diff --git a/capt/config.yaml b/capt/config.yaml index 03e061cf..f8f131be 100644 --- a/capt/config.yaml +++ b/capt/config.yaml @@ -7,8 +7,8 @@ counts: workers: 1 spares: 1 versions: - capt: v0.6.0 - chart: 0.6.0 + capt: v0.6.1 + chart: 0.6.1 kube: v1.28.9 os: 20.04 kubevip: 0.8.7 @@ -33,3 +33,4 @@ virtualBMC: image: ghcr.io/jacobweinstock/virtualbmc:latest user: "root" pass: "calvin" +bootMode: netboot diff --git a/capt/scripts/generate_state.sh b/capt/scripts/generate_state.sh index 877cc35d..ee0042ef 100755 --- a/capt/scripts/generate_state.sh +++ b/capt/scripts/generate_state.sh @@ -67,6 +67,7 @@ cluster: controlPlane: vip: 172.18.10.75 podCIDR: 172.100.0.0/16 +bootMode: netboot EOF set -euo pipefail diff --git a/capt/tasks/Taskfile-capi.yaml b/capt/tasks/Taskfile-capi.yaml index 36147276..20d55e7d 100644 --- a/capt/tasks/Taskfile-capi.yaml +++ b/capt/tasks/Taskfile-capi.yaml @@ -128,12 +128,16 @@ tasks: sh: yq eval '.versions.kube' {{.STATE_FILE_FQ_PATH}} OUTPUT_DIR: sh: yq eval '.outputDir' config.yaml + BOOTMODE: + sh: yq eval '.bootMode' {{.STATE_FILE_FQ_PATH}} + KUSTOMIZE_FILE: + sh: "[[ {{.BOOTMODE}} == 'iso' ]] && echo kustomization-iso.tmpl || echo kustomization-netboot.tmpl" sources: - config.yaml generates: - "{{.OUTPUT_DIR}}/kustomization.yaml" cmds: - - envsubst "$(printf '${%s} ' $(env | cut -d'=' -f1))" < templates/kustomization.tmpl > {{.OUTPUT_DIR}}/kustomization.yaml + - envsubst "$(printf '${%s} ' $(env | cut -d'=' -f1))" < templates/{{.KUSTOMIZE_FILE}} > {{.OUTPUT_DIR}}/kustomization.yaml apply-kustomization: run: once diff --git a/capt/tasks/Taskfile-create.yaml b/capt/tasks/Taskfile-create.yaml index ccaeb488..032be518 100644 --- a/capt/tasks/Taskfile-create.yaml +++ b/capt/tasks/Taskfile-create.yaml @@ -113,8 +113,20 @@ tasks: LOCATION: sh: yq eval '.chart.location' {{.STATE_FILE_FQ_PATH}} CHART_NAME: tink-stack + BOOTMODE: + sh: yq eval '.bootMode' {{.STATE_FILE_FQ_PATH}} + GLOBAL_VARS: + - global.trustedProxies={"{{.TRUSTED_PROXIES}}"} + - global.publicIP={{.LB_IP}} + ISO_VARS: + - stack.hook.extension=both + - smee.iso.enabled=true + - smee.iso.url=http://{{.LB_IP}}:8080/hook-latest-lts-x86_64-efi-initrd.iso + - smee.iso.staticIPAMEnabled=true + - smee.dhcp.enabled=false + - stack.relay.enabled=false cmds: - - KUBECONFIG="{{.KUBECONFIG}}" helm install {{.CHART_NAME}} {{.LOCATION}} --version "{{.STACK_CHART_VERSION}}" --create-namespace --namespace {{.NAMESPACE}} --wait --set "global.trustedProxies={"{{.TRUSTED_PROXIES}}"}" --set "global.publicIP={{.LB_IP}}" + - KUBECONFIG="{{.KUBECONFIG}}" helm install {{.CHART_NAME}} {{.LOCATION}} --version "{{.STACK_CHART_VERSION}}" --create-namespace --namespace {{.NAMESPACE}} --wait {{range .GLOBAL_VARS}}--set "{{.}}" {{end}} {{- if eq .BOOTMODE "iso" }} {{- range .ISO_VARS }}--set "{{.}}" {{end}} {{end}} status: - KUBECONFIG="{{.KUBECONFIG}}" helm list -n {{.NAMESPACE}} | grep -q {{.CHART_NAME}} diff --git a/capt/templates/kustomization-iso.tmpl b/capt/templates/kustomization-iso.tmpl new file mode 100644 index 00000000..8e1b7f4c --- /dev/null +++ b/capt/templates/kustomization-iso.tmpl @@ -0,0 +1,300 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: $NAMESPACE +resources: + - prekustomization.yaml +patches: + - target: + group: infrastructure.cluster.x-k8s.io + kind: TinkerbellMachineTemplate + name: ".*control-plane.