metal3-chart: Update to 0.9.0 #15
@ -1,17 +1,18 @@
|
|||||||
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1
|
#!BuildTag: %%IMG_PREFIX%%metal3-chart:302.0.0_up0.9.0
|
||||||
#!BuildTag: %%IMG_PREFIX%%metal3-chart:0.8.1-%RELEASE%
|
#!BuildTag: %%IMG_PREFIX%%metal3-chart:302.0.0_up0.9.0-%RELEASE%
|
||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 1.16.0
|
appVersion: 0.9.0
|
||||||
dependencies:
|
dependencies:
|
||||||
- alias: metal3-baremetal-operator
|
- alias: metal3-baremetal-operator
|
||||||
name: baremetal-operator
|
name: baremetal-operator
|
||||||
repository: file://./charts/baremetal-operator
|
repository: file://./charts/baremetal-operator
|
||||||
version: 0.5.0
|
version: 0.6.0
|
||||||
- alias: metal3-ironic
|
- alias: metal3-ironic
|
||||||
name: ironic
|
name: ironic
|
||||||
repository: file://./charts/ironic
|
repository: file://./charts/ironic
|
||||||
version: 0.7.0
|
version: 0.8.0
|
||||||
- alias: metal3-mariadb
|
- alias: metal3-mariadb
|
||||||
|
condition: global.enable_mariadb
|
||||||
name: mariadb
|
name: mariadb
|
||||||
repository: file://./charts/mariadb
|
repository: file://./charts/mariadb
|
||||||
version: 0.5.4
|
version: 0.5.4
|
||||||
@ -19,9 +20,9 @@ dependencies:
|
|||||||
condition: global.enable_metal3_media_server
|
condition: global.enable_metal3_media_server
|
||||||
name: media
|
name: media
|
||||||
repository: file://./charts/media
|
repository: file://./charts/media
|
||||||
version: 0.5.0
|
version: 0.6.0
|
||||||
description: A Helm chart that installs all of the dependencies needed for Metal3
|
description: A Helm chart that installs all of the dependencies needed for Metal3
|
||||||
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
|
icon: https://github.com/cncf/artwork/raw/master/projects/metal3/icon/color/metal3-icon-color.svg
|
||||||
name: metal3
|
name: metal3
|
||||||
type: application
|
type: application
|
||||||
version: 0.8.1
|
version: 302.0.0+up0.9.0
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 0.6.1
|
appVersion: 0.8.0
|
||||||
description: A Helm chart for baremetal-operator, used by Metal3
|
description: A Helm chart for baremetal-operator, used by Metal3
|
||||||
name: baremetal-operator
|
name: baremetal-operator
|
||||||
type: application
|
type: application
|
||||||
version: 0.5.0
|
version: 0.6.0
|
||||||
|
@ -39,11 +39,6 @@ spec:
|
|||||||
name: BMC
|
name: BMC
|
||||||
priority: 1
|
priority: 1
|
||||||
type: string
|
type: string
|
||||||
- description: The type of hardware detected
|
|
||||||
jsonPath: .status.hardwareProfile
|
|
||||||
name: Hardware_Profile
|
|
||||||
priority: 1
|
|
||||||
type: string
|
|
||||||
- description: Whether the host is online or not
|
- description: Whether the host is online or not
|
||||||
jsonPath: .spec.online
|
jsonPath: .spec.online
|
||||||
name: Online
|
name: Online
|
||||||
@ -740,6 +735,7 @@ spec:
|
|||||||
type: object
|
type: object
|
||||||
hardwareProfile:
|
hardwareProfile:
|
||||||
description: The name of the profile matching the hardware details.
|
description: The name of the profile matching the hardware details.
|
||||||
|
Hardware profiles are deprecated and should not be relied on.
|
||||||
type: string
|
type: string
|
||||||
lastUpdated:
|
lastUpdated:
|
||||||
description: LastUpdated identifies when this status was last observed.
|
description: LastUpdated identifies when this status was last observed.
