baremetal: add CLC snippets in configuration

This commit adds functionality to add CLC snippets to the Baremetal
Lokomotive configuration.

Updates the existing CLC snippet test to also cover
baremetal platform.

Updates the Baremetal configuration reference documentation
to include the new variable `clc_snippets`.

Signed-off-by: Imran Pochi <imran@kinvolk.io>

Author: Imran Pochi

ci/baremetal/baremetal-cluster.lokocfg.envsubst

@@ -44,6 +44,18 @@ cluster "bare-metal" {
   conntrack_max_per_core = 65000
 
   install_to_smallest_disk = true
+
+  clc_snippets = {
+    "node1" = [
+      file("./clc-snippet.yaml"),
+    ]
+    "node2" = [
+      file("./clc-snippet.yaml"),
+    ]
+    "node3" = [
+      file("./clc-snippet.yaml"),
+    ]
+  }
 }
 
 component "inspektor-gadget" {}

docs/configuration-reference/platforms/baremetal.md

@@ -55,6 +55,17 @@ cluster "bare-metal" {
 
   cached_install = "true"
 
+  clc_snippets = {
+  "<name_of_controller_or_worker>" = [
+    file("./clc-snippet-1.yaml"),
+  ]
+  "<name_of_controller_or_worker>" = [
+    file("./clc-snippet-2.yaml"),
+  ]
+  "<name_of_controller_or_worker>" = [
+    file("./clc-snippet-3.yaml"),
+  ]
+
   matchbox_ca_path = var.matchbox_ca_path
 
   matchbox_client_cert_path = var.matchbox_client_cert_path

pkg/platform/baremetal/baremetal.go

@@ -31,37 +31,38 @@ import (
 )
 
 type config struct {
-	AssetDir                     string            `hcl:"asset_dir"`
-	CachedInstall                string            `hcl:"cached_install,optional"`
-	ClusterName                  string            `hcl:"cluster_name"`
-	ControllerDomains            []string          `hcl:"controller_domains"`
-	ControllerMacs               []string          `hcl:"controller_macs"`
-	ControllerNames              []string          `hcl:"controller_names"`
-	DisableSelfHostedKubelet     bool              `hcl:"disable_self_hosted_kubelet,optional"`
-	K8sDomainName                string            `hcl:"k8s_domain_name"`
-	MatchboxCAPath               string            `hcl:"matchbox_ca_path"`
-	MatchboxClientCertPath       string            `hcl:"matchbox_client_cert_path"`
-	MatchboxClientKeyPath        string            `hcl:"matchbox_client_key_path"`
-	MatchboxEndpoint             string            `hcl:"matchbox_endpoint"`
-	MatchboxHTTPEndpoint         string            `hcl:"matchbox_http_endpoint"`
-	NetworkMTU                   int               `hcl:"network_mtu,optional"`
-	OSChannel                    string            `hcl:"os_channel,optional"`
-	OSVersion                    string            `hcl:"os_version,optional"`
-	SSHPubKeys                   []string          `hcl:"ssh_pubkeys"`
-	WorkerNames                  []string          `hcl:"worker_names"`
-	WorkerMacs                   []string          `hcl:"worker_macs"`
-	WorkerDomains                []string          `hcl:"worker_domains"`
-	Labels                       map[string]string `hcl:"labels,optional"`
-	OIDC                         *oidc.Config      `hcl:"oidc,block"`
-	EnableTLSBootstrap           bool              `hcl:"enable_tls_bootstrap,optional"`
-	EncryptPodTraffic            bool              `hcl:"encrypt_pod_traffic,optional"`
-	IgnoreX509CNCheck            bool              `hcl:"ignore_x509_cn_check,optional"`
-	ConntrackMaxPerCore          int               `hcl:"conntrack_max_per_core,optional"`
-	InstallToSmallestDisk        bool              `hcl:"install_to_smallest_disk,optional"`
-	InstallDisk                  string            `hcl:"install_disk,optional"`
-	KernelArgs                   []string          `hcl:"kernel_args,optional"`
-	DownloadProtocol             string            `hcl:"download_protocol,optional"`
-	NetworkIPAutodetectionMethod string            `hcl:"network_ip_autodetection_method,optional"`
+	AssetDir                     string              `hcl:"asset_dir"`
+	CachedInstall                string              `hcl:"cached_install,optional"`
+	ClusterName                  string              `hcl:"cluster_name"`
+	ControllerDomains            []string            `hcl:"controller_domains"`
+	ControllerMacs               []string            `hcl:"controller_macs"`
+	ControllerNames              []string            `hcl:"controller_names"`
+	DisableSelfHostedKubelet     bool                `hcl:"disable_self_hosted_kubelet,optional"`
+	K8sDomainName                string              `hcl:"k8s_domain_name"`
+	MatchboxCAPath               string              `hcl:"matchbox_ca_path"`
+	MatchboxClientCertPath       string              `hcl:"matchbox_client_cert_path"`
+	MatchboxClientKeyPath        string              `hcl:"matchbox_client_key_path"`
+	MatchboxEndpoint             string              `hcl:"matchbox_endpoint"`
+	MatchboxHTTPEndpoint         string              `hcl:"matchbox_http_endpoint"`
+	NetworkMTU                   int                 `hcl:"network_mtu,optional"`
+	OSChannel                    string              `hcl:"os_channel,optional"`
+	OSVersion                    string              `hcl:"os_version,optional"`
+	SSHPubKeys                   []string            `hcl:"ssh_pubkeys"`
+	WorkerNames                  []string            `hcl:"worker_names"`
+	WorkerMacs                   []string            `hcl:"worker_macs"`
+	WorkerDomains                []string            `hcl:"worker_domains"`
+	Labels                       map[string]string   `hcl:"labels,optional"`
+	OIDC                         *oidc.Config        `hcl:"oidc,block"`
+	EnableTLSBootstrap           bool                `hcl:"enable_tls_bootstrap,optional"`
+	EncryptPodTraffic            bool                `hcl:"encrypt_pod_traffic,optional"`
+	IgnoreX509CNCheck            bool                `hcl:"ignore_x509_cn_check,optional"`
+	ConntrackMaxPerCore          int                 `hcl:"conntrack_max_per_core,optional"`
+	InstallToSmallestDisk        bool                `hcl:"install_to_smallest_disk,optional"`
+	InstallDisk                  string              `hcl:"install_disk,optional"`
+	KernelArgs                   []string            `hcl:"kernel_args,optional"`
+	DownloadProtocol             string              `hcl:"download_protocol,optional"`
+	NetworkIPAutodetectionMethod string              `hcl:"network_ip_autodetection_method,optional"`
+	CLCSnippets                  map[string][]string `hcl:"clc_snippets,optional"`
 	KubeAPIServerExtraFlags      []string
 }
 
