Local node labels (#984)

* register: Send local labels

Implement sending labels from the elemental-register binary to the
elemental-operator.

The labels can be specified as flags to the binary '--label env=staging
--label region=eu-north' or in a local file (defaults to
'/etc/elemental/labels.yaml' but can be changed using
--local-labels-file flag.)

Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>

* Add label prefix field to MachineRegistration

The prefix can be used to set a custom prefix to the labels generated
for MachineInventories.

If a '-' is specified, no prefix is added to the Labels and Annotations
for the MachineInventory.

* Updates for e2e tests

This commit tries to bump dependencies and fix configuration for the e2e
tests.

Following actions were taken:

* Remove namespace from rbac role-binding roleRef (not a valid field)
* Update kubernetes version to v1.34.3 used by kind
* Update tested rancher version to v2.13.3
* Update cert-manager version to v1.20.2
* Update nginx-controller version to v1.15.1
* Update system-upgrade-controller version to v0.19.2
* Update logic in tests checking for rancher readiness
* Remove CATTLE_BOOTSTRAP_PASSWORD environment (setting duplicate env)
Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>

* Set labels using the templater

This change makes it possible to use the value templates (eg
${Runtime/Hostname} as a value for the local labels sent to the
registration API.

Signed-off-by: Fredrik Lönnegren <fredrik.lonnegren@suse.com>

Author: frelon

.obs/chartfile/elemental-operator-crds-helm/templates/crds.yaml

@@ -897,6 +897,10 @@ spec:
                           emulated-tpm-seed:
                             format: int64
                             type: integer
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
                           no-smbios:
                             type: boolean
                           no-toolkit:
@@ -992,6 +996,11 @@ spec:
                         type: object
                     type: object
                 type: object
+              labelPrefix:
+                description: |-
+                  LabelPrefix is prepended to client-sent label and annotation keys (with a "/" separator).
+                  Defaults to "elemental.cattle.io". Set to "-" to disable prefixing.
+                type: string
               machineInventoryAnnotations:
                 additionalProperties:
                   type: string

.obs/chartfile/elemental-operator-helm/templates/rbac.yaml

@@ -330,7 +330,6 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: '{{ .Release.Name }}'
-  namespace: fleet-default
 subjects:
 - kind: ServiceAccount
   name: '{{ .Release.Name }}'

Makefile

@@ -20,7 +20,7 @@ endif
 export ROOT_DIR:=$(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
 CHART?=$(shell find $(ROOT_DIR) -type f  -name "elemental-operator-$(CHART_VERSION).tgz" -print)
 CHART_CRDS?=$(shell find $(ROOT_DIR) -type f  -name "elemental-operator-crds-$(CHART_VERSION).tgz" -print)
-KUBE_VERSION?="v1.27.10"
+KUBE_VERSION?="v1.34.3"
 CLUSTER_NAME?="operator-e2e"
 COMMITDATE?=$(shell git log -n1 --format="%as")
 GO_TPM_TAG?=$(shell grep google/go-tpm-tools go.mod | awk '{print $$2}')

api/v1beta1/machineregistration_types.go

@@ -45,11 +45,26 @@ type MachineRegistrationSpec struct {
 	// MachineInventoryAnnotations annotations to be added to the created MachineInventory object.
 	// +optional
 	MachineInventoryAnnotations map[string]string `json:"machineInventoryAnnotations,omitempty"`
+	// LabelPrefix is prepended to client-sent label and annotation keys (with a "/" separator).
+	// Defaults to "elemental.cattle.io". Set to "-" to disable prefixing.
+	// +optional
+	LabelPrefix string `json:"labelPrefix,omitempty"`
 	// Config the cloud config that will be used to provision the node.
 	// +optional
 	Config Config `json:"config,omitempty"`
 }
 
+func (s *MachineRegistrationSpec) GetLabelPrefix() string {
+	switch s.LabelPrefix {
+	case "":
+		return "elemental.cattle.io/"
+	case "-":
+		return ""
+	default:
+		return s.LabelPrefix + "/"
+	}
+}
+
 type MachineRegistrationStatus struct {
 	// Conditions describe the state of the machine registration object.
 	// +optional

api/v1beta1/types.go

@@ -109,6 +109,8 @@ type Registration struct {
 	Auth string `json:"auth,omitempty" yaml:"auth,omitempty" mapstructure:"auth"`
 	// +optional
 	NoToolkit bool `json:"no-toolkit,omitempty" yaml:"no-toolkit,omitempty" mapstructure:"no-toolkit"`
+	// +optional
+	Labels map[string]string `json:"labels,omitempty" yaml:"labels,omitempty" mapstructure:"labels"`
 }
 
 type SystemAgent struct {

api/v1beta1/zz_generated.deepcopy.go

@@ -41,6 +41,7 @@ const (
 	defaultLiveStatePath            = "/tmp/registration/state.yaml"
 	defaultConfigPath               = "/oem/registration/config.yaml"
 	defaultLiveConfigPath           = "/run/initramfs/live/livecd-cloud-config.yaml"
+	defaultLocalLabelsFile          = "/etc/elemental/labels.yaml"
 	registrationUpdateSuppressTimer = 24 * time.Hour
 )
 
