uyuni-project
diff --git a/‎containers/proxy-helm/README.md‎
Lines changed: 5 additions & 2 deletions b/‎containers/proxy-helm/README.md‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎containers/proxy-helm/templates/deployment.yaml‎
Lines changed: 0 additions & 11 deletions b/‎containers/proxy-helm/templates/deployment.yaml‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎containers/proxy-helm/templates/k3s-ingress-routes.yaml‎
Lines changed: 0 additions & 18 deletions b/‎containers/proxy-helm/templates/k3s-ingress-routes.yaml‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎containers/proxy-helm/templates/services.yaml‎
Lines changed: 7 additions & 3 deletions b/‎containers/proxy-helm/templates/services.yaml‎
Lines changed: 7 additions & 3 deletions
diff --git a/‎containers/proxy-helm/templates/tftp.yaml‎
Lines changed: 58 additions & 0 deletions b/‎containers/proxy-helm/templates/tftp.yaml‎
Lines changed: 58 additions & 0 deletions
diff --git a/‎containers/proxy-helm/tests/deployment_test.yaml‎
Lines changed: 0 additions & 19 deletions b/‎containers/proxy-helm/tests/deployment_test.yaml‎
Lines changed: 0 additions & 19 deletions
diff --git a/‎containers/proxy-helm/tests/services_test.yaml‎
Lines changed: 24 additions & 35 deletions b/‎containers/proxy-helm/tests/services_test.yaml‎
Lines changed: 24 additions & 35 deletions
diff --git a/‎containers/proxy-helm/tests/tftp_test.yaml‎
Lines changed: 110 additions & 0 deletions b/‎containers/proxy-helm/tests/tftp_test.yaml‎
Lines changed: 110 additions & 0 deletions
@@ -28,7 +28,7 @@ See the [requirements documentation](https://www.uyuni-project.org/uyuni-docs/en
 
 ### Exposing ports
 
-Uyuni proxy requires some TCP and UDP ports to be routed to its services.
+Uyuni proxy requires some TCP ports to be routed to its services.
 Here is a list of the ports to map:
 
 
@@ -37,9 +37,12 @@ Here is a list of the ports to map:
 | TCP      | 8022  | ssh          | 8022         |
 | TCP      | 4505  | salt         | 4505         |
 | TCP      | 4506  | salt         | 4506         |
-| UDP      | 69    | tftp         | 69           |
 
 
+Exposing the `tftp` service has to be done differently due to the way TFTP protocol is working.
+Either use the host network using the `tftp.hostnetwork` value or configure a load balancer for the `tftp` service.
+Note that not all load balancers will work: `serviceLB` implementation is not compatible with TFTP protocol, while MetalLB works.
+
 ## Usage
 
 Once installed, systems can be connected the to proxy.
 
@@ -106,17 +106,6 @@ spec:
             readOnly: true
           ports:
             - containerPort: 22
-
-        - name: tftpd
-          image: {{ include "uyuni.image" (dict "name" "proxy-tftpd" "global" . "local" .Values.tftpd) }}
-          imagePullPolicy: "{{ .Values.pullPolicy }}"
-          volumeMounts:
-          - name: tftpd-volume
-            mountPath: /etc/uyuni/
-            readOnly: true
-          ports:
-            - containerPort: 69
-              protocol: UDP
       volumes:
         - name: httpd-volume
           projected:
 
@@ -55,23 +55,5 @@ spec:
       services:
       - name: salt
         port: 4506
----
-apiVersion: traefik.io/v1alpha1
-kind: IngressRouteUDP
-metadata:
-  name: tftp-router
-  namespace: "{{ .Release.Namespace }}"
-  labels:
-    app.kubernetes.io/component: proxy
-    app.kubernetes.io/part-of: uyuni
-  annotations:
-    kubernetes.io/ingress.class: traefik
-spec:
-  entryPoints:
-    - tftp
-  routes:
-    - services:
-      - name: tftp
-        port: 69
 {{- end }}
 
