mirror of
https://github.com/outbackdingo/cozystack.git
synced 2026-01-29 02:18:47 +00:00
Compare commits
1 Commits
v0.24.0
...
tinkerbell
| Author | SHA1 | Date | |
|---|---|---|---|
|
a91d2aefde |
1
Makefile
1
Makefile
@@ -6,7 +6,6 @@ build:
|
||||
make -C packages/apps/mysql image
|
||||
make -C packages/apps/clickhouse image
|
||||
make -C packages/apps/kubernetes image
|
||||
make -C packages/extra/monitoring image
|
||||
make -C packages/system/cozystack-api image
|
||||
make -C packages/system/cozystack-controller image
|
||||
make -C packages/system/cilium image
|
||||
|
||||
@@ -1,29 +0,0 @@
|
||||
package main
|
||||
|
||||
import (
|
||||
"flag"
|
||||
"log"
|
||||
"net/http"
|
||||
"path/filepath"
|
||||
)
|
||||
|
||||
func main() {
|
||||
addr := flag.String("address", ":8123", "Address to listen on")
|
||||
dir := flag.String("dir", "/cozystack/assets", "Directory to serve files from")
|
||||
flag.Parse()
|
||||
|
||||
absDir, err := filepath.Abs(*dir)
|
||||
if err != nil {
|
||||
log.Fatalf("Error getting absolute path for %s: %v", *dir, err)
|
||||
}
|
||||
|
||||
fs := http.FileServer(http.Dir(absDir))
|
||||
http.Handle("/", fs)
|
||||
|
||||
log.Printf("Server starting on %s, serving directory %s", *addr, absDir)
|
||||
|
||||
err = http.ListenAndServe(*addr, nil)
|
||||
if err != nil {
|
||||
log.Fatalf("Server failed to start: %v", err)
|
||||
}
|
||||
}
|
||||
@@ -68,7 +68,7 @@ spec:
|
||||
serviceAccountName: cozystack
|
||||
containers:
|
||||
- name: cozystack
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.24.0"
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
|
||||
env:
|
||||
- name: KUBERNETES_SERVICE_HOST
|
||||
value: localhost
|
||||
@@ -86,12 +86,13 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: assets
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.24.0"
|
||||
- name: darkhttpd
|
||||
image: "ghcr.io/aenix-io/cozystack/cozystack:v0.23.1"
|
||||
command:
|
||||
- /usr/bin/cozystack-assets-server
|
||||
- "-dir=/cozystack/assets"
|
||||
- "-address=:8123"
|
||||
- /usr/bin/darkhttpd
|
||||
- /cozystack/assets
|
||||
- --port
|
||||
- "8123"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8123
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:88773436a4f2441869a43fb0999181874d38add09906bb9a91ff438dbc474bca
|
||||
ghcr.io/aenix-io/cozystack/cluster-autoscaler:0.15.0@sha256:538ee308f16c9e627ed16ee7c4aaa65919c2e6c4c2778f964a06e4797610d1cd
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:f947e82c50533df847e31f0d33597f10589065fccb1e462b6a9182772642d98e
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-cloud-provider:0.15.0@sha256:7716c88947d13dc90ccfcc3e60bfdd6e6fa9b201339a75e9c84bf825c76e2b1f
|
||||
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:f0367f809ec9f717e98b840d4d362b7afb366831f4692908c978dc23ffd885b3
|
||||
ghcr.io/aenix-io/cozystack/kubevirt-csi-driver:0.15.0@sha256:be5e0eef92dada3ace5cddda5c68b30c9fe4682774c5e6e938ed31efba11ebbf
|
||||
|
||||
@@ -108,14 +108,12 @@ virtual-machine 0.3.0 b908400
|
||||
virtual-machine 0.4.0 4746d51
|
||||
virtual-machine 0.5.0 cad9cde
|
||||
virtual-machine 0.6.0 0e728870
|
||||
virtual-machine 0.7.0 af58018a
|
||||
virtual-machine 0.7.1 HEAD
|
||||
virtual-machine 0.7.0 HEAD
|
||||
vm-disk 0.1.0 HEAD
|
||||
vm-instance 0.1.0 ced8e5b9
|
||||
vm-instance 0.2.0 4f767ee3
|
||||
vm-instance 0.3.0 0e728870
|
||||
vm-instance 0.4.0 af58018a
|
||||
vm-instance 0.4.1 HEAD
|
||||
vm-instance 0.4.0 HEAD
|
||||
vpn 0.1.0 f642698
|
||||
vpn 0.2.0 7151424
|
||||
vpn 0.3.0 a2bcf100
|
||||
|
||||
@@ -17,10 +17,10 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.7.1
|
||||
version: 0.7.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.7.1"
|
||||
appVersion: "0.7.0"
|
||||
|
||||
@@ -45,7 +45,6 @@ spec:
|
||||
metadata:
|
||||
labels:
|
||||
app: "{{ $.Release.Name }}-update-hook"
|
||||
policy.cozystack.io/allow-to-apiserver: "true"
|
||||
spec:
|
||||
serviceAccountName: {{ $.Release.Name }}-update-hook
|
||||
restartPolicy: Never
|
||||
|
||||
@@ -17,10 +17,10 @@ type: application
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.4.1
|
||||
version: 0.4.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.4.1"
|
||||
appVersion: "0.4.0"
|
||||
|
||||
@@ -35,7 +35,6 @@ spec:
|
||||
metadata:
|
||||
labels:
|
||||
app: "{{ $.Release.Name }}-update-hook"
|
||||
policy.cozystack.io/allow-to-apiserver: "true"
|
||||
spec:
|
||||
serviceAccountName: {{ $.Release.Name }}-update-hook
|
||||
restartPolicy: Never
|
||||
|
||||
@@ -55,8 +55,6 @@ image-matchbox: run-builder
|
||||
--metadata-file images/matchbox.json \
|
||||
--push=$(PUSH) \
|
||||
--load=$(LOAD)
|
||||
echo "$(REGISTRY)/matchbox:$(call settag,$(TAG))@$$(yq e '."containerimage.digest"' images/matchbox.json -o json -r)" \
|
||||
> ../../extra/bootbox/images/matchbox.tag
|
||||
rm -f images/matchbox.json
|
||||
|
||||
assets: talos-iso talos-nocloud talos-metal
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
FROM golang:alpine3.21 as k8s-await-election-builder
|
||||
FROM golang:alpine3.19 as k8s-await-election-builder
|
||||
|
||||
ARG K8S_AWAIT_ELECTION_GITREPO=https://github.com/LINBIT/k8s-await-election
|
||||
ARG K8S_AWAIT_ELECTION_VERSION=0.4.1
|
||||
@@ -13,7 +13,7 @@ RUN git clone ${K8S_AWAIT_ELECTION_GITREPO} /usr/local/go/k8s-await-election/ \
|
||||
&& make \
|
||||
&& mv ./out/k8s-await-election-${TARGETARCH} /k8s-await-election
|
||||
|
||||
FROM golang:alpine3.21 as builder
|
||||
FROM alpine:3.19 AS builder
|
||||
|
||||
RUN apk add --no-cache make git
|
||||
RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
|
||||
@@ -21,14 +21,12 @@ RUN apk add helm --repository=https://dl-cdn.alpinelinux.org/alpine/edge/communi
|
||||
COPY . /src/
|
||||
WORKDIR /src
|
||||
|
||||
RUN go build -o /cozystack-assets-server -ldflags '-extldflags "-static" -w -s' ./cmd/cozystack-assets-server
|
||||
|
||||
# Check that versions_map is not changed
|
||||
RUN make repos
|
||||
|
||||
FROM alpine:3.21
|
||||
FROM alpine:3.19
|
||||
|
||||
RUN apk add --no-cache make
|
||||
RUN apk add --no-cache make darkhttpd
|
||||
RUN apk add helm kubectl --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
|
||||
|
||||
COPY scripts /cozystack/scripts
|
||||
@@ -36,7 +34,6 @@ COPY --from=builder /src/packages/core /cozystack/packages/core
|
||||
COPY --from=builder /src/packages/system /cozystack/packages/system
|
||||
COPY --from=builder /src/_out/repos /cozystack/assets/repos
|
||||
COPY --from=builder /src/_out/logos /cozystack/assets/logos
|
||||
COPY --from=builder /cozystack-assets-server /usr/bin/cozystack-assets-server
|
||||
COPY --from=k8s-await-election-builder /k8s-await-election /usr/bin/k8s-await-election
|
||||
COPY dashboards /cozystack/assets/dashboards
|
||||
|
||||
|
||||
@@ -67,12 +67,13 @@ spec:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
- name: assets
|
||||
- name: darkhttpd
|
||||
image: "{{ .Values.cozystack.image }}"
|
||||
command:
|
||||
- /usr/bin/cozystack-assets-server
|
||||
- "-dir=/cozystack/assets"
|
||||
- "-address=:8123"
|
||||
- /usr/bin/darkhttpd
|
||||
- /cozystack/assets
|
||||
- --port
|
||||
- "8123"
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8123
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystack:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.24.0@sha256:3560daf09e41b5a729b4377341cc01d51b272122640bd7c4db9d1f5fcb8008a9
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack:v0.23.1@sha256:dfa803a3e02ec9ea221029d361aa9d7aef0b5eb0a36d66c949b265d4ac4fc114
|
||||
|
||||
@@ -200,10 +200,9 @@ releases:
|
||||
optional: true
|
||||
dependsOn: [keycloak]
|
||||
|
||||
- name: bootbox
|
||||
releaseName: bootbox
|
||||
chart: cozy-bootbox
|
||||
namespace: cozy-bootbox
|
||||
privileged: true
|
||||
- name: tinkerbell
|
||||
releaseName: tinkerbell
|
||||
chart: cozy-tinkerbell
|
||||
namespace: cozy-tinkerbell
|
||||
optional: true
|
||||
dependsOn: [cilium]
|
||||
dependsOn: [cilium,kubeovn]
|
||||
|
||||
@@ -281,11 +281,10 @@ releases:
|
||||
optional: true
|
||||
dependsOn: [cilium,kubeovn]
|
||||
|
||||
- name: bootbox
|
||||
releaseName: bootbox
|
||||
chart: cozy-bootbox
|
||||
namespace: cozy-bootbox
|
||||
privileged: true
|
||||
- name: tinkerbell
|
||||
releaseName: tinkerbell
|
||||
chart: cozy-tinkerbell
|
||||
namespace: cozy-tinkerbell
|
||||
optional: true
|
||||
dependsOn: [cilium,kubeovn]
|
||||
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
e2e:
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.24.0@sha256:38229517c86e179984a6d39f5510b859d13d965e35b216bc01ce456f9ab5f8b5
|
||||
image: ghcr.io/aenix-io/cozystack/e2e-sandbox:v0.23.1@sha256:0f4ffa7f23d6cdc633c0c4a0b852fde9710edbce96486fd9bd29c7d0d7710380
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
apiVersion: v2
|
||||
name: bootbox
|
||||
description: PXE hardware provisioning
|
||||
icon: /logos/bootbox.svg
|