*" + version: v1beta1 + patch: |- + - op: add + path: /spec/template/spec + value: + bootOptions: + bootMode: iso + isoURL: "http://$TINKERBELL_VIP:7171/iso/:macAddress/hook.iso" + hardwareAffinity: + required: + - labelSelector: + matchLabels: + tinkerbell.org/role: control-plane + templateOverride: | + version: "0.1" + name: playground-template + global_timeout: 6000 + tasks: + - name: "playground-template" + worker: "{{.device_1}}" + volumes: + - /dev:/dev + - /dev/console:/dev/console + - /lib/firmware:/lib/firmware:ro + actions: + - name: "stream image" + image: quay.io/tinkerbell/actions/oci2disk + timeout: 1200 + environment: + IMG_URL: $OS_REGISTRY/$OS_DISTRO-$OS_VERSION:$KUBE_VERSION.gz + DEST_DISK: {{ index .Hardware.Disks 0 }} + COMPRESSED: true + - name: "add tink cloud-init config" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + DEST_PATH: /etc/cloud/cloud.cfg.d/10_tinkerbell.cfg + UID: 0 + GID: 0 + MODE: 0600 + DIRMODE: 0700 + CONTENTS: | + datasource: + Ec2: + metadata_urls: ["http://$TINKERBELL_VIP:50061"] + strict_id: false + system_info: + default_user: + name: tink + groups: [wheel, adm] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/bash + manage_etc_hosts: localhost + warnings: + dsid_missing_source: off + - name: "disable cloud-init networking" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + CONTENTS: 'network: {config: disabled}' + DEST_DISK: '{{ formatPartition ( index .Hardware.Disks 0 ) 1 }}' + DEST_PATH: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg + DIRMODE: "0700" + FS_TYPE: ext4 + GID: "0" + MODE: "0600" + UID: "0" + - name: "create static netplan" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + CONTENTS: | + network: + version: 2 + renderer: networkd + ethernets: + id0: + match: + macaddress: {{ (index .Hardware.Interfaces 0).DHCP.MAC }} + addresses: + - {{ (index .Hardware.Interfaces 0).DHCP.IP.Address }}/16 + nameservers: + addresses: [{{ (index .Hardware.Interfaces 0).DHCP.NameServers | join ","}}] + routes: + - to: default + via: {{ (index .Hardware.Interfaces 0).DHCP.IP.Gateway }} + DEST_DISK: '{{ formatPartition ( index .Hardware.Disks 0 ) 1 }}' + DEST_PATH: /etc/netplan/config.yaml + DIRMODE: "0755" + FS_TYPE: ext4 + GID: "0" + MODE: "0600" + UID: "0" + - name: "add tink cloud-init ds-config" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + DEST_PATH: /etc/cloud/ds-identify.cfg + UID: 0 + GID: 0 + MODE: 0600 + DIRMODE: 0700 + CONTENTS: | + datasource: Ec2 + - name: "kexec image" + image: ghcr.io/jacobweinstock/waitdaemon:0.2.1 + timeout: 90 + pid: host + environment: + BLOCK_DEVICE: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + IMAGE: quay.io/tinkerbell/actions/kexec + WAIT_SECONDS: 5 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - target: + group: infrastructure.cluster.x-k8s.io + kind: TinkerbellMachineTemplate + name: ".*worker.*" + version: v1beta1 + patch: |- + - op: add + path: /spec/template/spec + value: + bootOptions: + bootMode: iso + isoURL: "http://$TINKERBELL_VIP:7171/iso/:macAddress/hook.iso" + hardwareAffinity: + required: + - labelSelector: + matchLabels: + tinkerbell.org/role: worker + templateOverride: | + version: "0.1" + name: playground-template + global_timeout: 6000 + tasks: + - name: "playground-template" + worker: "{{.device_1}}" + volumes: + - /dev:/dev + - /dev/console:/dev/console + - /lib/firmware:/lib/firmware:ro + actions: + - name: "stream image" + image: quay.io/tinkerbell/actions/oci2disk + timeout: 1200 + environment: + IMG_URL: $OS_REGISTRY/$OS_DISTRO-$OS_VERSION:$KUBE_VERSION.gz + DEST_DISK: {{ index .Hardware.Disks 0 }} + COMPRESSED: true + - name: "add tink cloud-init config" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + DEST_PATH: /etc/cloud/cloud.cfg.d/10_tinkerbell.cfg + UID: 0 + GID: 