diff --git a/packages/core/installer/Makefile b/packages/core/installer/Makefile
index caf15bc4..e87c38b9 100644
--- a/packages/core/installer/Makefile
+++ b/packages/core/installer/Makefile
@@ -55,6 +55,8 @@ image-matchbox: run-builder
--metadata-file images/matchbox.json \
--push=$(PUSH) \
--load=$(LOAD)
+ echo "$(REGISTRY)/matchbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/matchbox.json -o json -r)" \
+ > ../../extra/bootbox/images/matchbox.tag
rm -f images/matchbox.json
assets: talos-iso talos-nocloud talos-metal
diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml
index a74da8b1..19ad78ec 100644
--- a/packages/core/platform/bundles/distro-full.yaml
+++ b/packages/core/platform/bundles/distro-full.yaml
@@ -199,3 +199,11 @@ releases:
namespace: cozy-keycloak
optional: true
dependsOn: [keycloak]
+
+- name: bootbox
+ releaseName: bootbox
+ chart: cozy-bootbox
+ namespace: cozy-bootbox
+ privileged: true
+ optional: true
+ dependsOn: [cilium]
diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml
index 6b73f6ef..328d0bbb 100644
--- a/packages/core/platform/bundles/paas-full.yaml
+++ b/packages/core/platform/bundles/paas-full.yaml
@@ -281,6 +281,14 @@ releases:
optional: true
dependsOn: [cilium,kubeovn]
+- name: bootbox
+ releaseName: bootbox
+ chart: cozy-bootbox
+ namespace: cozy-bootbox
+ privileged: true
+ optional: true
+ dependsOn: [cilium,kubeovn]
+
{{- if $oidcEnabled }}
- name: keycloak
releaseName: keycloak
diff --git a/packages/extra/bootbox/Chart.yaml b/packages/extra/bootbox/Chart.yaml
new file mode 100644
index 00000000..f5d8dd39
--- /dev/null
+++ b/packages/extra/bootbox/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: bootbox
+description: PXE hardware provisioning
+icon: /logos/bootbox.svg
+type: application
+version: 0.1.0
diff --git a/packages/extra/bootbox/Makefile b/packages/extra/bootbox/Makefile
new file mode 100644
index 00000000..dec085a9
--- /dev/null
+++ b/packages/extra/bootbox/Makefile
@@ -0,0 +1,11 @@
+NAME=bootbox
+NAMESPACE=tenant-root
+
+include ../../../scripts/package.mk
+
+generate:
+ readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
+ cat values.schema.json.tmp | \
+ jq '.properties.machines.items.type = "object"' \
+ > values.schema.json
+ rm -f values.schema.json.tmp
diff --git a/packages/extra/bootbox/README.md b/packages/extra/bootbox/README.md
new file mode 100644
index 00000000..c3f25b32
--- /dev/null
+++ b/packages/extra/bootbox/README.md
@@ -0,0 +1,11 @@
+# BootBox
+
+## Parameters
+
+### Common parameters
+
+| Name | Description | Value |
+| --------------- | ----------------------------------------------------- | ------ |
+| `whitelistHTTP` | Secure HTTP by enabling client networks whitelisting | `true` |
+| `whitelist` | List of client networks | `[]` |
+| `machines` | Configuration of physical machine instances | `[]` |
diff --git a/packages/extra/bootbox/hack/test.sh b/packages/extra/bootbox/hack/test.sh
new file mode 100644
index 00000000..0bfd7590
--- /dev/null
+++ b/packages/extra/bootbox/hack/test.sh
@@ -0,0 +1,18 @@
+apk add iptables iproute2 qemu-system-x86_64 qemu-img
+
+iptables -t nat -D POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE 2>/dev/null || true
+iptables -t nat -A POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE
+
+ip link del tap0 2>/dev/null || true
+ip tuntap add dev tap0 mode tap
+ip link set tap0 up
+ip addr add 10.8.2.1/24 dev tap0
+
+
+rm -f data.img
+qemu-img create data.img 100G
+
+qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \
+ -device virtio-net,netdev=net0,mac=d6:fa:af:52:25:93 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
+ -drive file=data.img,if=virtio,format=raw \
+ -nographic
diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag
new file mode 100644
index 00000000..b50d5812
--- /dev/null
+++ b/packages/extra/bootbox/images/matchbox.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/matchbox:v0.23.1
diff --git a/packages/extra/bootbox/logos/bootbox.svg b/packages/extra/bootbox/logos/bootbox.svg
new file mode 100644
index 00000000..23c89160
--- /dev/null
+++ b/packages/extra/bootbox/logos/bootbox.svg
@@ -0,0 +1,91 @@
+
diff --git a/packages/extra/bootbox/templates/check-release-name.yaml b/packages/extra/bootbox/templates/check-release-name.yaml
new file mode 100644
index 00000000..d903237a
--- /dev/null
+++ b/packages/extra/bootbox/templates/check-release-name.yaml
@@ -0,0 +1,6 @@
+{{- if ne .Release.Name .Chart.Name }}
+{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
+{{- end -}}
+{{- if ne .Release.Namespace "tenant-root" }}
+{{- fail "The namespace of the release MUST BE tenant-root" }}
+{{- end -}}
diff --git a/packages/extra/bootbox/templates/dashboard-resourcemap.yaml b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml
new file mode 100644
index 00000000..ad04d65b
--- /dev/null
+++ b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,35 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+ - networking.k8s.io
