CAPT changes related to kubified tinkerbell stack

[panktishah26]

Description

This PR contains changes related to kubified tinkerbell stack. Tink PostgreSQL dependency is removed from the CAPT and CAPT controllers will only have to communicate with underlying Kubernetes client.

Signed-off-by: Pankti Shah [email protected]

Why is this needed

We have kubified all the services of Tinkerbell stack like Tink-apis, Boots, Hegel, Rufio etc. We needed to change CAPT as well to make the whole kubified stack work to create a BareMetal cluster.

Fixes: #

How Has This Been Tested?

To test these changes,

1. I set up Kubified Tinkerbell stack by creating containers such as tink-server, boots, hegel, tink-controller, registry and k3s containing Kubernetes related changes.
2. Removed PostgreSQL tink-api dependencies from the CAPT repo.
3. Accommodated all the tink-api v1alpha1 structure changes related to hardware, template and workflow.
4. Ran CAPT on k3s cluster using clusterctl api.
5. Fed hardware yaml files and deployment file to the running cluster which created a cluster with 1 control plane and 1 worker successfully.

Sample yaml file for new hardware CRDs

apiVersion: "tinkerbell.org/v1alpha1"
kind: Hardware
metadata:
  name: node-1
  namespace: default
spec:
  disks:
    - device: /dev/sda
  metadata:
    facility:
      facility_code: onprem
    instance:
      userdata: ""
      hostname: "node-1"
      id: "xx:xx:xx:xx:xx:xx"
      operating_system:
        distro: "ubuntu"
        os_slug: "ubuntu_20_04"
        version: "20.04"
  interfaces:
    - dhcp:
        arch: x86_64
        hostname: node-1
        ip:
          address: 0.0.0.0
          gateway: 0.0.0.1
          netmask: 255.255.255.0
        lease_time: 86400
        mac: xx:xx:xx:xx:xx:
        name_servers:
          - 8.8.8.8
        uefi: true
      netboot:
        allowPXE: true
        allowWorkflow: true

How are existing users impacted? What migration steps/scripts do we need?

Existing users might have to take the latest versions of each Tinkerbell services to created a cluster.

Checklist:

I have:

• updated the documentation and/or roadmap (if required)
• added unit or e2e tests
• provided instructions on how to upgrade

[micahhausler]

Thanks for putting out what you've got so far! I have just a few suggestions

[micahhausler]

LGTM! Great work @panktishah26!

[micahhausler]

Thanks for updating the docs! Just some minor changes

[micahhausler]

LGTM!

[detiber]

Love seeing this work coming together, just a few questions and suggestions. Please excuse my ignorance if anything I brought up has already been discussed while I've been offline.

[detiber]

Still reading through the changes, but initial reaction here is: should this be a well defined data type rather than a map[string]string here?

[detiber]

Is the assumption here that hardware.Spec.Metadata.Instance.ID is going to match the MAC address?

I'm wondering if there is a better way to handle this mapping that provides a clearer mapping between Hardware and Workflow.

Maybe something like this (simplified yaml):

hardwareRefs:
- placeholder: "device_1",
- hardwareName: mrc.tinkerbellMachine.Spec.HardwareName,
<some way to specify interface index and whether to use IP or MAC for matching>

This would potentially give the same flexibility as the current map without losing an easy way to match the hardware associated with a given workflow (especially for the purposes in displaying in kubectl get)

[micahhausler]

Still reading through the changes, but initial reaction here is: should this be a well defined data type rather than a map[string]string here?

I think this could use a better data type, but that will necessitate changes to the API now defined in Tinkerbell.

Is the assumption here that hardware.Spec.Metadata.Instance.ID is going to match the MAC address?

Yes. We should come up with a better way to encode this, but its probably outside the scope of this PR

[detiber]

Cleaning this up in the future sounds good to me

[detiber]

Use of the UID here would cause issues if types are ever backed up and restored (or if resources are "pivoted" to a different Kubernetes cluster). This wasn't an issue with the Tinkerbell when using the Postgres backend because users because users were specifying the UUID when creating the hardware.

Before recommending an alternative approach, I have a few questions to narrow down what supported permutations we expect to exist.

• Would we expect to be able to reference hardware defined in a different namespace to be used for a given Tinkerbell Machine?
• Would we expect the use of hardware defined on a different k8s cluster to be used?
• Would we expect to be able to reference hardware defined using Tinkerbell with the postgresql backend still?

[micahhausler]

Would we expect to be able to reference hardware defined in a different namespace to be used for a given Tinkerbell Machine?

I don't think so, even though Tinkerbell types are namespaced, the Tink stack really only operates in a single namespace. Machines aren't aware of the namespace with how they communicate to the tink components (tink server/worker over gRPC with a MAC ID as the identifier, hardware with boots over DHCP with MAC address, tink-worker to hegel over http with an IP address as the identifier)

Would we expect the use of hardware defined on a different k8s cluster to be used?

Not at this point. We could certainly wire up CAPT to have two K8s clients to separate clusters, one for CAPI and one for Tink, but it doesn't operate this way today. For now, it would probably be unneeded complexity.

Would we expect to be able to reference hardware defined using Tinkerbell with the postgresql backend still?

No, as this PR rips out all the Tink API client that uses the Postgres backend.

We should probably use tinkerbell://{namespace}/{name} for repeatability across clusters, as you brought up with the pivot point.

[panktishah26]

Should we make this change in this PR or should I create an another PR?

[micahhausler]

@panktishah26 its up to you

[detiber]

@micahhausler thanks for the clarification, it really helps.

I don't think we need to. block the PR on updating the providerID, especially since it would require additional changes to the controllers to support the new pattern.

I would consider getting things updated to use tinkerbell//{namespace}/{name} a release blocker, though to avoid users hitting issues related to backup/restore and pivot.

[panktishah26]

Thanks @micahhausler and @detiber, based on our discussion, it would be good if we address this in the different PR since this change require changes to the controllers.

[panktishah26]

I have reverted go.mod file change. Kindly let me know if there is any other changes needs to be done. @micahhausler @detiber

[micahhausler]

LGTM, awesome work @panktishah26!