feat: machineconfig-restore CRD + reconciler + schedule reconcilers (session/25)

api/v1alpha1/etcdbackupschedule_types.go

@@ -0,0 +1,99 @@
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Condition type and reason constants for TalosEtcdBackupSchedule.
+const (
+	// ConditionTypeEtcdBackupScheduleActive indicates the schedule is active.
+	ConditionTypeEtcdBackupScheduleActive = "Active"
+
+	// ReasonEtcdBackupScheduleNextRunPending is set while waiting for the next run.
+	ReasonEtcdBackupScheduleNextRunPending = "NextRunPending"
+
+	// ReasonEtcdBackupScheduleRunning is set while an EtcdMaintenance CR is being created.
+	ReasonEtcdBackupScheduleRunning = "Running"
+
+	// ReasonEtcdBackupScheduleParseError is set when the schedule duration cannot be parsed.
+	ReasonEtcdBackupScheduleParseError = "ParseError"
+)
+
+// TalosEtcdBackupScheduleSpec defines the desired state of TalosEtcdBackupSchedule.
+type TalosEtcdBackupScheduleSpec struct {
+	// ClusterRef references the TalosCluster to back up on schedule.
+	ClusterRef LocalObjectRef `json:"clusterRef"`
+
+	// Schedule is the backup interval as a Go duration string (e.g., "24h", "6h").
+	// The reconciler creates a new EtcdMaintenance CR with operation=backup each time
+	// the interval elapses.
+	Schedule string `json:"schedule"`
+
+	// S3Destination is the S3 location to write etcd snapshots to.
+	S3Destination S3Ref `json:"s3Destination"`
+
+	// EtcdBackupS3SecretRef references a Secret containing S3 backup credentials.
+	// Falls back to seam-etcd-backup-config in seam-system when absent.
+	// platform-schema.md §10.
+	// +optional
+	EtcdBackupS3SecretRef *corev1.SecretReference `json:"etcdBackupS3SecretRef,omitempty"`
+}
+
+// TalosEtcdBackupScheduleStatus defines the observed state of TalosEtcdBackupSchedule.
+type TalosEtcdBackupScheduleStatus struct {
+	// ObservedGeneration is the generation of the spec last reconciled.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// NextRunAt is the time the next EtcdMaintenance CR will be created.
+	// +optional
+	NextRunAt *metav1.Time `json:"nextRunAt,omitempty"`
+
+	// LastRunAt is the time the most recent EtcdMaintenance CR was created.
+	// +optional
+	LastRunAt *metav1.Time `json:"lastRunAt,omitempty"`
+
+	// LastBackupName is the name of the most recently created EtcdMaintenance CR.
+	// +optional
+	LastBackupName string `json:"lastBackupName,omitempty"`
+
+	// Conditions is the list of status conditions.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// TalosEtcdBackupSchedule creates EtcdMaintenance CRs with operation=backup on a
+// repeating interval. The schedule field accepts Go duration strings (e.g. "24h").
+// platform-schema.md §10.
+//
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Namespaced,shortName=etcdbs
+// +kubebuilder:printcolumn:name="Cluster",type=string,JSONPath=".spec.clusterRef.name"
+// +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
+// +kubebuilder:printcolumn:name="NextRun",type=date,JSONPath=".status.nextRunAt"
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=".metadata.creationTimestamp"
+type TalosEtcdBackupSchedule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TalosEtcdBackupScheduleSpec   `json:"spec,omitempty"`
+	Status TalosEtcdBackupScheduleStatus `json:"status,omitempty"`
+}
+
+// TalosEtcdBackupScheduleList is the list type.
+//
+// +kubebuilder:object:root=true
+type TalosEtcdBackupScheduleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []TalosEtcdBackupSchedule `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&TalosEtcdBackupSchedule{}, &TalosEtcdBackupScheduleList{})
+}