||||
type: application
|
||||
version: 0.1.0
|
||||
@@ -1,11 +0,0 @@
|
||||
NAME=bootbox
|
||||
NAMESPACE=tenant-root
|
||||
|
||||
include ../../../scripts/package.mk
|
||||
|
||||
generate:
|
||||
readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
|
||||
cat values.schema.json.tmp | \
|
||||
jq '.properties.machines.items.type = "object"' \
|
||||
> values.schema.json
|
||||
rm -f values.schema.json.tmp
|
||||
@@ -1,11 +0,0 @@
|
||||
# BootBox
|
||||
|
||||
## Parameters
|
||||
|
||||
### Common parameters
|
||||
|
||||
| Name | Description | Value |
|
||||
| --------------- | ----------------------------------------------------- | ------ |
|
||||
| `whitelistHTTP` | Secure HTTP by enabling client networks whitelisting | `true` |
|
||||
| `whitelist` | List of client networks | `[]` |
|
||||
| `machines` | Configuration of physical machine instances | `[]` |
|
||||
@@ -1,18 +0,0 @@
|
||||
apk add iptables iproute2 qemu-system-x86_64 qemu-img
|
||||
|
||||
iptables -t nat -D POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE 2>/dev/null || true
|
||||
iptables -t nat -A POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE
|
||||
|
||||
ip link del tap0 2>/dev/null || true
|
||||
ip tuntap add dev tap0 mode tap
|
||||
ip link set tap0 up
|
||||
ip addr add 10.8.2.1/24 dev tap0
|
||||
|
||||
|
||||
rm -f data.img
|
||||
qemu-img create data.img 100G
|
||||
|
||||
qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \
|
||||
-device virtio-net,netdev=net0,mac=d6:fa:af:52:25:93 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
|
||||
-drive file=data.img,if=virtio,format=raw \
|
||||
-nographic
|
||||
@@ -1 +0,0 @@
|
||||
ghcr.io/aenix-io/cozystack/matchbox:v0.24.0@sha256:6402f92454bfad6d81ff4d07c21c46e44bc2b890769963d5c0d8b6b31300384f
|
||||
@@ -1,91 +0,0 @@
|
||||
<svg width="144" height="144" viewBox="0 0 144 144" fill="none" xmlns="http://www.w3.org/2000/svg">
|
||||
<rect width="144" height="144" rx="24" fill="url(#paint0_linear_979_792)"/>
|
||||
<path d="M71.5698 76.5336C71.2374 76.5336 70.9036 76.4847 70.5829 76.3892L36.2079 66.0767C34.3885 65.5311 33.3562 63.6144 33.9017 61.7966C34.4489 59.9755 36.3657 58.9483 38.1817 59.4904L71.5698 69.5076L104.958 59.4904C106.776 58.96 108.691 59.9772 109.238 61.7966C109.783 63.6144 108.751 65.5311 106.932 66.0767L72.5567 76.3892C72.236 76.4847 71.9022 76.5336 71.5698 76.5336Z" fill="#231F20"/>
|
||||
<path d="M74.973 53.0214C74.7668 54.3276 73.8043 55.3933 72.5668 55.7714L38.1918 66.0839C37.848 66.187 37.5387 66.2214 37.1949 66.2214C36.3699 66.2214 35.5793 65.912 34.9262 65.362L21.1762 53.3308C20.248 52.5401 19.8355 51.2683 20.0762 50.0651C20.3168 48.862 21.1762 47.8651 22.3449 47.487L53.2824 37.1745C54.3137 36.8308 55.448 37.0026 56.3418 37.6214L73.5293 49.6526C74.6293 50.4089 75.1793 51.7151 74.973 53.0214Z" fill="#FFDC83"/>
|
||||
<path d="M121.964 53.3308L108.214 65.362C107.56 65.912 106.77 66.2214 105.945 66.2214C105.601 66.2214 105.292 66.187 104.948 66.0839L70.573 55.7714C69.3355 55.3933 68.373 54.3276 68.1667 53.0214C67.9605 51.7151 68.5105 50.4089 69.6105 49.6526L86.798 37.6214C87.6917 37.0026 88.8261 36.8308 89.8574 37.1745L120.795 47.487C121.964 47.8651 122.823 48.862 123.064 50.0651C123.304 51.2683 122.892 52.5401 121.964 53.3308Z" fill="#FFDC83"/>
|
||||
<path d="M109.382 63.6426V107.471C109.382 108.88 108.522 110.152 107.216 110.668L72.8412 124.418C72.4287 124.589 72.0162 124.658 71.5693 124.658C71.1225 124.658 70.71 124.589 70.2975 124.418L35.9225 110.668C34.6162 110.152 33.7568 108.88 33.7568 107.471V63.6426C33.7568 61.752 35.3037 60.2051 37.1943 60.2051H105.944C107.835 60.2051 109.382 61.752 109.382 63.6426Z" fill="#EABD4C"/>
|
||||
<path d="M107.999 61.4958C107.999 62.9812 107.037 64.2979 105.643 64.7368L72.4613 74.865C72.1295 74.9662 71.8308 75 71.499 75C71.1672 75 70.8686 74.9662 70.5368 74.865L37.3549 64.7368C35.9613 64.2979 34.999 62.9812 34.999 61.4958C34.999 60.0103 35.9613 58.6937 37.3549 58.2548L70.5368 48.1266C71.1672 47.9578 71.8308 47.9578 72.4613 48.1266L105.643 58.2548C107.037 58.6937 107.999 60.0103 107.999 61.4958Z" fill="#4C3825"/>
|
||||
<path d="M74.5118 77C75.35 77 76.1794 76.9628 77 76.9133V21.0867C76.1765 21.0347 75.3471 21 74.5059 21C73.6647 21 72.8294 21.0347 72 21.0867V76.9108C72.8265 76.9628 73.6588 76.9975 74.5 77H74.5118Z" fill="url(#paint1_linear_979_792)"/>
|
||||
<path d="M44.0282 38.1129L43.2078 37.2959C42.0773 38.9121 41.0746 40.614 40.2088 42.3861C50.1001 52.4354 51.1424 57.2835 51.1289 58.9074C51.0919 63.026 46.0522 69.4845 40.1416 75.4657C40.9996 77.2375 41.9933 78.9405 43.1137 80.5592C43.4499 80.223 43.7693 79.9137 44.0954 79.5842C52.625 70.9975 56.794 64.2498 56.8445 58.9477C56.8949 53.6457 52.7024 46.8879 44.0282 38.1129Z" fill="url(#paint2_linear_979_792)"/>
|
||||
<path d="M104.695 79.5975L105.676 80.5725C106.795 78.9492 107.787 77.2417 108.642 75.4655C102.735 69.4709 97.6948 62.9955 97.6545 58.8937C97.6175 54.8928 102.627 48.4208 108.568 42.359C107.703 40.5917 106.703 38.8944 105.576 37.2822L104.755 38.0992C96.081 46.8575 91.8885 53.6791 91.9389 58.9442C91.9894 64.2092 96.1583 71.0107 104.695 79.5975Z" fill="url(#paint3_linear_979_792)"/>
|
||||
<path d="M87.4396 58.9344C87.4396 51.5378 90.7378 39.2393 95.8179 27.6165C94.1979 26.5139 92.495 25.5382 90.7244 24.6982C85.1635 37.2287 81.7207 50.5561 81.7207 58.9478C81.7207 67.0673 85.4493 80.5425 91.111 93.1403C92.8468 92.2859 94.5147 91.3002 96.1004 90.1917C90.8589 78.4009 87.4396 66.0755 87.4396 58.9344Z" fill="url(#paint4_linear_979_792)"/>
|
||||
<path d="M67.0384 58.9353C67.0384 50.4998 63.4578 37.0985 57.9608 24.7227C56.2158 25.5613 54.5377 26.5325 52.9412 27.6275C58.0314 39.2435 61.3228 51.5454 61.3228 58.9353C61.3228 66.073 57.9036 78.395 52.6621 90.1724C54.2482 91.2802 55.9161 92.2658 57.6514 93.121C63.3199 80.5266 67.0384 67.0614 67.0384 58.9353Z" fill="url(#paint5_linear_979_792)"/>
|
||||
<path d="M74.4229 74.987L60.6729 95.612C60.0197 96.6089 58.9541 97.1589 57.8197 97.1589C57.4072 97.1589 56.9604 97.0901 56.5479 96.9183L22.1729 83.1683C21.1416 82.7558 20.3854 81.8964 20.1104 80.8651C19.8354 79.7995 20.076 78.6651 20.7635 77.8401L34.5135 60.6526C35.3729 59.5526 32.7391 57.8404 34.0797 58.2185L72.5666 69.7964C73.5979 70.1058 74.4229 70.8964 74.801 71.9276C75.1791 72.9589 75.0416 74.0933 74.4229 74.987Z" fill="#FFDC83"/>
|
||||
<path d="M123.029 80.6242C122.754 81.6555 121.998 82.5492 121.001 82.9274L86.6261 96.918C86.1792 97.0899 85.7667 97.1586 85.3199 97.1586C84.1855 97.1586 83.1199 96.6086 82.4667 95.6117L68.7167 74.9867C68.098 74.093 67.9605 72.9586 68.3386 71.9274C68.7167 70.8961 69.5417 70.1055 70.573 69.7961L108.469 58.4331C109.81 58.0206 107.732 59.5524 108.626 60.618L122.376 77.5992C123.064 78.4242 123.304 79.5586 123.029 80.6242Z" fill="#FFDC83"/>
|
||||
<defs>
|
||||
<linearGradient id="paint0_linear_979_792" x1="24" y1="3.5" x2="181" y2="147" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#480000"/>
|
||||
<stop offset="1" stop-color="#AE2300"/>
|
||||
</linearGradient>
|
||||
<linearGradient id="paint1_linear_979_792" x1="74.5" y1="17.2369" x2="74.5" y2="79.9133" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#FFD200"/>
|
||||
<stop offset="0.06" stop-color="#FFB500"/>
|
||||
<stop offset="0.14" stop-color="#FF8C00"/>
|
||||
<stop offset="0.21" stop-color="#FF7300"/>
|
||||
<stop offset="0.26" stop-color="#FF6A00"/>
|
||||
<stop offset="0.33" stop-color="#FC4F0E"/>
|
||||
<stop offset="0.43" stop-color="#F92F1E"/>
|
||||
<stop offset="0.51" stop-color="#F81B27"/>
|
||||
<stop offset="0.57" stop-color="#F7142B"/>
|
||||
<stop offset="0.68" stop-color="#DF162E"/>
|
||||
<stop offset="0.79" stop-color="#AF1A38"/>
|
||||
<stop offset="1" stop-color="#4B214C"/>
|
||||
</linearGradient>
|
||||
<linearGradient id="paint2_linear_979_792" x1="48.493" y1="15.8928" x2="48.493" y2="100.954" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#FFD200"/>
|
||||
<stop offset="0.06" stop-color="#FFB500"/>
|
||||
<stop offset="0.14" stop-color="#FF8C00"/>
|
||||
<stop offset="0.21" stop-color="#FF7300"/>
|
||||
<stop offset="0.26" stop-color="#FF6A00"/>
|
||||
<stop offset="0.33" stop-color="#FC4F0E"/>
|
||||
<stop offset="0.43" stop-color="#F92F1E"/>
|
||||
<stop offset="0.51" stop-color="#F81B27"/>
|
||||
<stop offset="0.57" stop-color="#F7142B"/>
|
||||
<stop offset="0.68" stop-color="#DF162E"/>
|
||||
<stop offset="0.79" stop-color="#AF1A38"/>
|
||||
<stop offset="1" stop-color="#4B214C"/>
|
||||
</linearGradient>
|
||||
<linearGradient id="paint3_linear_979_792" x1="100.29" y1="15.8926" x2="100.29" y2="100.953" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#FFD200"/>
|
||||
<stop offset="0.06" stop-color="#FFB500"/>
|
||||
<stop offset="0.14" stop-color="#FF8C00"/>
|
||||
<stop offset="0.21" stop-color="#FF7300"/>
|
||||
<stop offset="0.26" stop-color="#FF6A00"/>
|
||||
<stop offset="0.33" stop-color="#FC4F0E"/>
|
||||
<stop offset="0.43" stop-color="#F92F1E"/>
