From 3377b6c05e07e4580984ee81d6baeac93ff9f242 Mon Sep 17 00:00:00 2001
From: Dmitri Fedotov <dmitri.fedotov@sap.com>
Date: Wed, 13 Nov 2024 11:54:14 +0200
Subject: [PATCH] Add `IgnitionSecret` to IgnitionConfig

---
 hack/api-reference/api.md                     | 12 +++++++
 hack/api-reference/config.md                  | 12 +++++--
 pkg/apis/metal/types_worker.go                |  5 +--
 pkg/apis/metal/v1alpha1/types_worker.go       |  4 +++
 .../metal/v1alpha1/zz_generated.conversion.go |  2 ++
 pkg/controller/worker/machines.go             | 33 +++++++++++++++++--
 pkg/controller/worker/machines_test.go        |  2 +-
 pkg/controller/worker/suite_test.go           | 18 ++++++++--
 8 files changed, 78 insertions(+), 10 deletions(-)

diff --git a/hack/api-reference/api.md b/hack/api-reference/api.md
index 0718ca4..9fd84fb 100644
--- a/hack/api-reference/api.md
+++ b/hack/api-reference/api.md
@@ -341,6 +341,18 @@ string
 </tr>
 <tr>
 <td>
+<code>ignitionSecret</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>IgnitionSecret is a reference to a secret containing the ignition config.</p>
+</td>
+</tr>
+<tr>
+<td>
 <code>override</code></br>
 <em>
 bool
diff --git a/hack/api-reference/config.md b/hack/api-reference/config.md
index 45f76ef..453983f 100644
--- a/hack/api-reference/config.md
+++ b/hack/api-reference/config.md
@@ -46,7 +46,9 @@ string
 <td>
 <code>clientConnection</code></br>
 <em>
-invalid type
+<a href="https://godoc.org/k8s.io/component-base/config/v1alpha1#ClientConnectionConfiguration">
+Kubernetes v1alpha1.ClientConnectionConfiguration
+</a>
 </em>
 </td>
 <td>
@@ -72,7 +74,9 @@ ETCD
 <td>
 <code>healthCheckConfig</code></br>
 <em>
-invalid type
+<a href="https://github.com/gardener/gardener/extensions/pkg/apis/config">
+github.com/gardener/gardener/extensions/pkg/apis/config/v1alpha1.HealthCheckConfig
+</a>
 </em>
 </td>
 <td>
@@ -205,7 +209,9 @@ string
 <td>
 <code>capacity</code></br>
 <em>
-invalid type
+<a href="https://godoc.org/k8s.io/apimachinery/pkg/api/resource#Quantity">
+k8s.io/apimachinery/pkg/api/resource.Quantity
+</a>
 </em>
 </td>
 <td>
diff --git a/pkg/apis/metal/types_worker.go b/pkg/apis/metal/types_worker.go
index d3bd919..bd5cbc3 100644
--- a/pkg/apis/metal/types_worker.go
+++ b/pkg/apis/metal/types_worker.go
@@ -47,6 +47,7 @@ type MachineImage struct {
 
 // IgnitionConfig contains ignition settings.
 type IgnitionConfig struct {
-	Raw      string
-	Override bool
+	Raw            string
+	IgnitionSecret string
+	Override       bool
 }
diff --git a/pkg/apis/metal/v1alpha1/types_worker.go b/pkg/apis/metal/v1alpha1/types_worker.go
index b7711b3..2a49e13 100644
--- a/pkg/apis/metal/v1alpha1/types_worker.go
+++ b/pkg/apis/metal/v1alpha1/types_worker.go
@@ -54,6 +54,10 @@ type IgnitionConfig struct {
 	// +optional
 	Raw string `json:"raw,omitempty"`
 
+	// IgnitionSecret is a reference to a secret containing the ignition config.
+	// +optional
+	IgnitionSecret string `json:"ignitionSecret,omitempty"`
+
 	// Override configures, if ignition keys set by the os-extension are overridden
 	// by extra ignition.
 	// +optional
diff --git a/pkg/apis/metal/v1alpha1/zz_generated.conversion.go b/pkg/apis/metal/v1alpha1/zz_generated.conversion.go
index f5b56c3..b2656be 100644
--- a/pkg/apis/metal/v1alpha1/zz_generated.conversion.go
+++ b/pkg/apis/metal/v1alpha1/zz_generated.conversion.go
@@ -316,6 +316,7 @@ func Convert_metal_ControlPlaneConfig_To_v1alpha1_ControlPlaneConfig(in *metal.C
 
 func autoConvert_v1alpha1_IgnitionConfig_To_metal_IgnitionConfig(in *IgnitionConfig, out *metal.IgnitionConfig, s conversion.Scope) error {
 	out.Raw = in.Raw
+	out.IgnitionSecret = in.IgnitionSecret
 	out.Override = in.Override
 	return nil
 }
@@ -327,6 +328,7 @@ func Convert_v1alpha1_IgnitionConfig_To_metal_IgnitionConfig(in *IgnitionConfig,
 