api/v1alpha1/machineconfigbackupschedule_types.go

@@ -0,0 +1,99 @@
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// Condition type and reason constants for TalosMachineConfigBackupSchedule.
+const (
+	// ConditionTypeMCBScheduleActive indicates the schedule is active and will create backups.
+	ConditionTypeMCBScheduleActive = "Active"
+
+	// ReasonMCBScheduleNextRunPending is set while waiting for the next scheduled run.
+	ReasonMCBScheduleNextRunPending = "NextRunPending"
+
+	// ReasonMCBScheduleRunning is set while a backup CR is being created.
+	ReasonMCBScheduleRunning = "Running"
+
+	// ReasonMCBScheduleParseError is set when the schedule duration cannot be parsed.
+	ReasonMCBScheduleParseError = "ParseError"
+)
+
+// TalosMachineConfigBackupScheduleSpec defines the desired state of TalosMachineConfigBackupSchedule.
+type TalosMachineConfigBackupScheduleSpec struct {
+	// ClusterRef references the TalosCluster to back up on schedule.
+	ClusterRef LocalObjectRef `json:"clusterRef"`
+
+	// Schedule is the backup interval as a Go duration string (e.g., "24h", "6h", "1h").
+	// The reconciler creates a new TalosMachineConfigBackup CR each time the interval elapses.
+	Schedule string `json:"schedule"`
+
+	// S3Destination is the S3 location to write node machine configs to.
+	// The bucket is required.
+	S3Destination S3Ref `json:"s3Destination"`
+
+	// S3BackupSecretRef references a Secret containing S3 backup credentials.
+	// Falls back to seam-etcd-backup-config in seam-system when absent.
+	// platform-schema.md §10.
+	// +optional
+	S3BackupSecretRef *corev1.SecretReference `json:"s3BackupSecretRef,omitempty"`
+}
+
+// TalosMachineConfigBackupScheduleStatus defines the observed state of TalosMachineConfigBackupSchedule.
+type TalosMachineConfigBackupScheduleStatus struct {
+	// ObservedGeneration is the generation of the spec last reconciled.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// NextRunAt is the time the next backup CR will be created.
+	// +optional
+	NextRunAt *metav1.Time `json:"nextRunAt,omitempty"`
+
+	// LastRunAt is the time the most recent backup CR was created.
+	// +optional
+	LastRunAt *metav1.Time `json:"lastRunAt,omitempty"`
+
+	// LastBackupName is the name of the most recently created TalosMachineConfigBackup CR.
+	// +optional
+	LastBackupName string `json:"lastBackupName,omitempty"`
+
+	// Conditions is the list of status conditions.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// TalosMachineConfigBackupSchedule creates TalosMachineConfigBackup CRs on a repeating
+// interval. The schedule field accepts Go duration strings (e.g. "24h").
+// platform-schema.md §11.
+//
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Namespaced,shortName=mcbs
+// +kubebuilder:printcolumn:name="Cluster",type=string,JSONPath=".spec.clusterRef.name"
+// +kubebuilder:printcolumn:name="Schedule",type=string,JSONPath=".spec.schedule"
+// +kubebuilder:printcolumn:name="NextRun",type=date,JSONPath=".status.nextRunAt"
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=".metadata.creationTimestamp"
+type TalosMachineConfigBackupSchedule struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TalosMachineConfigBackupScheduleSpec   `json:"spec,omitempty"`
+	Status TalosMachineConfigBackupScheduleStatus `json:"status,omitempty"`
+}
+
+// TalosMachineConfigBackupScheduleList is the list type.
+//
+// +kubebuilder:object:root=true
+type TalosMachineConfigBackupScheduleList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []TalosMachineConfigBackupSchedule `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&TalosMachineConfigBackupSchedule{}, &TalosMachineConfigBackupScheduleList{})
+}

