/tinkerbell-stack/templates/hook.yaml b/chart/tinkerbell-stack/templates/hook.yaml
@@ -13,14 +13,12 @@ data:
     cd /output
     rm -f *.tar.gz checksum.txt vmlinuz* initramfs*
     base_loc="{{ .Values.stack.hook.downloadURL }}"
-    files="$base_loc/hook_aarch64.tar.gz $base_loc/hook_x86_64.tar.gz $base_loc/checksum.txt"
+    files="$base_loc/hook_aarch64.tar.gz $base_loc/hook_x86_64.tar.gz"
     tmp_dir=$(mktemp -d)
     for f in ${files}; do
       echo "${f}"
       wget -P "${tmp_dir}" "${f}"
     done
-    (cd "${tmp_dir}" && sha512sum -c checksum.txt)
-    mv "${tmp_dir}"/checksum.txt .
     for f in ${tmp_dir}/*.tar.gz; do tar --no-same-permissions --overwrite -ozxvf "${f}" && rm -f "${f}"; done
     rm -rf "${tmp_dir}"
 ---

diff --git a/chart/tinkerbell-stack/templates/kubevip.yaml b/chart/tinkerbell-stack/templates/kubevip.yaml