|
||||||
@ -1136,7 +1132,6 @@ spec:
|
|||||||
required:
|
required:
|
||||||
- errorCount
|
- errorCount
|
||||||
- errorMessage
|
- errorMessage
|
||||||
- hardwareProfile
|
|
||||||
- operationalStatus
|
- operationalStatus
|
||||||
- poweredOn
|
- poweredOn
|
||||||
- provisioning
|
- provisioning
|
||||||
|
@ -3,14 +3,12 @@
|
|||||||
{{- $protocol := ternary "https" "http" $enableTLS }}
|
{{- $protocol := ternary "https" "http" $enableTLS }}
|
||||||
{{- $ironicIP := .Values.global.ironicIP | default "" }}
|
{{- $ironicIP := .Values.global.ironicIP | default "" }}
|
||||||
{{- $ironicApiHost := print $ironicIP ":6385" }}
|
{{- $ironicApiHost := print $ironicIP ":6385" }}
|
||||||
{{- $ironicInspectorHost := print $ironicIP ":5050" }}
|
|
||||||
{{- $ironicBootHost := print $ironicIP ":6180" }}
|
{{- $ironicBootHost := print $ironicIP ":6180" }}
|
||||||
{{- $ironicCacheHost := print $ironicIP ":6180" }}
|
{{- $ironicCacheHost := print $ironicIP ":6180" }}
|
||||||
|
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
data:
|
data:
|
||||||
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
|
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
|
||||||
IRONIC_INSPECTOR_ENDPOINT: "{{ $protocol }}://{{ $ironicInspectorHost }}/v1/"
|
|
||||||
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
|
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
|
||||||
# Switch VMedia to HTTP if enable_vmedia_tls is false
|
# Switch VMedia to HTTP if enable_vmedia_tls is false
|
||||||
{{- if and $enableTLS $enableVMediaTLS }}
|
{{- if and $enableTLS $enableVMediaTLS }}
|
||||||
|
@ -78,14 +78,6 @@ spec:
|
|||||||
mountPath: "/opt/metal3/auth/ironic/password"
|
mountPath: "/opt/metal3/auth/ironic/password"
|
||||||
subPath: password
|
subPath: password
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: ironic-inspector-basic-auth
|
|
||||||
mountPath: "/opt/metal3/auth/ironic-inspector/username"
|
|
||||||
subPath: username
|
|
||||||
readOnly: true
|
|
||||||
- name: ironic-inspector-basic-auth
|
|
||||||
mountPath: "/opt/metal3/auth/ironic-inspector/password"
|
|
||||||
subPath: password
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.global.enable_tls }}
|
{{- if .Values.global.enable_tls }}
|
||||||
- name: cacert
|
- name: cacert
|
||||||
@ -116,9 +108,6 @@ spec:
|
|||||||
- name: ironic-basic-auth
|
- name: ironic-basic-auth
|
||||||
secret:
|
secret:
|
||||||
secretName: ironic-basic-auth
|
secretName: ironic-basic-auth
|
||||||
- name: ironic-inspector-basic-auth
|
|
||||||
secret:
|
|
||||||
secretName: ironic-inspector-basic-auth
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.global.enable_tls }}
|
{{- if .Values.global.enable_tls }}
|
||||||
- name: cacert
|
- name: cacert
|
||||||
|
@ -28,11 +28,11 @@ images:
|
|||||||
baremetalOperator:
|
baremetalOperator:
|
||||||
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
|
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: "0.6.1"
|
tag: "0.8.0"
|
||||||
rbacProxy:
|
rbacProxy:
|
||||||
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
|
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/kube-rbac-proxy
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: "v0.14.2"
|
tag: "0.18.1"
|
||||||
|
|
||||||
imagePullSecrets: []
|
imagePullSecrets: []
|
||||||
nameOverride: "manger"
|
nameOverride: "manger"
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
apiVersion: v2
|
apiVersion: v2
|
||||||
appVersion: 24.1.2
|
appVersion: 26.1.2
|
||||||
description: A Helm chart for Ironic, used by Metal3
|
description: A Helm chart for Ironic, used by Metal3
|
||||||
name: ironic
|
name: ironic
|
||||||
type: application
|
type: application
|
||||||
version: 0.7.0
|
version: 0.8.0
|
||||||
|
@ -77,9 +77,6 @@ Get ironic CA volumeMounts
|
|||||||
- name: cert-ironic-ca
|
- name: cert-ironic-ca
|
||||||
mountPath: "/certs/ca/ironic"
|
