feat: update Talos to 1.10-beta.0, CAPI to 1.10-rc.1

Dockerfile

@@ -1,4 +1,4 @@
-# syntax = docker/dockerfile-upstream:1.2.0-labs
+# syntax = docker/dockerfile-upstream:1.14.1-labs
 
 # Meta args applied to stage base names.
 
@@ -14,21 +14,19 @@ FROM ghcr.io/siderolabs/fhs:${PKGS} AS pkg-fhs
 # code
 
 FROM --platform=${BUILDPLATFORM} ${TOOLS} AS build
-SHELL ["/toolchain/bin/bash", "-c"]
-ENV PATH /toolchain/bin:/toolchain/go/bin:/go/bin
-RUN ["/toolchain/bin/mkdir", "/bin", "/tmp"]
-RUN ["/toolchain/bin/ln", "-svf", "/toolchain/bin/bash", "/bin/sh"]
-RUN ["/toolchain/bin/ln", "-svf", "/toolchain/etc/ssl", "/etc/ssl"]
-ENV GO111MODULE on
-ENV GOPROXY https://proxy.golang.org
-ENV CGO_ENABLED 0
-ENV GOCACHE /.cache/go-build
-ENV GOMODCACHE /.cache/mod
-ENV GOTOOLCHAIN local
+ENV GOTOOLCHAIN=local
+ENV CGO_ENABLED=0
+ENV GO111MODULE=on
+ENV GOPROXY=https://proxy.golang.org
+ENV GOCACHE=/.cache/go-build
+ENV GOMODCACHE=/.cache/mod
+SHELL ["/bin/bash", "-c"]
 ARG CONTROLLER_GEN_VERSION
 ARG CONVERSION_GEN_VERSION
-RUN --mount=type=cache,target=/.cache go install sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_GEN_VERSION}
-RUN --mount=type=cache,target=/.cache go install k8s.io/code-generator/cmd/conversion-gen@${CONVERSION_GEN_VERSION}
+RUN --mount=type=cache,target=/.cache go install sigs.k8s.io/controller-tools/cmd/controller-gen@${CONTROLLER_GEN_VERSION} \
+  && mv /root/go/bin/controller-gen /usr/bin/controller-gen
+RUN --mount=type=cache,target=/.cache go install k8s.io/code-generator/cmd/conversion-gen@${CONVERSION_GEN_VERSION} \
+  && mv /root/go/bin/conversion-gen /usr/bin/conversion-gen
 WORKDIR /src
 COPY ./go.mod ./
 COPY ./go.sum ./
@@ -64,7 +62,7 @@ RUN --mount=type=cache,target=/.cache go test -race -ldflags "${GO_LDFLAGS}" -co
 FROM scratch AS integration-test
 COPY --from=integration-test-build /src/integration.test /integration.test
 
-FROM --platform=${BUILDPLATFORM} alpine:3.13 AS release-build
+FROM --platform=${BUILDPLATFORM} alpine:3.21 AS release-build
 ADD https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize%2Fv4.1.0/kustomize_v4.1.0_linux_amd64.tar.gz .
 RUN  tar -xf kustomize_v4.1.0_linux_amd64.tar.gz -C /usr/local/bin && rm kustomize_v4.1.0_linux_amd64.tar.gz
 COPY ./config ./config

Makefile

@@ -9,15 +9,15 @@ NAME := cluster-api-talos-controller
 ARTIFACTS := _out
 TEST_RUN ?= ./...
 
-TOOLS ?= ghcr.io/siderolabs/tools:v1.9.0
-PKGS ?= v1.9.0
-TALOS_VERSION ?= v1.9.0
-K8S_VERSION ?= 1.31.4
+TOOLS ?= ghcr.io/siderolabs/tools:v1.10.0
+PKGS ?= v1.10.0
+TALOS_VERSION ?= v1.10.0-beta.0
+K8S_VERSION ?= 1.32.3
 
 KRES_IMAGE ?= ghcr.io/siderolabs/kres:latest
 
-CONTROLLER_GEN_VERSION ?= v0.16.2
-CONVERSION_GEN_VERSION ?= v0.31.3
+CONTROLLER_GEN_VERSION ?= v0.17.0
+CONVERSION_GEN_VERSION ?= v0.32.3
 
