Add tenant01 k0s cluster with Tinkerbell hardware

.gitignore

@@ -0,0 +1 @@
+.claude/

hardware/bmc-secrets.yaml

@@ -0,0 +1,32 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vm1-bmc
+  namespace: tenant01
+type: Opaque
+stringData:
+  username: admin
+  password: password
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vm2-bmc
+  namespace: tenant01
+type: Opaque
+stringData:
+  username: admin
+  password: password
+
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vm3-bmc
+  namespace: tenant01
+type: Opaque
+stringData:
+  username: admin
+  password: password

hardware/bmc.yaml

@@ -0,0 +1,62 @@
+---
+apiVersion: bmc.tinkerbell.org/v1alpha1
+kind: Machine
+metadata:
+  name: vm1
+  namespace: tenant01
+spec:
+  connection:
+    host: 172.16.81.254
+    port: 6231
+    insecureTLS: true
+    authSecretRef:
+      name: vm1-bmc
+      namespace: tenant01
+    providerOptions:
+      preferredOrder:
+        - ipmitool
+      ipmitool:
+        port: 6231
+        cipherSuite: "3"
+
+---
+apiVersion: bmc.tinkerbell.org/v1alpha1
+kind: Machine
+metadata:
+  name: vm2
+  namespace: tenant01
+spec:
+  connection:
+    host: 172.16.81.254
+    port: 6232
+    insecureTLS: true
+    authSecretRef:
+      name: vm2-bmc
+      namespace: tenant01
+    providerOptions:
+      preferredOrder:
+        - ipmitool
+      ipmitool:
+        port: 6232
+        cipherSuite: "3"
+
+---
+apiVersion: bmc.tinkerbell.org/v1alpha1
+kind: Machine
+metadata:
+  name: vm3
+  namespace: tenant01
+spec:
+  connection:
+    host: 172.16.81.254
+    port: 6233
+    insecureTLS: true
+    authSecretRef:
+      name: vm3-bmc
+      namespace: tenant01
+    providerOptions:
+      preferredOrder:
+        - ipmitool
+      ipmitool:
+        port: 6233
+        cipherSuite: "3"

hardware/hardware.yaml

@@ -0,0 +1,119 @@
+---
+apiVersion: tinkerbell.org/v1alpha1
+kind: Hardware
+metadata:
+  name: vm1
+  namespace: tenant01
+  labels:
+    tinkerbell.org/role: worker
+spec:
+  bmcRef:
+    apiGroup: bmc.tinkerbell.org
+    kind: Machine
+    name: vm1
+  disks:
+    - device: /dev/vda
+  interfaces:
+    - dhcp:
+        arch: x86_64
+        hostname: vm1
+        mac: "52:54:00:12:34:01"
+        ip:
+          address: 172.16.81.101
+          gateway: 172.16.81.1
+          netmask: 255.255.255.0
+        name_servers:
+          - 8.8.8.8
+        lease_time: 4294967294
+        uefi: true
+      disableDhcp: false
+      netboot:
+        allowPXE: true
+        allowWorkflow: true
+  metadata:
+    instance:
+      hostname: vm1
+      id: "52:54:00:12:34:01"
+      operating_system:
+        distro: debian
+        version: "13"
+
+---
+apiVersion: tinkerbell.org/v1alpha1
+kind: Hardware
+metadata:
+  name: vm2
+  namespace: tenant01
+  labels:
+    tinkerbell.org/role: worker
+spec:
+  bmcRef:
+    apiGroup: bmc.tinkerbell.org
+    kind: Machine
+    name: vm2
+  disks:
+    - device: /dev/vda
+  interfaces:
+    - dhcp:
+        arch: x86_64
+        hostname: vm2
+        mac: "52:54:00:12:34:02"
+        ip:
+          address: 172.16.81.102
+          gateway: 172.16.81.1
+          netmask: 255.255.255.0
+        name_servers:
+          - 8.8.8.8
+        lease_time: 4294967294
+        uefi: true
+      disableDhcp: false
+      netboot:
+        allowPXE: true
+        allowWorkflow: true
+  metadata:
+    instance:
+      hostname: vm2
+      id: "52:54:00:12:34:02"
+      operating_system:
+        distro: debian
+        version: "13"
+
+---
+apiVersion: tinkerbell.org/v1alpha1
+kind: Hardware
+metadata:
+  name: vm3
+  namespace: tenant01
+  labels:
+    tinkerbell.org/role: worker
+spec:
+  bmcRef:
+    apiGroup: bmc.tinkerbell.org
+    kind: Machine
+    name: vm3
+  disks:
+    - device: /dev/vda
+  interfaces:
+    - dhcp:
+        arch: x86_64
+        hostname: vm3
+        mac: "52:54:00:12:34:03"
+        ip:
+          address: 172.16.81.103
+          gateway: 172.16.81.1
+          netmask: 255.255.255.0
+        name_servers:
+          - 8.8.8.8
+        lease_time: 4294967294
+        uefi: true
+      disableDhcp: false
+      netboot:
+        allowPXE: true
+        allowWorkflow: true
+  metadata:
+    instance:
+      hostname: vm3
+      id: "52:54:00:12:34:03"
+      operating_system:
+        distro: debian
+        version: "13"

