github-personal/cozystack
1
0
Fork 0
mirror of https://github.com/outbackdingo/cozystack.git synced 2026-02-05 08:17:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: github-personal:setup-env
Branches Tags
github-personal:main github-personal:feat/use-ocir-for-prs github-personal:new-openapi-generator github-personal:release-0.34 github-personal:changelogs-release-v0.34.x github-personal:tym83-patch-1 github-personal:release-0.33 github-personal:feat/select-k8s-fix-conflict github-personal:victoria-metrics-upd github-personal:69-integration-with-proxmox-paas-proxmox-bundle github-personal:setup-env github-personal:tests-w-resources github-personal:hcloud github-personal:experiment/cozystack-operator github-personal:bugfix-make-kk-deletable github-personal:platform-add-velero github-personal:update-backup-restore-reference github-personal:(backup)--backup-for-tenant-k8s-cluster github-personal:idempotent-tests github-personal:release-0.32 github-personal:1084-tunable-tenant-monitoring github-personal:bugfix-fix-pgdump-version github-personal:release-0.31 github-personal:changelogs-release-v0.32.2 github-personal:cozypkg github-personal:(tests)--add-air-gapped-tests github-personal:519-cross-arch-components-core github-personal:buildx github-personal:use-shared-runners github-personal:tests-kuber github-personal:fix-versions-map github-personal:kubernetes-test github-personal:bats github-personal:untie-ingress-certmanager github-personal:prepare-0.31.0-rc.2 github-personal:fix-genisoimage github-personal:(air-gapped)--disable-fluxcd-artifact github-personal:release-0.30 github-personal:(platform)--add-artifact-for-flux github-personal:build-repo github-personal:(platform)--add-air-gapped-support github-personal:platform-dependencies github-personal:ingress-api github-personal:release-0.30.5 github-personal:ci-wait-capi github-personal:ci-pull-request-target github-personal:release-0.31.0-rc1 github-personal:kubernetes-ubuntu-gpu github-personal:(platform)--up-tenant-version github-personal:802-apps-and-extra github-personal:802-gen-versions-map-fix github-personal:(ci)--fix-gen-versions-map github-personal:(ci)--move-precommit-job-to-selfhosted-runner github-personal:fix-tests github-personal:fix/integer-replicas github-personal:upd-testing github-personal:release-0.28 github-personal:release-v0.28.2 github-personal:release-v0.28.1 github-personal:71-configure-github-ci github-personal:fix-kubeovn-cert github-personal:cilium-disable-antispoofing github-personal:talos-firmwares github-personal:tinkerbell github-personal:maintainers github-personal:secureboot github-personal:openshift-console github-personal:add-tests-refactor github-personal:release-0.16 github-personal:cdi-scratch github-personal:add-kafka-exporter github-personal:upd-seaweedfs github-personal:kubermatic-alerts github-personal:fix-etcd-sc github-personal:guacamole github-personal:grafana-oncall github-personal:cilium-hostlegacy github-personal:upd-screenshots github-personal:upd-kamaji-2 github-personal:release-0.10 github-personal:release-0.10.3 github-personal:seaweedfs-operator github-personal:release-0.10.2 github-personal:release-0.9 github-personal:nats-operator github-personal:173-airgapped github-personal:kube-ovn-image github-personal:fix-external-traffc-policy github-personal:upd-kube-ovn github-personal:fix-dns github-personal:fix-kamaji github-personal:fix-kubernetes github-personal:fix-cluster-local github-personal:etcd-quota-backend-bytes github-personal:cilium-new github-personal:mariadb-operator-new github-personal:openapi-schema-generation github-personal:etcd-operator github-personal:release-0.1.0v2 github-personal:fix-tolerations github-personal:release-0.4.0 github-personal:proxmox-csi github-personal:replicas github-personal:upd-kubeapps github-personal:fix-old-versions github-personal:flux-client-side-apply github-personal:dynamic-tags github-personal:release-v0.3.1 github-personal:release-0.3.0 github-personal:clickhouse-operator-1 github-personal:fix-kamaji-etcd github-personal:grafana-ingress-class github-personal:clickhouse-app github-personal:hetzner github-personal:kafka-app github-personal:kafka-clickhouse-apps github-personal:clickhouse-operator github-personal:kafka-operator github-personal:release-0.2.0 github-personal:rename-bundles github-personal:versioning-helm-chart github-personal:fix-cilium github-personal:enhance-flux github-personal:fix-full-distro github-personal:fix-chicken-and-egg-problem github-personal:fix-cilium-toleration github-personal:fix-helm-build github-personal:bundles github-personal:mariadb-operator github-personal:kube-ovn github-personal:cilium github-personal:cnpg github-personal:linstor github-personal:roadmap github-personal:framework github-personal:release-0.1.0 github-personal:fix-redis github-personal:leader-election github-personal:project-documents github-personal:release-v0.0.2 github-personal:mvp
github-personal:v0.34.0-beta.3 github-personal:v0.34.0-rc.1 github-personal:v0.33.3 github-personal:v0.34.0-beta.2 github-personal:v0.34.0-beta.1 github-personal:v0.33.2 github-personal:v0.33.1 github-personal:v0.33.0 github-personal:v0.32.1 github-personal:v0.32.0 github-personal:v0.31.2 github-personal:v0.32.0-beta.2 github-personal:v0.32.0-beta.1 github-personal:v0.31.1 github-personal:v0.31.0 github-personal:v0.31.0-rc.3 github-personal:v0.31.0-rc.2 github-personal:v0.30.6 github-personal:v0.31.0-alpha.0 github-personal:v0.30.5 github-personal:v0.31.0-rc.1 github-personal:v0.31.0-rc1 github-personal:v0.30.4 github-personal:v0.30.3 github-personal:v0.30.2 github-personal:v0.30.1 github-personal:0.30.1 github-personal:v0.30.0 github-personal:v0.29.1 github-personal:v0.29.0 github-personal:v0.28.2 github-personal:v0.28.1 github-personal:v0.28.0 github-personal:v0.27.0 github-personal:v0.26.1 github-personal:v0.26.0 github-personal:v0.25.3 github-personal:v0.25.2 github-personal:v0.25.1 github-personal:v0.25.0 github-personal:v0.24.1 github-personal:v0.24.0 github-personal:v0.23.1 github-personal:v0.23.0 github-personal:v0.22.0 github-personal:v0.21.1 github-personal:v0.21.0 github-personal:v0.20.2 github-personal:v0.20.1 github-personal:v0.20.0 github-personal:v0.19.0 github-personal:v0.18.0 github-personal:v0.17.1 github-personal:v0.17.0 github-personal:v0.16.5 github-personal:v0.16.4 github-personal:v0.16.3 github-personal:v0.16.2 github-personal:v0.16.1 github-personal:v0.16.0 github-personal:v0.15.0 github-personal:v0.14.1 github-personal:v0.14.0 github-personal:v0.13.0 github-personal:v0.12.0 github-personal:v0.11.0 github-personal:v0.10.4 github-personal:v0.10.3 github-personal:v0.10.2 github-personal:v0.10.1 github-personal:v0.10.0 github-personal:v0.9.1 github-personal:v0.9.0 github-personal:v0.8.0 github-personal:v0.7.0 github-personal:v0.6.0 github-personal:v0.5.0 github-personal:v0.4.0 github-personal:v0.3.1 github-personal:v0.3.0 github-personal:v0.2.0 github-personal:v0.1.0 github-personal:v0.0.1
