feat(genconfig): support templating node labels and annotations

Signed-off-by: solidDoWant <fred.heinecke@yahoo.com>

docs/docs/guides.md

@@ -302,6 +302,56 @@ imageFactory:
 The `schematicEndpoint` is used to do HTTP POST request to get the schematic ID.
 If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass `--offline` flag to `talhelper genconfig` command and modify the `installerURLTmpl` to your needs.
 
+## Templating node labels or annotations for system-upgrade-controller
+
+Some configuration fields can use Helm-like templating. These templates have the ability to reference other configuration fields and run [Sprig functions](https://masterminds.github.io/sprig/). This is useful for passing Talos information to Kubernetes workloads, such as [system-upgrade-controller](https://github.com/rancher/system-upgrade-controller) plans.
+
+To upgrade Talos on a node, the upgrade controller needs the name of the installer image, which is generated by talhelper. This can be added to node annotations as follows:
+
+```yaml
+---
+nodes:
+  - hostname: my-node
+    nodeAnnotations:
+      installerImage: '{{ .MachineConfig.MachineInstall.InstallImage }}'
+```
+
+This can then be queried at upgrade time to determine what image to use:
+
+```yaml
+---
+apiVersion: upgrade.cattle.io/v1
+kind: Plan
+metadata:
+  name: talos-upgrade
+spec:
+  serviceAccountName: system-upgrade-controller
+  version: ${TALOS_VERSION}
+  secrets:
+    - name: talos-credentials
+      path: /var/run/secrets/talos.dev
+  upgrade:
+    image: alpine/k8s:1.31.2
+    envs:
+      - name: NODE_NAME
+        valueFrom:
+          fieldRef:
+            fieldPath: spec.nodeName
+    command:
+      - bash
+    args:
+      - -c
+      - >-
+          INSTALLER_IMAGE="$(
+            kubectl get node "${NODE_NAME}" -o yaml |
+            yq 'metadata.annotations["installerImage"]'
+          )"
+          talosctl -n "${NODE_NAME}" -e "${NODE_NAME}" upgrade
+            "--image=${INSTALLER_IMAGE}:${SYSTEM_UPGRADE_PLAN_LATEST_VERSION}"
+```
+
+A full example is available [here](https://github.com/solidDoWant/infra-mk3/blob/master/cluster/gitops/system-controllers/system-upgrade-controller/plans/talos.yaml).
+
 ## Editing `talconfig.yaml` file
 
 If you're using a text editor with `yaml` LSP support, you can use `talhelper genschema` command to generate a `talconfig.json`.

example/talconfig.yaml

@@ -79,8 +79,14 @@ nodes:
     nodeLabels:
       rack: rack1a
       zone: us-east-1a
+      isSecureBootEnabled: >-
+        {{
+          .MachineConfig.MachineInstall.InstallImage |
+          contains "installer-secureboot"
+        }}
     nodeAnnotations:
       rack: rack1a
+      installerUrl: '{{ .MachineConfig.MachineInstall.InstallImage }}'
     nodeTaints:
       mytaint: mytaints:NoSchedule
     disableSearchDomain: true

go.mod

@@ -3,6 +3,7 @@ module github.com/budimanjojo/talhelper/v3
 go 1.23.2
 
 require (
+	github.com/Masterminds/sprig/v3 v3.3.0
 	github.com/a8m/envsubst v1.4.2
 	github.com/evanphx/json-patch v5.9.0+incompatible
 	github.com/fatih/color v1.18.0
@@ -31,13 +32,16 @@ require (
 	cloud.google.com/go/kms v1.20.0 // indirect
 	cloud.google.com/go/longrunning v0.6.1 // indirect
 	cloud.google.com/go/storage v1.43.0 // indirect
+	dario.cat/mergo v1.0.1 // indirect
 	filippo.io/age v1.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/azkeys v1.1.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.1 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
+	github.com/Masterminds/goutils v1.1.1 // indirect
+	github.com/Masterminds/semver/v3 v3.3.0 // indirect
 	github.com/ProtonMail/go-crypto v1.1.0-beta.0-proton // indirect
 	github.com/antlr4-go/antlr/v4 v4.13.0 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect
@@ -97,6 +101,7 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/hashicorp/vault/api v1.15.0 // indirect
+	github.com/huandu/xstrings v1.5.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/native v1.1.0 // indirect
 	github.com/jsimonetti/rtnetlink/v2 v2.0.2 // indirect
@@ -109,22 +114,26 @@ require (
 	github.com/mdlayher/genetlink v1.3.2 // indirect
 	github.com/mdlayher/netlink v1.7.2 // indirect
 	github.com/mdlayher/socket v0.5.1 // indirect
+	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
+	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/opencontainers/runtime-spec v1.2.0 // indirect
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
+	github.com/shopspring/decimal v1.4.0 // indirect
 	github.com/siderolabs/crypto v0.5.0 // indirect
 	github.com/siderolabs/gen v0.7.0 // indirect
 	github.com/siderolabs/go-blockdevice v0.4.8 // indirect
 	github.com/siderolabs/go-blockdevice/v2 v2.0.2 // indirect
 	github.com/siderolabs/go-pointer v1.0.0 // indirect
 	github.com/siderolabs/protoenc v0.2.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
+	github.com/spf13/cast v1.7.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stoewer/go-strcase v1.3.0 // indirect
 	github.com/urfave/cli v1.22.15 // indirect