Update CAPT playground#222
Open
jacobweinstock wants to merge 5 commits intotinkerbell:mainfrom
Open
Conversation
jacobweinstock
force-pushed
the
big-update
branch
3 times, most recently
from
a58f04f to
2a75e1d
Compare
There was a problem hiding this comment.
Pull request overview
This PR modernizes the CAPT playground by replacing the old shell/template rendering pipeline with CUE-driven generation, bumping the playground to newer CAPT/Tinkerbell/Kubernetes inputs, and adding optional external-Tinkerbell and registry-mirror support. In the broader codebase, it shifts the playground toward declarative rendering and self-managed local tooling instead of handwritten scripts and static templates.
Changes:
- Replace envsubst/shell-based state and manifest generation with CUE packages for state, clusterctl config, infra resources, and CAPI workload manifests.
- Add local pinned tool installation, optional registry-mirror rendering, and support for hosting Tinkerbell in a separate KinD cluster.
- Update playground defaults, docs, and supporting task flows while removing obsolete templates/scripts.
Reviewed changes
Copilot reviewed 42 out of 43 changed files in this pull request and generated 11 comments.
Show a summary per file
| File | Description |
|---|---|
stack/vagrant/template.yaml |
Updates the sample workflow handoff image/mounts for the vagrant stack. |
stack/vagrant/setup.sh |
Minor formatting cleanup in the vagrant Helm install helper. |
capt/templates/kustomization-netboot.tmpl |
Deleted legacy netboot kustomize template in favor of CUE rendering. |
capt/templates/kustomization-iso.tmpl |
Deleted legacy isoboot kustomize template in favor of CUE rendering. |
capt/templates/hardware.tmpl |
Deleted legacy Hardware CR template replaced by cue/infra. |
capt/templates/clusterctl.tmpl |
Deleted legacy clusterctl template replaced by cue/clusterctl. |
capt/templates/bmc-secret.tmpl |
Deleted legacy BMC Secret template replaced by cue/infra. |
capt/templates/bmc-machine.tmpl |
Deleted legacy BMC Machine template replaced by cue/infra. |
capt/tasks/Taskfile-vbmc.yaml |
Moves vbmc-generated artifacts into output and updates shell quoting. |
capt/tasks/Taskfile-tools.yaml |
Adds pinned local binary install tasks for cue/helm/kind/clusterctl/kubectl/yq. |
capt/tasks/Taskfile-mirror.yaml |
Adds optional registry-mirror rendering for kind config and certs.d files. |
capt/tasks/Taskfile-delete.yaml |
Expands delete flow for external Tinkerbell and output-based cleanup. |
capt/tasks/Taskfile-create.yaml |
Reworks create flow around CUE renders, external Tinkerbell, and mirror support. |
capt/tasks/Taskfile-capi.yaml |
Replaces clusterctl/kustomize generation with CUE-backed manifest rendering. |
capt/tasks/Taskfile-capi-pivot.yaml |
Adjusts pivot flow paths/quoting to match new output and tooling layout. |
capt/scripts/update_state.sh |
Deleted legacy state mutation script replaced by cue/state. |
capt/scripts/generate_state.sh |
Deleted legacy state generator replaced by cue/state. |
capt/scripts/generate_secret.sh |
Deleted legacy Secret generator replaced by cue/infra. |
capt/scripts/generate_hardware.sh |
Deleted legacy Hardware generator replaced by cue/infra. |
capt/scripts/generate_bmc.sh |
Deleted legacy BMC generator replaced by cue/infra. |
capt/scripts/create_external_kubeconfig_secret.sh |
Adds helper for external-Tinkerbell kubeconfig Secret creation. |
capt/cue/values/values.cue |
Defines shared rendered-input schema and computed values. |
capt/cue/values/mirror_extension.cue |
Extends shared values schema with optional registry-mirror settings. |
capt/cue/state/state.cue |
Introduces CUE-based .state rendering and computed defaults. |
capt/cue/state/mirror_extension.cue |
Adds mirror-aware rewrites for host-side pulled images in state output. |
capt/cue/mirror/schema.cue |
Defines the registry-mirror feature schema. |
capt/cue/mirror/rewrite.cue |
Implements mirror host prefix rewriting for selected image URLs. |
capt/cue/mirror/files.cue |
Renders containerd mirror hosts.toml content for kind and workload nodes. |
capt/cue/kind/kind.cue |
Renders kind config used when registry mirroring is enabled. |
capt/cue/infra/render.cue |
Provides the infra render entrypoints used by Taskfiles. |
capt/cue/infra/hardware.cue |
Renders Hardware CRs from .state data. |
capt/cue/infra/bmc.cue |
Renders BMC Machine CRs and shared credential Secret. |
capt/cue/clusterctl/clusterctl.cue |
Renders clusterctl provider config from CUE. |
capt/cue/capi/workflow.cue |
Defines the workflow templateOverride rendered into TinkerbellMachineTemplates. |
capt/cue/capi/resources.cue |
