diff --git a/lbnl/helm/Chart.yaml b/lbnl/helm/Chart.yaml index 69ae98b..dd9139f 100644 --- a/lbnl/helm/Chart.yaml +++ b/lbnl/helm/Chart.yaml @@ -20,3 +20,20 @@ type: application version: "0.0.1" appVersion: "0.0.1" + +dependencies: + - name: postgresql + version: 15.5.29 + repository: https://charts.bitnami.com/bitnami + alias: postgresql-hydra + condition: postgresql-hydra.enabled + - name: postgresql + version: 15.5.29 + repository: https://charts.bitnami.com/bitnami + alias: postgresql-bss + condition: postgresql-bss.enabled + - name: postgresql + version: 15.5.29 + repository: https://charts.bitnami.com/bitnami + alias: postgresql-smd + condition: postgresql-smd.enabled diff --git a/lbnl/helm/scripts/install.sh b/lbnl/helm/scripts/install.sh index c996860..0a858bf 100755 --- a/lbnl/helm/scripts/install.sh +++ b/lbnl/helm/scripts/install.sh @@ -12,7 +12,6 @@ helm install \ --set smd.deployment.image.repository="${repo}" \ --set postgres.deployment.image.repository="${repo}" \ --set krakend.deployment.image.repository="${repo}" \ - --set dnsmasq.deployment.image.repository="${repo}" \ --set hydra.deployment.image.repository="${repo}" \ --set hydra_consent.deployment.image.repository="${repo}" \ --set swiss_army_knife.deployment.image.repository="${repo}" \ diff --git a/lbnl/helm/scripts/template.sh b/lbnl/helm/scripts/template.sh index 4ce06bd..232ae68 100755 --- a/lbnl/helm/scripts/template.sh +++ b/lbnl/helm/scripts/template.sh @@ -11,7 +11,6 @@ helm template \ --set smd.deployment.image.repository="${repo}" \ --set postgres.deployment.image.repository="${repo}" \ --set krakend.deployment.image.repository="${repo}" \ - --set dnsmasq.deployment.image.repository="${repo}" \ --set hydra.deployment.image.repository="${repo}" \ --set hydra_consent.deployment.image.repository="${repo}" \ --set swiss_army_knife.deployment.image.repository="${repo}" \ diff --git a/lbnl/helm/scripts/upgrade.sh b/lbnl/helm/scripts/upgrade.sh index 293df87..e9db1b5 100755 --- a/lbnl/helm/scripts/upgrade.sh +++ b/lbnl/helm/scripts/upgrade.sh @@ -11,7 +11,6 @@ helm upgrade \ --set smd.deployment.image.repository="${repo}" \ --set postgres.deployment.image.repository="${repo}" \ --set krakend.deployment.image.repository="${repo}" \ - --set dnsmasq.deployment.image.repository="${repo}" \ --set hydra.deployment.image.repository="${repo}" \ --set hydra_consent.deployment.image.repository="${repo}" \ --set swiss_army_knife.deployment.image.repository="${repo}" \ diff --git a/lbnl/helm/templates/atftpd/deployment.yaml b/lbnl/helm/templates/atftpd/deployment.yaml new file mode 100644 index 0000000..5511e8d --- /dev/null +++ b/lbnl/helm/templates/atftpd/deployment.yaml @@ -0,0 +1,60 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: tftpd + namespace: {{ .Release.Namespace }} + labels: + app: tftpd +spec: + replicas: {{ .Values.tftpd.deployment.replicaCount }} + selector: + matchLabels: + app: tftpd + strategy: + type: Recreate + template: + metadata: + labels: + app: tftpd + spec: + initContainers: + # This is a bad way to populate the binary blobs served by TFTPD without somehow initializing them out of band. + # https://kubernetes.io/docs/tasks/configure-pod-container/image-volumes/ would be a good candidate, but it's only alpha as of 1.31, the + # latest release. PVC probably isn't much better than initContainer emptyDir, since it requires similar setup hacks with pre-install hooks. + - name: tftp-init + image: busybox:latest + imagePullPolicy: IfNotPresent + command: + - /bin/sh + - -c + - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/undionly.kpxe + - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/reboot.ipxe + - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/ipxe.efi + volumeMounts: + - mountPath: /data + name: storage + containers: + - name: tftpd + image: {{ .Values.tftpd.deployment.image.repository }}/{{ .Values.tftpd.deployment.image.name }}:{{ .Values.tftpd.deployment.image.tag }} + imagePullPolicy: {{ .Values.tftpd.deployment.image.pullPolicy }} + args: + - "--daemon" + - "--no-fork" + - "--logfile" + - "-" + - "--port" + - "69" + - "--verbose" + - "/data" + ports: + - name: tftp + containerPort: 69 + protocol: UDP + volumeMounts: + - mountPath: /data + name: storage + volumes: + - name: storage + emptyDir: + sizeLimit: 512M diff --git a/lbnl/helm/templates/atftpd/init.yaml b/lbnl/helm/templates/atftpd/init.yaml new file mode 100644 index 0000000..2ef8b7c --- /dev/null +++ b/lbnl/helm/templates/atftpd/init.yaml @@ -0,0 +1,47 @@ +## This content is effectively static, but we don't have a great way to get it into the container +#--- +#apiVersion: v1 +#kind: PersistentVolumeClaim +#metadata: +# name: {{ .Release.Name }}-tftp +# namespace: {{ .Release.Namespace }} +# annotations: +# "helm.sh/hook": pre-install +#spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 1Gi +# storageClassName: standard-rwo +#--- +#apiVersion: batch/v1 +#kind: Job +#metadata: +# name: {{ .Release.Name }}-tftp-init +# namespace: {{ .Release.Namespace }} +# annotations: +# "helm.sh/hook": pre-install +#spec: +# template: +# spec: +# containers: +# - name: tftp-init +# image: busybox:latest +# imagePullPolicy: IfNotPresent +# command: +# - /bin/sh +# - -c +# - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/undionly.kpxe +# - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/reboot.ipxe +# - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/ipxe.efi +# env: {} +# volumeMounts: +# - mountPath: /data +# name: storage +# restartPolicy: OnFailure +# volumes: +# - name: storage +# persistentVolumeClaim: +# claimName: {{ .Release.Name }}-tftp +# backoffLimit: 4 diff --git a/lbnl/helm/templates/atftpd/pvc.yaml b/lbnl/helm/templates/atftpd/pvc.yaml new file mode 100644 index 0000000..3cf1940 --- /dev/null +++ b/lbnl/helm/templates/atftpd/pvc.yaml @@ -0,0 +1,13 @@ +#--- +#apiVersion: v1 +#kind: PersistentVolumeClaim +#metadata: +# name: {{ .Release.Name }}-tftp +# namespace: {{ .Release.Namespace }} +#spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 1Gi +# storageClassName: standard-rwo diff --git a/lbnl/helm/templates/bss/deployment.yaml b/lbnl/helm/templates/bss/deployment.yaml index 629051f..5fd9773 100644 --- a/lbnl/helm/templates/bss/deployment.yaml +++ b/lbnl/helm/templates/bss/deployment.yaml @@ -34,18 +34,15 @@ spec: - name: BSS_INSECURE value: "true" - name: BSS_DBHOST - value: postgres.{{ .Release.Namespace }}.svc.cluster.local + value: {{ .Release.Name }}-postgresql-bss.{{ .Release.Namespace }}.svc.cluster.local - name: BSS_DBNAME value: {{ .Values.bss.dbname }} - name: BSS_DBPORT value: "{{ .Values.postgres.service.port }}" - name: BSS_DBUSER - valueFrom: - secretKeyRef: - name: postgres-creds - key: bss_postgres_username + value: bss-user - name: BSS_DBPASS valueFrom: secretKeyRef: - name: postgres-creds - key: bss_postgres_password + name: {{ .Release.Name }}-postgresql-bss + key: password diff --git a/lbnl/helm/templates/bss/init-job.yaml b/lbnl/helm/templates/bss/init-job.yaml index bea09f3..f986d16 100644 --- a/lbnl/helm/templates/bss/init-job.yaml +++ b/lbnl/helm/templates/bss/init-job.yaml @@ -18,20 +18,17 @@ spec: - name: BSS_INSECURE value: "true" - name: BSS_DBHOST - value: postgres.{{ .Release.Namespace }}.svc.cluster.local + value: {{ .Release.Name }}-postgresql-bss.