feat: add extended hardware information to Server and ServerClass CRDs

This change adds detailed hardware information to the Server CRD.
Hardware info is extracted by the agent from SMBIOS.
The ServerClass CRD is also updated so more precise qualifiers can be used.

Signed-off-by: Gerard de Leeuw <[email protected]>

Dockerfile

@@ -70,6 +70,7 @@ RUN --mount=type=cache,target=/.cache controller-gen \
 FROM scratch AS manifests
 COPY --from=manifests-build /src/app/caps-controller-manager/config ./app/caps-controller-manager/config
 COPY --from=manifests-build /src/app/sidero-controller-manager/config ./app/sidero-controller-manager/config
+COPY --from=manifests-build /src/app/webhook-server/config ./app/webhook-server/config
 
 FROM base AS generate-build
 COPY ./app/sidero-controller-manager/internal/api/api.proto \
@@ -79,6 +80,7 @@ RUN protoc -I/src/app/sidero-controller-manager/internal/api \
   api.proto
 RUN --mount=type=cache,target=/.cache controller-gen object:headerFile="./hack/boilerplate.go.txt" paths="./..."
 RUN --mount=type=cache,target=/.cache conversion-gen --input-dirs="./app/caps-controller-manager/api/v1alpha2" --output-base ./ --output-file-base="zz_generated.conversion" --go-header-file="./hack/boilerplate.go.txt"
+RUN --mount=type=cache,target=/.cache conversion-gen --input-dirs="./app/sidero-controller-manager/api/v1alpha1" --output-base ./ --output-file-base="zz_generated.conversion" --go-header-file="./hack/boilerplate.go.txt"
 ARG MODULE
 RUN --mount=type=cache,target=/.cache gofumports -w -local ${MODULE} .
 
@@ -94,12 +96,15 @@ COPY ./config ./config
 COPY ./templates ./templates
 COPY ./app/caps-controller-manager/config ./app/caps-controller-manager/config
 COPY ./app/sidero-controller-manager/config ./app/sidero-controller-manager/config
+COPY ./app/webhook-server/config ./app/webhook-server/config
 ARG REGISTRY_AND_USERNAME
 ARG TAG
 RUN cd ./app/caps-controller-manager/config/manager \
   && kustomize edit set image controller=${REGISTRY_AND_USERNAME}/caps-controller-manager:${TAG}
 RUN cd ./app/sidero-controller-manager/config/manager \
   && kustomize edit set image controller=${REGISTRY_AND_USERNAME}/sidero-controller-manager:${TAG}
+RUN cd ./app/webhook-server/config/webhook-server \
+  && kustomize edit set image controller=${REGISTRY_AND_USERNAME}/webhook-server:${TAG}
 RUN kustomize build config > /infrastructure-components.yaml \
   && cp ./config/metadata/metadata.yaml /metadata.yaml \
   && cp ./templates/cluster-template.yaml /cluster-template.yaml
@@ -217,6 +222,23 @@ FROM sidero-controller-manager-image AS sidero-controller-manager
 LABEL org.opencontainers.image.source https://github.com/talos-systems/sidero
 ENTRYPOINT [ "/manager" ]
 
+FROM base AS build-webhook-server
+ARG TALOS_RELEASE
+ARG TARGETARCH
+ARG GO_BUILDFLAGS
+ARG GO_LDFLAGS
+RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=${TARGETARCH} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS} -X main.TalosRelease=${TALOS_RELEASE}" -o /webhook-server ./app/webhook-server
+RUN chmod +x /webhook-server
+
+FROM scratch AS webhook-server
+COPY --from=pkg-ca-certificates / /
+COPY --from=pkg-fhs / /
+COPY --from=pkg-musl / /
+COPY --from=pkg-libressl / /
+COPY --from=build-webhook-server /webhook-server /webhook-server
+LABEL org.opencontainers.image.source https://github.com/talos-systems/sidero
+ENTRYPOINT [ "/webhook-server" ]
+
 FROM base AS unit-tests-runner
 ARG TEST_PKGS
 RUN --mount=type=cache,target=/.cache --mount=type=cache,id=testspace,target=/tmp --mount=type=cache,target=/root/.cache/go-build go test -v -covermode=atomic -coverprofile=coverage.txt -count 1 ${TEST_PKGS}

