Use template rendering of file

Author: AcidLeroy

api/bootstrap/kubeadm/v1beta1/kubeadmconfig_types.go

@@ -46,6 +46,7 @@ var (
 	missingSecretNameMsg                             = "secret file source must specify non-empty secret name"
 	missingSecretKeyMsg                              = "secret file source must specify non-empty secret key"
 	pathConflictMsg                                  = "path property must be unique among all files"
+	invalidFileContentFormatMsg                      = "contentFormat must be empty or go-template"
 )
 
 // KubeadmConfigSpec defines the desired state of KubeadmConfig.
@@ -223,6 +224,16 @@ func (c *KubeadmConfigSpec) validateFiles(pathPrefix *field.Path) field.ErrorLis
 		// n.b.: if we ever add types besides Secret as a ContentFrom
 		// Source, we must add webhook validation here for one of the
 		// sources being non-nil.
+		if file.ContentFormat != "" && file.ContentFormat != FileContentFormatGoTemplate {
+			allErrs = append(
+				allErrs,
+				field.Invalid(
+					pathPrefix.Child("files").Index(i).Child("contentFormat"),
+					file.ContentFormat,
+					invalidFileContentFormatMsg,
+				),
+			)
+		}
 		if file.ContentFrom != nil {
 			if file.ContentFrom.Secret.Name == "" {
 				allErrs = append(
@@ -575,6 +586,16 @@ func init() {
 // +kubebuilder:validation:Enum=base64;gzip;gzip+base64
 type Encoding string
 
+// FileContentFormat specifies how file content is interpreted after resolving content/contentFrom and before writing bootstrap data.
+// +kubebuilder:validation:Enum="";go-template
+type FileContentFormat string
+
+const (
+	// FileContentFormatGoTemplate means content is rendered as a Go text/template with KubernetesVersion and other
+	// fields documented by the kubeadm bootstrap provider. The default empty value means content is used verbatim.
+	FileContentFormatGoTemplate FileContentFormat = "go-template"
+)
+
 const (
 	// Base64 implies the contents of the file are encoded as base64.
 	Base64 Encoding = "base64"
@@ -608,6 +629,13 @@ type File struct {
 	// +optional
 	Encoding Encoding `json:"encoding,omitempty"`
 
+	// contentFormat specifies how to interpret content after it is loaded (inline or from contentFrom).
+	// When set to "go-template", content is rendered as a Go text/template with data including KubernetesVersion
+	// (semver.String(), no "v" prefix). For a worker joining a cluster, that version is the control plane
+	// Kubernetes version when the controller can read it; otherwise the Machine's version.
+	// +optional
+	ContentFormat FileContentFormat `json:"contentFormat,omitempty"`
+
 	// append specifies whether to append Content to existing file if Path exists.
 	// +optional
 	Append bool `json:"append,omitempty"`

api/bootstrap/kubeadm/v1beta1/zz_generated.conversion.go

@@ -47,6 +47,7 @@ var (
 	missingSecretNameMsg                             = "secret file source must specify non-empty secret name"
 	missingSecretKeyMsg                              = "secret file source must specify non-empty secret key"
 	pathConflictMsg                                  = "path property must be unique among all files"
+	invalidFileContentFormatMsg                      = "contentFormat must be empty or go-template"
 )
 
 // KubeadmConfigSpec defines the desired state of KubeadmConfig.
@@ -220,6 +221,16 @@ func (c *KubeadmConfigSpec) validateFiles(pathPrefix *field.Path) field.ErrorLis
 		// n.b.: if we ever add types besides Secret as a ContentFrom
 		// Source, we must add webhook validation here for one of the
 		// sources being non-nil.
+		if file.ContentFormat != "" && file.ContentFormat != FileContentFormatGoTemplate {
+			allErrs = append(
+				allErrs,
+				field.Invalid(
+					pathPrefix.Child("files").Index(i).Child("contentFormat"),
+					file.ContentFormat,
+					invalidFileContentFormatMsg,
+				),
+			)
+		}
 		if file.ContentFrom.IsDefined() {
 			if file.ContentFrom.Secret.Name == "" {
 				allErrs = append(
@@ -624,6 +635,16 @@ func init() {
 // +kubebuilder:validation:Enum=base64;gzip;gzip+base64
 type Encoding string
 
+// FileContentFormat specifies how file content is interpreted after resolving content/contentFrom and before writing bootstrap data.
+// +kubebuilder:validation:Enum="";go-template
+type FileContentFormat string
+
+const (
+	// FileContentFormatGoTemplate means content is rendered as a Go text/template (see kubeadm bootstrap provider docs).
+	// The default empty value means content is used verbatim.
+	FileContentFormatGoTemplate FileContentFormat = "go-template"
+)
+
 const (
 	// Base64 implies the contents of the file are encoded as base64.
 	Base64 Encoding = "base64"
@@ -657,6 +678,13 @@ type File struct {
 	// +optional
 	Encoding Encoding `json:"encoding,omitempty"`
 
+	// contentFormat specifies how to interpret content after it is loaded (inline or from contentFrom).
+	// When set to "go-template", content is rendered as a Go text/template with data including KubernetesVersion
+	// (semver.String(), no "v" prefix). For a worker joining a cluster, that version is the control plane
+	// Kubernetes version when the controller can read it; otherwise the Machine's version.
+	// +optional
+	ContentFormat FileContentFormat `json:"contentFormat,omitempty"`
+
 	// append specifies whether to append Content to existing file if Path exists.
 	// +optional
 	Append *bool `json:"append,omitempty"`

api/bootstrap/kubeadm/v1beta2/kubeadmconfig_types.go

@@ -416,8 +416,6 @@ func TestNewJoinNodeCommands(t *testing.T) {
   - "echo $(date) ': hello PostKubeadmCommands!'"`
 
 	g.Expect(out).To(ContainSubstring(expectedRunCmd))
-
-	g.Expect(out).To(ContainSubstring("path: " + KubeadmVersionPath))
 }
 
 func TestOmittableFields(t *testing.T) {

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigs.yaml

@@ -16,16 +16,6 @@ limitations under the License.
 
 package cloudinit
 
-import (
-	bootstrapv1 "sigs.k8s.io/cluster-api/api/bootstrap/kubeadm/v1beta2"
-)
-
-const (
-	// KubeadmVersionPath is the path where the control plane Kubernetes version is written for worker nodes.
-	// It must exist before kubeadm join runs.
-	KubeadmVersionPath = "/run/cluster-api/kubeadm-version"
-)
-
 const (
 	nodeCloudInit = `{{.Header}}
 {{template "files" .WriteFiles}}
@@ -62,13 +52,5 @@ type NodeInput struct {
 func NewNode(input *NodeInput) ([]byte, error) {
 	input.prepare()
 	input.Header = cloudConfigHeader
-	// Write control plane version to KubeadmVersionPath so it exists before kubeadm join.
-	versionFile := bootstrapv1.File{
-		Path:        KubeadmVersionPath,
-		Owner:       "root:root",
-		Permissions: "0644",
-		Content:     input.KubernetesVersion.String(),
-	}
-	input.WriteFiles = append([]bootstrapv1.File{versionFile}, input.WriteFiles...)
 	return generate("Node", nodeCloudInit, input)
 }

bootstrap/kubeadm/config/crd/bases/bootstrap.cluster.x-k8s.io_kubeadmconfigtemplates.yaml

@@ -46,13 +46,13 @@ func TestNewNode(t *testing.T) {
 					},
 				},
 			},
-			checkWriteFiles(KubeadmVersionPath, "/etc/foo.conf", "/run/kubeadm/kubeadm-join-config.yaml", "/run/cluster-api/placeholder"),
+			checkWriteFiles("/etc/foo.conf", "/run/kubeadm/kubeadm-join-config.yaml", "/run/cluster-api/placeholder"),
 			false,
 		},
 		{
-			"check for existence of kubeadm-version path, /run/kubeadm/kubeadm-join-config.yaml and /run/cluster-api/placeholder",
+			"check for existence of /run/kubeadm/kubeadm-join-config.yaml and /run/cluster-api/placeholder",
 			&NodeInput{},
-			checkWriteFiles(KubeadmVersionPath, "/run/kubeadm/kubeadm-join-config.yaml", "/run/cluster-api/placeholder"),
+			checkWriteFiles("/run/kubeadm/kubeadm-join-config.yaml", "/run/cluster-api/placeholder"),
 			false,
 		},
 	}

