feat: new imageRepository patch

Author: dkoshkin

api/v1alpha1/clusterconfig_types.go

@@ -25,6 +25,9 @@ type ClusterConfigSpec struct {
 	// INSERT ADDITIONAL SPEC FIELDS - desired state of cluster
 	// Important: Run "make" to regenerate code after modifying this file
 
+	// +optional
+	ImageRepository *ImageRepository `json:"imageRepository,omitempty"`
+
 	// +optional
 	Proxy *HTTPProxy `json:"proxy,omitempty"`
 
@@ -38,13 +41,30 @@ func (ClusterConfigSpec) VariableSchema() clusterv1.VariableSchema {
 			Description: "Cluster configuration",
 			Type:        "object",
 			Properties: map[string]clusterv1.JSONSchemaProps{
+				"imageRepository":        ImageRepository("").VariableSchema().OpenAPIV3Schema,
 				"proxy":                  HTTPProxy{}.VariableSchema().OpenAPIV3Schema,
 				"extraAPIServerCertSANs": ExtraAPIServerCertSANs{}.VariableSchema().OpenAPIV3Schema,
 			},
 		},
 	}
 }
 
+// ImageRepository required for overriding Kubernetes image repository.
+type ImageRepository string
+
+func (ImageRepository) VariableSchema() clusterv1.VariableSchema {
+	return clusterv1.VariableSchema{
+		OpenAPIV3Schema: clusterv1.JSONSchemaProps{
+			Description: "Sets the imageRepository used for the KubeadmControlPlane.",
+			Type:        "string",
+		},
+	}
+}
+
+func (v ImageRepository) String() string {
+	return string(v)
+}
+
 // HTTPProxy required for providing proxy configuration.
 type HTTPProxy struct {
 	// HTTP proxy.

api/v1alpha1/zz_generated.deepcopy.go

@@ -33,6 +33,7 @@ import (
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/cni/calico"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/extraapiservercertsans"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/httpproxy"
+	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/imagerepository"
 	"github.com/d2iq-labs/capi-runtime-extensions/pkg/handlers/servicelbgc"
 )
 
@@ -146,6 +147,9 @@ func main() {
 
 		auditpolicy.NewPatch(),
 
+		imagerepository.NewVariable(),
+		imagerepository.NewPatch(imagerepository.VariableName),
+
 		clusterconfig.NewVariable(),
 		mutation.NewMetaGeneratePatchesHandler(
 			"clusterConfigPatch",
@@ -155,6 +159,7 @@ func main() {
 				extraapiservercertsans.VariableName,
 			),
 			auditpolicy.NewPatch(),
+			imagerepository.NewPatch(clusterconfig.VariableName, imagerepository.VariableName),
 		),
 	)
 	if err := mgr.Add(runtimeWebhookServer); err != nil {

cmd/main.go

@@ -35,6 +35,7 @@ spec:
     variables:
       - name: clusterConfig
         value:
+          imageRepository: "my-registry.io/my-org/my-repo"
           extraAPIServerCertSANs:
             - a.b.c.example.com
             - d.e.f.example.com

docs/content/cluster-config.md

@@ -0,0 +1,40 @@
+---
+title: "Image Repository"
+---
+
+Override the container image repository used when pulling Kubernetes images.
+
+To enable the API server certificate SANs enable the `extraapiservercertsansvars` and `extraapiservercertsanspatch`
+external patches on `ClusterClass`.
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: ClusterClass
+metadata:
+  name: <NAME>
+spec:
+  patches:
+    - name: apiserver-cert-sans
+      external:
+        generateExtension: "imagerepositorypatch.capi-runtime-extensions"
+        discoverVariablesExtension: "imagerepositoryvars.capi-runtime-extensions"
+```
+
+On the cluster resource then specify desired certificate SANs values:
+
+```yaml
+apiVersion: cluster.x-k8s.io/v1beta1
+kind: Cluster
+metadata:
+  name: <NAME>
+spec:
+  topology:
+    variables:
+      - name: imageRepository
+        value: "my-registry.io/my-org/my-repo"
+```
+
+Applying this configuration will result in the following value being set:
+
+- KubeadmControlPlaneTemplate:
+  - `/spec/template/spec/kubeadmConfigSpec/clusterConfiguration/imageRepository: my-registry.io/my-org/my-repo`

