diff --git a/.github/workflows/publish-bootstrap-k0s.yml b/.github/workflows/publish-bootstrap-k0s.yml deleted file mode 100644 index 9faf0d5..0000000 --- a/.github/workflows/publish-bootstrap-k0s.yml +++ /dev/null @@ -1,82 +0,0 @@ -name: Publish bootstrap-k0s Image - -on: - push: - tags: - - 'bootstrap-k0s-v*' - -permissions: {} - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - publish: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-depth: 1 - persist-credentials: false - - - name: Resolve Release Target - id: target - shell: bash - run: | - set -euo pipefail - - tag="${GITHUB_REF_NAME}" - component="bootstrap-k0s" - image_dir="bootstrap/k0s" - - case "${tag}" in - ${component}-v*) ;; - *) - echo "unsupported tag: ${tag}" >&2 - exit 1 - ;; - esac - - version="${tag#${component}-v}" - file_version="$(tr -d '\n' < "${image_dir}/VERSION")" - - if [ "${version}" != "${file_version}" ]; then - echo "Tag version ${version} does not match VERSION ${file_version}" >&2 - exit 1 - fi - - { - echo "component=${component}" - echo "version=${version}" - echo "image_dir=${image_dir}" - echo "image=ghcr.io/gilmanlab/platform/${component}" - } >> "${GITHUB_OUTPUT}" - - - name: Setup QEMU - uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0 - - - name: Setup Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - - name: Login to GHCR - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Build and Push Image - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: . - file: ${{ steps.target.outputs.image_dir }}/Dockerfile - platforms: linux/amd64 - push: true - tags: | - ${{ steps.target.outputs.image }}:${{ steps.target.outputs.version }} - ${{ steps.target.outputs.image }}:latest diff --git a/.moon/proto/hadolint.toml b/.moon/proto/hadolint.toml deleted file mode 100644 index db5966b..0000000 --- a/.moon/proto/hadolint.toml +++ /dev/null @@ -1,29 +0,0 @@ -name = "Hadolint" -type = "cli" - -[platform.linux] -checksum-file = "hadolint-linux-{arch}.sha256" -download-file = "hadolint-linux-{arch}" - -[platform.macos] -checksum-file = "hadolint-macos-{arch}.sha256" -download-file = "hadolint-macos-{arch}" - -[platform.windows] -checksum-file = "hadolint-windows-{arch}.exe.sha256" -download-file = "hadolint-windows-{arch}.exe" - -[install] -checksum-url = "https://github.com/hadolint/hadolint/releases/download/v{version}/{checksum_file}" -download-url = "https://github.com/hadolint/hadolint/releases/download/v{version}/{download_file}" - -[install.arch] -aarch64 = "arm64" - -[install.exes.hadolint] -exe-path = "hadolint" -primary = true - -[resolve] -git-url = "https://github.com/hadolint/hadolint" -version-pattern = "^v((?\\d+)\\.(?\\d+)\\.(?\\d+))$" diff --git a/.moon/workspace.yml b/.moon/workspace.yml index 7452c21..cb4c72c 100644 --- a/.moon/workspace.yml +++ b/.moon/workspace.yml @@ -1,6 +1,5 @@ projects: sources: - bootstrap-k0s: 'bootstrap/k0s' dns-mirror: 'services/dns-mirror' github-token-broker: 'services/github-token-broker' labctl: 'tools/labctl' diff --git a/.prototools b/.prototools index 038f31e..50421c1 100644 --- a/.prototools +++ b/.prototools @@ -1,6 +1,4 @@ cue = "=0.16.1" -hadolint = "=2.14.0" [plugins.tools] cue = "file://.moon/proto/cue.toml" -hadolint = "file://.moon/proto/hadolint.toml" diff --git a/.release-please-manifest.json b/.release-please-manifest.json index cca0318..5e03dbc 100644 --- a/.release-please-manifest.json +++ b/.release-please-manifest.json @@ -2,7 +2,6 @@ "bootstrap/cilium": "1.2.0", "bootstrap/argocd": "1.1.0", "bootstrap/kro": "1.1.0", - "bootstrap/k0s": "0.2.2", "services/dns-mirror": "0.3.1", "services/github-token-broker": "0.2.1", "tools/labctl": "0.2.0" diff --git a/README.md b/README.md index 7f2c4ca..45355e4 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,6 @@ the repository foundation each time. ## Current Projects - `bootstrap/argocd`, `bootstrap/cilium`, `bootstrap/kro`: reusable bootstrap chart wrappers published to GHCR -- `bootstrap/k0s`: historical bootstrap image from the abandoned VyOS-hosted - management cluster path, pending a later cleanup decision - `services/dns-mirror`: Route 53 private-zone mirror daemon for the AWS subnet router ## Quick Start diff --git a/bootstrap/README.md b/bootstrap/README.md index 4a7f70c..4677510 100644 --- a/bootstrap/README.md +++ b/bootstrap/README.md @@ -3,7 +3,7 @@ This subtree is the canonical source for platform-owned bootstrap/core operator delivery. -Most operator directories are wrapper Helm charts: +The operator directories are wrapper Helm charts: - `Chart.yaml` defines the released chart version and the pinned upstream chart dependency @@ -14,10 +14,6 @@ Most operator directories are wrapper Helm charts: chart - `render/` contains the tracked raw manifests consumed by Talos day-0 inputs -`bootstrap/k0s` is the exception. It is a released bootstrap image directory, -not a wrapper chart. It packages a temporary VyOS-hosted k0s management plane -and publishes the resulting image to GHCR for `infra` to consume by release tag. - The tracked render surface is: - `cilium/render/bootstrap.yaml` @@ -36,5 +32,3 @@ Use: - `just render-all` to also materialize local-only outputs - `just validate` to lint the charts, refresh dependencies, and confirm tracked artifacts are current and free of embedded secret material -- `moon run bootstrap-k0s:check --summary minimal` to lint and build the - `bootstrap-k0s` image locally diff --git a/bootstrap/k0s/CHANGELOG.md b/bootstrap/k0s/CHANGELOG.md deleted file mode 100644 index 5fc4b6b..0000000 --- a/bootstrap/k0s/CHANGELOG.md +++ /dev/null @@ -1,28 +0,0 @@ -# Changelog - -## [0.2.2](https://github.com/GilmanLab/platform/compare/bootstrap-k0s-v0.2.1...bootstrap-k0s-v0.2.2) (2026-05-01) - - -### Bug Fixes - -* **bootstrap-k0s:** enable tinkerbell dhcp binding ([#56](https://github.com/GilmanLab/platform/issues/56)) ([ab1fbb3](https://github.com/GilmanLab/platform/commit/ab1fbb38f2772aad8b1d0c5344fd779937f6cbc0)) - -## [0.2.1](https://github.com/GilmanLab/platform/compare/bootstrap-k0s-v0.2.0...bootstrap-k0s-v0.2.1) (2026-05-01) - - -### Bug Fixes - -* **bootstrap-k0s:** align VyOS runtime wiring ([#54](https://github.com/GilmanLab/platform/issues/54)) ([1d1ea3f](https://github.com/GilmanLab/platform/commit/1d1ea3f4dd4a07c2feb48a0af045a2c7ccb3b62f)) - -## [0.2.0](https://github.com/GilmanLab/platform/compare/bootstrap-k0s-v0.1.0...bootstrap-k0s-v0.2.0) (2026-04-30) - - -### Features - -* **bootstrap-k0s:** publish released bootstrap image ([#37](https://github.com/GilmanLab/platform/issues/37)) ([4a24a86](https://github.com/GilmanLab/platform/commit/4a24a866fe5b9cf358fa152b02df8d4238498414)) -* **bootstrap:** add k0s bootstrap image ([#36](https://github.com/GilmanLab/platform/issues/36)) ([f206f56](https://github.com/GilmanLab/platform/commit/f206f566d885679d28c73f61fc64743c7ae0e902)) - - -### Bug Fixes - -* **bootstrap-k0s:** use installed proto tools from moon ([#39](https://github.com/GilmanLab/platform/issues/39)) ([856736f](https://github.com/GilmanLab/platform/commit/856736fbbced54db518eeb6c5cd9cef188f75f86)) diff --git a/bootstrap/k0s/Dockerfile b/bootstrap/k0s/Dockerfile deleted file mode 100644 index 2bdcad1..0000000 --- a/bootstrap/k0s/Dockerfile +++ /dev/null @@ -1,100 +0,0 @@ -# Bootstrap image over upstream k0s for the temporary VyOS-hosted management cluster. -# OCI image tags use `-k0s.0` where GitHub release tags use `+k0s.0`. - -# Version pins for the bootstrap control plane and startup-installed controllers. -ARG K0S_IMAGE=docker.io/k0sproject/k0s:v1.35.3-k0s.0 -ARG CERT_MANAGER_VERSION=v1.20.2 -ARG CAPI_OPERATOR_CHART_VERSION=0.26.0 -ARG CUE_VERSION=v0.16.1 -ARG CAPI_VERSION=v1.13.0 -ARG CAPN_VERSION=v0.8.5 -ARG TALOS_BOOTSTRAP_PROVIDER_VERSION=v0.6.12 -ARG TALOS_CONTROL_PLANE_PROVIDER_VERSION=v0.5.13 -ARG TINKERBELL_CHART_VERSION=v0.23.0 -ARG HELM_VERSION=v4.0.4 - -# Build the chart artifacts and rendered provider manifests ahead of time so the -# runtime image can come up without extra fetch or template steps. -FROM docker.io/alpine:3.22 AS chart-builder - -ARG TARGETARCH -ARG CERT_MANAGER_VERSION -ARG CAPI_OPERATOR_CHART_VERSION -ARG CUE_VERSION -ARG CAPI_VERSION -ARG CAPN_VERSION -ARG TALOS_BOOTSTRAP_PROVIDER_VERSION -ARG TALOS_CONTROL_PLANE_PROVIDER_VERSION -ARG TINKERBELL_CHART_VERSION -ARG HELM_VERSION - -RUN apk add --no-cache \ - curl=8.14.1-r2 \ - gzip=1.14-r1 \ - tar=1.35-r3 - -WORKDIR /work - -# Fetch the small toolchain needed to package charts and render provider CRs. -RUN curl -fsSL -o /tmp/helm.tgz "https://get.helm.sh/helm-${HELM_VERSION}-linux-${TARGETARCH}.tar.gz" \ - && tar -xzf /tmp/helm.tgz --strip-components=1 -C /usr/local/bin "linux-${TARGETARCH}/helm" \ - && rm -f /tmp/helm.tgz - -RUN curl -fsSL -o /tmp/cue.tgz "https://github.com/cue-lang/cue/releases/download/${CUE_VERSION}/cue_${CUE_VERSION}_linux_${TARGETARCH}.tar.gz" \ - && tar -xzf /tmp/cue.tgz -C /usr/local/bin cue \ - && rm -f /tmp/cue.tgz - -RUN mkdir -p /out - -COPY bootstrap/k0s/manifests/providers/providers.cue /tmp/providers.cue - -# Pull the startup charts into fixed local artifact names for the runtime image. -RUN helm pull cert-manager \ - --repo https://charts.jetstack.io \ - --version "${CERT_MANAGER_VERSION}" \ - --destination /out \ - && mv "/out/cert-manager-${CERT_MANAGER_VERSION}.tgz" /out/cert-manager.tgz - -RUN helm repo add capi-operator https://kubernetes-sigs.github.io/cluster-api-operator >/dev/null \ - && helm pull capi-operator/cluster-api-operator \ - --version "${CAPI_OPERATOR_CHART_VERSION}" \ - --destination /out \ - && mv "/out/cluster-api-operator-${CAPI_OPERATOR_CHART_VERSION}.tgz" /out/cluster-api-operator.tgz - -RUN helm pull oci://ghcr.io/tinkerbell/charts/tinkerbell \ - --version "${TINKERBELL_CHART_VERSION}" \ - --destination /out \ - && mv "/out/tinkerbell-${TINKERBELL_CHART_VERSION}.tgz" /out/tinkerbell.tgz - -# Render the provider CRs once during the build; the runtime handoff script will -# only stage them into the watched manifest directory after the operator is ready. -RUN cue export /tmp/providers.cue \ - -e output \ - --out yaml \ - -t capi_version="${CAPI_VERSION}" \ - -t capn_version="${CAPN_VERSION}" \ - -t talos_bootstrap_provider_version="${TALOS_BOOTSTRAP_PROVIDER_VERSION}" \ - -t talos_control_plane_provider_version="${TALOS_CONTROL_PLANE_PROVIDER_VERSION}" \ - >/out/providers.yaml - -# The runtime image only needs the CUE sources, the CUE CLI, pre-fetched -# charts, and the delayed provider-manifest handoff helper. -FROM ${K0S_IMAGE} - -COPY bootstrap/k0s/k0s.cue /opt/bootstrap/k0s.cue -COPY bootstrap/k0s/manifests/providers/namespaces.yaml /opt/bootstrap/providers/namespaces.yaml -COPY bootstrap/k0s/bootstrap-k0s.sh /usr/local/bin/bootstrap-k0s.sh -COPY --from=chart-builder /usr/local/bin/cue /usr/local/bin/cue -COPY --from=chart-builder /out/cert-manager.tgz /opt/bootstrap/charts/cert-manager.tgz -COPY --from=chart-builder /out/cluster-api-operator.tgz /opt/bootstrap/charts/cluster-api-operator.tgz -COPY --from=chart-builder /out/tinkerbell.tgz /opt/bootstrap/charts/tinkerbell.tgz -COPY --from=chart-builder /out/providers.yaml /opt/bootstrap/providers/providers.yaml - -ENV K0S_ENTRYPOINT_ROLE=controller+worker - -# Provider namespaces are staged from /opt because /var/lib/k0s is mounted at -# runtime. Provider CRs are staged later once the operator webhook is ready. -RUN mkdir -p /etc/k0s /opt/bootstrap/charts \ - && chmod 0755 /usr/local/bin/bootstrap-k0s.sh - -CMD ["/usr/local/bin/bootstrap-k0s.sh"] diff --git a/bootstrap/k0s/README.md b/bootstrap/k0s/README.md deleted file mode 100644 index cc9cc05..0000000 --- a/bootstrap/k0s/README.md +++ /dev/null @@ -1,149 +0,0 @@ -# bootstrap-k0s - -`bootstrap-k0s` builds the temporary `k0s` bootstrap image for the lab's VyOS-hosted management cluster. It brings up a single-node `k0s` control plane, renders the Tinkerbell provisioning configuration from a small runtime contract using CUE, and then hands off the Cluster API provider resources only after the Cluster API Operator is actually ready. - -This image is for the bootstrap management plane only. It is not the long-term platform cluster shape. - -## What It Installs - -- `cert-manager` -- `cluster-api-operator` -- `tinkerbell` -- `CoreProvider` for Cluster API -- `BootstrapProvider` for Talos -- `ControlPlaneProvider` for Talos -- `InfrastructureProvider` for Incus - -The first three are installed through `k0s` `spec.extensions.helm`. The provider CRs are rendered from CUE at build time and staged into the k0s Manifest Deployer only after the operator CRDs and webhook are ready. - -## Runtime Contract - -The image is built once in `platform` and configured at runtime by the -router-side consumer in `infra`. - -Required environment variables: - -- `TINKERBELL_PUBLIC_IP` -- `TINKERBELL_ARTIFACTS_FILE_SERVER` -- `TINKERBELL_DHCP_BIND_INTERFACE` - -Optional environment variables: - -- `TINKERBELL_TRUSTED_PROXIES` defaults to `10.244.0.0/16,10.96.0.0/12` -- `K0S_POD_CIDR` defaults to `10.244.0.0/16` -- `K0S_SERVICE_CIDR` defaults to `10.96.0.0/12` -- `TINKERBELL_DHCP_BIND_ADDR` defaults to `TINKERBELL_PUBLIC_IP` -- `TINKERBELL_HOOKOS_ARCH` defaults to `x86_64` -- `TINKERBELL_HOOKOS_KERNEL_VERSION` defaults to `6.6` -- `TINKERBELL_HOOKOS_EXTENSION` defaults to `tar.gz` -- `TINKERBELL_DHCP_MODE` defaults to `reservation` - -The intended real-lab consumer passes: - -```text -TINKERBELL_PUBLIC_IP=10.10.20.1 -TINKERBELL_ARTIFACTS_FILE_SERVER=http://10.10.20.1:7173 -TINKERBELL_DHCP_BIND_ADDR=10.10.20.1 -TINKERBELL_DHCP_BIND_INTERFACE=eth1.20 -``` - -The VyOS-hosted bootstrap path leaves LAB_MGMT and LAB_OOB DHCP with VyOS/Kea. -Tinkerbell owns DHCP/PXE on LAB_PROV and binds its HTTP, DHCP, TFTP, gRPC, and -SSH listeners to `TINKERBELL_PUBLIC_IP`. - -For local smoke runs, set `TINKERBELL_DHCP_BIND_INTERFACE` to an interface that -actually exists inside the disposable bootstrap container, such as `eth0`. - -## File Layout - -- [Dockerfile](./Dockerfile) builds the runtime image and packages the startup artifacts. -- [k0s.cue](./k0s.cue) is the tracked `k0s` config source of truth. -- [bootstrap-k0s.sh](./bootstrap-k0s.sh) exports the final `k0s` config from CUE at runtime, starts `k0s`, and delays the provider-manifest handoff until the operator is ready. -- [manifests/providers/namespaces.yaml](./manifests/providers/namespaces.yaml) seeds the provider namespaces