api/v1alpha1/machineconfigrestore_types.go

@@ -0,0 +1,134 @@
+package v1alpha1
+
+import (
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/ontai-dev/seam-core/pkg/lineage"
+)
+
+// Condition type and reason constants for TalosMachineConfigRestore.
+const (
+	// ConditionTypeMachineConfigRestoreReady indicates the restore completed successfully.
+	ConditionTypeMachineConfigRestoreReady = "Ready"
+
+	// ConditionTypeMachineConfigRestoreRunning indicates the Conductor Job is running.
+	ConditionTypeMachineConfigRestoreRunning = "Running"
+
+	// ConditionTypeMachineConfigRestoreDegraded indicates the restore failed.
+	ConditionTypeMachineConfigRestoreDegraded = "Degraded"
+
+	// ReasonMachineConfigRestoreJobSubmitted is set when the Conductor executor Job is submitted.
+	ReasonMachineConfigRestoreJobSubmitted = "JobSubmitted"
+
+	// ReasonMachineConfigRestoreJobComplete is set when the Job completed successfully.
+	ReasonMachineConfigRestoreJobComplete = "JobComplete"
+
+	// ReasonMachineConfigRestoreJobFailed is set when the Job failed. INV-018 applies.
+	ReasonMachineConfigRestoreJobFailed = "JobFailed"
+
+	// ReasonMachineConfigRestoreS3Absent indicates no S3 source is configured.
+	ReasonMachineConfigRestoreS3Absent = "S3SourceAbsent"
+
+	// ConditionTypeMachineConfigRestoreS3Absent is the condition type for absent S3 config.
+	ConditionTypeMachineConfigRestoreS3Absent = "S3SourceAbsent"
+)
+
+// TalosMachineConfigRestoreSpec defines the desired state of TalosMachineConfigRestore.
+type TalosMachineConfigRestoreSpec struct {
+	// ClusterRef references the TalosCluster whose nodes will have their machine
+	// config restored.
+	ClusterRef LocalObjectRef `json:"clusterRef"`
+
+	// BackupTimestamp identifies which backup to restore from. Must match the
+	// timestamp component of the S3 path written by a prior machineconfig-backup
+	// operation: {cluster}/machineconfigs/{backupTimestamp}/{hostname}.yaml.
+	// Format: 20060102T150405Z (UTC).
+	BackupTimestamp string `json:"backupTimestamp"`
+
+	// TargetNodes is the optional list of node hostnames to restore. When empty
+	// all nodes in the cluster are restored. When set only the listed hostnames
+	// are restored.
+	// +optional
+	TargetNodes []string `json:"targetNodes,omitempty"`
+
+	// S3SourceBucket is the S3 bucket containing the backup objects. Must match
+	// the bucket used during the original machineconfig-backup operation.
+	S3SourceBucket string `json:"s3SourceBucket"`
+
+	// S3BackupSecretRef references a Secret containing S3 credentials.
+	// Falls back to seam-etcd-backup-config in seam-system when absent.
+	// platform-schema.md §10.
+	// +optional
+	S3BackupSecretRef *corev1.SecretReference `json:"s3BackupSecretRef,omitempty"`
+
+	// Lineage is the sealed causal chain record for this root declaration.
+	// +optional
+	Lineage *lineage.SealedCausalChain `json:"lineage,omitempty"`
+}
+
+// TalosMachineConfigRestoreStatus defines the observed state of TalosMachineConfigRestore.
+type TalosMachineConfigRestoreStatus struct {
+	// ObservedGeneration is the generation of the spec last reconciled.
+	// +optional
+	ObservedGeneration int64 `json:"observedGeneration,omitempty"`
+
+	// Phase is the current phase of the restore operation.
+	// One of: Pending, Running, Succeeded, Failed, PartiallyFailed.
+	// +optional
+	Phase string `json:"phase,omitempty"`
+
+	// JobName is the name of the most recently submitted Conductor executor Job.
+	// +optional
+	JobName string `json:"jobName,omitempty"`
+
+	// OperationResult is the message from the Conductor OperationResult ConfigMap.
+	// +optional
+	OperationResult string `json:"operationResult,omitempty"`
+
+	// RestoredNodes is the list of node hostnames successfully restored.
+	// +optional
+	RestoredNodes []string `json:"restoredNodes,omitempty"`
+
+	// Conditions is the list of status conditions for this TalosMachineConfigRestore.
+	// Condition types: Ready, Running, Degraded, S3SourceAbsent, LineageSynced.
+	// +optional
+	// +listType=map
+	// +listMapKey=type
+	Conditions []metav1.Condition `json:"conditions,omitempty"`
+}
+
+// TalosMachineConfigRestore triggers a machine config restore for target nodes of a
+// cluster. The Conductor executor downloads each node's config from S3 at
+// {cluster}/machineconfigs/{backupTimestamp}/{hostname}.yaml and applies it via
+// ApplyConfiguration. Named Conductor capability: machineconfig-restore.
+// platform-schema.md §11.
+//
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:scope=Namespaced,shortName=mcr
+// +kubebuilder:printcolumn:name="Cluster",type=string,JSONPath=".spec.clusterRef.name"
+// +kubebuilder:printcolumn:name="Timestamp",type=string,JSONPath=".spec.backupTimestamp"
+// +kubebuilder:printcolumn:name="Phase",type=string,JSONPath=".status.phase"
+// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=".metadata.creationTimestamp"
+type TalosMachineConfigRestore struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   TalosMachineConfigRestoreSpec   `json:"spec,omitempty"`
+	Status TalosMachineConfigRestoreStatus `json:"status,omitempty"`
+}
+
+// TalosMachineConfigRestoreList is the list type for TalosMachineConfigRestore.
+//
+// +kubebuilder:object:root=true
+type TalosMachineConfigRestoreList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+
+	Items []TalosMachineConfigRestore `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&TalosMachineConfigRestore{}, &TalosMachineConfigRestoreList{})
+}