diff --git a/chart/tinkerbell-stack/charts/hegel-0.3.3.tgz b/chart/tinkerbell-stack/charts/hegel-0.3.3.tgz index 5ea81cb..a79bcb7 100644 Binary files a/chart/tinkerbell-stack/charts/hegel-0.3.3.tgz and b/chart/tinkerbell-stack/charts/hegel-0.3.3.tgz differ diff --git a/chart/tinkerbell-stack/charts/rufio-0.2.6.tgz b/chart/tinkerbell-stack/charts/rufio-0.2.6.tgz index 84f019d..fcc38f3 100644 Binary files a/chart/tinkerbell-stack/charts/rufio-0.2.6.tgz and b/chart/tinkerbell-stack/charts/rufio-0.2.6.tgz differ diff --git a/chart/tinkerbell-stack/charts/smee-0.3.1.tgz b/chart/tinkerbell-stack/charts/smee-0.3.1.tgz index 836dc5c..d445644 100644 Binary files a/chart/tinkerbell-stack/charts/smee-0.3.1.tgz and b/chart/tinkerbell-stack/charts/smee-0.3.1.tgz differ diff --git a/chart/tinkerbell-stack/charts/tink-0.2.2.tgz b/chart/tinkerbell-stack/charts/tink-0.2.2.tgz index c844ed3..bb61884 100644 Binary files a/chart/tinkerbell-stack/charts/tink-0.2.2.tgz and b/chart/tinkerbell-stack/charts/tink-0.2.2.tgz differ diff --git a/chart/tinkerbell-stack/dependency_charts/smee/templates/deployment.yaml b/chart/tinkerbell-stack/dependency_charts/smee/templates/deployment.yaml index 83e9cb6..d10e52b 100644 --- a/chart/tinkerbell-stack/dependency_charts/smee/templates/deployment.yaml +++ b/chart/tinkerbell-stack/dependency_charts/smee/templates/deployment.yaml @@ -33,60 +33,60 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- if .Values.hostNetwork }} + hostNetwork: true + {{- end }} containers: - - image: {{ .Values.image }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - args: - - -log-level={{ .Values.logLevel }} - - -backend-kube-namespace={{ .Release.Namespace }} - - -dhcp-addr={{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port }} - - -dhcp-enabled={{ .Values.dhcp.enabled }} - - -dhcp-http-ipxe-binary-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.binaryUrl)}} - - -dhcp-http-ipxe-script-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.scriptUrl)}} - - -dhcp-ip-for-packet={{ .Values.dhcp.ipForPacket }} - - -dhcp-syslog-ip={{ .Values.dhcp.syslogIp }} - - -dhcp-tftp-ip={{ .Values.dhcp.tftpIp }}:69 - - -extra-kernel-args={{ join " " ( append .Values.http.additionlKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) }} - - -http-addr={{ printf "%v:%v" .Values.http.ip .Values.http.port }} - - -http-ipxe-binary-enabled={{ .Values.http.ipxeBinaryEnabled }} - - -http-ipxe-script-enabled={{ .Values.http.ipxeScriptEnabled }} - - -osie-url={{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl)}} - - -tink-server={{ printf "tink-server:%v" .Values.http.tinkServer.port }} - - -tink-server-tls={{ .Values.http.tinkServer.tls }} - - -trusted-proxies={{ required "missing trustedProxies" ( join "," .Values.trustedProxies ) }} - - -syslog-addr={{ printf "%v:%v" .Values.syslog.ip .Values.syslog.port }} - - -syslog-enabled={{ .Values.syslog.enabled }} - - -ipxe-script-patch={{ .Values.ipxeScriptPatch }} - - -tftp-addr={{ printf "%v:%v" .Values.tftp.ip .Values.tftp.port }} - - -tftp-enabled={{ .Values.tftp.enabled }} - - -tftp-timeout={{ .Values.tftp.timeout }} - {{- range .Values.additionalArgs }} - - {{ . }} - {{- end }} - env: - - name: PUBLIC_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - {{- range .Values.additionalEnv }} - - name: {{ .name | quote }} - value: {{ .value | quote }} - {{- end }} - {{- if not .Values.hostNetwork }} - ports: - {{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values ) | indent 12 }} + - image: {{ .Values.image }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + args: + - -log-level={{ .Values.logLevel }} + - -backend-kube-namespace={{ .Release.Namespace }} + - -dhcp-addr={{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port }} + - -dhcp-enabled={{ .Values.dhcp.enabled }} + - -dhcp-http-ipxe-binary-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.binaryUrl)}} + - -dhcp-http-ipxe-script-url={{include "urlJoiner" (dict "urlDict" .Values.dhcp.httpIPXE.scriptUrl)}} + - -dhcp-ip-for-packet={{ .Values.dhcp.ipForPacket }} + - -dhcp-syslog-ip={{ .Values.dhcp.syslogIp }} + - -dhcp-tftp-ip={{ .Values.dhcp.tftpIp }}:69 + - -extra-kernel-args={{ join " " ( append .Values.http.additionlKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) }} + - -http-addr={{ printf "%v:%v" .Values.http.ip .Values.http.port }} + - -http-ipxe-binary-enabled={{ .Values.http.ipxeBinaryEnabled }} + - -http-ipxe-script-enabled={{ .Values.http.ipxeScriptEnabled }} + - -osie-url={{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl)}} + - -tink-server={{ printf "$(PUBLIC_IP):%v" .Values.http.tinkServer.port }} + - -tink-server-tls={{ .Values.http.tinkServer.tls }} + - -trusted-proxies={{ required "missing trustedProxies" ( join "," .Values.trustedProxies ) }} + - -syslog-addr={{ printf "%v:%v" .Values.syslog.ip .Values.syslog.port }} + - -syslog-enabled={{ .Values.syslog.enabled }} + - -ipxe-script-patch={{ .Values.ipxeScriptPatch }} + - -tftp-addr={{ printf "%v:%v" .Values.tftp.ip .Values.tftp.port }} + - -tftp-enabled={{ .Values.tftp.enabled }} + - -tftp-timeout={{ .Values.tftp.timeout }} + {{- range .Values.additionalArgs }} + - {{ . }} + {{- end }} + env: + - name: PUBLIC_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + {{- range .Values.additionalEnv }} + - name: {{ .name | quote }} + value: {{ .value | quote }} {{- end }} - name: {{ .Values.name }} - resources: - limits: - cpu: {{ .Values.resources.limits.cpu }} - memory: {{ .Values.resources.limits.memory }} - requests: - cpu: {{ .Values.resources.requests.cpu }} - memory: {{ .Values.resources.requests.memory }} + {{- if not .Values.hostNetwork }} + ports: + {{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values ) | indent 12 }} + {{- end }} + name: {{ .Values.name }} + resources: + limits: + cpu: {{ .Values.resources.limits.cpu }} + memory: {{ .Values.resources.limits.memory }} + requests: + cpu: {{ .Values.resources.requests.cpu }} + memory: {{ .Values.resources.requests.memory }} serviceAccountName: {{ .Values.name }} - {{- if .Values.hostNetwork }} - hostNetwork: true - {{- end }} {{- end }} diff --git a/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-configmap.yaml b/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-configmap.yaml new file mode 100644 index 0000000..eab8947 --- /dev/null +++ b/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-configmap.yaml @@ -0,0 +1,52 @@ +# The NGINX ConfigMap is in a separate file because its checksum is used to trigger updates in +# the deployment. +{{ if .Values.deploy -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: nginx-conf + namespace: {{ .Release.Namespace | quote }} +data: + nginx.conf: | + worker_processes 1; + events { + worker_connections 1024; + } + user root; + + http { + server { + listen 50061; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + resolver $POD_NAMESERVER; + set $hegel_dns hegel.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution + + proxy_pass http://$hegel_dns:50061; + } + } + + server { + listen 42113; + http2 on; + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + resolver $POD_NAMESERVER; + set $tink_dns tink-server.