✨ Add support for Ignition-based bootstrap data and Flatcar Container Linux

Makefile

@@ -86,7 +86,7 @@ RELEASE_TAG ?= $(shell git describe --abbrev=0 2>/dev/null)
 PULL_BASE_REF ?= $(RELEASE_TAG) # PULL_BASE_REF will be provided by Prow
 RELEASE_ALIAS_TAG ?= $(PULL_BASE_REF)
 RELEASE_DIR := out
-RELEASE_POLICIES := $(RELEASE_DIR)/AWSIAMManagedPolicyControllers.json $(RELEASE_DIR)/AWSIAMManagedPolicyControllersWithEKS.json $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderControlPlane.json $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderNodes.json
+RELEASE_POLICIES := $(RELEASE_DIR)/AWSIAMManagedPolicyControllers.json $(RELEASE_DIR)/AWSIAMManagedPolicyControllersWithEKS.json $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderControlPlane.json $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderNodes.json $(RELEASE_DIR)/AWSIAMManagedPolicyControllersWithS3.json
 BRANCH ?= $(shell git rev-parse --abbrev-ref HEAD)
 
 # image name used to build the cmd/clusterawsadm
@@ -524,6 +524,9 @@ $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderControlPlane.json: $(RELEASE_DIR)
 $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderNodes.json: $(RELEASE_DIR) $(CLUSTERAWSADM_SRCS)
 	go run ./cmd/clusterawsadm bootstrap iam print-policy --document AWSIAMManagedPolicyCloudProviderNodes > $(RELEASE_DIR)/AWSIAMManagedPolicyCloudProviderNodes.json
 
+$(RELEASE_DIR)/AWSIAMManagedPolicyControllersWithS3.json: $(RELEASE_DIR) $(CLUSTERAWSADM_SRCS)
+	go run ./cmd/clusterawsadm bootstrap iam print-policy --document AWSIAMManagedPolicyControllers --config hack/s3-clusterawsadm-config.yaml > $@
+
 .PHONY: release-manifests
 release-manifests: ## Release manifest files
 	$(MAKE) $(RELEASE_DIR)/$(CORE_MANIFEST_FILE).yaml TAG=$(RELEASE_TAG) PULL_POLICY=IfNotPresent

api/v1alpha3/awscluster_conversion.go

@@ -54,6 +54,8 @@ func (r *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 		restoreControlPlaneLoadBalancer(restored.Spec.ControlPlaneLoadBalancer, dst.Spec.ControlPlaneLoadBalancer)
 	}
 
+	dst.Spec.S3Bucket = restored.Spec.S3Bucket
+
 	return nil
 }
 
@@ -125,3 +127,7 @@ func Convert_v1beta1_NetworkStatus_To_v1alpha3_Network(in *infrav1.NetworkStatus
 func Convert_v1beta1_AWSLoadBalancerSpec_To_v1alpha3_AWSLoadBalancerSpec(in *infrav1.AWSLoadBalancerSpec, out *AWSLoadBalancerSpec, s apiconversion.Scope) error {
 	return autoConvert_v1beta1_AWSLoadBalancerSpec_To_v1alpha3_AWSLoadBalancerSpec(in, out, s)
 }
+
+func Convert_v1beta1_AWSClusterSpec_To_v1alpha3_AWSClusterSpec(in *infrav1.AWSClusterSpec, out *AWSClusterSpec, s apiconversion.Scope) error {
+	return autoConvert_v1beta1_AWSClusterSpec_To_v1alpha3_AWSClusterSpec(in, out, s)
+}

api/v1alpha3/awsmachine_conversion.go

@@ -40,6 +40,8 @@ func (r *AWSMachine) ConvertTo(dstRaw conversion.Hub) error {
 
 	restoreSpec(&restored.Spec, &dst.Spec)
 
