feat: support environment in ExtensionServicesConfig

Support setting extension services environment variables in `ExtensionServicesConfig` document. Also move extensions config under `runtime` pkg. Fixes: #8271 Signed-off-by: Noel Georgi <[email protected]>
siderolabs · Feb 12, 2024 · f0a933c · f0a933c
1 parent 83e0b0c
commit f0a933c
Show file tree

Hide file tree

Showing 25 changed files with 682 additions and 332 deletions.
diff --git a/api/api.descriptors b/api/api.descriptors
diff --git a/api/resource/definitions/runtime/runtime.proto b/api/resource/definitions/runtime/runtime.proto
@@ -25,7 +25,8 @@ message ExtensionServicesConfigFile {
 
 // ExtensionServicesConfigSpec describes status of rendered extensions service config files.
 message ExtensionServicesConfigSpec {
-  repeated ExtensionServicesConfigFile files = 2;
+  repeated ExtensionServicesConfigFile files = 1;
+  repeated string environment = 2;
 }
 
 // ExtensionServicesConfigStatusSpec describes status of rendered extensions service config files.

diff --git a/cmd/talosctl/cmd/docs.go b/cmd/talosctl/cmd/docs.go
@@ -21,6 +21,7 @@ import (
 	"github.com/siderolabs/talos/pkg/machinery/config/encoder"
 	"github.com/siderolabs/talos/pkg/machinery/config/types/network"
 	"github.com/siderolabs/talos/pkg/machinery/config/types/runtime"
+	"github.com/siderolabs/talos/pkg/machinery/config/types/runtime/extensions"
 	"github.com/siderolabs/talos/pkg/machinery/config/types/siderolink"
 	v1alpha1 "github.com/siderolabs/talos/pkg/machinery/config/types/v1alpha1"
 )
@@ -120,6 +121,10 @@ var docsCmd = &cobra.Command{
 					name:    "v1alpha1",
 					fileDoc: v1alpha1.GetFileDoc(),
 				},
+				{
+					name:    "extensions",
+					fileDoc: extensions.GetFileDoc(),
+				},
 			} {
 				path := filepath.Join(dir, pkg.name)
 

diff --git a/hack/release.toml b/hack/release.toml
@@ -78,9 +78,9 @@ Talos Linux now supports OpenNebula platform.
 """
 
     [notes.extensions]
-        title = "Extension Services Config"
+        title = "Extension Services Config Files"
         description = """\
-Talos now supports supplying configuration files for extension services that can be mounted into the extension service container.
+Talos now supports supplying configuration files and environment variables for extension services.
 The extension service configuration is a separate config document. An example is shown below:
 
 ```yaml
@@ -92,9 +92,15 @@ config:
       configFiles:
         - content: MONITOR ${upsmonHost} 1 remote pass password
           mountPath: /usr/local/etc/nut/upsmon.conf
+    - name: tailscale
+      environment:
+        - TS_AUTHKEY=tskey-auth-*******CNTRL-********************************
 ```
+
+For documentation, see [Extension Services Config Files](https://www.talos.dev/v1.7/reference/configuration/extensions/extensionservicesconfig/).
 """
 
+
 [make_deps]
 
     [make_deps.tools]

diff --git a/internal/app/machined/pkg/controllers/runtime/extension_services_config.go b/internal/app/machined/pkg/controllers/runtime/extension_services_config.go
@@ -74,10 +74,12 @@ func (ctrl *ExtensionServicesConfigController) Run(ctx context.Context, r contro
 					spec.TypedSpec().Files = xslices.Map(ext.ConfigFiles(), func(c extconfig.ExtensionServicesConfigFile) runtime.ExtensionServicesConfigFile {
 						return runtime.ExtensionServicesConfigFile{
 							Content:   c.Content(),
-							MountPath: c.Path(),
+							MountPath: c.MountPath(),
 						}
 					})
 