{{ .Release.Namespace }}.svc.cluster.local - name: BSS_DBNAME value: {{ .Values.bss.dbname }} - name: BSS_DBPORT value: "{{ .Values.postgres.service.port }}" - name: BSS_DBUSER - valueFrom: - secretKeyRef: - name: postgres-creds - key: bss_postgres_username + value: bss-user - name: BSS_DBPASS valueFrom: secretKeyRef: - name: postgres-creds - key: bss_postgres_password + name: {{ .Release.Name }}-postgresql-bss + key: password restartPolicy: OnFailure backoffLimit: 4 diff --git a/lbnl/helm/templates/coredhcp/deployment.yaml b/lbnl/helm/templates/coredhcp/deployment.yaml new file mode 100644 index 0000000..b311490 --- /dev/null +++ b/lbnl/helm/templates/coredhcp/deployment.yaml @@ -0,0 +1,80 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coredhcp + namespace: {{ .Release.Namespace }} + labels: + app: coredhcp +spec: + replicas: {{ .Values.coredhcp.deployment.replicaCount }} + selector: + matchLabels: + app: coredhcp + strategy: + type: Recreate + template: + metadata: + labels: + app: coredhcp + spec: + containers: + - name: coredhcp + image: {{ .Values.coredhcp.deployment.image.repository }}/{{ .Values.coredhcp.deployment.image.name }}:{{ .Values.coredhcp.deployment.image.tag }} + imagePullPolicy: {{ .Values.coredhcp.deployment.image.pullPolicy }} + args: + - "/coredhcp" + - "-L" + - "debug" + ports: + - name: dhcp + # TODO we're an IRC server now! probably just have the LB dispatch to a high port + # I don't think this will actually need net admin/the real DHCP port if we're forwarding + containerPort: 6667 + protocol: UDP + volumeMounts: + - mountPath: /leases + name: leases + - mountPath: /etc/coredhcp/ + name: config + volumes: + - name: leases + emptyDir: + sizeLimit: 512M + - name: config + configMap: + name: coredhcp +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredhcp + namespace: {{ .Release.Namespace }} +data: + # TODO this would probably be better as a helper, probably with a constructed dict that + # we toYaml. templating raw yaml strings feels like an icky recipe for failure + config.yaml: | + server4: + listen: + - 0.0.0.0:6667 + plugins: + # Base CoreDHCP config + - server_id: {{ .Values.coredhcp.config.server_id }} + - dns: {{ .Values.coredhcp.config.dns | join " " }} + - router: {{ .Values.coredhcp.config.router }} + - netmask: {{ .Values.coredhcp.config.netmask }} + - range: /leases/leases.txt {{ .Values.coredhcp.config.range.start }} {{ .Values.coredhcp.config.range.end }} {{ .Values.coredhcp.config.range.duration }} + # + # CoreSMD config + # Args: ochami_base_url boot_script_base_url ca_cert_path cache_update_interval long_lease_time + # TODO SMD cert is a mystery here. we have no config for it and there's no indication in the deployment that we load one from anywhere + # we apparently only provide an HTTP listen, so until we provide TLS the cert does nothing + - coresmd: http://smd:{{ .Values.smd.service.port }} http://bss:{{ .Values.bss.service.port }} /fakeroot.pem 30s 1h + # + # Optionally include the file plugin here if it matters which IPs get assigned to which + # MACs. Otherwise, unknown MACs get passed to the bootloop "catch-all" plugin below. + # + # TODO this presumably comes from a bring your own configmap + #- file /etc/coredhcp/hostsfile + # Args: storage_path short_lease_time ip_pool_start ip_pool_end + - bootloop: /leases/coredhcp.db {{ .Values.coredhcp.config.unrecognized_range.duration }} {{ .Values.coredhcp.config.unrecognized_range.start }} {{ .Values.coredhcp.config.unrecognized_range.end }} diff --git a/lbnl/helm/templates/dnsmasq/deployment.yaml b/lbnl/helm/templates/dnsmasq/deployment.yaml deleted file mode 100644 index e5b37c0..0000000 --- a/lbnl/helm/templates/dnsmasq/deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: dnsmasq - namespace: {{ .Release.Namespace }} - labels: - app: dnsmasq -spec: - replicas: {{ .Values.dnsmasq.deployment.replicaCount }} - selector: - matchLabels: - app: dnsmasq - template: - metadata: - labels: - app: dnsmasq - spec: - containers: - - name: dnsmasq - image: {{ .Values.dnsmasq.deployment.image.repository }}/{{ .Values.dnsmasq.deployment.image.name }}:{{ .Values.dnsmasq.deployment.image.tag }} - imagePullPolicy: {{ .Values.dnsmasq.deployment.image.pullPolicy }} - command: ["/bin/bash", "/bin/init.sh"] - volumeMounts: - - name: dnsmasq-config - mountPath: /etc/dnsmasq.conf - subPath: dnsmasq.conf - - name: dnsmasq-config - mountPath: /bin/init.sh - subPath: init.sh - env: - - name: smd_endpoint - value: smd.