immediately. -- [manifests/providers/providers.cue](./manifests/providers/providers.cue) is the source of truth for the provider CRs. -- [moon.yml](./moon.yml) defines the local lint and image build checks. -- [VERSION](./VERSION) is the release-please version source for the published image tag. - -## Build - -From the repository root: - -```sh -docker build -t bootstrap-k0s:test -f bootstrap/k0s/Dockerfile . -``` - -Lint the Dockerfile: - -```sh -moon run bootstrap-k0s:lint --summary minimal -``` - -## Local Smoke Test - -Start a disposable local bootstrap cluster: - -```sh -docker volume create bootstrap-k0s-data -docker volume create bootstrap-k0s-pods - -docker run -d \ - --name bootstrap-k0s-smoke \ - --hostname bootstrap-k0s-smoke \ - --privileged \ - --tmpfs /run \ - -v bootstrap-k0s-data:/var/lib/k0s \ - -v bootstrap-k0s-pods:/var/log/pods \ - -p 6443:6443 \ - -e TINKERBELL_PUBLIC_IP=10.10.20.1 \ - -e TINKERBELL_ARTIFACTS_FILE_SERVER=http://10.10.20.1:7173 \ - -e TINKERBELL_DHCP_BIND_ADDR=0.0.0.0 \ - -e TINKERBELL_DHCP_BIND_INTERFACE=eth0 \ - bootstrap-k0s:test -``` - -After the startup settles, inspect the bootstrap controllers: - -```sh -docker exec bootstrap-k0s-smoke sh -lc ' - k0s kubectl get coreproviders,bootstrapproviders,controlplaneproviders,infrastructureproviders -A - echo - k0s kubectl get deploy -A -' -``` - -The validated local outcome is: - -- `cluster-api-operator`, `cert-manager`, and `tinkerbell` are `1/1` Ready -- Tinkerbell runs in host-networked provisioning mode with HookOS enabled -- provider CRs report `READY=True` -- provider controller deployments in `capi-system`, `cabpt-system`, `cacppt-system`, and `capn-system` are `1/1` Ready - -Clean up: - -```sh -docker rm -f bootstrap-k0s-smoke -docker volume rm bootstrap-k0s-data bootstrap-k0s-pods -``` - -## Release - -`bootstrap-k0s` is a release-please-managed subproject. - -- `VERSION` is the source of truth for the current released version. -- release tags are `bootstrap-k0s-v*`. -- published images land at `ghcr.io/gilmanlab/platform/bootstrap-k0s:`. -- `infra` should consume an exact released tag, not `latest`. - -## Notes - -- The final runtime `k0s` config is exported from `k0s.cue` with the bundled `cue` CLI before `k0s` starts. -- Provider CRs are rendered with CUE during the image build, and the runtime `k0s` config is rendered with CUE at container startup. -- The delayed handoff exists because the operator webhook is not ready early enough for a naive first-pass Manifest Deployer apply. - -## Contributing - -Follow the repository-wide guidance in [CONTRIBUTING.md](../../CONTRIBUTING.md). - -## License - -No component-specific license file is defined in this directory. diff --git a/bootstrap/k0s/VERSION b/bootstrap/k0s/VERSION deleted file mode 100644 index ee1372d..0000000 --- a/bootstrap/k0s/VERSION +++ /dev/null @@ -1 +0,0 @@ -0.2.2 diff --git a/bootstrap/k0s/bootstrap-k0s.sh b/bootstrap/k0s/bootstrap-k0s.sh deleted file mode 100644 index 08273c9..0000000 --- a/bootstrap/k0s/bootstrap-k0s.sh +++ /dev/null @@ -1,104 +0,0 @@ -#!/bin/sh -set -eu - -provider_namespaces_src="/opt/bootstrap/providers/namespaces.yaml" -provider_src="/opt/bootstrap/providers/providers.yaml" -provider_dst_dir="/var/lib/k0s/manifests/providers" -provider_namespaces_dst="${provider_dst_dir}/00-namespaces.yaml" -provider_dst="${provider_dst_dir}/10-providers.yaml" -k0s_source="/opt/bootstrap/k0s.cue" -k0s_config="/etc/k0s/k0s.yaml" - -require_env() { - name="$1" - eval "value=\${$name:-}" - if [ -z "$value" ]; then - echo "missing required environment variable: $name" >&2 - exit 1 - fi -} - -render_k0s_config() { - require_env