Merge branch 'main' into KU-1602/refresh-worker-certs

canonical · Oct 15, 2024 · 6adb9af · 6adb9af
2 parents 6c139b3 + 9ed3967
commit 6adb9af
Show file tree

Hide file tree

Showing 37 changed files with 1,753 additions and 796 deletions.
diff --git a/bootstrap/api/v1beta2/ck8sconfig_types.go b/bootstrap/api/v1beta2/ck8sconfig_types.go
@@ -51,6 +51,21 @@ type CK8sConfigSpec struct {
 	// +optional
 	AirGapped bool `json:"airGapped,omitempty"`
 
+	// The snap store proxy domain's scheme, e.g. "http" or "https" without "://"
+	// Defaults to "http".
+	// +optional
+	// +kubebuilder:default=http
+	// +kubebuilder:validation:Enum=http;https
+	SnapstoreProxyScheme string `json:"snapstoreProxyScheme,omitempty"`
+
+	// The snap store proxy domain
+	// +optional
+	SnapstoreProxyDomain string `json:"snapstoreProxyDomain,omitempty"`
+
+	// The snap store proxy ID
+	// +optional
+	SnapstoreProxyID string `json:"snapstoreProxyId,omitempty"`
+
 	// CK8sControlPlaneConfig is configuration for the control plane node.
 	// +optional
 	ControlPlaneConfig CK8sControlPlaneConfig `json:"controlPlane,omitempty"`

diff --git a/bootstrap/api/v1beta2/inplace_upgrade_consts.go b/bootstrap/api/v1beta2/inplace_upgrade_consts.go
@@ -1,10 +1,11 @@
 package v1beta2
 
 const (
-	InPlaceUpgradeToAnnotation       = "v1beta2.k8sd.io/in-place-upgrade-to"
-	InPlaceUpgradeStatusAnnotation   = "v1beta2.k8sd.io/in-place-upgrade-status"
-	InPlaceUpgradeReleaseAnnotation  = "v1beta2.k8sd.io/in-place-upgrade-release"
-	InPlaceUpgradeChangeIDAnnotation = "v1beta2.k8sd.io/in-place-upgrade-change-id"
+	InPlaceUpgradeToAnnotation                  = "v1beta2.k8sd.io/in-place-upgrade-to"
+	InPlaceUpgradeStatusAnnotation              = "v1beta2.k8sd.io/in-place-upgrade-status"
+	InPlaceUpgradeReleaseAnnotation             = "v1beta2.k8sd.io/in-place-upgrade-release"
+	InPlaceUpgradeChangeIDAnnotation            = "v1beta2.k8sd.io/in-place-upgrade-change-id"
+	InPlaceUpgradeLastFailedAttemptAtAnnotation = "v1beta2.k8sd.io/in-place-upgrade-last-failed-attempt-at"
 )
 
 const (
@@ -17,4 +18,5 @@ const (
 	InPlaceUpgradeInProgressEvent = "InPlaceUpgradeInProgress"
 	InPlaceUpgradeDoneEvent       = "InPlaceUpgradeDone"
 	InPlaceUpgradeFailedEvent     = "InPlaceUpgradeFailed"
+	InPlaceUpgradeCancelledEvent  = "InPlaceUpgradeCancelled"
 )
diff --git a/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_ck8sconfigs.yaml b/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_ck8sconfigs.yaml
@@ -210,6 +210,21 @@ spec:
                 items:
                   type: string
                 type: array
+              snapstoreProxyDomain:
+                description: The snap store proxy domain
+                type: string
+              snapstoreProxyId:
+                description: The snap store proxy ID
+                type: string
+              snapstoreProxyScheme:
+                default: http
+                description: |-
+                  The snap store proxy domain's scheme, e.g. "http" or "https" without "://"
+                  Defaults to "http".
+                enum:
+                - http
+                - https
+                type: string
               version:
                 description: Version specifies the Kubernetes version.
                 type: string

diff --git a/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_ck8sconfigtemplates.yaml b/bootstrap/config/crd/bases/bootstrap.cluster.x-k8s.io_ck8sconfigtemplates.yaml
@@ -219,6 +219,21 @@ spec:
                         items:
                           type: string
                         type: array
+                      snapstoreProxyDomain:
+                        description: The snap store proxy domain
+                        type: string
+                      snapstoreProxyId:
+                        description: The snap store proxy ID
+                        type: string
+                      snapstoreProxyScheme:
+                        default: http
+                        description: |-
+                          The snap store proxy domain's scheme, e.g. "http" or "https" without "://"
+                          Defaults to "http".
+                        enum:
+                        - http
+                        - https
+                        type: string
                       version:
                         description: Version specifies the Kubernetes version.
                         type: string

