feat: Add IPAM integration

- Added RBAC rules
- Fixed reconcile

Signed-off-by: appkins <nbatkins@gmail.com>

Author: appkins

.github/workflows/ci.yaml

@@ -73,22 +73,12 @@ jobs:
           go-version: "${{ env.GO_VERSION }}"
           cache: true
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ko-build/setup-ko@v0.9
+      - run: ko login ${{ env.REGISTRY }} -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push image
         run: make build-image-push
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          IS_RELEASE: false
-          GORELEASER_EXTRA_FLAGS: "--skip=validate"
+          IS_RELEASE: true
+          GORELEASER_EXTRA_FLAGS: "--clean --skip=validate"

.github/workflows/release.yaml

@@ -27,18 +27,12 @@ jobs:
           go-version: "${{ env.GO_VERSION }}"
           cache: true
 
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Log in to the Container registry
-        uses: docker/login-action@v3
-        with:
-          registry: ${{ env.REGISTRY }}
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: ko-build/setup-ko@v0.9
+        env:
+          KO_DEFAULTBASEIMAGE: docker.io/chainguard/static
+          KO_DOCKER_REPO:  "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}"
+      
+      - run: ko login ${{ env.REGISTRY }} -u ${{ github.actor }} --password ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build and push image
         run: make build-image-push

.goreleaser.yaml

@@ -2,7 +2,7 @@ version: 2
 
 env:
   - REGISTRY={{ if index .Env "REGISTRY"  }}{{ .Env.REGISTRY }}{{ else }}ghcr.io{{ end }}
-  - IMAGE_NAME={{ if index .Env "IMAGE_NAME"  }}{{ .Env.IMAGE_NAME }}{{ else }}tinkerbell/cluster-api-provider-tinkerbell{{ end }}
+  - IMAGE_NAME={{ if index .Env "IMAGE_NAME"  }}{{ .Env.IMAGE_NAME }}{{ else }}{{.GitURL | trimprefix "https://" | trimprefix "git@" | trimprefix "github.com" | trimprefix ":" | trimprefix "/" | trimsuffix ".git"}}{{ end }}
   - BINARY=capt
   - IS_RELEASE={{ if index .Env "IS_RELEASE" }}{{ .Env.IS_RELEASE }}{{ else }}true{{ end }}
 
@@ -14,35 +14,50 @@ builds:
   - id: build
     binary: "{{ .Env.BINARY }}"
     env:
-    - CGO_ENABLED=0
+      - CGO_ENABLED=0
     goos:
-    - linux
+      - linux
     ldflags:
-    - -s -w
+      - -s -w
     goarch:
-    - amd64
-    - arm64
+      - amd64
+      - arm64
+    skip: false
 
 checksum:
-  name_template: 'checksums.txt'
+  name_template: "checksums.txt"
 
 archives:
   - formats:
-    - binary
+      - binary
 
 release:
   disable: true
 
-dockers_v2:
-  - images:
+snapshot:
+  version_template: "{{ incpatch .Version }}-next"
+
+kos:
+  - build: build
+    repositories:
       - "{{ .Env.REGISTRY }}/{{ .Env.IMAGE_NAME }}"
     tags:
       - '{{ if eq .Env.IS_RELEASE "true" }}v{{ .Version }}{{ end }}'
-      - '{{ if not .IsNightly }}latest{{ end }}'
+      - "{{ if not .IsSnapshot }}latest{{ end }}"
       - '{{ if eq .Branch "main" }}sha-{{ .ShortCommit }}{{ end }}'
     labels:
       "org.opencontainers.image.created": "{{.Date}}"
       "org.opencontainers.image.name": "{{.ProjectName}}"
       "org.opencontainers.image.revision": "{{.FullCommit}}"
       "org.opencontainers.image.version": "v{{.Version}}"
       "org.opencontainers.image.source": "{{.GitURL}}"
+    bare: true
+    preserve_import_paths: false
+    platforms:
+      - linux/amd64
+      - linux/arm64
+    base_image: docker.io/chainguard/static
+    creation_time: "{{.CommitTimestamp}}"
+    ko_data_creation_time: "{{.CommitTimestamp}}"
+    sbom: none
+    disable: "{{ .IsSnapshot }}"

api/v1beta1/tinkerbellmachine_types.go

@@ -82,6 +82,13 @@ type TinkerbellMachineSpec struct {
 	// +optional
 	BootOptions BootOptions `json:"bootOptions,omitempty"`
 