+	dst.Spec.Ignition = restored.Spec.Ignition
+
 	return nil
 }
 
@@ -100,6 +102,7 @@ func (r *AWSMachineTemplate) ConvertTo(dstRaw conversion.Hub) error {
 	}
 
 	dst.Spec.Template.ObjectMeta = restored.Spec.Template.ObjectMeta
+	dst.Spec.Template.Spec.Ignition = restored.Spec.Template.Spec.Ignition
 
 	restoreSpec(&restored.Spec.Template.Spec, &dst.Spec.Template.Spec)
 

api/v1alpha4/awscluster_conversion.go

@@ -45,6 +45,8 @@ func (src *AWSCluster) ConvertTo(dstRaw conversion.Hub) error {
 		restoreControlPlaneLoadBalancer(restored.Spec.ControlPlaneLoadBalancer, dst.Spec.ControlPlaneLoadBalancer)
 	}
 
+	dst.Spec.S3Bucket = restored.Spec.S3Bucket
+
 	return nil
 }
 

api/v1alpha4/awsmachine_conversion.go

@@ -18,6 +18,7 @@ package v1alpha4
 
 import (
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
+	"sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"
 	infrav1 "sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
@@ -26,14 +27,31 @@ import (
 // ConvertTo converts the v1alpha4 AWSMachine receiver to a v1beta1 AWSMachine.
 func (src *AWSMachine) ConvertTo(dstRaw conversion.Hub) error {
 	dst := dstRaw.(*infrav1.AWSMachine)
-	return Convert_v1alpha4_AWSMachine_To_v1beta1_AWSMachine(src, dst, nil)
+	if err := Convert_v1alpha4_AWSMachine_To_v1beta1_AWSMachine(src, dst, nil); err != nil {
+		return err
+	}
+
+	// Manually restore data.
+	restored := &v1beta1.AWSMachine{}
+	if ok, err := utilconversion.UnmarshalData(src, restored); err != nil || !ok {
+		return err
+	}
+
+	dst.Spec.Ignition = restored.Spec.Ignition
+
+	return nil
 }
 
 // ConvertFrom converts the v1beta1 AWSMachine to a v1alpha4 AWSMachine.
 func (dst *AWSMachine) ConvertFrom(srcRaw conversion.Hub) error {
 	src := srcRaw.(*infrav1.AWSMachine)
 
-	return Convert_v1beta1_AWSMachine_To_v1alpha4_AWSMachine(src, dst, nil)
+	if err := Convert_v1beta1_AWSMachine_To_v1alpha4_AWSMachine(src, dst, nil); err != nil {
+		return err
+	}
+
+	// Preserve Hub data on down-conversion except for metadata.
+	return utilconversion.MarshalData(src, dst)
 }
 
 // ConvertTo converts the v1alpha4 AWSMachineList receiver to a v1beta1 AWSMachineList.
@@ -64,6 +82,7 @@ func (r *AWSMachineTemplate) ConvertTo(dstRaw conversion.Hub) error {
 	}
 
 	dst.Spec.Template.ObjectMeta = restored.Spec.Template.ObjectMeta
+	dst.Spec.Template.Spec.Ignition = restored.Spec.Template.Spec.Ignition
 
 	return nil
 }
@@ -100,3 +119,7 @@ func (dst *AWSMachineTemplateList) ConvertFrom(srcRaw conversion.Hub) error {
 func Convert_v1beta1_AWSMachineTemplateResource_To_v1alpha4_AWSMachineTemplateResource(in *infrav1.AWSMachineTemplateResource, out *AWSMachineTemplateResource, s apiconversion.Scope) error {
 	return autoConvert_v1beta1_AWSMachineTemplateResource_To_v1alpha4_AWSMachineTemplateResource(in, out, s)
 }
+
+func Convert_v1beta1_AWSMachineSpec_To_v1alpha4_AWSMachineSpec(in *v1beta1.AWSMachineSpec, out *AWSMachineSpec, s apiconversion.Scope) error {
+	return autoConvert_v1beta1_AWSMachineSpec_To_v1alpha4_AWSMachineSpec(in, out, s)
+}