mountPath: "/certs/ca/ironic"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: cert-ironic-inspector-ca
|
|
||||||
mountPath: "/certs/ca/ironic-inspector"
|
|
||||||
readOnly: true
|
|
||||||
{{- if .Values.global.enable_vmedia_tls }}
|
{{- if .Values.global.enable_vmedia_tls }}
|
||||||
- name: cert-ironic-vmedia-ca
|
- name: cert-ironic-vmedia-ca
|
||||||
mountPath: "/certs/ca/vmedia"
|
mountPath: "/certs/ca/vmedia"
|
||||||
|
@ -25,19 +25,6 @@ spec:
|
|||||||
kind: Issuer
|
kind: Issuer
|
||||||
name: ca-issuer
|
name: ca-issuer
|
||||||
secretName: ironic-cert
|
secretName: ironic-cert
|
||||||
---
|
|
||||||
apiVersion: cert-manager.io/v1
|
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: ironic-inspector-cert
|
|
||||||
spec:
|
|
||||||
commonName: ironic-inspector-cert
|
|
||||||
ipAddresses:
|
|
||||||
- {{ .Values.global.ironicIP }}
|
|
||||||
issuerRef:
|
|
||||||
kind: Issuer
|
|
||||||
name: ca-issuer
|
|
||||||
secretName: ironic-inspector-cert
|
|
||||||
{{- if .Values.global.enable_vmedia_tls }}
|
{{- if .Values.global.enable_vmedia_tls }}
|
||||||
---
|
---
|
||||||
apiVersion: cert-manager.io/v1
|
apiVersion: cert-manager.io/v1
|
||||||
|
@ -10,7 +10,6 @@ data:
|
|||||||
{{- $protocol := ternary "https" "http" $enableTLS }}
|
{{- $protocol := ternary "https" "http" $enableTLS }}
|
||||||
{{- $ironicIP := .Values.global.ironicIP | default "" }}
|
{{- $ironicIP := .Values.global.ironicIP | default "" }}
|
||||||
{{- $ironicApiHost := print $ironicIP ":6385" }}
|
{{- $ironicApiHost := print $ironicIP ":6385" }}
|
||||||
{{- $ironicInspectorHost := print $ironicIP ":5050" }}
|
|
||||||
{{- $ironicBootHost := print $ironicIP ":6180" }}
|
{{- $ironicBootHost := print $ironicIP ":6180" }}
|
||||||
{{- $ironicCacheHost := print $ironicIP ":6180" }}
|
{{- $ironicCacheHost := print $ironicIP ":6180" }}
|
||||||
|
|
||||||
@ -25,15 +24,11 @@ data:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
HTTP_PORT: "6180"
|
HTTP_PORT: "6180"
|
||||||
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
|
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
|
||||||
USE_IRONIC_INSPECTOR: "true"
|
USE_IRONIC_INSPECTOR: "false"
|
||||||
IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
|
IRONIC_API_BASE_URL: {{ $protocol }}://{{ $ironicApiHost }}
|
||||||
IRONIC_API_HOST: {{ $ironicApiHost }}
|
IRONIC_API_HOST: {{ $ironicApiHost }}
|
||||||
IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
|
IRONIC_API_HTTPD_SERVER_NAME: {{ $ironicApiHost }}
|
||||||
IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
|
IRONIC_ENDPOINT: {{ $protocol }}://{{ $ironicApiHost }}/v1/
|
||||||
IRONIC_INSPECTOR_BASE_URL: {{ $protocol }}://{{ $ironicInspectorHost }}
|
|
||||||
IRONIC_INSPECTOR_ENDPOINT: {{ $protocol }}://{{ $ironicInspectorHost }}/v1/
|
|
||||||
IRONIC_INSPECTOR_HOST: {{ $ironicInspectorHost }}
|
|
||||||
IRONIC_INSPECTOR_HTTPD_SERVER_NAME: {{ $ironicInspectorHost }}
|
|
||||||
# Switch VMedia to HTTP if enable_vmedia_tls is false
|
# Switch VMedia to HTTP if enable_vmedia_tls is false
|
||||||
{{- if and $enableTLS $enableVMediaTLS }}
|
{{- if and $enableTLS $enableVMediaTLS }}
|
||||||
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
|
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
|
||||||
@ -55,11 +50,9 @@ data:
|
|||||||
{{- if .Values.global.provisioningIP }}
|
{{- if .Values.global.provisioningIP }}
|
||||||
PROVISIONING_IP: {{ .Values.global.provisioningIP }}
|
PROVISIONING_IP: {{ .Values.global.provisioningIP }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
IRONIC_INSPECTOR_VLAN_INTERFACES: all
|
|
||||||
IRONIC_ILO_USE_SWIFT: "false"
|
IRONIC_ILO_USE_SWIFT: "false"
|
||||||
IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
|
IRONIC_ILO_USE_WEB_SERVER_FOR_IMAGES: "true"
|
||||||
IRONIC_FAST_TRACK: "true"
|
IRONIC_FAST_TRACK: "true"
|
||||||
IRONIC_USE_MARIADB: "true"