+					spec.TypedSpec().Environment = ext.Environment()
+
 					return nil
 				}); err != nil {
 					return err

diff --git a/internal/app/machined/pkg/controllers/runtime/extension_services_config_test.go b/internal/app/machined/pkg/controllers/runtime/extension_services_config_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
 	"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/runtime"
 	"github.com/siderolabs/talos/pkg/machinery/config/container"
-	"github.com/siderolabs/talos/pkg/machinery/config/types/extensionservicesconfig"
+	"github.com/siderolabs/talos/pkg/machinery/config/types/runtime/extensions"
 	"github.com/siderolabs/talos/pkg/machinery/resources/config"
 	runtimeres "github.com/siderolabs/talos/pkg/machinery/resources/runtime"
 )
@@ -34,29 +34,30 @@ func TestExtensionServicesConfigSuite(t *testing.T) {
 }
 
 func (suite *ExtensionServicesConfigSuite) TestReconcileExtensionServicesConfig() {
-	extensionsServiceConfigDoc := extensionservicesconfig.NewExtensionServicesConfigV1Alpha1()
-	extensionsServiceConfigDoc.Config = []extensionservicesconfig.ExtensionServiceConfig{
+	extensionsServiceConfigDoc := extensions.NewExtensionServicesConfigV1Alpha1()
+	extensionsServiceConfigDoc.Config = []extensions.ServiceConfig{
 		{
-			ExtensionName: "test-extension-a",
-			ExtensionServiceConfigFiles: []extensionservicesconfig.ExtensionServiceConfigFile{
+			ServiceName: "test-extension-a",
+			ServiceConfigFiles: []extensions.ConfigFile{
 				{
-					ExtensionContent:   "test-content-a",
-					ExtensionMountPath: "/etc/test",
+					ConfigFileContent:   "test-content-a",
+					ConfigFileMountPath: "/etc/test",
 				},
 			},
 		},
 		{
-			ExtensionName: "test-extension-b",
-			ExtensionServiceConfigFiles: []extensionservicesconfig.ExtensionServiceConfigFile{
+			ServiceName: "test-extension-b",
+			ServiceConfigFiles: []extensions.ConfigFile{
 				{
-					ExtensionContent:   "test-content-b",
-					ExtensionMountPath: "/etc/bar",
+					ConfigFileContent:   "test-content-b",
+					ConfigFileMountPath: "/etc/bar",
 				},
 				{
-					ExtensionContent:   "test-content-c",
-					ExtensionMountPath: "/var/etc/foo",
+					ConfigFileContent:   "test-content-c",
+					ConfigFileMountPath: "/var/etc/foo",
 				},
 			},
+			ServiceEnvironment: []string{"FOO=BAR"},
 		},
 	}
 
@@ -72,6 +73,7 @@ func (suite *ExtensionServicesConfigSuite) TestReconcileExtensionServicesConfig(
 			content   string
 			mountPath string
 		}
+		environment []string
 	}{
 		{
 			extensionName: "test-extension-a",
@@ -100,6 +102,9 @@ func (suite *ExtensionServicesConfigSuite) TestReconcileExtensionServicesConfig(
 					mountPath: "/var/etc/foo",
 				},
 			},
+			environment: []string{
+				"FOO=BAR",
+			},
 		},
 	} {
 		ctest.AssertResource(suite, tt.extensionName, func(config *runtimeres.ExtensionServicesConfig, asrt *assert.Assertions) {
@@ -117,6 +122,7 @@ func (suite *ExtensionServicesConfigSuite) TestReconcileExtensionServicesConfig(
 			})
 
 			suite.Assert().Equal(configFileData, spec.Files)
+			suite.Assert().Equal(tt.environment, spec.Environment)
 		})
 	}
 

diff --git a/internal/app/machined/pkg/system/services/extension.go b/internal/app/machined/pkg/system/services/extension.go
@@ -166,6 +166,11 @@ func (svc *Extension) Runner(r runtime.Runtime) (runner.Runner, error) {
 
 	mounts := append([]specs.Mount{}, svc.Spec.Container.Mounts...)
 
+	envVars, err := svc.parseEnvironment()
+	if err != nil {
+		return nil, err
+	}
+
 	configSpec, err := safe.StateGetByID[*runtimeres.ExtensionServicesConfig](context.Background(), r.State().V1Alpha2().Resources(), svc.Spec.Name)
 	if err == nil {
 		spec := configSpec.TypedSpec()
@@ -178,6 +183,8 @@ func (svc *Extension) Runner(r runtime.Runtime) (runner.Runner, error) {
 				Options:     []string{"ro", "bind"},
 			})
 		}
+
+		envVars = append(envVars, spec.Environment...)
 	} else if !state.IsNotFoundError(err) {
 		return nil, err
 	}
@@ -193,11 +200,6 @@ func (svc *Extension) Runner(r runtime.Runtime) (runner.Runner, error) {
 		restartType = restart.UntilSuccess
 	}
 
-	envVars, err := svc.parseEnvironment()
-	if err != nil {
-		return nil, err
-	}
-
 	ociSpecOpts := svc.getOCIOptions(envVars, mounts)
 
 	debug := false