Merge branch 'master' into restart-bgp

control-plane/roles/headscale/README.md

@@ -11,19 +11,19 @@ If you want to rotate the API key, you need to delete the `headscale-api-key` se
 The role should take the same variables as the wrapped role, but prefixed with `headscale_db_` instead of `postgres_`.
 
 | Name                                           | Mandatory | Description                                                 |
-|------------------------------------------------|-----------|-------------------------------------------------------------|
+| ---------------------------------------------- | --------- | ----------------------------------------------------------- |
 | headscale_image_name                           | yes       | Image name of headscale                                     |
 | headscale_image_tag                            | yes       | Image version of headscale                                  |
 | headscale_db_image_name                        | yes       | Image name of headscale DB                                  |
 | headscale_db_image_tag                         | yes       | Image version of headscale DB                               |
 | headscale_db_backup_restore_sidecar_image_name | yes       | Image name of init container for headscale DB               |
 | headscale_db_backup_restore_sidecar_image_tag  | yes       | Image version of init container for headscale DB            |
-| headscale_private_key                          | yes       | Private key                                                 |
 | headscale_noise_private_key                    | yes       | Noise Protocol Private key for TS2021 compatibility         |
 | headscale_ingress_dns                          |           | Domain name                                                 |
 | headscale_namespace                            |           | The deployment's target namespace                           |
 | headscale_tls                                  |           | Enables TLS for headscale                                   |
 | headscale_ingress_annotations                  |           | Annotations that will be attached to the ingress resource   |
 | headscale_resources                            |           | The kubernetes resources for the actual headscale container |
 | headscale_api_key_expiration                   |           | The time how long the generated api key will be valid       |
-| headscale_ip_prefixes                          |           | Slice of IP Prefixes where the tunnel endpoints are created |
+| headscale_ipv4_prefix                          |           | IPv4 prefix where the tunnel endpoints are created          |
+| headscale_ipv6_prefix                          |           | IPv6 prefix where the tunnel endpoints are created          |

control-plane/roles/headscale/defaults/main/main.yaml

@@ -15,6 +15,5 @@ headscale_resources:
 
 headscale_api_key_expiration: 365d
 
-headscale_ip_prefixes:
-  - fd7a:115c:a1e0::/48
-  - 100.64.0.0/1
+headscale_ipv4_prefix: 100.64.0.0/1
+headscale_ipv6_prefix: fd7a:115c:a1e0::/48

control-plane/roles/headscale/tasks/main.yaml

@@ -13,7 +13,6 @@
       - headscale_db_image_tag is defined
       - headscale_db_backup_restore_sidecar_image_name is defined
       - headscale_db_backup_restore_sidecar_image_tag is defined
-      - headscale_private_key is defined
       - headscale_noise_private_key is defined
       - headscale_ingress_dns is not none
 

control-plane/roles/headscale/templates/headscale.yaml

@@ -11,18 +11,27 @@ data:
     listen_addr: 0.0.0.0:8080
     grpc_allow_insecure: true
     ephemeral_node_inactivity_timeout: 30m
-    private_key_path: /vol/data/private.key
     noise:
       private_key_path: /vol/data/noise_private.key
     derp:
       urls:
         - https://controlplane.tailscale.com/derpmap/default
-    ip_prefixes: {{ headscale_ip_prefixes | to_json }}
 
-    db_type: postgres
-    db_host: headscale-db
-    db_name: {{ headscale_db_db }}
-    db_user: {{ headscale_db_user }}
+    database:
+      type: postgres
+      postgres:
+        host: headscale-db
+        port: 5432
+        name: {{ headscale_db_db }}
+        user: {{ headscale_db_user }}
+
+    prefixes:
+      v4: {{ headscale_ipv4_prefix }}
+      v6: {{ headscale_ipv6_prefix }}
+
+    dns:
+      magic_dns: false
+
 ---
 apiVersion: v1
 kind: Secret
@@ -94,9 +103,7 @@ spec:
         - containerPort: 50443
           name: grpc
         env:
-        - name: HEADSCALE_DB_PORT
-          value: "5432"
-        - name: HEADSCALE_DB_PASS
+        - name: HEADSCALE_DATABASE_POSTGRES_PASS
           valueFrom:
             secretKeyRef:
               key: password

control-plane/roles/metal/README.md

@@ -54,7 +54,7 @@ You can look up all the default values of this role [here](defaults/main/main.ya
 ### metal-api
 
 | Name                                | Mandatory | Description                                                                                    |
-|-------------------------------------|-----------|------------------------------------------------------------------------------------------------|
+| ----------------------------------- | --------- | ---------------------------------------------------------------------------------------------- |
 | metal_api_replicas                  |           | The number of deployed replicas of the metal-api                                               |
 | metal_api_hpa_enabled               |           | Enables horizontal pod autoscaling for the metal-api                                           |
 | metal_api_hpa_max                   |           | Max amount of replicas for the HPA of the metal-api                                            |
@@ -85,6 +85,7 @@ You can look up all the default values of this role [here](defaults/main/main.ya
 | metal_api_ips                       |           | Creates ips (as masterdata) to the metal-api after deployment                                  |
 | metal_api_filesystemlayouts         |           | Creates filesystemlayouts to the metal-api after deployment                                    |
 | metal_api_sizeimageconstraints      |           | Creates sizeimageconstraints to the metal-api after deployment                                 |
+| metal_api_size_reservations         |           | Creates size reservations to the metal-api after deployment                                    |
 | metal_api_resources                 |           | Sets the given container resources                                                             |
 | metal_api_bmc_superuser_enabled     |           | Enables creating the BMC superuser and disabling the default one                               |
 | metal_api_bmc_superuser_pwd         |           | If enabled use this password for the new BMC superuser                                         |

control-plane/roles/metal/defaults/main/main.yaml

@@ -53,6 +53,7 @@ metal_api_networks: []
 metal_api_ips: []
 metal_api_filesystemlayouts: []
 metal_api_sizeimageconstraints: []
+metal_api_size_reservations: []
 metal_api_resources:
 metal_api_s3_enabled: false
 metal_api_s3_address:

control-plane/roles/metal/templates/metal-values.j2

@@ -160,17 +160,18 @@ metal_api:
   filesystemlayouts: |
 {% for entity in metal_api_filesystemlayouts %}
     ---
-    {#
-      Some FSL Types confuse different YAML-parsing implementations.
-      Hence we fall back to JSON to enforce quotes around literals like 8e00.
-    #}
     {{ entity | to_json | indent(width=4, first=false) }}
 {% endfor %}
   sizeimageconstraints: |
 {% for entity in metal_api_sizeimageconstraints %}
     ---
     {{ entity | to_json | indent(width=4, first=false) }}
 {% endfor %}
+  size_reservations: |
+{% for entity in metal_api_size_reservations %}
+    ---
+    {{ entity | to_json | indent(width=4, first=false) }}
+{% endfor %}
 
 masterdata_api:
   provider_tenant: {{ metal_masterdata_api_provider_tenant }}