feat: implement client wrapper around discovery service API

Fixes #6

This wrapper handles protobuf marshaling, encryption, etc. on the client
data so that service doesn't have a way to see the data.

Client handles data refresh on TTL, updates, discovery of other
affiliates, etc.

Signed-off-by: Andrey Smirnov <andrey.smirnov@talos-systems.com>

.kres.yaml

@@ -6,8 +6,10 @@ spec:
     - source: https://raw.githubusercontent.com/protocolbuffers/protobuf/master/src/google/protobuf/duration.proto
       subdirectory: vendor/google
       skipCompile: true
-    - source: api/v1alpha1/cluster.proto
-      subdirectory: v1alpha1/pb
+    - source: api/v1alpha1/server/cluster.proto
+      subdirectory: v1alpha1/server/pb
+    - source: api/v1alpha1/client/affiliate.proto
+      subdirectory: v1alpha1/client/pb
 ---
 kind: service.CodeCov
 spec:

Dockerfile

@@ -2,7 +2,7 @@
 
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2021-09-22T18:49:05Z by kres 2a27963-dirty.
+# Generated on 2021-09-23T16:56:44Z by kres 2a27963-dirty.
 
 ARG TOOLCHAIN
 
@@ -22,7 +22,8 @@ RUN markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore
 # collects proto specs
 FROM scratch AS proto-specs
 ADD https://raw.githubusercontent.com/protocolbuffers/protobuf/master/src/google/protobuf/duration.proto /api/vendor/google/
-ADD api/v1alpha1/cluster.proto /api/v1alpha1/pb/
+ADD api/v1alpha1/server/cluster.proto /api/v1alpha1/server/pb/
+ADD api/v1alpha1/client/affiliate.proto /api/v1alpha1/client/pb/
 
 # base toolchain image
 FROM ${TOOLCHAIN} AS toolchain
@@ -66,8 +67,10 @@ RUN --mount=type=cache,target=/go/pkg go list -mod=readonly all >/dev/null
 # runs protobuf compiler
 FROM tools AS proto-compile
 COPY --from=proto-specs / /
-RUN protoc -I/api --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size /api/v1alpha1/pb/cluster.proto
-RUN rm /api/v1alpha1/pb/cluster.proto
+RUN protoc -I/api --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size /api/v1alpha1/server/pb/cluster.proto
+RUN protoc -I/api --go_out=paths=source_relative:/api --go-grpc_out=paths=source_relative:/api --go-vtproto_out=paths=source_relative:/api --go-vtproto_opt=features=marshal+unmarshal+size /api/v1alpha1/client/pb/affiliate.proto
+RUN rm /api/v1alpha1/server/pb/cluster.proto
+RUN rm /api/v1alpha1/client/pb/affiliate.proto
 
 # runs gofumpt
 FROM base AS lint-gofumpt

api/v1alpha1/client/affiliate.proto

@@ -0,0 +1,42 @@
+syntax = "proto3";
+
+package sidero.discovery.client;
+
+option go_package = "github.com/talos-systems/api/v1alpha1/client/pb";
+
+// Affiliate protobuf spec, as seen internally in the client code.
+//
+// Discovery service recieves Affiliate marshaled to protobuf and encrypted.
+message Affiliate {
+    string node_id = 1;
+    // IPs are encoded using binary marshaling.
+    repeated bytes addresses = 2;
+    string hostname = 3;
+    string nodename = 4;
+    string machine_type = 5;
+    string operating_system = 6;
+    optional KubeSpan kubespan = 7;
+}
+
+// KubeSpan optional configuration.
+message KubeSpan {
+    string public_key = 1;
+    bytes address = 2;
+    repeated IPPrefix additional_addresses = 3;
+}
+
+// IPPrefix contains CIDR.
+message IPPrefix {
+    // IPs are encoded using binary marshaling.
+    bytes ip = 1;
+    uint32 bits = 2;
+}
+
+// Endpoint for the Affiliate KubeSpan spec as seen internally in the client code.
+//
+// Discovery service receives Affiliate marshaled to protobuf and encrypted.
+message Endpoint {
+    // IPs are encoded using binary marshaling.
+    bytes ip = 1;
+    uint32 port = 2;
+}