hardware/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: tenant01
+
+resources:
+  - bmc-secrets.yaml
+  - bmc.yaml
+  - hardware.yaml

tenant01-k0s-hcp.yaml

@@ -0,0 +1,123 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: cluster1-k0s-hcp
+  namespace: argo
+spec:
+  project: default
+  sources:
+    - repoURL: ssh://git@git.weystrom.dev:2222/argodent/cluster-templates.git
+      targetRevision: HEAD
+      path: tinkerbell-k0s-hcp
+      helm:
+        releaseName: cluster1
+        valuesObject:
+          workersNumber: 3
+          k0smotron:
+            externalAddress: "172.16.81.254"
+            persistence:
+              type: emptyDir
+            etcd:
+              persistence:
+                storageClass: openebs-hostpath
+                size: 1Gi
+            service:
+              type: NodePort
+              apiPort: 30443
+              konnectivityPort: 30132
+          worker:
+            bootMode: netboot
+            hardwareAffinity:
+              matchLabels:
+                tinkerbell.org/role: worker
+            templateOverride: |
+              version: "0.1"
+              name: worker-provision
+              global_timeout: 9000
+              tasks:
+                - name: "worker-provision"
+                  worker: "{{.device_1}}"
+                  volumes:
+                    - /dev:/dev
+                    - /dev/console:/dev/console
+                    - /lib/firmware:/lib/firmware:ro
+                  actions:
+                    - name: "Stream Debian Image"
+                      image: quay.io/tinkerbell/actions/image2disk:latest
+                      timeout: 3000
+                      environment:
+                        DEST_DISK: {{ index .Hardware.Disks 0 }}
+                        IMG_URL: https://cdimage.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.raw
+                        COMPRESSED: false
+                    - name: "Grow Partition"
+                      image: quay.io/tinkerbell/actions/cexec:latest
+                      timeout: 90
+                      environment:
+                        BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1
+                        FS_TYPE: ext4
+                        CHROOT: y
+                        DEFAULT_INTERPRETER: "/bin/sh -c"
+                        CMD_LINE: "growpart {{ index .Hardware.Disks 0 }} 1 && resize2fs {{ index .Hardware.Disks 0 }}1"
+                    - name: "Add Cloud-Init Config"
+                      image: quay.io/tinkerbell/actions/writefile:latest
+                      timeout: 90
+                      environment:
+                        DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }}
+                        FS_TYPE: ext4
+                        DEST_PATH: /etc/cloud/cloud.cfg.d/10_tinkerbell.cfg
+                        UID: 0
+                        GID: 0
+                        MODE: 0600
+                        DIRMODE: 0700
+                        CONTENTS: |
+                          datasource:
+                            Ec2:
+                              metadata_urls: ["http://172.16.81.254:7172"]
+                              strict_id: false
+                          system_info:
+                            default_user:
+                              name: tink
+                              plain_text_passwd: tink
+                              lock_passwd: false
+                              groups: [wheel, adm, sudo]
+                              sudo: ["ALL=(ALL) NOPASSWD:ALL"]
+                              shell: /bin/bash
+                          ssh_pwauth: true
+                          manage_etc_hosts: localhost
+                          warnings:
+                            dsid_missing_source: off
+                    - name: "Add Cloud-Init DS-Identity"
+                      image: quay.io/tinkerbell/actions/writefile:latest
+                      timeout: 90
+                      environment:
+                        DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }}
+                        FS_TYPE: ext4
+                        DEST_PATH: /etc/cloud/ds-identify.cfg
+                        UID: 0
+                        GID: 0
+                        MODE: 0600
+                        DIRMODE: 0700
+                        CONTENTS: |
+                          datasource: Ec2
+                    - name: "Reboot into installed OS"
+                      image: ghcr.io/jacobweinstock/waitdaemon:latest
+                      timeout: 90
+                      pid: host
+                      command: ["reboot"]
+                      environment:
+                        IMAGE: alpine
+                        WAIT_SECONDS: 10
+                      volumes:
+                        - /var/run/docker.sock:/var/run/docker.sock
+          k0s:
+            version: v1.33.4+k0s.0
+    - repoURL: ssh://git@git.weystrom.dev:2222/argodent/tenant01.git
+      targetRevision: HEAD
+      path: hardware
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: tenant01
+  syncPolicy:
+    syncOptions:
+      - CreateNamespace=true
+      - ServerSideApply=true