Add IgnitionSecretRef to IgnitionConfig

ironcore-dev · Nov 13, 2024 · 89ef9f3 · 89ef9f3
1 parent 1a522ff
commit 89ef9f3
Show file tree

Hide file tree

Showing 8 changed files with 78 additions and 10 deletions.
diff --git a/hack/api-reference/api.md b/hack/api-reference/api.md
@@ -341,6 +341,18 @@ string
 </tr>
 <tr>
 <td>
+<code>ignitionSecret</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IgnitionSecret is a reference to a secret containing the ignition config.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>override</code></br>
 <em>
 bool

diff --git a/hack/api-reference/config.md b/hack/api-reference/config.md
@@ -46,7 +46,9 @@ string
 <td>
 <code>clientConnection</code></br>
 <em>
-invalid type
+<a href="https://godoc.org/k8s.io/component-base/config/v1alpha1#ClientConnectionConfiguration">
+Kubernetes v1alpha1.ClientConnectionConfiguration
+</a>
 </em>
 </td>
 <td>
@@ -72,7 +74,9 @@ ETCD
 <td>
 <code>healthCheckConfig</code></br>
 <em>
-invalid type
+<a href="https://github.com/gardener/gardener/extensions/pkg/apis/config">
+github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1.HealthCheckConfig
+</a>
 </em>
 </td>
 <td>
@@ -205,7 +209,9 @@ string
 <td>
 <code>capacity</code></br>
 <em>
-invalid type
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/api/resource#Quantity">
+k8s.io/apimachinery/pkg/api/resource.Quantity
+</a>
 </em>
 </td>
 <td>

diff --git a/pkg/apis/metal/types_worker.go b/pkg/apis/metal/types_worker.go
@@ -47,6 +47,7 @@ type MachineImage struct {
 
 // IgnitionConfig contains ignition settings.
 type IgnitionConfig struct {
-	Raw      string
-	Override bool
+	Raw            string
+	IgnitionSecret string
+	Override       bool
 }
diff --git a/pkg/apis/metal/v1alpha1/types_worker.go b/pkg/apis/metal/v1alpha1/types_worker.go
@@ -54,6 +54,10 @@ type IgnitionConfig struct {
 	// +optional
 	Raw string `json:"raw,omitempty"`
 
+	// IgnitionSecret is a reference to a secret containing the ignition config.
+	// +optional
+	IgnitionSecret string `json:"ignitionSecret,omitempty"`
+
 	// Override configures, if ignition keys set by the os-extension are overridden
 	// by extra ignition.
 	// +optional

diff --git a/pkg/apis/metal/v1alpha1/zz_generated.conversion.go b/pkg/apis/metal/v1alpha1/zz_generated.conversion.go
diff --git a/pkg/controller/worker/machines.go b/pkg/controller/worker/machines.go
@@ -118,8 +118,12 @@ func (w *workerDelegate) generateMachineClassAndSecrets(ctx context.Context) ([]
 			metal.ImageFieldName:        machineImage,
 			metal.ServerLabelsFieldName: serverLabels,
 		}
-		if workerConfig.ExtraIgnition != nil {
-			machineClassProviderSpec[metal.IgnitionFieldName] = workerConfig.ExtraIgnition.Raw
+		if workerConfig.ExtraIgnition != nil && (workerConfig.ExtraIgnition.Raw != "" || workerConfig.ExtraIgnition.IgnitionSecret != "") {
+			mergedIgnition, err := w.getMergedIgnitionConfig(ctx, workerConfig)
+			if err != nil {
+				return nil, nil, err
+			}
+			machineClassProviderSpec[metal.IgnitionFieldName] = mergedIgnition
 			machineClassProviderSpec[metal.IgnitionOverrideFieldName] = workerConfig.ExtraIgnition.Override
 		}
 
@@ -227,3 +231,28 @@ func (w *workerDelegate) getServerLabelsForMachine(machineType string, workerCon
 	}
 	return combinedLabels, nil
 }
+
+func (w *workerDelegate) getMergedIgnitionConfig(ctx context.Context, workerConfig *metalv1alpha1.WorkerConfig) (string, error) {
+	var mergedIgnition string
+
+	if workerConfig.ExtraIgnition.Raw != "" {
+		mergedIgnition = workerConfig.ExtraIgnition.Raw
+	}
+
+	if workerConfig.ExtraIgnition.IgnitionSecret != "" {
+		secret := &corev1.Secret{}
+		secretKey := client.ObjectKey{Namespace: w.worker.Namespace, Name: workerConfig.ExtraIgnition.IgnitionSecret}
+		if err := w.client.Get(ctx, secretKey, secret); err != nil {
+			return "", fmt.Errorf("failed to get ignition secret %s: %w", workerConfig.ExtraIgnition.IgnitionSecret, err)
+		}
+
+		secretContent, ok := secret.Data["ignition"]
+		if !ok {
+			return "", fmt.Errorf("ignition key not found in secret %s", workerConfig.ExtraIgnition.IgnitionSecret)
+		}
+
+		mergedIgnition += string(secretContent)
+	}
+
+	return mergedIgnition, nil
+}
diff --git a/pkg/controller/worker/machines_test.go b/pkg/controller/worker/machines_test.go
@@ -76,7 +76,7 @@ var _ = Describe("Machines", func() {
 					"foo":  "bar",
 					"foo1": "bar1",
 				},
-				metal.IgnitionFieldName:         "abc",
+				metal.IgnitionFieldName:         "abcdef",
 				metal.IgnitionOverrideFieldName: true,
 			}
 

diff --git a/pkg/controller/worker/suite_test.go b/pkg/controller/worker/suite_test.go
@@ -115,6 +115,7 @@ var _ = BeforeSuite(func() {
 func SetupTest() (*corev1.Namespace, *gardener.ChartApplier) {
 	var chartApplier gardener.ChartApplier
 	ns := &corev1.Namespace{}
+	ign := &corev1.Secret{}
 
 	BeforeEach(func(ctx SpecContext) {
 		var err error
@@ -132,13 +133,26 @@ func SetupTest() (*corev1.Namespace, *gardener.ChartApplier) {
 		volumeName := "test-volume"
 		volumeType := "fast"
 
+		*ign = corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				GenerateName: "testign-",
+				Namespace:    ns.Name,
+			},
+			Data: map[string][]byte{
+				"ignition": []byte("def"),
+			},
+		}
+		Expect(k8sClient.Create(ctx, ign)).To(Succeed(), "failed to create test ignition secret")
+		DeferCleanup(k8sClient.Delete, ign)
+
 		workerConfig = &apiv1alpha1.WorkerConfig{
 			ExtraServerLabels: map[string]string{
 				"foo1": "bar1",
 			},
 			ExtraIgnition: &apiv1alpha1.IgnitionConfig{
-				Raw:      "abc",
-				Override: true,
+				Raw:            "abc",
+				IgnitionSecret: ign.Name,
+				Override:       true,
 			},
 		}
 		workerConfigJSON, _ = json.Marshal(workerConfig)