@@ -80,6 +80,7 @@ spec:
 {{- if eq .Values.services.type "NodePort" }}
       nodePort: {{ .Values.ssh.ports.ssh }}
 {{- end }}
+{{- if not .Values.tftp.hostNetwork }}
 ---
 apiVersion: v1
 kind: Service
@@ -97,11 +98,14 @@ spec:
   selector:
     app.kubernetes.io/component: proxy
     app.kubernetes.io/part-of: uyuni
-  type: {{ .Values.services.type }}
+  # ClusterIP or NodePort wouldn't work for TFTP if not using the host network
+  type: LoadBalancer
+  # Ensures all packets from a single client go to the same pod
+  sessionAffinity: ClientIP
+  # Preserves the client's source IP and avoids extra hops between nodes
+  externalTrafficPolicy: Local
   ports:
     - name: tftp
       port: 69
       protocol: UDP
-{{- if eq .Values.services.type "NodePort" }}
-      nodePort: {{ .Values.tftpd.ports.tftp }}
 {{- end }}
@@ -0,0 +1,58 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: uyuni-proxy-tftp
+  namespace: "{{ .Release.Namespace }}"
+  labels:
+    app.kubernetes.io/component: proxy-tftp
+    app.kubernetes.io/part-of: uyuni
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/component: proxy-tftp
+      app.kubernetes.io/part-of: uyuni
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: proxy-tftp
+        app.kubernetes.io/part-of: uyuni
+    spec:
+{{- if .Values.registrySecret }}
+      imagePullSecrets:
+        - name: {{ .Values.registrySecret }}
+{{- end }}
+{{- if .Values.tftp.hostNetwork }}
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+{{- end }}
+      containers:
+        - name: tftpd
+          image: {{ include "uyuni.image" (dict "name" "shared-tftpd" "global" . "local" .Values.tftp) }}
+          imagePullPolicy: "{{ .Values.pullPolicy }}"
+          command:
+            - /usr/bin/tftp_wrapper.py
+            - --httpHost
+            - web.{{ .Release.Namespace }}.svc
+          volumeMounts:
+          - name: tftpd-volume
+            mountPath: /etc/uyuni/
+            readOnly: true
+          ports:
+            - containerPort: 69
+              protocol: UDP
+      volumes:
+        - name: tftpd-volume
+          projected:
+            sources:
+              - configMap:
+                  name: proxy-configmap
+                  items:
+                    - key: config.yaml
+                      path: config.yaml
+              - configMap:
+                  name: uyuni-ca
+                  items:
+                    - key: ca.crt
+                      path: ca.crt
+                      mode: 420
@@ -66,13 +66,6 @@ tests:
             name: ssh
             image: registry.opensuse.org/uyuni/proxy-ssh:latest
             imagePullPolicy: Always
-      - contains:
-          path: spec.template.spec.containers
-          any: true
-          content:
-            name: tftpd
-            image: registry.opensuse.org/uyuni/proxy-tftpd:latest
-            imagePullPolicy: Always
 
       # Verify registrySecret is not present by default
       - notExists:
@@ -134,13 +127,6 @@ tests:
             image: my.custom.registry/uyuni/proxy-ssh:5.2.3
             imagePullPolicy: IfNotPresent
           any: true
-      - contains:
-          path: spec.template.spec.containers
-          content:
-            name: tftpd
-            image: my.custom.registry/uyuni/proxy-tftpd:5.2.3
-            imagePullPolicy: IfNotPresent
-          any: true
 
   - it: should use component-specific overrides for all containers
     set:
@@ -156,7 +142,6 @@ tests:
       salt:  { image: "custom/salt", tag: "v2" }
       squid: { image: "custom/squid", tag: "v3" }
       ssh:   { image: "custom/ssh", tag: "v4" }
-      tftpd: { image: "custom/tftp", tag: "v5" }
     asserts:
       # Check that local image + local tag overrides work for all
       - contains:
@@ -183,10 +168,6 @@ tests:
           path: spec.template.spec.containers
           content: { name: ssh, image: "custom/ssh:v4" }
           any: true
-      - contains:
-          path: spec.template.spec.containers
-          content: { name: tftpd, image: "custom/tftp:v5" }
-          any: true
 
   - it: should include imagePullSecrets when registrySecret is provided
     set:
 
@@ -2,7 +2,7 @@ suite: test global values parsing
 templates:
   - templates/services.yaml
 tests:
-  - it: should create services with ClusterIP by default
+  - it: should create services with ClusterIP by default except for tftp
     set:
       global.config: |
         max_cache_size_mb: 2048
@@ -155,7 +155,7 @@ tests:
 
       - equal:
           path: spec.type
-          value: ClusterIP
+          value: LoadBalancer
         documentSelector:
           path: metadata.name
           value: tftp
@@ -275,19 +275,7 @@ tests:
       # tftp service checks
       - equal:
           path: spec.type
-          value: NodePort
-        documentSelector:
-          path: metadata.name
-          value: tftp
-
-      - contains:
-          path: spec.ports
-          content:
-            name: tftp
-            port: 69
-            nodePort: 30069
-            protocol: UDP
-          any: true
+          value: LoadBalancer
         documentSelector:
           path: metadata.name
           value: tftp
@@ -398,26 +386,6 @@ tests:
           path: metadata.name
           value: ssh
 
