Skip to content

Commit

Permalink
Default to using local persistent volume:
Browse files Browse the repository at this point in the history 
This allows deployment to reference only a PVC.
If a user wants a production grade experience they
should provide a PVC backed by a production grade PV.

What used to be a Kubernetes Job to download HookOS, is
now a container in the tink-stack pod. This removes the
challenges of getting a Kubernetes Job to download HookOS
on the same node as the tink-stack pod. This is only an issue
with the local persistent volume.

Signed-off-by: Jacob Weinstock <[email protected]>
  • Loading branch information
@jacobweinstock
jacobweinstock committed Oct 22, 2024
1 parent 92a8f82 commit 1d10f18
Show file tree
Hide file tree
Showing 4 changed files with 68 additions and 89 deletions.
42 changes: 3 additions & 39 deletions tinkerbell/stack/templates/hook.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,43 +25,7 @@ data:
mv "${tmp_dir}"/checksum.txt .
for f in ${tmp_dir}/*.tar.gz; do tar --no-same-permissions --overwrite -ozxvf "${f}" && rm -f "${f}"; done
rm -rf "${tmp_dir}"
---
apiVersion: batch/v1
kind: Job
metadata:
name: download-hook
namespace: {{ .Release.Namespace }}
spec:
backoffLimit: 50
template:
metadata:
labels:
app: download-hook
spec:
containers:
- name: download-hook
image: {{ .Values.stack.hook.image }}
command: ["/script/entrypoint.sh"]
volumeMounts:
- mountPath: /output
name: hook-artifacts
- mountPath: /script
name: configmap-volume
restartPolicy: OnFailure
volumes:
- name: hook-artifacts
{{- if eq .Values.stack.hook.persistence.type "hostpath" }}
hostPath:
path: {{ .Values.stack.hook.downloadsDest }}
type: DirectoryOrCreate
{{- else if eq .Values.stack.hook.persistence.type "pvc" }}
persistentVolumeClaim:
claimName: {{ .Values.stack.hook.persistence.pvc.existingClaim | default "hook-artifacts" }}
{{- else }}
{{- fail "value for .Values.stack.hook.persistence.type is unsupported" }}
{{- end }}
- name: configmap-volume
configMap:
defaultMode: 0700
name: download-hook
sleep infinity & PID=$!
trap "kill $PID" INT TERM
wait $PID
{{- end }}
25 changes: 16 additions & 9 deletions tinkerbell/stack/templates/nginx.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
{{- if not $listenBroadcast -}}
{{- $dhcpInterfaceName = "eth0" -}}
{{- end -}}
{{- $claimName := coalesce .Values.stack.hook.persistence.existingClaim .Values.stack.hook.persistence.localPersistentVolume.name }}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -108,6 +109,16 @@ spec:
add:
- NET_RAW
{{- end }}
{{- if .Values.stack.hook.enabled }}
- name: download-hook
image: {{ .Values.stack.hook.image }}
command: ["/script/entrypoint.sh"]
volumeMounts:
- mountPath: /output
name: hook-artifacts
- mountPath: /script
name: configmap-volume
{{- end }}
volumes:
- name: nginx-conf
configMap:
Expand All @@ -123,16 +134,12 @@ spec:
{{- end }}
{{- if .Values.stack.hook.enabled }}
- name: hook-artifacts
{{- if eq .Values.stack.hook.persistence.type "hostpath" }}
hostPath:
path: {{ .Values.stack.hook.downloadsDest }}
type: DirectoryOrCreate
{{- else if eq .Values.stack.hook.persistence.type "pvc" }}
persistentVolumeClaim:
claimName: {{ .Values.stack.hook.persistence.pvc.existingClaim | default "hook-artifacts" }}
{{- else }}
{{- fail "value for .Values.stack.hook.persistence.type is not as expected" }}
{{- end }}
claimName: {{ $claimName }}
- name: configmap-volume
configMap:
defaultMode: 0700
name: download-hook
{{- end }}
{{- if and .Values.stack.relay.enabled $listenBroadcast }}
initContainers:
Expand Down
57 changes: 40 additions & 17 deletions tinkerbell/stack/templates/nginx_pvc.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,29 +1,52 @@
{{- if and .Values.stack.hook.enabled (not .Values.stack.hook.persistence.pvc.existingClaim) (eq .Values.stack.hook.persistence.type "pvc") }}
