Add bootCommands cloud-init file generation

Author: davidumea

bootstrap/kubeadm/api/v1beta1/kubeadmconfig_types.go

@@ -77,14 +77,27 @@ type KubeadmConfigSpec struct {
 	// +kubebuilder:validation:MaxItems=100
 	Mounts []MountPoints `json:"mounts,omitempty"`
 
-	// preKubeadmCommands specifies extra commands to run before kubeadm runs
+	// bootCommands specifies extra commands to run very early in the boot process via the cloud-init bootcmd
+	// module. bootcmd will run on every boot, 'cloud-init-per' command can be used to make bootcmd run exactly
+	// once. This is typically run in the cloud-init.service systemd unit. This has no effect in Ignition.
+	// +optional
+	// +kubebuilder:validation:MaxItems=1000
+	// +kubebuilder:validation:items:MinLength=1
+	// +kubebuilder:validation:items:MaxLength=10240
+	BootCommands []string `json:"bootCommands,omitempty"`
+
+	// preKubeadmCommands specifies extra commands to run before kubeadm runs.
+	// With cloud-init, this is prepended to the runcmd module configuration, and is typically executed in
+	// the cloud-final.service systemd unit. In Ignition, this is prepended to /etc/kubeadm.sh.
 	// +optional
 	// +kubebuilder:validation:MaxItems=1000
 	// +kubebuilder:validation:items:MinLength=1
 	// +kubebuilder:validation:items:MaxLength=10240
 	PreKubeadmCommands []string `json:"preKubeadmCommands,omitempty"`
 
-	// postKubeadmCommands specifies extra commands to run after kubeadm runs
+	// postKubeadmCommands specifies extra commands to run after kubeadm runs.
+	// With cloud-init, this is appended to the runcmd module configuration, and is typically executed in
+	// the cloud-final.service systemd unit. In Ignition, this is appended to /etc/kubeadm.sh.
 	// +optional
 	// +kubebuilder:validation:MaxItems=1000
 	// +kubebuilder:validation:items:MinLength=1
@@ -356,6 +369,16 @@ func (c *KubeadmConfigSpec) validateIgnition(pathPrefix *field.Path) field.Error
 		}
 	}
 
+	if c.BootCommands != nil {
+		allErrs = append(
+			allErrs,
+			field.Forbidden(
+				pathPrefix.Child("bootCommands"),
+				cannotUseWithIgnition,
+			),
+		)
+	}
+
 	if c.DiskSetup == nil {
 		return allErrs
 	}

bootstrap/kubeadm/api/v1beta1/zz_generated.deepcopy.go

@@ -0,0 +1,28 @@
+/*
+Copyright 2025 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package cloudinit
+
+const (
+	bootCommandsTemplate = `{{ define "boot_commands" -}}
+{{- if . }}
+bootcmd:{{ range . }}
+  - {{printf "%q" .}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+`
+)

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml

@@ -45,6 +45,7 @@ const (
 // BaseUserData is shared across all the various types of files written to disk.
 type BaseUserData struct {
 	Header               string
+	BootCommands         []string
 	PreKubeadmCommands   []string
 	PostKubeadmCommands  []string
 	AdditionalFiles      []bootstrapv1.File
@@ -83,6 +84,10 @@ func generate(kind string, tpl string, data interface{}) ([]byte, error) {
 		return nil, errors.Wrap(err, "failed to parse files template")
 	}
 
+	if _, err := tm.Parse(bootCommandsTemplate); err != nil {
+		return nil, errors.Wrap(err, "failed to parse boot commands template")
+	}
+
 	if _, err := tm.Parse(commandsTemplate); err != nil {
 		return nil, errors.Wrap(err, "failed to parse commands template")
 	}