|
|
||||||
LISTEN_ALL_INTERFACES: "true"
|
LISTEN_ALL_INTERFACES: "true"
|
||||||
{{- if .Values.global.ironicIP }}
|
{{- if .Values.global.ironicIP }}
|
||||||
IRONIC_IP: {{ .Values.global.ironicIP }}
|
IRONIC_IP: {{ .Values.global.ironicIP }}
|
||||||
@ -69,7 +62,6 @@ data:
|
|||||||
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
|
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
|
||||||
IPA_INSECURE: "0"
|
IPA_INSECURE: "0"
|
||||||
IRONIC_REVERSE_PROXY_SETUP: "true"
|
IRONIC_REVERSE_PROXY_SETUP: "true"
|
||||||
INSPECTOR_REVERSE_PROXY_SETUP: "true"
|
|
||||||
{{- if ( .Values.global.enable_vmedia_tls ) }}
|
{{- if ( .Values.global.enable_vmedia_tls ) }}
|
||||||
VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
|
VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
@ -81,6 +73,10 @@ data:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if ( .Values.global.enable_basicAuth ) }}
|
{{- if ( .Values.global.enable_basicAuth ) }}
|
||||||
AUTH_STRATEGY: "http_basic"
|
AUTH_STRATEGY: "http_basic"
|
||||||
INSPECTOR_AUTH_STRATEGY: "http_basic"
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.global.enable_mariadb }}
|
||||||
MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
|
MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
|
||||||
|
IRONIC_USE_MARIADB: "true"
|
||||||
|
{{- else }}
|
||||||
|
IRONIC_USE_MARIADB: "false"
|
||||||
|
{{- end }}
|
||||||
|
@ -41,10 +41,7 @@ spec:
|
|||||||
name: ironic-bmo
|
name: ironic-bmo
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
|
|
||||||
failureThreshold: 10
|
failureThreshold: 10
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
periodSeconds: 30
|
periodSeconds: 30
|
||||||
@ -62,10 +59,7 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"]
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- curl {{ if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}-sSfk https://127.0.0.1:{{ .Values.global.vmediaTLSPort }}/boot.ipxe {{ else }}-sSf http://127.0.0.1:6180/boot.ipxe{{ end }}
|
|
||||||
failureThreshold: 10
|
failureThreshold: 10
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
periodSeconds: 30
|
periodSeconds: 30
|
||||||
@ -78,9 +72,6 @@ spec:
|
|||||||
- name: cert-ironic
|
- name: cert-ironic
|
||||||
mountPath: "/certs/ironic"
|
mountPath: "/certs/ironic"
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- name: cert-ironic-inspector
|
|
||||||
mountPath: "/certs/ironic-inspector"
|
|
||||||
readOnly: true
|
|
||||||
{{- if .Values.global.enable_vmedia_tls }}
|
{{- if .Values.global.enable_vmedia_tls }}
|
||||||
- name: cert-ironic-vmedia
|
- name: cert-ironic-vmedia
|
||||||
mountPath: "/certs/vmedia"
|
mountPath: "/certs/vmedia"
|
||||||
@ -90,73 +81,6 @@ spec:
|
|||||||
name: cert-ironic-ca
|
name: cert-ironic-ca
|
||||||
readOnly: true
|
readOnly: true
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: ironic-inspector
|
|
||||||
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
|
|
||||||
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
|
|
||||||
securityContext:
|
|
||||||
{{- toYaml .Values.securityContext | nindent 10 }}
|
|
||||||
command:
|
|
||||||
- /bin/runironic-inspector
|
|
||||||
envFrom:
|
|
||||||
- configMapRef:
|
|
||||||
name: ironic-bmo
|
|
||||||
env:
|
|
||||||
{{- if .Values.global.enable_basicAuth }}
|
|
||||||
- name: INSPECTOR_HTPASSWD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
name: ironic-inspector-basic-auth
|
|
||||||
key: htpasswd
|
|
||||||
{{- end }}
|
|
||||||
- name: MARIADB_PASSWORD
|
|
||||||
valueFrom:
|
|
||||||
secretKeyRef:
|
|
||||||
key: password
|
|
||||||
name: ironic-mariadb
|
|
||||||
livenessProbe:
|
|
||||||
exec:
|
|
||||||
command:
|
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
|
|
||||||
failureThreshold: 10
|
|
||||||
initialDelaySeconds: 30
|
|
||||||
periodSeconds: 30
|
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
