File charts.obscpio of Package metal3-chart
07070100000000000081a400000000000000000000000168cd8c6f0000015d000000000000000000000000000000000000002600000000charts/baremetal-operator/.helmignore# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
07070100000001000081a400000000000000000000000168cd8c6f0000009e000000000000000000000000000000000000002500000000charts/baremetal-operator/Chart.yamlapiVersion: v2
appVersion: 0.10.2
description: A Helm chart for baremetal-operator, used by Metal3
name: baremetal-operator
type: application
version: 0.10.4
07070100000002000081a400000000000000000000000168cd8c6f0000eed5000000000000000000000000000000000000004200000000charts/baremetal-operator/crds/customresource-baremetalhosts.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: baremetal-operator-system/baremetal-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: baremetalhosts.metal3.io
spec:
group: metal3.io
names:
kind: BareMetalHost
listKind: BareMetalHostList
plural: baremetalhosts
shortNames:
- bmh
- bmhost
singular: baremetalhost
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Operational status
jsonPath: .status.operationalStatus
name: Status
priority: 1
type: string
- description: Provisioning status
jsonPath: .status.provisioning.state
name: State
type: string
- description: Consumer using this host
jsonPath: .spec.consumerRef.name
name: Consumer
type: string
- description: Address of management controller
jsonPath: .spec.bmc.address
name: BMC
priority: 1
type: string
- description: Whether the host is online or not
jsonPath: .spec.online
name: Online
type: string
- description: Type of the most recent error
jsonPath: .status.errorType
name: Error
type: string
- description: Time duration since creation of BaremetalHost
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: BareMetalHost is the Schema for the baremetalhosts API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: BareMetalHostSpec defines the desired state of BareMetalHost.
properties:
architecture:
description: |-
CPU architecture of the host, e.g. "x86_64" or "aarch64". If unset,
eventually populated by inspection.
type: string
automatedCleaningMode:
default: metadata
description: |-
When set to disabled, automated cleaning will be skipped
during provisioning and deprovisioning.
enum:
- metadata
- disabled
type: string
bmc:
description: |-
How do we connect to the BMC (Baseboard Management Controller) on
the host?
properties:
address:
description: |-
Address holds the URL for accessing the controller on the network.
The scheme part designates the driver to use with the host.
type: string
credentialsName:
description: |-
The name of the secret containing the BMC credentials (requires
keys "username" and "password").
type: string
disableCertificateVerification:
description: |-
DisableCertificateVerification disables verification of server
certificates when using HTTPS to connect to the BMC. This is
required when the server certificate is self-signed, but is
insecure because it allows a man-in-the-middle to intercept the
connection.
type: boolean
required:
- address
- credentialsName
type: object
bootMACAddress:
description: |-
The MAC address of the NIC used for provisioning the host. In case
of network boot, this is the MAC address of the PXE booting
interface. The MAC address of the BMC must never be used here!
pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
type: string
bootMode:
description: |-
Select the method of initializing the hardware during boot.
Defaults to UEFI. Legacy boot should only be used for hardware that
does not support UEFI correctly. Set to UEFISecureBoot to turn
secure boot on automatically after provisioning.
enum:
- UEFI
- UEFISecureBoot
- legacy
type: string
consumerRef:
description: |-
ConsumerRef can be used to store information about something
that is using a host. When it is not empty, the host is
considered "in use". The common use case is a link to a Machine
resource when the host is used by Cluster API.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
customDeploy:
description: |-
A custom deploy procedure. This is an advanced feature that allows
using a custom deploy step provided by a site-specific deployment
ramdisk. Most users will want to use "image" instead. Setting this
field triggers provisioning.
properties:
method:
description: |-
Custom deploy method name.
This name is specific to the deploy ramdisk used. If you don't have
a custom deploy ramdisk, you shouldn't use CustomDeploy.
type: string
required:
- method
type: object
description:
description: Description is a human-entered text used to help identify
the host.
type: string
disablePowerOff:
description: |-
When set to true, power off of the node will be disabled,
instead, a reboot will be used in place of power on/off
type: boolean
externallyProvisioned:
description: |-
ExternallyProvisioned means something else has provisioned the
image running on the host, and the operator should only manage
the power status. This field is used for integration with already
provisioned hosts and when pivoting hosts between clusters. If
unsure, leave this field as false.
type: boolean
firmware:
description: |-
Firmware (BIOS) configuration for bare metal server. If set, the
requested settings will be applied before the host is provisioned.
Only some vendor drivers support this field. An alternative is to
use HostFirmwareSettings resources that allow changing arbitrary
values and support the generic Redfish-based drivers.
properties:
simultaneousMultithreadingEnabled:
description: Allows a single physical processor core to appear
as several logical processors.
enum:
- true
- false
type: boolean
sriovEnabled:
description: SR-IOV support enables a hypervisor to create virtual
instances of a PCI-express device, potentially increasing performance.
enum:
- true
- false
type: boolean
virtualizationEnabled:
description: Supports the virtualization of platform hardware.
enum:
- true
- false
type: boolean
type: object
hardwareProfile:
description: |-
What is the name of the hardware profile for this host?
Hardware profiles are deprecated and should not be used.
Use the separate fields Architecture and RootDeviceHints instead.
Set to "empty" to prepare for the future version of the API
without hardware profiles.
type: string
image:
description: |-
Image holds the details of the image to be provisioned. Populating
the image will cause the host to start provisioning.
properties:
checksum:
description: |-
Checksum is the checksum for the image. Required for all formats
except for "live-iso".
type: string
checksumType:
description: |-
ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.
The special value "auto" can be used to detect the algorithm from the checksum.
If missing, MD5 is used. If in doubt, use "auto".
enum:
- md5
- sha256
- sha512
- auto
type: string
format:
description: |-
Format contains the format of the image (raw, qcow2, ...).
When set to "live-iso", an ISO 9660 image referenced by the url will
be live-booted and not deployed to disk.
enum:
- raw
- qcow2
- vdi
- vmdk
- live-iso
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- url
type: object
metaData:
description: |-
MetaData holds the reference to the Secret containing host metadata
which is passed to the Config Drive. By default, metadata will be
generated for the host, so most users do not need to set this field.
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
networkData:
description: |-
NetworkData holds the reference to the Secret containing network
configuration which is passed to the Config Drive and interpreted
by the first boot software such as cloud-init.
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
online:
description: |-
Should the host be powered on? If the host is currently in a stable
state (e.g. provisioned), its power state will be forced to match
this value.
type: boolean
preprovisioningNetworkDataName:
description: |-
PreprovisioningNetworkDataName is the name of the Secret in the
local namespace containing network configuration which is passed to
the preprovisioning image, and to the Config Drive if not overridden
by specifying NetworkData.
type: string
raid:
description: |-
RAID configuration for bare metal server. If set, the RAID settings
will be applied before the host is provisioned. If not, the current
settings will not be modified. Only one of the sub-fields
hardwareRAIDVolumes and softwareRAIDVolumes can be set at the same
time.
properties:
hardwareRAIDVolumes:
description: |-
The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.
You can set the value of this field to `[]` to clear all the hardware RAID configurations.
items:
description: HardwareRAIDVolume defines the desired configuration
of volume in hardware RAID.
properties:
controller:
description: The name of the RAID controller to use.
type: string
level:
description: |-
RAID level for the logical disk. The following levels are supported:
0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them).
enum:
- "0"
- "1"
- "2"
- "5"
- "6"
- 1+0
- 5+0
- 6+0
type: string
name:
description: |-
Name of the volume. Should be unique within the Node. If not
specified, the name will be auto-generated.
maxLength: 64
type: string
numberOfPhysicalDisks:
description: |-
Integer, number of physical disks to use for the logical disk.
Defaults to minimum number of disks required for the particular RAID
level.
minimum: 1
type: integer
physicalDisks:
description: |-
Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted
by the hardware RAID controller, and the format is hardware specific.
items:
type: string
type: array
rotational:
description: |-
Select disks with only rotational (if set to true) or solid-state
(if set to false) storage. By default, any disks can be picked.
type: boolean
sizeGibibytes:
description: |-
Size of the logical disk to be created in GiB. If unspecified or
set be 0, the maximum capacity of disk will be used for logical
disk.
minimum: 0
type: integer
required:
- level
type: object
nullable: true
type: array
softwareRAIDVolumes:
description: |-
The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.
If HardwareRAIDVolumes is set this item will be invalid.
The number of created Software RAID devices must be 1 or 2.
If there is only one Software RAID device, it has to be a RAID-1.
If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.
As the first RAID device will be the deployment device,
enforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.
Software RAID will always be deleted.
items:
description: SoftwareRAIDVolume defines the desired configuration
of volume in software RAID.
properties:
level:
description: |-
RAID level for the logical disk. The following levels are supported:
0, 1 and 1+0.
enum:
- "0"
- "1"
- 1+0
type: string
physicalDisks:
description: A list of device hints, the number of items
should be greater than or equal to 2.
items:
description: |-
RootDeviceHints holds the hints for specifying the storage location
for the root filesystem for the image.
properties:
deviceName:
description: |-
A Linux device name like "/dev/vda", or a by-path link to it like
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match
the actual value exactly.
type: string
hctl:
description: |-
A SCSI bus address like 0:0:0:0. The hint must match the actual
value exactly.
type: string
minSizeGigabytes:
description: The minimum size of the device in Gigabytes.
minimum: 0
type: integer
model:
description: |-
A vendor-specific device identifier. The hint can be a
substring of the actual value.
type: string
rotational:
description: True if the device should use spinning
media, false otherwise.
type: boolean
serialNumber:
description: |-
Device serial number. The hint must match the actual value
exactly.
type: string
vendor:
description: |-
The name of the vendor or manufacturer of the device. The hint
can be a substring of the actual value.
type: string
wwn:
description: |-
Unique storage identifier. The hint must match the actual value
exactly.
type: string
wwnVendorExtension:
description: |-
Unique vendor storage identifier. The hint must match the
actual value exactly.
type: string
wwnWithExtension:
description: |-
Unique storage identifier with the vendor extension
appended. The hint must match the actual value exactly.
type: string
type: object
minItems: 2
type: array
sizeGibibytes:
description: |-
Size of the logical disk to be created in GiB.