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml

@@ -34,6 +34,7 @@ func TestNewInitControlPlaneAdditionalFileEncodings(t *testing.T) {
 	cpinput := &ControlPlaneInput{
 		BaseUserData: BaseUserData{
 			Header:              "test",
+			BootCommands:        nil,
 			PreKubeadmCommands:  nil,
 			PostKubeadmCommands: nil,
 			AdditionalFiles: []bootstrapv1.File{
@@ -95,8 +96,9 @@ func TestNewInitControlPlaneCommands(t *testing.T) {
 	cpinput := &ControlPlaneInput{
 		BaseUserData: BaseUserData{
 			Header:              "test",
-			PreKubeadmCommands:  []string{`"echo $(date) ': hello world!'"`},
-			PostKubeadmCommands: []string{"echo $(date) ': hello world!'"},
+			BootCommands:        []string{"echo $(date)", "echo 'hello BootCommands!'"},
+			PreKubeadmCommands:  []string{`"echo $(date) ': hello PreKubeadmCommands!'"`},
+			PostKubeadmCommands: []string{"echo $(date) ': hello PostKubeadmCommands!'"},
 			AdditionalFiles:     nil,
 			WriteFiles:          nil,
 			Users:               nil,
@@ -117,13 +119,18 @@ func TestNewInitControlPlaneCommands(t *testing.T) {
 	out, err := NewInitControlPlane(cpinput)
 	g.Expect(err).ToNot(HaveOccurred())
 
-	expectedCommands := []string{
-		`"\"echo $(date) ': hello world!'\""`,
-		`"echo $(date) ': hello world!'"`,
-	}
-	for _, f := range expectedCommands {
-		g.Expect(out).To(ContainSubstring(f))
-	}
+	expectedBootCmd := `bootcmd:
+  - "echo $(date)"
+  - "echo 'hello BootCommands!'"`
+
+	g.Expect(out).To(ContainSubstring(expectedBootCmd))
+
+	expectedRunCmd := `runcmd:
+  - "\"echo $(date) ': hello PreKubeadmCommands!'\""
+  - 'kubeadm init --config /run/kubeadm/kubeadm.yaml  && echo success > /run/cluster-api/bootstrap-success.complete'
+  - "echo $(date) ': hello PostKubeadmCommands!'"`
+
+	g.Expect(out).To(ContainSubstring(expectedRunCmd))
 }
 
 func TestNewInitControlPlaneDiskMounts(t *testing.T) {
@@ -132,6 +139,7 @@ func TestNewInitControlPlaneDiskMounts(t *testing.T) {
 	cpinput := &ControlPlaneInput{
 		BaseUserData: BaseUserData{
 			Header:              "test",
+			BootCommands:        nil,
 			PreKubeadmCommands:  nil,
 			PostKubeadmCommands: nil,
 			WriteFiles:          nil,
@@ -194,6 +202,7 @@ func TestNewJoinControlPlaneAdditionalFileEncodings(t *testing.T) {
 
