Enhanced node reconciliation by automating maintenance CR lifecycle (#157)

* Node maintenance controller

* Node maintenance finalizer

* Local environment

* go mod tidy

* Changes motivated by code review

* ServerMaintenance managed-by label

* Check for ServerMaintenance owner before CreateOrPatch()

* Delete ServerMaintenance even if ServerClaim not found

* Refactor providerID logic + switch to komega in tests

* metal operator v0.4.0

Author: anton-paulovich

.gitignore

@@ -25,3 +25,10 @@ vendor
 *.swo
 *~
 dev/
+
+.tiltbuild
+
+# kind configs
+config/kind/mgmt-kubeconfig-external
+config/kind/mgmt-kubeconfig-internal
+config/kind/worker-kubeconfig

Makefile

@@ -67,6 +67,21 @@ check-license: addlicense ## Check that every file has a license header present.
 
 check: add-license lint test
 
+.PHONY: kind-setup
+kind-setup:
+	kind create cluster --name mgmt
+	kind create cluster --name worker
+
+.PHONY: export-kubeconfig
+export-kubeconfig:
+	kind get kubeconfig --name mgmt > ./config/kind/mgmt-kubeconfig-external # for applying crds to mgmt cluster via tilt
+	kind get kubeconfig --name mgmt --internal > ./config/kind/mgmt-kubeconfig-internal # for ccm config (it needs access to mgmt cluster)
+	kind get kubeconfig --name worker > ./config/kind/worker-kubeconfig # for applying crds to worker cluster via tilt
+
+.PHONY: tilt-up
+tilt-up: kind-setup export-kubeconfig
+	KUBECONFIG=./config/kind/mgmt-kubeconfig:./config/kind/worker-kubeconfig tilt up
+
 ##@ Build
 
 .PHONY: build
@@ -78,7 +93,7 @@ run: fmt vet ## Run a metal cloud controller from your host.
 	go run ./cmd/metal-cloud-controller-manager/main.go
 
 .PHONY: docker-build
-docker-build: test ## Build docker image with the metal cloud controller.
+docker-build: ## Build docker image with the metal cloud controller.
 	$(CONTAINER_TOOL) build -t ${CONTROLLER_IMG} .
 
 .PHONY: docker-push

Tiltfile

@@ -0,0 +1,54 @@
+allow_k8s_contexts(['kind-mgmt', 'kind-worker'])
+
+mgmt_ctx = 'kind-mgmt'
+worker_ctx = 'kind-worker'
+
+mgmt_kubeconfig = './config/kind/mgmt-kubeconfig-external'
+worker_kubeconfig = './config/kind/worker-kubeconfig'
+
+def mgmt_kubectl(args):
+    return local('kubectl --kubeconfig=' + mgmt_kubeconfig + ' --context=' + mgmt_ctx + ' ' + args)
+
+def worker_kubectl(args):
+    return local('kubectl --kubeconfig=' + worker_kubeconfig + ' --context=' + worker_ctx + ' ' + args)
+
+METAL_OPERATOR_REF = "v0.4.0"
+mgmt_kubectl('apply -f https://raw.githubusercontent.com/ironcore-dev/metal-operator/' + METAL_OPERATOR_REF + '/config/crd/bases/metal.ironcore.dev_serverclaims.yaml')
+mgmt_kubectl('apply -f https://raw.githubusercontent.com/ironcore-dev/metal-operator/' + METAL_OPERATOR_REF + '/config/crd/bases/metal.ironcore.dev_servermaintenances.yaml')
+mgmt_kubectl('apply -f https://raw.githubusercontent.com/ironcore-dev/metal-operator/' + METAL_OPERATOR_REF + '/config/crd/bases/metal.ironcore.dev_servers.yaml')
+mgmt_kubectl('wait --for=condition=Established --timeout=60s crd/serverclaims.metal.ironcore.dev')
+mgmt_kubectl('wait --for=condition=Established --timeout=60s crd/servermaintenances.metal.ironcore.dev')
+mgmt_kubectl('wait --for=condition=Established --timeout=60s crd/servers.metal.ironcore.dev')
+mgmt_kubectl('apply -f config/kind/crs/server.yaml')
+mgmt_kubectl('apply -f config/kind/crs/serverclaim.yaml')
+
+worker_kubectl('apply -k config/kind') # kustomize
+worker_kubectl('apply -f config/kind/crs/node.yaml')
+
+local_resource(
+    "manager-binary",
+    cmd = 'mkdir -p .tiltbuild; CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o .tiltbuild/manager ./cmd/metal-cloud-controller-manager/main.go',
+    deps = ["pkg", "cmd", "go.mod", "go.sum"]
+)
+
+docker_build(
+    ref = "controller",
+    context = "./.tiltbuild/",
+    dockerfile_contents = """
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY manager /metal-cloud-controller-manager
+USER 65532:65532
+ENTRYPOINT ["/metal-cloud-controller-manager"]
+""",
+    only = "manager"
+)
+
+k8s_yaml(kustomize('config/kind'))
+
+k8s_resource(
+    'cloud-controller-manager',
+    labels=['CCM'],
+    port_forwards='10258:10258',
+    extra_pod_selectors=[{'app.kubernetes.io/name': 'cloud-controller-manager'}]
+)

Tiltfile.license

@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2026 SAP SE
+
+SPDX-License-Identifier: Apache-2.0

config/kind/cloud-config.yaml

@@ -0,0 +1,6 @@
+clusterName: kind-ccm
+networking:
+  configureNodeAddresses: true
+  ipamKind:
+    apiGroup: metal.ironcore.dev
+    kind: ServerClaim

config/kind/crs/node.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Node
+metadata:
+  name: metal-node-1
+  labels:
+    kubernetes.io/hostname: metal-node-1
+spec:
+  providerID: metal://default/server-1

config/kind/crs/server.yaml

@@ -0,0 +1,6 @@
+apiVersion: metal.ironcore.dev/v1alpha1
+kind: Server
+metadata:
+  name: physical-server-1
+spec:
+  systemUUID: "some-uuid"

config/kind/crs/serverclaim.yaml

@@ -0,0 +1,13 @@
+apiVersion: metal.ironcore.dev/v1alpha1
+kind: ServerClaim
+metadata:
+  name: server-1
+  namespace: default
+spec:
+  image: "test-image"
+  power: "On"
+  serverRef:
+    name: physical-server-1
+  serverSelector:
+    matchLabels:
+      machine: "true"

config/kind/kustomization.yaml

@@ -0,0 +1,22 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kube-system
+
+resources:
+  - ../default
+
+patches:
+  - target:
+      kind: Deployment
+      name: manager
+    path: manager-patch.yaml
+
+secretGenerator:
+  - name: metal-cloud-config
+    namespace: kube-system
+    files:
+      - cloud-config=cloud-config.yaml
+      - kubeconfig=mgmt-kubeconfig-internal
+
+generatorOptions:
+  disableNameSuffixHash: true

config/kind/manager-patch.yaml

@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: manager
+spec:
+  strategy:
+    type: Recreate
+  template:
+    spec:
+      containers:
+        - name: manager
+          image: controller
+          imagePullPolicy: IfNotPresent
+          args:
+            - --cloud-provider=metal
+            - --cloud-config=/etc/kubernetes/cloud-config/cloud-config
+            - --metal-kubeconfig=/etc/kubernetes/cloud-config/kubeconfig
+            - --concurrent-service-syncs=10
+            - --leader-elect=false
+            - --secure-port=10258
+            - --v=2
+          volumeMounts:
+            - mountPath: /etc/kubernetes/cloud-config
+              name: cloud-config
+              readOnly: true
+      volumes:
+        - name: cloud-config
+          secret:
+            secretName: metal-cloud-config