...
compare: github-personal:tinkerbell
Branches Tags
github-personal:main github-personal:feat/use-ocir-for-prs github-personal:new-openapi-generator github-personal:release-0.34 github-personal:changelogs-release-v0.34.x github-personal:tym83-patch-1 github-personal:release-0.33 github-personal:feat/select-k8s-fix-conflict github-personal:victoria-metrics-upd github-personal:69-integration-with-proxmox-paas-proxmox-bundle github-personal:setup-env github-personal:tests-w-resources github-personal:hcloud github-personal:experiment/cozystack-operator github-personal:bugfix-make-kk-deletable github-personal:platform-add-velero github-personal:update-backup-restore-reference github-personal:(backup)--backup-for-tenant-k8s-cluster github-personal:idempotent-tests github-personal:release-0.32 github-personal:1084-tunable-tenant-monitoring github-personal:bugfix-fix-pgdump-version github-personal:release-0.31 github-personal:changelogs-release-v0.32.2 github-personal:cozypkg github-personal:(tests)--add-air-gapped-tests github-personal:519-cross-arch-components-core github-personal:buildx github-personal:use-shared-runners github-personal:tests-kuber github-personal:fix-versions-map github-personal:kubernetes-test github-personal:bats github-personal:untie-ingress-certmanager github-personal:prepare-0.31.0-rc.2 github-personal:fix-genisoimage github-personal:(air-gapped)--disable-fluxcd-artifact github-personal:release-0.30 github-personal:(platform)--add-artifact-for-flux github-personal:build-repo github-personal:(platform)--add-air-gapped-support github-personal:platform-dependencies github-personal:ingress-api github-personal:release-0.30.5 github-personal:ci-wait-capi github-personal:ci-pull-request-target github-personal:release-0.31.0-rc1 github-personal:kubernetes-ubuntu-gpu github-personal:(platform)--up-tenant-version github-personal:802-apps-and-extra github-personal:802-gen-versions-map-fix github-personal:(ci)--fix-gen-versions-map github-personal:(ci)--move-precommit-job-to-selfhosted-runner github-personal:fix-tests github-personal:fix/integer-replicas github-personal:upd-testing github-personal:release-0.28 github-personal:release-v0.28.2 github-personal:release-v0.28.1 github-personal:71-configure-github-ci github-personal:fix-kubeovn-cert github-personal:cilium-disable-antispoofing github-personal:talos-firmwares github-personal:tinkerbell github-personal:maintainers github-personal:secureboot github-personal:openshift-console github-personal:add-tests-refactor github-personal:release-0.16 github-personal:cdi-scratch github-personal:add-kafka-exporter github-personal:upd-seaweedfs github-personal:kubermatic-alerts github-personal:fix-etcd-sc github-personal:guacamole github-personal:grafana-oncall github-personal:cilium-hostlegacy github-personal:upd-screenshots github-personal:upd-kamaji-2 github-personal:release-0.10 github-personal:release-0.10.3 github-personal:seaweedfs-operator github-personal:release-0.10.2 github-personal:release-0.9 github-personal:nats-operator github-personal:173-airgapped github-personal:kube-ovn-image github-personal:fix-external-traffc-policy github-personal:upd-kube-ovn github-personal:fix-dns github-personal:fix-kamaji github-personal:fix-kubernetes github-personal:fix-cluster-local github-personal:etcd-quota-backend-bytes github-personal:cilium-new github-personal:mariadb-operator-new github-personal:openapi-schema-generation github-personal:etcd-operator github-personal:release-0.1.0v2 github-personal:fix-tolerations github-personal:release-0.4.0 github-personal:proxmox-csi github-personal:replicas github-personal:upd-kubeapps github-personal:fix-old-versions github-personal:flux-client-side-apply github-personal:dynamic-tags github-personal:release-v0.3.1 github-personal:release-0.3.0 github-personal:clickhouse-operator-1 github-personal:fix-kamaji-etcd github-personal:grafana-ingress-class github-personal:clickhouse-app github-personal:hetzner github-personal:kafka-app github-personal:kafka-clickhouse-apps github-personal:clickhouse-operator github-personal:kafka-operator github-personal:release-0.2.0 github-personal:rename-bundles github-personal:versioning-helm-chart github-personal:fix-cilium github-personal:enhance-flux github-personal:fix-full-distro github-personal:fix-chicken-and-egg-problem github-personal:fix-cilium-toleration github-personal:fix-helm-build github-personal:bundles github-personal:mariadb-operator github-personal:kube-ovn github-personal:cilium github-personal:cnpg github-personal:linstor github-personal:roadmap github-personal:framework github-personal:release-0.1.0 github-personal:fix-redis github-personal:leader-election github-personal:project-documents github-personal:release-v0.0.2 github-personal:mvp
github-personal:v0.34.0-beta.3 github-personal:v0.34.0-rc.1 github-personal:v0.33.3 github-personal:v0.34.0-beta.2 github-personal:v0.34.0-beta.1 github-personal:v0.33.2 github-personal:v0.33.1 github-personal:v0.33.0 github-personal:v0.32.1 github-personal:v0.32.0 github-personal:v0.31.2 github-personal:v0.32.0-beta.2 github-personal:v0.32.0-beta.1 github-personal:v0.31.1 github-personal:v0.31.0 github-personal:v0.31.0-rc.3 github-personal:v0.31.0-rc.2 github-personal:v0.30.6 github-personal:v0.31.0-alpha.0 github-personal:v0.30.5 github-personal:v0.31.0-rc.1 github-personal:v0.31.0-rc1 github-personal:v0.30.4 github-personal:v0.30.3 github-personal:v0.30.2 github-personal:v0.30.1 github-personal:0.30.1 github-personal:v0.30.0 github-personal:v0.29.1 github-personal:v0.29.0 github-personal:v0.28.2 github-personal:v0.28.1 github-personal:v0.28.0 github-personal:v0.27.0 github-personal:v0.26.1 github-personal:v0.26.0 github-personal:v0.25.3 github-personal:v0.25.2 github-personal:v0.25.1 github-personal:v0.25.0 github-personal:v0.24.1 github-personal:v0.24.0 github-personal:v0.23.1 github-personal:v0.23.0 github-personal:v0.22.0 github-personal:v0.21.1 github-personal:v0.21.0 github-personal:v0.20.2 github-personal:v0.20.1 github-personal:v0.20.0 github-personal:v0.19.0 github-personal:v0.18.0 github-personal:v0.17.1 github-personal:v0.17.0 github-personal:v0.16.5 github-personal:v0.16.4 github-personal:v0.16.3 github-personal:v0.16.2 github-personal:v0.16.1 github-personal:v0.16.0 github-personal:v0.15.0 github-personal:v0.14.1 github-personal:v0.14.0 github-personal:v0.13.0 github-personal:v0.12.0 github-personal:v0.11.0 github-personal:v0.10.4 github-personal:v0.10.3 github-personal:v0.10.2 github-personal:v0.10.1 github-personal:v0.10.0 github-personal:v0.9.1 github-personal:v0.9.0 github-personal:v0.8.0 github-personal:v0.7.0 github-personal:v0.6.0 github-personal:v0.5.0 github-personal:v0.4.0 github-personal:v0.3.1 github-personal:v0.3.0 github-personal:v0.2.0 github-personal:v0.1.0 github-personal:v0.0.1