If unspecified or set be 0, the maximum capacity of disk will be used for logical disk.
minimum: 0
type: integer
required:
- level
type: object
maxItems: 2
nullable: true
type: array
type: object
rootDeviceHints:
description: |-
Provide guidance about how to choose the device for the image
being provisioned. The default is currently to use /dev/sda as
the root device.
properties:
deviceName:
description: |-
A Linux device name like "/dev/vda", or a by-path link to it like
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match
the actual value exactly.
type: string
hctl:
description: |-
A SCSI bus address like 0:0:0:0. The hint must match the actual
value exactly.
type: string
minSizeGigabytes:
description: The minimum size of the device in Gigabytes.
minimum: 0
type: integer
model:
description: |-
A vendor-specific device identifier. The hint can be a
substring of the actual value.
type: string
rotational:
description: True if the device should use spinning media, false
otherwise.
type: boolean
serialNumber:
description: |-
Device serial number. The hint must match the actual value
exactly.
type: string
vendor:
description: |-
The name of the vendor or manufacturer of the device. The hint
can be a substring of the actual value.
type: string
wwn:
description: |-
Unique storage identifier. The hint must match the actual value
exactly.
type: string
wwnVendorExtension:
description: |-
Unique vendor storage identifier. The hint must match the
actual value exactly.
type: string
wwnWithExtension:
description: |-
Unique storage identifier with the vendor extension
appended. The hint must match the actual value exactly.
type: string
type: object
taints:
description: |-
Taints is the full, authoritative list of taints to apply to
the corresponding Machine. This list will overwrite any
modifications made to the Machine on an ongoing basis.
items:
description: |-
The node this Taint is attached to has the "effect" on
any pod that does not tolerate the Taint.
properties:
effect:
description: |-
Required. The effect of the taint on pods
that do not tolerate the taint.
Valid effects are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Required. The taint key to be applied to a node.
type: string
timeAdded:
description: |-
TimeAdded represents the time at which the taint was added.
It is only written for NoExecute taints.
format: date-time
type: string
value:
description: The taint value corresponding to the taint key.
type: string
required:
- effect
- key
type: object
type: array
userData:
description: |-
UserData holds the reference to the Secret containing the user data
which is passed to the Config Drive and interpreted by the
first-boot software such as cloud-init. The format of user data is
specific to the first-boot software.
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
required:
- online
type: object
status:
description: BareMetalHostStatus defines the observed state of BareMetalHost.
properties:
errorCount:
default: 0
description: ErrorCount records how many times the host has encoutered
an error since the last successful operation
type: integer
errorMessage:
description: The last error message reported by the provisioning subsystem.
type: string
errorType:
description: |-
ErrorType indicates the type of failure encountered when the
OperationalStatus is OperationalStatusError
enum:
- provisioned registration error
- registration error
- inspection error
- preparation error
- provisioning error
- power management error
- servicing error
type: string
goodCredentials:
description: The last credentials we were able to validate as working.
properties:
credentials:
description: |-
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
properties:
name:
description: name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: namespace defines the space within which the
secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
credentialsVersion:
type: string
type: object
hardware:
description: |-
The hardware discovered to exist on the host.
This field will be removed in the next API version in favour of the
separate HardwareData resource.
properties:
cpu:
description: Details of the CPU(s) in the system.
properties:
arch:
type: string
clockMegahertz:
description: ClockSpeed is a clock speed in MHz
format: double
type: number
count:
type: integer
flags:
items:
type: string
type: array
model:
type: string
type: object
firmware:
description: System firmware information.
properties:
bios:
description: The BIOS for this firmware
properties:
date:
description: The release/build date for this BIOS
type: string
vendor:
description: The vendor name for this BIOS
type: string
version:
description: The version of the BIOS
type: string
type: object
type: object
hostname:
type: string
nics:
description: List of network interfaces for the host.
items:
description: NIC describes one network interface on the host.
properties:
ip:
description: |-
The IP address of the interface. This will be an IPv4 or IPv6 address
if one is present. If both IPv4 and IPv6 addresses are present in a
dual-stack environment, two nics will be output, one with each IP.
type: string
mac:
description: The device MAC address
pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
type: string
model:
description: The vendor and product IDs of the NIC, e.g.
"0x8086 0x1572"
type: string
name:
description: The name of the network interface, e.g. "en0"
type: string
pxe:
description: Whether the NIC is PXE Bootable
type: boolean
speedGbps:
description: The speed of the device in Gigabits per second
type: integer
vlanId:
description: The untagged VLAN ID
format: int32
maximum: 4094
minimum: 0
type: integer
vlans:
description: The VLANs available
items:
description: VLAN represents the name and ID of a VLAN.
properties:
id:
description: VLANID is a 12-bit 802.1Q VLAN identifier
format: int32
maximum: 4094
minimum: 0
type: integer
name:
type: string
type: object
type: array
type: object
type: array
ramMebibytes:
description: The host's amount of memory in Mebibytes.
type: integer
storage:
description: List of storage (disk, SSD, etc.) available to the
host.
items:
description: Storage describes one storage device (disk, SSD,
etc.) on the host.
properties:
alternateNames:
description: |-
A list of alternate Linux device names of the disk, e.g. "/dev/sda".
Note that this list is not exhaustive, and names may not be stable
across reboots.
items:
type: string
type: array
hctl:
description: The SCSI location of the device
type: string
model:
description: Hardware model
type: string
name:
description: |-
A Linux device name of the disk, e.g.
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name
that is stable across reboots if one is available.
type: string
rotational:
description: |-
Whether this disk represents rotational storage.
This field is not recommended for usage, please
prefer using 'Type' field instead, this field
will be deprecated eventually.
type: boolean
serialNumber:
description: The serial number of the device
type: string
sizeBytes:
description: The size of the disk in Bytes
format: int64
type: integer
type:
description: 'Device type, one of: HDD, SSD, NVME.'
enum:
- HDD
- SSD
- NVME
type: string
vendor:
description: The name of the vendor of the device
type: string
wwn:
description: The WWN of the device
type: string
wwnVendorExtension:
description: The WWN Vendor extension of the device
type: string
wwnWithExtension:
description: The WWN with the extension
type: string
type: object
type: array
systemVendor:
description: System vendor information.
properties:
manufacturer:
type: string
productName:
type: string
serialNumber:
type: string
type: object
type: object
hardwareProfile:
description: |-
The name of the profile matching the hardware details.
Hardware profiles are deprecated and should not be relied on.
type: string
lastUpdated:
description: LastUpdated identifies when this status was last observed.
format: date-time
type: string
operationHistory:
description: |-
OperationHistory holds information about operations performed
on this host.
properties:
deprovision:
description: |-
OperationMetric contains metadata about an operation (inspection,
provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
inspect:
description: |-
OperationMetric contains metadata about an operation (inspection,
provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
provision:
description: |-
OperationMetric contains metadata about an operation (inspection,
provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
register:
description: |-
OperationMetric contains metadata about an operation (inspection,
provisioning, etc.) used for tracking metrics.
properties:
end:
format: date-time
nullable: true
type: string
start:
format: date-time
nullable: true
type: string
type: object
type: object
operationalStatus:
description: OperationalStatus holds the status of the host
enum:
- ""
- OK
- discovered
- error
- delayed
- detached
- servicing
type: string
poweredOn:
description: |-
The currently detected power state of the host. This field may get
briefly out of sync with the actual state of the hardware while
provisioning processes are running.
type: boolean
provisioning:
description: Information tracked by the provisioner.
properties:
ID:
description: |-
The hosts's ID from the underlying provisioning tool (e.g. the
Ironic node UUID).
type: string
bootMode:
description: BootMode indicates the boot mode used to provision
the host.
enum:
- UEFI
- UEFISecureBoot
- legacy
type: string
customDeploy:
description: Custom deploy procedure applied to the host.
properties:
method:
description: |-
Custom deploy method name.
This name is specific to the deploy ramdisk used. If you don't have
a custom deploy ramdisk, you shouldn't use CustomDeploy.
type: string
required:
- method
type: object
firmware:
description: The firmware settings that have been applied.
properties:
simultaneousMultithreadingEnabled:
description: Allows a single physical processor core to appear
as several logical processors.
enum:
- true
- false
type: boolean
sriovEnabled:
description: SR-IOV support enables a hypervisor to create
virtual instances of a PCI-express device, potentially increasing
performance.
enum:
- true
- false
type: boolean
virtualizationEnabled:
description: Supports the virtualization of platform hardware.
enum:
- true
- false
type: boolean
type: object
image:
description: |-
Image holds the details of the last image successfully
provisioned to the host.
properties:
checksum:
description: |-
Checksum is the checksum for the image. Required for all formats
except for "live-iso".
type: string
checksumType:
description: |-
ChecksumType is the checksum algorithm for the image, e.g md5, sha256 or sha512.
The special value "auto" can be used to detect the algorithm from the checksum.
If missing, MD5 is used. If in doubt, use "auto".
enum:
- md5
- sha256
- sha512
- auto
type: string
format:
description: |-
Format contains the format of the image (raw, qcow2, ...).
When set to "live-iso", an ISO 9660 image referenced by the url will
be live-booted and not deployed to disk.
enum:
- raw
- qcow2
- vdi
- vmdk
- live-iso
type: string
url:
description: URL is a location of an image to deploy.
type: string
required:
- url
type: object
raid:
description: The RAID configuration that has been applied.
properties:
hardwareRAIDVolumes:
description: |-
The list of logical disks for hardware RAID, if rootDeviceHints isn't used, first volume is root volume.
You can set the value of this field to `[]` to clear all the hardware RAID configurations.
items:
description: HardwareRAIDVolume defines the desired configuration
of volume in hardware RAID.
properties:
controller:
description: The name of the RAID controller to use.
type: string
level:
description: |-
RAID level for the logical disk. The following levels are supported:
0, 1, 2, 5, 6, 1+0, 5+0, 6+0 (drivers may support only some of them).
enum:
- "0"
- "1"
- "2"
- "5"
- "6"
- 1+0
- 5+0
- 6+0
type: string
name:
description: |-
Name of the volume. Should be unique within the Node. If not
specified, the name will be auto-generated.
maxLength: 64
type: string
numberOfPhysicalDisks:
description: |-
Integer, number of physical disks to use for the logical disk.
Defaults to minimum number of disks required for the particular RAID
level.
minimum: 1
type: integer
physicalDisks:
description: |-
Optional list of physical disk names to be used for the hardware RAID volumes. The disk names are interpreted
by the hardware RAID controller, and the format is hardware specific.
items:
type: string
type: array
rotational:
description: |-
Select disks with only rotational (if set to true) or solid-state
(if set to false) storage. By default, any disks can be picked.
type: boolean
sizeGibibytes:
description: |-
Size of the logical disk to be created in GiB. If unspecified or
set be 0, the maximum capacity of disk will be used for logical
disk.
minimum: 0
type: integer
required:
- level
type: object
nullable: true
type: array
softwareRAIDVolumes:
description: |-
The list of logical disks for software RAID, if rootDeviceHints isn't used, first volume is root volume.
If HardwareRAIDVolumes is set this item will be invalid.
The number of created Software RAID devices must be 1 or 2.
If there is only one Software RAID device, it has to be a RAID-1.
If there are two, the first one has to be a RAID-1, while the RAID level for the second one can be 0, 1, or 1+0.
As the first RAID device will be the deployment device,
enforcing a RAID-1 reduces the risk of ending up with a non-booting host in case of a disk failure.