+ resources:
+ - ingresses
+ resourceNames:
+ - bootbox
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ resourceNames:
+ - grafana-admin-password
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - ""
+ resources:
+ - services
+ resourceNames:
+ - bootbox
+ verbs: ["get", "list", "watch"]
+- apiGroups:
+ - cozystack.io
+ resources:
+ - workloadmonitors
+ resourceNames:
+ - bootbox-matchbox
+ verbs: ["get", "list", "watch"]
+
+
diff --git a/packages/extra/bootbox/templates/matchbox/configmaps.yaml b/packages/extra/bootbox/templates/matchbox/configmaps.yaml
new file mode 100644
index 00000000..6b95b4f5
--- /dev/null
+++ b/packages/extra/bootbox/templates/matchbox/configmaps.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: bootbox-profiles
+data:
+ default.json: |
+ {
+ "id": "default",
+ "name": "default",
+ "boot": {
+ "kernel": "/assets/vmlinuz",
+ "initrd": ["/assets/initramfs.xz"],
+ "args": [
+ "initrd=initramfs.xz",
+ "init_on_alloc=1",
+ "slab_nomerge",
+ "pti=on",
+ "console=tty0",
+ "console=ttyS0",
+ "printk.devkmsg=on",
+ "talos.platform=metal"
+ ]
+ }
+ }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: bootbox-groups
+data:
+ default.json: |
+ {
+ "id": "default",
+ "name": "default",
+ "profile": "default"
+ }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: bootbox-configs
+data:
diff --git a/packages/extra/bootbox/templates/matchbox/deployment.yaml b/packages/extra/bootbox/templates/matchbox/deployment.yaml
new file mode 100644
index 00000000..470c2814
--- /dev/null
+++ b/packages/extra/bootbox/templates/matchbox/deployment.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: bootbox-matchbox
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: bootbox-matchbox
+ template:
+ metadata:
+ labels:
+ app: bootbox-matchbox
+ spec:
+ containers:
+ - name: matchbox
+ image: "{{ $.Files.Get "images/matchbox.tag" | trim }}"
+ args:
+ - "-address=:8080"
+ - "-log-level=debug"
+ volumeMounts:
+ - name: profiles-volume
+ mountPath: /var/lib/matchbox/profiles
+ - name: groups-volume
+ mountPath: /var/lib/matchbox/groups
+ - name: configs-volume
+ mountPath: /var/lib/matchbox/assets/configs
+ ports:
+ - name: http
+ containerPort: 8080
+ protocol: TCP
+ volumes:
+ - name: profiles-volume
+ configMap:
+ name: bootbox-profiles
+ - name: groups-volume
+ configMap:
+ name: bootbox-groups
+ - name: configs-volume
+ configMap:
+ name: bootbox-configs
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+ name: bootbox-matchbox
+spec:
+ replicas: 1
+ minReplicas: 1
+ kind: bootbox
+ type: matchbox
+ selector:
+ app: bootbox-matchbox
+ version: {{ $.Chart.Version }}
diff --git a/packages/extra/bootbox/templates/matchbox/ingress.yaml b/packages/extra/bootbox/templates/matchbox/ingress.yaml
new file mode 100644
index 00000000..31de7716
--- /dev/null
+++ b/packages/extra/bootbox/templates/matchbox/ingress.yaml
@@ -0,0 +1,37 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: bootbox
+ labels:
+ app: bootbox
+ annotations:
+ {{- if ne $issuerType "cloudflare" }}
+ acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
+ {{- end }}
+ cert-manager.io/cluster-issuer: letsencrypt-prod
+ {{- if .Values.whitelistHTTP }}
+ nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.whitelist | default "0.0.0.0/32") }}"
+ {{- end }}
+spec:
+ ingressClassName: {{ $ingress }}
+ tls:
+ - hosts:
+ - "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
+ secretName: bootbox-tls
+ rules:
+ - host: "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
+ http:
+ paths:
+ - path: /
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: bootbox
+ port:
+ name: http
diff --git a/packages/extra/bootbox/templates/matchbox/machines.yaml b/packages/extra/bootbox/templates/matchbox/machines.yaml
new file mode 100644
index 00000000..64231f23
--- /dev/null
+++ b/packages/extra/bootbox/templates/matchbox/machines.yaml
@@ -0,0 +1,47 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+
+{{ range $m := .Values.machines }}
+---
+apiVersion: tinkerbell.org/v1alpha1
+kind: Hardware
+metadata:
+ name: {{ $m.hostname }}
+ namespace: cozy-bootbox
+spec:
+ interfaces:
+ {{- range $mac := $m.mac }}
+ - dhcp:
+ hostname: {{ $m.hostname }}
+ mac: {{ $mac }}
+ {{- with $m.arch }}
+ arch: {{ . }}
+ {{- end }}
+ {{- with $m.ip }}
+ ip:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with $m.leaseTime }}
+ lease_time: {{ . }}
+ {{- end }}
+ {{- with $m.uefi }}
+ uefi: {{ . }}
+ {{- end }}
+ {{- with $m.nameServers }}
+ name_servers:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with $m.timeServers }}
+ time_servers:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ netboot:
+ allowPXE: true
+ ipxe:
+ url: "https://{{ printf "bootbox.%s" ($.Values.host | default $host) }}/boot.ipxe"
+ {{- end }}
+{{- end }}
diff --git a/packages/extra/bootbox/templates/matchbox/service.yaml b/packages/extra/bootbox/templates/matchbox/service.yaml
new file mode 100644
index 00000000..160de067
--- /dev/null
