** Add the bootstrap ignition component to the capg installation

** create a bucket
** create a signed url
** during a user provisioned dns configuration, edit the ignition data and add the updated/edited data to the ignition data.
** set the url to point to the ignition stub.

Author: barbacbd

pkg/asset/ignition/bootstrap/gcp/storage.go

@@ -0,0 +1,131 @@
+package gcp
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"cloud.google.com/go/storage"
+	"google.golang.org/api/option"
+
+	"github.com/openshift/installer/pkg/asset/installconfig"
+	gcpic "github.com/openshift/installer/pkg/asset/installconfig/gcp"
+)
+
+const (
+	bootstrapIgnitionBucketObjName = "bootstrap.ign"
+)
+
+// GetBootstrapStorageName gets the name of the storage bucket for the bootstrap process.
+func GetBootstrapStorageName(clusterID string) string {
+	return fmt.Sprintf("%s-bootstrap-ignition", clusterID)
+}
+
+// NewStorageClient creates a new Google storage client.
+func NewStorageClient(ctx context.Context) (*storage.Client, error) {
+	ssn, err := gcpic.GetSession(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to get session while creating gcp storage client: %w", err)
+	}
+
+	client, err := storage.NewClient(ctx, option.WithCredentials(ssn.Credentials))
+	if err != nil {
+		return nil, fmt.Errorf("failed to create client: %w", err)
+	}
+
+	return client, nil
+}
+
+// CreateBucketHandle will create the bucket handle that can be used as a reference for other storage resources.
+func CreateBucketHandle(ctx context.Context, bucketName string) (*storage.BucketHandle, error) {
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*1)
+	defer cancel()
+
+	client, err := NewStorageClient(ctx)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create storage client: %w", err)
+	}
+	return client.Bucket(bucketName), nil
+}
+
+// CreateStorage creates the gcp bucket/storage. The storage bucket does Not include the bucket object. The
+// bucket object is created as a separate process/function, so that the two are not tied together, and
+// the data stored inside the object can be set at a later time.
+func CreateStorage(ctx context.Context, ic *installconfig.InstallConfig, bucketHandle *storage.BucketHandle, clusterID string) error {
+	labels := map[string]string{}
+	labels[fmt.Sprintf("kubernetes-io-cluster-%s", clusterID)] = "owned"
+	for _, label := range ic.Config.GCP.UserLabels {
+		labels[label.Key] = label.Value
+	}
+
+	bucketAttrs := storage.BucketAttrs{
+		UniformBucketLevelAccess: storage.UniformBucketLevelAccess{
+			Enabled: true,
+		},
+		Location: ic.Config.GCP.Region,
+		Labels:   labels,
+	}
+
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*1)
+	defer cancel()
+
+	if err := bucketHandle.Create(ctx, ic.Config.GCP.ProjectID, &bucketAttrs); err != nil {
+		return fmt.Errorf("failed to create bucket: %w", err)
+	}
+	return nil
+}
+
+// CreateSignedURL creates a signed url and correlates the signed url with a storage bucket.
+func CreateSignedURL(handle *storage.BucketHandle, objectName string) (string, error) {
+	// Signing a URL requires credentials authorized to sign a URL. You can pass
+	// these in through SignedURLOptions with a Google Access ID with
+	// iam.serviceAccounts.signBlob permissions.
+	opts := storage.SignedURLOptions{
+		Scheme:  storage.SigningSchemeV4,
+		Method:  "GET",
+		Expires: time.Now().Add(time.Minute * 60),
+	}
+
+	// The object has not been created yet. This is ok, it is expected to be created after this call.
+	// However, if the object is never created this could cause major issues.
+	url, err := handle.SignedURL(objectName, &opts)
+	if err != nil {
+		return "", fmt.Errorf("failed to create a signed url: %w", err)
+	}
+
+	return url, nil
+}
+
+// ProvisionBootstrapStorage will provision the required storage bucket and signed url for the bootstrap process.
+func ProvisionBootstrapStorage(ctx context.Context, ic *installconfig.InstallConfig, bucketHandle *storage.BucketHandle, clusterID string) (string, error) {
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*1)
+	defer cancel()
+
+	if err := CreateStorage(ctx, ic, bucketHandle, clusterID); err != nil {
+		return "", fmt.Errorf("failed to create storage: %w", err)
+	}
+
+	url, err := CreateSignedURL(bucketHandle, bootstrapIgnitionBucketObjName)
+	if err != nil {
+		return "", fmt.Errorf("failed to sign url: %w", err)
+	}
+
+	return url, nil
+}
+
+// FillBucket will add the contents to the bootstrap storage bucket object.
+func FillBucket(ctx context.Context, bucketHandle *storage.BucketHandle, contents string) error {
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*1)
+	defer cancel()
+
+	objWriter := bucketHandle.Object(bootstrapIgnitionBucketObjName).NewWriter(ctx)
+	if _, err := fmt.Fprint(objWriter, contents); err != nil {
+		return fmt.Errorf("failed to store content in bucket object: %w", err)
+	}
+
+	if err := objWriter.Close(); err != nil {
+		return fmt.Errorf("failed to close bucket object writer: %w", err)
+	}
+
+	return nil
+}