Makefile

@@ -56,7 +56,7 @@ COMMON_ARGS += --build-arg=CGO_ENABLED=$(CGO_ENABLED)
 COMMON_ARGS += --build-arg=GO_BUILDFLAGS="$(GO_BUILDFLAGS)"
 COMMON_ARGS += --build-arg=GO_LDFLAGS="$(GO_LDFLAGS)"
 
-all: manifests generate caps-controller-manager sidero-controller-manager sfyra
+all: manifests generate caps-controller-manager sidero-controller-manager webhook-server sfyra
 
 
 # Help Menu
@@ -139,6 +139,10 @@ caps-controller-manager: ## Build the CAPI provider container image.
 sidero-controller-manager: ## Build the CAPI provider container image.
 	@$(MAKE) docker-$@ TARGET_ARGS="--push=$(PUSH)" NAME="$@"
 
+.PHONY: webhook-server
+webhook-server: ## Build the webhook server container image.
+	@$(MAKE) docker-$@ TARGET_ARGS="--push=$(PUSH)" NAME="$@"
+
 .PHONY: release-notes
 release-notes:
 	@mkdir -p $(ARTIFACTS)

app/caps-controller-manager/config/crd/kustomizeconfig.yaml

@@ -1,17 +1,11 @@
 # This file is for teaching kustomize how to substitute name and namespace reference in CRD
 nameReference:
-- kind: Service
-  version: v1
-  fieldSpecs:
-  - kind: CustomResourceDefinition
-    group: apiextensions.k8s.io
-    path: spec/conversion/webhook/clientConfig/service/name
-
-namespace:
-- kind: CustomResourceDefinition
-  group: apiextensions.k8s.io
-  path: spec/conversion/webhook/clientConfig/service/namespace
-  create: false
+  - kind: Service
+    version: v1
+    fieldSpecs:
+      - kind: CustomResourceDefinition
+        group: apiextensions.k8s.io
+        path: spec/conversion/webhook/clientConfig/service/name
 
 varReference:
-- path: metadata/annotations
+  - path: metadata/annotations

app/caps-controller-manager/config/default/kustomization.yaml

@@ -6,44 +6,7 @@ namePrefix: caps-
 commonLabels:
   cluster.x-k8s.io/provider: "control-plane-talos"
 
-bases:
+resources:
   - ../crd
-  - ../certmanager
-  - ../webhook
   - ../rbac
   - ../manager
-
-patchesStrategicMerge:
-  - manager_webhook_patch.yaml
-#  - webhookcainjection_patch.yaml
-
-vars:
-  - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: CERTIFICATE_NAME
-    objref:
-      kind: Certificate
-      group: cert-manager.io
-      version: v1
-      name: serving-cert # this name should match the one in certificate.yaml
-  - name: SERVICE_NAMESPACE # namespace of the service
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-    fieldref:
-      fieldpath: metadata.namespace
-  - name: SERVICE_NAME
-    objref:
-      kind: Service
-      version: v1
-      name: webhook-service
-
-configurations:
-  - kustomizeconfig.yaml

app/caps-controller-manager/config/manager/manager.yaml

@@ -30,16 +30,17 @@ spec:
             requests:
               cpu: 100m
               memory: 128Mi
-          ports:
-            - containerPort: 9440
-              name: healthz
-              protocol: TCP
-          readinessProbe:
-            httpGet:
-              path: /readyz
-              port: healthz
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: healthz
+           # lion7: re-enable the below section when there are actual health checks implemented
+#          ports:
+#            - containerPort: 9440
+#              name: healthz
+#              protocol: TCP
+#          readinessProbe:
+#            httpGet:
+#              path: /readyz
+#              port: healthz
+#          livenessProbe:
+#            httpGet:
+#              path: /healthz
+#              port: healthz
       terminationGracePeriodSeconds: 10

app/caps-controller-manager/controllers/metalmachine_controller.go

@@ -35,7 +35,7 @@ import (
 
 	infrav1 "github.com/talos-systems/sidero/app/caps-controller-manager/api/v1alpha3"
 	"github.com/talos-systems/sidero/app/caps-controller-manager/pkg/constants"
-	metalv1alpha1 "github.com/talos-systems/sidero/app/sidero-controller-manager/api/v1alpha1"
+	metalv1 "github.com/talos-systems/sidero/app/sidero-controller-manager/api/v1alpha2"
 )
 
 var ErrNoServersInServerClass = errors.New("no servers available in serverclass")
@@ -265,7 +265,7 @@ func (r *MetalMachineReconciler) SetupWithManager(ctx context.Context, mgr ctrl.
 		Complete(r)
 }
 