1 Commits
setup-env ... tinkerbell

Author SHA1 Message Date
Andrei Kvapil
a91d2aefde Introduce tinkerbell essentials 
Signed-off-by: Andrei Kvapil <kvapss@gmail.com>
 2025-01-22 17:35:32 +01:00
29 changed files with 2031 additions and 0 deletions
Expand all files Collapse all files

7
packages/core/platform/bundles/distro-full.yaml
View File

@@ -199,3 +199,10 @@ releases:
namespace: cozy-keycloak namespace: cozy-keycloak
optional: true optional: true
dependsOn: [keycloak] dependsOn: [keycloak]
- name: tinkerbell
releaseName: tinkerbell
chart: cozy-tinkerbell
namespace: cozy-tinkerbell
optional: true
dependsOn: [cilium,kubeovn]

7
packages/core/platform/bundles/paas-full.yaml
View File

@@ -281,6 +281,13 @@ releases:
optional: true optional: true
dependsOn: [cilium,kubeovn] dependsOn: [cilium,kubeovn]
- name: tinkerbell
releaseName: tinkerbell
chart: cozy-tinkerbell
namespace: cozy-tinkerbell
optional: true
dependsOn: [cilium,kubeovn]
{{- if $oidcEnabled }} {{- if $oidcEnabled }}
- name: keycloak - name: keycloak
releaseName: keycloak releaseName: keycloak

3
packages/system/tinkerbell/Chart.yaml Normal file
View File

@@ -0,0 +1,3 @@
apiVersion: v2
name: cozy-tinkerbell
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process

16
packages/system/tinkerbell/Makefile Normal file
View File

@@ -0,0 +1,16 @@
export NAME=tinkerbell
export NAMESPACE=cozy-$(NAME)
include ../../../scripts/package.mk
update:
rm -rf charts
mkdir -p charts
cd charts && \
tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/tinkerbell/charts | awk -F'[/^]' 'END{print $$3}') && \
curl -sSL https://github.com/tinkerbell/charts/archive/refs/tags/$${tag}.tar.gz | \
tar xzvf - --strip 2 charts-$${tag#*v}/tinkerbell
find charts -maxdepth 1 -mindepth 1 ! -name tink -and ! -name smee -and ! -name rufio -exec rm -rf {} \;
mkdir -p charts/smee/crds
mv charts/tink/crds/hardware-crd.yaml charts/smee/crds
rm -rf charts/tink

25
packages/system/tinkerbell/charts/rufio/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v2
name: rufio
description: Rufio handles BMC interactions for Tinkerbell
icon: https://github.com/tinkerbell/artwork/blob/6f07de53d75cb8932dbc7d14201e038cf3a3b230/Tinkerbell-Icon-Dark.png
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.4.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.6.1"

166
packages/system/tinkerbell/charts/rufio/crds/bmc.tinkerbell.org_jobs.yaml Normal file
View File

@@ -0,0 +1,166 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.4
name: jobs.bmc.tinkerbell.org
spec:
group: bmc.tinkerbell.org
names:
categories:
- tinkerbell
kind: Job
listKind: JobList
plural: jobs
shortNames:
- j
singular: job
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Job is the Schema for the bmcjobs API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: JobSpec defines the desired state of Job.
properties:
machineRef:
description: |-
MachineRef represents the Machine resource to execute the job.
All the tasks in the job are executed for the same Machine.
properties:
name:
description: Name of the Machine.
type: string
namespace:
description: Namespace the Machine resides in.
type: string
required:
- name
- namespace
type: object
tasks:
description: |-
Tasks represents a list of baseboard management actions to be executed.
The tasks are executed sequentially. Controller waits for one task to complete before executing the next.
If a single task fails, job execution stops and sets condition Failed.
Condition Completed is set only if all the tasks were successful.
items:
description: |-
Action represents the action to be performed.
A single task can only perform one type of action.
For example either PowerAction or OneTimeBootDeviceAction.
maxProperties: 1
properties:
oneTimeBootDeviceAction:
description: OneTimeBootDeviceAction represents a baseboard
management one time set boot device operation.
properties:
device:
description: |-
Devices represents the boot devices, in order for setting one time boot.
Currently only the first device in the slice is used to set one time boot.
items:
description: BootDevice represents boot device of the
Machine.
type: string
type: array
efiBoot:
description: EFIBoot instructs the machine to use EFI boot.
type: boolean
required:
- device
type: object
powerAction:
description: PowerAction represents a baseboard management power
operation.
enum:
- "on"
- "off"
- soft
- status
- cycle
- reset
type: string
virtualMediaAction:
description: VirtualMediaAction represents a baseboard management
virtual media insert/eject.
properties:
kind:
type: string
mediaURL:
description: |-
mediaURL represents the URL of the image to be inserted into the virtual media, or empty to
eject media.
type: string
required:
- kind
type: object
type: object
minItems: 1
type: array
required:
- machineRef
- tasks
type: object
status:
description: JobStatus defines the observed state of Job.
properties:
completionTime:
description: |-
CompletionTime represents time when the job was completed.
The completion time is only set when the job finishes successfully.
format: date-time
type: string
conditions:
description: Conditions represents the latest available observations
of an object's current state.
items:
properties:
message:
description: Message represents human readable message indicating
details about last transition.
type: string
status:
description: |-
Status is the status of the Job condition.
Can be True or False.
type: string
type:
description: Type of the Job condition.
type: string
required:
- status
- type
type: object
type: array
startTime:
description: StartTime represents time when the Job controller started
processing a job.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

294
packages/system/tinkerbell/charts/rufio/crds/bmc.tinkerbell.org_machines.yaml Normal file
View File