@@ -53,6 +54,8 @@ var (
 	disableBootEntry bool
 	configPath       string
 	statePath        string
+	localLabelsFile  string
+	labels           map[string]string
 )
 
 var (
@@ -100,6 +103,17 @@ func newCommand(fs vfs.FS, client register.Client, stateHandler register.StateHa
 			if err := initConfig(fs); err != nil {
 				return fmt.Errorf("initializing configuration: %w", err)
 			}
+			// Merge labels from local file into config
+			if err := mergeLocalLabelsFile(fs); err != nil {
+				return fmt.Errorf("loading local labels file: %w", err)
+			}
+			// Merge CLI labels into config (overrides file labels)
+			for k, v := range labels {
+				if cfg.Elemental.Registration.Labels == nil {
+					cfg.Elemental.Registration.Labels = map[string]string{}
+				}
+				cfg.Elemental.Registration.Labels[k] = v
+			}
 			// Load Registration State
 			if err := stateHandler.Init(statePath); err != nil {
 				return fmt.Errorf("initializing state handler on path '%s': %w", statePath, err)
@@ -189,6 +203,8 @@ func newCommand(fs vfs.FS, client register.Client, stateHandler register.StateHa
 	cmd.Flags().BoolVar(&installation, "install", false, "Install a new machine")
 	cmd.Flags().BoolVar(&cfg.Elemental.Registration.NoToolkit, "no-toolkit", false, "No OS management via elemental-toolkit, only Install agent config files to local filesystem (for pre-installed hosts)")
 	cmd.Flags().BoolVar(&disableBootEntry, "disable-boot-entry", false, "Don't create an EFI entry for the system during install/reset")
+	cmd.Flags().StringToStringVar(&labels, "label", nil, "Client-side labels to add to the MachineInventory (key=value pairs)")
+	cmd.Flags().StringVar(&localLabelsFile, "local-labels-file", defaultLocalLabelsFile, "Path to a YAML file containing labels to add to the MachineInventory")
 	return cmd
 }
 
@@ -239,6 +255,29 @@ func initConfig(fs vfs.FS) error {
 	return nil
 }
 
+func mergeLocalLabelsFile(fs vfs.FS) error {
+	if _, err := fs.Stat(localLabelsFile); err != nil {
+		log.Debugf("Local labels file '%s' not found, skipping", localLabelsFile)
+		return nil
+	}
+	data, err := fs.ReadFile(localLabelsFile)
+	if err != nil {
+		return fmt.Errorf("reading local labels file '%s': %w", localLabelsFile, err)
+	}
+	fileLabels := map[string]string{}
+	if err := yaml.Unmarshal(data, &fileLabels); err != nil {
+		return fmt.Errorf("parsing local labels file '%s': %w", localLabelsFile, err)
+	}
+	log.Infof("Loaded %d labels from '%s'", len(fileLabels), localLabelsFile)
+	for k, v := range fileLabels {
+		if cfg.Elemental.Registration.Labels == nil {
+			cfg.Elemental.Registration.Labels = map[string]string{}
+		}
+		cfg.Elemental.Registration.Labels[k] = v
+	}
+	return nil
+}
+
 func getRegistrationCA(fs vfs.FS, config elementalv1.Config) ([]byte, error) {
 	registration := config.Elemental.Registration
 

cmd/register/main.go

@@ -363,6 +363,76 @@ var _ = Describe("elemental-register --reset", Label("registration", "cli", "res
 	})
 })
 
