OpenCHAMI · rainest · Sep 13, 2024 · Sep 13, 2024 · Sep 13, 2024 · Nov 7, 2024
diff --git a/lbnl/helm/Chart.yaml b/lbnl/helm/Chart.yaml
@@ -20,3 +20,20 @@ type: application
 version: "0.0.1"
 
 appVersion: "0.0.1"
+
+dependencies:
+  - name: postgresql
+    version: 15.5.29
+    repository: https://charts.bitnami.com/bitnami
+    alias: postgresql-hydra
+    condition: postgresql-hydra.enabled
+  - name: postgresql
+    version: 15.5.29
+    repository: https://charts.bitnami.com/bitnami
+    alias: postgresql-bss
+    condition: postgresql-bss.enabled
+  - name: postgresql
+    version: 15.5.29
+    repository: https://charts.bitnami.com/bitnami
+    alias: postgresql-smd
+    condition: postgresql-smd.enabled
diff --git a/lbnl/helm/scripts/install.sh b/lbnl/helm/scripts/install.sh
@@ -12,7 +12,6 @@ helm install \
   --set smd.deployment.image.repository="${repo}" \
   --set postgres.deployment.image.repository="${repo}" \
   --set krakend.deployment.image.repository="${repo}" \
-  --set dnsmasq.deployment.image.repository="${repo}" \
   --set hydra.deployment.image.repository="${repo}" \
   --set hydra_consent.deployment.image.repository="${repo}" \
   --set swiss_army_knife.deployment.image.repository="${repo}" \

diff --git a/lbnl/helm/scripts/template.sh b/lbnl/helm/scripts/template.sh
@@ -11,7 +11,6 @@ helm template \
   --set smd.deployment.image.repository="${repo}" \
   --set postgres.deployment.image.repository="${repo}" \
   --set krakend.deployment.image.repository="${repo}" \
-  --set dnsmasq.deployment.image.repository="${repo}" \
   --set hydra.deployment.image.repository="${repo}" \
   --set hydra_consent.deployment.image.repository="${repo}" \
   --set swiss_army_knife.deployment.image.repository="${repo}" \

diff --git a/lbnl/helm/scripts/upgrade.sh b/lbnl/helm/scripts/upgrade.sh
@@ -11,7 +11,6 @@ helm upgrade \
   --set smd.deployment.image.repository="${repo}" \
   --set postgres.deployment.image.repository="${repo}" \
   --set krakend.deployment.image.repository="${repo}" \
-  --set dnsmasq.deployment.image.repository="${repo}" \
   --set hydra.deployment.image.repository="${repo}" \
   --set hydra_consent.deployment.image.repository="${repo}" \
   --set swiss_army_knife.deployment.image.repository="${repo}" \

diff --git a/lbnl/helm/templates/atftpd/deployment.yaml b/lbnl/helm/templates/atftpd/deployment.yaml
@@ -0,0 +1,60 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: tftpd
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: tftpd
+spec:
+  replicas: {{ .Values.tftpd.deployment.replicaCount }}
+  selector:
+    matchLabels:
+      app: tftpd
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: tftpd
+    spec:
+      initContainers:
+        # This is a bad way to populate the binary blobs served by TFTPD without somehow initializing them out of band.
+        # https://kubernetes.io/docs/tasks/configure-pod-container/image-volumes/ would be a good candidate, but it's only alpha as of 1.31, the
+        # latest release. PVC probably isn't much better than initContainer emptyDir, since it requires similar setup hacks with pre-install hooks.