Software RAID will always be deleted.
items:
description: SoftwareRAIDVolume defines the desired configuration
of volume in software RAID.
properties:
level:
description: |-
RAID level for the logical disk. The following levels are supported:
0, 1 and 1+0.
enum:
- "0"
- "1"
- 1+0
type: string
physicalDisks:
description: A list of device hints, the number of items
should be greater than or equal to 2.
items:
description: |-
RootDeviceHints holds the hints for specifying the storage location
for the root filesystem for the image.
properties:
deviceName:
description: |-
A Linux device name like "/dev/vda", or a by-path link to it like
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match
the actual value exactly.
type: string
hctl:
description: |-
A SCSI bus address like 0:0:0:0. The hint must match the actual
value exactly.
type: string
minSizeGigabytes:
description: The minimum size of the device in
Gigabytes.
minimum: 0
type: integer
model:
description: |-
A vendor-specific device identifier. The hint can be a
substring of the actual value.
type: string
rotational:
description: True if the device should use spinning
media, false otherwise.
type: boolean
serialNumber:
description: |-
Device serial number. The hint must match the actual value
exactly.
type: string
vendor:
description: |-
The name of the vendor or manufacturer of the device. The hint
can be a substring of the actual value.
type: string
wwn:
description: |-
Unique storage identifier. The hint must match the actual value
exactly.
type: string
wwnVendorExtension:
description: |-
Unique vendor storage identifier. The hint must match the
actual value exactly.
type: string
wwnWithExtension:
description: |-
Unique storage identifier with the vendor extension
appended. The hint must match the actual value exactly.
type: string
type: object
minItems: 2
type: array
sizeGibibytes:
description: |-
Size of the logical disk to be created in GiB.
If unspecified or set be 0, the maximum capacity of disk will be used for logical disk.
minimum: 0
type: integer
required:
- level
type: object
maxItems: 2
nullable: true
type: array
type: object
rootDeviceHints:
description: The root device hints used to provision the host.
properties:
deviceName:
description: |-
A Linux device name like "/dev/vda", or a by-path link to it like
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". The hint must match
the actual value exactly.
type: string
hctl:
description: |-
A SCSI bus address like 0:0:0:0. The hint must match the actual
value exactly.
type: string
minSizeGigabytes:
description: The minimum size of the device in Gigabytes.
minimum: 0
type: integer
model:
description: |-
A vendor-specific device identifier. The hint can be a
substring of the actual value.
type: string
rotational:
description: True if the device should use spinning media,
false otherwise.
type: boolean
serialNumber:
description: |-
Device serial number. The hint must match the actual value
exactly.
type: string
vendor:
description: |-
The name of the vendor or manufacturer of the device. The hint
can be a substring of the actual value.
type: string
wwn:
description: |-
Unique storage identifier. The hint must match the actual value
exactly.
type: string
wwnVendorExtension:
description: |-
Unique vendor storage identifier. The hint must match the
actual value exactly.
type: string
wwnWithExtension:
description: |-
Unique storage identifier with the vendor extension
appended. The hint must match the actual value exactly.
type: string
type: object
state:
description: An indicator for what the provisioner is doing with
the host.
type: string
required:
- ID
- state
type: object
triedCredentials:
description: The last credentials we sent to the provisioning backend.
properties:
credentials:
description: |-
SecretReference represents a Secret Reference. It has enough information to retrieve secret
in any namespace
properties:
name:
description: name is unique within a namespace to reference
a secret resource.
type: string
namespace:
description: namespace defines the space within which the
secret name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
credentialsVersion:
type: string
type: object
required:
- errorCount
- errorMessage
- operationalStatus
- poweredOn
- provisioning
type: object
type: object
served: true
storage: true
subresources:
status: {}
07070100000003000081a400000000000000000000000168cd8c6f00000c73000000000000000000000000000000000000004900000000charts/baremetal-operator/crds/customresource-bmceventsubscriptions.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: bmceventsubscriptions.metal3.io
spec:
group: metal3.io
names:
kind: BMCEventSubscription
listKind: BMCEventSubscriptionList
plural: bmceventsubscriptions
shortNames:
- bes
- bmcevent
singular: bmceventsubscription
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The most recent error message
jsonPath: .status.error
name: Error
type: string
- description: Time duration since creation of BMCEventSubscription
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: BMCEventSubscription is the Schema for the fast eventing API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
context:
description: Arbitrary user-provided context for the event
type: string
destination:
description: A webhook URL to send events to
type: string
hostName:
description: A reference to a BareMetalHost
type: string
httpHeadersRef:
description: |-
A secret containing HTTP headers which should be passed along to the Destination
when making a request
properties:
name:
description: name is unique within a namespace to reference a
secret resource.
type: string
namespace:
description: namespace defines the space within which the secret
name must be unique.
type: string
type: object
x-kubernetes-map-type: atomic
type: object
status:
properties:
error:
type: string
subscriptionID:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
07070100000004000081a400000000000000000000000168cd8c6f00000ab7000000000000000000000000000000000000003e00000000charts/baremetal-operator/crds/customresource-dataimages.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: dataimages.metal3.io
spec:
group: metal3.io
names:
kind: DataImage
listKind: DataImageList
plural: dataimages
singular: dataimage
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: DataImage is the Schema for the dataimages API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DataImageSpec defines the desired state of DataImage.
properties:
url:
description: |-
Url is the address of the dataImage that we want to attach
to a BareMetalHost
type: string
required:
- url
type: object
status:
description: DataImageStatus defines the observed state of DataImage.
properties:
attachedImage:
description: Currently attached DataImage
properties:
url:
type: string
required:
- url
type: object
error:
description: Error count and message when attaching/detaching
properties:
count:
type: integer
message:
type: string
required:
- count
- message
type: object
lastReconciled:
description: Time of last reconciliation
format: date-time
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
07070100000005000081a400000000000000000000000168cd8c6f00000ec6000000000000000000000000000000000000004300000000charts/baremetal-operator/crds/customresource-firmwareschemas.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: firmwareschemas.metal3.io
spec:
group: metal3.io
names:
kind: FirmwareSchema
listKind: FirmwareSchemaList
plural: firmwareschemas
singular: firmwareschema
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: FirmwareSchema is the Schema for the firmwareschemas API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: FirmwareSchemaSpec defines the desired state of FirmwareSchema.
properties:
hardwareModel:
description: The hardware model associated with this schema
type: string
hardwareVendor:
description: The hardware vendor associated with this schema
type: string
schema:
additionalProperties:
description: Additional data describing the firmware setting.
properties:
allowable_values:
description: The allowable value for an Enumeration type setting.
items:
type: string
type: array
attribute_type:
description: The type of setting.
enum:
- Enumeration
- String
- Integer
- Boolean
- Password
type: string
lower_bound:
description: The lowest value for an Integer type setting.
type: integer
max_length:
description: Maximum length for a String type setting.
type: integer
min_length:
description: Minimum length for a String type setting.
type: integer
read_only:
description: Whether or not this setting is read only.
type: boolean
unique:
description: |-
Whether or not this setting's value is unique to this node, e.g.
a serial number.
type: boolean
upper_bound:
description: The highest value for an Integer type setting.
type: integer
type: object
description: Map of firmware name to schema
type: object
required:
- schema
type: object
type: object
served: true
storage: true
07070100000006000081a400000000000000000000000168cd8c6f00002584000000000000000000000000000000000000004000000000charts/baremetal-operator/crds/customresource-hardwaredata.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hardwaredata.metal3.io
spec:
group: metal3.io
names:
kind: HardwareData
listKind: HardwareDataList
plural: hardwaredata
shortNames:
- hd
singular: hardwaredata
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Time duration since creation of HardwareData
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: HardwareData is the Schema for the hardwaredata API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HardwareDataSpec defines the desired state of HardwareData.
properties:
hardware:
description: The hardware discovered on the host during its inspection.
properties:
cpu:
description: Details of the CPU(s) in the system.
properties:
arch:
type: string
clockMegahertz:
description: ClockSpeed is a clock speed in MHz
format: double
type: number
count:
type: integer
flags:
items:
type: string
type: array
model:
type: string
type: object
firmware:
description: System firmware information.
properties:
bios:
description: The BIOS for this firmware
properties:
date:
description: The release/build date for this BIOS
type: string
vendor:
description: The vendor name for this BIOS
type: string
version:
description: The version of the BIOS
type: string
type: object
type: object
hostname:
type: string
nics:
description: List of network interfaces for the host.
items:
description: NIC describes one network interface on the host.
properties:
ip:
description: |-
The IP address of the interface. This will be an IPv4 or IPv6 address
if one is present. If both IPv4 and IPv6 addresses are present in a
dual-stack environment, two nics will be output, one with each IP.
type: string
mac:
description: The device MAC address
pattern: '[0-9a-fA-F]{2}(:[0-9a-fA-F]{2}){5}'
type: string
model:
description: The vendor and product IDs of the NIC, e.g.
"0x8086 0x1572"
type: string
name:
description: The name of the network interface, e.g. "en0"
type: string
pxe:
description: Whether the NIC is PXE Bootable
type: boolean
speedGbps:
description: The speed of the device in Gigabits per second
type: integer
vlanId:
description: The untagged VLAN ID
format: int32
maximum: 4094
minimum: 0
type: integer
vlans:
description: The VLANs available
items:
description: VLAN represents the name and ID of a VLAN.
properties:
id:
description: VLANID is a 12-bit 802.1Q VLAN identifier
format: int32
maximum: 4094
minimum: 0
type: integer
name:
type: string
type: object
type: array
type: object
type: array
ramMebibytes:
description: The host's amount of memory in Mebibytes.
type: integer
storage:
description: List of storage (disk, SSD, etc.) available to the
host.
items:
description: Storage describes one storage device (disk, SSD,
etc.) on the host.
properties:
alternateNames:
description: |-
A list of alternate Linux device names of the disk, e.g. "/dev/sda".
Note that this list is not exhaustive, and names may not be stable
across reboots.
items:
type: string
type: array
hctl:
description: The SCSI location of the device
type: string
model:
description: Hardware model
type: string
name:
description: |-
A Linux device name of the disk, e.g.
"/dev/disk/by-path/pci-0000:01:00.0-scsi-0:2:0:0". This will be a name
that is stable across reboots if one is available.
type: string
rotational:
description: |-
Whether this disk represents rotational storage.
