suse-edge/Factory
SHA256
14
0
Fork 15
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

dual-stack support in metal3-chart #223

Merged
mchiappero merged 8 commits from mchiappero/Factory:dual-stack-chart into main 2025-08-07 14:12:26 +02:00
Conversation 1 Commits 8 Files Changed 14 +116 -29
14 changed files with 116 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
metal3-chart/charts/baremetal-operator/templates/_helpers.tpl
View File

@@ -61,3 +61,19 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }} {{- default "default" .Values.serviceAccount.name }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
*/}}
{{- define "baremetal-operator.ironicHttpHost" -}}
{{- $ironicIP := include "metal3.provisioningIP" . -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
{{- .provisioningHostname }}
{{- else if regexMatch ".*:.*" $ironicIP}}
{{- print "[" $ironicIP "]" }}
{{- else }}
{{- $ironicIP }}
{{- end }}
{{- end }}
{{- end }}

12
metal3-chart/charts/baremetal-operator/templates/configmap-ironic.yaml
View File

@@ -1,10 +1,10 @@
{{- $enableTLS := .Values.global.enable_tls }} {{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }} {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- $protocol := ternary "https" "http" $enableTLS }} {{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }} {{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
{{- $ironicApiHost := print $ironicIP ":6385" }} {{- $ironicApiHost := print $ironicHost ":6385" }}
{{- $ironicBootHost := print $ironicIP ":6180" }} {{- $ironicBootHost := print $ironicHost ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }} {{- $ironicCacheHost := print $ironicHost ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }} {{- $deployArch := .Values.global.deployArchitecture }}
apiVersion: v1 apiVersion: v1
@@ -12,8 +12,8 @@ data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/" IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
# Switch VMedia to HTTP if enable_vmedia_tls is false # Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }} {{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }} {{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }} {{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }} {{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true" RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }} {{- else }}

1
metal3-chart/charts/baremetal-operator/templates/metrics_service.yaml
View File

@@ -6,6 +6,7 @@ metadata:
control-plane: controller-manager control-plane: controller-manager
name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
spec: spec:
ipFamilyPolicy: PreferDualStack
ports: ports:
- name: https - name: https
port: 8443 port: 8443

1
metal3-chart/charts/baremetal-operator/templates/service-webhook.yaml
View File

@@ -5,6 +5,7 @@ metadata:
{{- include "baremetal-operator.labels" . | nindent 4 }} {{- include "baremetal-operator.labels" . | nindent 4 }}
name: {{ include "baremetal-operator.fullname" . }}-webhook-service name: {{ include "baremetal-operator.fullname" . }}-webhook-service
spec: spec:
ipFamilyPolicy: PreferDualStack
ports: ports:
- port: 443 - port: 443
targetPort: 9443 targetPort: 9443

43
metal3-chart/charts/ironic/templates/_helpers.tpl
View File

@@ -83,3 +83,46 @@ Get ironic CA volumeMounts
readOnly: true readOnly: true
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Get the formatted "External" hostname or IP address
*/}}
{{- define "ironic.externalHttpHost" }}
{{- with .Values.global }}
{{- if regexMatch ".*:.*" .externalHttpHost }}
{{- print "[" .externalHttpHost "]" }}
{{- else }}
{{- .externalHttpHost }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Get the command to use for Liveness and Readiness probes
*/}}
{{- define "ironic.probeCommand" }}
{{- $host := "127.0.0.1" }}
{{- if eq .Values.listenOnAll false }}
{{- $host = coalesce .Values.global.ironicIP .Values.global.provisioningIP .Values.global.provisioningHostname }}
{{- if regexMatch ".*:.*" $host }}
{{- $host = print "[" $host "]" }}
{{- end }}
{{- end }}
{{- print "curl -sSfk https://" $host ":6385" }}
{{- end }}
{{/*
Create the subjectAltNames section to be set on the Certificate
*/}}
{{- define "ironic.subjectAltNames" -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
dnsNames:
- {{ .provisioningHostname }}
{{- end -}}
{{- if or .ironicIP .provisioningIP }}
ipAddresses:
- {{ coalesce .ironicIP .provisioningIP }}
{{- end }}
{{- end }}
{{- end }}