pkg/asset/machines/gcp/gcpmachines.go

@@ -153,10 +153,9 @@ func createCAPIMachine(name string, dataSecret string, infraID string) *capi.Mac
 		},
 		Spec: capi.MachineSpec{
 			ClusterName: infraID,
-			// Leave empty until ignition support is added
-			// Bootstrap: capi.Bootstrap{
-			//	DataSecretName: ptr.To(dataSecret),
-			// },
+			Bootstrap: capi.Bootstrap{
+				DataSecretName: ptr.To(dataSecret),
+			},
 			InfrastructureRef: v1.ObjectReference{
 				APIVersion: "infrastructure.cluster.x-k8s.io/v1beta1",
 				Kind:       "GCPMachine",

pkg/asset/machines/gcp/gcpmachines_test.go

@@ -2,6 +2,7 @@
 package gcp
 
 import (
+	"fmt"
 	"testing"
 
 	"github.com/stretchr/testify/assert"
@@ -206,6 +207,8 @@ func getGCPMachineWithSecureBoot() *capg.GCPMachine {
 }
 
 func getBaseCapiMachine() *capi.Machine {
+	dataSecret := fmt.Sprintf("%s-master", "012345678")
+
 	capiMachine := &capi.Machine{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "012345678-master-0",
@@ -215,6 +218,9 @@ func getBaseCapiMachine() *capi.Machine {
 		},
 		Spec: capi.MachineSpec{
 			ClusterName: "012345678",
+			Bootstrap: capi.Bootstrap{
+				DataSecretName: ptr.To(dataSecret),
+			},
 			InfrastructureRef: v1.ObjectReference{
 				APIVersion: "infrastructure.cluster.x-k8s.io/v1beta1",
 				Kind:       "GCPMachine",

pkg/infrastructure/gcp/clusterapi/clusterapi.go

@@ -3,11 +3,14 @@ package clusterapi
 import (
 	"context"
 	"fmt"
+	"time"
 
 	"github.com/sirupsen/logrus"
 	capg "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/openshift/installer/pkg/asset/ignition/bootstrap"
+	"github.com/openshift/installer/pkg/asset/ignition/bootstrap/gcp"
 	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
 	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
 	"github.com/openshift/installer/pkg/types"
@@ -41,7 +44,41 @@ func (p Provider) PreProvision(ctx context.Context, in clusterapi.PreProvisionIn
 // added to a bucket. A signed url is generated to point to the bucket and the ignition data will be
 // updated to point to the url. This is also allows for bootstrap data to be edited after its initial creation.
 func (p Provider) Ignition(ctx context.Context, in clusterapi.IgnitionInput) ([]byte, error) {
-	return nil, nil
+	// Create the bucket and presigned url. The url is generated using a known/expected name so that the
+	// url can be retrieved from the api by this name.
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*2)
+	defer cancel()
+
+	bucketName := gcp.GetBootstrapStorageName(in.InfraID)
+	bucketHandle, err := gcp.CreateBucketHandle(ctx, bucketName)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create bucket handle %s: %w", bucketName, err)
+	}
+
+	url, err := gcp.ProvisionBootstrapStorage(ctx, in.InstallConfig, bucketHandle, in.InfraID)
+	if err != nil {
+		return nil, fmt.Errorf("ignition failed to provision storage: %w", err)
+	}
+	editedIgnitionBytes, err := EditIgnition(ctx, in)
+	if err != nil {
+		return nil, fmt.Errorf("failed to edit bootstrap ignition: %w", err)
+	}
+
+	ignitionBytes := in.BootstrapIgnData
+	if editedIgnitionBytes != nil {
+		ignitionBytes = editedIgnitionBytes
+	}
+
+	if err := gcp.FillBucket(ctx, bucketHandle, string(ignitionBytes)); err != nil {
+		return nil, fmt.Errorf("ignition failed to fill bucket: %w", err)
+	}
+
+	ignShim, err := bootstrap.GenerateIgnitionShimWithCertBundleAndProxy(url, in.InstallConfig.Config.AdditionalTrustBundle, in.InstallConfig.Config.Proxy)
+	if err != nil {
+		return nil, fmt.Errorf("failed to create ignition shim: %w", err)
+	}
+
+	return ignShim, nil
 }
 
