commit b77e4211c8e8116aeaab4ec583e2ed495cd1c964 Author: Pavel Basov Date: Mon Dec 15 21:08:14 2025 +0100 Add tenant01 k0s cluster with Tinkerbell hardware diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4c5f206 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.claude/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..e69de29 diff --git a/hardware/bmc-secrets.yaml b/hardware/bmc-secrets.yaml new file mode 100644 index 0000000..c9fcc61 --- /dev/null +++ b/hardware/bmc-secrets.yaml @@ -0,0 +1,32 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: vm1-bmc + namespace: tenant01 +type: Opaque +stringData: + username: admin + password: password + +--- +apiVersion: v1 +kind: Secret +metadata: + name: vm2-bmc + namespace: tenant01 +type: Opaque +stringData: + username: admin + password: password + +--- +apiVersion: v1 +kind: Secret +metadata: + name: vm3-bmc + namespace: tenant01 +type: Opaque +stringData: + username: admin + password: password \ No newline at end of file diff --git a/hardware/bmc.yaml b/hardware/bmc.yaml new file mode 100644 index 0000000..b181cb9 --- /dev/null +++ b/hardware/bmc.yaml @@ -0,0 +1,62 @@ +--- +apiVersion: bmc.tinkerbell.org/v1alpha1 +kind: Machine +metadata: + name: vm1 + namespace: tenant01 +spec: + connection: + host: 172.16.81.254 + port: 6231 + insecureTLS: true + authSecretRef: + name: vm1-bmc + namespace: tenant01 + providerOptions: + preferredOrder: + - ipmitool + ipmitool: + port: 6231 + cipherSuite: "3" + +--- +apiVersion: bmc.tinkerbell.org/v1alpha1 +kind: Machine +metadata: + name: vm2 + namespace: tenant01 +spec: + connection: + host: 172.16.81.254 + port: 6232 + insecureTLS: true + authSecretRef: + name: vm2-bmc + namespace: tenant01 + providerOptions: + preferredOrder: + - ipmitool + ipmitool: + port: 6232 + cipherSuite: "3" + +--- +apiVersion: bmc.tinkerbell.org/v1alpha1 +kind: Machine +metadata: + name: vm3 + namespace: tenant01 +spec: + connection: + host: 172.16.81.254 + port: 6233 + insecureTLS: true + authSecretRef: + name: vm3-bmc + namespace: tenant01 + providerOptions: + preferredOrder: + - ipmitool + ipmitool: + port: 6233 + cipherSuite: "3" \ No newline at end of file diff --git a/hardware/hardware.yaml b/hardware/hardware.yaml new file mode 100644 index 0000000..16bce79 --- /dev/null +++ b/hardware/hardware.yaml @@ -0,0 +1,119 @@ +--- +apiVersion: tinkerbell.org/v1alpha1 +kind: Hardware +metadata: + name: vm1 + namespace: tenant01 + labels: + tinkerbell.org/role: worker +spec: + bmcRef: + apiGroup: bmc.tinkerbell.org + kind: Machine + name: vm1 + disks: + - device: /dev/vda + interfaces: + - dhcp: + arch: x86_64 + hostname: vm1 + mac: "52:54:00:12:34:01" + ip: + address: 172.16.81.101 + gateway: 172.16.81.1 + netmask: 255.255.255.0 + name_servers: + - 8.8.8.8 + lease_time: 4294967294 + uefi: true + disableDhcp: false + netboot: + allowPXE: true + allowWorkflow: true + metadata: + instance: + hostname: vm1 + id: "52:54:00:12:34:01" + operating_system: + distro: debian + version: "13" + +--- +apiVersion: tinkerbell.org/v1alpha1 +kind: Hardware +metadata: + name: vm2 + namespace: tenant01 + labels: + tinkerbell.org/role: worker +spec: + bmcRef: + apiGroup: bmc.tinkerbell.org + kind: Machine + name: vm2 + disks: + - device: /dev/vda + interfaces: + - dhcp: + arch: x86_64 + hostname: vm2 + mac: "52:54:00:12:34:02" + ip: + address: 172.16.81.102 + gateway: 172.16.81.1 + netmask: 255.255.255.0 + name_servers: + - 8.8.8.8 + lease_time: 4294967294 + uefi: true + disableDhcp: false + netboot: + allowPXE: true + allowWorkflow: true + metadata: + instance: + hostname: vm2 + id: "52:54:00:12:34:02" + operating_system: + distro: debian + version: "13" + +--- +apiVersion: tinkerbell.org/v1alpha1 +kind: Hardware +metadata: + name: vm3 + namespace: tenant01 + labels: + tinkerbell.org/role: worker +spec: + bmcRef: + apiGroup: bmc.tinkerbell.org + kind: Machine + name: vm3 + disks: + - device: /dev/vda + interfaces: + - dhcp: + arch: x86_64 + hostname: vm3 + mac: "52:54:00:12:34:03" + ip: + address: 172.16.81.103 + gateway: 172.16.81.1 + netmask: 255.255.255.0 + name_servers: + - 8.8.8.8 + lease_time: 4294967294 + uefi: true + disableDhcp: false + netboot: + allowPXE: true + allowWorkflow: true + metadata: + instance: + hostname: vm3 + id: "52:54:00:12:34:03" + operating_system: + distro: debian + version: "13" \ No newline at end of file diff --git a/hardware/kustomization.yaml b/hardware/kustomization.yaml new file mode 100644 index 0000000..343e549 --- /dev/null +++ b/hardware/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: tenant01 + +resources: + - bmc-secrets.yaml + - bmc.yaml + - hardware.yaml diff --git a/tenant01-k0s-hcp.yaml b/tenant01-k0s-hcp.yaml new file mode 100644 index 0000000..e712553 --- /dev/null +++ b/tenant01-k0s-hcp.yaml @@ -0,0 +1,123 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: cluster1-k0s-hcp + namespace: argo +spec: + project: default + sources: + - repoURL: ssh://git@git.weystrom.dev:2222/argodent/cluster-templates.git + targetRevision: HEAD + path: tinkerbell-k0s-hcp + helm: + releaseName: cluster1 + valuesObject: + workersNumber: 3 + k0smotron: + externalAddress: "172.16.81.254" + persistence: + type: emptyDir + etcd: + persistence: + storageClass: openebs-hostpath + size: 1Gi + service: + type: NodePort + apiPort: 30443 + konnectivityPort: 30132 + worker: + bootMode: netboot + hardwareAffinity: + matchLabels: + tinkerbell.org/role: worker + templateOverride: | + version: "0.1" + name: worker-provision + global_timeout: 9000 + tasks: + - name: "worker-provision" + worker: "{{.device_1}}" + volumes: + - /dev:/dev + - /dev/console:/dev/console + - /lib/firmware:/lib/firmware:ro + actions: + - name: "Stream Debian Image" + image: quay.io/tinkerbell/actions/image2disk:latest + timeout: 3000 + environment: + DEST_DISK: {{ index .Hardware.Disks 0 }} + IMG_URL: https://cdimage.debian.org/images/cloud/trixie/latest/debian-13-generic-amd64.raw + COMPRESSED: false + - name: "Grow Partition" + image: quay.io/tinkerbell/actions/cexec:latest + timeout: 90 + environment: + BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1 + FS_TYPE: ext4 + CHROOT: y + DEFAULT_INTERPRETER: "/bin/sh -c" + CMD_LINE: "growpart {{ index .Hardware.Disks 0 }} 1 && resize2fs {{ index .Hardware.Disks 0 }}1" + - name: "Add Cloud-Init Config" + image: quay.io/tinkerbell/actions/writefile:latest + timeout: 90 + environment: + DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + DEST_PATH: /etc/cloud/cloud.cfg.d/10_tinkerbell.cfg + UID: 0 + GID: 0 + MODE: 0600 + DIRMODE: 0700 + CONTENTS: | + datasource: + Ec2: + metadata_urls: ["http://172.16.81.254:7172"] + strict_id: false + system_info: + default_user: + name: tink + plain_text_passwd: tink + lock_passwd: false + groups: [wheel, adm, sudo] + sudo: ["ALL=(ALL) NOPASSWD:ALL"] + shell: /bin/bash + ssh_pwauth: true + manage_etc_hosts: localhost + warnings: + dsid_missing_source: off + - name: "Add Cloud-Init DS-Identity" + image: quay.io/tinkerbell/actions/writefile:latest + timeout: 90 + environment: + DEST_DISK: {{ formatPartition ( index .Hardware.Disks 0 ) 1 }} + FS_TYPE: ext4 + DEST_PATH: /etc/cloud/ds-identify.cfg + UID: 0 + GID: 0 + MODE: 0600 + DIRMODE: 0700 + CONTENTS: | + datasource: Ec2 + - name: "Reboot into installed OS" + image: ghcr.io/jacobweinstock/waitdaemon:latest + timeout: 90 + pid: host + command: ["reboot"] + environment: + IMAGE: alpine + WAIT_SECONDS: 10 + volumes: + - /var/run/docker.sock:/var/run/docker.sock + k0s: + version: v1.33.4+k0s.0 + - repoURL: ssh://git@git.weystrom.dev:2222/argodent/tenant01.git + targetRevision: HEAD + path: hardware + destination: + server: https://kubernetes.default.svc + namespace: tenant01 + syncPolicy: + syncOptions: + - CreateNamespace=true + - ServerSideApply=true