@@ -0,0 +1,294 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.4
name: machines.bmc.tinkerbell.org
spec:
group: bmc.tinkerbell.org
names:
categories:
- tinkerbell
kind: Machine
listKind: MachineList
plural: machines
singular: machine
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Machine is the Schema for the machines API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: MachineSpec defines desired machine state.
properties:
connection:
description: Connection contains connection data for a Baseboard Management
Controller.
properties:
authSecretRef:
description: |-
AuthSecretRef is the SecretReference that contains authentication information of the Machine.
The Secret must contain username and password keys. This is optional as it is not required when using
the RPC provider.
properties:
name:
description: name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: namespace defines the space within which the
secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
host:
description: Host is the host IP address or hostname of the Machine.
minLength: 1
type: string
insecureTLS:
description: InsecureTLS specifies trusted TLS connections.
type: boolean
port:
default: 623
description: Port is the port number for connecting with the Machine.
type: integer
providerOptions:
description: ProviderOptions contains provider specific options.
properties:
intelAMT:
description: IntelAMT contains the options to customize the
IntelAMT provider.
properties:
hostScheme:
default: http
description: HostScheme determines whether to use http
or https for intelAMT calls.
enum:
- http
- https
type: string
port:
description: Port that intelAMT will use for calls.
type: integer
type: object
ipmitool:
description: IPMITOOL contains the options to customize the
Ipmitool provider.
properties:
cipherSuite:
description: CipherSuite that ipmitool will use for calls.
type: string
port:
description: Port that ipmitool will use for calls.
type: integer
type: object
preferredOrder:
description: |-
PreferredOrder allows customizing the order that BMC providers are called.
Providers added to this list will be moved to the front of the default order.
Provider names are case insensitive.
The default order is: ipmitool, asrockrack, gofish, intelamt, dell, supermicro, openbmc.
items:
description: ProviderName is the bmclib specific provider
name. Names are case insensitive.
pattern: (?i)^(ipmitool|asrockrack|gofish|IntelAMT|dell|supermicro|openbmc)$
type: string
type: array
redfish:
description: Redfish contains the options to customize the
Redfish provider.
properties:
port:
description: Port that redfish will use for calls.
type: integer
systemName:
description: |-
SystemName is the name of the system to use for redfish calls.
With redfish implementations that manage multiple systems via a single endpoint, this allows for specifying the system to manage.
type: string
useBasicAuth:
description: UseBasicAuth for redfish calls. The default
is false which means token based auth is used.
type: boolean
type: object
rpc:
description: RPC contains the options to customize the RPC
provider.
properties:
consumerURL:
description: |-
ConsumerURL is the URL where an rpc consumer/listener is running
and to which we will send and receive all notifications.
type: string
experimental:
description: Experimental options.
properties:
customRequestPayload:
description: CustomRequestPayload must be in json.
type: string
dotPath:
description: 'DotPath is the path to the json object
where the bmclib RequestPayload{} struct will be
embedded. For example: object.data.body'
type: string
type: object
hmac:
description: HMAC is the options used to create a HMAC
signature.
properties:
prefixSigDisabled:
description: 'PrefixSigDisabled determines whether
the algorithm will be prefixed to the signature.
Example: sha256=abc123'
type: boolean
secrets:
additionalProperties:
items:
description: |-
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
properties:
name:
description: name is unique within a namespace
to reference a secret resource.
type: string
namespace:
description: namespace defines the space within
which the secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: array
description: Secrets are a map of algorithms to secrets
used for signing.
type: object
type: object
logNotificationsDisabled:
description: LogNotificationsDisabled determines whether
responses from rpc consumer/listeners will be logged
or not.
type: boolean
request:
description: Request is the options used to create the
rpc HTTP request.
properties:
httpContentType:
description: HTTPContentType is the content type to
use for the rpc request notification.
type: string
httpMethod:
description: HTTPMethod is the HTTP method to use
for the rpc request notification.
type: string
staticHeaders:
additionalProperties:
items:
type: string
type: array
description: StaticHeaders are predefined headers
that will be added to every request.
type: object
timestampFormat:
description: TimestampFormat is the time format for
the timestamp header.
type: string
timestampHeader:
description: 'TimestampHeader is the header name that
should contain the timestamp. Example: X-BMCLIB-Timestamp'
type: string
type: object
signature:
description: Signature is the options used for adding
an HMAC signature to an HTTP request.
properties:
appendAlgoToHeaderDisabled:
description: |-
AppendAlgoToHeaderDisabled decides whether to append the algorithm to the signature header or not.
Example: X-BMCLIB-Signature becomes X-BMCLIB-Signature-256
When set to true, a header will be added for each algorithm. Example: X-BMCLIB-Signature-256 and X-BMCLIB-Signature-512
type: boolean
headerName:
description: 'HeaderName is the header name that should
contain the signature(s). Example: X-BMCLIB-Signature'
type: string
includedPayloadHeaders:
description: |-
IncludedPayloadHeaders are headers whose values will be included in the signature payload. Example: X-BMCLIB-My-Custom-Header
All headers will be deduplicated.
items:
type: string
type: array
type: object
required:
- consumerURL
type: object
type: object
required:
- host
- insecureTLS
type: object
required:
- connection
type: object
status:
description: MachineStatus defines the observed state of Machine.
properties:
conditions:
description: Conditions represents the latest available observations
of an object's current state.
items:
description: MachineCondition defines an observed condition of a
Machine.
properties:
lastUpdateTime:
description: LastUpdateTime of the condition.
format: date-time
type: string
message:
description: Message is a human readable message indicating
with details of the last transition.
type: string
status:
description: Status of the condition.
type: string
type:
description: Type of the Machine condition.
type: string
required:
- status
- type
type: object
type: array
powerState:
description: Power is the current power state of the Machine.
enum:
- "on"
- "off"
- unknown
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

342
packages/system/tinkerbell/charts/rufio/crds/bmc.tinkerbell.org_tasks.yaml Normal file
View File

@@ -0,0 +1,342 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.4
name: tasks.bmc.tinkerbell.org
spec:
group: bmc.tinkerbell.org
names:
categories:
- tinkerbell
kind: Task
listKind: TaskList
plural: tasks
shortNames:
- t
singular: task
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Task is the Schema for the Task API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TaskSpec defines the desired state of Task.
properties:
connection:
description: Connection represents the Machine connectivity information.
properties:
authSecretRef:
description: |-
AuthSecretRef is the SecretReference that contains authentication information of the Machine.
The Secret must contain username and password keys. This is optional as it is not required when using
the RPC provider.
properties:
name:
description: name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: namespace defines the space within which the
secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
host:
description: Host is the host IP address or hostname of the Machine.
minLength: 1
type: string
insecureTLS:
description: InsecureTLS specifies trusted TLS connections.
type: boolean
port:
default: 623
description: Port is the port number for connecting with the Machine.
type: integer
providerOptions:
description: ProviderOptions contains provider specific options.
properties:
intelAMT:
description: IntelAMT contains the options to customize the
IntelAMT provider.
properties:
hostScheme:
default: http
description: HostScheme determines whether to use http
or https for intelAMT calls.
enum:
- http
- https
type: string
port:
description: Port that intelAMT will use for calls.
type: integer
type: object
ipmitool:
description: IPMITOOL contains the options to customize the
Ipmitool provider.
properties:
cipherSuite:
description: CipherSuite that ipmitool will use for calls.
type: string
port:
description: Port that ipmitool will use for calls.
type: integer
type: object
preferredOrder:
description: |-
PreferredOrder allows customizing the order that BMC providers are called.
Providers added to this list will be moved to the front of the default order.
Provider names are case insensitive.
The default order is: ipmitool, asrockrack, gofish, intelamt, dell, supermicro, openbmc.
items:
description: ProviderName is the bmclib specific provider
name. Names are case insensitive.
pattern: (?i)^(ipmitool|asrockrack|gofish|IntelAMT|dell|supermicro|openbmc)$
type: string
type: array
redfish:
description: Redfish contains the options to customize the
Redfish provider.
properties:
port:
description: Port that redfish will use for calls.
type: integer
systemName:
description: |-
SystemName is the name of the system to use for redfish calls.
With redfish implementations that manage multiple systems via a single endpoint, this allows for specifying the system to manage.
type: string
useBasicAuth:
description: UseBasicAuth for redfish calls. The default
is false which means token based auth is used.
type: boolean
type: object
rpc:
description: RPC contains the options to customize the RPC
provider.
properties:
consumerURL:
description: |-
ConsumerURL is the URL where an rpc consumer/listener is running
and to which we will send and receive all notifications.
type: string
experimental:
description: Experimental options.
properties:
customRequestPayload:
description: CustomRequestPayload must be in json.
type: string
dotPath:
description: 'DotPath is the path to the json object
where the bmclib RequestPayload{} struct will be
embedded. For example: object.data.body'
type: string
type: object
hmac:
description: HMAC is the options used to create a HMAC
signature.
properties:
prefixSigDisabled:
description: 'PrefixSigDisabled determines whether
the algorithm will be prefixed to the signature.
Example: sha256=abc123'
type: boolean
secrets:
additionalProperties:
items:
description: |-
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
properties:
name:
description: name is unique within a namespace
to reference a secret resource.
type: string
namespace:
description: namespace defines the space within
which the secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: array
description: Secrets are a map of algorithms to secrets
used for signing.
type: object
type: object
logNotificationsDisabled:
description: LogNotificationsDisabled determines whether
responses from rpc consumer/listeners will be logged
or not.
type: boolean
request:
description: Request is the options used to create the
rpc HTTP request.
properties:
httpContentType:
description: HTTPContentType is the content type to
use for the rpc request notification.
type: string
httpMethod:
description: HTTPMethod is the HTTP method to use
for the rpc request notification.
type: string
staticHeaders:
additionalProperties:
items:
type: string
type: array
description: StaticHeaders are predefined headers
that will be added to every request.
type: object
timestampFormat:
description: TimestampFormat is the time format for
the timestamp header.
type: string
timestampHeader:
description: 'TimestampHeader is the header name that
should contain the timestamp. Example: X-BMCLIB-Timestamp'
type: string
type: object
signature:
description: Signature is the options used for adding
an HMAC signature to an HTTP request.
properties:
appendAlgoToHeaderDisabled:
description: |-
AppendAlgoToHeaderDisabled decides whether to append the algorithm to the signature header or not.
Example: X-BMCLIB-Signature becomes X-BMCLIB-Signature-256
When set to true, a header will be added for each algorithm. Example: X-BMCLIB-Signature-256 and X-BMCLIB-Signature-512
type: boolean
headerName:
description: 'HeaderName is the header name that should
contain the signature(s). Example: X-BMCLIB-Signature'
type: string
includedPayloadHeaders:
description: |-
IncludedPayloadHeaders are headers whose values will be included in the signature payload. Example: X-BMCLIB-My-Custom-Header
All headers will be deduplicated.
items:
type: string
type: array
type: object
required:
- consumerURL
type: object
type: object
required:
- host
- insecureTLS
type: object
task:
description: Task defines the specific action to be performed.
maxProperties: 1
properties:
oneTimeBootDeviceAction:
description: OneTimeBootDeviceAction represents a baseboard management
one time set boot device operation.
properties:
device:
description: |-
Devices represents the boot devices, in order for setting one time boot.
Currently only the first device in the slice is used to set one time boot.
items:
description: BootDevice represents boot device of the Machine.
type: string
type: array
efiBoot:
description: EFIBoot instructs the machine to use EFI boot.
type: boolean
required:
- device
type: object
powerAction:
description: PowerAction represents a baseboard management power
operation.
enum:
- "on"
- "off"
- soft
- status
- cycle
- reset
type: string
virtualMediaAction:
description: VirtualMediaAction represents a baseboard management
virtual media insert/eject.
properties:
kind:
type: string
mediaURL:
description: |-
mediaURL represents the URL of the image to be inserted into the virtual media, or empty to
eject media.
type: string
required:
- kind
type: object
type: object
required:
- task
type: object
status:
description: TaskStatus defines the observed state of Task.
properties:
completionTime:
description: |-
CompletionTime represents time when the task was completed.
The completion time is only set when the task finishes successfully.
format: date-time
type: string
conditions:
description: Conditions represents the latest available observations
of an object's current state.
items:
properties:
message:
description: Message represents human readable message indicating
details about last transition.
type: string
status:
description: |-
Status is the status of the Task condition.
Can be True or False.
type: string
type:
description: Type of the Task condition.
type: string
required:
- status
- type
type: object
type: array
startTime:
description: StartTime represents time when the Task started processing.
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