Composes Cluster/CAPT/CAPI resource objects for the playground. |
capt/cue/capi/render.cue |
Marshals the rendered CAPI resources into multi-document YAML. |
capt/cue/capi/bootmode.cue |
Encodes boot-mode-specific boot options and extra workflow actions. |
capt/cue.mod/module.cue |
Adds the CUE module declaration/version for the new render pipeline. |
capt/config.yaml |
Updates default playground versions/config and adds mirror/external-Tinkerbell knobs. |
capt/Taskfile.yaml |
Adds local tool bootstrap, PATH management, SSH key generation, and CUE state rendering. |
capt/README.md |
Documents new binary-install flow and external Tinkerbell mode. |
capt/.env |
Enables Task env-precedence behavior needed for the local ./bin toolchain. |
.gitignore |
Ignores new generated tool and validation artifacts. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 43 out of 44 changed files in this pull request and generated 12 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
jacobweinstock
force-pushed
the
big-update
branch
3 times, most recently
from
a640d43 to
1a2a425
Compare
jacobweinstock
force-pushed
the
big-update
branch
2 times, most recently
from
108f406 to
95a08b6
Compare
jacobweinstock
force-pushed
the
big-update
branch
6 times, most recently
from
8ddc22c to
f62d418
Compare
Replaces the shell-template + bash glue under capt/ with a CUE-based
renderer:
- cue/state, cue/values, cue/capi, cue/infra, cue/clusterctl, cue/kind
own all generated YAML (kind config, CAPI manifests, Hardware/BMC,
clusterctl config). config.yaml is the only file users edit.
- cue/mirror adds an opt-in pull-through OCI registry mirror with
containerd hosts.toml drop-ins for both kind and workload nodes.
- Taskfile is split into focused includes (create, delete, helm, capi,
capi-pivot, vbmc, mirror, tools) with task-level set: errexit/nounset/
pipefail, sources/generates/status guards, and pinned tool versions.
- templates/*.tmpl and scripts/generate_*.sh are removed; their output
is produced by CUE.
Also adds a Ginkgo-based e2e suite under capt/e2e/:
- cue/matrix.cue defines an 8-combo matrix (topology x mirror x bootmode).
- run.sh orchestrates per-combo render -> create -> validate -> delete.
- test/ holds the Ginkgo specs (workflow success, API server reachable,
CNI deploy, nodes Ready) with helpers parameterised on kubeconfig
paths and an E2EConfig YAML.
- Pass vbmc password via stdin (htpasswd -i) instead of argv so it does not appear in ps/docker ps --no-trunc output. - Drop package-level context.TODO() in the e2e suite; thread Ginkgo SpecContext into helpers and add per-spec SpecTimeout bounds so a hung kubectl is killed via context cancellation. - Run 'cue vet ./cue/state' inside the generate-state task so schema errors surface with line numbers before cue export. - Lift _workflowYAML to package scope in cue/capi/resources.cue so yaml.Marshal(_workflow) is evaluated eagerly during cue vet, not only at TMT materialisation time. Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
- Close inner structs in cue/values/#Config (versions, capt, chart, os, vm, virtualBMC, captainos, kind, tinkerbell, cluster) so a field-name typo fails cue vet instead of flowing through silently. Top-level remains open so the mirror_extension.cue additive pattern still works. - Add cue/wiring/wiring.cue: a leaf package that imports each piece of the optional registry-mirror feature (cue/mirror, both *_extension.cue files) so partial removal trips cue vet ./cue/... - Document the magic max-uint32-1 lease_time in cue/infra/hardware.cue. - e2e/run.sh: replace 'task delete-playground || true' with logged exit-code wrappers; add a loud --no-teardown banner so users know resources are intentionally leaking after a test run. Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
- Add 'Running E2E Tests' and 'How CUE renders the playground' sections to capt/README.md covering run.sh flags, env-driven ginkgo invocation, and the cue/* package layout. - Drop the now-stale 'Replaces templates/*.tmpl' comment in cue/infra/bmc.cue (the template files no longer exist on this branch). Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
jacobweinstock
force-pushed
the
big-update
branch
6 times, most recently
from
d497b60 to
0ecf37e
Compare
Signed-off-by: Jacob Weinstock <jakobweinstock@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Update all versions. Move to using cue for all file creation. Add external Tinkerbell and start building a registry mirror option.
Fixes: #
How Has This Been Tested?
How are existing users impacted? What migration steps/scripts do we need?
Checklist:
I have: