Vagrant helm (#155)

## Description


This adds new stack deployment option using Helm and K3D.

## Why is this needed



Fixes: #

## How Has This Been Tested?





## How are existing users impacted? What migration steps/scripts do we need?





## Checklist:

I have:

- [ ] updated the documentation and/or roadmap (if required)
- [ ] added unit or e2e tests
- [ ] provided instructions on how to upgrade

.github/workflows/ci-non-go.sh

@@ -22,11 +22,11 @@ if ! make lint; then
 	failed=1
 fi
 
-if ! terraform fmt -write -recursive deploy/terraform/; then
+if ! terraform fmt -write -recursive deploy/infrastructure/terraform/; then
 	failed=1
 fi
 
-if ! rufo deploy/vagrant/Vagrantfile; then
+if ! rufo deploy/infrastructure/vagrant/Vagrantfile; then
 	failed=1
 fi
 

.gitignore

@@ -1,9 +1,10 @@
 # hidden files/dirs
 .*
-!deploy/compose/postgres/state/webroot/misc/osie/current/.keep
-!deploy/compose/postgres/state/webroot/workflow/.keep
-!deploy/.env
-!deploy/compose/.env
+!deploy/stack/compose/postgres/state/webroot/misc/osie/current/.keep
+!deploy/stack/compose/postgres/state/webroot/workflow/.keep
+!deploy/infrastructure/vagrant/.env
+!deploy/stack/compose/.env
+!deploy/stack/compose/postgres/.env
 !.gitignore
 !.github/
 
@@ -17,12 +18,12 @@
 
 compose.tar.gz
 compose.zip
-deploy/compose/postgres/state/webroot/*.gz
-deploy/compose/postgres/state/webroot/misc/osie/current/*
-deploy/compose/postgres/state/webroot/workflow/*
-deploy/compose/manifests/manifests.yaml
-deploy/compose/state/*
-!deploy/compose/state/.keep
+deploy/stack/compose/postgres/state/webroot/*.gz
+deploy/stack/compose/postgres/state/webroot/misc/osie/current/*
+deploy/stack/compose/postgres/state/webroot/workflow/*
+deploy/stack/compose/manifests/manifests.yaml
+deploy/stack/compose/state/*
+!deploy/stack/compose/state/.keep
 envrc
 out
 workflow_id.txt

CONTRIBUTING.md

@@ -43,3 +43,10 @@ We'll try to add comments as soon as possible, though.
 Bugs are problems in code, in the functionality of an application or in its UI design; you can submit them through [Issues](https://github.com/tinkerbell/sandbox/issues).
 
 ## Code Style Guides
+
+## Implementation Details
+
+The Sandbox is organized into two high level components: `infrastructure` and `stack`.
+
+- The `infrastructure` component is responsible for provisioning the infrastructure required to run the Tinkerbell stack. `Vagrant` and `Terraform` are the supported infrastructure tools.
+- The `stack` component is responsible for provisioning the Tinkerbell stack itself. `Docker Compose` and `Helm` are the supported stack tools.

deploy/infrastructure/vagrant/.env

@@ -0,0 +1,14 @@
+LIBVIRT_HOST_IP=192.168.56.1
+PROVISIONER_IP=192.168.56.4
+LOADBALANCER_IP=192.168.56.5
+MACHINE1_IP=192.168.56.43
+MACHINE1_MAC=08:00:27:9e:f5:3a
+
+#USE_POSTGRES=true
+USE_POSTGRES=
+
+# USE_HELM=true
+USE_HELM=true
+
+# https://github.com/tinkerbell/charts/pkgs/container/charts%2Fstack
+HELM_CHART_VERSION=0.1.1

