metal3-chart: Update to 0.9.0

Align with https://github.com/suse-edge/charts/pull/165

metal3-chart/charts/ironic/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
-appVersion: 24.1.2
+appVersion: 26.1.2
 description: A Helm chart for Ironic, used by Metal3
 name: ironic
 type: application
-version: 0.7.0
+version: 0.8.0

metal3-chart/charts/ironic/templates/_helpers.tpl

@@ -77,9 +77,6 @@ Get ironic CA volumeMounts
 - name: cert-ironic-ca
   mountPath: "/certs/ca/ironic"
   readOnly: true
-- name: cert-ironic-inspector-ca
-  mountPath: "/certs/ca/ironic-inspector"
-  readOnly: true
 {{- if .Values.global.enable_vmedia_tls }}
 - name: cert-ironic-vmedia-ca
   mountPath: "/certs/ca/vmedia"

metal3-chart/charts/ironic/templates/certificates.yaml

@@ -25,19 +25,6 @@ spec:
     kind: Issuer
     name: ca-issuer
   secretName: ironic-cert
----
-apiVersion: cert-manager.io/v1
-kind: Certificate
-metadata:
-  name: ironic-inspector-cert
-spec:
-  commonName: ironic-inspector-cert
-  ipAddresses:
-  - {{ .Values.global.ironicIP }}
-  issuerRef:
-    kind: Issuer
-    name: ca-issuer
-  secretName: ironic-inspector-cert
 {{- if .Values.global.enable_vmedia_tls }}
 ---
 apiVersion: cert-manager.io/v1

metal3-chart/charts/ironic/templates/configmap.yaml

@@ -10,7 +10,6 @@ data:
   {{- $protocol := ternary "https" "http" $enableTLS }}
   {{- $ironicIP := .Values.global.ironicIP | default "" }}
   {{- $ironicApiHost := print $ironicIP ":6385" }}
-  {{- $ironicInspectorHost := print $ironicIP ":5050" }}
   {{- $ironicBootHost := print $ironicIP ":6180" }}
   {{- $ironicCacheHost := print $ironicIP ":6180" }}
 
@@ -25,15 +24,11 @@ data:
   {{- end }}
   HTTP_PORT: "6180"
   PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
-  USE_IRONIC_INSPECTOR: "true"
+  USE_IRONIC_INSPECTOR: "false"
   IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
   IRONIC_API_HOST: {{ $ironicApiHost }}
   IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
   IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
-  IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
-  IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
-  IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
-  IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
   # Switch VMedia to HTTP if enable_vmedia_tls is false
   {{- if and $enableTLS $enableVMediaTLS }}
     {{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
@@ -55,11 +50,9 @@ data:
   {{- if .Values.global.provisioningIP }}
   PROVISIONING_IP: {{ .Values.global.provisioningIP }}
   {{- end }}
-  IRONIC_INSPECTOR_VLAN_INTERFACES: all
   IRONIC_ILO_USE_SWIFT: "false"
   IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
   IRONIC_FAST_TRACK: "true"
-  IRONIC_USE_MARIADB: "true"
   LISTEN_ALL_INTERFACES: "true"
   {{- if .Values.global.ironicIP }}
   IRONIC_IP: {{ .Values.global.ironicIP }}
@@ -69,7 +62,6 @@ data:
   IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
   IPA_INSECURE: "0"
   IRONIC_REVERSE_PROXY_SETUP: "true"
-  INSPECTOR_REVERSE_PROXY_SETUP: "true"
   {{- if  ( .Values.global.enable_vmedia_tls ) }}
   VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
   {{- end }}
@@ -81,6 +73,10 @@ data:
   {{- end }}
   {{- if  ( .Values.global.enable_basicAuth ) }}
   AUTH_STRATEGY: "http_basic"
-  INSPECTOR_AUTH_STRATEGY: "http_basic"
   {{- end }}
+  {{- if .Values.global.enable_mariadb }}
   MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
+  IRONIC_USE_MARIADB: "true"
+  {{- else }}
+  IRONIC_USE_MARIADB: "false"
+  {{- end }}

