diff --git a/bootstrap/k0s/Dockerfile b/bootstrap/k0s/Dockerfile index dbd9507..2bdcad1 100644 --- a/bootstrap/k0s/Dockerfile +++ b/bootstrap/k0s/Dockerfile @@ -82,7 +82,7 @@ RUN cue export /tmp/providers.cue \ FROM ${K0S_IMAGE} COPY bootstrap/k0s/k0s.cue /opt/bootstrap/k0s.cue -COPY bootstrap/k0s/manifests/providers/namespaces.yaml /var/lib/k0s/manifests/providers/00-namespaces.yaml +COPY bootstrap/k0s/manifests/providers/namespaces.yaml /opt/bootstrap/providers/namespaces.yaml COPY bootstrap/k0s/bootstrap-k0s.sh /usr/local/bin/bootstrap-k0s.sh COPY --from=chart-builder /usr/local/bin/cue /usr/local/bin/cue COPY --from=chart-builder /out/cert-manager.tgz /opt/bootstrap/charts/cert-manager.tgz @@ -92,8 +92,8 @@ COPY --from=chart-builder /out/providers.yaml /opt/bootstrap/providers/providers ENV K0S_ENTRYPOINT_ROLE=controller+worker -# Namespace manifests are always present; provider CRs are staged later by the -# helper once the operator CRDs and webhook are available. +# Provider namespaces are staged from /opt because /var/lib/k0s is mounted at +# runtime. Provider CRs are staged later once the operator webhook is ready. RUN mkdir -p /etc/k0s /opt/bootstrap/charts \ && chmod 0755 /usr/local/bin/bootstrap-k0s.sh diff --git a/bootstrap/k0s/README.md b/bootstrap/k0s/README.md index b5921f3..84bc8c1 100644 --- a/bootstrap/k0s/README.md +++ b/bootstrap/k0s/README.md @@ -45,6 +45,10 @@ TINKERBELL_ARTIFACTS_FILE_SERVER=http://10.10.20.1:7173 TINKERBELL_DHCP_BIND_INTERFACE=eth1.20 ``` +The VyOS-hosted bootstrap path leaves DHCP with VyOS/Kea. Tinkerbell's DHCP +listener is disabled, while its HTTP, TFTP, gRPC, and SSH listeners bind to +`TINKERBELL_PUBLIC_IP`. + For local smoke runs, set `TINKERBELL_DHCP_BIND_INTERFACE` to an interface that actually exists inside the disposable bootstrap container, such as `eth0`. diff --git a/bootstrap/k0s/bootstrap-k0s.sh b/bootstrap/k0s/bootstrap-k0s.sh index 31051d5..6dfd5de 100644 --- a/bootstrap/k0s/bootstrap-k0s.sh +++ b/bootstrap/k0s/bootstrap-k0s.sh @@ -1,8 +1,10 @@ #!/bin/sh set -eu +provider_namespaces_src="/opt/bootstrap/providers/namespaces.yaml" provider_src="/opt/bootstrap/providers/providers.yaml" provider_dst_dir="/var/lib/k0s/manifests/providers" +provider_namespaces_dst="${provider_dst_dir}/00-namespaces.yaml" provider_dst="${provider_dst_dir}/10-providers.yaml" k0s_source="/opt/bootstrap/k0s.cue" k0s_config="/etc/k0s/k0s.yaml" @@ -50,6 +52,8 @@ render_k0s_config() { } render_k0s_config +mkdir -p "$provider_dst_dir" +cp "$provider_namespaces_src" "$provider_namespaces_dst" echo "starting k0s bootstrap controller" k0s controller --config "$k0s_config" --single --ignore-pre-flight-checks & @@ -88,7 +92,6 @@ while :; do if k0s kubectl --request-timeout=5s apply --dry-run=server -f "$provider_src" >/dev/null 2>&1; then echo "operator API is ready; handing provider manifests to k0s manifest deployer" - mkdir -p "$provider_dst_dir" cp "$provider_src" "$provider_dst" break fi diff --git a/bootstrap/k0s/k0s.cue b/bootstrap/k0s/k0s.cue index 2bc23ea..1b957ba 100644 --- a/bootstrap/k0s/k0s.cue +++ b/bootstrap/k0s/k0s.cue @@ -36,6 +36,10 @@ cfgTrustedProxies: [for proxy in strings.Split(cfgTrustedProxiesCSV, ",") if str type: "ClusterIP" } deployment: { + additionalEnvs: [{ + name: "TINKERBELL_BIND_ADDRESS" + value: cfgPublicIP + }] hostNetwork: true init: { enabled: false @@ -48,7 +52,7 @@ cfgTrustedProxies: [for proxy in strings.Split(cfgTrustedProxiesCSV, ",") if str bindAddr: "0.0.0.0" } smee: { - dhcpEnabled: true + dhcpEnabled: false dhcpMode: cfgDHCPMode dhcpBindInterface: cfgDHCPBindInterface dhcpIPForPacket: cfgPublicIP