|
||||
<stop offset="0.51" stop-color="#F81B27"/>
|
||||
<stop offset="0.57" stop-color="#F7142B"/>
|
||||
<stop offset="0.68" stop-color="#DF162E"/>
|
||||
<stop offset="0.79" stop-color="#AF1A38"/>
|
||||
<stop offset="1" stop-color="#4B214C"/>
|
||||
</linearGradient>
|
||||
<linearGradient id="paint4_linear_979_792" x1="88.9122" y1="15.8929" x2="88.9122" y2="100.954" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#FFD200"/>
|
||||
<stop offset="0.06" stop-color="#FFB500"/>
|
||||
<stop offset="0.14" stop-color="#FF8C00"/>
|
||||
<stop offset="0.21" stop-color="#FF7300"/>
|
||||
<stop offset="0.26" stop-color="#FF6A00"/>
|
||||
<stop offset="0.33" stop-color="#FC4F0E"/>
|
||||
<stop offset="0.43" stop-color="#F92F1E"/>
|
||||
<stop offset="0.51" stop-color="#F81B27"/>
|
||||
<stop offset="0.57" stop-color="#F7142B"/>
|
||||
<stop offset="0.68" stop-color="#DF162E"/>
|
||||
<stop offset="0.79" stop-color="#AF1A38"/>
|
||||
<stop offset="1" stop-color="#4B214C"/>
|
||||
</linearGradient>
|
||||
<linearGradient id="paint5_linear_979_792" x1="59.857" y1="15.8938" x2="59.857" y2="100.955" gradientUnits="userSpaceOnUse">
|
||||
<stop stop-color="#FFD200"/>
|
||||
<stop offset="0.06" stop-color="#FFB500"/>
|
||||
<stop offset="0.14" stop-color="#FF8C00"/>
|
||||
<stop offset="0.21" stop-color="#FF7300"/>
|
||||
<stop offset="0.26" stop-color="#FF6A00"/>
|
||||
<stop offset="0.33" stop-color="#FC4F0E"/>
|
||||
<stop offset="0.43" stop-color="#F92F1E"/>
|
||||
<stop offset="0.51" stop-color="#F81B27"/>
|
||||
<stop offset="0.57" stop-color="#F7142B"/>
|
||||
<stop offset="0.68" stop-color="#DF162E"/>
|
||||
<stop offset="0.79" stop-color="#AF1A38"/>
|
||||
<stop offset="1" stop-color="#4B214C"/>
|
||||
</linearGradient>
|
||||
</defs>
|
||||
</svg>
|
||||
|
Before Width: | Height: | Size: 8.1 KiB |
@@ -1,6 +0,0 @@
|
||||
{{- if ne .Release.Name .Chart.Name }}
|
||||
{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
|
||||
{{- end -}}
|
||||
{{- if ne .Release.Namespace "tenant-root" }}
|
||||
{{- fail "The namespace of the release MUST BE tenant-root" }}
|
||||
{{- end -}}
|
||||
@@ -1,35 +0,0 @@
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ .Release.Name }}-dashboard-resources
|
||||
rules:
|
||||
- apiGroups:
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
resourceNames:
|
||||
- bootbox
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
resourceNames:
|
||||
- grafana-admin-password
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
resourceNames:
|
||||
- bootbox
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups:
|
||||
- cozystack.io
|
||||
resources:
|
||||
- workloadmonitors
|
||||
resourceNames:
|
||||
- bootbox-matchbox
|
||||
verbs: ["get", "list", "watch"]
|
||||
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: bootbox-profiles
|
||||
data:
|
||||
default.json: |
|
||||
{
|
||||
"id": "default",
|
||||
"name": "default",
|
||||
"boot": {
|
||||
"kernel": "/assets/vmlinuz",
|
||||
"initrd": ["/assets/initramfs.xz"],
|
||||
"args": [
|
||||
"initrd=initramfs.xz",
|
||||
"init_on_alloc=1",
|
||||
"slab_nomerge",
|
||||
"pti=on",
|
||||
"console=tty0",
|
||||
"console=ttyS0",
|
||||
"printk.devkmsg=on",
|
||||
"talos.platform=metal"
|
||||
]
|
||||
}
|
||||
}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: bootbox-groups
|
||||
data:
|
||||
default.json: |
|
||||
{
|
||||
"id": "default",
|
||||
"name": "default",
|
||||
"profile": "default"
|
||||
}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: bootbox-configs
|
||||
data:
|
||||
@@ -1,54 +0,0 @@
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: bootbox-matchbox
|
||||
spec:
|
||||
replicas: 1
|
||||
selector:
|
||||
matchLabels:
|
||||
app: bootbox-matchbox
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: bootbox-matchbox
|
||||
spec:
|
||||
containers:
|
||||
- name: matchbox
|
||||
image: "{{ $.Files.Get "images/matchbox.tag" | trim }}"
|
||||
args:
|
||||
- "-address=:8080"
|
||||
- "-log-level=debug"
|
||||
volumeMounts:
|
||||
- name: profiles-volume
|
||||
mountPath: /var/lib/matchbox/profiles
|
||||
- name: groups-volume
|
||||
mountPath: /var/lib/matchbox/groups
|
||||
- name: configs-volume
|
||||
mountPath: /var/lib/matchbox/assets/configs
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
protocol: TCP
|
||||
volumes:
|
||||
- name: profiles-volume
|
||||
configMap:
|
||||
name: bootbox-profiles
|
||||
- name: groups-volume
|
||||
configMap:
|
||||
name: bootbox-groups
|
||||
- name: configs-volume
|
||||
configMap:
|
||||
name: bootbox-configs
|
||||
---
|
||||
apiVersion: cozystack.io/v1alpha1
|
||||
kind: WorkloadMonitor
|
||||
metadata:
|
||||
name: bootbox-matchbox
|
||||
spec:
|
||||
replicas: 1
|
||||
minReplicas: 1
|
||||
kind: bootbox
|
||||
type: matchbox
|
||||
selector:
|
||||
app: bootbox-matchbox
|
||||
version: {{ $.Chart.Version }}
|
||||
@@ -1,37 +0,0 @@
|
||||
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
|
||||
{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
|
||||
|
||||
{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
|
||||
{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
|
||||
{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: bootbox
|
||||
labels:
|
||||
app: bootbox
|
||||
annotations:
|
||||
{{- if ne $issuerType "cloudflare" }}
|
||||
acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
|
||||
{{- end }}
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod
|
||||
{{- if .Values.whitelistHTTP }}
|
||||
nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.whitelist | default "0.0.0.0/32") }}"
|
||||
{{- end }}
|
||||
spec:
|
||||
ingressClassName: {{ $ingress }}
|
||||
tls:
|
||||
- hosts:
|
||||
- "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
|
||||
secretName: bootbox-tls
|
||||
rules:
|
||||
- host: "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: bootbox
|
||||
port:
|
||||
name: http
|
||||
@@ -1,47 +0,0 @@
|
||||
{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
|
||||
{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
|
||||
|
||||
{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
|
||||
{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
|
||||
{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
|
||||
|
||||
{{ range $m := .Values.machines }}
|
||||
---
|
||||
apiVersion: tinkerbell.org/v1alpha1
|
||||
kind: Hardware
|
||||
metadata:
|
||||
name: {{ $m.hostname }}
|
||||
namespace: cozy-bootbox
|
||||
spec:
|
||||
interfaces:
|
||||
{{- range $mac := $m.mac }}
|
||||
- dhcp:
|
||||
hostname: {{ $m.hostname }}
|
||||
mac: {{ $mac }}
|
||||
{{- with $m.arch }}
|
||||
arch: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $m.ip }}
|
||||
ip:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $m.leaseTime }}
|
||||
lease_time: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $m.uefi }}
|
||||
uefi: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $m.nameServers }}
|
||||
name_servers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $m.timeServers }}
|
||||
time_servers:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
netboot:
|
||||
allowPXE: true
|
||||
ipxe:
|
||||
url: "https://{{ printf "bootbox.%s" ($.Values.host | default $host) }}/boot.ipxe"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -1,12 +0,0 @@
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: bootbox
|
||||
spec:
|
||||
selector:
|
||||
app: bootbox-matchbox
|
||||
ports:
|
||||
- protocol: TCP
|
||||
port: 80
|
||||
targetPort: http
|
||||
name: http
|
||||
@@ -1,25 +0,0 @@
|
||||
{
|
||||
"title": "Chart Values",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"whitelistHTTP": {
|
||||
"type": "boolean",
|
||||
"description": "Secure HTTP by enabling client networks whitelisting",
|
||||
"default": true
|
||||
},
|
||||
"whitelist": {
|
||||
"type": "array",
|
||||
"description": "List of client networks",
|
||||
"default": [],
|
||||
"items": {}
|
||||
},
|
||||
"machines": {
|
||||
"type": "array",
|
||||
"description": "Configuration of physical machine instances",
|
||||
"default": "[]",
|
||||
"items": {
|
||||
"type": "object"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
## @section Common parameters
|
||||
|
||||
## @param whitelistHTTP Secure HTTP by enabling client networks whitelisting
|
||||
## @param whitelist List of client networks
|
||||
## Example:
|
||||
## whitelistHTTP: true
|
||||
## whitelist:
|
||||
## - "1.2.3.4"
|
||||
## - "10.8.0.0/16"
|
||||
##
|
||||
whitelistHTTP: true
|
||||
whitelist: []
|
||||
|
||||
## @param machines [array] Configuration of physical machine instances
|
||||
##
|
||||
## Example:
|
||||
## machines:
|
||||
## - hostname: machine1
|
||||
## arch: x86_64
|
||||
## ip:
|
||||
## address: 10.8.2.2
|
||||
## gateway: 10.8.2.1
|
||||
## netmask: 255.255.255.0
|
||||
## leaseTime: 86400
|
||||
## mac: [d6:fa:af:52:25:93]
|
||||