bootstrap/kubeadm/internal/cloudinit/cloudinit_test.go

@@ -44,6 +44,7 @@ import (
 
 	bootstrapv1 "sigs.k8s.io/cluster-api/api/bootstrap/kubeadm/v1beta2"
 	clusterv1 "sigs.k8s.io/cluster-api/api/core/v1beta2"
+	"sigs.k8s.io/cluster-api/bootstrap/kubeadm/internal/bootstrapfiles"
 	"sigs.k8s.io/cluster-api/bootstrap/kubeadm/internal/cloudinit"
 	"sigs.k8s.io/cluster-api/bootstrap/kubeadm/internal/ignition"
 	"sigs.k8s.io/cluster-api/bootstrap/kubeadm/internal/locking"
@@ -579,6 +580,17 @@ func (r *KubeadmConfigReconciler) handleClusterNotInitialized(ctx context.Contex
 		})
 		return ctrl.Result{}, err
 	}
+	files, err = bootstrapfiles.RenderTemplates(files, bootstrapfiles.DataFromVersion(parsedVersion))
+	if err != nil {
+		v1beta1conditions.MarkFalse(scope.Config, bootstrapv1.DataSecretAvailableV1Beta1Condition, bootstrapv1.DataSecretGenerationFailedV1Beta1Reason, clusterv1.ConditionSeverityWarning, "%s", err.Error())
+		conditions.Set(scope.Config, metav1.Condition{
+			Type:    bootstrapv1.KubeadmConfigDataSecretAvailableCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  bootstrapv1.KubeadmConfigDataSecretNotAvailableReason,
+			Message: "Failed to render go-template in spec.files",
+		})
+		return ctrl.Result{}, err
+	}
 
 	users, err := r.resolveUsers(ctx, scope.Config)
 	if err != nil {
@@ -765,6 +777,18 @@ func (r *KubeadmConfigReconciler) joinWorker(ctx context.Context, scope *Scope)
 		files = append(files, *kubeconfig)
 	}
 
+	files, err = bootstrapfiles.RenderTemplates(files, bootstrapfiles.DataFromVersion(parsedVersion))
+	if err != nil {
+		v1beta1conditions.MarkFalse(scope.Config, bootstrapv1.DataSecretAvailableV1Beta1Condition, bootstrapv1.DataSecretGenerationFailedV1Beta1Reason, clusterv1.ConditionSeverityWarning, "%s", err.Error())
+		conditions.Set(scope.Config, metav1.Condition{
+			Type:    bootstrapv1.KubeadmConfigDataSecretAvailableCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  bootstrapv1.KubeadmConfigDataSecretNotAvailableReason,
+			Message: "Failed to render go-template in spec.files",
+		})
+		return ctrl.Result{}, err
+	}
+
 	nodeInput := &cloudinit.NodeInput{
 		BaseUserData: cloudinit.BaseUserData{
 			AdditionalFiles: files,
@@ -951,6 +975,18 @@ func (r *KubeadmConfigReconciler) joinControlplane(ctx context.Context, scope *S
 		files = append(files, *kubeconfig)
 	}
 
+	files, err = bootstrapfiles.RenderTemplates(files, bootstrapfiles.DataFromVersion(parsedVersion))
+	if err != nil {
+		v1beta1conditions.MarkFalse(scope.Config, bootstrapv1.DataSecretAvailableV1Beta1Condition, bootstrapv1.DataSecretGenerationFailedV1Beta1Reason, clusterv1.ConditionSeverityWarning, "%s", err.Error())
+		conditions.Set(scope.Config, metav1.Condition{
+			Type:    bootstrapv1.KubeadmConfigDataSecretAvailableCondition,
+			Status:  metav1.ConditionFalse,
+			Reason:  bootstrapv1.KubeadmConfigDataSecretNotAvailableReason,
+			Message: "Failed to render go-template in spec.files",
+		})
+		return ctrl.Result{}, err
+	}
+
 	controlPlaneJoinInput := &cloudinit.ControlPlaneJoinInput{
 		JoinConfiguration: joinData,
 		Certificates:      certificates,

bootstrap/kubeadm/internal/cloudinit/node.go

@@ -63,14 +63,6 @@ func NewNode(input *NodeInput) ([]byte, string, error) {
 		return nil, "", fmt.Errorf("node input can't be nil")
 	}
 
-	// Write control plane version to KubeadmVersionPath so it exists before kubeadm join.
-	versionFile := bootstrapv1.File{
-		Path:        cloudinit.KubeadmVersionPath,
-		Owner:       "root:root",
-		Permissions: "0644",
-		Content:     input.KubernetesVersion.String(),
-	}
-	input.WriteFiles = append([]bootstrapv1.File{versionFile}, input.WriteFiles...)
 	input.WriteFiles = append(input.WriteFiles, input.AdditionalFiles...)
 	input.KubeadmCommand = fmt.Sprintf(kubeadmCommandTemplate, joinSubcommand, input.KubeadmVerbosity)