docs/content/image-repository.md

@@ -23,20 +23,6 @@ spec:
       kind: DockerClusterTemplate
       name: quick-start-cluster
   patches:
-    - definitions:
-        - jsonPatches:
-            - op: add
-              path: /spec/template/spec/kubeadmConfigSpec/clusterConfiguration/imageRepository
-              valueFrom:
-                variable: imageRepository
-          selector:
-            apiVersion: controlplane.cluster.x-k8s.io/v1beta1
-            kind: KubeadmControlPlaneTemplate
-            matchResources:
-              controlPlane: true
-      description: Sets the imageRepository used for the KubeadmControlPlane.
-      enabledIf: '{{ ne .imageRepository "" }}'
-      name: imageRepository
     - definitions:
         - jsonPatches:
             - op: add

examples/capi-quickstart/cluster-class.yaml

@@ -1,6 +1,3 @@
-# Copyright 2023 D2iQ, Inc. All rights reserved.
-# SPDX-License-Identifier: Apache-2.0
-
 apiVersion: cluster.x-k8s.io/v1beta1
 kind: Cluster
 metadata:
@@ -23,8 +20,6 @@ spec:
       metadata: {}
       replicas: 1
     variables:
-      - name: imageRepository
-        value: ""
       - name: etcdImageTag
         value: ""
       - name: coreDNSImageTag

examples/capi-quickstart/cluster.yaml

@@ -5,6 +5,7 @@
 KUBERNETES_VERSION ?= v1.27.5
 
 # gojq mutations:
+# - ClusterClass: 	Delete imageRepository inline patch
 # - ClusterClass: 	Add cluster-config external patch
 #
 # - Cluster: 		Add CNI label
@@ -20,6 +21,8 @@ examples.sync: kind.create clusterctl.init
       --kubernetes-version $(KUBERNETES_VERSION) \
       --control-plane-machine-count=1 \
       --worker-machine-count=1 | \
+    gojq --yaml-input --yaml-output \
+      '. | (select(.kind=="ClusterClass").spec.patches|= del(.[] | select(.name == "imageRepository")))' | \
     gojq --yaml-input --yaml-output \
       '. | (select(.kind=="ClusterClass").spec.patches|= .+ [{"name": "cluster-config", "external": {"generateExtension": "clusterconfigpatch.capi-runtime-extensions", "discoverVariablesExtension": "clusterconfigvars.capi-runtime-extensions"}}])' | \
     gojq --yaml-input --yaml-output \
@@ -33,6 +36,8 @@ examples.sync: kind.create clusterctl.init
       --worker-machine-count=1 | \
     gojq --yaml-input --yaml-output \
       '. | (select(.kind=="Cluster").metadata.labels["capiext.labs.d2iq.io/cni"]|="calico")' | \
+    gojq --yaml-input --yaml-output \
+    	'. | (select(.kind=="Cluster").spec.topology.variables|= del(.[] | select(.name == "imageRepository")))' | \
     gojq --yaml-input --yaml-output \
     	'. | (select(.kind=="Cluster").spec.topology.variables|= .+ [{"name": "clusterConfig", "value": {}}])' | \
     gojq --yaml-input --yaml-output \