deploy/vagrant/Vagrantfile → deploy/infrastructure/vagrant/Vagrantfile

@@ -1,52 +1,75 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
+open(".env", "r").readlines.each {
+  |l|
+  kv = l.split("=")
+  if kv[1] != nil
+    ENV[kv[0]] = kv[1].strip
+  end
+}
+
 LIBVIRT_HOST_IP = ENV["LIBVIRT_HOST_IP"] || "192.168.56.1"
 PROVISIONER_IP = ENV["PROVISIONER_IP"] || "192.168.56.4"
+LOADBALANCER_IP = ENV["LOADBALANCER_IP"] || "192.168.56.4"
 MACHINE1_IP = ENV["MACHINE1_IP"] || "192.168.56.43"
 MACHINE1_MAC = (ENV["MACHINE1_MAC"] || "08:00:27:9E:F5:3A").downcase
-BACKEND_POSTGRES = ENV["BACKEND_POSTGRES"] || ""
-COMPOSE_DIR = "/sandbox/compose"
+USE_POSTGRES = ENV["USE_POSTGRES"] || ""
+USE_HELM = ENV["USE_HELM"] || ""
+HELM_CHART_VERSION = ENV["HELM_CHART_VERSION"] || "0.1.1"
+HELM_LOADBALANCER_INTERFACE = ENV["HELM_LOADBALANCER_INTERFACE"] || "eth1"
+STACK_OPT = "compose/"
+STACK_BASE_DIR = "../../stack/"
+STACK_DIR = STACK_BASE_DIR + STACK_OPT
+DEST_DIR_BASE = "/sandbox/stack/"
+DEST_DIR = DEST_DIR_BASE + STACK_OPT
 
 Vagrant.configure("2") do |config|
   config.vm.provider :libvirt do |libvirt|
     libvirt.qemu_use_session = false
   end
 
   config.vm.define "provisioner" do |provisioner|
+    if USE_POSTGRES == "true" && USE_HELM == "true"
+      puts "USE_POSTGRES and USE_HELM cannot both be true"
+      abort
+    end
+    if USE_HELM == "true"
+      STACK_DIR = STACK_BASE_DIR + "helm/"
+      DEST_DIR = DEST_DIR_BASE + "helm/"
+    end
     provisioner.vm.box = "generic/ubuntu2204"
-    provisioner.vm.synced_folder "../compose/", "/sandbox/compose/"
-    provisioner.vm.network "private_network", ip: PROVISIONER_IP,
+    provisioner.vm.synced_folder STACK_BASE_DIR, DEST_DIR_BASE
+    provisioner.vm.network "private_network", ip: "192.168.56.4", netmask: "255.255.255.0",
                                               libvirt__network_name: "tink_network",
                                               libvirt__host_ip: LIBVIRT_HOST_IP,
                                               libvirt__netmask: "255.255.255.0",
-                                              libvirt__dhcp_enabled: false,
-                                              auto_config: false
+                                              libvirt__dhcp_enabled: false
 
     provisioner.vm.provider "virtualbox" do |v, override|
       v.memory = 2048
       v.cpus = 2
-      override.vm.synced_folder "../compose/", "/sandbox/compose/"
+      override.vm.synced_folder STACK_BASE_DIR, DEST_DIR_BASE
     end
 
     provisioner.vm.provider "libvirt" do |l, override|
       l.memory = 2048
       l.cpus = 2
-      override.vm.synced_folder "../compose/", "/sandbox/compose/", type: "rsync"
+      override.vm.synced_folder STACK_BASE_DIR, DEST_DIR_BASE, type: "rsync"
     end
 
-    if BACKEND_POSTGRES != ""
-      COMPOSE_DIR = "/sandbox/compose/postgres"
+    if USE_POSTGRES == "true"
+      DEST_DIR = DEST_DIR_BASE + STACK_OPT + "postgres"
     end
-    provisioner.vm.provision :shell, path: "setup.sh", args: [PROVISIONER_IP, MACHINE1_IP, MACHINE1_MAC, COMPOSE_DIR]
+    provisioner.vm.provision :shell, path: STACK_DIR + "/setup.sh", args: [PROVISIONER_IP, MACHINE1_IP, MACHINE1_MAC, DEST_DIR, LOADBALANCER_IP, HELM_CHART_VERSION, HELM_LOADBALANCER_INTERFACE]
   end
 
   config.vm.define :machine1, autostart: false do |machine1|
     machine1.ssh.insert_key = false
     machine1.vm.boot_timeout = 10
     machine1.vm.synced_folder ".", "/vagrant", disabled: true
     machine1.vm.network :private_network, ip: MACHINE1_IP,
-                                          mac: MACHINE1_MAC.gsub(/[:-]/, ""),
+                                          mac: MACHINE1_MAC.gsub(/[:-]/, "").strip,
                                           adapter: 1,
                                           libvirt__network_name: "tink_network",
                                           libvirt__dhcp_enabled: false,

deploy/compose/manifests/hardware.yaml → deploy/stack/compose/manifests/hardware.yaml