{{- if and .Values.stack.hook.enabled (empty .Values.stack.hook.persistence.existingClaim ) }}
---
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: {{ .Values.stack.hook.persistence.localPersistentVolume.storageClassName }}
namespace: {{ .Release.Namespace }}
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: {{ .Values.stack.hook.persistence.localPersistentVolume.name }}
namespace: {{ .Release.Namespace }}
spec:
capacity:
storage: {{ .Values.stack.hook.persistence.localPersistentVolume.size }}
accessModes:
{{- range .Values.stack.hook.persistence.localPersistentVolume.accessModes }}
- {{ . | quote }}
{{- end }}
persistentVolumeReclaimPolicy: Retain
storageClassName: {{ .Values.stack.hook.persistence.localPersistentVolume.storageClassName }}
local:
path: {{ .Values.stack.hook.persistence.localPersistentVolume.path }}
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: non-existent-label # this label with DoesNotExist should match all nodes
operator: DoesNotExist
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: hook-artifacts
namespace: {{ .Release.Namespace }}
labels:
{{- with .Values.stack.hook.persistence.pvc.extraLabels }}
{{- with .Values.stack.hook.persistence.localPersistentVolume.extraLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.stack.hook.persistence.pvc.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
accessModes:
{{- range .Values.stack.hook.persistence.pvc.accessModes }}
- {{ . | quote }}
{{- end }}
{{- range .Values.stack.hook.persistence.localPersistentVolume.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.stack.hook.persistence.pvc.size | quote }}
{{- with .Values.stack.hook.persistence.pvc.storageClassName }}
storageClassName: {{ . }}
{{- end }}
{{- with .Values.stack.hook.persistence.pvc.selector }}
selector:
{{- toYaml . | nindent 4 }}
{{- end }}
storage: {{ .Values.stack.hook.persistence.localPersistentVolume.size | quote }}
storageClassName: {{ .Values.stack.hook.persistence.localPersistentVolume.storageClassName }}
{{- end }}
33 changes: 9 additions & 24 deletions tinkerbell/stack/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,37 +24,22 @@ stack:
name: hook-files
port: 8080
image: bash
downloadsDest: /opt/hook
# downloadURL only works with the > 0.8.1 Hook release because
# previous Hook versions didn't provide a checksum file.
downloadURL: https://github.com/tinkerbell/hook/releases/download/v0.9.1
persistence:
# type must be either "hostpath" or "pvc"
# hostpath: only works on a single worker node cluster
# https://kubernetes.io/docs/concepts/storage/volumes/#hostpath
type: hostpath

pvc:
# PVC accessModes :
# If you include only ReadWriteMany access mode it will allow to download Hook artifacts,
# it will also allow to scale up stack deployment on multinode cluster.
# If ReadWriteOnce is included, you will need to download manually Hook artifacts into
# stack Pod (/usr/share/nginx/html/).
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes
# If existingClaim is set, the local persistence volume (localPersistentVolume) objects will NOT be created.
# Use this to point to an existing production grade storage class.
existingClaim: ""
# While local storage is the default, it is not recommended for production use.
localPersistentVolume:
storageClassName: local-storage
# this path must already exist on the node
path: /tmp
name: hook-artifacts
accessModes:
- ReadWriteMany
size: 1Gi
# storageClassName: default
# Annotations to include on the PVC object.
annotations: {}

# An optional selector to narrow the Volumes considered for binding to the PVC.
# Should be structured the same as a raw PVC selector (see documentation for more info).
#
# https://kubernetes.io/docs/concepts/storage/persistent-volumes/#selector.
selector: {}

# existingClaim:
extraLabels: {}

kubevip:
Expand Down

0 comments on commit 1d10f18

Please sign in to comment.