 	cpinput := &ControlPlaneJoinInput{
 		BaseUserData: BaseUserData{
+			BootCommands:        nil,
 			Header:              "test",
 			PreKubeadmCommands:  nil,
 			PostKubeadmCommands: nil,
@@ -247,6 +256,7 @@ func TestNewJoinControlPlaneExperimentalRetry(t *testing.T) {
 	cpinput := &ControlPlaneJoinInput{
 		BaseUserData: BaseUserData{
 			Header:               "test",
+			BootCommands:         nil,
 			PreKubeadmCommands:   nil,
 			PostKubeadmCommands:  nil,
 			UseExperimentalRetry: true,
@@ -315,3 +325,79 @@ func Test_useKubeadmBootstrapScriptPre1_31(t *testing.T) {
 		})
 	}
 }
+
+func TestNewJoinControlPlaneCommands(t *testing.T) {
+	g := NewWithT(t)
+
+	cpinput := &ControlPlaneJoinInput{
+		BaseUserData: BaseUserData{
+			Header:              "test",
+			BootCommands:        []string{"echo $(date)", "echo 'hello BootCommands!'"},
+			PreKubeadmCommands:  []string{`"echo $(date) ': hello PreKubeadmCommands!'"`},
+			PostKubeadmCommands: []string{"echo $(date) ': hello PostKubeadmCommands!'"},
+			AdditionalFiles:     nil,
+			WriteFiles:          nil,
+			Users:               nil,
+			NTP:                 nil,
+		},
+		Certificates:      secret.Certificates{},
+		JoinConfiguration: "my-join-config",
+	}
+
+	for _, certificate := range cpinput.Certificates {
+		certificate.KeyPair = &certs.KeyPair{
+			Cert: []byte("some certificate"),
+			Key:  []byte("some key"),
+		}
+	}
+
+	out, err := NewJoinControlPlane(cpinput)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	expectedBootCmd := `bootcmd:
+  - "echo $(date)"
+  - "echo 'hello BootCommands!'"`
+
+	g.Expect(out).To(ContainSubstring(expectedBootCmd))
+
+	expectedRunCmd := `runcmd:
+  - "\"echo $(date) ': hello PreKubeadmCommands!'\""
+  - kubeadm join --config /run/kubeadm/kubeadm-join-config.yaml  && echo success > /run/cluster-api/bootstrap-success.complete
+  - "echo $(date) ': hello PostKubeadmCommands!'"`
+
+	g.Expect(out).To(ContainSubstring(expectedRunCmd))
+}
+
+func TestNewJoinNodeCommands(t *testing.T) {
+	g := NewWithT(t)
+
+	nodeinput := &NodeInput{
+		BaseUserData: BaseUserData{
+			Header:              "test",
+			BootCommands:        []string{"echo $(date)", "echo 'hello BootCommands!'"},
+			PreKubeadmCommands:  []string{`"echo $(date) ': hello PreKubeadmCommands!'"`},
+			PostKubeadmCommands: []string{"echo $(date) ': hello PostKubeadmCommands!'"},
+			AdditionalFiles:     nil,
+			WriteFiles:          nil,
+			Users:               nil,
+			NTP:                 nil,
+		},
+		JoinConfiguration: "my-join-config",
+	}
+
+	out, err := NewNode(nodeinput)
+	g.Expect(err).ToNot(HaveOccurred())
+
+	expectedBootCmd := `bootcmd:
+  - "echo $(date)"
+  - "echo 'hello BootCommands!'"`
+
+	g.Expect(out).To(ContainSubstring(expectedBootCmd))
+
+	expectedRunCmd := `runcmd:
+  - "\"echo $(date) ': hello PreKubeadmCommands!'\""
+  - kubeadm join --config /run/kubeadm/kubeadm-join-config.yaml  && echo success > /run/cluster-api/bootstrap-success.complete
+  - "echo $(date) ': hello PostKubeadmCommands!'"`
+
+	g.Expect(out).To(ContainSubstring(expectedRunCmd))
+}

bootstrap/kubeadm/internal/cloudinit/boot_commands.go

@@ -35,6 +35,7 @@ const (
     owner: root:root
     permissions: '0640'
     content: "This placeholder file is used to create the /run/cluster-api sub directory in a way that is compatible with both Linux and Windows (mkdir -p /run/cluster-api does not work with Windows)"
+{{- template "boot_commands" .BootCommands }}
 runcmd:
 {{- template "commands" .PreKubeadmCommands }}
   - 'kubeadm init --config /run/kubeadm/kubeadm.yaml {{.KubeadmVerbosity}} && {{ .SentinelFileCommand }}'

bootstrap/kubeadm/internal/cloudinit/cloudinit.go

@@ -34,6 +34,7 @@ const (
     owner: root:root
     permissions: '0640'
     content: "This placeholder file is used to create the /run/cluster-api sub directory in a way that is compatible with both Linux and Windows (mkdir -p /run/cluster-api does not work with Windows)"
+{{- template "boot_commands" .BootCommands }}
 runcmd:
 {{- template "commands" .PreKubeadmCommands }}
   - {{ .KubeadmCommand }} && {{ .SentinelFileCommand }}

bootstrap/kubeadm/internal/cloudinit/cloudinit_test.go

@@ -29,6 +29,7 @@ const (
     owner: root:root
     permissions: '0640'
     content: "This placeholder file is used to create the /run/cluster-api sub directory in a way that is compatible with both Linux and Windows (mkdir -p /run/cluster-api does not work with Windows)"
+{{- template "boot_commands" .BootCommands }}
 runcmd:
 {{- template "commands" .PreKubeadmCommands }}
   - {{ .KubeadmCommand }} && {{ .SentinelFileCommand }}