 // InfraReady is called once cluster.Status.InfrastructureReady

pkg/infrastructure/gcp/clusterapi/ignition.go

@@ -0,0 +1,132 @@
+package clusterapi
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/json"
+	"fmt"
+	"strings"
+	"time"
+
+	igntypes "github.com/coreos/ignition/v2/config/v3_2/types"
+	capg "sigs.k8s.io/cluster-api-provider-gcp/api/v1beta1"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/yaml"
+
+	configv1 "github.com/openshift/api/config/v1"
+	"github.com/openshift/installer/pkg/asset/manifests/capiutils"
+	"github.com/openshift/installer/pkg/infrastructure/clusterapi"
+	"github.com/openshift/installer/pkg/types/gcp"
+)
+
+const (
+	infrastructureFilepath = "/opt/openshift/manifests/cluster-infrastructure-02-config.yml"
+
+	// replaceable is the string that precedes the encoded data in the ignition data.
+	// The data must be replaced before decoding the string, and the string must be
+	// prepended to the encoded data.
+	replaceable = "data:text/plain;charset=utf-8;base64,"
+)
+
+// EditIgnition attempts to edit the contents of the bootstrap ignition when the user has selected
+// a custom DNS configuration. Find the public and private load balancer addresses and fill in the
+// infrastructure file within the ignition struct.
+func EditIgnition(ctx context.Context, in clusterapi.IgnitionInput) ([]byte, error) {
+	ctx, cancel := context.WithTimeout(ctx, time.Minute*2)
+	defer cancel()
+
+	if in.InstallConfig.Config.GCP.UserProvisionedDNS == gcp.UserProvisionedDNSEnabled {
+		gcpCluster := &capg.GCPCluster{}
+		key := client.ObjectKey{
+			Name:      in.InfraID,
+			Namespace: capiutils.Namespace,
+		}
+		if err := in.Client.Get(ctx, key, gcpCluster); err != nil {
+			return nil, fmt.Errorf("failed to get GCP cluster: %w", err)
+		}
+
+		// public load balancer and health check are created by capi gcp provider.
+		// TODO: this is currently a global address
+		apiIPAddress := *gcpCluster.Status.Network.APIServerAddress
+
+		ignData := &igntypes.Config{}
+		err := json.Unmarshal(in.BootstrapIgnData, ignData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to unmarshal bootstrap ignition: %w", err)
+		}
+
+		apiIntIPAddress, err := getInternalLBAddress(ctx, in.InstallConfig.Config.GCP.ProjectID, in.InstallConfig.Config.GCP.Region, getAPIAddressName(in.InfraID))
+		if err != nil {
+			return nil, fmt.Errorf("failed to create the internal load balancer address: %w", err)
+		}
+
+		err = addLoadBalancersToInfra(gcp.Name, ignData, []string{apiIPAddress}, []string{apiIntIPAddress})
+		if err != nil {
+			return nil, fmt.Errorf("failed to add load balancers to ignition config: %w", err)
+		}
+
+		editedIgnBytes, err := json.Marshal(ignData)
+		if err != nil {
+			return nil, fmt.Errorf("failed to convert ignition data to json: %w", err)
+		}
+
+		return editedIgnBytes, nil
+	}
+
+	return nil, nil
+}
+
+// addLoadBalancersToInfra will load the public and private load balancer information into
+// the infrastructure CR. This will occur after the data has already been inserted into the
+// ignition file.
+func addLoadBalancersToInfra(platform string, config *igntypes.Config, publicLBs []string, privateLBs []string) error {
+	for i, fileData := range config.Storage.Files {
+		// update the contents of this file
+		if fileData.Path == infrastructureFilepath {
+			contents := config.Storage.Files[i].Contents.Source
+			replaced := strings.Replace(*contents, replaceable, "", 1)
+
+			rawDecodedText, err := base64.StdEncoding.DecodeString(replaced)
+			if err != nil {
+				return fmt.Errorf("failed to decode contents of ignition file: %w", err)
+			}
+
+			infra := &configv1.Infrastructure{}
+			if err := yaml.Unmarshal(rawDecodedText, infra); err != nil {
+				return fmt.Errorf("failed to unmarshal infrastructure: %w", err)
+			}
+
+			// convert the list of strings to a list of IPs
+			apiIntLbs := []configv1.IP{}
+			for _, ip := range privateLBs {
+				apiIntLbs = append(apiIntLbs, configv1.IP(ip))
+			}
+			apiLbs := []configv1.IP{}
+			for _, ip := range publicLBs {
+				apiLbs = append(apiLbs, configv1.IP(ip))
+			}
+			cloudLBInfo := configv1.CloudLoadBalancerIPs{
+				APIIntLoadBalancerIPs: apiIntLbs,
+				APILoadBalancerIPs:    apiLbs,
+			}
+
+			if infra.Status.PlatformStatus.GCP.CloudLoadBalancerConfig.DNSType == configv1.ClusterHostedDNSType {
+				infra.Status.PlatformStatus.GCP.CloudLoadBalancerConfig.ClusterHosted = &cloudLBInfo
+			}
+
+			// convert the infrastructure back to an encoded string
+			infraContents, err := yaml.Marshal(infra)
+			if err != nil {
+				return fmt.Errorf("failed to marshal infrastructure: %w", err)
+			}
+
+			encoded := fmt.Sprintf("%s%s", replaceable, base64.StdEncoding.EncodeToString(infraContents))
+			// replace the contents with the edited information
+			config.Storage.Files[i].Contents.Source = &encoded
+
+			break
+		}
+	}
+
+	return nil
+}