@@ -2,7 +2,6 @@ apiVersion: "tinkerbell.org/v1alpha1"
 kind: Hardware
 metadata:
   name: machine1
-  namespace: default
 spec:
   disks:
     - device: $DISK_DEVICE
@@ -22,7 +21,7 @@ spec:
         hostname: machine1
         ip:
           address: $TINKERBELL_CLIENT_IP
-          # gateway: 192.168.2.1
+          gateway: $TINKERBELL_CLIENT_GW
           netmask: 255.255.255.0
         lease_time: 86400
         mac: $TINKERBELL_CLIENT_MAC

deploy/compose/manifests/template.yaml → deploy/stack/compose/manifests/template.yaml

@@ -2,7 +2,6 @@ apiVersion: "tinkerbell.org/v1alpha1"
 kind: Template
 metadata:
   name: ubuntu-focal
-  namespace: default
 spec:
   data: |
     version: "0.1"

deploy/compose/manifests/workflow.yaml → deploy/stack/compose/manifests/workflow.yaml

@@ -2,7 +2,6 @@ apiVersion: "tinkerbell.org/v1alpha1"
 kind: Workflow
 metadata:
   name: sandbox-workflow
-  namespace: default
 spec:
   templateRef: ubuntu-focal
   hardwareRef: machine1

deploy/stack/compose/postgres/.env

@@ -0,0 +1,27 @@
+# These must be defined above/before first use.
+# Use of these variables *must* be in ${} form, otherwise docker-compose won't substitute when processing this file
+vOSIE=v0.7.0
+vTINK=sha-16186501
+
+# Probably don't want to mess with these, unless you know you do
+FACILITY=onprem
+TINKERBELL_REGISTRY_PASSWORD=Admin1234
+TINKERBELL_REGISTRY_USERNAME=admin
+TINKERBELL_TLS= false
+
+# Can be set to your own hook builds
+OSIE_DOWNLOAD_URLS=https://github.com/tinkerbell/hook/releases/download/${vOSIE}/hook_x86_64.tar.gz,https://github.com/tinkerbell/hook/releases/download/${vOSIE}/hook_aarch64.tar.gz
+
+TINKERBELL_HARDWARE_MANIFEST=/manifests/hardware/hardware.json
+TINKERBELL_TEMPLATE_MANIFEST=/manifests/template/ubuntu.yaml
+
+TINKERBELL_CLIENT_IP=192.168.56.43
+TINKERBELL_CLIENT_MAC=08:00:27:9e:f5:3a
+TINKERBELL_HOST_IP=192.168.56.4
+
+# Images used by docker-compose natively or in terraform/vagrant, update if necessary
+BOOTS_IMAGE=quay.io/tinkerbell/boots:sha-505785d7
+HEGEL_IMAGE=quay.io/tinkerbell/hegel:sha-592588cf
+TINK_CLI_IMAGE=quay.io/tinkerbell/tink-cli:${vTINK}
+TINK_SERVER_IMAGE=quay.io/tinkerbell/tink:${vTINK}
+TINK_WORKER_IMAGE=quay.io/tinkerbell/tink-worker:${vTINK}

deploy/vagrant/setup.sh → deploy/stack/compose/setup.sh

@@ -79,7 +79,7 @@ create_tink_helper_script() {
 tweak_bash_interactive_settings() {
 	local compose_dir=$1
 
-	grep -q 'cd /sandbox/compose' ~vagrant/.bashrc || echo 'cd /sandbox/compose' >>~vagrant/.bashrc
+	grep -q "cd $compose_dir" ~vagrant/.bashrc || echo "cd $compose_dir" >>~vagrant/.bashrc
 	echo 'export KUBECONFIG='"$compose_dir"'/state/kube/kubeconfig.yaml' >>~vagrant/.bashrc
 	readarray -t aliases <<-EOF
 		dc="docker compose"
@@ -99,10 +99,10 @@ main() {
 	install_docker
 	install_kubectl
 
-	setup_layer2_network "$host_ip"
+	# setup_layer2_network "$host_ip"
 
 	setup_compose_env_overrides "$host_ip" "$worker_ip" "$worker_mac" "$compose_dir"
-	docker compose -f "$compose_dir"/docker-compose.yml up -d
+	docker compose --env-file "$compose_dir"/.env -f "$compose_dir"/docker-compose.yml up -d
 
 	create_tink_helper_script "$compose_dir"
 	tweak_bash_interactive_settings "$compose_dir"