{{ .Release.Namespace }}.svc.cluster.local - - name: bss_endpoint - value: bss.{{ .Release.Namespace }}.svc.cluster.local - ports: - - name: dnsmasq-dhcp - containerPort: {{ .Values.dnsmasq.deployment.dhcp_port}} - protocol: UDP - - name: dnsmasq-tftp - containerPort: {{ .Values.dnsmasq.deployment.tftp_port}} - protocol: UDP - readinessProbe: - exec: - command: ["pgrep", "dnsmasq"] - volumes: - - name: dnsmasq-config - configMap: - name: dnsmasq-config diff --git a/lbnl/helm/templates/dnsmasq/dnsmasq-config.yaml b/lbnl/helm/templates/dnsmasq/dnsmasq-config.yaml deleted file mode 100644 index c23bc8b..0000000 --- a/lbnl/helm/templates/dnsmasq/dnsmasq-config.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: v1 -data: - dnsmasq.conf: | - port=0 - user=root - dhcp-authoritative - log-dhcp - domain=.local - dhcp-option=option:domain-search,.local - #TODO the next 4 options should be dynamic, I don't know how we want to populate these - dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h - dhcp-option=option:mtu,1500 - dhcp-hostsfile=/etc/dhcp-hostsfile - dhcp-optsfile=/etc/dhcp-optsfile - enable-tftp - tftp-root=/usr/share/ipxe - init.sh: | - smd.py - update_loop.sh & - dnsmasq -d --log-dhcp -kind: ConfigMap -metadata: - name: dnsmasq-config - namespace: {{ .Release.Namespace }} diff --git a/lbnl/helm/templates/dnsmasq/service-dhcp.yaml b/lbnl/helm/templates/dnsmasq/service-dhcp.yaml deleted file mode 100644 index 92e27a6..0000000 --- a/lbnl/helm/templates/dnsmasq/service-dhcp.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: {{ .Release.Namespace }} - name: dnsmasq-dhcp - {{- with .Values.dnsmasq.service.dhcp.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.dnsmasq.service.dhcp.type }} - ports: - - port: {{ .Values.dnsmasq.service.dhcp.port }} - targetPort: {{ .Values.dnsmasq.deployment.dhcp_port}} - name: dnsmasq-dhcp - protocol: UDP - selector: - app: dnsmasq - {{- with .Values.dnsmasq.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/lbnl/helm/templates/dnsmasq/service-tftp.yaml b/lbnl/helm/templates/dnsmasq/service-tftp.yaml deleted file mode 100644 index 2fc03e6..0000000 --- a/lbnl/helm/templates/dnsmasq/service-tftp.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - namespace: {{ .Release.Namespace }} - name: dnsmasq-tftp - {{- with .Values.dnsmasq.service.tftp.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - type: {{ .Values.dnsmasq.service.tftp.type }} - ports: - - port: {{ .Values.dnsmasq.service.tftp.port }} - targetPort: {{ .Values.dnsmasq.deployment.tftp_port}} - name: dnsmasq-tftp - protocol: UDP - selector: - app: dnsmasq - {{- with .Values.dnsmasq.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- toYaml . | nindent 4 }} - {{- end }} diff --git a/lbnl/helm/templates/hydra/deployment.yaml b/lbnl/helm/templates/hydra/deployment.yaml index c2bd2b7..18ac7f1 100644 --- a/lbnl/helm/templates/hydra/deployment.yaml +++ b/lbnl/helm/templates/hydra/deployment.yaml @@ -40,10 +40,10 @@ spec: - name: HYDRA_POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-creds - key: hydra_postgres_password + name: {{ .Release.Name }}-postgresql-hydra + key: password - name: DSN - value: postgres://hydra-user:$(HYDRA_POSTGRES_PASSWORD)@postgres.