Introduce bootbox

Signed-off-by: Andrei Kvapil <[email protected]>
aenix-io · Jan 22, 2025 · cf4978c · cf4978c
1 parent a91d2ae
commit cf4978c
Show file tree

Hide file tree

Showing 48 changed files with 473 additions and 1,090 deletions.
diff --git a/packages/core/platform/bundles/distro-full.yaml b/packages/core/platform/bundles/distro-full.yaml
@@ -200,9 +200,10 @@ releases:
   optional: true
   dependsOn: [keycloak]
 
-- name: tinkerbell
-  releaseName: tinkerbell
-  chart: cozy-tinkerbell
-  namespace: cozy-tinkerbell
+- name: bootbox
+  releaseName: bootbox
+  chart: cozy-bootbox
+  namespace: cozy-bootbox
+  privileged: true
   optional: true
-  dependsOn: [cilium,kubeovn]
+  dependsOn: [cilium]
diff --git a/packages/core/platform/bundles/paas-full.yaml b/packages/core/platform/bundles/paas-full.yaml
@@ -281,10 +281,11 @@ releases:
   optional: true
   dependsOn: [cilium,kubeovn]
 
-- name: tinkerbell
-  releaseName: tinkerbell
-  chart: cozy-tinkerbell
-  namespace: cozy-tinkerbell
+- name: bootbox
+  releaseName: bootbox
+  chart: cozy-bootbox
+  namespace: cozy-bootbox
+  privileged: true
   optional: true
   dependsOn: [cilium,kubeovn]
 

