feat: new imageRepository patch

Author: dkoshkin

api/v1alpha1/clusterconfig_types.go

@@ -25,6 +25,9 @@ type ClusterConfigSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
+	// +optional
+	ImageRepository *ImageRepository `json:"imageRepository,omitempty"`
+
 	// +optional
 	Proxy *HTTPProxy `json:"proxy,omitempty"`
 
@@ -38,13 +41,30 @@ func (ClusterConfigSpec) VariableSchema() clusterv1.VariableSchema {
 			Description: "Cluster configuration",
 			Type:        "object",
 			Properties: map[string]clusterv1.JSONSchemaProps{
+				"imageRepository":        ImageRepository("").VariableSchema().OpenAPIV3Schema,
 				"proxy":                  HTTPProxy{}.VariableSchema().OpenAPIV3Schema,
 				"extraAPIServerCertSANs": ExtraAPIServerCertSANs{}.VariableSchema().OpenAPIV3Schema,
 			},
 		},
 	}
 }
 
+// ImageRepository required for overriding Kubernetes image repository.
+type ImageRepository string
+
+func (ImageRepository) VariableSchema() clusterv1.VariableSchema {
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Description: "Sets the imageRepository used for the KubeadmControlPlane.",
+			Type:        "string",
+		},
+	}
+}
+
+func (v ImageRepository) String() string {
+	return string(v)
+}
+
 // HTTPProxy required for providing proxy configuration.
 type HTTPProxy struct {
 	// HTTP proxy.

api/v1alpha1/zz_generated.deepcopy.go

@@ -31,6 +31,7 @@ import (
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni/calico"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/extraapiservercertsans"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/httpproxy"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/imagerepository"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/servicelbgc"
 )
 
@@ -125,6 +126,9 @@ func main() {
 
 		auditpolicy.NewPatch(),
 
+		imagerepository.NewVariable(),
+		imagerepository.NewPatch(imagerepository.VariableName),
+
 		clusterconfig.NewVariable(),
 		mutation.NewMetaGeneratePatchesHandler(
 			"clusterConfigPatch",
@@ -134,6 +138,7 @@ func main() {
 				extraapiservercertsans.VariableName,
 			),
 			auditpolicy.NewPatch(),
+			imagerepository.NewPatch(clusterconfig.VariableName, imagerepository.VariableName),
 		),
 	)
 	if err := mgr.Add(runtimeWebhookServer); err != nil {

cmd/main.go

@@ -35,6 +35,7 @@ spec:
     variables:
       - name: clusterConfig
         value:
+          imageRepository: "my-registry.io/my-org/my-repo"
           extraAPIServerCertSANs:
             - a.b.c.example.com
             - d.e.f.example.com

docs/content/cluster-config.md

@@ -0,0 +1,40 @@
+---
+title: "Image Repository"
+---
+
+Override the container image repository used when pulling Kubernetes images.
+
+To enable the API server certificate SANs enable the `extraapiservercertsansvars` and `extraapiservercertsanspatch`
+external patches on `ClusterClass`.
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: ClusterClass
+metadata:
+  name: <NAME>
+spec:
+  patches:
+    - name: apiserver-cert-sans
+      external:
+        generateExtension: "imagerepositorypatch.capi-runtime-extensions"
+        discoverVariablesExtension: "imagerepositoryvars.capi-runtime-extensions"
+```
+
+On the cluster resource then specify desired certificate SANs values:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: imageRepository
+        value: "my-registry.io/my-org/my-repo"
+```
+
+Applying this configuration will result in the following value being set:
+
+- KubeadmControlPlaneTemplate:
+  - `/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/imageRepository: my-registry.io/my-org/my-repo`