-func (r *MetalMachineReconciler) fetchServerFromClass(ctx context.Context, logger logr.Logger, classRef *corev1.ObjectReference, metalMachine *infrav1.MetalMachine) (*metalv1alpha1.Server, error) {
+func (r *MetalMachineReconciler) fetchServerFromClass(ctx context.Context, logger logr.Logger, classRef *corev1.ObjectReference, metalMachine *infrav1.MetalMachine) (*metalv1.Server, error) {
 	// First, check if there is already existing serverBinding for this metalmachine
 	var serverBindingList infrav1.ServerBindingList
 
@@ -276,7 +276,7 @@ func (r *MetalMachineReconciler) fetchServerFromClass(ctx context.Context, logge
 	for _, serverBinding := range serverBindingList.Items {
 		if serverBinding.Spec.MetalMachineRef.Namespace == metalMachine.Namespace && serverBinding.Spec.MetalMachineRef.Name == metalMachine.Name {
 			// found existing serverBinding for this metalMachine
-			var server metalv1alpha1.Server
+			var server metalv1.Server
 
 			if err := r.Get(ctx, types.NamespacedName{Namespace: serverBinding.Namespace, Name: serverBinding.Name}, &server); err != nil {
 				return nil, err
@@ -302,7 +302,7 @@ func (r *MetalMachineReconciler) fetchServerFromClass(ctx context.Context, logge
 	// NB: we added this loop to double check that an available server isn't "in use" because
 	//     we saw raciness between server selection and it being removed from the ServersAvailable list.
 	for _, availServer := range serverClassResource.Status.ServersAvailable {
-		serverObj := &metalv1alpha1.Server{}
+		serverObj := &metalv1.Server{}
 
 		namespacedName := types.NamespacedName{
 			Namespace: "",
@@ -408,7 +408,7 @@ func (r *MetalMachineReconciler) patchProviderID(ctx context.Context, cluster *c
 }
 
 // createServerBinding updates a server to mark it as "in use" via ServerBinding resource.
-func (r *MetalMachineReconciler) createServerBinding(ctx context.Context, serverClass *metalv1alpha1.ServerClass, serverObj *metalv1alpha1.Server, metalMachine *infrav1.MetalMachine) error {
+func (r *MetalMachineReconciler) createServerBinding(ctx context.Context, serverClass *metalv1.ServerClass, serverObj *metalv1.Server, metalMachine *infrav1.MetalMachine) error {
 	serverRef, err := reference.GetReference(r.Scheme, serverObj)
 	if err != nil {
 		return err
@@ -445,8 +445,8 @@ func (r *MetalMachineReconciler) createServerBinding(ctx context.Context, server
 	return err
 }
 
-func (r *MetalMachineReconciler) fetchServerClass(ctx context.Context, classRef *corev1.ObjectReference) (*metalv1alpha1.ServerClass, error) {
-	serverClassResource := &metalv1alpha1.ServerClass{}
+func (r *MetalMachineReconciler) fetchServerClass(ctx context.Context, classRef *corev1.ObjectReference) (*metalv1.ServerClass, error) {
+	serverClassResource := &metalv1.ServerClass{}
 
 	namespacedName := types.NamespacedName{
 		Namespace: classRef.Namespace,

app/caps-controller-manager/controllers/serverbinding_controller.go

@@ -23,7 +23,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/source"
 
 	infrav1 "github.com/talos-systems/sidero/app/caps-controller-manager/api/v1alpha3"
-	metalv1alpha1 "github.com/talos-systems/sidero/app/sidero-controller-manager/api/v1alpha1"
+	metalv1 "github.com/talos-systems/sidero/app/sidero-controller-manager/api/v1alpha2"
 )
 
 // ServerBindingReconciler reconciles a ServerBinding object.
@@ -75,7 +75,7 @@ func (r *ServerBindingReconciler) Reconcile(ctx context.Context, req ctrl.Reques
 		}
 	}()
 
-	var server metalv1alpha1.Server
+	var server metalv1.Server
 
 	err = r.Get(ctx, req.NamespacedName, &server)
 	if err != nil {
@@ -190,7 +190,7 @@ func (r *ServerBindingReconciler) reconcileTransition(ctx context.Context, logge
 		return ctrl.Result{}, nil
 	}
 
-	var server metalv1alpha1.Server
+	var server metalv1.Server
 
 	if err = r.Get(ctx, req.NamespacedName, &server); err != nil {
 		if apierrors.IsNotFound(err) {