## nameServers: [1.1.1.1,8.8.8.8]
|
||||
## timeServers: [pool.ntp.org]
|
||||
## uefi: true
|
||||
|
||||
machines: []
|
||||
@@ -3,4 +3,4 @@ name: monitoring
|
||||
description: Monitoring and observability stack
|
||||
icon: /logos/monitoring.svg
|
||||
type: application
|
||||
version: 1.8.0
|
||||
version: 1.7.0
|
||||
|
||||
@@ -1,8 +1,5 @@
|
||||
GRAFANA_TAG = $(shell awk '$$1 == "version:" {print $$2}' Chart.yaml)
|
||||
|
||||
NAME=monitoring
|
||||
|
||||
include ../../../scripts/common-envs.mk
|
||||
include ../../../scripts/package.mk
|
||||
|
||||
generate:
|
||||
@@ -11,16 +8,3 @@ generate:
|
||||
jq '.properties.metricsStorages.items.type = "object" | .properties.logsStorages.items.type = "object"' \
|
||||
> values.schema.json
|
||||
rm -f values.schema.json.tmp
|
||||
|
||||
image:
|
||||
docker buildx build --platform linux/amd64 images/grafana \
|
||||
--provenance false \
|
||||
--tag $(REGISTRY)/grafana:$(call settag,$(GRAFANA_TAG)) \
|
||||
--cache-from type=registry,ref=$(REGISTRY)/grafana:latest \
|
||||
--cache-to type=inline \
|
||||
--metadata-file images/grafana.json \
|
||||
--push=$(PUSH) \
|
||||
--load=$(LOAD)
|
||||
echo "$(REGISTRY)/grafana:$(call settag,$(GRAFANA_TAG))@$$(yq e '."containerimage.digest"' images/grafana.json -o json -r)" \
|
||||
> images/grafana.tag
|
||||
rm -f images/grafana.json
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
ghcr.io/aenix-io/cozystack/grafana:1.8.0@sha256:0377abd3cb2c6e27b12ac297f1859aa4d550f1aa14989f824f2315d0dfd1a5b2
|
||||
@@ -1,15 +0,0 @@
|
||||
FROM grafana/grafana:11.4.0
|
||||
|
||||
USER root
|
||||
|
||||
RUN mkdir -p /var/lib/grafana-plugins \
|
||||
&& chown -R grafana:0 /var/lib/grafana-plugins
|
||||
|
||||
USER grafana
|
||||
|
||||
ARG VLOGS_VERSION=v0.14.1
|
||||
RUN curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/${VLOGS_VERSION}/victoriametrics-logs-datasource-${VLOGS_VERSION}.tar.gz | \
|
||||
tar -xzf - -C /var/lib/grafana-plugins
|
||||
|
||||
RUN grafana-cli --pluginsDir /var/lib/grafana-plugins plugins install natel-discrete-panel
|
||||
RUN grafana-cli --pluginsDir /var/lib/grafana-plugins plugins install grafana-worldmap-panel
|
||||
@@ -36,19 +36,38 @@ spec:
|
||||
replicas: 2
|
||||
template:
|
||||
spec:
|
||||
initContainers:
|
||||
- name: "load-vm-ds-plugin"
|
||||
image: "curlimages/curl:7.85.0"
|
||||
command: [ "/bin/sh" ]
|
||||
workingDir: "/var/lib/grafana"
|
||||
securityContext:
|
||||
runAsUser: 10001
|
||||
runAsNonRoot: true
|
||||
runAsGroup: 10001
|
||||
args:
|
||||
- "-c"
|
||||
- |
|
||||
set -ex
|
||||
mkdir -p /var/lib/grafana/plugins/
|
||||
ver=$(curl -s https://api.github.com/repos/VictoriaMetrics/victorialogs-datasource/releases/latest | grep -oE 'v0\.13\.[0-9]+' | head -1)
|
||||
curl -L https://github.com/VictoriaMetrics/victorialogs-datasource/releases/download/$ver/victoriametrics-logs-datasource-$ver.tar.gz -o /var/lib/grafana/plugins/vl-plugin.tar.gz
|
||||
tar -xf /var/lib/grafana/plugins/vl-plugin.tar.gz -C /var/lib/grafana/plugins/
|
||||
rm /var/lib/grafana/plugins/vl-plugin.tar.gz
|
||||
volumeMounts:
|
||||
- name: grafana-data
|
||||
mountPath: /var/lib/grafana
|
||||
containers:
|
||||
- name: grafana
|
||||
image: "{{ $.Files.Get "images/grafana.tag" | trim }}"
|
||||
image: grafana/grafana:11.2.0
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: false
|
||||
readinessProbe:
|
||||
failureThreshold: 3
|
||||
env:
|
||||
#- name: GF_INSTALL_PLUGINS
|
||||
# value: grafana-worldmap-panel,natel-discrete-panel
|
||||
- name: GF_PATHS_PLUGINS
|
||||
value: /var/lib/grafana-plugins
|
||||
- name: GF_INSTALL_PLUGINS
|
||||
value: grafana-worldmap-panel,natel-discrete-panel
|
||||
- name: ONCALL_API_URL
|
||||
value: http://grafana-oncall-engine:8080
|
||||
- name: GF_DATABASE_HOST
|
||||
|
||||
@@ -1,4 +1,3 @@
|
||||
bootbox 0.1.0 HEAD
|
||||
etcd 1.0.0 f7eaab0
|
||||
etcd 2.0.0 a6d0f7cf
|
||||
etcd 2.0.1 6fc1cc7d
|
||||
@@ -24,8 +23,7 @@ monitoring 1.5.3 c1ca19dc
|
||||
monitoring 1.5.4 d4634797
|
||||
monitoring 1.6.0 cb7b8158
|
||||
monitoring 1.6.1 3bb97596
|
||||
monitoring 1.7.0 749110aa
|
||||
monitoring 1.8.0 HEAD
|
||||
monitoring 1.7.0 HEAD
|
||||
seaweedfs 0.1.0 5ca8823
|
||||
seaweedfs 0.2.0 9e33dc0
|
||||
seaweedfs 0.2.1 249bf35
|
||||
|
||||
@@ -1,21 +0,0 @@
|
||||
apiVersion: helm.toolkit.fluxcd.io/v2
|
||||
kind: HelmRelease
|
||||
metadata:
|
||||
annotations:
|
||||
helm.sh/resource-policy: keep
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
name: bootbox
|
||||
namespace: tenant-root
|
||||
spec:
|
||||
chart:
|
||||
spec:
|
||||
chart: bootbox
|
||||
reconcileStrategy: Revision
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
version: '*'
|
||||
interval: 1m0s
|
||||
timeout: 5m0s
|
||||
@@ -1 +1 @@
|
||||
ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:88502cd7dd31418e503a9eea39dd49845e3c56236f1480adcb701043efcf13e7
|
||||
ghcr.io/aenix-io/cozystack/s3manager:v0.5.0@sha256:35e9a8ba7e1a3b0cee634f6d2bd92d2b08c47c7ed3316559c9ea25ff733eb5d5
|
||||
|
||||
@@ -300,17 +300,3 @@ data:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: BootBox
|
||||
plural: bootboxes
|
||||
singular: bootbox
|
||||
release:
|
||||
prefix: ""
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: bootbox
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
cozystackAPI:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.24.0@sha256:295e50fb1e08c9be272ca218b12fc90b649df6656879a3ed8f261f2ccd946b03
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-api:v0.23.1@sha256:b25faba99a8b98c1d3576b47986266c4f391c1998d89b599e9139f43727c5b4c
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
cozystackController:
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-controller:v0.24.0@sha256:6226224703de85835a66f5434d295958c0c0910f97c8fbeaae0021fef2829be6
|
||||
image: ghcr.io/aenix-io/cozystack/cozystack-controller:v0.23.1@sha256:ca7801e33fbd38e01b3abe9645956bb235ba7b0f2381bd622d18d4dc5e280020
|
||||
debug: false
|
||||
disableTelemetry: false
|
||||
cozystackVersion: "v0.24.0"
|
||||
cozystackVersion: "v0.23.1"
|
||||
|
||||
@@ -76,7 +76,7 @@ data:
|
||||
"kubeappsNamespace": {{ .Release.Namespace | quote }},
|
||||
"helmGlobalNamespace": {{ include "kubeapps.helmGlobalPackagingNamespace" . | quote }},
|
||||
"carvelGlobalNamespace": {{ .Values.kubeappsapis.pluginConfig.kappController.packages.v1alpha1.globalPackagingNamespace | quote }},
|
||||
"appVersion": "v0.24.0",
|
||||
"appVersion": "v0.23.1",
|
||||
"authProxyEnabled": {{ .Values.authProxy.enabled }},
|
||||
"oauthLoginURI": {{ .Values.authProxy.oauthLoginURI | quote }},
|
||||
"oauthLogoutURI": {{ .Values.authProxy.oauthLogoutURI | quote }},
|
||||
|
||||
@@ -40,14 +40,14 @@ kubeapps:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: dashboard
|
||||
tag: v0.24.0
|
||||
tag: v0.23.1
|
||||
digest: "sha256:81e7b625c667bce5fc339eb97c8e115eafb82f66df4501550b3677ac53f6e234"
|
||||
kubeappsapis:
|
||||
image:
|
||||
registry: ghcr.io/aenix-io/cozystack
|
||||
repository: kubeapps-apis
|
||||
tag: v0.24.0
|
||||
digest: "sha256:e2a4caf976ff5d8b0092b7786d3aeb8e847964aa5bf186b1da900e413f729e0f"
|
||||
tag: v0.23.1
|
||||
digest: "sha256:d3767354cf6c785447f30e87bb2017ec45843edfc02635f526d2ecacc82f5d26"
|
||||
pluginConfig:
|
||||
flux:
|
||||
packages:
|
||||
@@ -347,17 +347,3 @@ kubeapps:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
- application:
|
||||
kind: BootBox
|
||||
plural: bootboxes
|
||||
singular: bootbox
|
||||
release:
|
||||
prefix: ""
|
||||
labels:
|
||||
cozystack.io/ui: "true"
|
||||
chart:
|
||||
name: bootbox
|
||||
sourceRef:
|
||||
kind: HelmRepository
|
||||
name: cozystack-extra
|
||||
namespace: cozy-public
|
||||
|
||||
@@ -9,7 +9,7 @@ update:
|
||||
tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/clastix/kamaji | grep refs/tags/edge- | awk -F'[/^]' 'END{print $$3}') && \
|
||||
curl -sSL https://github.com/clastix/kamaji/archive/refs/tags/$${tag}.tar.gz | \
|
||||
tar -xzvf - --strip 1 kamaji-$${tag}/charts && \
|
||||
sed -i "/ARG VERSION/ s|=.*|=$${tag}|g" images/kamaji/Dockerfile
|
||||
sed -i "/^FROM clastix/ s|:.*|:$${tag}|g" images/kamaji/Dockerfile
|
||||
|
||||
image:
|
||||
docker buildx build images/kamaji \
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
dependencies:
|
||||
- name: kamaji-etcd
|
||||
repository: https://clastix.github.io/charts
|
||||
version: 0.8.1
|
||||
digest: sha256:381d8ef9619c2daeea37e40c6a9772ae3e5cee80887148879db04e887d5364ad
|
||||
generated: "2024-10-25T19:28:40.880766186+02:00"
|
||||
version: 0.8.0
|
||||
digest: sha256:525b0eb2b5bae709d62de9328312d42c54b5219c6df67061de0da79eeca04fb3
|
||||
generated: "2024-08-25T08:44:24.92211307+02:00"
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
apiVersion: v2
|
||||
appVersion: v0.0.0
|
||||
appVersion: v1.0.0
|
||||
description: Kamaji is the Hosted Control Plane Manager for Kubernetes.