+++ b/packages/extra/bootbox/templates/matchbox/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: bootbox
+spec:
+ selector:
+ app: bootbox-matchbox
+ ports:
+ - protocol: TCP
+ port: 80
+ targetPort: http
+ name: http
diff --git a/packages/extra/bootbox/values.schema.json b/packages/extra/bootbox/values.schema.json
new file mode 100644
index 00000000..e365ece4
--- /dev/null
+++ b/packages/extra/bootbox/values.schema.json
@@ -0,0 +1,25 @@
+{
+ "title": "Chart Values",
+ "type": "object",
+ "properties": {
+ "whitelistHTTP": {
+ "type": "boolean",
+ "description": "Secure HTTP by enabling client networks whitelisting",
+ "default": true
+ },
+ "whitelist": {
+ "type": "array",
+ "description": "List of client networks",
+ "default": [],
+ "items": {}
+ },
+ "machines": {
+ "type": "array",
+ "description": "Configuration of physical machine instances",
+ "default": "[]",
+ "items": {
+ "type": "object"
+ }
+ }
+ }
+}
diff --git a/packages/extra/bootbox/values.yaml b/packages/extra/bootbox/values.yaml
new file mode 100644
index 00000000..f4d55572
--- /dev/null
+++ b/packages/extra/bootbox/values.yaml
@@ -0,0 +1,30 @@
+## @section Common parameters
+
+## @param whitelistHTTP Secure HTTP by enabling client networks whitelisting
+## @param whitelist List of client networks
+## Example:
+## whitelistHTTP: true
+## whitelist:
+## - "1.2.3.4"
+## - "10.8.0.0/16"
+##
+whitelistHTTP: true
+whitelist: []
+
+## @param machines [array] Configuration of physical machine instances
+##
+## Example:
+## machines:
+## - hostname: machine1
+## arch: x86_64
+## ip:
+## address: 10.8.2.2
+## gateway: 10.8.2.1
+## netmask: 255.255.255.0
+## leaseTime: 86400
+## mac: [d6:fa:af:52:25:93]
+## nameServers: [1.1.1.1,8.8.8.8]
+## timeServers: [pool.ntp.org]
+## uefi: true
+
+machines: []
diff --git a/packages/extra/versions_map b/packages/extra/versions_map
index 40edd1d8..68171be0 100644
--- a/packages/extra/versions_map
+++ b/packages/extra/versions_map
@@ -1,3 +1,4 @@
+bootbox 0.1.0 HEAD
etcd 1.0.0 f7eaab0
etcd 2.0.0 a6d0f7cf
etcd 2.0.1 6fc1cc7d
diff --git a/packages/system/bootbox/Chart.yaml b/packages/system/bootbox/Chart.yaml
new file mode 100644
index 00000000..dabadb65
--- /dev/null
+++ b/packages/system/bootbox/Chart.yaml
@@ -0,0 +1,3 @@
+apiVersion: v2
+name: cozy-smee
+version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
diff --git a/packages/system/bootbox/Makefile b/packages/system/bootbox/Makefile
new file mode 100644
index 00000000..ce4e1af0
--- /dev/null
+++ b/packages/system/bootbox/Makefile
@@ -0,0 +1,16 @@
+export NAME=bootbox
+export NAMESPACE=cozy-$(NAME)
+
+include ../../../scripts/package.mk
+
+update:
+ rm -rf charts
+ mkdir -p charts
+ cd charts && \
+ tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/tinkerbell/charts | awk -F'[/^]' 'END{print $$3}') && \
+ curl -sSL https://github.com/tinkerbell/charts/archive/refs/tags/$${tag}.tar.gz | \
+ tar xzvf - --strip 2 charts-$${tag#*v}/tinkerbell
+ find charts -maxdepth 1 -mindepth 1 ! -name tink -and ! -name smee -exec rm -rf {} \;
+ mkdir -p charts/smee/crds
+ mv charts/tink/crds/hardware-crd.yaml charts/smee/crds
+ rm -rf charts/tink
diff --git a/packages/system/bootbox/charts/smee/Chart.yaml b/packages/system/bootbox/charts/smee/Chart.yaml
new file mode 100644
index 00000000..93b67306
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/Chart.yaml
@@ -0,0 +1,25 @@
+apiVersion: v2
+name: smee
+description: Smee is the network boot service for Tinkerbell
+icon: https://github.com/tinkerbell/artwork/blob/6f07de53d75cb8932dbc7d14201e038cf3a3b230/Tinkerbell-Icon-Dark.png
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.6.2
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.15.1"
diff --git a/packages/system/bootbox/charts/smee/crds/hardware-crd.yaml b/packages/system/bootbox/charts/smee/crds/hardware-crd.yaml
new file mode 100644
index 00000000..a32dcfbf
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/crds/hardware-crd.yaml
@@ -0,0 +1,388 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.16.3
+ name: hardware.tinkerbell.org
+spec:
+ group: tinkerbell.org
+ names:
+ categories:
+ - tinkerbell
+ kind: Hardware
+ listKind: HardwareList
+ plural: hardware
+ shortNames:
+ - hw
+ singular: hardware
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.state
+ name: State
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Hardware is the Schema for the Hardware API.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: HardwareSpec defines the desired state of Hardware.
+ properties:
+ bmcRef:
+ description: |-
+ BMCRef contains a relation to a BMC state management type in the same
+ namespace as the Hardware. This may be used for BMC management by
+ orchestrators.
+ properties:
+ apiGroup:
+ description: |-
+ APIGroup is the group for the resource being referenced.
+ If APIGroup is not specified, the specified Kind must be in the core API group.
+ For any other third-party types, APIGroup is required.
