feat: support CAPI v1alpha4

This PR will add all of the changes necessary for supporting CAPI
v1alpha4 resources.

Signed-off-by: Spencer Smith <[email protected]>
Co-authored-by: Andrey Smirnov <[email protected]>
Signed-off-by: Andrey Smirnov <[email protected]>

.drone.yml

@@ -132,7 +132,7 @@ steps:
         - sha512
       draft: true
       files:
-        - _out/*
+        - _out/bootstrap-talos/*/*
       note: _out/RELEASE_NOTES.md
     when:
       event:
@@ -176,6 +176,6 @@ depends_on:
 
 ---
 kind: signature
-hmac: 523acbd6b6e92b11249b0515fe28ef34dc1c3c926826e84ce9a1de3412a6a65e
+hmac: a7d3d09b2ec221337f14cde8f5f2a872a4c3500df09b7f27e6a169a4eb35944b
 
 ...

Dockerfile

@@ -71,12 +71,13 @@ ARG TAG
 RUN cd config/manager \
   && kustomize edit set image controller=${REGISTRY_AND_USERNAME}/${NAME}:${TAG} \
   && cd - \
-  && kustomize build config > /bootstrap-components.yaml \
+  && kustomize build config/default > /bootstrap-components.yaml \
   && cp config/metadata/metadata.yaml /metadata.yaml
 
 FROM scratch AS release
-COPY --from=release-build /bootstrap-components.yaml /bootstrap-components.yaml
-COPY --from=release-build /metadata.yaml /metadata.yaml
+ARG TAG
+COPY --from=release-build /bootstrap-components.yaml /bootstrap-talos/${TAG}/bootstrap-components.yaml
+COPY --from=release-build /metadata.yaml /bootstrap-talos/${TAG}/metadata.yaml
 
 FROM build AS binary
 ARG TARGETARCH

Makefile

@@ -13,8 +13,8 @@ PKGS ?= v0.8.0-alpha.0-3-gdb90f93
 TALOS_VERSION ?= v0.12.1
 K8S_VERSION ?= 1.21.4
 
-CONTROLLER_GEN_VERSION ?= v0.5.0
-CONVERSION_GEN_VERSION ?= v0.21.0
+CONTROLLER_GEN_VERSION ?= v0.6.2
+CONVERSION_GEN_VERSION ?= v0.21.3
 
 BUILD := docker buildx build
 PLATFORM ?= linux/amd64

config/crd/kustomization.yaml

@@ -3,6 +3,7 @@
 # It should be run by config/default
 commonLabels:
     cluster.x-k8s.io/v1alpha3: v1alpha3  
+    cluster.x-k8s.io/v1alpha4: v1alpha3  
 
 resources:
 - bases/bootstrap.cluster.x-k8s.io_talosconfigs.yaml

config/default/kustomization.yaml

@@ -1,8 +1,52 @@
 namespace: cabpt-system
 
+namePrefix: cabpt-
+
+# Labels to add to all resources and selectors.
+commonLabels:
+  cluster.x-k8s.io/provider: "bootstrap-talos"
+
 resources:
   - namespace.yaml
 
 bases:
+  - ../crd
+  - ../certmanager
+  - ../webhook
   - ../rbac
   - ../manager
+
+patchesStrategicMerge:
+  - manager_webhook_patch.yaml
+  - webhookcainjection_patch.yaml
+
+vars:
+  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+    objref:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1alpha2
+      name: serving-cert # this name should match the one in certificate.yaml
+    fieldref:
+      fieldpath: metadata.namespace
+  - name: CERTIFICATE_NAME
+    objref:
+      kind: Certificate
+      group: cert-manager.io
+      version: v1alpha2
+      name: serving-cert # this name should match the one in certificate.yaml
+  - name: SERVICE_NAMESPACE # namespace of the service
+    objref:
+      kind: Service
+      version: v1
+      name: webhook-service
+    fieldref:
+      fieldpath: metadata.namespace
+  - name: SERVICE_NAME
+    objref:
+      kind: Service
+      version: v1
+      name: webhook-service
+
+configurations:
+  - kustomizeconfig.yaml

config/default/kustomizeconfig.yaml

@@ -0,0 +1,4 @@
+# This configuration is for teaching kustomize how to update name ref and var substitution
+varReference:
+  - kind: Deployment
+    path: spec/template/spec/volumes/secret/secretName

config/webhook/manager_webhook_patch.yaml → config/default/manager_webhook_patch.yaml

@@ -8,9 +8,6 @@ spec:
     spec:
       containers:
         - name: manager
-          args:
-            - "--metrics-addr=127.0.0.1:8080"
-            - "--webhook-port=9443"
           ports:
             - containerPort: 9443
               name: webhook-server

config/default/webhookcainjection_patch.yaml

@@ -0,0 +1,7 @@
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: validating-webhook-configuration
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

config/manager/manager.yaml

@@ -19,7 +19,7 @@ spec:
         - command:
             - /manager
           args:
-            - --metrics-addr=127.0.0.1:8080
+            - --metrics-bind-addr=127.0.0.1:8080
             - --enable-leader-election
             - "--feature-gates=MachinePool=${EXP_MACHINE_POOL:=false}"
           image: controller:latest

config/metadata/metadata.yaml

@@ -6,4 +6,7 @@ releaseSeries:
   contract: v1alpha3
 - major: 0
   minor: 3
-  contract: v1alpha3
+  contract: v1alpha3
+- major: 0
+  minor: 4
+  contract: v1alpha4

config/rbac/leader_election_role.yaml

@@ -30,3 +30,15 @@ rules:
       - events
     verbs:
       - create
+  - apiGroups:
+      - "coordination.k8s.io"
+    resources:
+      - leases
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - update
+      - patch
+      - delete

config/webhook/kustomization.yaml

@@ -1,42 +1,6 @@
-namespace: capi-webhook-system
-
 resources:
   - manifests.yaml
   - service.yaml
-  - ../certmanager
-  - ../manager
 
 configurations:
   - kustomizeconfig.yaml
-
-patchesStrategicMerge:
-  - manager_webhook_patch.yaml
-#  - webhookcainjection_patch.yaml
-
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1alpha2
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1alpha2
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service

config/webhook/kustomizeconfig.yaml

@@ -22,6 +22,4 @@ namespace:
   create: true
 
 varReference:
-- path: metadata/annotations
-- kind: Deployment
-  path: spec/template/spec/volumes/secret/secretName
+- path: metadata/annotations

config/webhook/manifests.yaml

@@ -1,12 +1,15 @@
 
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   creationTimestamp: null
   name: validating-webhook-configuration
 webhooks:
-- clientConfig:
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -25,3 +28,4 @@ webhooks:
     - UPDATE
     resources:
     - talosconfig
+  sideEffects: None

controllers/scheme.go

@@ -7,8 +7,8 @@ package controllers
 import (
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	"k8s.io/client-go/kubernetes/scheme"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha3"
-	expv1 "sigs.k8s.io/cluster-api/exp/api/v1alpha3"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
+	expv1 "sigs.k8s.io/cluster-api/exp/api/v1alpha4"
 
 	bootstrapv1alpha2 "github.com/talos-systems/cluster-api-bootstrap-provider-talos/api/v1alpha2"
 	bootstrapv1alpha3 "github.com/talos-systems/cluster-api-bootstrap-provider-talos/api/v1alpha3"

controllers/secrets.go

@@ -14,7 +14,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	k8serrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha3"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
 	bootstrapv1alpha3 "github.com/talos-systems/cluster-api-bootstrap-provider-talos/api/v1alpha3"

controllers/talosconfig_controller.go

@@ -24,9 +24,9 @@ import (
 	"gopkg.in/yaml.v2"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
-	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha3"
+	capiv1 "sigs.k8s.io/cluster-api/api/v1alpha4"
 	bsutil "sigs.k8s.io/cluster-api/bootstrap/util"
-	expv1 "sigs.k8s.io/cluster-api/exp/api/v1alpha3"
+	expv1 "sigs.k8s.io/cluster-api/exp/api/v1alpha4"
 	"sigs.k8s.io/cluster-api/feature"
 	"sigs.k8s.io/cluster-api/util"
 	"sigs.k8s.io/cluster-api/util/patch"
@@ -88,17 +88,13 @@ func (r *TalosConfigReconciler) SetupWithManager(ctx context.Context, mgr ctrl.M
 		WithOptions(options).
 		Watches(
 			&source.Kind{Type: &capiv1.Machine{}},
-			&handler.EnqueueRequestsFromMapFunc{
-				ToRequests: handler.ToRequestsFunc(r.MachineToBootstrapMapFunc),
-			},
+			handler.EnqueueRequestsFromMapFunc(r.MachineToBootstrapMapFunc),
 		)
 
 	if feature.Gates.Enabled(feature.MachinePool) {
 		b = b.Watches(
 			&source.Kind{Type: &expv1.MachinePool{}},
-			&handler.EnqueueRequestsFromMapFunc{
-				ToRequests: handler.ToRequestsFunc(r.MachinePoolToBootstrapMapFunc),
-			},
+			handler.EnqueueRequestsFromMapFunc(r.MachinePoolToBootstrapMapFunc),
 		)
 	}
 
@@ -109,9 +105,7 @@ func (r *TalosConfigReconciler) SetupWithManager(ctx context.Context, mgr ctrl.M
 
 	err = c.Watch(
 		&source.Kind{Type: &capiv1.Cluster{}},
-		&handler.EnqueueRequestsFromMapFunc{
-			ToRequests: handler.ToRequestsFunc(r.ClusterToTalosConfigs),
-		},
+		handler.EnqueueRequestsFromMapFunc(r.ClusterToTalosConfigs),
 		predicates.ClusterUnpausedAndInfrastructureReady(r.Log),
 	)
 	if err != nil {
@@ -127,8 +121,7 @@ func (r *TalosConfigReconciler) SetupWithManager(ctx context.Context, mgr ctrl.M
 // +kubebuilder:rbac:groups=exp.cluster.x-k8s.io,resources=machinepools;machinepools/status,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
 
-func (r *TalosConfigReconciler) Reconcile(req ctrl.Request) (_ ctrl.Result, rerr error) {
-	ctx := context.Background()
+func (r *TalosConfigReconciler) Reconcile(ctx context.Context, req ctrl.Request) (_ ctrl.Result, rerr error) {
 	log := r.Log.WithName(controllerName).
 		WithName(fmt.Sprintf("namespace=%s", req.Namespace)).
 		WithName(fmt.Sprintf("talosconfig=%s", req.Name))
@@ -451,8 +444,8 @@ func (r *TalosConfigReconciler) genConfigs(ctx context.Context, scope *TalosConf
 
 // MachineToBootstrapMapFunc is a handler.ToRequestsFunc to be used to enqueue
 // request for reconciliation of TalosConfig.
-func (r *TalosConfigReconciler) MachineToBootstrapMapFunc(o handler.MapObject) []ctrl.Request {
-	m, ok := o.Object.(*capiv1.Machine)
+func (r *TalosConfigReconciler) MachineToBootstrapMapFunc(o client.Object) []ctrl.Request {
+	m, ok := o.(*capiv1.Machine)
 	if !ok {
 		panic(fmt.Sprintf("Expected a Machine but got a %T", o))
 	}
@@ -467,8 +460,8 @@ func (r *TalosConfigReconciler) MachineToBootstrapMapFunc(o handler.MapObject) [
 
 // MachinePoolToBootstrapMapFunc is a handler.ToRequestsFunc to be used to enqueue
 // request for reconciliation of TalosConfig.
-func (r *TalosConfigReconciler) MachinePoolToBootstrapMapFunc(o handler.MapObject) []ctrl.Request {
-	m, ok := o.Object.(*expv1.MachinePool)
+func (r *TalosConfigReconciler) MachinePoolToBootstrapMapFunc(o client.Object) []ctrl.Request {
+	m, ok := o.(*expv1.MachinePool)
 	if !ok {
 		panic(fmt.Sprintf("Expected a MachinePool but got a %T", o))
 	}
@@ -484,10 +477,10 @@ func (r *TalosConfigReconciler) MachinePoolToBootstrapMapFunc(o handler.MapObjec
 
 // ClusterToTalosConfigs is a handler.ToRequestsFunc to be used to enqeue
 // requests for reconciliation of TalosConfigs.
-func (r *TalosConfigReconciler) ClusterToTalosConfigs(o handler.MapObject) []ctrl.Request {
+func (r *TalosConfigReconciler) ClusterToTalosConfigs(o client.Object) []ctrl.Request {
 	result := []ctrl.Request{}
 
-	c, ok := o.Object.(*capiv1.Cluster)
+	c, ok := o.(*capiv1.Cluster)
 	if !ok {
 		panic(fmt.Sprintf("Expected a Cluster but got a %T", o))
 	}