12
packages/system/tinkerbell/charts/rufio/templates/_scheduling.tpl Normal file
View File

@@ -0,0 +1,12 @@
{{- define "singleNodeClusterConfig" }}
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
{{- end }}
{{- define "preferWorkerNodes" }}
- weight: {{ .nodeAffinityWeight }}
preference:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
{{- end }}

87
packages/system/tinkerbell/charts/rufio/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,87 @@
{{- if .Values.deploy }}
{{- $roleType := .Values.rbac.type }}
{{- $nodeSelector := .Values.nodeSelector }}
{{- if .Values.global }}
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
{{- $nodeSelector = coalesce .Values.nodeSelector .Values.global.nodeSelector }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ .Values.name }}
control-plane: controller-manager
name: {{ .Values.name }}
namespace: {{ .Release.Namespace | quote }}
spec:
selector:
matchLabels:
app: {{ .Values.name }}
control-plane: controller-manager
stack: tinkerbell
replicas: 1
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: manager
labels:
app: {{ .Values.name }}
control-plane: controller-manager
stack: tinkerbell
spec:
{{- if .Values.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
{{- end }}
securityContext:
runAsNonRoot: true
containers:
- name: manager
image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command:
- /manager
args:
- --leader-elect
{{- if eq $roleType "Role" }}
- -kube-namespace={{ .Release.Namespace }}
{{- end }}
{{- range .Values.additionalArgs }}
- {{ . }}
{{- end }}
securityContext:
allowPrivilegeEscalation: false
livenessProbe:
httpGet:
path: /healthz
port: 8081
initialDelaySeconds: 15
periodSeconds: 20
readinessProbe:
httpGet:
path: /readyz
port: 8081
initialDelaySeconds: 5
periodSeconds: 10
resources:
limits:
cpu: {{ .Values.resources.limits.cpu }}
memory: {{ .Values.resources.limits.memory }}
requests:
cpu: {{ .Values.resources.requests.cpu }}
memory: {{ .Values.resources.requests.memory }}
serviceAccountName: {{ .Values.serviceAccountName }}
terminationGracePeriodSeconds: 10
{{- with $nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
tolerations:
{{- include "singleNodeClusterConfig" . | indent 6 }}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
{{- include "preferWorkerNodes" (dict "nodeAffinityWeight" .Values.singleNodeClusterConfig.nodeAffinityWeight) | indent 10 }}
{{- end }}
{{- end }}

15
packages/system/tinkerbell/charts/rufio/templates/leader-election-role-binding.yaml Normal file
View File

@@ -0,0 +1,15 @@
{{- if .Values.deploy }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Values.rufioLeaderElectionRoleBindingName }}
namespace: {{ .Release.Namespace | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Values.rufioLeaderElectionRoleName }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccountName }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

39
packages/system/tinkerbell/charts/rufio/templates/leader-election-role.yaml Normal file
View File

@@ -0,0 +1,39 @@
{{- if .Values.deploy }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Values.rufioLeaderElectionRoleName }}
namespace: {{ .Release.Namespace | quote }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
{{- end }}

21
packages/system/tinkerbell/charts/rufio/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.deploy }}
{{- $roleType := .Values.rbac.type }}
{{- if .Values.global }}
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ printf "%sBinding" $roleType }}
metadata:
name: {{ .Values.rbac.bindingName }}
{{- if eq $roleType "Role" }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ $roleType }}
name: {{ .Values.rbac.name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccountName }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

23
packages/system/tinkerbell/charts/rufio/templates/role.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- if .Values.deploy }}
{{- $roleType := .Values.rbac.type }}
{{- if .Values.global }}
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $roleType }}
metadata:
name: {{ .Values.rbac.name }}
{{- if eq $roleType "Role" }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
rules:
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list", "watch"]
- apiGroups: ["bmc.tinkerbell.org"]
resources: ["jobs", "jobs/status", "machines", "machines/status", "tasks", "tasks/status"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["bmc.tinkerbell.org"]
resources: ["jobs/finalizers", "machines/finalizers", "tasks/finalizers"]
verbs: ["update"]
{{- end }}

7
packages/system/tinkerbell/charts/rufio/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,7 @@
{{- if .Values.deploy }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.serviceAccountName }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

21
packages/system/tinkerbell/charts/rufio/values.schema.json Normal file
View File

@@ -0,0 +1,21 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"rbac": {
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["Role", "ClusterRole"]
},
"name": {
"type": "string"
},
"bindingName": {
"type": "string"
}
}
}
}
}

26
packages/system/tinkerbell/charts/rufio/values.yaml Normal file
View File

@@ -0,0 +1,26 @@
deploy: true
name: rufio
image: quay.io/tinkerbell/rufio:v0.6.1
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 500m
memory: 128Mi
additionalArgs: []
serviceAccountName: rufio-controller-manager
rufioLeaderElectionRoleName: rufio-leader-election-role
rufioLeaderElectionRoleBindingName: rufio-leader-election-rolebinding
nodeSelector: {}
hostNetwork: false
# singleNodeClusterConfig to add tolerations for deployments on control plane nodes. This is defaulted to false.
singleNodeClusterConfig:
controlPlaneTolerationsEnabled: false
nodeAffinityWeight: 1
rbac:
type: Role # or ClusterRole
name: rufio-role # or rufio-cluster-role
bindingName: rufio-rolebinding # or rufio-cluster-rolebinding

