Skip to content

Migrate Metal-Console to metal-apiserver #305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
vknabel wants to merge 3 commits into
base: master
Choose a base branch
from
Draft

Migrate Metal-Console to metal-apiserver #305

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
8a048df
feat: metal-console
vknabel Jun 8, 2026
50652d5
tmp: override versions
vknabel Jun 8, 2026
8a0c4a9
test: enable
vknabel Jun 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,5 +16,6 @@ sonic-vs.img
files/certs/*.pem
files/certs/**/*.pem
files/certs/**/*.crt
files/certs/**/*.pub
.vscode
vrnetlab
vrnetlab
6 changes: 5 additions & 1 deletion deploy_control_plane.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@
roles:
- name: ansible-common
tags: always
- name: metal-ansible-modules
tags: always
- name: ingress-controller
tags: ingress-controller
- name: metal-roles/control-plane/roles/prepare
Expand All @@ -29,6 +31,8 @@
tags: valkey
- name: metal-roles/control-plane/roles/zitadel
tags: auth
- name: metal-roles/common/roles/metal-v2-client
tags: metal
- name: metal-roles/control-plane/roles/metal
tags: metal
- name: metal-roles/control-plane/roles/logging
Expand All @@ -41,7 +45,7 @@
- name: deploy gardener
import_playbook: deploy_gardener.yaml
when: gardener_enabled and not kamaji_enabled

- name: deploy kamaji
import_playbook: deploy_kamaji.yaml
when: kamaji_enabled and not gardener_enabled
17 changes: 17 additions & 0 deletions files/certs/bmc-proxy/client.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{
"CN": "bmc-proxy-client",
"hosts": [""],
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "DE",
"L": "Munich",
"O": "Metal-Stack",
"OU": "DevOps",
"ST": "Bavaria"
}
]
}
22 changes: 22 additions & 0 deletions files/certs/bmc-proxy/server.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
{
"CN": "metal-console",
"hosts": [
"localhost",
"metal-console",
"metal-console.svc",
"metal-console.svc.cluster.local"
],
"key": {
"algo": "rsa",
"size": 4096
},
"names": [
{
"C": "DE",
"L": "Munich",
"O": "Metal-Stack",
"OU": "DevOps",
"ST": "Bavaria"
}
]
}
12 changes: 9 additions & 3 deletions inventories/group_vars/all/release_vector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
metal_stack_release_version: develop
metal_stack_release_version: separate-metal-console-helm-chart

@vknabel vknabel Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

all changes in this file are temp


metal_stack_release_vectors:
- url: oci://ghcr.io/metal-stack/releases:{{ metal_stack_release_version }}
Expand All @@ -22,7 +22,7 @@ metal_stack_release_vectors:
# metal_masterdata_api_image_name:
# metal_masterdata_api_image_tag:
# metal_console_image_name:
# metal_console_image_tag:
metal_console_image_tag: pr-migrate-to-metal-apiserver-token-renewal
# metal_core_image_name:
# metal_core_image_tag:
# headscale_image_tag:
Expand All @@ -40,14 +40,20 @@ metal_stack_release_vectors:
##

# ansible_common_version:
# metal_roles_version:
metal_roles_version: migrate-to-metal-apiserver-token-renewal

# metal_ansible_modules_version:

##
## helm charts
##

# metal_helm_chart_tag:
metal_helm_chart_version: 0.8.3
metal_helm_chart_tag: v0.8.3-pull-request.161
metal_console_helm_chart_version: 0.1.0
metal_console_helm_chart_tag: v0.1.0-pull-request.161

# metal_helm_chart:
# further overrides can be looked up in metal-roles where the mapping is defined:
# https://github.com/metal-stack/metal-roles/blob/master/common/roles/defaults/defaults/main.yaml
13 changes: 12 additions & 1 deletion inventories/group_vars/control_plane/metal.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,7 +156,18 @@ metal_masterdata_api_projects:
name: sample-project
description: Sample project with static id

metal_console_enabled: false
metal_console_enabled: true

@vknabel vknabel Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

override tmp as not everything has been wired up correctly (if even possible)

metal_console_use_apiserver: true
metal_console_token_renewal:
enabled: true
metal_console_token_expiration: 15m

@vknabel vknabel Jun 8, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

override tmp


metal_console_bmc_proxy_certs_ca_cert: "{{ lookup('file', 'certs/ca.pem') }}"
metal_console_bmc_proxy_certs_server_cert: "{{ lookup('file', 'certs/bmc-proxy/server.pem') }}"
metal_console_bmc_proxy_certs_server_key: "{{ lookup('file', 'certs/bmc-proxy/server-key.pem') }}"
metal_console_bmc_proxy_certs_server_pub: "{{ lookup('file', 'certs/bmc-proxy/server-key.pub') }}"
metal_console_bmc_proxy_certs_client_cert: "{{ lookup('file', 'certs/bmc-proxy/client.pem') }}"
metal_console_bmc_proxy_certs_client_key: "{{ lookup('file', 'certs/bmc-proxy/client-key.pem') }}"

metal_api_grpc_certs_server_key: "{{ lookup('file', 'certs/grpc/server-key.pem') }}"
metal_api_grpc_certs_server_cert: "{{ lookup('file', 'certs/grpc/server.pem') }}"
Expand Down
9 changes: 9 additions & 0 deletions scripts/roll_certs.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,3 +37,12 @@ cfssl gencert -ca=../ca.pem -ca-key=../ca-key.pem -config=../ca-config.json -pro
cat client.pem client-key.pem > client.crt
rm -f *.csr
popd

echo "generating bmc-proxy certs"

pushd bmc-proxy
cfssl gencert -ca=../ca.pem -ca-key=../ca-key.pem -config=../ca-config.json -profile=server server.json | cfssljson -bare server
cfssl gencert -ca=../ca.pem -ca-key=../ca-key.pem -config=../ca-config.json -profile=client client.json | cfssljson -bare client
rm *.csr
ssh-keygen -y -f server-key.pem > server-key.pub
popd
Loading