feat: support lb as URL endpoint in machine configs and support machine deployments

Signed-off-by: Spencer Smith <[email protected]>

Author: rsmitty

PROJECT

@@ -5,3 +5,6 @@ resources:
 - group: bootstrap
   version: v1alpha2
   kind: TalosConfig
+- group: bootstrap
+  version: v1alpha2
+  kind: TalosConfigTemplate

api/v1alpha2/talosconfigtemplate_types.go

@@ -0,0 +1,48 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// TalosConfigTemplateSpec defines the desired state of TalosConfigTemplate
+type TalosConfigTemplateSpec struct {
+	Template TalosConfigTemplateResource `json:"template"`
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:resource:path=talosconfigtemplates,scope=Namespaced,categories=cluster-api
+// +kubebuilder:storageversion
+
+// TalosConfigTemplate is the Schema for the talosconfigtemplates API
+type TalosConfigTemplate struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec TalosConfigTemplateSpec `json:"spec,omitempty"`
+}
+
+// +kubebuilder:object:root=true
+
+// TalosConfigTemplateList contains a list of TalosConfigTemplate
+type TalosConfigTemplateList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []TalosConfigTemplate `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&TalosConfigTemplate{}, &TalosConfigTemplateList{})
+}

api/v1alpha2/types.go

@@ -0,0 +1,19 @@
+/*
+Copyright 2019 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+// TalosConfigTemplateResource defines the Template structure
+type TalosConfigTemplateResource struct {
+	Spec TalosConfigSpec `json:"spec,omitempty"`
+}

api/v1alpha2/zz_generated.deepcopy.go

@@ -0,0 +1,60 @@
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  creationTimestamp: null
+  name: talosconfigtemplates.bootstrap.cluster.x-k8s.io
+spec:
+  group: bootstrap.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: TalosConfigTemplate
+    plural: talosconfigtemplates
+  scope: Namespaced
+  validation:
+    openAPIV3Schema:
+      description: TalosConfigTemplate is the Schema for the talosconfigtemplates
+        API
+      properties:
+        apiVersion:
+          description: 'APIVersion defines the versioned schema of this representation
+            of an object. Servers should convert recognized schemas to the latest
+            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources'
+          type: string
+        kind:
+          description: 'Kind is a string value representing the REST resource this
+            object represents. Servers may infer this from the endpoint the client
+            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds'
+          type: string
+        metadata:
+          type: object
+        spec:
+          description: TalosConfigTemplateSpec defines the desired state of TalosConfigTemplate
+          properties:
+            template:
+              description: TalosConfigTemplateResource defines the Template structure
+              properties:
+                spec:
+                  description: TalosConfigSpec defines the desired state of TalosConfig
+                  properties:
+                    machineType:
+                      type: string
+                  type: object
+              type: object
+          required:
+          - template
+          type: object
+      type: object
+  version: v1alpha2
+  versions:
+  - name: v1alpha2
+    served: true
+    storage: true
+status:
+  acceptedNames:
+    kind: ""
+    plural: ""
+  conditions: []
+  storedVersions: []

config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigtemplates.yaml

@@ -3,6 +3,7 @@
 # It should be run by config/default
 resources:
 - bases/bootstrap.cluster.x-k8s.io_talosconfigs.yaml
+- bases/bootstrap.cluster.x-k8s.io_talosconfigtemplates.yaml
 # +kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:

config/crd/kustomization.yaml

@@ -0,0 +1,8 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: talosconfigtemplates.bootstrap.cluster.x-k8s.io

config/crd/patches/cainjection_in_talosconfigtemplates.yaml

@@ -0,0 +1,17 @@
+# The following patch enables conversion webhook for CRD
+# CRD conversion requires k8s 1.13 or later.
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: talosconfigtemplates.bootstrap.cluster.x-k8s.io
+spec:
+  conversion:
+    strategy: Webhook
+    webhookClientConfig:
+      # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
+      # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
+      caBundle: Cg==
+      service:
+        namespace: system
+        name: webhook-service
+        path: /convert

config/crd/patches/webhook_in_talosconfigtemplates.yaml

@@ -22,31 +22,38 @@ import (
 	"github.com/talos-systems/talos/pkg/config/types/v1alpha1/generate"
 	"gopkg.in/yaml.v2"
 	corev1 "k8s.io/api/core/v1"
-	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 )
 
-func (r *TalosConfigReconciler) fetchCertSecret(ctx context.Context, config *bootstrapv1alpha2.TalosConfig, clusterName string) (*corev1.Secret, error) {
+func (r *TalosConfigReconciler) fetchInputSecret(ctx context.Context, config *bootstrapv1alpha2.TalosConfig, clusterName string) (*corev1.Secret, error) {
 
-	certSecret := &corev1.Secret{}
+	inputSecret := &corev1.Secret{}
 	err := r.Client.Get(context.Background(), client.ObjectKey{
 		Namespace: config.GetNamespace(),
 		Name:      clusterName,
-	}, certSecret)
+	}, inputSecret)
 
-	if err != nil && k8serrors.IsNotFound(err) {
-		return nil, nil
-	} else if err != nil {
+	if err != nil {
 		return nil, err
 	}
 
-	return certSecret, nil
+	return inputSecret, nil
 }
 
-func (r *TalosConfigReconciler) writeCertSecret(ctx context.Context, config *bootstrapv1alpha2.TalosConfig, clusterName string, certs *generate.Certs) error {
+func (r *TalosConfigReconciler) writeInputSecret(ctx context.Context, config *bootstrapv1alpha2.TalosConfig, clusterName string, input *generate.Input) error {
+
+	certMarshal, err := yaml.Marshal(input.Certs)
+	if err != nil {
+		return err
+	}
+
+	kubeTokenMarshal, err := yaml.Marshal(input.KubeadmTokens)
+	if err != nil {
+		return err
+	}
 
-	certMarshal, err := yaml.Marshal(certs)
+	trustdInfoMarshal, err := yaml.Marshal(input.TrustdInfo)
 	if err != nil {
 		return err
 	}
@@ -56,7 +63,11 @@ func (r *TalosConfigReconciler) writeCertSecret(ctx context.Context, config *boo
 			Namespace: config.GetNamespace(),
 			Name:      clusterName,
 		},
-		Data: map[string][]byte{"certs": certMarshal},
+		Data: map[string][]byte{
+			"certs":      certMarshal,
+			"kubeTokens": kubeTokenMarshal,
+			"trustdInfo": trustdInfoMarshal,
+		},
 	}
 
 	err = r.Client.Create(ctx, certSecret)