diff --git a/bootstrap/config/rbac/role.yaml b/bootstrap/config/rbac/role.yaml
@@ -62,6 +62,19 @@ rules:
   - get
   - list
   - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinedeployments
+  - machinedeployments/status
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - cluster.x-k8s.io
   resources:
@@ -75,6 +88,15 @@ rules:
   - patch
   - update
   - watch
+- apiGroups:
+  - cluster.x-k8s.io
+  resources:
+  - machinesets
+  - machinesets/status
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - exp.cluster.x-k8s.io
   resources:

diff --git a/bootstrap/controllers/certificates_controller.go b/bootstrap/controllers/certificates_controller.go
@@ -233,6 +233,9 @@ func (r *CertificatesReconciler) updateExpiryDateAnnotation(ctx context.Context,
 	}
 
 	mAnnotations := scope.Machine.GetAnnotations()
+	if mAnnotations == nil {
+		mAnnotations = map[string]string{}
+	}
 
 	expiryDateString, err := scope.Workload.GetCertificatesExpiryDate(ctx, scope.Machine, *nodeToken)
 	if err != nil {

diff --git a/bootstrap/controllers/ck8sconfig_controller.go b/bootstrap/controllers/ck8sconfig_controller.go
@@ -258,19 +258,25 @@ func (r *CK8sConfigReconciler) joinControlplane(ctx context.Context, scope *Scop
 		return err
 	}
 
+	snapInstallData := r.resolveInPlaceUpgradeRelease(machine)
+
 	input := cloudinit.JoinControlPlaneInput{
 		BaseUserData: cloudinit.BaseUserData{
-			BootCommands:        scope.Config.Spec.BootCommands,
-			PreRunCommands:      scope.Config.Spec.PreRunCommands,
-			PostRunCommands:     scope.Config.Spec.PostRunCommands,
-			KubernetesVersion:   scope.Config.Spec.Version,
-			ExtraFiles:          cloudinit.FilesFromAPI(files),
-			ConfigFileContents:  string(joinConfig),
-			MicroclusterAddress: scope.Config.Spec.ControlPlaneConfig.MicroclusterAddress,
-			MicroclusterPort:    microclusterPort,
-			AirGapped:           scope.Config.Spec.AirGapped,
-			NodeName:            scope.Config.Spec.NodeName,
-			NodeToken:           *nodeToken,
+			BootCommands:         scope.Config.Spec.BootCommands,
+			PreRunCommands:       scope.Config.Spec.PreRunCommands,
+			PostRunCommands:      scope.Config.Spec.PostRunCommands,
+			KubernetesVersion:    scope.Config.Spec.Version,
+			SnapInstallData:      snapInstallData,
+			ExtraFiles:           cloudinit.FilesFromAPI(files),
+			ConfigFileContents:   string(joinConfig),
+			MicroclusterAddress:  scope.Config.Spec.ControlPlaneConfig.MicroclusterAddress,
+			MicroclusterPort:     microclusterPort,
+			AirGapped:            scope.Config.Spec.AirGapped,
+			SnapstoreProxyScheme: scope.Config.Spec.SnapstoreProxyScheme,
+			SnapstoreProxyDomain: scope.Config.Spec.SnapstoreProxyDomain,
+			SnapstoreProxyID:     scope.Config.Spec.SnapstoreProxyID,
+			NodeName:             scope.Config.Spec.NodeName,
+			NodeToken:            *nodeToken,
 		},
 		JoinToken: joinToken,
 	}
@@ -337,19 +343,25 @@ func (r *CK8sConfigReconciler) joinWorker(ctx context.Context, scope *Scope) err
 		return err
 	}
 
+	snapInstallData := r.resolveInPlaceUpgradeRelease(machine)
+
 	input := cloudinit.JoinWorkerInput{
 		BaseUserData: cloudinit.BaseUserData{
-			BootCommands:        scope.Config.Spec.BootCommands,
-			PreRunCommands:      scope.Config.Spec.PreRunCommands,
-			PostRunCommands:     scope.Config.Spec.PostRunCommands,
-			KubernetesVersion:   scope.Config.Spec.Version,
-			ExtraFiles:          cloudinit.FilesFromAPI(files),
-			ConfigFileContents:  string(joinConfig),
-			MicroclusterAddress: scope.Config.Spec.ControlPlaneConfig.MicroclusterAddress,
-			MicroclusterPort:    microclusterPort,
-			AirGapped:           scope.Config.Spec.AirGapped,
-			NodeName:            scope.Config.Spec.NodeName,
-			NodeToken:           *nodeToken,
+			BootCommands:         scope.Config.Spec.BootCommands,
+			PreRunCommands:       scope.Config.Spec.PreRunCommands,
+			PostRunCommands:      scope.Config.Spec.PostRunCommands,
+			KubernetesVersion:    scope.Config.Spec.Version,
+			SnapInstallData:      snapInstallData,
+			ExtraFiles:           cloudinit.FilesFromAPI(files),
+			ConfigFileContents:   string(joinConfig),
+			MicroclusterAddress:  scope.Config.Spec.ControlPlaneConfig.MicroclusterAddress,
+			MicroclusterPort:     microclusterPort,
+			AirGapped:            scope.Config.Spec.AirGapped,
+			SnapstoreProxyScheme: scope.Config.Spec.SnapstoreProxyScheme,
+			SnapstoreProxyDomain: scope.Config.Spec.SnapstoreProxyDomain,
+			SnapstoreProxyID:     scope.Config.Spec.SnapstoreProxyID,
+			NodeName:             scope.Config.Spec.NodeName,
+			NodeToken:            *nodeToken,
 		},
 		JoinToken: joinToken,
 	}
@@ -391,6 +403,41 @@ func (r *CK8sConfigReconciler) resolveFiles(ctx context.Context, cfg *bootstrapv
 	return collected, nil
 }
 
