From 2d388d39ba89b7d4312b57be9e965c4c8e1f82f6 Mon Sep 17 00:00:00 2001
From: Kjeld Schouten <info@kjeldschouten.nl>
Date: Thu, 24 Oct 2024 11:38:26 +0200
Subject: [PATCH] feat(clustertool): move file changes to talconfig for user
 accessability and enable local kube discovery service

---
 .../embed/generic/base/talos/talconfig.yaml   | 51 +++++++++++++++++++
 clustertool/embed/generic/patches/all.yaml    | 45 +++-------------
 2 files changed, 58 insertions(+), 38 deletions(-)

diff --git a/clustertool/embed/generic/base/talos/talconfig.yaml b/clustertool/embed/generic/base/talos/talconfig.yaml
index 9e1a914ee9a20..a81699c7925cb 100644
--- a/clustertool/embed/generic/base/talos/talconfig.yaml
+++ b/clustertool/embed/generic/base/talos/talconfig.yaml
@@ -6,8 +6,10 @@ kubernetesVersion: v1.31.2
 endpoint: https://${VIP}:6443
 allowSchedulingOnControlPlanes: true
 additionalMachineCertSans:
+    - 127.0.0.1
     - ${VIP}
 additionalApiServerCertSans:
+    - 127.0.0.1
     - ${VIP}
 # Warning: Also used in Cilium CNI values!
 clusterPodNets:
@@ -54,6 +56,31 @@ controlPlane:
                     - siderolabs/util-linux-tools
                     - siderolabs/iscsi-tools
                     - siderolabs/qemu-guest-agent
+    machineFiles:
+    - content: |
+        [plugins."io.containerd.grpc.v1.cri"]
+          enable_unprivileged_ports = true
+          enable_unprivileged_icmp = true
+        [plugins."io.containerd.grpc.v1.cri".containerd]
+          discard_unpacked_layers = false
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          discard_unpacked_layers = false
+      permissions: 0
+      path: /etc/cri/conf.d/20-customization.part
+      op: create
+    - content: |
+        [ NFSMount_Global_Options ]
+        nfsvers=4.2
+        hard=True
+        noatime=True
+        nodiratime=True
+        rsize=131072
+        wsize=131072
+        nconnect=8
+      permissions: 420
+      path: /etc/nfsmount.conf
+      op: overwrite
+
 worker:
     patches:
         - '@./patches/worker.yaml'
@@ -68,3 +95,27 @@ worker:
                     - siderolabs/util-linux-tools
                     - siderolabs/iscsi-tools
                     - siderolabs/qemu-guest-agent
+    machineFiles:
+    - content: |
+        [plugins."io.containerd.grpc.v1.cri"]
+          enable_unprivileged_ports = true
+          enable_unprivileged_icmp = true
+        [plugins."io.containerd.grpc.v1.cri".containerd]
+          discard_unpacked_layers = false
+        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+          discard_unpacked_layers = false
+      permissions: 0
+      path: /etc/cri/conf.d/20-customization.part
+      op: create
+    - content: |
+        [ NFSMount_Global_Options ]
+        nfsvers=4.2
+        hard=True
+        noatime=True
+        nodiratime=True
+        rsize=131072
+        wsize=131072
+        nconnect=8
+      permissions: 420
+      path: /etc/nfsmount.conf
+      op: overwrite
diff --git a/clustertool/embed/generic/patches/all.yaml b/clustertool/embed/generic/patches/all.yaml
index 6e098ffcfa82e..6f2ca0a168a20 100644
--- a/clustertool/embed/generic/patches/all.yaml
+++ b/clustertool/embed/generic/patches/all.yaml
@@ -49,42 +49,11 @@
     fs.inotify.max_user_watches: "524288"
     net.core.rmem_max: "2500000"
     net.core.wmem_max: "2500000"
-
-## TODO: Check how we can have this pass checks
-# - op: add
-#   path: /machine/udev
-#   value:
-#     # Thunderbolt
-#     - ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
-#     # Intel GPU
-#     - SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
-#     # Google Coral USB Accelerator
-#     - SUBSYSTEMS=="usb", ATTRS{idVendor}=="1a6e", ATTRS{idProduct}=="089a", GROUP="20", MODE="0660"
-#     - SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9302", GROUP="20", MODE="0660"
-
-- op: add
-  path: /machine/files
+- op: replace
+  path: /cluster/discovery/registries/kubernetes
+  value:
+    disabled: false
+- op: replace
+  path: /cluster/discovery/registries/service
   value:
-    - content: |-
-        [plugins."io.containerd.grpc.v1.cri"]
-          enable_unprivileged_ports = true
-          enable_unprivileged_icmp = true
-        [plugins."io.containerd.grpc.v1.cri".containerd]
-          discard_unpacked_layers = false
-        [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
-          discard_unpacked_layers = false
-      permissions: 0
-      path: /etc/cri/conf.d/20-customization.part
-      op: create
-    - content: |-
-        [ NFSMount_Global_Options ]
-        nfsvers=4.2
-        hard=True
-        noatime=True
-        nodiratime=True
-        rsize=131072
-        wsize=131072
-        nconnect=8
-      permissions: 420
-      path: /etc/nfsmount.conf
-      op: overwrite
+    disabled: false