TINKERBELL_PUBLIC_IP - require_env TINKERBELL_ARTIFACTS_FILE_SERVER - require_env TINKERBELL_DHCP_BIND_INTERFACE - - K0S_POD_CIDR="${K0S_POD_CIDR:-10.244.0.0/16}" - K0S_SERVICE_CIDR="${K0S_SERVICE_CIDR:-10.96.0.0/12}" - TINKERBELL_TRUSTED_PROXIES="${TINKERBELL_TRUSTED_PROXIES:-$K0S_POD_CIDR,$K0S_SERVICE_CIDR}" - TINKERBELL_HOOKOS_ARCH="${TINKERBELL_HOOKOS_ARCH:-x86_64}" - TINKERBELL_HOOKOS_KERNEL_VERSION="${TINKERBELL_HOOKOS_KERNEL_VERSION:-6.6}" - TINKERBELL_HOOKOS_EXTENSION="${TINKERBELL_HOOKOS_EXTENSION:-tar.gz}" - TINKERBELL_DHCP_MODE="${TINKERBELL_DHCP_MODE:-reservation}" - TINKERBELL_DHCP_BIND_ADDR="${TINKERBELL_DHCP_BIND_ADDR:-$TINKERBELL_PUBLIC_IP}" - TINKERBELL_TINK_SERVER_ADDR_PORT="${TINKERBELL_TINK_SERVER_ADDR_PORT:-$TINKERBELL_PUBLIC_IP:42113}" - TINKERBELL_OSIE_URL="${TINKERBELL_OSIE_URL:-http://$TINKERBELL_PUBLIC_IP:7173}" - - cue export "$k0s_source" \ - -e output \ - --out yaml \ - -t pod_cidr="$K0S_POD_CIDR" \ - -t service_cidr="$K0S_SERVICE_CIDR" \ - -t public_ip="$TINKERBELL_PUBLIC_IP" \ - -t artifacts_file_server="$TINKERBELL_ARTIFACTS_FILE_SERVER" \ - -t dhcp_bind_addr="$TINKERBELL_DHCP_BIND_ADDR" \ - -t dhcp_bind_interface="$TINKERBELL_DHCP_BIND_INTERFACE" \ - -t hookos_arch="$TINKERBELL_HOOKOS_ARCH" \ - -t hookos_kernel_version="$TINKERBELL_HOOKOS_KERNEL_VERSION" \ - -t hookos_extension="$TINKERBELL_HOOKOS_EXTENSION" \ - -t dhcp_mode="$TINKERBELL_DHCP_MODE" \ - -t tink_server_addr_port="$TINKERBELL_TINK_SERVER_ADDR_PORT" \ - -t osie_url="$TINKERBELL_OSIE_URL" \ - -t trusted_proxies="$TINKERBELL_TRUSTED_PROXIES" \ - >"$k0s_config" -} - -render_k0s_config -mkdir -p "$provider_dst_dir" -cp "$provider_namespaces_src" "$provider_namespaces_dst" - -echo "starting k0s bootstrap controller" -k0s controller --config "$k0s_config" --single --ignore-pre-flight-checks & -k0s_pid=$! - -cleanup() { - if kill -0 "$k0s_pid" 2>/dev/null; then - kill "$k0s_pid" 2>/dev/null || true - fi -} - -trap cleanup INT TERM - -while :; do - if ! kill -0 "$k0s_pid" 2>/dev/null; then - wait "$k0s_pid" - exit $? - fi - - if ! k0s kubectl get crd \ - coreproviders.operator.cluster.x-k8s.io \ - bootstrapproviders.operator.cluster.x-k8s.io \ - controlplaneproviders.operator.cluster.x-k8s.io \ - infrastructureproviders.operator.cluster.x-k8s.io >/dev/null 2>&1; then - sleep 2 - continue - fi - - if ! k0s kubectl -n capi-operator-system wait \ - --for=condition=Available \ - deployment/cluster-api-operator \ - --timeout=5s >/dev/null 2>&1; then - sleep 2 - continue - fi - - if k0s kubectl --request-timeout=5s apply --dry-run=server -f "$provider_src" >/dev/null 2>&1; then - echo "operator API is ready; handing provider manifests to k0s manifest deployer" - cp "$provider_src" "$provider_dst" - break - fi - - sleep 2 -done - -wait "$k0s_pid" diff --git a/bootstrap/k0s/k0s.cue b/bootstrap/k0s/k0s.cue deleted file mode 100644 index bb9b19c..0000000 --- a/bootstrap/k0s/k0s.cue +++ /dev/null @@ -1,135 +0,0 @@ -package k0s - -import ( - "encoding/yaml" - "strings" -) - -cfgPodCIDR: string @tag(pod_cidr) -cfgServiceCIDR: string @tag(service_cidr) -cfgPublicIP: string @tag(public_ip) -cfgArtifactsFileServer: string @tag(artifacts_file_server) -cfgDHCPBindAddr: string @tag(dhcp_bind_addr) -cfgDHCPBindInterface: string @tag(dhcp_bind_interface) -cfgHookOSArch: string @tag(hookos_arch) -cfgHookOSKernelVersion: string @tag(hookos_kernel_version) -cfgHookOSExtension: string @tag(hookos_extension) -cfgDHCPMode: string @tag(dhcp_mode) -cfgTinkServerAddrPort: string @tag(tink_server_addr_port) -cfgOSIEURL: string @tag(osie_url) -cfgTrustedProxiesCSV: string @tag(trusted_proxies) - -cfgTrustedProxies: [for proxy in strings.Split(cfgTrustedProxiesCSV, ",") if strings.TrimSpace(proxy) != "" { - strings.TrimSpace(proxy) -}] - -#CertManagerValues: { - crds: { - enabled: true - } -} - -#TinkerbellValues: { - trustedProxies: cfgTrustedProxies - publicIP: cfgPublicIP - artifactsFileServer: cfgArtifactsFileServer - service: { - type: "ClusterIP" - } - deployment: { - additionalEnvs: [{ - name: "TINKERBELL_BIND_ADDRESS" - value: cfgPublicIP - }] - hostNetwork: true - init: { - enabled: false - } - strategy: { - type: "Recreate" - } - envs: { - globals: { - bindAddr: "0.0.0.0" - } - smee: { - dhcpEnabled: true - dhcpMode: cfgDHCPMode - dhcpBindAddr: cfgDHCPBindAddr - dhcpBindInterface: cfgDHCPBindInterface - dhcpIPForPacket: cfgPublicIP - dhcpTftpIP: cfgPublicIP - dhcpSyslogIP: cfgPublicIP - dhcpIpxeHttpBinaryHost: cfgPublicIP - dhcpIpxeHttpScriptHost: cfgPublicIP - ipxeScriptTinkServerAddrPort: cfgTinkServerAddrPort - ipxeHttpScriptOsieURL: cfgOSIEURL - tftpServerBindAddr: "0.0.0.0" - ipxeHttpScriptExtraKernelArgs: ["ip=dhcp"] - ipxeHttpScriptRetries: 5 - } - tinkServer: { - bindAddr: "0.0.0.0" - } - } - } - optional: { - osie: { - hostNetwork: true - service: { - type: "ClusterIP" - } - } - hookos: { - enabled: true - arch: cfgHookOSArch - kernelVersion: cfgHookOSKernelVersion - extension: cfgHookOSExtension - } - kubevip: { - enabled: false - } - } -} - -output: { - apiVersion: "k0s.k0sproject.io/v1beta1" - kind: "ClusterConfig" - metadata: { - name: "bootstrap-k0s" - namespace: "kube-system" - } - spec: { - network: { - podCIDR: cfgPodCIDR - serviceCIDR: cfgServiceCIDR - } - extensions: { - helm: { - concurrencyLevel: 1 - charts: [ - { - name: "cert-manager" - chartname: "/opt/bootstrap/charts/cert-manager.tgz" - namespace: "cert-manager" - order: 0 - values: yaml.Marshal(#CertManagerValues) - }, - { - name: "cluster-api-operator" - chartname: "/opt/bootstrap/charts/cluster-api-operator.tgz" - namespace: "capi-operator-system" - order: 10 - }, - { - name: "tinkerbell" - chartname: "/opt/bootstrap/charts/tinkerbell.tgz" - namespace: "tinkerbell" - order: 20 - values: yaml.Marshal(#TinkerbellValues) - }, - ] - } - } - } -} diff --git a/bootstrap/k0s/manifests/providers/namespaces.yaml b/bootstrap/k0s/manifests/providers/namespaces.yaml deleted file mode 100644 index 0418cdf..0000000 --- a/bootstrap/k0s/manifests/providers/namespaces.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: capi-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: cabpt-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: cacppt-system ---- -apiVersion: v1 -kind: Namespace -metadata: - name: capn-system diff --git a/bootstrap/k0s/manifests/providers/providers.cue b/bootstrap/k0s/manifests/providers/providers.cue deleted file mode 100644 index bcf1c04..0000000 --- a/bootstrap/k0s/manifests/providers/providers.cue +++ /dev/null @@ -1,69 +0,0 @@ -package providers - -capiVersion: string @tag(capi_version) -capnVersion: string @tag(capn_version) -talosBootstrapProviderVersion: string @tag(talos_bootstrap_provider_version) -talosControlPlaneVersion: string @tag(talos_control_plane_provider_version) - -output: { - apiVersion: "v1" - kind: "List" - items: [ - { - apiVersion: "operator.cluster.x-k8s.io/v1alpha2" - kind: "CoreProvider" - metadata: { - name: "cluster-api" - namespace: "capi-system" - } - spec: { - version: capiVersion - fetchConfig: { - url: "https://github.com/kubernetes-sigs/cluster-api/releases/download/\(capiVersion)/core-components.yaml" - } - } - }, - { - apiVersion: "operator.cluster.x-k8s.io/v1alpha2" - kind: "BootstrapProvider" - metadata: { - name: "talos" - namespace: "cabpt-system" - } - spec: { - version: talosBootstrapProviderVersion - fetchConfig: { - url: "https://github.com/siderolabs/cluster-api-bootstrap-provider-talos/releases/download/\(talosBootstrapProviderVersion)/bootstrap-components.yaml" - } - } - }, - { - apiVersion: "operator.cluster.x-k8s.io/v1alpha2" - kind: "ControlPlaneProvider" - metadata: { - name: "talos" - namespace: "cacppt-system" - } - spec: { - version: talosControlPlaneVersion - fetchConfig: { - url: "https://github.com/siderolabs/cluster-api-control-plane-provider-talos/releases/download/\(talosControlPlaneVersion)/control-plane-components.yaml" - } - } - }, - { - apiVersion: "operator.cluster.x-k8s.io/v1alpha2" - kind: "InfrastructureProvider" - metadata: { - name: "incus" - namespace: "capn-system" - } - spec: { - version: capnVersion - fetchConfig: { - url: "https://github.com/lxc/cluster-api-provider-incus/releases/download/\(capnVersion)/infrastructure-components.yaml" - } - } - }, - ] -} diff --git a/bootstrap/k0s/moon.yml b/bootstrap/k0s/moon.yml deleted file mode 100644 index c600a5c..0000000 --- a/bootstrap/k0s/moon.yml +++ /dev/null @@ -1,81 +0,0 @@ -layer: 'scaffolding' -tags: - - 'bootstrap' - - 'docker' - - 'k0s' - -project: - title: 'bootstrap-k0s' - description: 'Temporary VyOS-hosted k0s bootstrap image.' - owner: 'GilmanLab' - maintainers: - - 'josh' - -tasks: - lint: - command: 'hadolint Dockerfile' - toolchains: 'system' - inputs: - - '/.prototools' - - '/.moon/proto/cue.toml' - - '/.moon/proto/hadolint.toml' - - 'Dockerfile' - options: - cache: false - runInCI: true - vet: - command: >- - bash -lc "cue vet -c k0s.cue - -t pod_cidr=10.244.0.0/16 - -t service_cidr=10.96.0.0/12 - -t public_ip=10.10.20.1 - -t artifacts_file_server=http://10.10.20.1:7173 - -t dhcp_bind_addr=10.10.20.1 - -t dhcp_bind_interface=eth1.20 - -t hookos_arch=x86_64 - -t hookos_kernel_version=6.6 - -t hookos_extension=tar.gz - -t dhcp_mode=reservation - -t tink_server_addr_port=10.10.20.1:42113 - -t osie_url=http://10.10.20.1:7173 - -t trusted_proxies=10.244.0.0/16,10.96.0.0/12" - toolchains: 'system' - inputs: - - '/.prototools' - - '/.moon/proto/cue.toml' - - 'k0s.cue' - options: - cache: false - runInCI: true - check: - command: >- - bash -lc "hadolint Dockerfile && - cue vet -c k0s.cue - -t pod_cidr=10.244.0.0/16 - -t service_cidr=10.96.0.0/12 - -t public_ip=10.10.20.1 - -t artifacts_file_server=http://10.10.20.1:7173 - -t dhcp_bind_addr=10.10.20.1 - -t dhcp_bind_interface=eth1.20 - -t hookos_arch=x86_64 - -t hookos_kernel_version=6.6 - -t hookos_extension=tar.gz - -t dhcp_mode=reservation - -t tink_server_addr_port=10.10.20.1:42113 - -t osie_url=http://10.10.20.1:7173 - -t trusted_proxies=10.244.0.0/16,10.96.0.0/12 && - DOCKER_BUILDKIT=1 docker build -t bootstrap-k0s:test -f Dockerfile ../.." - toolchains: 'system' - inputs: - - '/.prototools' - - '/.moon/proto/cue.toml' - - '/.moon/proto/hadolint.toml' - - 'Dockerfile' - - 'README.md' - - 'VERSION' - - 'bootstrap-k0s.sh' - - 'k0s.cue' - - 'manifests/**/*' - options: - cache: false - runInCI: true diff --git a/release-please-config.json b/release-please-config.json index a4951db..3dfa6f7 100644 --- a/release-please-config.json +++ b/release-please-config.json @@ -55,16 +55,6 @@ "VERSION" ] }, - "bootstrap/k0s": { - "component": "bootstrap-k0s", - "include-component-in-tag": true, - "changelog-path": "CHANGELOG.md", - "version-file": "VERSION", - "exclude-paths": [ - "CHANGELOG.md", - "VERSION" - ] - }, "services/dns-mirror": { "component": "dns-mirror", "include-component-in-tag": true,