@@ -231,6 +232,7 @@ func createTerraformConfigFile(cfg *config, terraformPath string) error {
 		KernelArgs                   []string
 		DownloadProtocol             string
 		NetworkIPAutodetectionMethod string
+		CLCSnippets                  map[string][]string
 	}{
 		CachedInstall:                cfg.CachedInstall,
 		ClusterName:                  cfg.ClusterName,
@@ -262,6 +264,7 @@ func createTerraformConfigFile(cfg *config, terraformPath string) error {
 		KernelArgs:                   cfg.KernelArgs,
 		DownloadProtocol:             cfg.DownloadProtocol,
 		NetworkIPAutodetectionMethod: cfg.NetworkIPAutodetectionMethod,
+		CLCSnippets:                  cfg.CLCSnippets,
 	}
 
 	if err := t.Execute(f, terraformCfg); err != nil {
@@ -304,5 +307,25 @@ func (c *config) checkValidConfig() hcl.Diagnostics {
 		diagnostics = append(diagnostics, diags...)
 	}
 
+	for key, list := range c.CLCSnippets {
+		if key == "" || len(list) == 0 {
+			diagnostics = append(diagnostics, &hcl.Diagnostic{
+				Severity: hcl.DiagError,
+				Summary:  "key/value for clc_snippets map can't be empty",
+				Detail:   fmt.Sprintf("either key or value for clc_snippets is empty: %q : %v", key, list),
+			})
+		}
+
+		for _, data := range list {
+			if data == "" {
+				diagnostics = append(diagnostics, &hcl.Diagnostic{
+					Severity: hcl.DiagError,
+					Summary:  "Values list for clc_snippets cannot contain an empty element",
+					Detail:   fmt.Sprintf("found empty element in the key value pair: %q : %v", key, list),
+				})
+			}
+		}
+	}
+
 	return diagnostics
 }

pkg/platform/baremetal/baremetal_internal_test.go

@@ -56,6 +56,21 @@ func TestConfigurationIsInvalidWhen(t *testing.T) {
 		"conntrack_max_per_core_is_negative": func(c *config) {
 			c.ConntrackMaxPerCore = -1
 		},
+		"clc_snippets_key_is_empty": func(c *config) {
+			c.CLCSnippets = map[string][]string{
+				"": {"clc_snippet_1", "clc_snippet_2"},
+			}
+		},
+		"clc_snippets_value_is_empty": func(c *config) {
+			c.CLCSnippets = map[string][]string{
+				"node1": {""},
+			}
+		},
+		"at_least_one_clc_snippets_value_is_empty": func(c *config) {
+			c.CLCSnippets = map[string][]string{
+				"node1": {"clc_snippet_1", "", "clc_snippet_3"},
+			}
+		},
 	}
 
 	for n, c := range cases {
@@ -95,6 +110,11 @@ func TestConfigurationIsValidWhen(t *testing.T) {
 		"download_protocol_used_is_https": func(c *config) {
 			c.DownloadProtocol = "https"
 		},
+		"clc_snippets_has_both_key_and_value_populated": func(c *config) {
+			c.CLCSnippets = map[string][]string{
+				"node1": {"clc_snippet_1", "clc_snippet_2"},
+			}
+		},
 	}
 
 	for n, c := range cases {

pkg/platform/baremetal/template.go

@@ -88,6 +88,21 @@ module "bare-metal-{{.ClusterName}}" {
   download_protocol = "{{ .DownloadProtocol }}"
 
   network_ip_autodetection_method = "{{ .NetworkIPAutodetectionMethod }}"
+
+  {{- if .CLCSnippets}}
+  clc_snippets = {
+    {{- range $nodeName, $clcSnippetList := .CLCSnippets }}
+    "{{ $nodeName }}" = [
+    {{- range $clcSnippet := $clcSnippetList }}
+      <<EOF
+{{ $clcSnippet }}
+EOF
+      ,
+    {{- end }}
+    ]
+    {{- end }}
+  }
+  {{- end }}
 }
 
 terraform {

test/system/clc_snippets_test.go

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-// +build aws aws_edge packet
+// +build aws aws_edge packet baremetal
 // +build e2e
 
 //nolint:dupl