0 + MODE: 0600 + DIRMODE: 0700 + CONTENTS: | + datasource: + Ec2: + metadata_urls: ["http://$TINKERBELL_VIP:50061"] + strict_id: false + system_info: + default_user: + name: tink + groups: [wheel, adm] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/bash + manage_etc_hosts: localhost + warnings: + dsid_missing_source: off + - name: "disable cloud-init networking" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + CONTENTS: 'network: {config: disabled}' + DEST_DISK: '{{ formatPartition ( index .Hardware.Disks 0 ) 1 }}' + DEST_PATH: /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg + DIRMODE: "0700" + FS_TYPE: ext4 + GID: "0" + MODE: "0600" + UID: "0" + - name: "create static netplan" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + CONTENTS: | + network: + version: 2 + renderer: networkd + ethernets: + id0: + match: + macaddress: {{ (index .Hardware.Interfaces 0).DHCP.MAC }} + addresses: + - {{ (index .Hardware.Interfaces 0).DHCP.IP.Address }}/16 + nameservers: + addresses: [{{ (index .Hardware.Interfaces 0).DHCP.NameServers | join ","}}] + routes: + - to: default + via: {{ (index .Hardware.Interfaces 0).DHCP.IP.Gateway }} + DEST_DISK: '{{ formatPartition ( index .Hardware.Disks 0 ) 1 }}' + DEST_PATH: /etc/netplan/config.yaml + DIRMODE: "0755" + FS_TYPE: ext4 + GID: "0" + MODE: "0600" + UID: "0" + - name: "add tink cloud-init ds-config" + image: quay.io/tinkerbell/actions/writefile + timeout: 90 + environment: + DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + DEST_PATH: /etc/cloud/ds-identify.cfg + UID: 0 + GID: 0 + MODE: 0600 + DIRMODE: 0700 + CONTENTS: | + datasource: Ec2 + - name: "kexec image" + image: ghcr.io/jacobweinstock/waitdaemon:0.2.1 + timeout: 90 + pid: host + environment: + BLOCK_DEVICE: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + IMAGE: quay.io/tinkerbell/actions/kexec + WAIT_SECONDS: 5 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - target: + group: infrastructure.cluster.x-k8s.io + kind: TinkerbellCluster + name: ".*" + version: v1beta1 + patch: |- + - op: add + path: /spec + value: + imageLookupBaseRegistry: "$OS_REGISTRY" + imageLookupOSDistro: "$OS_DISTRO" + imageLookupOSVersion: "$VERSIONS_OS" + - target: + group: bootstrap.cluster.x-k8s.io + kind: KubeadmConfigTemplate + name: "$CLUSTER_NAME-.*" + version: v1beta1 + patch: |- + - op: add + path: /spec/template/spec/users + value: + - name: tink + sudo: ALL=(ALL) NOPASSWD:ALL + sshAuthorizedKeys: + - $SSH_AUTH_KEY + - target: + group: controlplane.cluster.x-k8s.io + kind: KubeadmControlPlane + name: "$CLUSTER_NAME-.*" + version: v1beta1 + patch: |- + - op: add + path: /spec/kubeadmConfigSpec/users + value: + - name: tink + sudo: ALL=(ALL) NOPASSWD:ALL + sshAuthorizedKeys: + - $SSH_AUTH_KEY + - target: + group: controlplane.cluster.x-k8s.io + kind: KubeadmControlPlane + name: "$CLUSTER_NAME-.*" + version: v1beta1 + patch: |- + - op: add + path: /spec/kubeadmConfigSpec/preKubeadmCommands + value: + - mkdir -p /etc/kubernetes/manifests && ctr images pull ghcr.io/kube-vip/kube-vip:v$KUBEVIP_VERSION && ctr run --rm --net-host ghcr.io/kube-vip/kube-vip:v$KUBEVIP_VERSION vip /kube-vip manifest pod --arp --interface $(ip -4 -j route list default | jq -r .[0].dev) --address $CONTROL_PLANE_VIP --controlplane --leaderElection --k8sConfigPath $CONF_PATH > /etc/kubernetes/manifests/kube-vip.yaml diff --git a/capt/templates/kustomization.tmpl b/capt/templates/kustomization-netboot.tmpl similarity index 100% rename from capt/templates/kustomization.tmpl rename to capt/templates/kustomization-netboot.tmpl