{{ .Release.Namespace }}.svc.cluster.local:5432/hydradb?sslmode=disable&max_conns=20&max_idle_conns=4 + value: postgres://hydra-user:$(HYDRA_POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql-hydra.{{ .Release.Namespace }}.svc.cluster.local:5432/hydradb?sslmode=disable&max_conns=20&max_idle_conns=4 volumes: - name: hydra-config configMap: diff --git a/lbnl/helm/templates/hydra/migrate.yaml b/lbnl/helm/templates/hydra/migrate.yaml index dba2fa9..59e996c 100644 --- a/lbnl/helm/templates/hydra/migrate.yaml +++ b/lbnl/helm/templates/hydra/migrate.yaml @@ -21,10 +21,10 @@ spec: - name: HYDRA_POSTGRES_PASSWORD valueFrom: secretKeyRef: - name: postgres-creds - key: hydra_postgres_password + name: {{ .Release.Name }}-postgresql-hydra + key: password - name: DSN - value: postgres://hydra-user:$(HYDRA_POSTGRES_PASSWORD)@postgres.{{ .Release.Namespace }}.svc.cluster.local:5432/hydradb?sslmode=disable&max_conns=20&max_idle_conns=4 + value: postgres://hydra-user:$(HYDRA_POSTGRES_PASSWORD)@{{ .Release.Name }}-postgresql-hydra.{{ .Release.Namespace }}.svc.cluster.local:5432/hydradb?sslmode=disable&max_conns=20&max_idle_conns=4 volumes: - name: hydra-config configMap: diff --git a/lbnl/helm/templates/smd/deployment.yaml b/lbnl/helm/templates/smd/deployment.yaml index 2899dd8..b965d32 100644 --- a/lbnl/helm/templates/smd/deployment.yaml +++ b/lbnl/helm/templates/smd/deployment.yaml @@ -30,19 +30,16 @@ spec: port: {{ .Values.smd.deployment.containerPort }} env: - name: SMD_DBHOST - value: postgres.{{ .Release.Namespace }}.svc.cluster.local + value: {{ .Release.Name }}-postgresql-smd.{{ .Release.Namespace }}.svc.cluster.local - name: SMD_DBPORT value: "{{ .Values.postgres.deployment.containerPort }}" - name: SMD_DBUSER - valueFrom: - secretKeyRef: - name: postgres-creds - key: smd_postgres_username + value: smd-user - name: SMD_DBPASS valueFrom: secretKeyRef: - name: postgres-creds - key: smd_postgres_password + name: {{ .Release.Name }}-postgresql-smd + key: password - name: SMD_DBNAME value: {{ .Values.smd.dbname }} - name: SMD_DBOPTS diff --git a/lbnl/helm/templates/smd/init-job.yaml b/lbnl/helm/templates/smd/init-job.yaml index 58e68fd..c620819 100644 --- a/lbnl/helm/templates/smd/init-job.yaml +++ b/lbnl/helm/templates/smd/init-job.yaml @@ -14,19 +14,16 @@ spec: command: ["/smd-init"] env: - name: SMD_DBHOST - value: postgres.{{ .Release.Namespace }}.svc.cluster.local + value: {{ .Release.Name }}-postgresql-smd.{{ .Release.Namespace }}.svc.cluster.local - name: SMD_DBPORT value: "{{ .Values.postgres.deployment.containerPort }}" - name: SMD_DBUSER - valueFrom: - secretKeyRef: - name: postgres-creds - key: smd_postgres_username + value: smd-user - name: SMD_DBPASS valueFrom: secretKeyRef: - name: postgres-creds - key: smd_postgres_password + name: {{ .Release.Name }}-postgresql-smd + key: password - name: SMD_DBNAME value: {{ .Values.smd.dbname }} - name: SMD_DBOPTS diff --git a/lbnl/helm/values.yaml b/lbnl/helm/values.yaml index 56b1cd0..67c2722 100644 --- a/lbnl/helm/values.yaml +++ b/lbnl/helm/values.yaml @@ -1,4 +1,5 @@ --- +# Original in-house Postgres configuration. postgres: deployment: replicaCount: 1 @@ -17,6 +18,58 @@ postgres: dbmount: /var/lib/postgresql/data dbname: ochami +# Third-party Postgres subcharts +# Per https://github.com/bitnami/charts/issues/2876 Bitnami likely won't support +# multiple databases and users in the chart directly. You can use a single Postgres +# instance for multiple clients and databases if you specify a custom initdb string, +# which is essentially "roll your own SQL for initialization", thus losing any +# integration with the values.yaml-exposed user and database setup. You can create +# multiple subchart instances of the same subchart using the "alias" key in the +# dependency definition to use separate single-DB instances for each. Maybe this is +# desirable for