This field is not recommended for usage, please
prefer using 'Type' field instead, this field
will be deprecated eventually.
type: boolean
serialNumber:
description: The serial number of the device
type: string
sizeBytes:
description: The size of the disk in Bytes
format: int64
type: integer
type:
description: 'Device type, one of: HDD, SSD, NVME.'
enum:
- HDD
- SSD
- NVME
type: string
vendor:
description: The name of the vendor of the device
type: string
wwn:
description: The WWN of the device
type: string
wwnVendorExtension:
description: The WWN Vendor extension of the device
type: string
wwnWithExtension:
description: The WWN with the extension
type: string
type: object
type: array
systemVendor:
description: System vendor information.
properties:
manufacturer:
type: string
productName:
type: string
serialNumber:
type: string
type: object
type: object
type: object
type: object
served: true
storage: true
subresources: {}
07070100000007000081a400000000000000000000000168cd8c6f00001c9d000000000000000000000000000000000000004a00000000charts/baremetal-operator/crds/customresource-hostfirmwarecomponents.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hostfirmwarecomponents.metal3.io
spec:
group: metal3.io
names:
kind: HostFirmwareComponents
listKind: HostFirmwareComponentsList
plural: hostfirmwarecomponents
singular: hostfirmwarecomponents
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: HostFirmwareComponents is the Schema for the hostfirmwarecomponents
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HostFirmwareComponentsSpec defines the desired state of HostFirmwareComponents.
properties:
updates:
items:
description: FirmwareUpdate defines a firmware update specification.
properties:
component:
type: string
url:
type: string
required:
- component
- url
type: object
type: array
required:
- updates
type: object
status:
description: HostFirmwareComponentsStatus defines the observed state of
HostFirmwareComponents.
properties:
components:
description: Components is the list of all available firmware components
and their information.
items:
description: FirmwareComponentStatus defines the status of a firmware
component.
properties:
component:
type: string
currentVersion:
type: string
initialVersion:
type: string
lastVersionFlashed:
type: string
updatedAt:
format: date-time
type: string
required:
- component
- initialVersion
type: object
type: array
conditions:
description: Track whether updates stored in the spec are valid based
on the schema
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
lastUpdated:
description: Time that the status was last updated
format: date-time
type: string
updates:
description: |-
Updates is the list of all firmware components that should be updated
they are specified via name and url fields.
items:
description: FirmwareUpdate defines a firmware update specification.
properties:
component:
type: string
url:
type: string
required:
- component
- url
type: object
type: array
type: object
type: object
served: true
storage: true
subresources:
status: {}
07070100000008000081a400000000000000000000000168cd8c6f00001a8d000000000000000000000000000000000000004800000000charts/baremetal-operator/crds/customresource-hostfirmwaresettings.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hostfirmwaresettings.metal3.io
spec:
group: metal3.io
names:
kind: HostFirmwareSettings
listKind: HostFirmwareSettingsList
plural: hostfirmwaresettings
shortNames:
- hfs
singular: hostfirmwaresettings
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: HostFirmwareSettings is the Schema for the hostfirmwaresettings
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HostFirmwareSettingsSpec defines the desired state of HostFirmwareSettings.
properties:
settings:
additionalProperties:
anyOf:
- type: integer
- type: string
x-kubernetes-int-or-string: true
description: Settings are the desired firmware settings stored as
name/value pairs.
type: object
required:
- settings
type: object
status:
description: HostFirmwareSettingsStatus defines the observed state of
HostFirmwareSettings.
properties:
conditions:
description: Track whether settings stored in the spec are valid based
on the schema
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
lastUpdated:
description: Time that the status was last updated
format: date-time
type: string
schema:
description: |-
FirmwareSchema is a reference to the Schema used to describe each
FirmwareSetting. By default, this will be a Schema in the same
Namespace as the settings but it can be overwritten in the Spec
properties:
name:
description: '`name` is the reference to the schema.'
type: string
namespace:
description: '`namespace` is the namespace of the where the schema
is stored.'
type: string
required:
- name
- namespace
type: object
settings:
additionalProperties:
type: string
description: Settings are the firmware settings stored as name/value
pairs
type: object
required:
- settings
type: object
type: object
served: true
storage: true
subresources:
status: {}
07070100000009000081a400000000000000000000000168cd8c6f000008c5000000000000000000000000000000000000004600000000charts/baremetal-operator/crds/customresource-hostupdatepolicies.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: hostupdatepolicies.metal3.io
spec:
group: metal3.io
names:
kind: HostUpdatePolicy
listKind: HostUpdatePolicyList
plural: hostupdatepolicies
singular: hostupdatepolicy
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: HostUpdatePolicy is the Schema for the hostupdatepolicy API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: HostUpdatePolicySpec defines the desired state of HostUpdatePolicy.
properties:
firmwareSettings:
description: Defines policy for changing firmware settings
enum:
- onPreparing
- onReboot
type: string
firmwareUpdates:
description: Defines policy for updating firmware
enum:
- onPreparing
- onReboot
type: string
type: object
status:
description: HostUpdatePolicyStatus defines the observed state of HostUpdatePolicy.
type: object
type: object
served: true
storage: true
0707010000000a000081a400000000000000000000000168cd8c6f00001e72000000000000000000000000000000000000004900000000charts/baremetal-operator/crds/customresource-preprovisioningimages.yaml---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
labels:
clusterctl.cluster.x-k8s.io: ""
name: preprovisioningimages.metal3.io
spec:
group: metal3.io
names:
kind: PreprovisioningImage
listKind: PreprovisioningImageList
plural: preprovisioningimages
shortNames:
- ppimg
singular: preprovisioningimage
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Whether the image is ready
jsonPath: .status.conditions[?(@.type=='Ready')].status
name: Ready
type: string
- description: The reason for the image readiness status
jsonPath: .status.conditions[?(@.type=='Ready')].reason
name: Reason
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: PreprovisioningImage is the Schema for the preprovisioningimages
API.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: PreprovisioningImageSpec defines the desired state of PreprovisioningImage.
properties:
acceptFormats:
description: acceptFormats is a list of acceptable image formats.
items:
description: ImageFormat enumerates the allowed image formats
enum:
- iso
- initrd
type: string
type: array
architecture:
description: architecture is the processor architecture for which
to build the image.
type: string
networkDataName:
description: |-
networkDataName is the name of a Secret in the local namespace that
contains network data to build in to the image.
type: string
type: object
status:
description: PreprovisioningImageStatus defines the observed state of
PreprovisioningImage.
properties:
architecture:
description: architecture is the processor architecture for which
the image is built
type: string
conditions:
description: conditions describe the state of the built image
items:
description: Condition contains details for one aspect of the current
state of this API Resource.
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase.
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
extraKernelParams:
description: |-
extraKernelParams is a string with extra parameters to pass to the
kernel when booting the image over network. Only makes sense for initrd images.
type: string
format:
description: |-
format is the type of image that is available at the download url:
either iso or initrd.
enum:
- iso
- initrd
type: string
imageUrl:
description: imageUrl is the URL from which the built image can be
downloaded.
type: string
kernelUrl:
description: |-
kernelUrl is the URL from which the kernel of the image can be downloaded.
Only makes sense for initrd images.
type: string
networkData:
description: |-
networkData is a reference to the version of the Secret containing the
network data used to build the image.
properties:
name:
type: string
version:
type: string
type: object
type: object
type: object
served: true
storage: true
subresources:
status: {}
0707010000000b000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000001f00000000charts/baremetal-operator/crds0707010000000c000081a400000000000000000000000168cd8c6f00000632000000000000000000000000000000000000002e00000000charts/baremetal-operator/templates/NOTES.txt1. Get the application URL by running these commands:
{{- if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "baremetal-operator.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "baremetal-operator.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "baremetal-operator.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "baremetal-operator.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
0707010000000d000081a400000000000000000000000168cd8c6f00000926000000000000000000000000000000000000003100000000charts/baremetal-operator/templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "baremetal-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "baremetal-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "baremetal-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "baremetal-operator.labels" -}}
helm.sh/chart: {{ include "baremetal-operator.chart" . }}
{{ include "baremetal-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "baremetal-operator.selectorLabels" -}}
app.kubernetes.io/component: baremetal-operator
app.kubernetes.io/name: {{ include "baremetal-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "baremetal-operator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "baremetal-operator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Create the URL to use for connecting to the Ironic servers (e.g. API, cache)
*/}}
{{- define "baremetal-operator.ironicHttpHost" -}}
{{- $hostIP := include "metal3.hostIP" . -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
{{- .provisioningHostname }}
{{- else if regexMatch ".*:.*" $hostIP}}
{{- print "[" $hostIP "]" }}
{{- else }}
{{- $hostIP }}
{{- end }}
{{- end }}
{{- end }}
0707010000000e000081a400000000000000000000000168cd8c6f000001fb000000000000000000000000000000000000003500000000charts/baremetal-operator/templates/certificate.yamlapiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ include "baremetal-operator.fullname" . }}-serving-cert
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
spec:
dnsNames:
- baremetal-operator-webhook-service.{{ .Release.Namespace }}.svc
- baremetal-operator-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: {{ include "baremetal-operator.fullname" . }}-selfsigned-issuer
secretName: bmo-webhook-server-cert
0707010000000f000081a400000000000000000000000168cd8c6f00000a62000000000000000000000000000000000000003d00000000charts/baremetal-operator/templates/clusterrole-manager.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: {{ include "baremetal-operator.fullname" . }}-manager-role
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- update
- watch
- apiGroups:
- metal3.io
resources:
- baremetalhosts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- baremetalhosts/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- bmceventsubscriptions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- bmceventsubscriptions/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- firmwareschemas
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- firmwareschemas/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- hardware/finalizers
verbs:
- update
- apiGroups:
- metal3.io
resources:
- hardwaredata
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hostfirmwaresettings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hostfirmwaresettings/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- preprovisioningimages
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- preprovisioningimages/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- dataimages