+ type: string
+ kind:
+ description: Kind is the type of resource being referenced
+ type: string
+ name:
+ description: Name is the name of resource being referenced
+ type: string
+ required:
+ - kind
+ - name
+ type: object
+ x-kubernetes-map-type: atomic
+ disks:
+ items:
+ description: Disk represents a disk device for Tinkerbell Hardware.
+ properties:
+ device:
+ type: string
+ type: object
+ type: array
+ interfaces:
+ items:
+ description: Interface represents a network interface configuration for Hardware.
+ properties:
+ dhcp:
+ description: DHCP configuration.
+ properties:
+ arch:
+ type: string
+ hostname:
+ type: string
+ iface_name:
+ type: string
+ ip:
+ description: IP configuration.
+ properties:
+ address:
+ type: string
+ family:
+ format: int64
+ type: integer
+ gateway:
+ type: string
+ netmask:
+ type: string
+ type: object
+ lease_time:
+ format: int64
+ type: integer
+ mac:
+ pattern: ([0-9a-f]{2}[:]){5}([0-9a-f]{2})
+ type: string
+ name_servers:
+ items:
+ type: string
+ type: array
+ time_servers:
+ items:
+ type: string
+ type: array
+ uefi:
+ type: boolean
+ vlan_id:
+ description: validation pattern for VLANDID is a string number between 0-4096
+ pattern: ^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$
+ type: string
+ type: object
+ disableDhcp:
+ default: false
+ description: DisableDHCP disables DHCP for this interface.
+ type: boolean
+ netboot:
+ description: Netboot configuration.
+ properties:
+ allowPXE:
+ type: boolean
+ allowWorkflow:
+ type: boolean
+ ipxe:
+ description: IPXE configuration.
+ properties:
+ contents:
+ type: string
+ url:
+ type: string
+ type: object
+ osie:
+ description: OSIE configuration.
+ properties:
+ baseURL:
+ type: string
+ initrd:
+ type: string
+ kernel:
+ type: string
+ type: object
+ type: object
+ type: object
+ type: array
+ metadata:
+ properties:
+ bonding_mode:
+ format: int64
+ type: integer
+ custom:
+ properties:
+ preinstalled_operating_system_version:
+ properties:
+ distro:
+ type: string
+ image_tag:
+ type: string
+ os_slug:
+ type: string
+ slug:
+ type: string
+ version:
+ type: string
+ type: object
+ private_subnets:
+ items:
+ type: string
+ type: array
+ type: object
+ facility:
+ properties:
+ facility_code:
+ type: string
+ plan_slug:
+ type: string
+ plan_version_slug:
+ type: string
+ type: object
+ instance:
+ properties:
+ allow_pxe:
+ type: boolean
+ always_pxe:
+ type: boolean
+ crypted_root_password:
+ type: string
+ hostname:
+ type: string
+ id:
+ type: string
+ ips:
+ items:
+ properties:
+ address:
+ type: string
+ family:
+ format: int64
+ type: integer
+ gateway:
+ type: string
+ management:
+ type: boolean
+ netmask:
+ type: string
+ public:
+ type: boolean
+ type: object
+ type: array
+ ipxe_script_url:
+ type: string
+ network_ready:
+ type: boolean
+ operating_system:
+ properties:
+ distro:
+ type: string
+ image_tag:
+ type: string
+ os_slug:
+ type: string
+ slug:
+ type: string
+ version:
+ type: string
+ type: object
+ rescue:
+ type: boolean
+ ssh_keys:
+ items:
+ type: string
+ type: array
+ state:
+ type: string
+ storage:
+ properties:
+ disks:
+ items:
+ properties:
+ device:
+ type: string
+ partitions:
+ items:
+ properties:
+ label:
+ type: string
+ number:
+ format: int64
+ type: integer
+ size:
+ format: int64
+ type: integer
+ start:
+ format: int64
+ type: integer
+ type_guid:
+ type: string
+ type: object
+ type: array
+ wipe_table:
+ type: boolean
+ type: object
+ type: array
+ filesystems:
+ items:
+ properties:
+ mount:
+ properties:
+ create:
+ properties:
+ force:
+ type: boolean
+ options:
+ items:
+ type: string
+ type: array
+ type: object
+ device:
+ type: string
+ files:
+ items:
+ properties:
+ contents:
+ type: string
+ gid:
+ format: int64
+ type: integer
+ mode:
+ format: int64
+ type: integer
+ path:
+ type: string
+ uid:
+ format: int64
+ type: integer
+ type: object
+ type: array
+ format:
+ type: string
+ point:
+ type: string
+ type: object
+ type: object
+ type: array
+ raid:
+ items:
+ properties:
+ devices:
+ items:
+ type: string
+ type: array
+ level:
+ type: string
+ name:
+ type: string
+ spare:
+ format: int64
+ type: integer
+ type: object
+ type: array
+ type: object
+ tags:
+ items:
+ type: string
+ type: array
+ userdata:
+ type: string
+ type: object
+ manufacturer:
+ properties:
+ id:
+ type: string
+ slug:
+ type: string
+ type: object
+ state:
+ type: string
+ type: object
+ resources:
+ additionalProperties:
+ anyOf:
+ - type: integer
+ - type: string
+ pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+ x-kubernetes-int-or-string: true
+ description: |-
+ Resources represents known resources that are available on a machine.
+ Resources may be used for scheduling by orchestrators.
+ type: object
+ tinkVersion:
+ format: int64
+ type: integer
+ userData:
+ description: |-
+ UserData is the user data to configure in the hardware's
+ metadata
+ type: string
+ vendorData:
+ description: |-
+ VendorData is the vendor data to configure in the hardware's
+ metadata
+ type: string
+ type: object
+ status:
+ description: HardwareStatus defines the observed state of Hardware.
+ properties:
+ state:
+ description: HardwareState represents the hardware state.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/packages/system/bootbox/charts/smee/templates/_ports.tpl b/packages/system/bootbox/charts/smee/templates/_ports.tpl
new file mode 100644
index 00000000..aab0ea24
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/_ports.tpl
@@ -0,0 +1,24 @@
+{{ define "smee.ports" }}
+- {{ .PortKey }}: {{ .http.port }}
+ name: {{ .http.name }}
+ protocol: TCP
+- {{ .PortKey }}: {{ .syslog.port }}
+ name: {{ .syslog.name }}
+ protocol: UDP
+- {{ .PortKey }}: {{ .dhcp.port }}
+ name: {{ .dhcp.name }}
+ protocol: UDP
+- {{ .PortKey }}: {{ .tftp.port }}
+ name: {{ .tftp.name }}
+ protocol: UDP
+{{- end }}
+
+{{- define "urlJoiner" }}
+{{- if .urlDict.port }}
+{{- $host := printf "%v:%v" .urlDict.host .urlDict.port }}
+{{- $newDict := set .urlDict "host" $host }}
+{{- print (urlJoin $newDict) }}
+{{- else }}
+{{- print (urlJoin .urlDict) }}
+{{- end }}
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/templates/_scheduling.tpl b/packages/system/bootbox/charts/smee/templates/_scheduling.tpl
new file mode 100644
index 00000000..395860de
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/_scheduling.tpl
@@ -0,0 +1,12 @@
+{{- define "singleNodeClusterConfig" }}
+- effect: NoSchedule
+ key: node-role.kubernetes.io/control-plane
+{{- end }}
+
+{{- define "preferWorkerNodes" }}
+- weight: {{ .nodeAffinityWeight }}
+ preference:
+ matchExpressions:
+ - key: node-role.kubernetes.io/control-plane
+ operator: DoesNotExist
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/templates/deployment.yaml b/packages/system/bootbox/charts/smee/templates/deployment.yaml
new file mode 100644
index 00000000..9f099c3f
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/deployment.yaml
@@ -0,0 +1,182 @@
+{{- if .Values.deploy }}
+{{- $publicIP := .Values.publicIP }}
+{{- $trustedProxies := .Values.trustedProxies }}
+{{- $roleType := .Values.rbac.type }}
+{{- $nodeSelector := .Values.nodeSelector }}
+{{- if .Values.global }}
+{{- $publicIP = coalesce .Values.publicIP .Values.global.publicIP }}
+{{- $trustedProxies = coalesce .Values.trustedProxies .Values.global.trustedProxies }}
+{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
+{{- $nodeSelector = coalesce .Values.nodeSelector .Values.global.nodeSelector }}
+{{- end }}
+{{- $_ := set .Values.dhcp "syslogIp" (default $publicIP .Values.dhcp.syslogIp) }}
+{{- $_ := set .Values.dhcp "ipForPacket" (default $publicIP .Values.dhcp.ipForPacket) }}
+{{- $_ := set .Values.dhcp "tftpIp" (default $publicIP .Values.dhcp.tftpIp) }}
+{{- $_ := set .Values.dhcp.httpIPXE.binaryUrl "host" (default $publicIP .Values.dhcp.httpIPXE.binaryUrl.host) }}
+{{- $_ := set .Values.dhcp.httpIPXE.scriptUrl "host" (default $publicIP .Values.dhcp.httpIPXE.scriptUrl.host) }}
+{{- $_ := set .Values.http.tinkServer "ip" (default $publicIP .Values.http.tinkServer.ip) }}
+{{- $_ := set .Values.http.osieUrl "host" (default $publicIP .Values.http.osieUrl.host) }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: {{ .Values.name }}
+ name: {{ .Values.name }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ replicas: {{ .Values.replicas }}
+ selector:
+ matchLabels:
+ app: {{ .Values.name }}
+ stack: tinkerbell
+ {{- with .Values.selector }}
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
+ strategy:
+ type: {{ .Values.deployment.strategy.type }}
+ template:
+ metadata:
+ labels:
+ app: {{ .Values.name }}
+ stack: tinkerbell
+ {{- with .Values.selector }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ containers:
+ - image: {{ .Values.image }}
+ imagePullPolicy: {{ .Values.imagePullPolicy }}
+ args:
+ {{- range .Values.additionalArgs }}
+ - {{ . }}
+ {{- end }}
+ env:
+ - name: SMEE_LOG_LEVEL
+ value: {{ .Values.logLevel | quote }}
+ - name: SMEE_DHCP_ADDR
+ value: {{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port | quote }}
+ - name: SMEE_DHCP_ENABLED
+ value: {{ .Values.dhcp.enabled | quote }}
+ - name: SMEE_DHCP_TFTP_PORT
+ value: {{ .Values.dhcp.tftpPort | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_BINARY_PATH
+ value: {{ .Values.dhcp.httpIPXE.binaryUrl.path | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_BINARY_PORT
+ value: {{ .Values.dhcp.httpIPXE.binaryUrl.port | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_BINARY_SCHEME
+ value: {{ .Values.dhcp.httpIPXE.binaryUrl.scheme | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_PATH
+ value: {{ .Values.dhcp.httpIPXE.scriptUrl.path | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_PORT
+ value: {{ .Values.dhcp.httpIPXE.scriptUrl.port | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_SCHEME
+ value: {{ .Values.dhcp.httpIPXE.scriptUrl.scheme | quote }}
+ - name: SMEE_DHCP_MODE
+ value: {{ .Values.dhcp.mode | quote }}
+ - name: SMEE_EXTRA_KERNEL_ARGS