9
metal3-chart/charts/ironic/templates/certificates.yaml
View File

@@ -6,8 +6,7 @@ metadata:
spec: spec:
commonName: ironic-ca commonName: ironic-ca
isCA: true isCA: true
ipAddresses: {{- include "ironic.subjectAltNames" . | indent 2 }}
- {{ .Values.global.ironicIP }}
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: selfsigned-issuer name: selfsigned-issuer
@@ -19,8 +18,7 @@ metadata:
name: ironic-cert name: ironic-cert
spec: spec:
commonName: ironic-cert commonName: ironic-cert
ipAddresses: {{- include "ironic.subjectAltNames" . | indent 2 }}
- {{ .Values.global.ironicIP }}
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: ca-issuer name: ca-issuer
@@ -33,8 +31,7 @@ metadata:
name: ironic-vmedia-cert name: ironic-vmedia-cert
spec: spec:
commonName: ironic-vmedia-cert commonName: ironic-vmedia-cert
ipAddresses: {{- include "ironic.subjectAltNames" . | indent 2 }}
- {{ .Values.global.ironicIP }}
issuerRef: issuerRef:
kind: Issuer kind: Issuer
name: ca-issuer name: ca-issuer

22
metal3-chart/charts/ironic/templates/configmap.yaml
View File

@@ -8,13 +8,9 @@ data:
{{- $enableTLS := .Values.global.enable_tls }} {{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }} {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- $protocol := ternary "https" "http" $enableTLS }} {{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicIP := .Values.global.ironicIP | default "" }}
{{- $ironicBootHost := print $ironicIP ":6180" }}
{{- $ironicCacheHost := print $ironicIP ":6180" }}
{{- $deployArch := .Values.global.deployArchitecture }} {{- $deployArch := .Values.global.deployArchitecture }}
{{- if ( .Values.global.enable_dnsmasq ) }} {{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_BOOT_SERVER_ADDRESS: {{ $ironicBootHost }}
DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }} DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }} DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
DHCP_RANGE: {{ .Values.global.dhcpRange }} DHCP_RANGE: {{ .Values.global.dhcpRange }}
@@ -26,27 +22,25 @@ data:
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}" PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
# Switch VMedia to HTTP if enable_vmedia_tls is false # Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }} {{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicIP ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }} {{- $protocol = "https" }}
{{- else }} {{- else }}
{{- $protocol = "http" }} {{- $protocol = "http" }}
{{- end }} {{- end }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ $ironicCacheHost }} {{- if .Values.global.externalHttpHost }}
IRONIC_EXTERNAL_HTTP_URL: {{ $protocol }}://{{ include "ironic.externalHttpHost" . }}:6385
{{- end }}
DEPLOY_ARCHITECTURE: {{ $deployArch }} DEPLOY_ARCHITECTURE: {{ $deployArch }}
IRONIC_BOOT_BASE_URL: {{ $protocol }}://{{ $ironicBootHost }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}" ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
{{- if .Values.global.provisioningInterface }} {{- if .Values.global.provisioningInterface }}
PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }} PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
{{- end }} {{- end }}
{{- if .Values.global.provisioningIP }} {{- if or .Values.global.ironicIP .Values.global.provisioningIP }}
PROVISIONING_IP: {{ .Values.global.provisioningIP }} PROVISIONING_IP: {{ include "metal3.provisioningIP" . }}
{{- else if .Values.global.provisioningHostname }}
IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
{{- end }} {{- end }}
IRONIC_FAST_TRACK: "true" IRONIC_FAST_TRACK: "true"
LISTEN_ALL_INTERFACES: "true" LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
{{- if .Values.global.ironicIP }}
IRONIC_IP: {{ .Values.global.ironicIP }}
{{- end }}
{{- if ( .Values.global.enable_tls ) }} {{- if ( .Values.global.enable_tls ) }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true" RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true

4
metal3-chart/charts/ironic/templates/deployment.yaml
View File

@@ -42,7 +42,7 @@ spec:
name: ironic name: ironic
livenessProbe: livenessProbe:
exec: exec:
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"] command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
failureThreshold: 10 failureThreshold: 10
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30
@@ -60,7 +60,7 @@ spec:
{{- end }} {{- end }}
readinessProbe: readinessProbe:
exec: exec:
command: ["sh", "-c", "curl -sSfk https://127.0.0.1:6385"] command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
failureThreshold: 10 failureThreshold: 10
initialDelaySeconds: 30 initialDelaySeconds: 30
periodSeconds: 30 periodSeconds: 30

1
metal3-chart/charts/ironic/templates/service.yaml
View File

@@ -10,6 +10,7 @@ metadata:
{{- end }} {{- end }}
spec: spec:
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
ipFamilyPolicy: PreferDualStack
ports: ports:
{{- $enableTLS := .Values.global.enable_tls }} {{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }} {{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}

8
metal3-chart/charts/ironic/values.yaml
View File

@@ -32,6 +32,12 @@ global:
# IP Address assigned to network interface on provisioning network # IP Address assigned to network interface on provisioning network
provisioningIP: "" provisioningIP: ""
# Fully Qualified Domain Name used by Ironic for both binding (to the
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
# media, also used by BMO. Note, this is the only way to enable a fully
# working dual-stack configuration.
provisioningHostname: ""
# Whether the NIC names should be predictable or not # Whether the NIC names should be predictable or not
predictableNicNames: "true" predictableNicNames: "true"
@@ -52,6 +58,8 @@ global:
replicaCount: 1 replicaCount: 1
listenOnAll: true
images: images:
ironic: ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic

1
metal3-chart/charts/mariadb/templates/service.yaml
View File

@@ -5,6 +5,7 @@ metadata:
labels: labels:
{{- include "mariadb.labels" . | nindent 4 }} {{- include "mariadb.labels" . | nindent 4 }}
spec: spec:
ipFamilyPolicy: PreferDualStack
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
selector: selector:
{{- include "mariadb.selectorLabels" . | nindent 4 }} {{- include "mariadb.selectorLabels" . | nindent 4 }}

1
metal3-chart/charts/media/templates/service.yaml
View File

@@ -5,6 +5,7 @@ metadata:
labels: labels:
{{- include "media.labels" . | nindent 4 }} {{- include "media.labels" . | nindent 4 }}
spec: spec:
ipFamilyPolicy: PreferDualStack
type: {{ .Values.service.type }} type: {{ .Values.service.type }}
ports: ports:
- port: {{ .Values.service.port }} - port: {{ .Values.service.port }}

15
metal3-chart/templates/_helpers.tpl
View File

@@ -60,3 +60,18 @@ Create the name of the service account to use
{{- default "default" .Values.serviceAccount.name }} {{- default "default" .Values.serviceAccount.name }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{/*
Produce the correct IP or hostname for Ironic provisioning
*/}}
{{- define "metal3.provisioningIP" -}}
{{- with .Values.global }}
{{- if and .provisioningHostname (or .provisioningIP .ironicIP) }}
{{ fail "Please provide either provisioningHostname or provisioningIP (note: ironic IP is deprecated)" }}
{{- end }}
{{- if and .provisioningIP .ironicIP }}
{{ fail "Please provide either ironicIP or provisioningIP (note: ironicIP is deprecated)" }}
{{- end }}
{{- coalesce .ironicIP .provisioningIP }}
{{- end }}
{{- end }}

9
metal3-chart/values.yaml
View File

@@ -60,6 +60,15 @@ global:
# IP Address assigned to network interface on provisioning network # IP Address assigned to network interface on provisioning network
provisioningIP: "" provisioningIP: ""
# Fully Qualified Domain Name used by Ironic for both binding (to the
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
# media, also used by BMO. Note, this is the only way to enable a fully
# working dual-stack configuration.
provisioningHostname: ""
# Hostname or IP for accessing the Ironic API server from a non-provisioning network
externalHttpHost: ""
# Name for the MariaDB service # Name for the MariaDB service
databaseServiceName: metal3-mariadb databaseServiceName: metal3-mariadb