make/examples.mk

@@ -0,0 +1,125 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package imagerepository
+
+import (
+	"context"
+	_ "embed"
+
+	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
+	bootstrapv1 "sigs.k8s.io/cluster-api/bootstrap/kubeadm/api/v1beta1"
+	controlplanev1 "sigs.k8s.io/cluster-api/controlplane/kubeadm/api/v1beta1"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+	"sigs.k8s.io/cluster-api/exp/runtime/topologymutation"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/patches"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/patches/selectors"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/variables"
+)
+
+const (
+	// HandlerNamePatch is the name of the inject handler.
+	HandlerNamePatch = "ImageRepositoryPatch"
+)
+
+type imageRepositoryPatchHandler struct {
+	decoder           runtime.Decoder
+	variableName      string
+	variableFieldPath []string
+}
+
+var (
+	_ handlers.Named           = &imageRepositoryPatchHandler{}
+	_ mutation.GeneratePatches = &imageRepositoryPatchHandler{}
+)
+
+func NewPatch(
+	variableName string,
+	variableFieldPath ...string,
+) *imageRepositoryPatchHandler {
+	scheme := runtime.NewScheme()
+	_ = bootstrapv1.AddToScheme(scheme)
+	_ = controlplanev1.AddToScheme(scheme)
+	return &imageRepositoryPatchHandler{
+		decoder: serializer.NewCodecFactory(scheme).UniversalDecoder(
+			controlplanev1.GroupVersion,
+			bootstrapv1.GroupVersion,
+		),
+		variableName:      variableName,
+		variableFieldPath: variableFieldPath,
+	}
+}
+
+func (h *imageRepositoryPatchHandler) Name() string {
+	return HandlerNamePatch
+}
+
+func (h *imageRepositoryPatchHandler) GeneratePatches(
+	ctx context.Context,
+	req *runtimehooksv1.GeneratePatchesRequest,
+	resp *runtimehooksv1.GeneratePatchesResponse,
+) {
+	topologymutation.WalkTemplates(
+		ctx,
+		h.decoder,
+		req,
+		resp,
+		func(
+			ctx context.Context,
+			obj runtime.Object,
+			vars map[string]apiextensionsv1.JSON,
+			holderRef runtimehooksv1.HolderReference,
+		) error {
+			log := ctrl.LoggerFrom(ctx).WithValues(
+				"holderRef", holderRef,
+			)
+
+			imageRepositoryVar, found, err := variables.Get[v1alpha1.ImageRepository](
+				vars,
+				h.variableName,
+				h.variableFieldPath...,
+			)
+			if err != nil {
+				return err
+			}
+			if !found {
+				log.V(5).Info("imageRepository variable not defined")
+				return nil
+			}
+
+			log = log.WithValues(
+				"variableName",
+				h.variableName,
+				"variableFieldPath",
+				h.variableFieldPath,
+				"variableValue",
+				imageRepositoryVar,
+			)
+
+			return patches.Generate(
+				obj, vars, &holderRef, selectors.ControlPlane(), log,
+				func(obj *controlplanev1.KubeadmControlPlaneTemplate) error {
+					log.WithValues(
+						"patchedObjectKind", obj.GetObjectKind().GroupVersionKind().String(),
+						"patchedObjectName", client.ObjectKeyFromObject(obj),
+					).Info("setting imageRepository in kubeadm config spec")
+
+					if obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration == nil {
+						obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration = &bootstrapv1.ClusterConfiguration{}
+					}
+					obj.Spec.Template.Spec.KubeadmConfigSpec.ClusterConfiguration.ImageRepository = imageRepositoryVar.String()
+
+					return nil
+				},
+			)
+		},
+	)
+}

pkg/handlers/imagerepository/inject.go

@@ -0,0 +1,43 @@
+// Copyright 2023 D2iQ, Inc. All rights reserved.
+// SPDX-License-Identifier: Apache-2.0
+
+package imagerepository
+
+import (
+	"testing"
+
+	. "github.com/onsi/gomega"
+	runtimehooksv1 "sigs.k8s.io/cluster-api/exp/runtime/hooks/api/v1alpha1"
+
+	"github.com/d2iq-labs/capi-runtime-extensions/api/v1alpha1"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/capi/clustertopology/handlers/mutation"
+	"github.com/d2iq-labs/capi-runtime-extensions/common/pkg/testutils/capitest"
+)
+
+func TestGeneratePatches(t *testing.T) {
+	capitest.ValidateGeneratePatches(
+		t,
+		func() mutation.GeneratePatches { return NewPatch(VariableName) },
+		capitest.PatchTestDef{
+			Name: "unset variable",
+		},
+		capitest.PatchTestDef{
+			Name: "imageRepository set",
+			Vars: []runtimehooksv1.Variable{
+				capitest.VariableWithValue(
+					VariableName,
+					v1alpha1.ImageRepository("my-registry.io/my-org/my-repo"),
+				),
+			},
+			RequestItem: capitest.NewKubeadmControlPlaneTemplateRequestItem(),
+			ExpectedPatchMatchers: []capitest.JSONPatchMatcher{{
+				Operation: "add",
+				Path:      "/spec/template/spec/kubeadmConfigSpec/clusterConfiguration",
+				ValueMatcher: HaveKeyWithValue(
+					"imageRepository",
+					"my-registry.io/my-org/my-repo",
+				),
+			}},
+		},
+	)
+}