|
||||
home: https://github.com/clastix/kamaji
|
||||
icon: https://github.com/clastix/kamaji/raw/master/assets/logo-colored.png
|
||||
@@ -17,11 +17,11 @@ name: kamaji
|
||||
sources:
|
||||
- https://github.com/clastix/kamaji
|
||||
type: application
|
||||
version: 0.0.0
|
||||
version: 2.0.0
|
||||
dependencies:
|
||||
- name: kamaji-etcd
|
||||
repository: https://clastix.github.io/charts
|
||||
version: ">=0.8.1"
|
||||
version: ">=0.7.0"
|
||||
condition: kamaji-etcd.deploy
|
||||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
# kamaji
|
||||
|
||||
  
|
||||
  
|
||||
|
||||
Kamaji is the Hosted Control Plane Manager for Kubernetes.
|
||||
|
||||
@@ -22,7 +22,7 @@ Kubernetes: `>=1.21.0-0`
|
||||
|
||||
| Repository | Name | Version |
|
||||
|------------|------|---------|
|
||||
| https://clastix.github.io/charts | kamaji-etcd | >=0.8.1 |
|
||||
| https://clastix.github.io/charts | kamaji-etcd | >=0.7.0 |
|
||||
|
||||
[Kamaji](https://github.com/clastix/kamaji) requires a [multi-tenant `etcd`](https://github.com/clastix/kamaji-internal/blob/master/deploy/getting-started-with-kamaji.md#setup-internal-multi-tenant-etcd) cluster.
|
||||
This Helm Chart starting from v0.1.1 provides the installation of an internal `etcd` in order to streamline the local test. If you'd like to use an externally managed etcd instance, you can specify the overrides and by setting the value `etcd.deploy=false`.
|
||||
@@ -70,7 +70,7 @@ Here the values you can override:
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods |
|
||||
| defaultDatastoreName | string | `"default"` | If specified, all the Kamaji instances with an unassigned DataStore will inherit this default value. |
|
||||
| defaultDatastoreName | string | `"default"` | Specify the default DataStore name for the Kamaji instance. |
|
||||
| extraArgs | list | `[]` | A list of extra arguments to add to the kamaji controller default ones |
|
||||
| fullnameOverride | string | `""` | |
|
||||
| healthProbeBindAddress | string | `":8081"` | The address the probe endpoint binds to. (default ":8081") |
|
||||
|
||||
@@ -66,6 +66,7 @@ spec:
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TenantControlPlaneSpec defines the desired state of TenantControlPlane.
|
||||
properties:
|
||||
addons:
|
||||
description: Addons contain which addons are enabled
|
||||
@@ -6412,23 +6413,10 @@ spec:
|
||||
type: object
|
||||
dataStore:
|
||||
description: |-
|
||||
DataStore specifies the DataStore that should be used to store the Kubernetes data for the given Tenant Control Plane.
|
||||
When Kamaji runs with the default DataStore flag, all empty values will inherit the default value.
|
||||
By leaving it empty and running Kamaji with no default DataStore flag, it is possible to achieve automatic assignment to a specific DataStore object.
|
||||
|
||||
Migration from one DataStore to another backed by the same Driver is possible. See: https://kamaji.clastix.io/guides/datastore-migration/
|
||||
Migration from one DataStore to another backed by a different Driver is not supported.
|
||||
DataStore allows to specify a DataStore that should be used to store the Kubernetes data for the given Tenant Control Plane.
|
||||
This parameter is optional and acts as an override over the default one which is used by the Kamaji Operator.
|
||||
Migration from a different DataStore to another one is not yet supported and the reconciliation will be blocked.
|
||||
type: string
|
||||
dataStoreSchema:
|
||||
description: |-
|
||||
DataStoreSchema allows to specify the name of the database (for relational DataStores) or the key prefix (for etcd). This
|
||||
value is optional and immutable. Note that Kamaji currently doesn't ensure that DataStoreSchema values are unique. It's up
|
||||
to the user to avoid clashes between different TenantControlPlanes. If not set upon creation, Kamaji will default the
|
||||
DataStoreSchema by concatenating the namespace and name of the TenantControlPlane.
|
||||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: changing the dataStoreSchema is not supported
|
||||
rule: self == oldSelf
|
||||
kubernetes:
|
||||
description: Kubernetes specification for tenant control plane
|
||||
properties:
|
||||
@@ -6551,47 +6539,15 @@ spec:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
clusterDomain:
|
||||
default: cluster.local
|
||||
description: The default domain name used for DNS resolution within the cluster.
|
||||
pattern: .*\..*
|
||||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: changing the cluster domain is not supported
|
||||
rule: self == oldSelf
|
||||
dnsServiceIPs:
|
||||
description: |-
|
||||
The DNS Service for internal resolution, it must match the Service CIDR.
|
||||
In case of an empty value, it is automatically computed according to the Service CIDR, e.g.:
|
||||
Service CIDR 10.96.0.0/16, the resulting DNS Service IP will be 10.96.0.10 for IPv4,
|
||||
for IPv6 from the CIDR 2001:db8:abcd::/64 the resulting DNS Service IP will be 2001:db8:abcd::10.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
loadBalancerClass:
|
||||
description: |-
|
||||
Specify the LoadBalancer class in case of multiple load balancer implementations.
|
||||
Field supported only for Tenant Control Plane instances exposed using a LoadBalancer Service.
|
||||
minLength: 1
|
||||
type: string
|
||||
x-kubernetes-validations:
|
||||
- message: LoadBalancerClass is immutable
|
||||
rule: self == oldSelf
|
||||
loadBalancerSourceRanges:
|
||||
description: |-
|
||||
LoadBalancerSourceRanges restricts the IP ranges that can access
|
||||
the LoadBalancer type Service. This field defines a list of IP
|
||||
address ranges (in CIDR format) that are allowed to access the service.
|
||||
If left empty, the service will allow traffic from all IP ranges (0.0.0.0/0).
|
||||
This feature is useful for restricting access to API servers or services
|
||||
to specific networks for security purposes.
|
||||
Example: {"192.168.1.0/24", "10.0.0.0/8"}
|
||||
default:
|
||||
- 10.96.0.10
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
podCidr:
|
||||
default: 10.244.0.0/16
|
||||
description: 'CIDR for Kubernetes Pods: if empty, defaulted to 10.244.0.0/16.'
|
||||
description: CIDR for Kubernetes Pods
|
||||
type: string
|
||||
port:
|
||||
default: 6443
|
||||
@@ -6600,24 +6556,13 @@ spec:
|
||||
type: integer
|
||||
serviceCidr:
|
||||
default: 10.96.0.0/16
|
||||
description: 'CIDR for Kubernetes Services: if empty, defaulted to 10.96.0.0/16.'
|
||||
description: Kubernetes Service
|
||||
type: string
|
||||
type: object
|
||||
required:
|
||||
- controlPlane
|
||||
- kubernetes
|
||||
type: object
|
||||
x-kubernetes-validations:
|
||||
- message: unsetting the dataStore is not supported
|
||||
rule: '!has(oldSelf.dataStore) || has(self.dataStore)'
|
||||
- message: unsetting the dataStoreSchema is not supported
|
||||
rule: '!has(oldSelf.dataStoreSchema) || has(self.dataStoreSchema)'
|
||||
- message: LoadBalancer source ranges are supported only with LoadBalancer service type
|
||||
rule: '!has(self.networkProfile.loadBalancerSourceRanges) || (size(self.networkProfile.loadBalancerSourceRanges) == 0 || self.controlPlane.service.serviceType == ''LoadBalancer'')'
|
||||
- message: LoadBalancerClass is supported only with LoadBalancer service type
|
||||
rule: '!has(self.networkProfile.loadBalancerClass) || self.controlPlane.service.serviceType == ''LoadBalancer'''
|
||||
- message: LoadBalancerClass cannot be set or unset at runtime
|
||||
rule: self.controlPlane.service.serviceType != 'LoadBalancer' || (oldSelf.controlPlane.service.serviceType != 'LoadBalancer' && self.controlPlane.service.serviceType == 'LoadBalancer') || has(self.networkProfile.loadBalancerClass) == has(oldSelf.networkProfile.loadBalancerClass)
|
||||
status:
|
||||
description: TenantControlPlaneStatus defines the observed state of TenantControlPlane.
|
||||
properties:
|
||||
|
||||
@@ -33,9 +33,8 @@ spec:
|
||||
- --leader-elect
|
||||
- --metrics-bind-address={{ .Values.metricsBindAddress }}
|
||||
- --tmp-directory={{ .Values.temporaryDirectoryPath }}
|
||||
{{- if not (eq .Values.defaultDatastoreName "") }}
|
||||
- --datastore={{ .Values.defaultDatastoreName }}
|
||||
{{- end }}
|
||||
{{- $datastoreName := .Values.defaultDatastoreName | required ".Values.defaultDatastoreName is required!" }}
|
||||
- --datastore={{ $datastoreName }}
|
||||
{{- if .Values.telemetry.disabled }}
|
||||
- --disable-telemetry
|
||||
{{- end }}
|
||||
|
||||
@@ -95,7 +95,7 @@ loggingDevel:
|
||||
# -- Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default false)
|
||||
enable: false
|
||||
|
||||
# -- If specified, all the Kamaji instances with an unassigned DataStore will inherit this default value.
|
||||
# -- Specify the default DataStore name for the Kamaji instance.
|
||||
defaultDatastoreName: default
|
||||
|
||||
kamaji-etcd:
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
# Build the manager binary
|
||||
FROM golang:1.23 as builder
|
||||
FROM golang:1.22 as builder
|
||||
|
||||
ARG VERSION=edge-24.12.1
|
||||
ARG VERSION=edge-24.9.2
|
||||
ARG TARGETOS TARGETARCH
|
||||
|
||||
WORKDIR /workspace
|
||||
|
||||
@@ -3,7 +3,7 @@ kamaji:
|
||||
deploy: false
|
||||
image:
|
||||
pullPolicy: IfNotPresent
|
||||
tag: v0.24.0@sha256:5084f6b58fc70bb4d27cb2e21b019c30d6895e1b2efcece388c747003ad82fb7
|
||||
tag: v0.23.1@sha256:87166056685e4dab9de030ad9389ce58f0d96e7f6c191674fe93483fbe99490f
|
||||
repository: ghcr.io/aenix-io/cozystack/kamaji
|
||||
resources:
|
||||
limits:
|
||||
|
||||
@@ -22,4 +22,4 @@ global:
|
||||
images:
|
||||
kubeovn:
|
||||
repository: kubeovn
|
||||
tag: v1.13.2@sha256:04c0f6892cf3dfd1c0db2f9b3c876c8cc05f5e25d3ebf0fb9c842bd29319352e
|
||||
tag: v1.13.2@sha256:ee658a003cd77a1f7b9df1d108255a8b5a69e67dd59fa6a6161c869b00207d4f
|
||||
|
||||
@@ -1,3 +1,3 @@
|
||||
apiVersion: v2
|
||||
name: cozy-smee
|
||||
name: cozy-tinkerbell
|
||||
version: 0.0.0 # Placeholder, the actual version will be automatically set during the build process
|
||||
@@ -1,4 +1,4 @@
|
||||
export NAME=bootbox
|
||||
export NAME=tinkerbell
|
||||
export NAMESPACE=cozy-$(NAME)
|
||||
|
||||
include ../../../scripts/package.mk
|
||||
@@ -10,7 +10,7 @@ update:
|
||||
tag=$$(git ls-remote --tags --sort="v:refname" https://github.com/tinkerbell/charts | awk -F'[/^]' 'END{print $$3}') && \
|
||||
curl -sSL https://github.com/tinkerbell/charts/archive/refs/tags/$${tag}.tar.gz | \
|
||||
tar xzvf - --strip 2 charts-$${tag#*v}/tinkerbell
|
||||
find charts -maxdepth 1 -mindepth 1 ! -name tink -and ! -name smee -exec rm -rf {} \;
|
||||
find charts -maxdepth 1 -mindepth 1 ! -name tink -and ! -name smee -and ! -name rufio -exec rm -rf {} \;
|
||||
mkdir -p charts/smee/crds
|
||||
mv charts/tink/crds/hardware-crd.yaml charts/smee/crds
|
||||
rm -rf charts/tink
|
||||
25
packages/system/tinkerbell/charts/rufio/Chart.yaml
Normal file
25
packages/system/tinkerbell/charts/rufio/Chart.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
apiVersion: v2
|
||||
name: rufio
|
||||
description: Rufio handles BMC interactions for Tinkerbell
|
||||
icon: https://github.com/tinkerbell/artwork/blob/6f07de53d75cb8932dbc7d14201e038cf3a3b230/Tinkerbell-Icon-Dark.png
|
||||
|
||||
# A chart can be either an 'application' or a 'library' chart.
|
||||
#
|
||||
# Application charts are a collection of templates that can be packaged into versioned archives
|
||||
# to be deployed.
|
||||
#
|
||||
# Library charts provide useful utilities or functions for the chart developer. They're included as
|
||||
# a dependency of application charts to inject those utilities and functions into the rendering
|
||||
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
|
||||
type: application
|
||||
|
||||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.4.0
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
# follow Semantic Versioning. They should reflect the version the application is using.
|
||||
# It is recommended to use it with quotes.
|
||||
appVersion: "0.6.1"
|
||||
@@ -0,0 +1,166 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.16.4
|
||||
name: jobs.bmc.tinkerbell.org
|
||||
spec:
|
||||
group: bmc.tinkerbell.org
|
||||
names:
|
||||
categories:
|
||||
- tinkerbell
|
||||
kind: Job
|
||||
listKind: JobList
|
||||
plural: jobs
|
||||
shortNames:
|
||||
- j
|
||||
singular: job
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Job is the Schema for the bmcjobs API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: JobSpec defines the desired state of Job.
|
||||
properties:
|
||||
machineRef:
|
||||
description: |-
|
||||
MachineRef represents the Machine resource to execute the job.
|
||||
All the tasks in the job are executed for the same Machine.
|
||||
properties:
|
||||
name:
|
||||
description: Name of the Machine.
|
||||
type: string
|
||||
namespace:
|
||||
description: Namespace the Machine resides in.
|
||||
type: string
|
||||
required:
|
||||
- name
|
||||
- namespace
|
||||
type: object
|
||||
tasks:
|
||||
description: |-
|
||||
Tasks represents a list of baseboard management actions to be executed.
|
||||
The tasks are executed sequentially. Controller waits for one task to complete before executing the next.
|
||||
If a single task fails, job execution stops and sets condition Failed.
|
||||
Condition Completed is set only if all the tasks were successful.
|
||||
items:
|
||||
description: |-
|
||||
Action represents the action to be performed.
|
||||
A single task can only perform one type of action.
|
||||
For example either PowerAction or OneTimeBootDeviceAction.
|
||||
maxProperties: 1
|
||||
properties:
|
||||
oneTimeBootDeviceAction:
|
||||
description: OneTimeBootDeviceAction represents a baseboard
|
||||
management one time set boot device operation.
|
||||
properties:
|
||||
device:
|
||||
description: |-
|
||||
Devices represents the boot devices, in order for setting one time boot.
|
||||
Currently only the first device in the slice is used to set one time boot.
|
||||
items:
|
||||
description: BootDevice represents boot device of the
|
||||
Machine.
|
||||
type: string
|
||||
type: array
|
||||
efiBoot:
|
||||
description: EFIBoot instructs the machine to use EFI boot.
|
||||
type: boolean
|
||||
required:
|
||||
- device
|
||||
type: object
|
||||
powerAction:
|
||||
description: PowerAction represents a baseboard management power
|
||||
operation.
|
||||
enum:
|
||||
- "on"
|
||||
- "off"
|
||||
- soft
|
||||
- status
|
||||
- cycle
|
||||
- reset
|
||||
type: string
|
||||
virtualMediaAction:
|
||||
description: VirtualMediaAction represents a baseboard management
|
||||
virtual media insert/eject.
|
||||
properties:
|
||||
kind:
|
||||
type: string
|
||||
mediaURL:
|
||||
description: |-
|
||||
mediaURL represents the URL of the image to be inserted into the virtual media, or empty to
|
||||
eject media.
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
type: object
|
||||
type: object
|
||||
minItems: 1
|
||||
type: array
|
||||
required:
|
||||
- machineRef
|
||||
- tasks
|
||||
type: object
|
||||
status:
|
||||
description: JobStatus defines the observed state of Job.
|
||||
properties:
|
||||
completionTime:
|
||||
description: |-
|
||||
CompletionTime represents time when the job was completed.
|
||||
The completion time is only set when the job finishes successfully.
|
||||
format: date-time
|
||||
type: string
|
||||
conditions:
|
||||
description: Conditions represents the latest available observations
|
||||
of an object's current state.
|
||||
items:
|
||||
properties:
|
||||
message:
|
||||
description: Message represents human readable message indicating
|
||||
details about last transition.
|
||||
type: string
|
||||
status:
|
||||
description: |-
|
||||
Status is the status of the Job condition.
|
||||
Can be True or False.
|
||||
type: string
|
||||
type:
|
||||
description: Type of the Job condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
startTime:
|
||||
description: StartTime represents time when the Job controller started
|
||||
processing a job.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -0,0 +1,294 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.16.4
|
||||
name: machines.bmc.tinkerbell.org
|
||||
spec:
|
||||
group: bmc.tinkerbell.org
|
||||
names:
|
||||
categories:
|
||||
- tinkerbell
|
||||
kind: Machine
|
||||
listKind: MachineList
|
||||
plural: machines
|
||||
singular: machine
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Machine is the Schema for the machines API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: MachineSpec defines desired machine state.
|
||||
properties:
|
||||
connection:
|
||||
description: Connection contains connection data for a Baseboard Management
|
||||
Controller.
|
||||
properties:
|
||||
authSecretRef:
|
||||
description: |-
|
||||
AuthSecretRef is the SecretReference that contains authentication information of the Machine.
|
||||
The Secret must contain username and password keys. This is optional as it is not required when using
|
||||
the RPC provider.
|
||||
properties:
|
||||
name:
|
||||
description: name is unique within a namespace to reference
|
||||
a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the
|
||||
secret name must be unique.
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
host:
|
||||
description: Host is the host IP address or hostname of the Machine.
|
||||
minLength: 1
|
||||
type: string
|
||||
insecureTLS:
|
||||
description: InsecureTLS specifies trusted TLS connections.
|
||||
type: boolean
|
||||
port:
|
||||
default: 623
|
||||
description: Port is the port number for connecting with the Machine.
|
||||
type: integer
|
||||
providerOptions:
|
||||
description: ProviderOptions contains provider specific options.
|
||||
properties:
|
||||
intelAMT:
|
||||
description: IntelAMT contains the options to customize the
|
||||
IntelAMT provider.
|
||||
properties:
|
||||
hostScheme:
|
||||
default: http
|
||||
description: HostScheme determines whether to use http
|
||||
or https for intelAMT calls.
|
||||
enum:
|
||||
- http
|
||||
- https
|
||||
type: string
|
||||
port:
|
||||
description: Port that intelAMT will use for calls.
|
||||
type: integer
|
||||
type: object
|
||||
ipmitool:
|
||||
description: IPMITOOL contains the options to customize the
|
||||
Ipmitool provider.
|
||||
properties:
|
||||
cipherSuite:
|
||||
description: CipherSuite that ipmitool will use for calls.
|
||||
type: string
|
||||
port:
|
||||
description: Port that ipmitool will use for calls.
|
||||
type: integer
|
||||
type: object
|
||||
preferredOrder:
|
||||
description: |-
|
||||
PreferredOrder allows customizing the order that BMC providers are called.
|
||||
Providers added to this list will be moved to the front of the default order.
|
||||
Provider names are case insensitive.
|
||||
The default order is: ipmitool, asrockrack, gofish, intelamt, dell, supermicro, openbmc.
|
||||
items:
|
||||
description: ProviderName is the bmclib specific provider
|
||||
name. Names are case insensitive.
|
||||
pattern: (?i)^(ipmitool|asrockrack|gofish|IntelAMT|dell|supermicro|openbmc)$
|
||||
type: string
|
||||
type: array
|
||||
redfish:
|
||||
description: Redfish contains the options to customize the
|
||||
Redfish provider.
|
||||
properties:
|
||||
port:
|
||||
description: Port that redfish will use for calls.
|
||||
type: integer
|
||||
systemName:
|
||||
description: |-
|
||||
SystemName is the name of the system to use for redfish calls.
|
||||
With redfish implementations that manage multiple systems via a single endpoint, this allows for specifying the system to manage.
|
||||
type: string
|
||||
useBasicAuth:
|
||||
description: UseBasicAuth for redfish calls. The default
|
||||
is false which means token based auth is used.
|
||||
type: boolean
|
||||
type: object
|
||||
rpc:
|
||||
description: RPC contains the options to customize the RPC
|
||||
provider.
|
||||
properties:
|
||||
consumerURL:
|
||||
description: |-
|
||||
ConsumerURL is the URL where an rpc consumer/listener is running
|
||||
and to which we will send and receive all notifications.
|
||||
type: string
|
||||
experimental:
|
||||
description: Experimental options.
|
||||
properties:
|
||||
customRequestPayload:
|
||||
description: CustomRequestPayload must be in json.
|
||||
type: string
|
||||
dotPath:
|
||||
description: 'DotPath is the path to the json object
|
||||
where the bmclib RequestPayload{} struct will be
|
||||
embedded. For example: object.data.body'
|
||||
type: string
|
||||
type: object
|
||||
hmac:
|
||||
description: HMAC is the options used to create a HMAC
|
||||
signature.
|
||||
properties:
|
||||
prefixSigDisabled:
|
||||
description: 'PrefixSigDisabled determines whether
|
||||
the algorithm will be prefixed to the signature.
|
||||
Example: sha256=abc123'
|
||||
type: boolean
|
||||
secrets:
|
||||
additionalProperties:
|
||||
items:
|
||||
description: |-
|
||||
SecretReference represents a Secret Reference. It has enough information to retrieve secret
|
||||
in any namespace
|
||||
properties:
|
||||
name:
|
||||
description: name is unique within a namespace
|
||||
to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within
|
||||
which the secret name must be unique.
