Add OOB controller

ironcore-dev · Apr 17, 2024 · 26ce430 · 26ce430
1 parent 0587a49
commit 26ce430
Show file tree

Hide file tree

Showing 10 changed files with 1,090 additions and 11 deletions.
diff --git a/cmd/main.go b/cmd/main.go
@@ -47,6 +47,10 @@ type params struct {
 	enableMachineController      bool
 	enableMachineClaimController bool
 	enableOOBController          bool
+	oobIpLabelSelector           string
+	oobMacDB                     string
+	oobUsernamePrefix            string
+	oobTemporaryPasswordSecret   string
 	enableOOBSecretController    bool
 }
 
@@ -66,6 +70,10 @@ func parseCmdLine() params {
 	pflag.Bool("enable-machine-controller", true, "Enable the Machine controller.")
 	pflag.Bool("enable-machineclaim-controller", true, "Enable the MachineClaim controller.")
 	pflag.Bool("enable-oob-controller", true, "Enable the OOB controller.")
+	pflag.String("oob-ip-label-selector", "", "OOB: Filter IP objects by labels.")
+	pflag.String("oob-mac-db", "", "OOB: Load MAC DB from file.")
+	pflag.String("oob-username-prefix", "metal-", "OOB: Use a prefix when creating BMC users. Cannot be empty.")
+	pflag.String("oob-temporary-password-secret", "bmc-temporary-password", "OOB: Secret to store a temporary password in. Will be generated if it does not exist.")
 	pflag.Bool("enable-oobsecret-controller", true, "Enable the OOBSecret controller.")
 
 	var help bool
@@ -96,6 +104,10 @@ func parseCmdLine() params {
 		enableMachineController:      viper.GetBool("enable-machine-controller"),
 		enableMachineClaimController: viper.GetBool("enable-machineclaim-controller"),
 		enableOOBController:          viper.GetBool("enable-oob-controller"),
+		oobIpLabelSelector:           viper.GetString("oob-ip-label-selector"),
+		oobMacDB:                     viper.GetString("oob-mac-db"),
+		oobUsernamePrefix:            viper.GetString("oob-username-prefix"),
+		oobTemporaryPasswordSecret:   viper.GetString("oob-temporary-password-secret"),
 		enableOOBSecretController:    viper.GetBool("enable-oobsecret-controller"),
 	}
 }
@@ -247,7 +259,7 @@ func main() {
 
 	if p.enableOOBController {
 		var oobReconciler *controller.OOBReconciler
-		oobReconciler, err = controller.NewOOBReconciler()
+		oobReconciler, err = controller.NewOOBReconciler(p.systemNamespace, p.oobIpLabelSelector, p.oobMacDB, p.oobUsernamePrefix, p.oobTemporaryPasswordSecret)
 		if err != nil {
 			log.Error(ctx, fmt.Errorf("cannot create controller: %w", err), "controller", "OOB")
 			exitCode = 1

diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -4,6 +4,27 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  verbs:
+  - get
+  - list
+- apiGroups:
+  - ipam.metal.ironcore.dev
+  resources:
+  - ips
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - ipam.metal.ironcore.dev
+  resources:
+  - ips/status
+  verbs:
+  - get
 - apiGroups:
   - metal.ironcore.dev
   resources:

diff --git a/go.mod b/go.mod
@@ -13,8 +13,10 @@ require (
 	github.com/onsi/ginkgo/v2 v2.17.1
 	github.com/onsi/gomega v1.32.0
 	github.com/rs/zerolog v1.32.0
+	github.com/sethvargo/go-password v0.2.0
 	github.com/spf13/pflag v1.0.5
 	github.com/spf13/viper v1.18.2
+	gopkg.in/yaml.v3 v3.0.1
 	k8s.io/api v0.29.4
 	k8s.io/apimachinery v0.29.4
 	k8s.io/client-go v0.29.4
@@ -235,7 +237,6 @@ require (
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gopkg.in/yaml.v3 v3.0.1 // indirect
 	honnef.co/go/tools v0.4.7 // indirect
 	k8s.io/apiextensions-apiserver v0.29.2 // indirect
 	k8s.io/component-base v0.29.2 // indirect

diff --git a/go.sum b/go.sum
@@ -539,6 +539,8 @@ github.com/securego/gosec/v2 v2.19.0 h1:gl5xMkOI0/E6Hxx0XCY2XujA3V7SNSefA8sC+3f1
 github.com/securego/gosec/v2 v2.19.0/go.mod h1:hOkDcHz9J/XIgIlPDXalxjeVYsHxoWUc5zJSHxcB8YM=
 github.com/sergi/go-diff v1.2.0 h1:XU+rvMAioB0UC3q1MFrIQy4Vo5/4VsRDQQXHsEya6xQ=
 github.com/sergi/go-diff v1.2.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM=
+github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI=
+github.com/sethvargo/go-password v0.2.0/go.mod h1:Ym4Mr9JXLBycr02MFuVQ/0JHidNetSgbzutTr3zsYXE=
 github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU=
 github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c/go.mod h1:/PevMnwAxekIXwN8qQyfc5gl2NlkB3CQlkizAbOkeBs=
 github.com/shurcooL/go v0.0.0-20180423040247-9e1955d9fb6e/go.mod h1:TDJrrUr11Vxrven61rcy3hJMUqaf/CLWYhHNPmT14Lk=

diff --git a/internal/bmc/bmc.go b/internal/bmc/bmc.go
@@ -0,0 +1,9 @@
+// SPDX-FileCopyrightText: 2024 SAP SE or an SAP affiliate company and IronCore contributors
+// SPDX-License-Identifier: Apache-2.0
+
+package bmc
+
+type Credentials struct {
+	Username string `yaml:"username"`
+	Password string `yaml:"password"`
+}
diff --git a/internal/controller/indexes.go b/internal/controller/indexes.go
@@ -27,5 +27,16 @@ func CreateIndexes(ctx context.Context, mgr manager.Manager) error {
 		return fmt.Errorf("cannot index field %s: %w", MachineClaimSpecMachineRef, err)
 	}
 
+	err = indexer.IndexField(ctx, &metalv1alpha1.OOB{}, OOBSpecMACAddress, func(obj client.Object) []string {
+		oob := obj.(*metalv1alpha1.OOB)
+		if oob.Spec.MACAddress == "" {
+			return nil
+		}
+		return []string{oob.Spec.MACAddress}
+	})
+	if err != nil {
+		return fmt.Errorf("cannot index field %s: %w", OOBSpecMACAddress, err)
+	}
+
 	return nil
 }