|
||||||
ports:
|
|
||||||
- containerPort: 5050
|
|
||||||
name: inspector
|
|
||||||
protocol: TCP
|
|
||||||
readinessProbe:
|
|
||||||
exec:
|
|
||||||
command:
|
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}5049{{ else }}5050{{ end }}
|
|
||||||
failureThreshold: 10
|
|
||||||
initialDelaySeconds: 30
|
|
||||||
periodSeconds: 30
|
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
|
||||||
volumeMounts:
|
|
||||||
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
|
|
||||||
{{- if .Values.global.enable_basicAuth }}
|
|
||||||
- mountPath: "/auth/ironic/auth-config"
|
|
||||||
name: ironic-basic-auth
|
|
||||||
subPath: auth-config
|
|
||||||
readOnly: true
|
|
||||||
- mountPath: "/auth/ironic-inspector/auth-config"
|
|
||||||
name: ironic-inspector-basic-auth
|
|
||||||
subPath: auth-config
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
{{- if .Values.global.enable_tls }}
|
|
||||||
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
|
|
||||||
- name: cert-ironic-inspector
|
|
||||||
mountPath: "/certs/ironic-inspector"
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
|
||||||
- name: ironic-log-watch
|
- name: ironic-log-watch
|
||||||
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
|
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
|
||||||
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
|
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
|
||||||
@ -184,37 +108,33 @@ spec:
|
|||||||
name: ironic-basic-auth
|
name: ironic-basic-auth
|
||||||
key: htpasswd
|
key: htpasswd
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
{{- if .Values.global.enable_mariadb }}
|
||||||
- name: MARIADB_PASSWORD
|
- name: MARIADB_PASSWORD
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
key: password
|
key: password
|
||||||
name: ironic-mariadb
|
name: ironic-mariadb
|
||||||
|
{{- end }}
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command: ["/bin/ironic-liveness"]
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
|
|
||||||
failureThreshold: 10
|
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
periodSeconds: 30
|
periodSeconds: 30
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
timeoutSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 10
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 6385
|
- containerPort: 6385
|
||||||
name: api
|
name: api
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
readinessProbe:
|
readinessProbe:
|
||||||
exec:
|
exec:
|
||||||
command:
|
command: ["/bin/ironic-readiness"]
|
||||||
- /bin/sh
|
|
||||||
- -c
|
|
||||||
- curl -sSf http://127.0.0.1:{{ if .Values.global.enable_tls }}6388{{ else }}6385{{ end }}
|
|
||||||
failureThreshold: 10
|
|
||||||
initialDelaySeconds: 30
|
initialDelaySeconds: 30
|
||||||
periodSeconds: 30
|
periodSeconds: 30
|
||||||
successThreshold: 1
|
|
||||||
timeoutSeconds: 10
|
timeoutSeconds: 10
|
||||||
|
successThreshold: 1
|
||||||
|
failureThreshold: 10
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
|
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
|
||||||
{{- if .Values.global.enable_basicAuth }}
|
{{- if .Values.global.enable_basicAuth }}
|
||||||
@ -222,10 +142,6 @@ spec:
|
|||||||
name: ironic-basic-auth
|
name: ironic-basic-auth
|
||||||
subPath: auth-config
|
subPath: auth-config
|
||||||
readOnly: true
|
readOnly: true
|
||||||
- mountPath: "/auth/ironic-inspector/auth-config"
|
|
||||||
name: ironic-inspector-basic-auth
|
|
||||||
subPath: auth-config
|
|
||||||
readOnly: true
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- if .Values.global.enable_tls }}
|
{{- if .Values.global.enable_tls }}
|
||||||
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
|
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
|
||||||
@ -308,15 +224,16 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
volumes:
|
volumes:
|
||||||