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: array
|
||||
description: Secrets are a map of algorithms to secrets
|
||||
used for signing.
|
||||
type: object
|
||||
type: object
|
||||
logNotificationsDisabled:
|
||||
description: LogNotificationsDisabled determines whether
|
||||
responses from rpc consumer/listeners will be logged
|
||||
or not.
|
||||
type: boolean
|
||||
request:
|
||||
description: Request is the options used to create the
|
||||
rpc HTTP request.
|
||||
properties:
|
||||
httpContentType:
|
||||
description: HTTPContentType is the content type to
|
||||
use for the rpc request notification.
|
||||
type: string
|
||||
httpMethod:
|
||||
description: HTTPMethod is the HTTP method to use
|
||||
for the rpc request notification.
|
||||
type: string
|
||||
staticHeaders:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: StaticHeaders are predefined headers
|
||||
that will be added to every request.
|
||||
type: object
|
||||
timestampFormat:
|
||||
description: TimestampFormat is the time format for
|
||||
the timestamp header.
|
||||
type: string
|
||||
timestampHeader:
|
||||
description: 'TimestampHeader is the header name that
|
||||
should contain the timestamp. Example: X-BMCLIB-Timestamp'
|
||||
type: string
|
||||
type: object
|
||||
signature:
|
||||
description: Signature is the options used for adding
|
||||
an HMAC signature to an HTTP request.
|
||||
properties:
|
||||
appendAlgoToHeaderDisabled:
|
||||
description: |-
|
||||
AppendAlgoToHeaderDisabled decides whether to append the algorithm to the signature header or not.
|
||||
Example: X-BMCLIB-Signature becomes X-BMCLIB-Signature-256
|
||||
When set to true, a header will be added for each algorithm. Example: X-BMCLIB-Signature-256 and X-BMCLIB-Signature-512
|
||||
type: boolean
|
||||
headerName:
|
||||
description: 'HeaderName is the header name that should
|
||||
contain the signature(s). Example: X-BMCLIB-Signature'
|
||||
type: string
|
||||
includedPayloadHeaders:
|
||||
description: |-
|
||||
IncludedPayloadHeaders are headers whose values will be included in the signature payload. Example: X-BMCLIB-My-Custom-Header
|
||||
All headers will be deduplicated.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- consumerURL
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- host
|
||||
- insecureTLS
|
||||
type: object
|
||||
required:
|
||||
- connection
|
||||
type: object
|
||||
status:
|
||||
description: MachineStatus defines the observed state of Machine.
|
||||
properties:
|
||||
conditions:
|
||||
description: Conditions represents the latest available observations
|
||||
of an object's current state.
|
||||
items:
|
||||
description: MachineCondition defines an observed condition of a
|
||||
Machine.
|
||||
properties:
|
||||
lastUpdateTime:
|
||||
description: LastUpdateTime of the condition.
|
||||
format: date-time
|
||||
type: string
|
||||
message:
|
||||
description: Message is a human readable message indicating
|
||||
with details of the last transition.
|
||||
type: string
|
||||
status:
|
||||
description: Status of the condition.
|
||||
type: string
|
||||
type:
|
||||
description: Type of the Machine condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
powerState:
|
||||
description: Power is the current power state of the Machine.
|
||||
enum:
|
||||
- "on"
|
||||
- "off"
|
||||
- unknown
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -0,0 +1,342 @@
|
||||
---
|
||||
apiVersion: apiextensions.k8s.io/v1
|
||||
kind: CustomResourceDefinition
|
||||
metadata:
|
||||
annotations:
|
||||
controller-gen.kubebuilder.io/version: v0.16.4
|
||||
name: tasks.bmc.tinkerbell.org
|
||||
spec:
|
||||
group: bmc.tinkerbell.org
|
||||
names:
|
||||
categories:
|
||||
- tinkerbell
|
||||
kind: Task
|
||||
listKind: TaskList
|
||||
plural: tasks
|
||||
shortNames:
|
||||
- t
|
||||
singular: task
|
||||
scope: Namespaced
|
||||
versions:
|
||||
- name: v1alpha1
|
||||
schema:
|
||||
openAPIV3Schema:
|
||||
description: Task is the Schema for the Task API.
|
||||
properties:
|
||||
apiVersion:
|
||||
description: |-
|
||||
APIVersion defines the versioned schema of this representation of an object.
|
||||
Servers should convert recognized schemas to the latest internal value, and
|
||||
may reject unrecognized values.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
|
||||
type: string
|
||||
kind:
|
||||
description: |-
|
||||
Kind is a string value representing the REST resource this object represents.
|
||||
Servers may infer this from the endpoint the client submits requests to.
|
||||
Cannot be updated.
|
||||
In CamelCase.
|
||||
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
|
||||
type: string
|
||||
metadata:
|
||||
type: object
|
||||
spec:
|
||||
description: TaskSpec defines the desired state of Task.
|
||||
properties:
|
||||
connection:
|
||||
description: Connection represents the Machine connectivity information.
|
||||
properties:
|
||||
authSecretRef:
|
||||
description: |-
|
||||
AuthSecretRef is the SecretReference that contains authentication information of the Machine.
|
||||
The Secret must contain username and password keys. This is optional as it is not required when using
|
||||
the RPC provider.
|
||||
properties:
|
||||
name:
|
||||
description: name is unique within a namespace to reference
|
||||
a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within which the
|
||||
secret name must be unique.
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
host:
|
||||
description: Host is the host IP address or hostname of the Machine.
|
||||
minLength: 1
|
||||
type: string
|
||||
insecureTLS:
|
||||
description: InsecureTLS specifies trusted TLS connections.
|
||||
type: boolean
|
||||
port:
|
||||
default: 623
|
||||
description: Port is the port number for connecting with the Machine.
|
||||
type: integer
|
||||
providerOptions:
|
||||
description: ProviderOptions contains provider specific options.
|
||||
properties:
|
||||
intelAMT:
|
||||
description: IntelAMT contains the options to customize the
|
||||
IntelAMT provider.
|
||||
properties:
|
||||
hostScheme:
|
||||
default: http
|
||||
description: HostScheme determines whether to use http
|
||||
or https for intelAMT calls.
|
||||
enum:
|
||||
- http
|
||||
- https
|
||||
type: string
|
||||
port:
|
||||
description: Port that intelAMT will use for calls.
|
||||
type: integer
|
||||
type: object
|
||||
ipmitool:
|
||||
description: IPMITOOL contains the options to customize the
|
||||
Ipmitool provider.
|
||||
properties:
|
||||
cipherSuite:
|
||||
description: CipherSuite that ipmitool will use for calls.
|
||||
type: string
|
||||
port:
|
||||
description: Port that ipmitool will use for calls.
|
||||
type: integer
|
||||
type: object
|
||||
preferredOrder:
|
||||
description: |-
|
||||
PreferredOrder allows customizing the order that BMC providers are called.
|
||||
Providers added to this list will be moved to the front of the default order.
|
||||
Provider names are case insensitive.
|
||||
The default order is: ipmitool, asrockrack, gofish, intelamt, dell, supermicro, openbmc.
|
||||
items:
|
||||
description: ProviderName is the bmclib specific provider
|
||||
name. Names are case insensitive.
|
||||
pattern: (?i)^(ipmitool|asrockrack|gofish|IntelAMT|dell|supermicro|openbmc)$
|
||||
type: string
|
||||
type: array
|
||||
redfish:
|
||||
description: Redfish contains the options to customize the
|
||||
Redfish provider.
|
||||
properties:
|
||||
port:
|
||||
description: Port that redfish will use for calls.
|
||||
type: integer
|
||||
systemName:
|
||||
description: |-
|
||||
SystemName is the name of the system to use for redfish calls.
|
||||
With redfish implementations that manage multiple systems via a single endpoint, this allows for specifying the system to manage.
|
||||
type: string
|
||||
useBasicAuth:
|
||||
description: UseBasicAuth for redfish calls. The default
|
||||
is false which means token based auth is used.
|
||||
type: boolean
|
||||
type: object
|
||||
rpc:
|
||||
description: RPC contains the options to customize the RPC
|
||||
provider.
|
||||
properties:
|
||||
consumerURL:
|
||||
description: |-
|
||||
ConsumerURL is the URL where an rpc consumer/listener is running
|
||||
and to which we will send and receive all notifications.
|
||||
type: string
|
||||
experimental:
|
||||
description: Experimental options.
|
||||
properties:
|
||||
customRequestPayload:
|
||||
description: CustomRequestPayload must be in json.
|
||||
type: string
|
||||
dotPath:
|
||||
description: 'DotPath is the path to the json object
|
||||
where the bmclib RequestPayload{} struct will be
|
||||
embedded. For example: object.data.body'
|
||||
type: string
|
||||
type: object
|
||||
hmac:
|
||||
description: HMAC is the options used to create a HMAC
|
||||
signature.
|
||||
properties:
|
||||
prefixSigDisabled:
|
||||
description: 'PrefixSigDisabled determines whether
|
||||
the algorithm will be prefixed to the signature.
|
||||
Example: sha256=abc123'
|
||||
type: boolean
|
||||
secrets:
|
||||
additionalProperties:
|
||||
items:
|
||||
description: |-
|
||||
SecretReference represents a Secret Reference. It has enough information to retrieve secret
|
||||
in any namespace
|
||||
properties:
|
||||
name:
|
||||
description: name is unique within a namespace
|
||||
to reference a secret resource.
|
||||
type: string
|
||||
namespace:
|
||||
description: namespace defines the space within
|
||||
which the secret name must be unique.
|
||||
type: string
|
||||
type: object
|
||||
x-kubernetes-map-type: atomic
|
||||
type: array
|
||||
description: Secrets are a map of algorithms to secrets
|
||||
used for signing.
|
||||
type: object
|
||||
type: object
|
||||
logNotificationsDisabled:
|
||||
description: LogNotificationsDisabled determines whether
|
||||
responses from rpc consumer/listeners will be logged
|
||||
or not.
|
||||
type: boolean
|
||||
request:
|
||||
description: Request is the options used to create the
|
||||
rpc HTTP request.
|
||||
properties:
|
||||
httpContentType:
|
||||
description: HTTPContentType is the content type to
|
||||
use for the rpc request notification.
|
||||
type: string
|
||||
httpMethod:
|
||||
description: HTTPMethod is the HTTP method to use
|
||||
for the rpc request notification.
|
||||
type: string
|
||||
staticHeaders:
|
||||
additionalProperties:
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
description: StaticHeaders are predefined headers
|
||||
that will be added to every request.
|
||||
type: object
|
||||
timestampFormat:
|
||||
description: TimestampFormat is the time format for
|
||||
the timestamp header.
|
||||
type: string
|
||||
timestampHeader:
|
||||
description: 'TimestampHeader is the header name that
|
||||
should contain the timestamp. Example: X-BMCLIB-Timestamp'
|
||||
type: string
|
||||
type: object
|
||||
signature:
|
||||
description: Signature is the options used for adding
|
||||
an HMAC signature to an HTTP request.
|
||||
properties:
|
||||
appendAlgoToHeaderDisabled:
|
||||
description: |-
|
||||
AppendAlgoToHeaderDisabled decides whether to append the algorithm to the signature header or not.