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- dataimages/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- hostfirmwarecomponents
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hostfirmwarecomponents/status
verbs:
- get
- patch
- update
- apiGroups:
- metal3.io
resources:
- hostupdatepolicies
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- metal3.io
resources:
- hostupdatepolicies/status
verbs:
- get
- patch
- update
07070100000010000081a400000000000000000000000168cd8c6f000001ea000000000000000000000000000000000000004400000000charts/baremetal-operator/templates/clusterrolebinding-manager.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "baremetal-operator.fullname" . }}-manager-rolebinding
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "baremetal-operator.fullname" . }}-manager-role
subjects:
- kind: ServiceAccount
name: {{ include "baremetal-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
07070100000011000081a400000000000000000000000168cd8c6f000005c3000000000000000000000000000000000000003a00000000charts/baremetal-operator/templates/configmap-ironic.yaml {{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- $protocol := ternary "https" "http" $enableTLS }}
{{- $ironicHost := include "baremetal-operator.ironicHttpHost" . | required "Missing host information for BMO to connect to Ironic" }}
{{- $ironicApiHost := print $ironicHost ":6385" }}
{{- $ironicBootHost := print $ironicHost ":6180" }}
{{- $ironicCacheHost := print $ironicHost ":6180" }}
apiVersion: v1
data:
IRONIC_ENDPOINT: "{{ $protocol }}://{{ $ironicApiHost }}/v1/"
# Switch VMedia to HTTP if enable_vmedia_tls is false
{{- if and $enableTLS $enableVMediaTLS }}
{{- $ironicBootHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $ironicCacheHost = print $ironicHost ":" .Values.global.vmediaTLSPort }}
{{- $protocol = "https" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
{{- else }}
{{- $protocol = "http" }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
{{- end }}
CACHEURL: "{{ $protocol }}://{{ $ironicCacheHost }}/images"
{{- if .Values.baremetaloperator.externalHttpIPv6 }}
{{- $port := ternary .Values.global.vmediaTLSPort .Values.baremetaloperator.httpPort $enableVMediaTLS }}
IRONIC_EXTERNAL_URL_V6: "{{ $protocol }}://[{{ .Values.baremetaloperator.externalHttpIPv6 }}]:{{ $port }}"
{{- end }}
kind: ConfigMap
metadata:
name: baremetal-operator-ironic
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
07070100000012000081a400000000000000000000000168cd8c6f00000e12000000000000000000000000000000000000003400000000charts/baremetal-operator/templates/deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
control-plane: controller-manager
webhook: metal3-io-v1alpha1-baremetalhost
name: {{ include "baremetal-operator.fullname" . }}-controller-manager
spec:
minReadySeconds: 10
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "baremetal-operator.selectorLabels" . | nindent 6 }}
control-plane: controller-manager
template:
metadata:
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap-ironic.yaml") . | sha256sum }}
labels:
{{- include "baremetal-operator.selectorLabels" . | nindent 8 }}
control-plane: controller-manager
webhook: metal3-io-v1alpha1-baremetalhost
spec:
containers:
- args:
- --enable-leader-election
- --tls-min-version=TLS13
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: {{ include "baremetal-operator.fullname" . }}-ironic
image: "{{ .Values.images.baremetalOperator.repository }}:{{ .Values.images.baremetalOperator.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.images.baremetalOperator.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
livenessProbe:
failureThreshold: 10
httpGet:
path: /healthz
port: 9440
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 8443
protocol: TCP
name: https
readinessProbe:
failureThreshold: 10
httpGet:
path: /readyz
port: 9440
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
{{- if .Values.global.enable_basicAuth }}
- name: ironic-basic-auth
mountPath: "/opt/metal3/auth/ironic/username"
subPath: username
readOnly: true
- name: ironic-basic-auth
mountPath: "/opt/metal3/auth/ironic/password"
subPath: password
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
- name: cacert
mountPath: "/opt/metal3/certs/ca"
readOnly: true
{{- end }}
serviceAccountName: {{ include "baremetal-operator.serviceAccountName" . }}
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: bmo-webhook-server-cert
{{- if .Values.global.enable_basicAuth }}
- name: ironic-basic-auth
secret:
secretName: ironic-basic-auth
{{- end }}
{{- if .Values.global.enable_tls }}
- name: cacert
secret:
secretName: ironic-cacert
{{- end }}
{{- with .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
07070100000013000081a400000000000000000000000168cd8c6f000000dc000000000000000000000000000000000000003000000000charts/baremetal-operator/templates/issuer.yamlapiVersion: cert-manager.io/v1
kind: Issuer
metadata:
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
name: {{ include "baremetal-operator.fullname" . }}-selfsigned-issuer
spec:
selfSigned: {}
07070100000014000081a400000000000000000000000168cd8c6f00000194000000000000000000000000000000000000003b00000000charts/baremetal-operator/templates/metrics_auth_role.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
07070100000015000081a400000000000000000000000168cd8c6f000001f4000000000000000000000000000000000000004300000000charts/baremetal-operator/templates/metrics_auth_role_binding.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-rolebinding
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "baremetal-operator.fullname" . }}-metrics-auth-role
subjects:
- kind: ServiceAccount
name: {{ include "baremetal-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
07070100000016000081a400000000000000000000000168cd8c6f0000010b000000000000000000000000000000000000003d00000000charts/baremetal-operator/templates/metrics_reader_role.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "baremetal-operator.fullname" . }}-metrics-reader
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- nonResourceURLs:
- "/metrics"
verbs:
- get
07070100000017000081a400000000000000000000000168cd8c6f00000185000000000000000000000000000000000000003900000000charts/baremetal-operator/templates/metrics_service.yamlapiVersion: v1
kind: Service
metadata:
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
control-plane: controller-manager
name: {{ include "baremetal-operator.fullname" . }}-controller-manager-metrics-service
spec:
ipFamilyPolicy: PreferDualStack
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
07070100000018000081a400000000000000000000000168cd8c6f0000027f000000000000000000000000000000000000002e00000000charts/baremetal-operator/templates/role.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "baremetal-operator.fullname" . }}-leader-election-role
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
07070100000019000081a400000000000000000000000168cd8c6f000001c6000000000000000000000000000000000000003500000000charts/baremetal-operator/templates/rolebinding.yamlapiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "baremetal-operator.fullname" . }}-leader-election-rolebinding
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "baremetal-operator.fullname" . }}-leader-election-role
subjects:
- kind: ServiceAccount
name: {{ include "baremetal-operator.serviceAccountName" . }}
0707010000001a000081a400000000000000000000000168cd8c6f00000168000000000000000000000000000000000000003900000000charts/baremetal-operator/templates/service-webhook.yamlapiVersion: v1
kind: Service
metadata:
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
name: {{ include "baremetal-operator.fullname" . }}-webhook-service
spec:
ipFamilyPolicy: PreferDualStack
ports:
- port: 443
targetPort: 9443
selector:
control-plane: controller-manager
webhook: metal3-io-v1alpha1-baremetalhost
0707010000001b000081a400000000000000000000000168cd8c6f00000156000000000000000000000000000000000000003800000000charts/baremetal-operator/templates/serviceaccount.yaml{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "baremetal-operator.serviceAccountName" . }}
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
0707010000001c000081a400000000000000000000000168cd8c6f00000549000000000000000000000000000000000000004800000000charts/baremetal-operator/templates/validatingwebhookconfiguration.yamlapiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
labels:
{{- include "baremetal-operator.labels" . | nindent 4 }}
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "baremetal-operator.fullname" . }}-serving-cert
name: {{ include "baremetal-operator.fullname" . }}-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
- v1beta
clientConfig:
service:
name: {{ include "baremetal-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-metal3-io-v1alpha1-baremetalhost
failurePolicy: Fail
name: baremetalhost.metal3.io
rules:
- apiGroups:
- metal3.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- baremetalhosts
sideEffects: None
- admissionReviewVersions:
- v1
- v1beta
clientConfig:
service:
name: {{ include "baremetal-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-metal3-io-v1alpha1-bmceventsubscription
failurePolicy: Fail
name: bmceventsubscription.metal3.io
rules:
- apiGroups:
- metal3.io
apiVersions:
- v1alpha1
operations:
- CREATE
- UPDATE
resources:
- bmceventsubscriptions
sideEffects: None
0707010000001d000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000002400000000charts/baremetal-operator/templates0707010000001e000081a400000000000000000000000168cd8c6f00000a3d000000000000000000000000000000000000002600000000charts/baremetal-operator/values.yaml# Default values for baremetal-operator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# specify comma serparate beginning and end of the range of IP
# addresses the DHCP server will manage.
dhcpRange: 192.168.20.20,192.168.20.80
# Network interface on which provisioning network can be accessed
provisioningInterface: ens4
# IP Address assigned to network interface on provisioning network
provisioningIP: 192.168.20.5
# If running in a multi-node kubernetes cluster, "pin" the baremtal container
# to the same host where the ironic and media containers
# arerunning. Uncomment the nodeSelector and update the hostname accordingly.
#nodeSelector:
#kubernetes.io/hostname: "my-hostname"
# Comment this out when pinning the baremetal-operator container to a specfic host.
nodeSelector: {}
replicaCount: 1
images:
baremetalOperator:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/baremetal-operator
pullPolicy: IfNotPresent
tag: "0.10.2.1"
imagePullSecrets: []
nameOverride: "manger"
fullnameOverride: "baremetal-operator"
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: "baremetal-operator-controller-manager"
podAnnotations: {}
securityContext:
runAsUser: 11000
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
service:
type: ClusterIP
port: 80
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
tolerations: []
affinity: {}
baremetaloperator:
httpPort: "6180"
# IPv6 used for accessing the Ironic HTTP server for BMCs with an IPv6 only address.
# It should not be used in conjunction with 'provisioningHostname' unless BMCs do not
# support hostnames.
externalHttpIPv6: ""
0707010000001f000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000001a00000000charts/baremetal-operator07070100000020000081a400000000000000000000000168cd8c6f0000015d000000000000000000000000000000000000001a00000000charts/ironic/.helmignore# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
07070100000021000081a400000000000000000000000168cd8c6f00000086000000000000000000000000000000000000001900000000charts/ironic/Chart.yamlapiVersion: v2
appVersion: 29.0.4
description: A Helm chart for Ironic, used by Metal3
name: ironic
type: application
version: 0.11.4
07070100000022000081a400000000000000000000000168cd8c6f000003ba000000000000000000000000000000000000001800000000charts/ironic/README.md## How to Enable Provisioning Network
By default PXE boot functionality is disabled, so deployments via e.g redfish-virtualmedia may
be performed without any dedicated provisioning network.
For PXE boot a dedicated network is required, in this case we run a dnsmasq instance to provide
DHCP and require a dedicated NIC for connectivity to the provisioning network on each host.
To enable this mode you must provide the following additional configuration (note the values are
examples and will depend on your environment):
```
global:
enable_dnsmasq: true
enable_pxe_boot: true
dnsmasqDefaultRouter: 192.168.21.254
dnsmasqDNSServer: 192.168.20.5
dhcpRange: 192.168.20.20,192.168.20.80
provisioningInterface: ens4
provisioningIP: 192.168.20.5
```
Note that these values *must not* conflict with your controlplane or other networks otherwise unexpected
behavior is likely - a dedicated physical network is required in this configuration.