deploy/stack/helm/manifests/hardware.yaml

@@ -0,0 +1,34 @@
+apiVersion: "tinkerbell.org/v1alpha1"
+kind: Hardware
+metadata:
+  name: machine1
+spec:
+  disks:
+    - device: $DISK_DEVICE
+  metadata:
+    facility:
+      facility_code: sandbox
+    instance:
+      hostname: "machine1"
+      id: "$TINKERBELL_CLIENT_MAC"
+      operating_system:
+        distro: "ubuntu"
+        os_slug: "ubuntu_20_04"
+        version: "20.04"
+  interfaces:
+    - dhcp:
+        arch: x86_64
+        hostname: machine1
+        ip:
+          address: $TINKERBELL_CLIENT_IP
+          gateway: $TINKERBELL_CLIENT_GW
+          netmask: 255.255.255.0
+        lease_time: 86400
+        mac: $TINKERBELL_CLIENT_MAC
+        name_servers:
+          - 1.1.1.1
+          - 8.8.8.8
+        uefi: false
+      netboot:
+        allowPXE: true
+        allowWorkflow: true

deploy/stack/helm/manifests/template.yaml

@@ -0,0 +1,89 @@
+apiVersion: "tinkerbell.org/v1alpha1"
+kind: Template
+metadata:
+  name: ubuntu-focal
+spec:
+  data: |
+    version: "0.1"
+    name: ubuntu_Focal
+    global_timeout: 1800
+    tasks:
+      - name: "os-installation"
+        worker: "{{.device_1}}"
+        volumes:
+          - /dev:/dev
+          - /dev/console:/dev/console
+          - /lib/firmware:/lib/firmware:ro
+        actions:
+          - name: "stream-ubuntu-image"
+            image: quay.io/tinkerbell-actions/image2disk:v1.0.0
+            timeout: 600
+            environment:
+              DEST_DISK: {{ index .Hardware.Disks 0 }}
+              IMG_URL: "http://$TINKERBELL_HOST_IP:8080/focal-server-cloudimg-amd64.raw.gz"
+              COMPRESSED: true
+          - name: "grow-partition"
+            image: quay.io/tinkerbell-actions/cexec:v1.0.0
+            timeout: 90
+            environment:
+              BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1
+              FS_TYPE: ext4
+              CHROOT: y
+              DEFAULT_INTERPRETER: "/bin/sh -c"
+              CMD_LINE: "growpart {{ index .Hardware.Disks 0 }} 1 && resize2fs {{ index .Hardware.Disks 0 }}1"
+          - name: "install-openssl"
+            image: quay.io/tinkerbell-actions/cexec:v1.0.0
+            timeout: 90
+            environment:
+              BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1
+              FS_TYPE: ext4
+              CHROOT: y
+              DEFAULT_INTERPRETER: "/bin/sh -c"
+              CMD_LINE: "apt -y update && apt -y install openssl"
+          - name: "create-user"
+            image: quay.io/tinkerbell-actions/cexec:v1.0.0
+            timeout: 90
+            environment:
+              BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1
+              FS_TYPE: ext4
+              CHROOT: y
+              DEFAULT_INTERPRETER: "/bin/sh -c"
+              CMD_LINE: "useradd -p $(openssl passwd -1 tink) -s /bin/bash -d /home/tink/ -m -G sudo tink"
+          - name: "enable-ssh"
+            image: quay.io/tinkerbell-actions/cexec:v1.0.0
+            timeout: 90
+            environment:
+              BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1
+              FS_TYPE: ext4
+              CHROOT: y
+              DEFAULT_INTERPRETER: "/bin/sh -c"
+              CMD_LINE: "ssh-keygen -A; systemctl enable ssh.service; sed -i 's/^PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config"
+          - name: "disable-apparmor"
+            image: quay.io/tinkerbell-actions/cexec:v1.0.0
+            timeout: 90
+            environment:
+              BLOCK_DEVICE: {{ index .Hardware.Disks 0 }}1
+              FS_TYPE: ext4
+              CHROOT: y
+              DEFAULT_INTERPRETER: "/bin/sh -c"
+              CMD_LINE: "systemctl disable apparmor; systemctl disable snapd"
+          - name: "write-netplan"
+            image: quay.io/tinkerbell-actions/writefile:v1.0.0
+            timeout: 90
+            environment:
+              DEST_DISK: {{ index .Hardware.Disks 0 }}1
+              FS_TYPE: ext4
+              DEST_PATH: /etc/netplan/config.yaml
+              CONTENTS: |
+                network:
+                  version: 2
+                  renderer: networkd
+                  ethernets:
+                    id0:
+                      match:
+                        name: en*
+                      dhcp4: true
+              UID: 0
+              GID: 0
+              MODE: 0644
+              DIRMODE: 0755