isolation anyway? It's simpler to set up, if nothing else. +postgresql-hydra: + enabled: true + auth: + # matches a static value in the deployment template + username: hydra-user + # this is already a static value + database: hydradb + image: + tag: 16.4.0 + service: + ports: + postgresql: "5432" + +postgresql-bss: + enabled: true + auth: + # matches a static value in the deployment template + username: bss-user + # currently this is copy-pasta from another value, which is not great. + # don't think there's any (good) way to share it between the two, + # but using a static value instead is probably fine. + database: bssdb + image: + tag: 16.4.0 + service: + ports: + postgresql: "5432" + +postgresql-smd: + enabled: true + auth: + # matches a static value in the deployment template + username: smd-user + # currently this is copy-pasta from another value, which is not great. + # don't think there's any (good) way to share it between the two, + # but using a static value instead is probably fine. + database: hmsds + image: + tag: 16.4.0 + service: + ports: + postgresql: "5432" + smd: deployment: replicaCount: 1 @@ -77,34 +130,15 @@ gke: port: 80 securityPolicy: lbnl-nersc -tftpd: - deployment: - replicaCount: 1 - image: - repository: ghcr.io/openchami - name: tftpd - pullPolicy: IfNotPresent - tag: "0.1" - containerPort: 69 - - service: - type: LoadBalancer - port: 69 - # Since GKE external network LoadBalancers are not proxied, it might be a - # good idea to add an annotation like loadBalancerSourceRanges to limit who - # can access the Service. - annotations: - -dnsmasq: +coredhcp: deployment: replicaCount: 1 image: - repository: ghcr.io/openchami - name: dnsmasq + repository: rainest + #repository: ghcr.io/openchami + name: coresmd pullPolicy: IfNotPresent - tag: dynamic - dhcp_port: 67 - tftp_port: 69 + tag: v0.0.5 service: dhcp: @@ -115,13 +149,52 @@ dnsmasq: # can access the Service. annotations: - tftp: - type: LoadBalancer - port: 69 - # Since GKE external network LoadBalancers are not proxied, it might be a - # good idea to add an annotation like loadBalancerSourceRanges to limit who - # can access the Service. - annotations: + # TODO there are a couple options for handling config. we could be very prescriptive + # and build a configuration file from specific enumerated values only (the current approach), or + # just treat the contents under coredhcp.config as a complete config and toYaml them to produce + # a ConfigMap. We could offer a bring your own ConfigMap alternative with either approach. IDK + # if we'd expect users to often need settings outside the chosen exposed settings with the + # prescriptive approach. + config: + # with the exception of dns, you _must_ set values appropriate to your network + # in this section. the default values are only examples. + # + # server_id is the address external nodes will use to talk to your DHCP server. + # this value will also be used to set the service's LoadBalancer IP. + server_id: 192.168.0.254 + dns: + - 1.1.1.1 + - 1.0.0.1 + # router is the default gateway for your node network. + router: 172.16.0.254 + # netmask defines the range of addresses the DHCP server will allocate. + netmask: 255.255.255.0 + range: + start: 172.16.0.10 + end: 172.16.0.200 + duration: 60s + unrecognized_range: + start: 172.16.0.201 + end: 172.16.0.220 + duration: 60s + +tftpd: + deployment: + replicaCount: 1 + image: + repository: docker.io/aguslr + name: atftpd + pullPolicy: IfNotPresent + tag: "20241017" + containerPort: 69 + + service: + type: LoadBalancer + port: 69 + # Since GKE external network LoadBalancers are not proxied, it might be a + # good idea to add an annotation like loadBalancerSourceRanges to limit who + # can access the Service. + annotations: hydra: deployment: