add boot configuration reference to machine spec (ironcore-dev#135)

Signed-off-by: Artem Bortnikov <[email protected]>
aobort · Jun 24, 2024 · d52d3a2 · d52d3a2
1 parent bfe4e65
commit d52d3a2
Show file tree

Hide file tree

Showing 15 changed files with 191 additions and 37 deletions.
diff --git a/api/v1alpha1/bootconfiguration_types.go b/api/v1alpha1/bootconfiguration_types.go
@@ -34,6 +34,7 @@ const (
 
 // +kubebuilder:object:root=true
 // +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Cluster
 // +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.status.state`
 // +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`
 // +genclient

diff --git a/api/v1alpha1/machine_types.go b/api/v1alpha1/machine_types.go
@@ -31,6 +31,9 @@ type MachineSpec struct {
 	// +optional
 	LoopbackAddressRef *v1.LocalObjectReference `json:"loopbackAddressRef,omitempty"`
 
+	// +optional
+	BootConfigurationRef *v1.LocalObjectReference `json:"bootConfigurationRef,omitempty"`
+
 	// +optional
 	ASN string `json:"asn,omitempty"`
 

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/client/applyconfiguration/api/v1alpha1/machinespec.go b/client/applyconfiguration/api/v1alpha1/machinespec.go
diff --git a/client/applyconfiguration/internal/internal.go b/client/applyconfiguration/internal/internal.go
diff --git a/client/openapi/zz_generated.openapi.go b/client/openapi/zz_generated.openapi.go
diff --git a/cmd/main.go b/cmd/main.go
@@ -60,7 +60,6 @@ type params struct {
 	oobUsernamePrefix            string
 	oobTemporaryPasswordSecret   string
 	machineInventoryBootImage    string
-	bootConfigurationNamespace   string
 }
 
 func parseCmdLine() params {
@@ -90,7 +89,6 @@ func parseCmdLine() params {
 	pflag.String("oob-username-prefix", "metal-", "OOB: Use a prefix when creating BMC users. Cannot be empty.")
 	pflag.String("oob-temporary-password-secret", "bmc-temporary-password", "OOB: Secret to store a temporary password in. Will be generated if it does not exist.")
 	pflag.String("machine-inventory-boot-image", "ghcr.io/gardenlinux/gardenlinux:latest", "Machine: boot image to run inventory.")
-	pflag.String("boot-configuration-namespace", "default", "Boot configuration namespace.")
 
 	var help bool
 	pflag.BoolVarP(&help, "help", "h", false, "Show this help message.")
@@ -131,7 +129,6 @@ func parseCmdLine() params {
 		oobUsernamePrefix:            viper.GetString("oob-username-prefix"),
 		oobTemporaryPasswordSecret:   viper.GetString("oob-temporary-password-secret"),
 		machineInventoryBootImage:    viper.GetString("machine-inventory-boot-image"),
-		bootConfigurationNamespace:   viper.GetString("boot-configuration-namespace"),
 	}
 }
 
@@ -306,7 +303,7 @@ func main() {
 
 	if p.enableMachineController {
 		var machineReconciler *controller.MachineReconciler
-		machineReconciler, err = controller.NewMachineReconciler(p.machineInventoryBootImage, p.bootConfigurationNamespace)
+		machineReconciler, err = controller.NewMachineReconciler(p.machineInventoryBootImage)
 		if err != nil {
 			log.Error(ctx, fmt.Errorf("cannot create controller: %w", err), "controller", "Machine")
 			exitCode = 1

diff --git a/config/crd/bases/metal.ironcore.dev_bootconfigurations.yaml b/config/crd/bases/metal.ironcore.dev_bootconfigurations.yaml
@@ -12,7 +12,7 @@ spec:
     listKind: BootConfigurationList
     plural: bootconfigurations
     singular: bootconfiguration
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - jsonPath: .status.state

diff --git a/config/crd/bases/metal.ironcore.dev_machines.yaml b/config/crd/bases/metal.ironcore.dev_machines.yaml
@@ -72,6 +72,24 @@ spec:
             properties:
               asn:
                 type: string
+              bootConfigurationRef:
+                description: |-
+                  LocalObjectReference contains enough information to let you locate the
+                  referenced object inside the same namespace.
+                properties:
+                  name:
+                    default: ""
+                    description: |-
+                      Name of the referent.
+                      This field is effectively required, but due to backwards compatibility is
+                      allowed to be empty. Instances of this type with an empty value here are
+                      almost certainly wrong.
+                      TODO: Add other useful fields. apiVersion, kind, uid?
+                      More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+                      TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+                    type: string
+                type: object
+                x-kubernetes-map-type: atomic
               cleanupRequired:
                 type: boolean
               inventoryRef:

diff --git a/config/rbac/bootconfiguration_editor_role.yaml b/config/rbac/bootconfiguration_editor_role.yaml
@@ -0,0 +1,31 @@
+# permissions for end users to edit inventories.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: bootconfiguration-editor-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: metal
+    app.kubernetes.io/part-of: metal
+    app.kubernetes.io/managed-by: kustomize
+  name: bootconfiguration-editor-role
+rules:
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - bootconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - bootconfigurations/status
+  verbs:
+  - get
diff --git a/config/rbac/bootconfiguration_viewer_role.yaml b/config/rbac/bootconfiguration_viewer_role.yaml
@@ -0,0 +1,27 @@
+# permissions for end users to view inventories.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/name: clusterrole
+    app.kubernetes.io/instance: bootconfiguration-viewer-role
+    app.kubernetes.io/component: rbac
+    app.kubernetes.io/created-by: metal
+    app.kubernetes.io/part-of: metal
+    app.kubernetes.io/managed-by: kustomize
+  name: bootconfiguration-viewer-role
+rules:
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - bootconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - bootconfigurations/status
+  verbs:
+  - get
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -57,6 +57,24 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - bootconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - metal.ironcore.dev
+  resources:
+  - bootconfigurations/status
+  verbs:
+  - get
 - apiGroups:
   - metal.ironcore.dev
   resources:

diff --git a/internal/controller/inventory_controller.go b/internal/controller/inventory_controller.go
@@ -77,7 +77,8 @@ func (r *InventoryReconciler) reconcile(ctx context.Context, inventory metalv1al
 	if machine.Spec.InventoryRef == nil {
 		machineSpecApply := metalv1alpha1apply.MachineSpec().
 			WithPower(metalv1alpha1.PowerOff).
-			WithInventoryRef(corev1.LocalObjectReference{Name: inventory.Name})
+			WithInventoryRef(corev1.LocalObjectReference{Name: inventory.Name}).
+			WithBootConfigurationRef(corev1.LocalObjectReference{})
 		machineApply = machineApply.WithSpec(machineSpecApply)
 		return r.Patch(
 			ctx, machine, ssa.Apply(machineApply), client.FieldOwner(InventoryFieldManager), client.ForceOwnership)