+ value: {{ join " " ( append .Values.http.additionalKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) | quote }}
+ - name: SMEE_HTTP_IPXE_BINARY_ENABLED
+ value: {{ .Values.http.ipxeBinaryEnabled | quote }}
+ - name: SMEE_HTTP_IPXE_SCRIPT_ENABLED
+ value: {{ .Values.http.ipxeScriptEnabled | quote }}
+ - name: SMEE_HTTP_PORT
+ value: {{ .Values.http.port | quote }}
+ - name: SMEE_OSIE_URL
+ value: {{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl) | quote }}
+ - name: SMEE_TINK_SERVER
+ value: {{ printf "%v:%v" .Values.http.tinkServer.ip .Values.http.tinkServer.port | quote }}
+ - name: SMEE_TINK_SERVER_TLS
+ value: {{ .Values.http.tinkServer.tls | quote }}
+ - name: SMEE_TINK_SERVER_INSECURE_TLS
+ value: {{ .Values.http.tinkServer.insecureTLS | quote }}
+ - name: SMEE_TRUSTED_PROXIES
+ value: {{ required "missing trustedProxies" ( join "," $trustedProxies ) | quote }}
+ - name: SMEE_SYSLOG_ENABLED
+ value: {{ .Values.syslog.enabled | quote }}
+ - name: SMEE_IPXE_SCRIPT_PATCH
+ value: {{ .Values.ipxeScriptPatch | quote }}
+ - name: SMEE_TFTP_ENABLED
+ value: {{ .Values.tftp.enabled | quote }}
+ - name: SMEE_TFTP_TIMEOUT
+ value: {{ .Values.tftp.timeout | quote }}
+ - name: SMEE_TFTP_PORT
+ value: {{ .Values.tftp.port | quote }}
+ - name: SMEE_SYSLOG_PORT
+ value: {{ .Values.syslog.port | quote }}
+ - name: SMEE_HTTP_ADDR
+ value: {{ .Values.http.ip | quote }}
+ - name: SMEE_SYSLOG_ADDR
+ value: {{ .Values.syslog.ip | quote }}
+ - name: SMEE_TFTP_ADDR
+ value: {{ .Values.tftp.ip | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_BINARY_HOST
+ value: {{ .Values.dhcp.httpIPXE.binaryUrl.host | quote }}
+ - name: SMEE_DHCP_HTTP_IPXE_SCRIPT_HOST
+ value: {{ .Values.dhcp.httpIPXE.scriptUrl.host | quote }}
+ - name: SMEE_DHCP_SYSLOG_IP
+ value: {{ .Values.dhcp.syslogIp | quote }}
+ - name: SMEE_DHCP_TFTP_IP
+ value: {{ .Values.dhcp.tftpIp | quote }}
+ - name: SMEE_DHCP_IP_FOR_PACKET
+ value: {{ .Values.dhcp.ipForPacket | quote }}
+ - name: SMEE_ISO_ENABLED
+ value: {{ .Values.iso.enabled | quote }}
+ - name: SMEE_ISO_URL
+ value: {{ .Values.iso.url | quote }}
+ - name: SMEE_ISO_MAGIC_STRING
+ value: {{ .Values.iso.magicString | quote }}
+ - name: SMEE_ISO_STATIC_IPAM_ENABLED
+ value: {{ .Values.iso.staticIPAMEnabled | quote }}
+ {{- if eq $roleType "Role"}}
+ - name: SMEE_BACKEND_KUBE_NAMESPACE
+ value: {{ .Release.Namespace | quote }}
+ {{- end }}
+ {{- range .Values.additionalEnv }}
+ - name: {{ .name | quote }}
+ value: {{ .value | quote }}
+ {{- end }}
+ {{- if not .Values.hostNetwork }}
+ ports:
+ {{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values ) | indent 12 }}
+ {{- end }}
+ name: {{ .Values.name }}
+ resources:
+ limits:
+ cpu: {{ .Values.resources.limits.cpu }}
+ memory: {{ .Values.resources.limits.memory }}
+ requests:
+ cpu: {{ .Values.resources.requests.cpu }}
+ memory: {{ .Values.resources.requests.memory }}
+ {{- with .Values.additionalVolumeMounts }}
+ volumeMounts:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
+ {{- with .Values.additionalVolumes }}
+ volumes:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ .Values.name }}
+ {{- if .Values.hostNetwork }}
+ hostNetwork: true
+ {{- end }}
+ {{- with $nodeSelector }}
+ nodeSelector:
+ {{ toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if or .Values.deployment.tolerations .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
+ tolerations:
+ {{- .Values.deployment.tolerations | toYaml | nindent 8 }}
+ {{- if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
+ {{- include "singleNodeClusterConfig" . | indent 6 }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.deployment.affinity }}
+ affinity:
+ {{- .Values.deployment.affinity | toYaml | nindent 8 }}
+ {{- else if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
+ affinity:
+ nodeAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ {{- include "preferWorkerNodes" (dict "nodeAffinityWeight" .Values.singleNodeClusterConfig.nodeAffinityWeight) | indent 10 }}
+ {{- end }}
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/templates/role-binding.yaml b/packages/system/bootbox/charts/smee/templates/role-binding.yaml
new file mode 100644
index 00000000..84f6a133
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/role-binding.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.deploy }}
+{{- $roleType := .Values.rbac.type }}
+{{- if .Values.global }}
+{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ printf "%sBinding" $roleType }}
+metadata:
+ name: {{ .Values.rbac.bindingName }}
+ {{- if eq $roleType "Role" }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: {{ $roleType }}
+ name: {{ .Values.rbac.name }}
+subjects:
+ - kind: ServiceAccount
+ name: {{ .Values.name }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/templates/role.yaml b/packages/system/bootbox/charts/smee/templates/role.yaml