- name: ironic-data-volume
|
- name: ironic-data-volume
|
||||||
|
{{- if .Values.persistence.ironic.size }}
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: ironic-shared-volume
|
claimName: ironic-shared-volume
|
||||||
|
{{- else }}
|
||||||
|
emptyDir: {}
|
||||||
|
{{- end }}
|
||||||
{{- if .Values.global.enable_basicAuth }}
|
{{- if .Values.global.enable_basicAuth }}
|
||||||
- name: ironic-basic-auth
|
- name: ironic-basic-auth
|
||||||
secret:
|
secret:
|
||||||
secretName: ironic-basic-auth
|
secretName: ironic-basic-auth
|
||||||
- name: ironic-inspector-basic-auth
|
|
||||||
secret:
|
|
||||||
secretName: ironic-inspector-basic-auth
|
|
||||||
{{- if .Values.global.enable_tls }}
|
{{- if .Values.global.enable_tls }}
|
||||||
- name: trusted-certs
|
- name: trusted-certs
|
||||||
projected:
|
projected:
|
||||||
@ -333,12 +250,6 @@ spec:
|
|||||||
- name: cert-ironic
|
- name: cert-ironic
|
||||||
secret:
|
secret:
|
||||||
secretName: ironic-cert
|
secretName: ironic-cert
|
||||||
- name: cert-ironic-inspector-ca
|
|
||||||
secret:
|
|
||||||
secretName: ironic-cacert
|
|
||||||
- name: cert-ironic-inspector
|
|
||||||
secret:
|
|
||||||
secretName: ironic-inspector-cert
|
|
||||||
{{- if .Values.global.enable_vmedia_tls }}
|
{{- if .Values.global.enable_vmedia_tls }}
|
||||||
- name: cert-ironic-vmedia-ca
|
- name: cert-ironic-vmedia-ca
|
||||||
secret:
|
secret:
|
||||||
|
@ -1,3 +1,4 @@
|
|||||||
|
{{- if .Values.persistence.ironic.size }}
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
metadata:
|
metadata:
|
||||||
@ -22,3 +23,4 @@ spec:
|
|||||||
storageClassName: {{ .Values.persistence.ironic.storageClass }}
|
storageClassName: {{ .Values.persistence.ironic.storageClass }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
volumeMode: Filesystem
|
volumeMode: Filesystem
|
||||||
|
{{- end }}
|
||||||
|
@ -29,34 +29,5 @@ data:
|
|||||||
htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
|
htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
|
||||||
auth-config: |
|
auth-config: |
|
||||||
{{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
|
{{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
|
||||||
---
|
|
||||||
{{- $ironicInspectorUsername := "" -}}
|
|
||||||
{{- $ironicInspectorPassword := "" -}}
|
|
||||||
{{- $inspectorSecretName := "ironic-inspector-basic-auth" -}}
|
|
||||||
|
|
||||||
# Check if the secret is deployed and has a password
|
|
||||||
{{- $oldInspectorSecret := lookup "v1" "Secret" .Release.Namespace $inspectorSecretName }}
|
|
||||||
{{- if and $oldInspectorSecret (index $oldInspectorSecret.data "username") (index $oldInspectorSecret.data "password") }}
|
|
||||||
{{- $ironicInspectorUsername = b64dec (index $oldInspectorSecret.data "username" | toString) -}}
|
|
||||||
{{- $ironicInspectorPassword = b64dec (index $oldInspectorSecret.data "password" | toString) -}}
|
|
||||||
# If not, check if a username and password are provided in values.yaml
|
|
||||||
{{- else if and (.Values.global.auth.ironicInspectorUsername) (.Values.global.auth.ironicInspectorPassword) }}
|
|
||||||
{{- $ironicInspectorUsername = .Values.global.auth.ironicInspectorUsername -}}
|
|
||||||
{{- $ironicInspectorPassword = .Values.global.auth.ironicInspectorPassword -}}
|
|
||||||
{{- else }}
|
|
||||||
# If no username and password are provided in values.yaml, generate new ones
|
|
||||||
{{- $ironicInspectorUsername = "ironic" -}}
|
|
||||||
{{- $ironicInspectorPassword = (randAlphaNum 20) -}}
|
|
||||||
{{- end }}
|
|
||||||
apiVersion: v1
|
|
||||||
kind: Secret
|
|
||||||
metadata:
|
|
||||||
name: {{ $inspectorSecretName }}
|
|
||||||
type: Opaque
|
|
||||||
data:
|
|
||||||
username: {{ $ironicInspectorUsername | b64enc }}
|
|
||||||
password: {{ $ironicInspectorPassword | b64enc }}
|
|
||||||
htpasswd: {{ b64enc (htpasswd $ironicInspectorUsername $ironicInspectorPassword) }}