+func (r *CK8sConfigReconciler) resolveInPlaceUpgradeRelease(machine *clusterv1.Machine) cloudinit.SnapInstallData {
+	mAnnotations := machine.GetAnnotations()
+
+	if mAnnotations != nil {
+		return cloudinit.SnapInstallData{}
+	}
+
+	val, ok := mAnnotations[bootstrapv1.InPlaceUpgradeReleaseAnnotation]
+	if ok {
+		optionKv := strings.Split(val, "=")
+
+		switch optionKv[0] {
+		case "channel":
+			return cloudinit.SnapInstallData{
+				Option: cloudinit.InstallOptionChannel,
+				Value:  optionKv[1],
+			}
+		case "revision":
+			return cloudinit.SnapInstallData{
+				Option: cloudinit.InstallOptionRevision,
+				Value:  optionKv[1],
+			}
+		case "localPath":
+			return cloudinit.SnapInstallData{
+				Option: cloudinit.InstallOptionLocalPath,
+				Value:  optionKv[1],
+			}
+		default:
+			r.Log.Info("Unknown in-place upgrade release option, ignoring", "option", optionKv[0])
+		}
+	}
+
+	return cloudinit.SnapInstallData{}
+}
+
 // resolveSecretFileContent returns file content fetched from a referenced secret object.
 func (r *CK8sConfigReconciler) resolveSecretFileContent(ctx context.Context, ns string, source bootstrapv1.File) ([]byte, error) {
 	secret := &corev1.Secret{}
@@ -529,19 +576,25 @@ func (r *CK8sConfigReconciler) handleClusterNotInitialized(ctx context.Context,
 		return ctrl.Result{}, fmt.Errorf("failed to render k8sd-proxy daemonset: %w", err)
 	}
 
+	snapInstallData := r.resolveInPlaceUpgradeRelease(machine)
+
 	cpinput := cloudinit.InitControlPlaneInput{
 		BaseUserData: cloudinit.BaseUserData{
-			BootCommands:        scope.Config.Spec.BootCommands,
-			PreRunCommands:      scope.Config.Spec.PreRunCommands,
-			PostRunCommands:     scope.Config.Spec.PostRunCommands,
-			KubernetesVersion:   scope.Config.Spec.Version,
-			ExtraFiles:          cloudinit.FilesFromAPI(files),
-			ConfigFileContents:  string(initConfig),
-			MicroclusterAddress: scope.Config.Spec.ControlPlaneConfig.MicroclusterAddress,
-			MicroclusterPort:    microclusterPort,
-			NodeName:            scope.Config.Spec.NodeName,
-			AirGapped:           scope.Config.Spec.AirGapped,
-			NodeToken:           *nodeToken,
+			BootCommands:         scope.Config.Spec.BootCommands,
+			PreRunCommands:       scope.Config.Spec.PreRunCommands,
+			PostRunCommands:      scope.Config.Spec.PostRunCommands,
+			KubernetesVersion:    scope.Config.Spec.Version,
+			SnapInstallData:      snapInstallData,
+			ExtraFiles:           cloudinit.FilesFromAPI(files),
+			ConfigFileContents:   string(initConfig),
+			MicroclusterAddress:  scope.Config.Spec.ControlPlaneConfig.MicroclusterAddress,
+			MicroclusterPort:     microclusterPort,
+			NodeName:             scope.Config.Spec.NodeName,
+			AirGapped:            scope.Config.Spec.AirGapped,
+			SnapstoreProxyScheme: scope.Config.Spec.SnapstoreProxyScheme,
+			SnapstoreProxyDomain: scope.Config.Spec.SnapstoreProxyDomain,
+			SnapstoreProxyID:     scope.Config.Spec.SnapstoreProxyID,
+			NodeToken:            *nodeToken,
 		},
 		AuthToken:          *authToken,
 		K8sdProxyDaemonSet: string(ds),