+	// IPAMPoolRef is a reference to an IPAM pool resource to allocate an IP address from.
+	// When specified, an IPAddressClaim will be created to request an IP address allocation.
+	// The allocated IP will be set on the Hardware's first interface DHCP configuration.
+	// This enables integration with Cluster API IPAM providers for dynamic IP allocation.
+	// +optional
+	IPAMPoolRef *corev1.TypedLocalObjectReference `json:"ipamPoolRef,omitempty"`
+
 	// Those fields are set programmatically, but they cannot be re-constructed from "state of the world", so
 	// we put them in spec instead of status.
 	HardwareName string `json:"hardwareName,omitempty"`

api/v1beta1/zz_generated.deepcopy.go

@@ -265,6 +265,30 @@ spec:
                   ImageLookupOSVersion is the version of the OS distribution to use when fetching machine
                   images. If not set it will default based on ImageLookupOSDistro.
                 type: string
+              ipamPoolRef:
+                description: |-
+                  IPAMPoolRef is a reference to an IPAM pool resource to allocate an IP address from.
+                  When specified, an IPAddressClaim will be created to request an IP address allocation.
+                  The allocated IP will be set on the Hardware's first interface DHCP configuration.
+                  This enables integration with Cluster API IPAM providers for dynamic IP allocation.
+                properties:
+                  apiGroup:
+                    description: |-
+                      APIGroup is the group for the resource being referenced.
+                      If APIGroup is not specified, the specified Kind must be in the core API group.
+                      For any other third-party types, APIGroup is required.
+                    type: string
+                  kind:
+                    description: Kind is the type of resource being referenced
+                    type: string
+                  name:
+                    description: Name is the name of resource being referenced
+                    type: string
+                required:
+                - kind
+                - name
+                type: object
+                x-kubernetes-map-type: atomic
               providerID:
                 type: string
               templateOverride:

config/crd/bases/infrastructure.cluster.x-k8s.io_tinkerbellmachines.yaml

@@ -258,6 +258,30 @@ spec:
                           ImageLookupOSVersion is the version of the OS distribution to use when fetching machine
                           images. If not set it will default based on ImageLookupOSDistro.
                         type: string
+                      ipamPoolRef:
+                        description: |-
+                          IPAMPoolRef is a reference to an IPAM pool resource to allocate an IP address from.
+                          When specified, an IPAddressClaim will be created to request an IP address allocation.
+                          The allocated IP will be set on the Hardware's first interface DHCP configuration.
+                          This enables integration with Cluster API IPAM providers for dynamic IP allocation.
+                        properties:
+                          apiGroup:
+                            description: |-
+                              APIGroup is the group for the resource being referenced.
+                              If APIGroup is not specified, the specified Kind must be in the core API group.
+                              For any other third-party types, APIGroup is required.
+                            type: string
+                          kind:
+                            description: Kind is the type of resource being referenced
+                            type: string
+                          name:
+                            description: Name is the name of resource being referenced
+                            type: string
+                        required:
+                        - kind
+                        - name
+                        type: object
+                        x-kubernetes-map-type: atomic
                       providerID:
                         type: string
                       templateOverride:

config/crd/bases/infrastructure.cluster.x-k8s.io_tinkerbellmachinetemplates.yaml

@@ -54,6 +54,34 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddressclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddressclaims/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddresses
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - tinkerbell.org
   resources:

config/rbac/role.yaml

@@ -2,6 +2,7 @@ package machine
 
 import (
 	"fmt"
+	"maps"
 	"sort"
 	"strings"
 
@@ -84,9 +85,7 @@ func (scope *machineReconcileScope) patchHardwareAnnotations(hw *tinkv1.Hardware
 		hw.Annotations = map[string]string{}
 	}
 
-	for k, v := range annotations {
-		hw.Annotations[k] = v
-	}
+	maps.Copy(hw.Annotations, annotations)
 
 	if err := patchHelper.Patch(scope.ctx, hw); err != nil {
 		return fmt.Errorf("patching Hardware object: %w", err)
@@ -152,6 +151,14 @@ func (scope *machineReconcileScope) ensureHardware() (*tinkv1.Hardware, error) {
 		return nil, fmt.Errorf("ensuring Hardware user data: %w", err)
 	}
 
+	// Check if IPAM pool is configured and handle IP allocation
+	poolRef := scope.getIPAMPoolRef()
+	if poolRef != nil {
+		if err := scope.reconcileIPAM(hw, poolRef); err != nil {
+			return hw, fmt.Errorf("failed to reconcile IPAM: %w", err)
+		}
+	}
+
 	return hw, scope.setStatus(hw)
 }