|
||||
Example: X-BMCLIB-Signature becomes X-BMCLIB-Signature-256
|
||||
When set to true, a header will be added for each algorithm. Example: X-BMCLIB-Signature-256 and X-BMCLIB-Signature-512
|
||||
type: boolean
|
||||
headerName:
|
||||
description: 'HeaderName is the header name that should
|
||||
contain the signature(s). Example: X-BMCLIB-Signature'
|
||||
type: string
|
||||
includedPayloadHeaders:
|
||||
description: |-
|
||||
IncludedPayloadHeaders are headers whose values will be included in the signature payload. Example: X-BMCLIB-My-Custom-Header
|
||||
All headers will be deduplicated.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
type: object
|
||||
required:
|
||||
- consumerURL
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- host
|
||||
- insecureTLS
|
||||
type: object
|
||||
task:
|
||||
description: Task defines the specific action to be performed.
|
||||
maxProperties: 1
|
||||
properties:
|
||||
oneTimeBootDeviceAction:
|
||||
description: OneTimeBootDeviceAction represents a baseboard management
|
||||
one time set boot device operation.
|
||||
properties:
|
||||
device:
|
||||
description: |-
|
||||
Devices represents the boot devices, in order for setting one time boot.
|
||||
Currently only the first device in the slice is used to set one time boot.
|
||||
items:
|
||||
description: BootDevice represents boot device of the Machine.
|
||||
type: string
|
||||
type: array
|
||||
efiBoot:
|
||||
description: EFIBoot instructs the machine to use EFI boot.
|
||||
type: boolean
|
||||
required:
|
||||
- device
|
||||
type: object
|
||||
powerAction:
|
||||
description: PowerAction represents a baseboard management power
|
||||
operation.
|
||||
enum:
|
||||
- "on"
|
||||
- "off"
|
||||
- soft
|
||||
- status
|
||||
- cycle
|
||||
- reset
|
||||
type: string
|
||||
virtualMediaAction:
|
||||
description: VirtualMediaAction represents a baseboard management
|
||||
virtual media insert/eject.
|
||||
properties:
|
||||
kind:
|
||||
type: string
|
||||
mediaURL:
|
||||
description: |-
|
||||
mediaURL represents the URL of the image to be inserted into the virtual media, or empty to
|
||||
eject media.
|
||||
type: string
|
||||
required:
|
||||
- kind
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- task
|
||||
type: object
|
||||
status:
|
||||
description: TaskStatus defines the observed state of Task.
|
||||
properties:
|
||||
completionTime:
|
||||
description: |-
|
||||
CompletionTime represents time when the task was completed.
|
||||
The completion time is only set when the task finishes successfully.
|
||||
format: date-time
|
||||
type: string
|
||||
conditions:
|
||||
description: Conditions represents the latest available observations
|
||||
of an object's current state.
|
||||
items:
|
||||
properties:
|
||||
message:
|
||||
description: Message represents human readable message indicating
|
||||
details about last transition.
|
||||
type: string
|
||||
status:
|
||||
description: |-
|
||||
Status is the status of the Task condition.
|
||||
Can be True or False.
|
||||
type: string
|
||||
type:
|
||||
description: Type of the Task condition.
|
||||
type: string
|
||||
required:
|
||||
- status
|
||||
- type
|
||||
type: object
|
||||
type: array
|
||||
startTime:
|
||||
description: StartTime represents time when the Task started processing.
|
||||
format: date-time
|
||||
type: string
|
||||
type: object
|
||||
type: object
|
||||
served: true
|
||||
storage: true
|
||||
subresources:
|
||||
status: {}
|
||||
@@ -0,0 +1,87 @@
|
||||
{{- if .Values.deploy }}
|
||||
{{- $roleType := .Values.rbac.type }}
|
||||
{{- $nodeSelector := .Values.nodeSelector }}
|
||||
{{- if .Values.global }}
|
||||
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
|
||||
{{- $nodeSelector = coalesce .Values.nodeSelector .Values.global.nodeSelector }}
|
||||
{{- end }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ .Values.name }}
|
||||
control-plane: controller-manager
|
||||
name: {{ .Values.name }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .Values.name }}
|
||||
control-plane: controller-manager
|
||||
stack: tinkerbell
|
||||
replicas: 1
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
kubectl.kubernetes.io/default-container: manager
|
||||
labels:
|
||||
app: {{ .Values.name }}
|
||||
control-plane: controller-manager
|
||||
stack: tinkerbell
|
||||
spec:
|
||||
{{- if .Values.hostNetwork }}
|
||||
hostNetwork: true
|
||||
dnsPolicy: ClusterFirstWithHostNet
|
||||
{{- end }}
|
||||
securityContext:
|
||||
runAsNonRoot: true
|
||||
containers:
|
||||
- name: manager
|
||||
image: {{ .Values.image }}
|
||||
imagePullPolicy: {{ .Values.imagePullPolicy }}
|
||||
command:
|
||||
- /manager
|
||||
args:
|
||||
- --leader-elect
|
||||
{{- if eq $roleType "Role" }}
|
||||
- -kube-namespace={{ .Release.Namespace }}
|
||||
{{- end }}
|
||||
{{- range .Values.additionalArgs }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: 8081
|
||||
initialDelaySeconds: 15
|
||||
periodSeconds: 20
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /readyz
|
||||
port: 8081
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 10
|
||||
resources:
|
||||
limits:
|
||||
cpu: {{ .Values.resources.limits.cpu }}
|
||||
memory: {{ .Values.resources.limits.memory }}
|
||||
requests:
|
||||
cpu: {{ .Values.resources.requests.cpu }}
|
||||
memory: {{ .Values.resources.requests.memory }}
|
||||
serviceAccountName: {{ .Values.serviceAccountName }}
|
||||
terminationGracePeriodSeconds: 10
|
||||
{{- with $nodeSelector }}
|
||||
nodeSelector:
|
||||
{{ toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.singleNodeClusterConfig.controlPlaneTolerationsEnabled }}
|
||||
tolerations:
|
||||
{{- include "singleNodeClusterConfig" . | indent 6 }}
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
{{- include "preferWorkerNodes" (dict "nodeAffinityWeight" .Values.singleNodeClusterConfig.nodeAffinityWeight) | indent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,15 @@
|
||||
{{- if .Values.deploy }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ .Values.rufioLeaderElectionRoleBindingName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ .Values.rufioLeaderElectionRoleName }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.serviceAccountName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- end }}
|
||||
@@ -0,0 +1,39 @@
|
||||
{{- if .Values.deploy }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ .Values.rufioLeaderElectionRoleName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- coordination.k8s.io
|
||||
resources:
|
||||
- leases
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- create
|
||||
- update
|
||||
- patch
|
||||
- delete
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
{{- end }}
|
||||
@@ -0,0 +1,21 @@
|
||||
{{- if .Values.deploy }}
|
||||
{{- $roleType := .Values.rbac.type }}
|
||||
{{- if .Values.global }}
|
||||
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
|
||||
{{- end }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: {{ printf "%sBinding" $roleType }}
|
||||
metadata:
|
||||
name: {{ .Values.rbac.bindingName }}
|
||||
{{- if eq $roleType "Role" }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- end }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: {{ $roleType }}
|
||||
name: {{ .Values.rbac.name }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ .Values.serviceAccountName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- end }}
|
||||
23
packages/system/tinkerbell/charts/rufio/templates/role.yaml
Normal file
23
packages/system/tinkerbell/charts/rufio/templates/role.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
{{- if .Values.deploy }}
|
||||
{{- $roleType := .Values.rbac.type }}
|
||||
{{- if .Values.global }}
|
||||
{{- $roleType = coalesce .Values.global.rbac.type .Values.rbac.type }}
|
||||
{{- end }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: {{ $roleType }}
|
||||
metadata:
|
||||
name: {{ .Values.rbac.name }}
|
||||
{{- if eq $roleType "Role" }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: ["secrets"]
|
||||
verbs: ["get", "list", "watch"]
|
||||
- apiGroups: ["bmc.tinkerbell.org"]
|
||||
resources: ["jobs", "jobs/status", "machines", "machines/status", "tasks", "tasks/status"]
|
||||
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
|
||||
- apiGroups: ["bmc.tinkerbell.org"]
|
||||
resources: ["jobs/finalizers", "machines/finalizers", "tasks/finalizers"]
|
||||
verbs: ["update"]
|
||||
{{- end }}
|
||||
@@ -0,0 +1,7 @@
|
||||
{{- if .Values.deploy }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ .Values.serviceAccountName }}
|
||||
namespace: {{ .Release.Namespace | quote }}
|
||||
{{- end }}
|
||||
21
packages/system/tinkerbell/charts/rufio/values.schema.json
Normal file
21
packages/system/tinkerbell/charts/rufio/values.schema.json
Normal file
@@ -0,0 +1,21 @@
|
||||
{
|
||||
"$schema": "http://json-schema.org/draft-04/schema#",
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"rbac": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"type": {
|
||||
"type": "string",
|
||||
"enum": ["Role", "ClusterRole"]
|
||||
},
|
||||
"name": {
|
||||
"type": "string"
|
||||
},
|
||||
"bindingName": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
26
packages/system/tinkerbell/charts/rufio/values.yaml
Normal file
26
packages/system/tinkerbell/charts/rufio/values.yaml
Normal file
@@ -0,0 +1,26 @@
|
||||
deploy: true
|
||||
name: rufio
|
||||
image: quay.io/tinkerbell/rufio:v0.6.1
|
||||
imagePullPolicy: IfNotPresent
|
||||
resources:
|
||||
requests:
|
||||
cpu: 10m
|
||||
memory: 64Mi
|
||||
limits:
|
||||
cpu: 500m
|
||||
memory: 128Mi
|
||||
additionalArgs: []
|
||||
serviceAccountName: rufio-controller-manager
|
||||
rufioLeaderElectionRoleName: rufio-leader-election-role
|
||||
rufioLeaderElectionRoleBindingName: rufio-leader-election-rolebinding
|
||||
nodeSelector: {}
|
||||
hostNetwork: false
|
||||
# singleNodeClusterConfig to add tolerations for deployments on control plane nodes. This is defaulted to false.
|
||||
singleNodeClusterConfig:
|
||||
controlPlaneTolerationsEnabled: false
|
||||
nodeAffinityWeight: 1
|
||||
|
||||
rbac:
|
||||
type: Role # or ClusterRole
|
||||
name: rufio-role # or rufio-cluster-role
|
||||
bindingName: rufio-rolebinding # or rufio-cluster-rolebinding
|
||||
@@ -0,0 +1,12 @@
|
||||
{{- define "singleNodeClusterConfig" }}
|
||||
- effect: NoSchedule
|
||||
key: node-role.kubernetes.io/control-plane
|
||||
{{- end }}
|
||||
|
||||
{{- define "preferWorkerNodes" }}
|
||||
- weight: {{ .nodeAffinityWeight }}
|
||||
preference:
|
||||
matchExpressions:
|
||||
- key: node-role.kubernetes.io/control-plane
|
||||
operator: DoesNotExist
|
||||
{{- end }}
|
||||
Reference in New Issue
Block a user