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution + + grpc_pass grpc://$tink_dns:42113; + } + } + + server { + listen 8080; + location / { + sendfile on; + sendfile_max_chunk 1m; + root /usr/share/nginx/html; + } + } + } +{{- end }} \ No newline at end of file diff --git a/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-deploy.yaml b/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-deploy.yaml new file mode 100644 index 0000000..b540693 --- /dev/null +++ b/chart/tinkerbell-stack/dependency_charts/smee/templates/nginx-deploy.yaml @@ -0,0 +1,87 @@ +{{- if .Values.deploy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: {{ .Values.name }}-nginx + name: {{ .Values.name }}-nginx + namespace: {{ .Release.Namespace | quote }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ .Values.name }}-nginx + stack: tinkerbell + {{- with .Values.selector }} + {{- toYaml . | nindent 6 }} + {{- end }} + strategy: + type: {{ .Values.deployment.strategy.type }} + template: + metadata: + labels: + app: {{ .Values.name }}-nginx + stack: tinkerbell + {{- with .Values.selector }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + affinity: + podAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app + operator: In + values: + - {{ .Values.name }} + containers: + - name: {{ .Values.name }}-nginx + image: {{ .Values.nginxImage }} + command: ["/bin/bash", "-xeuc"] + args: + - | + POD_NAMESERVER=$(awk '/nameserver/ {print $2}' /etc/resolv.conf) \ + envsubst '$POD_NAMESERVER' \ + /etc/nginx/nginx.conf + exec nginx -g 'daemon off;' + ports: + - containerPort: 50061 + hostPort: 50061 + protocol: TCP + name: hegel-port + - containerPort: 42113 + hostPort: 42113 + protocol: TCP + name: tink-server + - containerPort: 8080 + hostPort: 8080 + protocol: TCP + name: hook-http + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + volumeMounts: + - mountPath: /tmp + readOnly: true + name: nginx-conf + - mountPath: /usr/share/nginx/html + name: hook-artifacts + volumes: + - name: nginx-conf + configMap: + name: nginx-conf + items: + - key: nginx.conf + path: nginx.conf.template + - name: hook-artifacts + hostPath: + path: /opt/hook + type: DirectoryOrCreate + serviceAccountName: {{ .Values.name }} +{{- end }} diff --git a/chart/tinkerbell-stack/dependency_charts/smee/values.yaml b/chart/tinkerbell-stack/dependency_charts/smee/values.yaml index 732d621..d47ca60 100644 --- a/chart/tinkerbell-stack/dependency_charts/smee/values.yaml +++ b/chart/tinkerbell-stack/dependency_charts/smee/values.yaml @@ -128,3 +128,4 @@ additionalArgs: [] additionalEnv: [] trustedProxies: - "10.42.0.0/24" +nginxImage: nginx:1.25.1 \ No newline at end of file diff --git a/chart/tinkerbell-stack/templates/hook.yaml b/chart/tinkerbell-stack/templates/hook.yaml index c5103ea..90f12df 100644 --- a/chart/tinkerbell-stack/templates/hook.yaml +++ b/chart/tinkerbell-stack/templates/hook.yaml @@ -13,14 +13,12 @@ data: cd /output rm -f *.tar.gz checksum.txt vmlinuz* initramfs* base_loc="{{ .Values.stack.hook.downloadURL }}" - files="$base_loc/hook_aarch64.tar.gz $base_loc/hook_x86_64.tar.gz $base_loc/checksum.txt" + files="$base_loc/hook_aarch64.tar.gz $base_loc/hook_x86_64.tar.gz" tmp_dir=$(mktemp -d) for f in ${files}; do echo "${f}" wget -P "${tmp_dir}" "${f}" done - (cd "${tmp_dir}" && sha512sum -c checksum.txt) - mv "${tmp_dir}"/checksum.txt . for f in ${tmp_dir}/*.tar.gz; do tar --no-same-permissions --overwrite -ozxvf "${f}" && rm -f "${f}"; done rm -rf "${tmp_dir}" --- diff --git a/chart/tinkerbell-stack/templates/kubevip.yaml b/chart/tinkerbell-stack/templates/kubevip.yaml deleted file mode 100644 index 6941193..0000000 --- a/chart/tinkerbell-stack/templates/kubevip.yaml +++ /dev/null @@ -1,92 +0,0 @@ -{{- if and .Values.stack.enabled .Values.stack.kubevip.enabled }} -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ .Values.stack.kubevip.name }} - namespace: {{ .Release.Namespace | quote }} - labels: - app.kubernetes.io/name: {{ .Values.stack.kubevip.name }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: {{ .Values.stack.kubevip.name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ .Values.stack.kubevip.name }} - spec: - containers: - - args: - - manager - env: - - name: vip_arp - value: "true" - - name: svc_enable - value: "true" - - name: svc_election - value: "true" - - name: enableServicesElection - value: "true" - {{- with .Values.stack.kubevip.interface }} - - name: vip_interface - value: {{ . }} - {{- end }} - image: {{ .Values.stack.kubevip.image }} - imagePullPolicy: {{ .Values.stack.kubevip.imagePullPolicy }} - name: {{ .Values.stack.kubevip.name }} - securityContext: - capabilities: - add: - - NET_ADMIN - - NET_RAW - hostNetwork: true - serviceAccountName: {{ .Values.stack.kubevip.name }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.stack.kubevip.name }} - namespace: {{ .Release.Namespace | quote }} ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - annotations: - rbac.authorization.kubernetes.io/autoupdate: "true" - name: {{ .Values.stack.kubevip.roleName }} -rules: - - apiGroups: [""] - resources: - - "services" - - "services/status" - - "nodes" - - "endpoints" - verbs: - - "list" - - "get" - - "watch" - - "update" - - apiGroups: - - "coordination.k8s.io" - resources: - - "leases" - verbs: - - "list" - - "get" - - "watch" - - "update" - - "create" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: {{ .Values.stack.kubevip.roleBindingName }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.stack.kubevip.roleName }} -subjects: -- kind: ServiceAccount - name: {{ .Values.stack.kubevip.name }} - namespace: {{ .Release.Namespace | quote }} -{{- end }} \ No newline at end of file diff --git a/chart/tinkerbell-stack/templates/nginx-configmap.yaml b/chart/tinkerbell-stack/templates/nginx-configmap.yaml deleted file mode 100644 index 9a8484b..0000000 --- a/chart/tinkerbell-stack/templates/nginx-configmap.yaml +++ /dev/null @@ -1,83 +0,0 @@ -# The NGINX ConfigMap is in a separate file because its checksum is used to trigger updates in -# the deployment. -{{ if .Values.stack.enabled -}} -apiVersion: v1 -kind: ConfigMap -metadata: - name: nginx-conf - namespace: {{ .Release.Namespace | quote }} -data: - nginx.conf: | - worker_processes 1; - events { - worker_connections 1024; - } - user root; - - http { - server { - listen {{ .Values.smee.http.port }}; - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - resolver $POD_NAMESERVER; - set $smee_dns {{ .Values.smee.name }}.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution - - proxy_pass http://$smee_dns:{{ .Values.smee.http.port }}; - } - } - - server { - listen {{ .Values.hegel.service.port }}; - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - resolver $POD_NAMESERVER; - set $hegel_dns {{ .Values.hegel.name }}.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution - - proxy_pass http://$hegel_dns:{{ .Values.hegel.service.port }}; - } - } - - server { - listen {{ .Values.tink.server.service.port }}; - http2 on; - location / { - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - resolver $POD_NAMESERVER; - set $tink_dns {{ .Values.tink.server.name }}.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution - - grpc_pass grpc://$tink_dns:{{ .Values.tink.server.service.port }}; - } - } - - server { - listen {{ .Values.stack.hook.port }}; - location / { - sendfile on; - sendfile_max_chunk 1m; - root /usr/share/nginx/html; - } - } - } - - stream { - log_format logger-json escape=json '{"source": "nginx", "time": $msec, "address": "$remote_addr", "status": $status, "upstream_addr": "$upstream_addr"}'; - - server { - listen {{ .Values.smee.tftp.port }} udp; - resolver $POD_NAMESERVER; - set $smee_dns {{ .Values.smee.name }}.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution - proxy_pass $smee_dns:{{ .Values.smee.tftp.port }}; - access_log /dev/stdout logger-json; - } - server { - listen {{ .Values.smee.syslog.port }} udp; - resolver $POD_NAMESERVER; - set $smee_dns {{ .Values.smee.name }}.