25
packages/system/tinkerbell/charts/smee/Chart.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: v2
name: smee
description: Smee is the network boot service for Tinkerbell
icon: https://github.com/tinkerbell/artwork/blob/6f07de53d75cb8932dbc7d14201e038cf3a3b230/Tinkerbell-Icon-Dark.png
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.6.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "0.15.1"

388
packages/system/tinkerbell/charts/smee/crds/hardware-crd.yaml Normal file
View File

@@ -0,0 +1,388 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.3
name: hardware.tinkerbell.org
spec:
group: tinkerbell.org
names:
categories:
- tinkerbell
kind: Hardware
listKind: HardwareList
plural: hardware
shortNames:
- hw
singular: hardware
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.state
name: State
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Hardware is the Schema for the Hardware API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HardwareSpec defines the desired state of Hardware.
properties:
bmcRef:
description: |-
BMCRef contains a relation to a BMC state management type in the same
namespace as the Hardware. This may be used for BMC management by
orchestrators.
properties:
apiGroup:
description: |-
APIGroup is the group for the resource being referenced.
If APIGroup is not specified, the specified Kind must be in the core API group.
For any other third-party types, APIGroup is required.
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
disks:
items:
description: Disk represents a disk device for Tinkerbell Hardware.
properties:
device:
type: string
type: object
type: array
interfaces:
items:
description: Interface represents a network interface configuration for Hardware.
properties:
dhcp:
description: DHCP configuration.
properties:
arch:
type: string
hostname:
type: string
iface_name:
type: string
ip:
description: IP configuration.
properties:
address:
type: string
family:
format: int64
type: integer
gateway:
type: string
netmask:
type: string
type: object
lease_time:
format: int64
type: integer
mac:
pattern: ([0-9a-f]{2}[:]){5}([0-9a-f]{2})
type: string
name_servers:
items:
type: string
type: array
time_servers:
items:
type: string
type: array
uefi:
type: boolean
vlan_id:
description: validation pattern for VLANDID is a string number between 0-4096
pattern: ^(([0-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))(,[1-9][0-9]{0,2}|[1-3][0-9][0-9][0-9]|40([0-8][0-9]|9[0-6]))*)$
type: string
type: object
disableDhcp:
default: false
description: DisableDHCP disables DHCP for this interface.
type: boolean
netboot:
description: Netboot configuration.
properties:
allowPXE:
type: boolean
allowWorkflow:
type: boolean
ipxe:
description: IPXE configuration.
properties:
contents:
type: string
url:
type: string
type: object
osie:
description: OSIE configuration.
properties:
baseURL:
type: string
initrd:
type: string
kernel:
type: string
type: object
type: object
type: object
type: array
metadata:
properties:
bonding_mode:
format: int64
type: integer
custom:
properties:
preinstalled_operating_system_version:
properties:
distro:
type: string
image_tag:
type: string
os_slug:
type: string
slug:
type: string
version:
type: string
type: object
private_subnets:
items:
type: string
type: array
type: object
facility:
properties:
facility_code:
type: string
plan_slug:
type: string
plan_version_slug:
type: string
type: object
instance:
properties:
allow_pxe:
type: boolean
always_pxe:
type: boolean
crypted_root_password:
type: string
hostname:
type: string
id:
type: string
ips:
items:
properties:
address:
type: string
family:
format: int64
type: integer
gateway:
type: string
management:
type: boolean
netmask:
type: string
public:
type: boolean
type: object
type: array
ipxe_script_url:
type: string
network_ready:
type: boolean
operating_system:
properties:
distro:
type: string
image_tag:
type: string
os_slug:
type: string
slug:
type: string
version:
type: string
type: object
rescue:
type: boolean
ssh_keys:
items:
type: string
type: array
state:
type: string
storage:
properties:
disks:
items:
properties:
device:
type: string
partitions:
items:
properties:
label:
type: string
number:
format: int64
type: integer
size:
format: int64
type: integer
start:
format: int64
type: integer
type_guid:
type: string
type: object
type: array
wipe_table:
type: boolean
type: object
type: array
filesystems:
items:
properties:
mount:
properties:
create:
properties:
force:
type: boolean
options:
items:
type: string
type: array
type: object
device:
type: string
files:
items:
properties:
contents:
type: string
gid:
format: int64
type: integer
mode:
format: int64
type: integer
path:
type: string
uid:
format: int64
type: integer
type: object
type: array
format:
type: string
point:
type: string
type: object
type: object
type: array
raid:
items:
properties:
devices:
items:
type: string
type: array
level:
type: string
name:
type: string
spare:
format: int64
type: integer
type: object
type: array
type: object
tags:
items:
type: string
type: array
userdata:
type: string
type: object
manufacturer:
properties:
id:
type: string
slug:
type: string
type: object
state:
type: string
type: object
resources:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Resources represents known resources that are available on a machine.
Resources may be used for scheduling by orchestrators.
type: object
tinkVersion:
format: int64
type: integer
userData:
description: |-
UserData is the user data to configure in the hardware's
metadata
type: string
vendorData:
description: |-
VendorData is the vendor data to configure in the hardware's
metadata
type: string
type: object
status:
description: HardwareStatus defines the observed state of Hardware.
properties:
state:
description: HardwareState represents the hardware state.
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

24
packages/system/tinkerbell/charts/smee/templates/_ports.tpl Normal file
View File

@@ -0,0 +1,24 @@
{{ define "smee.ports" }}
- {{ .PortKey }}: {{ .http.port }}
name: {{ .http.name }}
protocol: TCP
- {{ .PortKey }}: {{ .syslog.port }}
name: {{ .syslog.name }}
protocol: UDP
- {{ .PortKey }}: {{ .dhcp.port }}
name: {{ .dhcp.name }}
protocol: UDP
- {{ .PortKey }}: {{ .tftp.port }}
name: {{ .tftp.name }}
protocol: UDP
{{- end }}
{{- define "urlJoiner" }}
{{- if .urlDict.port }}
{{- $host := printf "%v:%v" .urlDict.host .urlDict.port }}
{{- $newDict := set .urlDict "host" $host }}
{{- print (urlJoin $newDict) }}
{{- else }}
{{- print (urlJoin .urlDict) }}
{{- end }}
{{- end }}

12
packages/system/tinkerbell/charts/smee/templates/_scheduling.tpl Normal file
View File

@@ -0,0 +1,12 @@
{{- define "singleNodeClusterConfig" }}
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
{{- end }}
{{- define "preferWorkerNodes" }}
- weight: {{ .nodeAffinityWeight }}
preference:
matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: DoesNotExist
{{- end }}

182
packages/system/tinkerbell/charts/smee/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,182 @@
{{- if .Values.deploy }}
{{- $publicIP := .Values.publicIP }}
{{- $trustedProxies := .Values.trustedProxies }}
{{- $roleType := .Values.rbac.type }}
{{- $nodeSelector := .Values.nodeSelector }}
{{- if .Values.global }}
{{- $publicIP = coalesce .Values.publicIP .Values.global.publicIP }}
{{- $trustedProxies = coalesce .Values.trustedProxies .Values.global.trustedProxies }}
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
{{- $nodeSelector = coalesce .Values.nodeSelector .Values.global.nodeSelector }}
{{- end }}
{{- $_ := set .Values.dhcp "syslogIp" (default $publicIP .Values.dhcp.syslogIp) }}
{{- $_ := set .Values.dhcp "ipForPacket" (default $publicIP .Values.dhcp.ipForPacket) }}
{{- $_ := set .Values.dhcp "tftpIp" (default $publicIP .Values.dhcp.tftpIp) }}
{{- $_ := set .Values.dhcp.httpIPXE.binaryUrl "host" (default $publicIP .Values.dhcp.httpIPXE.binaryUrl.host) }}
{{- $_ := set .Values.dhcp.httpIPXE.scriptUrl "host" (default $publicIP .Values.dhcp.httpIPXE.scriptUrl.host) }}
{{- $_ := set .Values.http.tinkServer "ip" (default $publicIP .Values.http.tinkServer.ip) }}
{{- $_ := set .Values.http.osieUrl "host" (default $publicIP .Values.http.osieUrl.host) }}
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: {{ .Values.name }}
name: {{ .Values.name }}
namespace: {{ .Release.Namespace | quote }}
spec:
replicas: {{ .Values.replicas }}
selector:
matchLabels:
app: {{ .Values.name }}
stack: tinkerbell
{{- with .Values.selector }}
{{- toYaml . | nindent 6 }}
{{- end }}
strategy:
type: {{ .Values.deployment.strategy.type }}
template:
metadata:
labels:
app: {{ .Values.name }}
stack: tinkerbell
{{- with .Values.selector }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
containers:
- image: {{ .Values.image }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- range .Values.additionalArgs }}
- {{ . }}
{{- end }}
env:
- name: SMEE_LOG_LEVEL
value: {{ .Values.logLevel | quote }}
- name: SMEE_DHCP_ADDR
value: {{ printf "%v:%v" .Values.dhcp.ip .Values.dhcp.port | quote }}
- name: SMEE_DHCP_ENABLED
value: {{ .Values.dhcp.enabled | quote }}
- name: SMEE_DHCP_TFTP_PORT
value: {{ .Values.dhcp.tftpPort | quote }}
- name: SMEE_DHCP_HTTP_IPXE_BINARY_PATH
value: {{ .Values.dhcp.httpIPXE.binaryUrl.path | quote }}
- name: SMEE_DHCP_HTTP_IPXE_BINARY_PORT
value: {{ .Values.dhcp.httpIPXE.binaryUrl.port | quote }}
- name: SMEE_DHCP_HTTP_IPXE_BINARY_SCHEME
value: {{ .Values.dhcp.httpIPXE.binaryUrl.scheme | quote }}
- name: SMEE_DHCP_HTTP_IPXE_SCRIPT_PATH
value: {{ .Values.dhcp.httpIPXE.scriptUrl.path | quote }}
- name: SMEE_DHCP_HTTP_IPXE_SCRIPT_PORT
value: {{ .Values.dhcp.httpIPXE.scriptUrl.port | quote }}
- name: SMEE_DHCP_HTTP_IPXE_SCRIPT_SCHEME
value: {{ .Values.dhcp.httpIPXE.scriptUrl.scheme | quote }}
- name: SMEE_DHCP_MODE
value: {{ .Values.dhcp.mode | quote }}
- name: SMEE_EXTRA_KERNEL_ARGS
value: {{ join " " ( append .Values.http.additionalKernelArgs ( printf "tink_worker_image=%s" ( required "missing tinkWorkerImage" .Values.tinkWorkerImage ) ) ) | quote }}
- name: SMEE_HTTP_IPXE_BINARY_ENABLED
value: {{ .Values.http.ipxeBinaryEnabled | quote }}
- name: SMEE_HTTP_IPXE_SCRIPT_ENABLED
value: {{ .Values.http.ipxeScriptEnabled | quote }}
- name: SMEE_HTTP_PORT
value: {{ .Values.http.port | quote }}
- name: SMEE_OSIE_URL
value: {{include "urlJoiner" (dict "urlDict" .Values.http.osieUrl) | quote }}
- name: SMEE_TINK_SERVER
value: {{ printf "%v:%v" .Values.http.tinkServer.ip .Values.http.tinkServer.port | quote }}
- name: SMEE_TINK_SERVER_TLS
value: {{ .Values.http.tinkServer.tls | quote }}
- name: SMEE_TINK_SERVER_INSECURE_TLS
value: {{ .Values.http.tinkServer.insecureTLS | quote }}
- name: SMEE_TRUSTED_PROXIES
value: {{ required "missing trustedProxies" ( join "," $trustedProxies ) | quote }}
- name: SMEE_SYSLOG_ENABLED
value: {{ .Values.syslog.enabled | quote }}
- name: SMEE_IPXE_SCRIPT_PATCH
value: {{ .Values.ipxeScriptPatch | quote }}
- name: SMEE_TFTP_ENABLED
value: {{ .Values.tftp.enabled | quote }}
- name: SMEE_TFTP_TIMEOUT
value: {{ .Values.tftp.timeout | quote }}
- name: SMEE_TFTP_PORT
value: {{ .Values.tftp.port | quote }}
- name: SMEE_SYSLOG_PORT
value: {{ .Values.syslog.port | quote }}
- name: SMEE_HTTP_ADDR
value: {{ .Values.http.ip | quote }}
- name: SMEE_SYSLOG_ADDR
value: {{ .Values.syslog.ip | quote }}
- name: SMEE_TFTP_ADDR
value: {{ .Values.tftp.ip | quote }}
- name: SMEE_DHCP_HTTP_IPXE_BINARY_HOST
value: {{ .Values.dhcp.httpIPXE.binaryUrl.host | quote }}
- name: SMEE_DHCP_HTTP_IPXE_SCRIPT_HOST
value: {{ .Values.dhcp.httpIPXE.scriptUrl.host | quote }}
- name: SMEE_DHCP_SYSLOG_IP
value: {{ .Values.dhcp.syslogIp | quote }}
- name: SMEE_DHCP_TFTP_IP
value: {{ .Values.dhcp.tftpIp | quote }}
- name: SMEE_DHCP_IP_FOR_PACKET
value: {{ .Values.dhcp.ipForPacket | quote }}
- name: SMEE_ISO_ENABLED
value: {{ .Values.iso.enabled | quote }}
- name: SMEE_ISO_URL
value: {{ .Values.iso.url | quote }}
- name: SMEE_ISO_MAGIC_STRING
value: {{ .Values.iso.magicString | quote }}
- name: SMEE_ISO_STATIC_IPAM_ENABLED
value: {{ .Values.iso.staticIPAMEnabled | quote }}
{{- if eq $roleType "Role"}}
- name: SMEE_BACKEND_KUBE_NAMESPACE
value: {{ .Release.Namespace | quote }}
{{- end }}
{{- range .Values.additionalEnv }}
- name: {{ .name | quote }}
value: {{ .value | quote }}
{{- end }}
{{- if not .Values.hostNetwork }}
ports:
{{- include "smee.ports" ( merge ( dict "PortKey" "containerPort" ) .Values ) | indent 12 }}
{{- end }}
name: {{ .Values.name }}
resources:
limits:
cpu: {{ .Values.resources.limits.cpu }}
memory: {{ .Values.resources.limits.memory }}
requests:
cpu: {{ .Values.resources.requests.cpu }}
memory: {{ .Values.resources.requests.memory }}
{{- with .Values.additionalVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.additionalVolumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ .Values.name }}
{{- if .Values.hostNetwork }}
hostNetwork: true
{{- end }}
{{- with $nodeSelector }}
nodeSelector:
{{ toYaml . | nindent 8 }}
{{- end }}
{{- if or .Values.deployment.tolerations .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
tolerations:
{{- .Values.deployment.tolerations | toYaml | nindent 8 }}
{{- if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
{{- include "singleNodeClusterConfig" . | indent 6 }}
{{- end }}
{{- end }}
{{- if .Values.deployment.affinity }}
affinity:
{{- .Values.deployment.affinity | toYaml | nindent 8 }}
{{- else if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
{{- include "preferWorkerNodes" (dict "nodeAffinityWeight" .Values.singleNodeClusterConfig.nodeAffinityWeight) | indent 10 }}
{{- end }}
{{- end }}

21
packages/system/tinkerbell/charts/smee/templates/role-binding.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- if .Values.deploy }}
{{- $roleType := .Values.rbac.type }}
{{- if .Values.global }}
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ printf "%sBinding" $roleType }}
metadata:
name: {{ .Values.rbac.bindingName }}
{{- if eq $roleType "Role" }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: {{ $roleType }}
name: {{ .Values.rbac.name }}
subjects:
- kind: ServiceAccount
name: {{ .Values.name }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

17
packages/system/tinkerbell/charts/smee/templates/role.yaml Normal file
View File

@@ -0,0 +1,17 @@
{{- if .Values.deploy }}
{{- $roleType := .Values.rbac.type }}
{{- if .Values.global }}
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
{{- end }}
apiVersion: rbac.authorization.k8s.io/v1
kind: {{ $roleType }}
metadata:
name: {{ .Values.rbac.name }}
{{- if eq $roleType "Role" }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
rules:
- apiGroups: ["tinkerbell.org"]
resources: ["hardware", "hardware/status"]
verbs: ["get", "list", "watch"]
{{- end }}

7
packages/system/tinkerbell/charts/smee/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,7 @@
{{- if .Values.deploy }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Values.name }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}

31
packages/system/tinkerbell/charts/smee/templates/service.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- if .Values.deploy }}
---
apiVersion: v1
kind: Service
metadata:
labels:
app: {{ .Values.name }}
name: {{ .Values.name }}
namespace: {{ .Release.Namespace | quote }}
spec:
type: ClusterIP
ports:
- name: tftp
port: 69
targetPort: 69
protocol: UDP
- name: http
port: {{ .Values.http.port }}
targetPort: {{ .Values.http.port }}
protocol: TCP
- name: syslog
port: {{ .Values.syslog.port }}
targetPort: {{ .Values.syslog.port }}
protocol: UDP
- name: dhcp
port: 67
targetPort: 67
protocol: UDP
selector:
app: {{ .Values.name }}
{{- end }}

41
packages/system/tinkerbell/charts/smee/values.schema.json Normal file
View File

@@ -0,0 +1,41 @@
{
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"http": {
"type": "object",
"properties": {
"trustedProxies": {
"type": "array",
"items": {
"type": "string",
"description": "Specifies one or more IPv4/IPv6 addresses expressed using CIDR notation.",
"anyOf": [
{
"pattern": "^([0-9]{1,3}\\.){3}[0-9]{1,3}(\/([0-9]|[1-2][0-9]|3[0-2]))?$"
},
{
"pattern": "^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))?$"
}
]
}
}
}
},
"rbac": {
"type": "object",
"properties": {
"type": {
"type": "string",
"enum": ["Role", "ClusterRole"]
},
"name": {
"type": "string"
},
"bindingName": {
"type": "string"
}
}
}
}
}

166
packages/system/tinkerbell/charts/smee/values.yaml Normal file
View File

@@ -0,0 +1,166 @@
# Toggle deployment of the service.
deploy: true
# Name of the service used as the deployment name and label selectors.
name: smee
# The image used to launch the container.
image: quay.io/tinkerbell/smee:v0.15.1
imagePullPolicy: IfNotPresent
# The number of pods to run.
replicas: 1
# Resources bounds applied to the container.
resources:
limits:
cpu: 500m
memory: 128Mi
requests:
cpu: 10m
memory: 64Mi
deployment:
strategy:
type: RollingUpdate
tolerations: []
affinity: {}
# The log level for the container.
logLevel: "info"
# The network mode to launch the smee container. When true, the smee container will use the
# host network.
hostNetwork: false
# nodeSelector when defined will be constrain Pods to nodes with specific labels
nodeSelector: {}
# publicIP when defined will be used as the IP in the following locations if they are not defined:
# dhcp.httpIPXE.binaryUrl.host, dhcp.httpIPXE.scriptUrl.host, tinkServer.ip, http.osieUrl.host, dhcp.ipForPacket, dhcp.tftpIp
# This is useful when all Tinkerbell services are running behind the same IP.
publicIP: ""
# DHCP server configuration. Name is an identifier used across Kubernetes manifests for port
# identification, ip is the IP address to bind to, and port is the port to bind to.
dhcp:
enabled: true
name: smee-dhcp
mode: reservation
ip: 0.0.0.0
port: 67
ipForPacket: ""
tftpIp: ""
tftpPort: 69
syslogIp: ""
httpIPXE:
binaryUrl: # http://<host>:<port>/ipxe
scheme: "http"
host: ""
port: 7171
path: "/ipxe"
scriptUrl: # http://<host>:<port>/auto.ipxe
scheme: "http"
host: ""
port: 7171
path: "/auto.ipxe"
# TFTP server configuration used to serve iPXE binaries. Name is an identifier used across
# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the
# port to bind to.
tftp:
enabled: true
name: smee-tftp
ip: 0.0.0.0
port: 69
timeout: 5s
# HTTP server configuration used to serve iPXE scripts. Name is an identifier used across
# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the
# port to bind to.
http:
enabled: true
name: smee-http
ip: 0.0.0.0
port: 7171
# Tink Server configuration passed to the Tink Worker to establish a gRPC connection.
tinkServer:
ip: ""
port: 42113
tls: false
insecureTLS: false
osieUrl:
scheme: "http"
host: ""
port: 8080
path: ""
# Additional kernel arguments to pass to the OSIE. (k=v k=v) that are appended to the kernel cmdline in the iPXE script
additionalKernelArgs: []
# enable iPXE HTTP binary server
ipxeBinaryEnabled: true
# enable iPXE HTTP script server
ipxeScriptEnabled: true
# ISO settings
iso:
enabled: false
# the string pattern to match for in the source ISO, defaults to the one defined in HookOS
magicString: ""
# enable static IPAM for HookOS
staticIPAMEnabled: false
# an HTTP(S) URL target to an OSIE that is used for patching
url: ""
# Trusted proxies defines a list of IP or CIDR ranges that are allowed to set the X-Forwarded-For
# header. This typically requires all Pod CIDRs in the cluster.
trustedProxies: []
# Syslog server configuration for the smee hosted syslog server. Name is an identifier used across
# Kubernetes manifests for port identification, ip is the IP address to bind to, and port is the
# port to bind to.
syslog:
enabled: true
name: smee-syslog
ip: 0.0.0.0
port: 514
# The Tink Worker image passed to OSIE as a kernel arg for launching.
tinkWorkerImage: quay.io/tinkerbell/tink-worker:v0.12.1
# Additional arguments to pass to the smee container. Some arguments are already defined - refer
# to the deployment.yaml template for details.
additionalArgs: []
# Additional environment variables to pass to the smee container. Each entry is expected to have a
# name and value key. Some keys are already defined - refer to the deployment.yaml template for
# details.
#
# Example
# - name: MY_ENV_VAR
# value: my-value
additionalEnv: []
# singleNodeClusterConfig to add tolerations for deployments on control plane nodes. This is defaulted to false.
singleNodeClusterConfig:
controlPlaneTolerationsEnabled: false
nodeAffinityWeight: 1
# Additional volumes on the output Deployment definition.
additionalVolumes: [ ]
# - name: foo
# secret:
# secretName: mysecret
# optional: false
# Additional volumeMounts on the Smee container
additionalVolumeMounts: [ ]
# - name: foo
# mountPath: "/etc/foo"
# readOnly: true
rbac:
type: Role # or ClusterRole
name: smee-role # or smee-cluster-role
bindingName: smee-rolebinding # or smee-cluster-rolebinding

6
packages/system/tinkerbell/values.yaml Normal file
View File

@@ -0,0 +1,6 @@
smee:
hostNetwork: true
trustedProxies:
- 0.0.0.0/0
syslog:
enabled: false