-      # tftp service checks
-      - equal:
-          path: spec.type
-          value: NodePort
-        documentSelector:
-          path: metadata.name
-          value: tftp
-
-      - contains:
-          path: spec.ports
-          content:
-            name: tftp
-            port: 69
-            nodePort: 10069
-            protocol: UDP
-          any: true
-        documentSelector:
-          path: metadata.name
-          value: tftp
-
   - it: should create services with custom annotations
     set:
       global.config: |
@@ -472,3 +440,24 @@ tests:
         documentSelector:
           path: metadata.name
           value: tftp
+
+  - it: should not create TFTP service with hostNetwork
+    set:
+      global.config: |
+        max_cache_size_mb: 2048
+        server: parent.example.org
+        proxy_fqdn: proxy.example.org
+        email: foo@example.org
+        log_level: 2
+      global.httpd: "httpd_content: test httpd"
+      global.ssh: "ssh_content: test ssh"
+      tftp:
+        hostNetwork: true
+    asserts:
+      # tftp service checks
+      - hasDocuments:
+          count: 0
+        documentSelector:
+          path: metadata.name
+          value: tftp
+          skipEmptyTemplates: true
@@ -0,0 +1,110 @@
+suite: test TFTP deployment
+templates:
+  - templates/tftp.yaml
+tests:
+  - it: should create the tftp deployment with default image
+    set:
+      global.config: |
+        max_cache_size_mb: 2048
+        server: parent.example.org
+        proxy_fqdn: proxy.example.org
+        email: foo@example.org
+        log_level: 2
+      global.httpd: "httpd_content: test httpd"
+      global.ssh: "ssh_content: test ssh"
+    release:
+      namespace: proxy1
+    asserts:
+      - containsDocument:
+          kind: Deployment
+          apiVersion: apps/v1
+          name: uyuni-proxy-tftp
+          namespace: proxy1
+
+      - contains:
+          path: spec.template.spec.containers
+          any: true
+          content:
+            name: tftpd
+            image: registry.opensuse.org/uyuni/shared-tftpd:latest
+            imagePullPolicy: Always
+            command:
+            - /usr/bin/tftp_wrapper.py
+            - --httpHost
+            - web.proxy1.svc
+
+  - it: should use top-level repository, tag and pullPolicy
+    set:
+      global.config: |
+        max_cache_size_mb: 2048
+        server: parent.example.org
+        proxy_fqdn: proxy.example.org
+        email: foo@example.org
+        log_level: 2
+      global.httpd: "httpd_content: test httpd"
+      global.ssh: "ssh_content: test ssh"
+      repository: my.custom.registry/uyuni
+      tag: 5.2.3
+      pullPolicy: IfNotPresent
+    asserts:
+      - contains:
+          path: spec.template.spec.containers
+          content:
+            name: tftpd
+            image: my.custom.registry/uyuni/shared-tftpd:5.2.3
+            imagePullPolicy: IfNotPresent
+          any: true
+
+  - it: should use component-specific overrides
+    set:
+      global.config: |
+        max_cache_size_mb: 2048
+        server: parent.example.org
+        proxy_fqdn: proxy.example.org
+        email: foo@example.org
+        log_level: 2
+      global.httpd: "httpd_content: test httpd"
+      global.ssh: "ssh_content: test ssh"
+      tftp: { image: "custom/tftp", tag: "v5" }
+    asserts:
+      - contains:
+          path: spec.template.spec.containers
+          content: { name: tftpd, image: "custom/tftp:v5" }
+          any: true
+
+  - it: should include imagePullSecrets when registrySecret is provided
+    set:
+      global.config: |
+        max_cache_size_mb: 2048
+        server: parent.example.org
+        proxy_fqdn: proxy.example.org
+        email: foo@example.org
+        log_level: 2
+      global.httpd: "httpd_content: test httpd"
+      global.ssh: "ssh_content: test ssh"
+      registrySecret: "my-registry-key"
+    asserts:
+      - equal:
+          path: spec.template.spec.imagePullSecrets[0].name
+          value: "my-registry-key"
+
+  - it: should set hostNetwork when requested
+    set:
+      global.config: |
+        max_cache_size_mb: 2048
+        server: parent.example.org
+        proxy_fqdn: proxy.example.org
+        email: foo@example.org
+        log_level: 2
+      global.httpd: "httpd_content: test httpd"
+      global.ssh: "ssh_content: test ssh"
+      tftp:
+        hostNetwork: true
+    asserts:
+      - equal:
+          path: spec.template.spec.hostNetwork
+          value: true
+
+      - equal:
+          path: spec.template.spec.dnsPolicy
+          value: ClusterFirstWithHostNet