{{ .Release.Namespace }}.svc.cluster.local.; # needed in Kubernetes for dynamic DNS resolution - proxy_pass $smee_dns:{{ .Values.smee.syslog.port }}; - access_log /dev/stdout logger-json; - } - } -{{- end }} diff --git a/chart/tinkerbell-stack/templates/nginx.yaml b/chart/tinkerbell-stack/templates/nginx.yaml deleted file mode 100644 index 89297f3..0000000 --- a/chart/tinkerbell-stack/templates/nginx.yaml +++ /dev/null @@ -1,178 +0,0 @@ -{{- if .Values.stack.enabled }} -{{- $sourceInterface := .Values.stack.relay.sourceInterface -}} -{{- $macvlanInterfaceName := printf "%s%s" "macvlan" (randNumeric 2) -}} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Values.stack.name}} - namespace: {{ .Release.Namespace | quote }} -spec: - selector: - matchLabels: - {{- with .Values.stack.selector }} - {{- toYaml . | nindent 6 }} - {{- end }} - replicas: 1 - template: - metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/nginx-configmap.yaml") . | sha256sum }} - labels: - {{- with .Values.stack.selector }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if not .Values.stack.service.enabled }} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - {{- end }} - hostPID: true - containers: - - name: {{ .Values.stack.relay.name }} - image: {{ .Values.stack.relay.image }} - args: ["-m", "append", "-c", "{{ .Values.stack.relay.maxHopCount }}", "-id", "{{ $macvlanInterfaceName }}", "-iu", "eth0", "-U", "eth0", "smee.{{ .Release.Namespace }}.svc.cluster.local."] - ports: - - containerPort: 67 - protocol: UDP - name: dhcp - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - securityContext: - capabilities: - add: - - NET_RAW - - name: {{ .Values.stack.name }} - image: {{ .Values.stack.image }} - command: ["/bin/bash", "-xeuc"] - args: - - | - POD_NAMESERVER=$(awk '/nameserver/ {print $2}' /etc/resolv.conf) \ - envsubst '$POD_NAMESERVER' \ - /etc/nginx/nginx.conf - exec nginx -g 'daemon off;' - ports: - - containerPort: {{ .Values.hegel.deployment.port }} - protocol: TCP - name: {{ .Values.hegel.deployment.portName }} - - containerPort: {{ .Values.tink.server.deployment.port }} - protocol: TCP - name: {{ .Values.tink.server.deployment.portName }} - - containerPort: {{ .Values.stack.hook.port }} - protocol: TCP - name: hook-http - - containerPort: {{ .Values.smee.http.port }} - protocol: TCP - name: {{ .Values.smee.http.name }} - - containerPort: {{ .Values.smee.tftp.port }} - protocol: UDP - name: {{ .Values.smee.tftp.name }} - - containerPort: {{ .Values.smee.syslog.port }} - protocol: UDP - name: {{ .Values.smee.syslog.name }} - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - volumeMounts: - - mountPath: /tmp - readOnly: true - name: nginx-conf - {{- if .Values.stack.hook.enabled }} - - mountPath: /usr/share/nginx/html - name: hook-artifacts - {{- end }} - volumes: - - name: nginx-conf - configMap: - name: nginx-conf - items: - - key: nginx.conf - path: nginx.conf.template - {{- if .Values.stack.hook.enabled }} - - name: hook-artifacts - hostPath: - path: {{ .Values.stack.hook.downloadsDest }} - type: DirectoryOrCreate - {{- end }} - initContainers: - - name: relay-macvlan-interface - command: - - /bin/sh - - -c - - | - # This script allows us to listen and respond to DHCP requests on a host network interface and interact with Boots properly. - # This is used instead of `hostNetwork: true` because the dhcp relay requires clear paths for listening for broadcast traffic - # and sending/receiving unicast traffic to/from Boots. - set -xe - # if sourceInterface is not set use the interface from the default route - srcInterface="{{ $sourceInterface }}" - if [ -z "$srcInterface" ]; then - srcInterface=$(nsenter -t1 -n ip route | awk '/default/ {print $5}' | head -n1) - fi - # Create a macvlan interface. TODO: If this fails, try again with a different name? - nsenter -t1 -n ip link add {{ $macvlanInterfaceName }} link ${srcInterface} type macvlan mode bridge - # Move the interface into the POD. - pid=$(echo $$) - nsenter -t1 -n ip link set {{ $macvlanInterfaceName }} netns ${pid} || nsenter -t1 -n ip link delete {{ $macvlanInterfaceName }} - # Set the macvlan interface up - ip link set {{ $macvlanInterfaceName }} up - # Set the IP address - ip addr add {{ .Values.stack.loadBalancerIP }}/32 dev {{ $macvlanInterfaceName }} noprefixroute - image: alpine - securityContext: - privileged: true -{{- if .Values.stack.service.