07070100000023000081a400000000000000000000000168cd8c6f000005da000000000000000000000000000000000000002200000000charts/ironic/templates/NOTES.txt1. Get the application URL by running these commands:
{{- if eq .Values.service.type "NodePort" }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ironic.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if eq .Values.service.type "LoadBalancer" }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "ironic.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ironic.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:6385
{{- else if eq .Values.service.type "ClusterIP" }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "ironic.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
07070100000024000081a400000000000000000000000168cd8c6f00000e08000000000000000000000000000000000000002500000000charts/ironic/templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "ironic.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ironic.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ironic.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "ironic.labels" -}}
helm.sh/chart: {{ include "ironic.chart" . }}
{{ include "ironic.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "ironic.selectorLabels" -}}
app.kubernetes.io/component: ironic
app.kubernetes.io/name: {{ include "ironic.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "ironic.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "ironic.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Shared directory volumeMount
*/}}
{{- define "ironic.sharedVolumeMount" -}}
- mountPath: /shared
name: ironic-data-volume
{{- end }}
{{/*
Get ironic CA volumeMounts
*/}}
{{- define "ironic.CAVolumeMounts" -}}
- name: cert-ironic-ca
mountPath: "/certs/ca/ironic"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca
mountPath: "/certs/ca/vmedia"
readOnly: true
{{- end }}
{{- end }}
{{/*
Get the formatted "External" hostname or IP based URL
*/}}
{{- define "ironic.externalHttpUrl" }}
{{- $host := ternary (include "metal3.hostIP" .) .Values.global.externalHttpHost (empty .Values.global.externalHttpHost) }}
{{- if regexMatch ".*:.*" $host }}
{{- $host = print "[" $host "]" }}
{{- end }}
{{- $protocol := "http" }}
{{- $port := "6180" }}
{{- if .Values.global.enable_vmedia_tls }}
{{- $protocol = "https" }}
{{- $port = .Values.global.vmediaTLSPort | default "6185" }}
{{- end }}
{{- print $protocol "://" $host ":" $port }}
{{- end }}
{{/*
Get the command to use for Liveness and Readiness probes
*/}}
{{- define "ironic.probeCommand" }}
{{- $host := "127.0.0.1" }}
{{- if eq .Values.listenOnAll false }}
{{- $host = coalesce .Values.global.provisioningIP .Values.global.ironicIP .Values.global.provisioningHostname }}
{{- if regexMatch ".*:.*" $host }}
{{- $host = print "[" $host "]" }}
{{- end }}
{{- end }}
{{- print "curl -sSfk https://" $host ":6385" }}
{{- end }}
{{/*
Create the subjectAltNames section to be set on the Certificate
*/}}
{{- define "ironic.subjectAltNames" -}}
{{- with .Values.global }}
{{- if .provisioningHostname }}
dnsNames:
- {{ .provisioningHostname }}
{{- end -}}
{{- if or .ironicIP .provisioningIP }}
ipAddresses:
- {{ coalesce .provisioningIP .ironicIP }}
{{- end }}
{{- end }}
{{- end }}
07070100000025000081a400000000000000000000000168cd8c6f00000370000000000000000000000000000000000000002a00000000charts/ironic/templates/certificates.yaml{{- if .Values.global.enable_tls -}}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ironic-cacert
spec:
commonName: ironic-ca
isCA: true
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: selfsigned-issuer
secretName: ironic-cacert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ironic-cert
spec:
commonName: ironic-cert
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: ca-issuer
secretName: ironic-cert
{{- if .Values.global.enable_vmedia_tls }}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ironic-vmedia-cert
spec:
commonName: ironic-vmedia-cert
{{- include "ironic.subjectAltNames" . | indent 2 }}
issuerRef:
kind: Issuer
name: ca-issuer
secretName: ironic-vmedia-cert
{{- end }}
{{- end }}
07070100000026000081a400000000000000000000000168cd8c6f00000100000000000000000000000000000000000000003600000000charts/ironic/templates/configmap-ipa-downloader.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: ironic-ipa-downloader
labels:
{{- include "ironic.labels" . | nindent 4 }}
data:
{{- with .Values.baremetaloperator }}
{{ if .ipaBaseUri }}
IPA_BASEURI: {{ .ipaBaseUri }}
{{ end }}
{{ end }}
07070100000027000081a400000000000000000000000168cd8c6f0000082b000000000000000000000000000000000000002700000000charts/ironic/templates/configmap.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: ironic
labels:
{{- include "ironic.labels" . | nindent 4 }}
data:
{{- if ( .Values.global.enable_dnsmasq ) }}
DNSMASQ_DNS_SERVER_ADDRESS: {{ .Values.global.dnsmasqDNSServer }}
DNSMASQ_DEFAULT_ROUTER: {{ .Values.global.dnsmasqDefaultRouter }}
DHCP_RANGE: {{ .Values.global.dhcpRange }}
{{- end }}
{{- if .Values.debug.ironicRamdiskSshKey }}
IRONIC_RAMDISK_SSH_KEY: {{ .Values.debug.ironicRamdiskSshKey }}
{{- end }}
HTTP_PORT: "6180"
PREDICTABLE_NIC_NAMES: "{{ .Values.global.predictableNicNames }}"
IRONIC_EXTERNAL_HTTP_URL: {{ include "ironic.externalHttpUrl" . }}
ENABLE_PXE_BOOT: "{{ .Values.global.enable_pxe_boot }}"
{{- if .Values.global.provisioningInterface }}
PROVISIONING_INTERFACE: {{ .Values.global.provisioningInterface }}
{{- end }}
{{- if .Values.global.provisioningIP }}
PROVISIONING_IP: {{ include "metal3.hostIP" . }}
{{- else if .Values.global.ironicIP }}
IRONIC_IP: {{ include "metal3.hostIP" . }}
{{- else if .Values.global.provisioningHostname }}
IRONIC_URL_HOSTNAME: {{ .Values.global.provisioningHostname }}
{{- end }}
IRONIC_FAST_TRACK: "true"
LISTEN_ALL_INTERFACES: "{{ .Values.listenOnAll }}"
{{- if ( .Values.global.enable_tls ) }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "true"
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }} tls.enabled=true
IPA_INSECURE: "0"
IRONIC_REVERSE_PROXY_SETUP: "true"
{{- if ( .Values.global.enable_vmedia_tls ) }}
VMEDIA_TLS_PORT: "{{ .Values.global.vmediaTLSPort }}"
{{- end }}
{{- else }}
RESTART_CONTAINER_CERTIFICATE_UPDATED: "false"
IRONIC_KERNEL_PARAMS: {{ .Values.global.ironicKernelParams }}
IPA_INSECURE: "1"
IRONIC_REVERSE_PROXY_SETUP: "false"
{{- end }}
{{- if ( .Values.global.enable_basicAuth ) }}
AUTH_STRATEGY: "http_basic"
{{- end }}
{{- if .Values.global.enable_mariadb }}
MARIADB_HOST: {{ .Values.global.databaseServiceName }}.{{ .Release.Namespace }}.svc.cluster.local
IRONIC_USE_MARIADB: "true"
{{- else }}
IRONIC_USE_MARIADB: "false"
{{- end }}
07070100000028000081a400000000000000000000000168cd8c6f000022a8000000000000000000000000000000000000002800000000charts/ironic/templates/deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ironic.fullname" . }}
labels:
{{- include "ironic.labels" . | nindent 4 }}
spec:
minReadySeconds: 10
replicas: {{ .Values.replicaCount }}
selector:
matchLabels:
{{- include "ironic.selectorLabels" . | nindent 6 }}
strategy:
type: Recreate
template:
metadata:
annotations:
checksum/config-env: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "ironic.selectorLabels" . | nindent 8 }}
spec:
{{- if .Values.podSecurityContext }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.baremetaloperator.ironichostNetwork }}
hostNetwork: {{ .Values.baremetaloperator.ironichostNetwork }}
{{- end }}
containers:
- name: ironic-httpd
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runhttpd
envFrom:
- configMapRef:
name: ironic
livenessProbe:
exec:
command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
{{- if and .Values.global.enable_tls .Values.global.enable_vmedia_tls }}
- containerPort: {{ .Values.global.vmediaTLSPort }}
name: httpd-tls
protocol: TCP
{{- else }}
- containerPort: 6180
name: httpd
protocol: TCP
{{- end }}
readinessProbe:
exec:
command: ["sh", "-c", "{{ include "ironic.probeCommand" . }}"]
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
- name: cert-ironic
mountPath: "/certs/ironic"
readOnly: true
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia
mountPath: "/certs/vmedia"
readOnly: true
{{- end }}
{{- end }}
- name: ironic-log-watch
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runlogwatch.sh
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
- name: ironic
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /bin/runironic
envFrom:
- configMapRef:
name: ironic
env:
{{- if .Values.global.enable_basicAuth }}
- name: IRONIC_HTPASSWD
valueFrom:
secretKeyRef:
name: ironic-basic-auth
key: htpasswd
{{- end }}
{{- if .Values.global.enable_mariadb }}
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
{{- end }}
livenessProbe:
exec:
command: ["/bin/ironic-liveness"]
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
ports:
- containerPort: 6385
name: api
protocol: TCP
readinessProbe:
exec:
command: ["/bin/ironic-readiness"]
initialDelaySeconds: 30
periodSeconds: 30
timeoutSeconds: 10
successThreshold: 1
failureThreshold: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_basicAuth }}
- mountPath: "/auth/ironic/auth-config"
name: ironic-basic-auth
subPath: auth-config
readOnly: true
{{- end }}
{{- if .Values.global.enable_tls }}
{{- include "ironic.CAVolumeMounts" . | nindent 10 }}
- name: cert-ironic
mountPath: "/certs/ironic"
readOnly: true
- mountPath: /etc/pki/trust/anchors
name: trusted-certs
readOnly: true
lifecycle:
postStart:
exec:
command:
- update-ca-certificates
{{- end }}
{{- if .Values.global.enable_dnsmasq }}
- name: ironic-dnsmasq
image: {{ .Values.images.ironic.repository }}:{{ .Values.images.ironic.tag }}
imagePullPolicy: {{ .Values.images.ironic.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
command:
- /bin/rundnsmasq
envFrom:
- configMapRef:
name: ironic
livenessProbe:
exec:
command:
- sh
- -c
- ss -lun | grep :67 && ss -lun | grep :69
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 67
name: dhcp
protocol: UDP
- containerPort: 69
name: tftp
protocol: UDP
readinessProbe:
exec:
command:
- sh
- -c
- ss -lun | grep :67 && ss -lun | grep :69
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- end }}
initContainers:
- name: ironic-ipa-downloader
image: {{ .Values.images.ironicIPADownloader.repository }}:{{ .Values.images.ironicIPADownloader.tag }}
imagePullPolicy: {{ .Values.images.ironicIPADownloader.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
command:
- /usr/local/bin/get-resource.sh
envFrom:
- configMapRef:
name: ironic-ipa-downloader
volumeMounts:
{{- include "ironic.sharedVolumeMount" . | nindent 10 }}
{{- if .Values.global.enable_tls }}
- mountPath: /tmp/ironic-certificates
name: trusted-certs
{{- end }}
volumes:
- name: ironic-data-volume
{{- if .Values.persistence.ironic.size }}
persistentVolumeClaim:
claimName: ironic-shared-volume
{{- else }}
emptyDir: {}
{{- end }}
{{- if .Values.global.enable_basicAuth }}
- name: ironic-basic-auth
secret:
secretName: ironic-basic-auth
{{- if .Values.global.enable_tls }}
- name: trusted-certs
projected:
sources:
- secret:
name: ironic-cacert
{{- if .Values.global.additionalTrustedCAs }}
- secret:
name: tls-ca-additional
{{- end }}
- name: cert-ironic-ca
secret:
secretName: ironic-cacert
- name: cert-ironic
secret:
secretName: ironic-cert
{{- if .Values.global.enable_vmedia_tls }}
- name: cert-ironic-vmedia-ca
secret:
secretName: ironic-cacert
- name: cert-ironic-vmedia
secret:
secretName: ironic-vmedia-cert
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.global.dnsPolicy }}
dnsPolicy:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
07070100000029000081a400000000000000000000000168cd8c6f0000010d000000000000000000000000000000000000002500000000charts/ironic/templates/issuers.yaml{{- if .Values.global.enable_tls -}}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: selfsigned-issuer
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: ca-issuer
spec:
ca:
secretName: ironic-cacert
{{- end }}
0707010000002a000081a400000000000000000000000168cd8c6f000002c6000000000000000000000000000000000000002100000000charts/ironic/templates/pvc.yaml{{- if .Values.persistence.ironic.size }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: ironic-shared-volume
{{- if .Values.persistence.ironic.keep }}