metal3-chart/charts/ironic/templates/deployment.yaml

@@ -41,10 +41,7 @@ spec:
             name: ironic-bmo
         livenessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -62,10 +59,7 @@ spec:
         {{- end }}
         readinessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
+            command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
           failureThreshold: 10
           initialDelaySeconds: 30
           periodSeconds: 30
@@ -78,9 +72,6 @@ spec:
           - name: cert-ironic
             mountPath: "/certs/ironic"
             readOnly: true
-          - name: cert-ironic-inspector
-            mountPath: "/certs/ironic-inspector"
-            readOnly: true
           {{- if .Values.global.enable_vmedia_tls }}
           - name: cert-ironic-vmedia
             mountPath: "/certs/vmedia"
@@ -90,73 +81,6 @@ spec:
             name: cert-ironic-ca
             readOnly: true
         {{- end }}
-      - name: ironic-inspector
-        image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
-        imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        command:
-        - /bin/runironic-inspector
-        envFrom:
-        - configMapRef:
-            name: ironic-bmo
-        env:
-        {{- if .Values.global.enable_basicAuth }}
-        - name: INSPECTOR_HTPASSWD
-          valueFrom:
-            secretKeyRef:
-              name: ironic-inspector-basic-auth
-              key: htpasswd
-        {{- end }}
-        - name: MARIADB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: password
-              name: ironic-mariadb
-        livenessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        ports:
-        - containerPort: 5050
-          name: inspector
-          protocol: TCP
-        readinessProbe:
-          exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
-          failureThreshold: 10
-          initialDelaySeconds: 30
-          periodSeconds: 30
-          successThreshold: 1
-          timeoutSeconds: 10
-        volumeMounts:
-          {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
-        {{- if .Values.global.enable_basicAuth }}
-          - mountPath: "/auth/ironic/auth-config"
-            name: ironic-basic-auth
-            subPath: auth-config
-            readOnly: true
-          - mountPath: "/auth/ironic-inspector/auth-config"
-            name: ironic-inspector-basic-auth
-            subPath: auth-config
-            readOnly: true
-        {{- end }}
-        {{- if .Values.global.enable_tls }}
-          {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
-          - name: cert-ironic-inspector
-            mountPath: "/certs/ironic-inspector"
-            readOnly: true
-        {{- end }}
       - name: ironic-log-watch
         image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
         imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
@@ -184,37 +108,33 @@ spec:
               name: ironic-basic-auth
               key: htpasswd
         {{- end }}
+        {{- if .Values.global.enable_mariadb }}
         - name: MARIADB_PASSWORD
           valueFrom:
             secretKeyRef:
               key: password
               name: ironic-mariadb
+        {{- end }}
         livenessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
-          failureThreshold: 10
+            command: ["/bin/ironic-liveness"]
           initialDelaySeconds: 30
           periodSeconds: 30
-          successThreshold: 1
           timeoutSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
         ports:
         - containerPort: 6385
           name: api
           protocol: TCP
         readinessProbe:
           exec:
-            command:
-            - /bin/sh
-            - -c
-            - curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
-          failureThreshold: 10
+            command: ["/bin/ironic-readiness"]
           initialDelaySeconds: 30
           periodSeconds: 30
-          successThreshold: 1
           timeoutSeconds: 10
+          successThreshold: 1
+          failureThreshold: 10
         volumeMounts:
           {{- include "ironic.sharedVolumeMount" . | nindent 10 }}
           {{- if .Values.global.enable_basicAuth }}
@@ -222,10 +142,6 @@ spec:
             name: ironic-basic-auth
             subPath: auth-config
             readOnly: true
-          - mountPath: "/auth/ironic-inspector/auth-config"
-            name: ironic-inspector-basic-auth
-            subPath: auth-config
-            readOnly: true
           {{- end }}
           {{- if .Values.global.enable_tls }}
           {{- include "ironic.CAVolumeMounts" . | nindent 10 }}
@@ -308,15 +224,16 @@ spec:
         {{- end }}
       volumes:
       - name: ironic-data-volume
+      {{- if .Values.persistence.ironic.size }}
         persistentVolumeClaim:
           claimName: ironic-shared-volume
+      {{- else }}
+        emptyDir: {}
+      {{- end }}
       {{- if .Values.global.enable_basicAuth }}
       - name: ironic-basic-auth
         secret:
           secretName: ironic-basic-auth
-      - name: ironic-inspector-basic-auth
-        secret:
-          secretName: ironic-inspector-basic-auth
       {{- if .Values.global.enable_tls }}
       - name: trusted-certs
         projected:
@@ -333,12 +250,6 @@ spec:
       - name: cert-ironic
         secret:
           secretName: ironic-cert
-      - name: cert-ironic-inspector-ca
-        secret:
-          secretName: ironic-cacert
-      - name: cert-ironic-inspector
-        secret:
-          secretName: ironic-inspector-cert
       {{- if .Values.global.enable_vmedia_tls }}
       - name: cert-ironic-vmedia-ca
         secret:

metal3-chart/charts/ironic/templates/pvc.yaml

@@ -1,3 +1,4 @@
+{{- if .Values.persistence.ironic.size }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
@@ -22,3 +23,4 @@ spec:
   storageClassName: {{ .Values.persistence.ironic.storageClass }}
   {{- end }}
   volumeMode: Filesystem
+{{- end }}

metal3-chart/charts/ironic/templates/secrets-basic-auth.yaml

@@ -29,34 +29,5 @@ data:
   htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
   auth-config: |
   {{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
----
-{{- $ironicInspectorUsername := "" -}}
-{{- $ironicInspectorPassword := "" -}}
-{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
 
-# Check if the secret is deployed and has a password
-{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
-{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
-{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
-{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
-# If not, check if a username and password are provided in values.yaml
-{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
-{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
-{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
-{{- else }}
-# If no username and password are provided in values.yaml, generate new ones
-{{- $ironicInspectorUsername = "ironic" -}}
-{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
-{{- end }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ $inspectorSecretName }}
-type: Opaque
-data:
-  username: {{ $ironicInspectorUsername | b64enc }}
-  password: {{ $ironicInspectorPassword | b64enc }}
-  htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername  $ironicInspectorPassword) }}
-  auth-config: |
-  {{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
 {{- end }}

metal3-chart/charts/ironic/values.yaml

@@ -56,11 +56,11 @@ images:
   ironic:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
     pullPolicy: IfNotPresent
-    tag: 24.1.2.0
+    tag: 26.1.2.0
   ironicIPADownloader:
     repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
     pullPolicy: IfNotPresent
-    tag: 2.0.0
+    tag: 3.0.0
 
 nameOverride: ""
 fullnameOverride: ""
@@ -102,10 +102,6 @@ service:
     port: 6185
     protocol: TCP
     targetPort: 6185
-  - name: inspector
-    port: 5050
-    protocol: TCP
-    targetPort: 5050
   - name: api
     port: 6385
     protocol: TCP
@@ -144,8 +140,9 @@ persistence:
     # storageClass for the ironic shared volume
     # Ensure the storageClass is defined
     storageClass: ""
-    # size of the ironic shared volume
-    size: "1Gi"
+    # size of the ironic shared volume e.g "1Gi"
+    # When unset persistent storage is disabled and emptyDir is enabled
+    size: ""
     # accessMode of the ironic shared volume PVC
     # If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
     accessMode: ""