new file mode 100644
index 00000000..600fc255
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/role.yaml
@@ -0,0 +1,17 @@
+{{- if .Values.deploy }}
+{{- $roleType := .Values.rbac.type }}
+{{- if .Values.global }}
+{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: {{ $roleType }}
+metadata:
+ name: {{ .Values.rbac.name }}
+ {{- if eq $roleType "Role" }}
+ namespace: {{ .Release.Namespace | quote }}
+ {{- end }}
+rules:
+ - apiGroups: ["tinkerbell.org"]
+ resources: ["hardware", "hardware/status"]
+ verbs: ["get", "list", "watch"]
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/templates/service-account.yaml b/packages/system/bootbox/charts/smee/templates/service-account.yaml
new file mode 100644
index 00000000..252282f5
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/service-account.yaml
@@ -0,0 +1,7 @@
+{{- if .Values.deploy }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Values.name }}
+ namespace: {{ .Release.Namespace | quote }}
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/templates/service.yaml b/packages/system/bootbox/charts/smee/templates/service.yaml
new file mode 100644
index 00000000..ab7dd114
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/templates/service.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.deploy }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: {{ .Values.name }}
+ name: {{ .Values.name }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ type: ClusterIP
+ ports:
+ - name: tftp
+ port: 69
+ targetPort: 69
+ protocol: UDP
+ - name: http
+ port: {{ .Values.http.port }}
+ targetPort: {{ .Values.http.port }}
+ protocol: TCP
+ - name: syslog
+ port: {{ .Values.syslog.port }}
+ targetPort: {{ .Values.syslog.port }}
+ protocol: UDP
+ - name: dhcp
+ port: 67
+ targetPort: 67
+ protocol: UDP
+ selector:
+ app: {{ .Values.name }}
+{{- end }}
diff --git a/packages/system/bootbox/charts/smee/values.schema.json b/packages/system/bootbox/charts/smee/values.schema.json
new file mode 100644
index 00000000..3d2cee52
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/values.schema.json
@@ -0,0 +1,41 @@
+{
+ "$schema": "http://json-schema.org/draft-04/schema#",
+ "type": "object",
+ "properties": {
+ "http": {
+ "type": "object",
+ "properties": {
+ "trustedProxies": {
+ "type": "array",
+ "items": {
+ "type": "string",
+ "description": "Specifies one or more IPv4/IPv6 addresses expressed using CIDR notation.",
+ "anyOf": [
+ {
+ "pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$"
+ },
+ {
+ "pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
+ }
+ ]
+ }
+ }
+ }
+ },
+ "rbac": {
+ "type": "object",
+ "properties": {
+ "type": {
+ "type": "string",
+ "enum": ["Role", "ClusterRole"]
+ },
+ "name": {
+ "type": "string"
+ },
+ "bindingName": {
+ "type": "string"
+ }
+ }
+ }
+ }
+ }
diff --git a/packages/system/bootbox/charts/smee/values.yaml b/packages/system/bootbox/charts/smee/values.yaml
new file mode 100644
index 00000000..0bda77c9
--- /dev/null
+++ b/packages/system/bootbox/charts/smee/values.yaml
@@ -0,0 +1,166 @@
+# Toggle deployment of the service.
+deploy: true
+
+# Name of the service used as the deployment name and label selectors.
+name: smee
+
+# The image used to launch the container.
+image: quay.io/tinkerbell/smee:v0.15.1
+imagePullPolicy: IfNotPresent
+
+# The number of pods to run.
+replicas: 1
+
+# Resources bounds applied to the container.
+resources:
+ limits:
+ cpu: 500m
+ memory: 128Mi
+ requests:
+ cpu: 10m
+ memory: 64Mi
+
+deployment:
+ strategy:
+ type: RollingUpdate
+ tolerations: []
+ affinity: {}
+
+# The log level for the container.
+logLevel: "info"
+
+# The network mode to launch the smee container. When true, the smee container will use the
+# host network.
+hostNetwork: false
+
+# nodeSelector when defined will be constrain Pods to nodes with specific labels
+nodeSelector: {}
+
+# publicIP when defined will be used as the IP in the following locations if they are not defined:
+# dhcp.httpIPXE.binaryUrl.host, dhcp.httpIPXE.scriptUrl.host, tinkServer.ip, http.osieUrl.host, dhcp.ipForPacket, dhcp.tftpIp
+# This is useful when all Tinkerbell services are running behind the same IP.
+publicIP: ""
+
+# DHCP server configuration. Name is an identifier used across Kubernetes manifests for port
+# identification, ip is the IP address to bind to, and port is the port to bind to.
+dhcp:
+ enabled: true
+ name: smee-dhcp
+ mode: reservation
+ ip: 0.0.0.0
+ port: 67
+ ipForPacket: ""
+ tftpIp: ""
+ tftpPort: 69
+ syslogIp: ""
+ httpIPXE:
+ binaryUrl: # http://:/ipxe
+ scheme: "http"
+ host: ""
+ port: 7171
+ path: "/ipxe"
+ scriptUrl: # http://:/auto.ipxe
+ scheme: "http"
+ host: ""
+ port: 7171
+ path: "/auto.ipxe"
+
+
+# TFTP server configuration used to serve iPXE binaries. Name is an identifier used across
+# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the
+# port to bind to.
+tftp:
+ enabled: true
+ name: smee-tftp
+ ip: 0.0.0.0
+ port: 69
+ timeout: 5s
+
+# HTTP server configuration used to serve iPXE scripts. Name is an identifier used across
+# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the
+# port to bind to.
+http:
+ enabled: true
+ name: smee-http
+ ip: 0.0.0.0
+ port: 7171
+ # Tink Server configuration passed to the Tink Worker to establish a gRPC connection.
+ tinkServer:
+ ip: ""
+ port: 42113
+ tls: false
+ insecureTLS: false
+ osieUrl:
+ scheme: "http"
+ host: ""
+ port: 8080
+ path: ""
+ # Additional kernel arguments to pass to the OSIE. (k=v k=v) that are appended to the kernel cmdline in the iPXE script
+ additionalKernelArgs: []
+ # enable iPXE HTTP binary server
+ ipxeBinaryEnabled: true
+ # enable iPXE HTTP script server
+ ipxeScriptEnabled: true
+
+# ISO settings
+iso:
+ enabled: false
+ # the string pattern to match for in the source ISO, defaults to the one defined in HookOS
+ magicString: ""
+ # enable static IPAM for HookOS
+ staticIPAMEnabled: false
+ # an HTTP(S) URL target to an OSIE that is used for patching
+ url: ""
+
+# Trusted proxies defines a list of IP or CIDR ranges that are allowed to set the X-Forwarded-For
+ # header. This typically requires all Pod CIDRs in the cluster.
+ trustedProxies: []
+
+# Syslog server configuration for the smee hosted syslog server. Name is an identifier used across
+# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the
+# port to bind to.
+syslog:
+ enabled: true
+ name: smee-syslog
+ ip: 0.0.0.0
+ port: 514
+
+# The Tink Worker image passed to OSIE as a kernel arg for launching.
+tinkWorkerImage: quay.io/tinkerbell/tink-worker:v0.12.1
+
+
+# Additional arguments to pass to the smee container. Some arguments are already defined - refer
+# to the deployment.yaml template for details.
+additionalArgs: []
+
+# Additional environment variables to pass to the smee container. Each entry is expected to have a
+# name and value key. Some keys are already defined - refer to the deployment.yaml template for
+# details.
+#
+# Example
+# - name: MY_ENV_VAR
+# value: my-value
+additionalEnv: []
+
+# singleNodeClusterConfig to add tolerations for deployments on control plane nodes. This is defaulted to false.
+singleNodeClusterConfig:
+ controlPlaneTolerationsEnabled: false
+ nodeAffinityWeight: 1
+
+# Additional volumes on the output Deployment definition.
+additionalVolumes: [ ]
+# - name: foo
+# secret:
+# secretName: mysecret
+# optional: false
+
+# Additional volumeMounts on the Smee container
+additionalVolumeMounts: [ ]
+# - name: foo
+# mountPath: "/etc/foo"
+# readOnly: true
+
+rbac:
+ type: Role # or ClusterRole
+ name: smee-role # or smee-cluster-role
+ bindingName: smee-rolebinding # or smee-cluster-rolebinding
diff --git a/packages/system/bootbox/templates/bootbox.yaml b/packages/system/bootbox/templates/bootbox.yaml
new file mode 100644
index 00000000..7e7eb660
--- /dev/null
+++ b/packages/system/bootbox/templates/bootbox.yaml
@@ -0,0 +1,21 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ labels:
+ cozystack.io/ui: "true"
+ name: bootbox
+ namespace: tenant-root
+spec:
+ chart:
+ spec:
+ chart: bootbox
+ reconcileStrategy: Revision
+ sourceRef:
+ kind: HelmRepository
+ name: cozystack-extra
+ namespace: cozy-public
+ version: '*'
+ interval: 1m0s
+ timeout: 5m0s
diff --git a/packages/system/bootbox/values.yaml b/packages/system/bootbox/values.yaml
new file mode 100644
index 00000000..4b230f81
--- /dev/null
+++ b/packages/system/bootbox/values.yaml
@@ -0,0 +1,6 @@
+smee:
+ hostNetwork: true
+ trustedProxies:
+ - 0.0.0.0/0
+ syslog:
+ enabled: false
diff --git a/packages/system/cozystack-api/templates/configmap.yaml b/packages/system/cozystack-api/templates/configmap.yaml
index b7789236..f8514d00 100644
--- a/packages/system/cozystack-api/templates/configmap.yaml
+++ b/packages/system/cozystack-api/templates/configmap.yaml
@@ -300,3 +300,17 @@ data:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
+ - application:
+ kind: BootBox
+ plural: bootboxes
+ singular: bootbox
+ release:
+ prefix: ""
+ labels:
+ cozystack.io/ui: "true"
+ chart:
+ name: bootbox
+ sourceRef:
+ kind: HelmRepository
+ name: cozystack-extra
+ namespace: cozy-public
diff --git a/packages/system/dashboard/values.yaml b/packages/system/dashboard/values.yaml
index dfdf3430..2674e6a8 100644
--- a/packages/system/dashboard/values.yaml
+++ b/packages/system/dashboard/values.yaml
@@ -347,3 +347,17 @@ kubeapps:
kind: HelmRepository
name: cozystack-extra
namespace: cozy-public
+ - application:
+ kind: BootBox
+ plural: bootboxes
+ singular: bootbox
+ release:
+ prefix: ""
+ labels:
+ cozystack.io/ui: "true"
+ chart:
+ name: bootbox
+ sourceRef:
+ kind: HelmRepository
+ name: cozystack-extra
+ namespace: cozy-public