annotations:
"helm.sh/resource-policy": keep
{{- end }}
spec:
accessModes:
{{- if .Values.persistence.ironic.accessMode }}
- {{ .Values.persistence.ironic.accessMode }}
{{- else if eq (int .Values.replicaCount) 1 }}
- ReadWriteOnce
{{- else }}
- ReadWriteMany
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.ironic.size }}
{{- if .Values.persistence.ironic.storageClass }}
storageClassName: {{ .Values.persistence.ironic.storageClass }}
{{- end }}
volumeMode: Filesystem
{{- end }}
0707010000002b000081a400000000000000000000000168cd8c6f000001f0000000000000000000000000000000000000002800000000charts/ironic/templates/secret-tls.yaml{{- if and (.Values.global.enable_tls)
(ne .Values.tlscerts.crt "")
(ne .Values.tlscerts.key "")
(ne .Values.tlscerts.cacert "") -}}
apiVersion: v1
kind: Secret
metadata:
name: ironic-cacert
labels:
{{- include "ironic.labels" . | nindent 4 }}
type: Opaque
data:
tls.crt: {{ .Values.tlscerts.crt | toString | b64enc }}
tls.key: {{ .Values.tlscerts.key | toString | b64enc }}
ca.crt: {{ .Values.tlscerts.cacert | toString | b64enc }}
{{- end }}
0707010000002c000081a400000000000000000000000168cd8c6f000005a1000000000000000000000000000000000000003000000000charts/ironic/templates/secrets-basic-auth.yaml{{- if .Values.global.enable_basicAuth }}
{{- $ironicUsername := "" -}}
{{- $ironicPassword := "" -}}
{{- $ironicSecretName := "ironic-basic-auth" -}}
# Check if the secret is deployed and has a password
{{- $oldIronicSecret := lookup "v1" "Secret" .Release.Namespace $ironicSecretName }}
{{- if and $oldIronicSecret (index $oldIronicSecret.data "username") (index $oldIronicSecret.data "password") }}
{{- $ironicUsername = b64dec (index $oldIronicSecret.data "username" | toString) -}}
{{- $ironicPassword = b64dec (index $oldIronicSecret.data "password" | toString) -}}
# If not, check if a username and password are provided in values.yaml
{{- else if and (.Values.global.auth.ironicUsername) (.Values.global.auth.ironicPassword) }}
{{- $ironicUsername = .Values.global.auth.ironicUsername -}}
{{- $ironicPassword = .Values.global.auth.ironicPassword -}}
{{- else }}
# If no username and password are provided in values.yaml, generate new ones
{{- $ironicUsername = "ironic" -}}
{{- $ironicPassword = (randAlphaNum 20) -}}
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $ironicSecretName }}
type: Opaque
data:
username: {{ $ironicUsername | b64enc }}
password: {{ $ironicPassword | b64enc }}
htpasswd: {{ b64enc (htpasswd $ironicUsername $ironicPassword) }}
auth-config: |
{{- printf "[ironic]\nauth_type=http_basic\nusername: %s\npassword: %s" $ironicUsername $ironicPassword | b64enc | nindent 4 }}
{{- end }}
0707010000002d000081a400000000000000000000000168cd8c6f00000523000000000000000000000000000000000000002500000000charts/ironic/templates/service.yamlapiVersion: v1
kind: Service
metadata:
name: {{ include "ironic.fullname" . }}
labels:
{{- include "ironic.labels" . | nindent 4 }}
{{- with .Values.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ipFamilyPolicy: PreferDualStack
ports:
{{- $enableTLS := .Values.global.enable_tls }}
{{- $enableVMediaTLS := .Values.global.enable_vmedia_tls }}
{{- range .Values.service.ports }}
{{- if and (eq .name "httpd") (or (not $enableTLS) (not $enableVMediaTLS)) }}
- name: {{ .name }}
port: {{ .port }}
protocol: {{ .protocol }}
targetPort: {{ .targetPort }}
{{- else if and (eq .name "httpd-tls") ($enableTLS) ($enableVMediaTLS) }}
- name: {{ .name }}
port: {{ .port }}
protocol: {{ .protocol }}
targetPort: {{ .targetPort }}
{{- else if and (ne .name "httpd") (ne .name "httpd-tls") }}
- name: {{ .name }}
port: {{ .port }}
protocol: {{ .protocol }}
targetPort: {{ .targetPort }}
{{- end }}
{{- end }}
selector:
{{- include "ironic.selectorLabels" . | nindent 4 }}
{{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }}
externalIPs:
{{- toYaml .Values.service.externalIPs | nindent 4 }}
{{- end }}
0707010000002e000081a400000000000000000000000168cd8c6f0000013e000000000000000000000000000000000000002c00000000charts/ironic/templates/serviceaccount.yaml{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "ironic.serviceAccountName" . }}
labels:
{{- include "ironic.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
0707010000002f000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000001800000000charts/ironic/templates07070100000030000081a400000000000000000000000168cd8c6f000010a1000000000000000000000000000000000000001a00000000charts/ironic/values.yaml# Default values for ironic.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# whether to enable dnsmasq on the provisioning network (for PXE boot)
enable_dnsmasq: false
# whether to enable PXE boot capability
# NOTE: enable_dnsmasq must set to 'true' in order for this option to be effective.
enable_pxe_boot: false
# DNS Policy of the Ironic pod
dnsPolicy: "ClusterFirstWithHostNet"
# IP address of the router associated with the specified DHCP
# address range
dnsmasqDefaultRouter: ""
# IP address of the dns server to be provided with DHCP
# response
dnsmasqDNSServer: ""
# specify comma-delimited xrange of IP addresses the DHCP server will manage.
# e.g 192.168.20.20,192.168.20.80
dhcpRange: ""
# Network interface on which provisioning network can be accessed
# Note this must be a dedicated NIC separate from the controlplane network
provisioningInterface: ""
# IP Address assigned to network interface on provisioning network
provisioningIP: ""
# Fully Qualified Domain Name used by Ironic for both binding (to the
# associated IPv4 and/or IPv6 addresses) and exposing the API, dnsmask and
# media, also used by BMO. Note, this is the only way to enable a fully
# working dual-stack configuration.
provisioningHostname: ""
# Whether the NIC names should be predictable or not
predictableNicNames: "true"
# The kernel params for Ironic
ironicKernelParams: "console=ttyS0"
databaseServiceName: "metal3-mariadb"
# In a multi-node kubernetes cluster, we need to "pin" the
# ironic containers to the given host where the
# provisioningIP exists. Uncomment the nodeSelector
# here and update the hostname accordingly.
#nodeSelector:
#kubernetes.io/hostname: "csrancher-n1"
# Comment this out when pinning the pdns containers to a specfic host.
nodeSelector: {}
replicaCount: 1
listenOnAll: true
images:
ironic:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic
pullPolicy: IfNotPresent
tag: 29.0.4.3
ironicIPADownloader:
repository: registry.opensuse.org/isv/suse/edge/metal3/containers/images/ironic-ipa-downloader
pullPolicy: IfNotPresent
tag: 3.0.9
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
runAsUser: 10475
fsGroup: 10475
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
service:
type: LoadBalancer
annotations: {}
externalIPs: []
ports:
- name: httpd
port: 6180
protocol: TCP
targetPort: 6180
- name: httpd-tls
port: 6185
protocol: TCP
targetPort: 6185
- name: api
port: 6385
protocol: TCP
targetPort: 6385
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
tolerations: []
affinity: {}
baremetaloperator:
cloudflareApiToken: "foo"
ironichostNetwork: true
debug:
ironicRamdiskSshKey: ""
tlscerts:
cacert: ""
key: ""
crt: ""
persistence:
ironic:
# storageClass for the ironic shared volume
# Ensure the storageClass is defined
storageClass: ""
# size of the ironic shared volume e.g "1Gi"
# When unset persistent storage is disabled and emptyDir is enabled
size: ""
# accessMode of the ironic shared volume PVC
# If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
accessMode: ""
# flag to indicate to keep pvc upon helm uninstall
keep: false
07070100000031000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000000e00000000charts/ironic07070100000032000081a400000000000000000000000168cd8c6f0000015e000000000000000000000000000000000000001b00000000charts/mariadb/.helmignore# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
07070100000033000081a400000000000000000000000168cd8c6f00000088000000000000000000000000000000000000001a00000000charts/mariadb/Chart.yamlapiVersion: v2
appVersion: "10.11"
description: A Helm chart for MariaDB, used by Metal3
name: mariadb
type: application
version: 0.6.1
07070100000034000081a400000000000000000000000168cd8c6f0000071c000000000000000000000000000000000000002600000000charts/mariadb/templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "mariadb.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "mariadb.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "mariadb.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "mariadb.labels" -}}
helm.sh/chart: {{ include "mariadb.chart" . }}
{{ include "mariadb.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "mariadb.selectorLabels" -}}
app.kubernetes.io/component: mariadb
app.kubernetes.io/name: {{ include "mariadb.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "mariadb.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "mariadb.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
07070100000035000081a400000000000000000000000168cd8c6f00000112000000000000000000000000000000000000003000000000charts/mariadb/templates/configmap-mariadb.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-config
labels:
{{- include "mariadb.labels" . | nindent 4 }}
data:
ironic.conf: |
[mariadb]
max_connections 64
max_heap_table_size 1M
innodb_buffer_pool_size 5M
innodb_log_buffer_size 512K07070100000036000081a400000000000000000000000168cd8c6f000000f4000000000000000000000000000000000000002800000000charts/mariadb/templates/configmap.yamlapiVersion: v1
kind: ConfigMap
metadata:
name: mariadb-cm
labels:
{{- include "mariadb.labels" . | nindent 4 }}
data:
MARIADB_USER: ironic
MARIADB_RANDOM_ROOT_PASSWORD: "yes"
MARIADB_DATABASE: ironic
MARIADB_AUTO_UPGRADE: "yes"07070100000037000081a400000000000000000000000168cd8c6f00000e97000000000000000000000000000000000000002900000000charts/mariadb/templates/deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "mariadb.fullname" . }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
spec:
replicas: {{.Values.replicaCount}}
selector:
matchLabels:
{{- include "mariadb.selectorLabels" . | nindent 6 }}
strategy:
type: Recreate
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "mariadb.selectorLabels" . | nindent 8 }}
spec:
{{- $volmounts := toYaml .Values.volumeMounts | trim | nindent 12 }}
{{- $volumes := toYaml .Values.volumes | trim | nindent 8 }}
serviceAccountName: {{ include "mariadb.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
initContainers:
# This would run during entrypoint if run as root
- name: set-volume-owners
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: 0
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- CHOWN
- FOWNER
- DAC_OVERRIDE
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: mariadb-conf
mountPath: /etc/mysql/conf.d
- name: mariadb-run
mountPath: /run/mysql
{{- $volmounts }}
command: ['bash', '-c', 'source /usr/local/bin/docker-entrypoint.sh && docker_create_db_directories']
env:
- name: DATADIR
value: /var/lib/mysql
- name: SOCKET
value: /run/mysql/mysql.sock
containers:
- name: mariadb
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
envFrom:
- configMapRef:
name: mariadb-cm
env:
- name: MARIADB_PASSWORD
valueFrom:
secretKeyRef:
key: password
name: ironic-mariadb
lifecycle:
preStop:
exec:
command:
- sh
- -c
- mysqladmin shutdown -uironic -p$(printenv MARIADB_PASSWORD)
livenessProbe:
exec:
command:
- healthcheck.sh
- --connect
- --innodb_initialized
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
ports:
- containerPort: 3306
name: mariadb
protocol: TCP
readinessProbe:
exec:
command:
- healthcheck.sh
- --connect
- --innodb_initialized
failureThreshold: 10
initialDelaySeconds: 30
periodSeconds: 30
successThreshold: 1
timeoutSeconds: 10
volumeMounts:
- name: mariadb-conf
mountPath: /etc/mysql/conf.d
- name: mariadb-run
mountPath: /run/mysql
{{- $volmounts }}
{{- with .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: mariadb-conf
configMap:
name: mariadb-config
- name: mariadb-run
emptyDir:
sizeLimit: 20Mi
{{- $volumes }}
07070100000038000081a400000000000000000000000168cd8c6f00000267000000000000000000000000000000000000002200000000charts/mariadb/templates/pvc.yamlapiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb-volume-claim
{{- if .Values.persistence.keep }}