+        - name: tftp-init
+          image: busybox:latest
+          imagePullPolicy: IfNotPresent
+          command:
+            - /bin/sh
+            - -c
+            - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/undionly.kpxe
+            - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/reboot.ipxe
+            - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/ipxe.efi
+          volumeMounts:
+            - mountPath: /data
+              name: storage
+      containers:
+        - name: tftpd
+          image: {{ .Values.tftpd.deployment.image.repository }}/{{ .Values.tftpd.deployment.image.name }}:{{ .Values.tftpd.deployment.image.tag }}
+          imagePullPolicy: {{ .Values.tftpd.deployment.image.pullPolicy }}
+          args:
+            - "--daemon"
+            - "--no-fork"
+            - "--logfile"
+            - "-"
+            - "--port"
+            - "69"
+            - "--verbose"
+            - "/data"
+          ports:
+            - name: tftp
+              containerPort: 69
+              protocol: UDP
+          volumeMounts:
+            - mountPath: /data
+              name: storage
+      volumes:
+        - name: storage
+          emptyDir:
+            sizeLimit: 512M
diff --git a/lbnl/helm/templates/atftpd/init.yaml b/lbnl/helm/templates/atftpd/init.yaml
@@ -0,0 +1,47 @@
+## This content is effectively static, but we don't have a great way to get it into the container
+#---
+#apiVersion: v1
+#kind: PersistentVolumeClaim
+#metadata:
+#  name: {{ .Release.Name }}-tftp
+#  namespace: {{ .Release.Namespace }}
+#  annotations:
+#    "helm.sh/hook": pre-install
+#spec:
+#  accessModes:
+#    - ReadWriteOnce
+#  resources:
+#    requests:
+#      storage: 1Gi
+#  storageClassName: standard-rwo
+#---
+#apiVersion: batch/v1
+#kind: Job
+#metadata:
+#  name: {{ .Release.Name }}-tftp-init
+#  namespace: {{ .Release.Namespace }}
+#  annotations:
+#    "helm.sh/hook": pre-install
+#spec:
+#  template:
+#    spec:
+#      containers:
+#        - name: tftp-init
+#          image: busybox:latest
+#          imagePullPolicy: IfNotPresent
+#          command:
+#            - /bin/sh
+#            - -c
+#            - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/undionly.kpxe
+#            - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/reboot.ipxe
+#            - wget -P data https://github.com/OpenCHAMI/deployment-recipes/raw/9987a377d52b28b3247575e9889cf98e2ad65da1/quickstart/ipxe/ipxe.efi
+#          env: {}
+#          volumeMounts:
+#            - mountPath: /data
+#              name: storage
+#      restartPolicy: OnFailure
+#      volumes:
+#        - name: storage
+#          persistentVolumeClaim:
+#            claimName: {{ .Release.Name }}-tftp
+#  backoffLimit: 4
diff --git a/lbnl/helm/templates/atftpd/pvc.yaml b/lbnl/helm/templates/atftpd/pvc.yaml
@@ -0,0 +1,13 @@
+#---
+#apiVersion: v1
+#kind: PersistentVolumeClaim
+#metadata:
+#  name: {{ .Release.Name }}-tftp
+#  namespace: {{ .Release.Namespace }}
+#spec:
+#  accessModes:
+#    - ReadWriteOnce
+#  resources:
+#    requests:
+#      storage: 1Gi
+#  storageClassName: standard-rwo
diff --git a/lbnl/helm/templates/bss/deployment.yaml b/lbnl/helm/templates/bss/deployment.yaml
@@ -34,18 +34,15 @@ spec:
             - name: BSS_INSECURE
               value: "true"
             - name: BSS_DBHOST
-              value: postgres.{{ .Release.Namespace }}.svc.cluster.local
+              value: {{ .Release.Name }}-postgresql-bss.{{ .Release.Namespace }}.svc.cluster.local
             - name: BSS_DBNAME
               value: {{ .Values.bss.dbname }}
             - name: BSS_DBPORT
               value: "{{ .Values.postgres.service.port }}"
             - name: BSS_DBUSER
-              valueFrom:
-                secretKeyRef:
-                  name: postgres-creds
-                  key: bss_postgres_username
+              value: bss-user
             - name: BSS_DBPASS
               valueFrom:
                 secretKeyRef:
-                  name: postgres-creds
-                  key: bss_postgres_password
+                  name: {{ .Release.Name }}-postgresql-bss
+                  key: password
diff --git a/lbnl/helm/templates/bss/init-job.yaml b/lbnl/helm/templates/bss/init-job.yaml
@@ -18,20 +18,17 @@ spec:
             - name: BSS_INSECURE
               value: "true"
             - name: BSS_DBHOST
-              value: postgres.{{ .Release.Namespace }}.svc.cluster.local