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64

README.md

@@ -54,19 +54,17 @@ This provider's versions are compatible with the following versions of Cluster A
 
 This provider's versions are able to install and manage the following versions of Kubernetes:
 
-|                | v1.19 | v1.20 | v1.21 | v1.22 | v1.23 | v1.24 | v1.25 | v1.26 | v1.27 | v1.28 | v1.29 | v1.30 | v1.31 | v1.32 |
-| -------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| CABPT (v0.5.x) | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |       |       |       |       |       |       |
-| CABPT (v0.6.x) |       |       |       |       |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
+|                | v1.19 | v1.20 | v1.21 | v1.22 | v1.23 | v1.24 | v1.25 | v1.26 | v1.27 | v1.28 | v1.29 | v1.30 | v1.31 | v1.32 | v1.33 |
+| -------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| CABPT (v0.5.x) | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |       |       |       |       |       |       |       |
+| CABPT (v0.6.x) |       |       |       |       |       |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
 
 This provider's versions are compatible with the following versions of Talos:
 
-|                  | v1.0  | v1.1  | v1.2  | v1.3  | v1.4  | v1.5  | v1.6  | v1.7  | v1.8  | v1.9  |
-| ---------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
-| CABPT (v0.5.x)   | ✓     | ✓     | ✓     | ✓     |       |       |       |       |       |       |
-| CABPT (v0.6.x)   |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
-
-> Note: CABPT is not compatible with multi-document Talos Linux machine configuration, as it relies on JSON patch to apply configuration patches.
+|                  | v1.0  | v1.1  | v1.2  | v1.3  | v1.4  | v1.5  | v1.6  | v1.7  | v1.8  | v1.9  | v1.10 |
+| ---------------- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- | ----- |
+| CABPT (v0.5.x)   | ✓     | ✓     | ✓     | ✓     |       |       |       |       |       |       |       |
+| CABPT (v0.6.x)   |       |       | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     | ✓     |
 
 CABPT generates machine configuration compatible with Talos Linux version specified in the `talosVersion:` field (see below).
 
@@ -153,6 +151,8 @@ There are two [patch formats](https://www.talos.dev/latest/talos-guides/configur
 
 See Talos Linux documentation for more information on patching.
 