annotations:
"helm.sh/resource-policy": keep
{{- end }}
spec:
accessModes:
{{- if .Values.persistence.accessMode }}
- {{ .Values.persistence.accessMode }}
{{- else if eq (int .Values.replicaCount) 1 }}
- ReadWriteOnce
{{- else }}
- ReadWriteMany
{{- end }}
resources:
requests:
storage: {{ .Values.persistence.size }}
{{- if .Values.persistence.storageClass }}
storageClassName: {{ .Values.persistence.storageClass }}
{{- end }}
volumeMode: Filesystem
07070100000039000081a400000000000000000000000168cd8c6f000002c8000000000000000000000000000000000000002500000000charts/mariadb/templates/secret.yaml{{- $secret_name := "ironic-mariadb" -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secret_name }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
type: Opaque
data:
# Check if the secret is deployed and has a password
{{- $old_sec := lookup "v1" "Secret" .Release.Namespace $secret_name }}
{{- if and $old_sec (index $old_sec.data "password") }}
password: {{ index $old_sec.data "password" }}
{{- else if .Values.password }}
# If not, check if a password is provided in values.yaml
password: {{ .Values.password | toString | b64enc }}
{{- else }}
# If no secret and no password in values.yaml, generate a new password
password: {{ randAlphaNum 20 | b64enc }}
{{- end }}0707010000003a000081a400000000000000000000000168cd8c6f00000141000000000000000000000000000000000000002e00000000charts/mariadb/templates/service-account.yaml{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "mariadb.serviceAccountName" . }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
0707010000003b000081a400000000000000000000000168cd8c6f0000017f000000000000000000000000000000000000002600000000charts/mariadb/templates/service.yamlapiVersion: v1
kind: Service
metadata:
name: {{ .Values.global.databaseServiceName }}
labels:
{{- include "mariadb.labels" . | nindent 4 }}
spec:
ipFamilyPolicy: PreferDualStack
type: {{ .Values.service.type }}
selector:
{{- include "mariadb.selectorLabels" . | nindent 4 }}
ports:
{{- with .Values.service.ports }}
{{- toYaml . | nindent 2 }}
{{- end }}
0707010000003c000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000001900000000charts/mariadb/templates0707010000003d000081a400000000000000000000000168cd8c6f00000586000000000000000000000000000000000000001b00000000charts/mariadb/values.yamlglobal:
databaseServiceName: "metal3-mariadb"
nodeSelector: {}
replicaCount: 1
service:
type: ClusterIP
ports:
- protocol: TCP
port: 3306
targetPort: 3306
image:
repository: registry.suse.com/suse/mariadb
pullPolicy: IfNotPresent
tag: 10.11
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
runAsUser: 60
fsGroup: 60
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
# Password for the mariadb ironic user
password: ""
persistence:
# storageClass for the mariadb data volume
storageClass: ""
# size of the mariadb data volume
size: "1Gi"
# accessMode of the mariadb data volume PVC
# If empty defaults to ReadWriteOnce when replicaCount=1 otherwise ReadWriteMany
accessMode: ""
# flag to indicate to keep pvc upon helm uninstall
keep: false
volumeMounts:
- name: mariadb-data-volume
mountPath: /var/lib/mysql
subPath: data
volumes:
- name: mariadb-data-volume
persistentVolumeClaim:
claimName: mariadb-volume-claim
0707010000003e000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000000f00000000charts/mariadb0707010000003f000081a400000000000000000000000168cd8c6f0000015d000000000000000000000000000000000000001900000000charts/media/.helmignore# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
07070100000040000081a400000000000000000000000168cd8c6f00000083000000000000000000000000000000000000001800000000charts/media/Chart.yamlapiVersion: v2
appVersion: 1.21.0
description: A Helm chart for Media, used by Metal3
name: media
type: application
version: 0.7.0
07070100000041000081a400000000000000000000000168cd8c6f000006cb000000000000000000000000000000000000002100000000charts/media/templates/NOTES.txt1. Get the application URL by running these commands:
{{- if .Values.ingress.enabled }}
{{- range $host := .Values.ingress.hosts }}
{{- range .paths }}
http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
{{- end }}
{{- end }}
{{- else if contains "NodePort" .Values.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "media.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "media.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "media.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
echo http://$SERVICE_IP:{{ .Values.service.port }}
{{- else if contains "ClusterIP" .Values.service.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "media.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
{{- end }}
07070100000042000081a400000000000000000000000168cd8c6f00000705000000000000000000000000000000000000002400000000charts/media/templates/_helpers.tpl{{/*
Expand the name of the chart.
*/}}
{{- define "media.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "media.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "media.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "media.labels" -}}
helm.sh/chart: {{ include "media.chart" . }}
{{ include "media.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "media.selectorLabels" -}}
app.kubernetes.io/component: media
app.kubernetes.io/name: {{ include "media.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "media.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "media.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
07070100000043000081a400000000000000000000000168cd8c6f00000766000000000000000000000000000000000000002700000000charts/media/templates/deployment.yamlapiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "media.fullname" . }}
labels:
{{- include "media.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
selector:
matchLabels:
{{- include "media.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
rollme: {{ randAlphaNum 5 | quote }}
{{- with .Values.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "media.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "media.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
{{- with .Values.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- with .Values.global.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
07070100000044000081a400000000000000000000000168cd8c6f0000038e000000000000000000000000000000000000002000000000charts/media/templates/hpa.yaml{{- if .Values.autoscaling.enabled }}
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "media.fullname" . }}
labels:
{{- include "media.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ include "media.fullname" . }}
minReplicas: {{ .Values.autoscaling.minReplicas }}
maxReplicas: {{ .Values.autoscaling.maxReplicas }}
metrics:
{{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
07070100000045000081a400000000000000000000000168cd8c6f00000849000000000000000000000000000000000000002400000000charts/media/templates/ingress.yaml{{- if .Values.ingress.enabled -}}
{{- $fullName := include "media.fullname" . -}}
{{- $svcPort := .Values.service.port -}}
{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
{{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }}
{{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}}
{{- end }}
{{- end }}
{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1
{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
apiVersion: networking.k8s.io/v1beta1
{{- else -}}
apiVersion: extensions/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
{{- include "media.labels" . | nindent 4 }}
{{- with $_ := merge .Values.ingress.annotations $.Values.global.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.className }}
{{- end }}
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ tpl .host $ }}
http:
paths:
{{- range .paths }}
- path: {{ .path }}
{{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
pathType: {{ .pathType }}
{{- end }}
backend:
{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
service:
name: {{ $fullName }}
port:
number: {{ $svcPort }}
{{- else }}
serviceName: {{ $fullName }}
servicePort: {{ $svcPort }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
07070100000046000081a400000000000000000000000168cd8c6f000001d6000000000000000000000000000000000000002d00000000charts/media/templates/persistentvolume.yaml{{- if eq .Values.mediaVolume.storageClassName "local" }}
---
kind: PersistentVolume
apiVersion: v1
metadata:
name: media
labels:
{{- include "media.labels" . | nindent 4 }}
spec:
storageClassName: {{ .Values.mediaVolume.storageClassName }}
accessModes:
{{ toYaml .Values.mediaVolume.accessModes }}
capacity:
storage: {{ .Values.mediaVolume.storage }}
hostPath:
path: {{ .Values.mediaVolume.hostPath }}
type: DirectoryOrCreate
{{- end }}
07070100000047000081a400000000000000000000000168cd8c6f00000151000000000000000000000000000000000000003200000000charts/media/templates/persistentvolumeclaim.yaml---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: media
labels:
{{- include "media.labels" . | nindent 4 }}
spec:
storageClassName: {{ .Values.mediaVolume.storageClassName }}
accessModes:
{{ toYaml .Values.mediaVolume.accessModes }}
resources:
requests:
storage: {{ .Values.mediaVolume.storage }}
07070100000048000081a400000000000000000000000168cd8c6f00000185000000000000000000000000000000000000002400000000charts/media/templates/service.yamlapiVersion: v1
kind: Service
metadata:
name: {{ include "media.fullname" . }}
labels:
{{- include "media.labels" . | nindent 4 }}
spec:
ipFamilyPolicy: PreferDualStack
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "media.selectorLabels" . | nindent 4 }}
07070100000049000081a400000000000000000000000168cd8c6f0000013c000000000000000000000000000000000000002b00000000charts/media/templates/serviceaccount.yaml{{- if .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "media.serviceAccountName" . }}
labels:
{{- include "media.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
0707010000004a000081a400000000000000000000000168cd8c6f000000f4000000000000000000000000000000000000002900000000charts/media/templates/storageclass.yaml---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ include "media.fullname" . }}
labels:
{{- include "media.labels" . | nindent 4 }}
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
0707010000004b000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000001700000000charts/media/templates0707010000004c000081a400000000000000000000000168cd8c6f00000ad8000000000000000000000000000000000000001900000000charts/media/values.yaml# Default values for media.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
global:
# Global ingress annotations that is shared by all the ingress services.
# For example, use it to override extern-dns records.
ingress:
annotations: {}
# The IP to register with external-dns for this service
#external-dns.alpha.kubernetes.io/target: 192.168.20.5
# If running in a multi-node kubernetes cluster, "pin" the media container
# to the given host where the /opt/media volume exists. Uncomment the
# nodeSelector and update the hostname accordingly.
#nodeSelector:
#kubernetes.io/hostname: "my-hostname"
# Comment this out when pinning the media container to a specfic host.
nodeSelector: {}
replicaCount: 1
image:
repository: registry.suse.com/suse/nginx
pullPolicy: IfNotPresent
tag: 1.21
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
podSecurityContext:
runAsUser: 10475
fsGroup: 10475
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
service:
type: ClusterIP
port: 80
ingress:
enabled: true
className: ""
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
hosts:
- host: media.suse.baremetal
paths:
- path: /
pathType: Prefix
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
tolerations: []
affinity: {}
# volumes
volumes:
- name: assets
persistentVolumeClaim:
claimName: media
# volume mounts
volumeMounts:
- mountPath: /srv/www/htdocs
name: assets
# media volume settings
mediaVolume:
storageClassName: local
accessModes:
- ReadOnlyMany
hostPath: /opt/media
storage: 5Gi
0707010000004d000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000000d00000000charts/media0707010000004e000041ed00000000000000000000000168cd8c6f00000000000000000000000000000000000000000000000700000000charts07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!
