switch to boot-operator

sapcc · Jul 3, 2024 · 35d41d1 · 35d41d1
1 parent dd6a1f4
commit 35d41d1
Show file tree

Hide file tree

Showing 12 changed files with 85 additions and 172 deletions.
diff --git a/system/Makefile b/system/Makefile
@@ -5,7 +5,7 @@ PROVIDER_IPAM_VERSION ?= v0.1.0
 PROVIDER_KUBERNIKUS_VERSION ?= 9fd81475b828971913b3b27addf51fdbd0511d85
 BAREMETAL_OPERATOR_VERSION ?= v0.6.0
 METAL_OPERATOR_VERSION ?= 59fa5118ded38b711bbe940838552f4696151269
-BOOT_OPERATOR_VERSION ?= 61c6898bfd7772008835bdcca8d8a64c1dfc3b32
+BOOT_OPERATOR_VERSION ?= 425c27bcf9f02bc49ced6050f353755a32dbfb5f
 FEDHCP_VERSION ?= a59539c62aaa11a96c82fe792c87daaac4cb75bf
 
 SHELL := bash
@@ -96,7 +96,7 @@ build-boot-operator:
 	$(call build-chart,boot-operator,https://github.com/ironcore-dev/boot-operator//config/default,$(BOOT_OPERATOR_VERSION))
 	@yq -i '.controllerManager.manager.image.tag="$(BOOT_OPERATOR_VERSION)"' boot-operator/values.yaml
 	@yq -i '.fullnameOverride="boot-operator"' boot-operator/values.yaml
-	@yq -i '.version="0.0.5"' boot-operator/Chart.yaml
+	@yq -i '.version="0.0.6"' boot-operator/Chart.yaml
 
 build-fedhcp:
 	@cat kustomize/fedhcp/kustomization.yaml >> kustomization.yaml

diff --git a/system/boot-operator/Chart.yaml b/system/boot-operator/Chart.yaml
@@ -13,9 +13,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.5
+version: 0.0.6
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "61c6898bfd7772008835bdcca8d8a64c1dfc3b32"
+appVersion: "425c27bcf9f02bc49ced6050f353755a32dbfb5f"
diff --git a/system/boot-operator/crds/httpbootconfig-crd.yaml b/system/boot-operator/crds/httpbootconfig-crd.yaml
@@ -47,19 +47,62 @@ spec:
             properties:
               ignitionSecretRef:
                 description: |-
-                  LocalObjectReference contains enough information to let you locate the
-                  referenced object inside the same namespace.
+                  ObjectReference contains enough information to let you inspect or modify the referred object.
+                  ---
+                  New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
+                   1. Ignored fields.  It includes many fields which are not generally honored.  For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
+                   2. Invalid usage help.  It is impossible to add specific help for individual usage.  In most embedded usages, there are particular
+                      restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
+                      Those cannot be well described when embedded.
+                   3. Inconsistent validation.  Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
+                   4. The fields are both imprecise and overly precise.  Kind is not a precise mapping to a URL. This can produce ambiguity
+                      during interpretation and require a REST mapping.  In most cases, the dependency is on the group,resource tuple
+                      and the version of the actual struct is irrelevant.
+                   5. We cannot easily change it.  Because this type is embedded in many locations, updates to this type
+                      will affect numerous schemas.  Don't make new APIs embed an underspecified API type they do not control.
+
+
+                  Instead of using this type, create a locally provided and used type that is well-focused on your reference.
+                  For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
                 properties:
+                  apiVersion:
+                    description: API version of the referent.
+                    type: string
+                  fieldPath:
+                    description: |-
+                      If referring to a piece of an object instead of an entire object, this string
+                      should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
+                      For example, if the object reference is to a container within a pod, this would take on a value like:
+                      "spec.containers{name}" (where "name" refers to the name of the container that triggered
+                      the event) or if no container name is specified "spec.containers[2]" (container with
+                      index 2 in this pod). This syntax is chosen only to have some well-defined way of
+                      referencing a part of an object.
+                      TODO: this design is not final and this field is subject to change in the future.
+                    type: string
+                  kind:
+                    description: |-
+                      Kind of the referent.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+                    type: string
                   name:
-                    default: ""
                     description: |-
                       Name of the referent.
-                      This field is effectively required, but due to backwards compatibility is
-                      allowed to be empty. Instances of this type with an empty value here are
-                      almost certainly wrong.
-                      TODO: Add other useful fields. apiVersion, kind, uid?
                       More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
-                      TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                    type: string
+                  namespace:
+                    description: |-
+                      Namespace of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
+                    type: string
+                  resourceVersion:
+                    description: |-
+                      Specific resourceVersion to which this reference is made, if any.
+                      More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
+                    type: string
+                  uid:
+                    description: |-
+                      UID of the referent.
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
                     type: string
                 type: object
                 x-kubernetes-map-type: atomic