+> Note: JSON patches are not compatible with multi-document Talos Linux machine configuration.
+
 JSON 6902 patch:
 
 ```yaml

api/v1alpha3/talosconfig_webhook.go

@@ -5,6 +5,7 @@
 package v1alpha3
 
 import (
+	"context"
 	"fmt"
 
 	"github.com/google/go-cmp/cmp"
@@ -20,21 +21,25 @@ import (
 func (r *TalosConfig) SetupWebhookWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithValidator(r).
 		Complete()
 }
 
 //+kubebuilder:webhook:verbs=create;update,path=/validate-bootstrap-cluster-x-k8s-io-v1alpha3-talosconfig,mutating=false,failurePolicy=fail,groups=bootstrap.cluster.x-k8s.io,resources=talosconfigs,versions=v1alpha3,name=vtalosconfig.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1
 
-var _ webhook.Validator = &TalosConfig{}
+var _ webhook.CustomValidator = &TalosConfig{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *TalosConfig) ValidateCreate() (admission.Warnings, error) {
+func (r *TalosConfig) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
+	r = obj.(*TalosConfig)
+
 	return nil, r.validate()
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *TalosConfig) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
-	old := oldRaw.(*TalosConfig)
+func (r *TalosConfig) ValidateUpdate(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (admission.Warnings, error) {
+	old := oldObj.(*TalosConfig)
+	r = newObj.(*TalosConfig)
 
 	if !cmp.Equal(r.Spec, old.Spec) {
 		return nil, apierrors.NewBadRequest("TalosConfig.Spec is immutable")
@@ -44,7 +49,7 @@ func (r *TalosConfig) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings,
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *TalosConfig) ValidateDelete() (admission.Warnings, error) {
+func (r *TalosConfig) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 

api/v1alpha3/talosconfigtemplate_webhook.go

@@ -5,6 +5,8 @@
 package v1alpha3
 
 import (
+	"context"
+
 	"github.com/google/go-cmp/cmp"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	runtime "k8s.io/apimachinery/pkg/runtime"
@@ -16,21 +18,23 @@ import (
 func (r *TalosConfigTemplate) SetupWebhookWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithValidator(r).
 		Complete()
 }
 
 //+kubebuilder:webhook:verbs=update,path=/validate-bootstrap-cluster-x-k8s-io-v1alpha3-talosconfigtemplate,mutating=false,failurePolicy=fail,groups=bootstrap.cluster.x-k8s.io,resources=talosconfigtemplates,versions=v1alpha3,name=vtalosconfigtemplate.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1
 
-var _ webhook.Validator = &TalosConfigTemplate{}
+var _ webhook.CustomValidator = &TalosConfigTemplate{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *TalosConfigTemplate) ValidateCreate() (admission.Warnings, error) {
+func (r *TalosConfigTemplate) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *TalosConfigTemplate) ValidateUpdate(oldRaw runtime.Object) (admission.Warnings, error) {
-	old := oldRaw.(*TalosConfigTemplate)
+func (r *TalosConfigTemplate) ValidateUpdate(ctx context.Context, oldObj runtime.Object, newObj runtime.Object) (admission.Warnings, error) {
+	old := oldObj.(*TalosConfigTemplate)
+	r = newObj.(*TalosConfigTemplate)
 
 	if !cmp.Equal(r.Spec, old.Spec) {
 		return nil, apierrors.NewBadRequest("TalosConfigTemplate.Spec is immutable")
@@ -40,6 +44,6 @@ func (r *TalosConfigTemplate) ValidateUpdate(oldRaw runtime.Object) (admission.W
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *TalosConfigTemplate) ValidateDelete() (admission.Warnings, error) {
+func (r *TalosConfigTemplate) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
 	return nil, nil
 }

config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigs.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.2
+    controller-gen.kubebuilder.io/version: v0.17.0
   name: talosconfigs.bootstrap.cluster.x-k8s.io
 spec:
   group: bootstrap.cluster.x-k8s.io
@@ -152,27 +152,32 @@ spec:
                   properties:
                     lastTransitionTime:
                       description: |-
-                        Last time the condition transitioned from one status to another.
+                        lastTransitionTime is the last time the condition transitioned from one status to another.
                         This should be when the underlying condition changed. If that is not known, then using the time when
                         the API field changed is acceptable.
                       format: date-time
                       type: string
                     message:
                       description: |-
-                        A human readable message indicating details about the transition.
+                        message is a human readable message indicating details about the transition.
                         This field may be empty.
+                      maxLength: 10240
+                      minLength: 1
                       type: string
                     reason:
                       description: |-
-                        The reason for the condition's last transition in CamelCase.
+                        reason is the reason for the condition's last transition in CamelCase.
                         The specific API may choose whether or not this field is considered a guaranteed API.
                         This field may be empty.
+                      maxLength: 256
+                      minLength: 1
                       type: string
                     severity:
                       description: |-
                         severity provides an explicit classification of Reason code, so the users or machines can immediately
                         understand the current situation and act accordingly.
                         The Severity field MUST be set only when Status=False.
+                      maxLength: 32
                       type: string
                     status:
                       description: status of the condition, one of True, False, Unknown.
@@ -182,6 +187,8 @@ spec:
                         type of condition in CamelCase or in foo.example.com/CamelCase.
                         Many .condition.type values are consistent across resources like Available, but because arbitrary conditions
                         can be useful (see .node.status.conditions), the ability to deconflict is important.
+                      maxLength: 256
+                      minLength: 1
                       type: string
                   required:
                   - lastTransitionTime

config/crd/bases/bootstrap.cluster.x-k8s.io_talosconfigtemplates.yaml

@@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.16.2
+    controller-gen.kubebuilder.io/version: v0.17.0
   name: talosconfigtemplates.bootstrap.cluster.x-k8s.io
 spec:
   group: bootstrap.cluster.x-k8s.io