diff --git a/packages/extra/bootbox/Chart.yaml b/packages/extra/bootbox/Chart.yaml
@@ -0,0 +1,6 @@
+apiVersion: v2
+name: bootbox
+description: PXE hardware provisioning
+icon: /logos/bootbox.svg
+type: application
+version: 0.1.0
diff --git a/packages/extra/bootbox/Makefile b/packages/extra/bootbox/Makefile
@@ -0,0 +1,11 @@
+NAME=bootbox
+NAMESPACE=tenant-root
+
+include ../../../scripts/package.mk
+
+generate:
+	readme-generator -v values.yaml -s values.schema.json.tmp -r README.md
+	cat values.schema.json.tmp | \
+		jq '.properties.metricsStorages.items.type = "object" | .properties.logsStorages.items.type = "object"' \
+		> values.schema.json
+	rm -f values.schema.json.tmp
diff --git a/packages/extra/bootbox/README.md b/packages/extra/bootbox/README.md
@@ -0,0 +1,9 @@
+# BootBox
+
+## Parameters
+
+### Common parameters
+
+| Name       | Description                                  | Value |
+| ---------- | -------------------------------------------- | ----- |
+| `machines` | Configuration of physcial machines instances | `[]`  |
diff --git a/packages/extra/bootbox/hack/test.sh b/packages/extra/bootbox/hack/test.sh
@@ -0,0 +1,18 @@
+apk add iptables iproute2 qemu-system-x86_64 qemu-img
+
+iptables -t nat -D POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE 2>/dev/null || true
+iptables -t nat -A POSTROUTING -s 10.8.2.0/24 ! -d 10.8.2.0/24 -j MASQUERADE
+
+ip link del tap0 2>/dev/null || true
+ip tuntap add dev tap0 mode tap
+ip link set tap0 up
+ip addr add 10.8.2.1/24 dev tap0
+
+
+rm -f data.img
+qemu-img create data.img 100G
+
+qemu-system-x86_64 -machine type=pc,accel=kvm -cpu host -smp 4 -m 8192 \
+  -device virtio-net,netdev=net0,mac=d6:fa:af:52:25:93 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no \
+  -drive file=data.img,if=virtio,format=raw \
+  -nographic
diff --git a/packages/extra/bootbox/images/matchbox.tag b/packages/extra/bootbox/images/matchbox.tag
@@ -0,0 +1 @@
+ghcr.io/aenix-io/cozystack/matchbox:v0.23.1
diff --git a/packages/extra/bootbox/ingress/logos/bootbox.svg b/packages/extra/bootbox/ingress/logos/bootbox.svg
diff --git a/packages/extra/bootbox/templates/check-release-name.yaml b/packages/extra/bootbox/templates/check-release-name.yaml
@@ -0,0 +1,6 @@
+{{- if ne .Release.Name .Chart.Name }}
+{{- fail (printf "The name of the release MUST BE %s" .Chart.Name) }}
+{{- end -}}
+{{- if ne .Release.Namespace "tenant-root" }}
+{{- fail "The namespace of the release MUST BE tenant-root" }}
+{{- end -}}
diff --git a/packages/extra/bootbox/templates/dashboard-resourcemap.yaml b/packages/extra/bootbox/templates/dashboard-resourcemap.yaml
@@ -0,0 +1,35 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-dashboard-resources
+rules:
+- apiGroups:
+  - networking.k8s.io
+  resources:
+  - ingresses
+  resourceNames:
+  - bootbox
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  resourceNames:
+  - grafana-admin-password
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - ""
+  resources:
+  - services
+  resourceNames:
+  - bootbox
+  verbs: ["get", "list", "watch"]
+- apiGroups:
+  - cozystack.io
+  resources:
+  - workloadmonitors
+  resourceNames:
+  - bootbox-matchbox
+  verbs: ["get", "list", "watch"]
+
+
diff --git a/packages/extra/bootbox/templates/matchbox/configmaps.yaml b/packages/extra/bootbox/templates/matchbox/configmaps.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bootbox-profiles
+data:
+  default.json: |
+    {
+      "id": "default",
+      "name": "default",
+      "boot": {
+        "kernel": "/assets/vmlinuz",
+        "initrd": ["/assets/initramfs.xz"],
+        "args": [
+          "initrd=initramfs.xz",
+          "init_on_alloc=1",
+          "slab_nomerge",
+          "pti=on",
+          "console=tty0",
+          "console=ttyS0",
+          "printk.devkmsg=on",
+          "talos.platform=metal"
+        ]
+      }
+    }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bootbox-groups
+data:
+  default.json: |
+    {
+      "id": "default",
+      "name": "default",
+      "profile": "default"
+    }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: bootbox-configs
+data:
diff --git a/packages/extra/bootbox/templates/matchbox/deployment.yaml b/packages/extra/bootbox/templates/matchbox/deployment.yaml
@@ -0,0 +1,54 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: bootbox-matchbox
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: bootbox-matchbox
+  template:
+    metadata:
+      labels:
+        app: bootbox-matchbox
+    spec:
+      containers:
+      - name: matchbox
+        image: "{{ $.Files.Get "images/matchbox.tag" | trim }}"
+        args:
+          - "-address=:8080"
+          - "-log-level=debug"
+        volumeMounts:
+          - name: profiles-volume
+            mountPath: /var/lib/matchbox/profiles
+          - name: groups-volume
+            mountPath: /var/lib/matchbox/groups
+          - name: configs-volume
+            mountPath: /var/lib/matchbox/assets/configs
+        ports:
+          - name: http
+            containerPort: 8080
+            protocol: TCP
+      volumes:
+        - name: profiles-volume
+          configMap:
+            name: bootbox-profiles
+        - name: groups-volume
+          configMap:
+            name: bootbox-groups
+        - name: configs-volume
+          configMap:
+            name: bootbox-configs
+---
+apiVersion: cozystack.io/v1alpha1
+kind: WorkloadMonitor
+metadata:
+  name: bootbox-matchbox
+spec:
+  replicas: 1
+  minReplicas: 1
+  kind: bootbox
+  type: matchbox
+  selector:
+    app: bootbox-matchbox
+  version: {{ $.Chart.Version }}
diff --git a/packages/extra/bootbox/templates/matchbox/ingress.yaml b/packages/extra/bootbox/templates/matchbox/ingress.yaml
@@ -0,0 +1,34 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: bootbox
+  labels:
+    app: bootbox
+  annotations:
+    {{- if ne $issuerType "cloudflare" }}
+    acme.cert-manager.io/http01-ingress-class: {{ $ingress }}
+    {{- end }}
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+spec:
+  ingressClassName: {{ $ingress }}
+  tls:
+    - hosts:
+        - "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
+      secretName: bootbox-tls
+  rules:
+    - host: "{{ printf "bootbox.%s" (.Values.host | default $host) }}"
+      http:
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: bootbox
+                port:
+                  name: http
diff --git a/packages/extra/bootbox/templates/matchbox/machines.yaml b/packages/extra/bootbox/templates/matchbox/machines.yaml
@@ -0,0 +1,47 @@
+{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }}
+{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }}
+
+{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }}
+{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }}
+{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }}
+
+{{ range $m := .Values.machines }}
+---
+apiVersion: tinkerbell.org/v1alpha1
+kind: Hardware
+metadata:
+  name: {{ $m.hostname }}
+  namespace: cozy-bootbox
+spec:
+  interfaces:
+  {{- range $mac := $m.mac }}
+  - dhcp:
+      hostname: {{ $m.hostname }}
+      mac: {{ $mac }}
+      {{- with $m.arch }}
+      arch: {{ . }}
+      {{- end }}
+      {{- with $m.ip }}
+      ip:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $m.leaseTime }}
+      lease_time: {{ . }}
+      {{- end }}
+      {{- with $m.uefi }}
+      uefi: {{ . }}
+      {{- end }}
+      {{- with $m.nameServers }}
+      name_servers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with $m.timeServers }}
+      time_servers:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    netboot:
+      allowPXE: true
+      ipxe:
+        url: "https://{{ printf "bootbox.%s" ($.Values.host | default $host) }}/boot.ipxe"
+  {{- end }}
+{{- end }}