+              value: {{ .Release.Name }}-postgresql-bss.{{ .Release.Namespace }}.svc.cluster.local
             - name: BSS_DBNAME
               value: {{ .Values.bss.dbname }}
             - name: BSS_DBPORT
               value: "{{ .Values.postgres.service.port }}"
             - name: BSS_DBUSER
-              valueFrom:
-                secretKeyRef:
-                  name: postgres-creds
-                  key: bss_postgres_username
+              value: bss-user
             - name: BSS_DBPASS
               valueFrom:
                 secretKeyRef:
-                  name: postgres-creds
-                  key: bss_postgres_password
+                  name: {{ .Release.Name }}-postgresql-bss
+                  key: password
       restartPolicy: OnFailure
   backoffLimit: 4
diff --git a/lbnl/helm/templates/coredhcp/deployment.yaml b/lbnl/helm/templates/coredhcp/deployment.yaml
@@ -0,0 +1,80 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: coredhcp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app: coredhcp
+spec:
+  replicas: {{ .Values.coredhcp.deployment.replicaCount }}
+  selector:
+    matchLabels:
+      app: coredhcp
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: coredhcp
+    spec:
+      containers:
+        - name: coredhcp
+          image: {{ .Values.coredhcp.deployment.image.repository }}/{{ .Values.coredhcp.deployment.image.name }}:{{ .Values.coredhcp.deployment.image.tag }}
+          imagePullPolicy: {{ .Values.coredhcp.deployment.image.pullPolicy }}
+          args:
+            - "/coredhcp"
+            - "-L"
+            - "debug"
+          ports:
+            - name: dhcp
+              # TODO we're an IRC server now! probably just have the LB dispatch to a high port
+              # I don't think this will actually need net admin/the real DHCP port if we're forwarding
+              containerPort: 6667
+              protocol: UDP
+          volumeMounts:
+            - mountPath: /leases
+              name: leases
+            - mountPath: /etc/coredhcp/
+              name: config
+      volumes:
+        - name: leases
+          emptyDir:
+            sizeLimit: 512M
+        - name: config
+          configMap:
+            name: coredhcp
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredhcp
+  namespace: {{ .Release.Namespace }}
+data:
+  # TODO this would probably be better as a helper, probably with a constructed dict that
+  # we toYaml. templating raw yaml strings feels like an icky recipe for failure
+  config.yaml: |
+    server4:
+      listen:
+        - 0.0.0.0:6667
+      plugins:
+        # Base CoreDHCP config
+        - server_id: {{ .Values.coredhcp.config.server_id }}
+        - dns: {{ .Values.coredhcp.config.dns | join " " }}
+        - router: {{ .Values.coredhcp.config.router }}
+        - netmask: {{ .Values.coredhcp.config.netmask }}
+        - range: /leases/leases.txt {{ .Values.coredhcp.config.range.start }} {{ .Values.coredhcp.config.range.end }} {{ .Values.coredhcp.config.range.duration }}
+        #
+        # CoreSMD config
+        # Args: ochami_base_url boot_script_base_url ca_cert_path cache_update_interval long_lease_time
+        # TODO SMD cert is a mystery here. we have no config for it and there's no indication in the deployment that we load one from anywhere
+        # we apparently only provide an HTTP listen, so until we provide TLS the cert does nothing
+        - coresmd: http://smd:{{ .Values.smd.service.port }} http://bss:{{ .Values.bss.service.port }} /fakeroot.pem 30s 1h
+        #
+        # Optionally include the file plugin here if it matters which IPs get assigned to which
+        # MACs. Otherwise, unknown MACs get passed to the bootloop "catch-all" plugin below.
+        #
+        # TODO this presumably comes from a bring your own configmap
+        #- file /etc/coredhcp/hostsfile
+        # Args: storage_path short_lease_time ip_pool_start ip_pool_end 
+        - bootloop: /leases/coredhcp.db {{ .Values.coredhcp.config.unrecognized_range.duration }} {{ .Values.coredhcp.config.unrecognized_range.start }} {{ .Values.coredhcp.config.unrecognized_range.end }}
diff --git a/lbnl/helm/templates/dnsmasq/deployment.yaml b/lbnl/helm/templates/dnsmasq/deployment.yaml
diff --git a/lbnl/helm/templates/dnsmasq/dnsmasq-config.yaml b/lbnl/helm/templates/dnsmasq/dnsmasq-config.yaml
diff --git a/lbnl/helm/templates/dnsmasq/service-dhcp.yaml b/lbnl/helm/templates/dnsmasq/service-dhcp.yaml