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app: {{ .Values.stack.name }} - name: {{ .Values.stack.name }} - namespace: {{ .Release.Namespace | quote }} -spec: - type: {{ .Values.stack.service.type }} - {{- if eq .Values.stack.service.type "LoadBalancer" }} - {{- if .Values.stack.lbClass }} - loadBalancerClass: {{ .Values.stack.lbClass }} - {{- end }} - loadBalancerIP: {{ .Values.stack.loadBalancerIP }} - externalTrafficPolicy: Local - {{- end }} - ports: - - name: {{ .Values.hegel.name }} - port: {{ .Values.hegel.deployment.port }} - protocol: TCP -# - name: {{ .Values.tink.server.name }} -# port: {{ .Values.tink.server.deployment.port }} -# protocol: TCP - - name: {{ .Values.stack.hook.name }} - port: {{ .Values.stack.hook.port }} - protocol: TCP -# - port: {{ .Values.smee.http.port }} -# protocol: TCP -# name: {{ .Values.smee.http.name }} -# - port: {{ .Values.smee.tftp.port }} -# protocol: UDP -# name: {{ .Values.smee.tftp.name }} -# - port: {{ .Values.smee.syslog.port }} -# protocol: UDP -# name: {{ .Values.smee.syslog.name }} -# - port: 67 -# protocol: UDP -# name: dhcp - selector: - {{- with .Values.stack.selector }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} -{{- end }} diff --git a/chart/tinkerbell-stack/values.yaml b/chart/tinkerbell-stack/values.yaml index c7cea5f..103ee3b 100644 --- a/chart/tinkerbell-stack/values.yaml +++ b/chart/tinkerbell-stack/values.yaml @@ -1,13 +1,4 @@ stack: - enabled: true - name: tink-stack - service: - enabled: true - type: LoadBalancer - selector: - app: tink-stack - # Once the Kubernetes Gateway API is more stable, we will use that for all services instead of nginx. - image: nginx:1.25.1 hook: enabled: true name: hook-files @@ -16,28 +7,7 @@ stack: downloadsDest: /opt/hook # downloadURL only works with the > 0.8.1 Hook release because # previous Hook versions didn't provide a checksum file. - downloadURL: https://github.com/tinkerbell/hook/releases/download/latest - kubevip: - enabled: false - name: kube-vip - image: ghcr.io/kube-vip/kube-vip:v0.6.3 - imagePullPolicy: IfNotPresent - roleName: kube-vip-role - roleBindingName: kube-vip-rolebinding - # Customize the interface KubeVIP advertises on. When unset, KubeVIP will autodetect the interface. - # interface: enp0s8 - relay: # relay allows us to listen and respond to layer broadcast DHCP requests - name: dhcp-relay - enabled: false - # This image (ghcr.io/jacobweinstock/dhcrelay) is used because the other public dhcprelay images out there (`modem7/dhcprelay`) - # doesn't respect signals properly when run as PID 1. - image: ghcr.io/jacobweinstock/dhcrelay - maxHopCount: 10 - # sourceInterface is the Host/Node interface to use for listening for DHCP broadcast packets. - # When unset, the interface from the default route will be used. - # sourceInterface: eno1 - # TODO(jacobweinstock): add feature to be able to disable listening for broadcast traffic. - + downloadURL: https://github.com/tinkerbell/hook/releases/download/v0.8.1 # -- Overrides # The values defined here override those in the individual charts. Some of them require tweaking # before deployment as they are environment dependent; others are surfaced for convenience. @@ -51,6 +21,9 @@ smee: trustedProxies: *range publicIP: *publicIP hostNetwork: true + deployment: + strategy: + type: Recreate hegel: image: quay.io/tinkerbell/hegel:v0.11.1