diff --git a/system/boot-operator/crds/ipxebootconfig-crd.yaml b/system/boot-operator/crds/ipxebootconfig-crd.yaml
diff --git a/system/boot-operator/templates/deployment.yaml b/system/boot-operator/templates/deployment.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-controller-manager
   labels:
     app.kubernetes.io/component: manager
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
     control-plane: controller-manager
   {{- include "boot-operator.labels" . | nindent 4 }}
 spec:

diff --git a/system/boot-operator/templates/leader-election-rbac.yaml b/system/boot-operator/templates/leader-election-rbac.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-leader-election-role
   labels:
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
@@ -46,8 +46,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-leader-election-rolebinding
   labels:
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io

diff --git a/system/boot-operator/templates/manager-rbac.yaml b/system/boot-operator/templates/manager-rbac.yaml
@@ -57,48 +57,35 @@ rules:
   - patch
   - update
 - apiGroups:
-  - boot.ironcore.dev
+  - metal.ironcore.dev
   resources:
-  - ipxebootconfig
+  - bootconfigurations
   verbs:
-  - create
-  - delete
   - get
   - list
-  - patch
   - watch
 - apiGroups:
-  - boot.ironcore.dev
+  - metal.ironcore.dev
   resources:
-  - ipxebootconfig/status
+  - bootconfigurations/finalizers
   verbs:
-  - get
+  - update
 - apiGroups:
-  - boot.ironcore.dev
+  - metal.ironcore.dev
   resources:
-  - ipxebootconfigs
+  - bootconfigurations/status
   verbs:
-  - create
-  - delete
   - get
-  - list
   - patch
   - update
-  - watch
-- apiGroups:
-  - boot.ironcore.dev
-  resources:
-  - ipxebootconfigs/finalizers
-  verbs:
-  - update
 - apiGroups:
-  - boot.ironcore.dev
+  - metal.ironcore.dev
   resources:
-  - ipxebootconfigs/status
+  - machines
   verbs:
   - get
-  - patch
-  - update
+  - list
+  - watch
 - apiGroups:
   - metal.ironcore.dev
   resources:
@@ -136,8 +123,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-manager-rolebinding
   labels:
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io

diff --git a/system/boot-operator/templates/metrics-reader-rbac.yaml b/system/boot-operator/templates/metrics-reader-rbac.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-metrics-reader
   labels:
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
 rules:
 - nonResourceURLs:

diff --git a/system/boot-operator/templates/metrics-service.yaml b/system/boot-operator/templates/metrics-service.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-controller-manager-metrics-service
   labels:
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
     control-plane: controller-manager
   {{- include "boot-operator.labels" . | nindent 4 }}
 spec:

diff --git a/system/boot-operator/templates/proxy-rbac.yaml b/system/boot-operator/templates/proxy-rbac.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-proxy-role
   labels:
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
 rules:
 - apiGroups:
@@ -27,8 +27,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-proxy-rolebinding
   labels:
     app.kubernetes.io/component: kube-rbac-proxy
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io

diff --git a/system/boot-operator/templates/serviceaccount.yaml b/system/boot-operator/templates/serviceaccount.yaml
@@ -4,8 +4,8 @@ metadata:
   name: {{ include "boot-operator.fullname" . }}-controller-manager
   labels:
     app.kubernetes.io/component: rbac
-    app.kubernetes.io/created-by: ipxe-operator
-    app.kubernetes.io/part-of: ipxe-operator
+    app.kubernetes.io/created-by: boot-operator
+    app.kubernetes.io/part-of: boot-operator
   {{- include "boot-operator.labels" . | nindent 4 }}
   annotations:
     {{- toYaml .Values.controllerManager.serviceAccount.annotations | nindent 4 }}
diff --git a/system/boot-operator/values.yaml b/system/boot-operator/values.yaml
@@ -33,7 +33,7 @@ controllerManager:
           - ALL
     image:
       repository: controller
-      tag: 61c6898bfd7772008835bdcca8d8a64c1dfc3b32
+      tag: 425c27bcf9f02bc49ced6050f353755a32dbfb5f
     resources:
       limits:
         cpu: 500m