 func autoConvert_metal_IgnitionConfig_To_v1alpha1_IgnitionConfig(in *metal.IgnitionConfig, out *IgnitionConfig, s conversion.Scope) error {
 	out.Raw = in.Raw
+	out.IgnitionSecret = in.IgnitionSecret
 	out.Override = in.Override
 	return nil
 }
diff --git a/pkg/controller/worker/machines.go b/pkg/controller/worker/machines.go
index d9f77ff..822d3ad 100644
--- a/pkg/controller/worker/machines.go
+++ b/pkg/controller/worker/machines.go
@@ -118,8 +118,12 @@ func (w *workerDelegate) generateMachineClassAndSecrets(ctx context.Context) ([]
 			metal.ImageFieldName:        machineImage,
 			metal.ServerLabelsFieldName: serverLabels,
 		}
-		if workerConfig.ExtraIgnition != nil {
-			machineClassProviderSpec[metal.IgnitionFieldName] = workerConfig.ExtraIgnition.Raw
+		if workerConfig.ExtraIgnition != nil && (workerConfig.ExtraIgnition.Raw != "" || workerConfig.ExtraIgnition.IgnitionSecret != "") {
+			mergedIgnition, err := w.getMergedIgnitionConfig(ctx, workerConfig)
+			if err != nil {
+				return nil, nil, err
+			}
+			machineClassProviderSpec[metal.IgnitionFieldName] = mergedIgnition
 			machineClassProviderSpec[metal.IgnitionOverrideFieldName] = workerConfig.ExtraIgnition.Override
 		}
 
@@ -227,3 +231,28 @@ func (w *workerDelegate) getServerLabelsForMachine(machineType string, workerCon
 	}
 	return combinedLabels, nil
 }
+
+func (w *workerDelegate) getMergedIgnitionConfig(ctx context.Context, workerConfig *metalv1alpha1.WorkerConfig) (string, error) {
+	var mergedIgnition string
+
+	if workerConfig.ExtraIgnition.Raw != "" {
+		mergedIgnition = workerConfig.ExtraIgnition.Raw
+	}
+
+	if workerConfig.ExtraIgnition.IgnitionSecret != "" {
+		secret := &corev1.Secret{}
+		secretKey := client.ObjectKey{Namespace: w.worker.Namespace, Name: workerConfig.ExtraIgnition.IgnitionSecret}
+		if err := w.client.Get(ctx, secretKey, secret); err != nil {
+			return "", fmt.Errorf("failed to get ignition secret %s: %w", workerConfig.ExtraIgnition.IgnitionSecret, err)
+		}
+
+		secretContent, ok := secret.Data["ignition"]
+		if !ok {
+			return "", fmt.Errorf("ignition key not found in secret %s", workerConfig.ExtraIgnition.IgnitionSecret)
+		}
+
+		mergedIgnition += string(secretContent)
+	}
+
+	return mergedIgnition, nil
+}
diff --git a/pkg/controller/worker/machines_test.go b/pkg/controller/worker/machines_test.go
index 894ea7b..c63595a 100644
--- a/pkg/controller/worker/machines_test.go
+++ b/pkg/controller/worker/machines_test.go
@@ -76,7 +76,7 @@ var _ = Describe("Machines", func() {
 					"foo":  "bar",
 					"foo1": "bar1",
 				},
-				metal.IgnitionFieldName:         "abc",
+				metal.IgnitionFieldName:         "abcdef",
 				metal.IgnitionOverrideFieldName: true,
 			}
 
diff --git a/pkg/controller/worker/suite_test.go b/pkg/controller/worker/suite_test.go
index 310c842..26657e0 100644
--- a/pkg/controller/worker/suite_test.go
+++ b/pkg/controller/worker/suite_test.go
@@ -115,6 +115,7 @@ var _ = BeforeSuite(func() {
 func SetupTest() (*corev1.Namespace, *gardener.ChartApplier) {
 	var chartApplier gardener.ChartApplier
 	ns := &corev1.Namespace{}
+	ign := &corev1.Secret{}
 
 	BeforeEach(func(ctx SpecContext) {
 		var err error
@@ -132,13 +133,26 @@ func SetupTest() (*corev1.Namespace, *gardener.ChartApplier) {
 		volumeName := "test-volume"
 		volumeType := "fast"
 
+		*ign = corev1.Secret{
+			ObjectMeta: metav1.ObjectMeta{
+				GenerateName: "testign-",
+				Namespace:    ns.Name,
+			},
+			Data: map[string][]byte{
+				"ignition": []byte("def"),
+			},
+		}
+		Expect(k8sClient.Create(ctx, ign)).To(Succeed(), "failed to create test ignition secret")
+		DeferCleanup(k8sClient.Delete, ign)
+
 		workerConfig = &apiv1alpha1.WorkerConfig{
 			ExtraServerLabels: map[string]string{
 				"foo1": "bar1",
 			},
 			ExtraIgnition: &apiv1alpha1.IgnitionConfig{
-				Raw:      "abc",
-				Override: true,
+				Raw:            "abc",
+				IgnitionSecret: ign.Name,
+				Override:       true,
 			},
 		}
 		workerConfigJSON, _ = json.Marshal(workerConfig)