|
|
||||||
auth-config: |
|
|
||||||
{{- printf "[inspector]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicInspectorUsername $ironicInspectorPassword | b64enc | nindent 4 }}
|
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
@ -56,11 +56,11 @@ images:
|
|||||||
ironic:
|
ironic:
|
||||||
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
|
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: 24.1.2.0
|
tag: 26.1.2.0
|
||||||
ironicIPADownloader:
|
ironicIPADownloader:
|
||||||
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
|
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: 2.0.0
|
tag: 3.0.0
|
||||||
|
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
fullnameOverride: ""
|
fullnameOverride: ""
|
||||||
@ -102,10 +102,6 @@ service:
|
|||||||
port: 6185
|
port: 6185
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
targetPort: 6185
|
targetPort: 6185
|
||||||
- name: inspector
|
|
||||||
port: 5050
|
|
||||||
protocol: TCP
|
|
||||||
targetPort: 5050
|
|
||||||
- name: api
|
- name: api
|
||||||
port: 6385
|
port: 6385
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
@ -144,8 +140,9 @@ persistence:
|
|||||||
# storageClass for the ironic shared volume
|
# storageClass for the ironic shared volume
|
||||||
# Ensure the storageClass is defined
|
# Ensure the storageClass is defined
|
||||||
storageClass: ""
|
storageClass: ""
|
||||||
# size of the ironic shared volume
|
# size of the ironic shared volume e.g "1Gi"
|
||||||
size: "1Gi"
|
# When unset persistent storage is disabled and emptyDir is enabled
|
||||||
|
size: ""
|
||||||
# accessMode of the ironic shared volume PVC
|
# accessMode of the ironic shared volume PVC
|
||||||
# If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
|
# If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
|
||||||
accessMode: ""
|
accessMode: ""
|
||||||
|
@ -3,4 +3,4 @@ appVersion: 1.16.0
|
|||||||
description: A Helm chart for Media, used by Metal3
|
description: A Helm chart for Media, used by Metal3
|
||||||
name: media
|
name: media
|
||||||
type: application
|
type: application
|
||||||
version: 0.5.0
|
version: 0.6.0
|
||||||
|
@ -24,7 +24,7 @@ replicaCount: 1
|
|||||||
image:
|
image:
|
||||||
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
|
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
tag: 24.1.2.0
|
tag: 26.1.2.0
|
||||||
|
|
||||||
imagePullSecrets: []
|
imagePullSecrets: []
|
||||||
nameOverride: ""
|
nameOverride: ""
|
||||||
|
@ -6,6 +6,9 @@ global:
|
|||||||
# IP on which the Ironic services will be exposed
|
# IP on which the Ironic services will be exposed
|
||||||
ironicIP: ""
|
ironicIP: ""
|
||||||
|
|
||||||
|
# whether to enable mariadb (default is sqlite)
|
||||||
|
enable_mariadb: false
|
||||||
|
|
||||||
# whether to enable media server.
|
# whether to enable media server.
|
||||||
enable_metal3_media_server: false
|
enable_metal3_media_server: false
|
||||||
|
|
||||||
@ -28,8 +31,6 @@ global:
|
|||||||
auth:
|
auth:
|
||||||
ironicUsername: ""
|
ironicUsername: ""
|
||||||
ironicPassword: ""
|
ironicPassword: ""
|
||||||
ironicInspectorUsername: ""
|
|
||||||
ironicInspectorPassword: ""
|
|
||||||
|
|
||||||
# whether to have additional trusted CA
|
# whether to have additional trusted CA
|
||||||
# NOTE: If enabled, a secret with name tls-ca-additional should be deployed
|
# NOTE: If enabled, a secret with name tls-ca-additional should be deployed
|
||||||
@ -125,6 +126,4 @@ metal3-baremetal-operator:
|
|||||||
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
|
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%baremetal-operator"
|
||||||
rbacProxy:
|
rbacProxy:
|
||||||
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
|
repository: "%%IMG_REPO%%/%%IMG_PREFIX%%kube-rbac-proxy"
|
||||||
tag: "v0.18.0"
|
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user