docs/content/image-repository.md

@@ -0,0 +1,125 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package imagerepository
+
+import (
+	"context"
+	_ "embed"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
+	controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+	"sigs.k8s.io/cluster-api/exp/runtime/topologymutation"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/patches"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/patches/selectors"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/variables"
+)
+
+const (
+	// HandlerNamePatch is the name of the inject handler.
+	HandlerNamePatch = "ImageRepositoryPatch"
+)
+
+type imageRepositoryPatchHandler struct {
+	decoder           runtime.Decoder
+	variableName      string
+	variableFieldPath []string
+}
+
+var (
+	_ handlers.Named           = &imageRepositoryPatchHandler{}
+	_ mutation.GeneratePatches = &imageRepositoryPatchHandler{}
+)
+
+func NewPatch(
+	variableName string,
+	variableFieldPath ...string,
+) *imageRepositoryPatchHandler {
+	scheme := runtime.NewScheme()
+	_ = bootstrapv1.AddToScheme(scheme)
+	_ = controlplanev1.AddToScheme(scheme)
+	return &imageRepositoryPatchHandler{
+		decoder: serializer.NewCodecFactory(scheme).UniversalDecoder(
+			controlplanev1.GroupVersion,
+			bootstrapv1.GroupVersion,
+		),
+		variableName:      variableName,
+		variableFieldPath: variableFieldPath,
+	}
+}
+
+func (h *imageRepositoryPatchHandler) Name() string {
+	return HandlerNamePatch
+}
+
+func (h *imageRepositoryPatchHandler) GeneratePatches(
+	ctx context.Context,
+	req *runtimehooksv1.GeneratePatchesRequest,
+	resp *runtimehooksv1.GeneratePatchesResponse,
+) {
+	topologymutation.WalkTemplates(
+		ctx,
+		h.decoder,
+		req,
+		resp,
+		func(
+			ctx context.Context,
+			obj runtime.Object,
+			vars map[string]apiextensionsv1.JSON,
+			holderRef runtimehooksv1.HolderReference,
+		) error {
+			log := ctrl.LoggerFrom(ctx).WithValues(
+				"holderRef", holderRef,
+			)
+
+			imageRepositoryVar, found, err := variables.Get[v1alpha1.ImageRepository](
+				vars,
+				h.variableName,
+				h.variableFieldPath...,
+			)
+			if err != nil {
+				return err
+			}
+			if !found {
+				log.V(5).Info("imageRepository variable not defined")
+				return nil
+			}
+
+			log = log.WithValues(
+				"variableName",
+				h.variableName,
+				"variableFieldPath",
+				h.variableFieldPath,
+				"variableValue",
+				imageRepositoryVar,
+			)
+
+			return patches.Generate(
+				obj, vars, &holderRef, selectors.ControlPlane(), log,
+				func(obj *controlplanev1.KubeadmControlPlaneTemplate) error {
+					log.WithValues(
+						"patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(),
+						"patchedObjectName", client.ObjectKeyFromObject(obj),
+					).Info("setting imageRepository in kubeadm config spec")
+
+					if obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration == nil {
+						obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{}
+					}
+					obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration.ImageRepository = imageRepositoryVar.String()
+
+					return nil
+				},
+			)
+		},
+	)
+}

pkg/handlers/imagerepository/inject.go

@@ -0,0 +1,43 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package imagerepository
+
+import (
+	"testing"
+
+	. "github.com/onsi/gomega"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/capitest"
+)
+
+func TestGeneratePatches(t *testing.T) {
+	capitest.ValidateGeneratePatches(
+		t,
+		func() mutation.GeneratePatches { return NewPatch(VariableName) },
+		capitest.PatchTestDef{
+			Name: "unset variable",
+		},
+		capitest.PatchTestDef{
+			Name: "imageRepository set",
+			Vars: []runtimehooksv1.Variable{
+				capitest.VariableWithValue(
+					VariableName,
+					v1alpha1.ImageRepository("my-registry.io/my-org/my-repo"),
+				),
+			},
+			RequestItem: capitest.NewKubeadmControlPlaneTemplateRequestItem(),
+			ExpectedPatchMatchers: []capitest.JSONPatchMatcher{{
+				Operation: "add",
+				Path:      "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration",
+				ValueMatcher: HaveKeyWithValue(
+					"imageRepository",
+					"my-registry.io/my-org/my-repo",
+				),
+			}},
+		},
+	)
+}

pkg/handlers/imagerepository/inject_test.go

@@ -0,0 +1,51 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package imagerepository
+
+import (
+	"context"
+
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
+)
+
+var (
+	_ handlers.Named             = &imageRepositoryVariableHandler{}
+	_ mutation.DiscoverVariables = &imageRepositoryVariableHandler{}
+)
+
+const (
+	// VariableName is http proxy external patch variable name.
+	VariableName = "imageRepository"
+
+	// HandlerNameVariable is the name of the variable handler.
+	HandlerNameVariable = "ImageRepositoryVars"
+)
+
+func NewVariable() *imageRepositoryVariableHandler {
+	return &imageRepositoryVariableHandler{}
+}
+
+type imageRepositoryVariableHandler struct{}
+
+func (h *imageRepositoryVariableHandler) Name() string {
+	return HandlerNameVariable
+}
+
+func (h *imageRepositoryVariableHandler) DiscoverVariables(
+	ctx context.Context,
+	_ *runtimehooksv1.DiscoverVariablesRequest,
+	resp *runtimehooksv1.DiscoverVariablesResponse,
+) {
+	resp.Variables = append(resp.Variables, clusterv1.ClusterClassVariable{
+		Name:     VariableName,
+		Required: false,
+		Schema:   v1alpha1.ImageRepository("").VariableSchema(),
+	})
+	resp.SetStatus(runtimehooksv1.ResponseStatusSuccess)
+}

pkg/handlers/imagerepository/variables.go

@@ -0,0 +1,26 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package imagerepository
+
+import (
+	"testing"
+
+	"k8s.io/utils/ptr"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/capitest"
+)
+
+func TestVariableValidation(t *testing.T) {
+	capitest.ValidateDiscoverVariables(
+		t,
+		VariableName,
+		ptr.To(v1alpha1.ImageRepository("").VariableSchema()),
+		NewVariable,
+		capitest.VariableTestDef{
+			Name: "set",
+			Vals: "my-registry.io/my-org/my-repo",
+		},
+	)
+}