+var _ = Describe("elemental-register --local-labels-file", Label("registration", "cli", "labels"), func() {
+	var fs vfs.FS
+	var err error
+	var fsCleanup func()
+	var cmd *cobra.Command
+	var mockCtrl *gomock.Controller
+	var client *rmocks.MockClient
+	var installer *imocks.MockInstaller
+	var stateHandler *rmocks.MockStateHandler
+	BeforeEach(func() {
+		fs, fsCleanup, err = vfst.NewTestFS(map[string]interface{}{})
+		Expect(err).ToNot(HaveOccurred())
+		mockCtrl = gomock.NewController(GinkgoT())
+		client = rmocks.NewMockClient(mockCtrl)
+		installer = imocks.NewMockInstaller(mockCtrl)
+		stateHandler = rmocks.NewMockStateHandler(mockCtrl)
+		cmd = newCommand(fs, client, stateHandler, installer)
+		DeferCleanup(fsCleanup)
+	})
+	When("using existing default config", func() {
+		BeforeEach(func() {
+			marshalIntoFile(fs, baseConfigFixture, defaultConfigPath)
+			stateHandler.EXPECT().Init(defaultStatePath).Return(nil)
+			stateHandler.EXPECT().Load().Return(stateFixture, nil)
+			stateHandler.EXPECT().Save(stateFixture).Return(nil)
+		})
+		It("should load labels from the default file path", func() {
+			fileLabels := map[string]string{"env": "production", "region": "us-east"}
+			marshalIntoFile(fs, fileLabels, defaultLocalLabelsFile)
+			cmd.SetArgs([]string{})
+			wantReg := baseConfigFixture.Elemental.Registration.DeepCopy()
+			wantReg.Labels = map[string]string{"env": "production", "region": "us-east"}
+			client.EXPECT().
+				Register(*wantReg, []byte(wantReg.CACert), &stateFixture).
+				Return(marshalToBytes(baseConfigFixture), nil)
+			Expect(cmd.Execute()).ToNot(HaveOccurred())
+		})
+		It("should skip missing labels file without error", func() {
+			cmd.SetArgs([]string{})
+			client.EXPECT().
+				Register(baseConfigFixture.Elemental.Registration, []byte(baseConfigFixture.Elemental.Registration.CACert), &stateFixture).
+				Return(marshalToBytes(baseConfigFixture), nil)
+			Expect(cmd.Execute()).ToNot(HaveOccurred())
+		})
+		It("should let CLI labels override file labels", func() {
+			fileLabels := map[string]string{"env": "from-file", "region": "us-east"}
+			marshalIntoFile(fs, fileLabels, defaultLocalLabelsFile)
+			cmd.SetArgs([]string{"--label", "env=from-cli"})
+			wantReg := baseConfigFixture.Elemental.Registration.DeepCopy()
+			wantReg.Labels = map[string]string{"env": "from-cli", "region": "us-east"}
+			client.EXPECT().
+				Register(*wantReg, []byte(wantReg.CACert), &stateFixture).
+				Return(marshalToBytes(baseConfigFixture), nil)
+			Expect(cmd.Execute()).ToNot(HaveOccurred())
+		})
+		It("should load labels from a custom file path", func() {
+			customPath := "/custom/path/labels.yaml"
+			fileLabels := map[string]string{"custom": "label"}
+			marshalIntoFile(fs, fileLabels, customPath)
+			cmd.SetArgs([]string{"--local-labels-file", customPath})
+			wantReg := baseConfigFixture.Elemental.Registration.DeepCopy()
+			wantReg.Labels = map[string]string{"custom": "label"}
+			client.EXPECT().
+				Register(*wantReg, []byte(wantReg.CACert), &stateFixture).
+				Return(marshalToBytes(baseConfigFixture), nil)
+			Expect(cmd.Execute()).ToNot(HaveOccurred())
+		})
+	})
+})
+
 func marshalIntoFile(fs vfs.FS, input any, filePath string) {
 	bytes := marshalToBytes(input)
 	Expect(vfs.MkdirAll(fs, path.Dir(filePath), os.ModePerm)).ToNot(HaveOccurred())

cmd/register/main_test.go

@@ -130,6 +130,10 @@ spec:
                           emulated-tpm-seed:
                             format: int64
                             type: integer
+                          labels:
+                            additionalProperties:
+                              type: string
+                            type: object
                           no-smbios:
                             type: boolean
                           no-toolkit:
@@ -225,6 +229,11 @@ spec:
                         type: object
                     type: object
                 type: object
+              labelPrefix:
+                description: |-
+                  LabelPrefix is prepended to client-sent label and annotation keys (with a "/" separator).
+                  Defaults to "elemental.cattle.io". Set to "-" to disable prefixing.
+                type: string
               machineInventoryAnnotations:
                 additionalProperties:
                   type: string

config/crd/bases/elemental.cattle.io_machineregistrations.yaml

@@ -7,7 +7,6 @@ roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: Role
   name: manager-role
-  namespace: fleet-default
 subjects:
 - kind: ServiceAccount
   name: manager-role