api/v1alpha4/conversion.go

@@ -18,6 +18,8 @@ package v1alpha4
 
 import (
 	apiconversion "k8s.io/apimachinery/pkg/conversion"
+	conversion "k8s.io/apimachinery/pkg/conversion"
+	v1beta1 "sigs.k8s.io/cluster-api-provider-aws/api/v1beta1"
 	clusterv1alpha4 "sigs.k8s.io/cluster-api/api/v1alpha4"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
@@ -31,3 +33,7 @@ func Convert_v1alpha4_ObjectMeta_To_v1beta1_ObjectMeta(in *clusterv1alpha4.Objec
 func Convert_v1beta1_ObjectMeta_To_v1alpha4_ObjectMeta(in *clusterv1.ObjectMeta, out *clusterv1alpha4.ObjectMeta, s apiconversion.Scope) error {
 	return clusterv1alpha4.Convert_v1beta1_ObjectMeta_To_v1alpha4_ObjectMeta(in, out, s)
 }
+
+func Convert_v1beta1_AWSClusterSpec_To_v1alpha4_AWSClusterSpec(in *v1beta1.AWSClusterSpec, out *AWSClusterSpec, s conversion.Scope) error {
+	return autoConvert_v1beta1_AWSClusterSpec_To_v1alpha4_AWSClusterSpec(in, out, s)
+}

api/v1beta1/awscluster_types.go

@@ -90,6 +90,13 @@ type AWSClusterSpec struct {
 	// IdentityRef is a reference to a identity to be used when reconciling this cluster
 	// +optional
 	IdentityRef *AWSIdentityReference `json:"identityRef,omitempty"`
+
+	// S3Bucket contains options to configure a supporting S3 bucket for this
+	// cluster - currently used for nodes requiring Ignition
+	// (https://coreos.github.io/ignition/) for bootstrapping (requires
+	// BootstrapFormatIgnition feature flag to be enabled).
+	// +optional
+	S3Bucket *S3Bucket `json:"s3Bucket,omitempty"`
 }
 
 // AWSIdentityKind defines allowed AWS identity types.
@@ -198,6 +205,22 @@ type AWSClusterStatus struct {
 	Conditions     clusterv1.Conditions     `json:"conditions,omitempty"`
 }
 
+type S3Bucket struct {
+	// ControlPlaneIAMInstanceProfile is a name of the IAMInstanceProfile, which will be allowed
+	// to read control-plane node bootstrap data from S3 Bucket.
+	ControlPlaneIAMInstanceProfile string `json:"controlPlaneIAMInstanceProfile"`
+
+	// NodesIAMInstanceProfiles is a list of IAM instance profiles, which will be allowed to read
+	// worker nodes bootstrap data from S3 Bucket.
+	NodesIAMInstanceProfiles []string `json:"nodesIAMInstanceProfiles"`
+
+	// Name defines name of S3 Bucket to be created.
+	// +kubebuilder:validation:MinLength:=3
+	// +kubebuilder:validation:MaxLength:=63
+	// +kubebuilder:validation:Pattern=`^[a-z0-9][a-z0-9.-]{1,61}[a-z0-9]$`
+	Name string `json:"name"`
+}
+
 // +kubebuilder:object:root=true
 // +kubebuilder:resource:path=awsclusters,scope=Namespaced,categories=cluster-api,shortName=awsc
 // +kubebuilder:storageversion

api/v1beta1/awscluster_webhook.go

@@ -55,6 +55,7 @@ func (r *AWSCluster) ValidateCreate() error {
 	allErrs = append(allErrs, r.Spec.Bastion.Validate()...)
 	allErrs = append(allErrs, r.validateSSHKeyName()...)
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
+	allErrs = append(allErrs, r.Spec.S3Bucket.Validate()...)
 
 	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }
@@ -164,6 +165,7 @@ func (r *AWSCluster) ValidateUpdate(old runtime.Object) error {
 
 	allErrs = append(allErrs, r.Spec.Bastion.Validate()...)
 	allErrs = append(allErrs, r.Spec.AdditionalTags.Validate()...)
+	allErrs = append(allErrs, r.Spec.S3Bucket.Validate()...)
 
 	return aggregateObjErrors(r.GroupVersionKind().GroupKind(), r.Name, allErrs)
 }