feat: run embedded discovery service in Omni

Run a discovery service instance inside Omni, which can be disabled but is enabled by default. When enabled, it will listen only on the SideroLink interface on port 8093. When enabled, all new clusters will by default have the feature enabled, which means they will use the embedded discovery service instead of the public one.

Existing clusters will have the feature disabled until it is enabled for them explicitly.

Closes #20.

Signed-off-by: Utku Ozdemir <[email protected]>

Author: utkuozdemir

client/api/omni/specs/omni.pb.go

@@ -215,6 +215,10 @@ message ClusterSpec {
     bool enable_workload_proxy = 1;
     // DiskEncryption enables disk encryption on all nodes.
     bool disk_encryption = 2;
+    // UseEmbeddedDiscoveryService enables the use of the Omni's embedded discovery service instead of the public one.
+    //
+    // If the discovery service feature is disabled in the machine config, this field is ignored.
+    bool use_embedded_discovery_service = 3;
   }
 
   // InstallImage the installer image to use.

client/api/omni/specs/omni.proto

@@ -26,7 +26,7 @@ import (
 const KindCluster = "Cluster"
 
 // Cluster is a top-level template object.
-type Cluster struct { //nolint:govet
+type Cluster struct {
 	Meta             `yaml:",inline"`
 	SystemExtensions `yaml:",inline"`
 
@@ -50,11 +50,15 @@ type Cluster struct { //nolint:govet
 }
 
 // Features defines cluster-wide features.
-type Features struct {
+type Features struct { //nolint:govet
 	// DiskEncryption enables KMS encryption.
 	DiskEncryption bool `yaml:"diskEncryption,omitempty"`
 	// EnableWorkloadProxy enables workload proxy.
 	EnableWorkloadProxy bool `yaml:"enableWorkloadProxy,omitempty"`
+	// UseEmbeddedDiscoveryService enables the use of embedded discovery service.
+	//
+	// Defaults to true when not set.
+	UseEmbeddedDiscoveryService *bool `yaml:"useEmbeddedDiscoveryService,omitempty"`
 	// BackupConfiguration contains backup configuration settings.
 	BackupConfiguration BackupConfiguration `yaml:"backupConfiguration,omitempty"`
 }
@@ -155,7 +159,8 @@ func (cluster *Cluster) Translate(ctx TranslateContext) ([]resource.Resource, er
 	cluster.Descriptors.Apply(clusterResource)
 
 	clusterResource.TypedSpec().Value.Features = &specs.ClusterSpec_Features{
-		EnableWorkloadProxy: cluster.Features.EnableWorkloadProxy,
+		EnableWorkloadProxy:         cluster.Features.EnableWorkloadProxy,
+		UseEmbeddedDiscoveryService: cluster.Features.UseEmbeddedDiscoveryService == nil || *cluster.Features.UseEmbeddedDiscoveryService,
 	}
 
 	clusterResource.TypedSpec().Value.KubernetesVersion = strings.TrimLeft(cluster.Kubernetes.Version, "v")

client/api/omni/specs/omni_vtproto.pb.go

@@ -322,6 +322,12 @@ func transformClusterToModel(cluster *omni.Cluster, patches []*omni.ConfigPatch)
 		return models.Cluster{}, err
 	}
 
+	var useEmbeddedDiscoveryService *bool
+
+	if !spec.GetFeatures().GetUseEmbeddedDiscoveryService() {
+		useEmbeddedDiscoveryService = pointer.To(false)
+	}
+
 	return models.Cluster{
 		Meta: models.Meta{
 			Kind: models.KindCluster,
@@ -335,8 +341,9 @@ func transformClusterToModel(cluster *omni.Cluster, patches []*omni.ConfigPatch)
 			Version: "v" + spec.GetTalosVersion(),
 		},
 		Features: models.Features{
-			DiskEncryption:      spec.GetFeatures().GetDiskEncryption(),
-			EnableWorkloadProxy: spec.GetFeatures().GetEnableWorkloadProxy(),
+			DiskEncryption:              spec.GetFeatures().GetDiskEncryption(),
+			EnableWorkloadProxy:         spec.GetFeatures().GetEnableWorkloadProxy(),
+			UseEmbeddedDiscoveryService: useEmbeddedDiscoveryService,
 			BackupConfiguration: models.BackupConfiguration{
 				Interval: backupIntervalDuration,
 			},

client/pkg/template/internal/models/cluster.go

@@ -25,6 +25,7 @@ spec:
   features:
     enableworkloadproxy: true
     diskencryption: true
+    useembeddeddiscoveryservice: true
   backupconfiguration:
     interval:
       seconds: 7200

client/pkg/template/operations/export.go

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: false
         diskencryption: false
+        useembeddeddiscoveryservice: true
     backupconfiguration: null
 ---
 metadata:

client/pkg/template/operations/testdata/export/cluster-resources.yaml

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: false
         diskencryption: true
+        useembeddeddiscoveryservice: false
     backupconfiguration: null
 ---
 metadata:

client/pkg/template/testdata/cluster-valid-bootstrapspec-resources.yaml

@@ -6,6 +6,7 @@ talos:
   version: v1.3.0
 features:
   diskEncryption: true
+  useEmbeddedDiscoveryService: false
 patches:
   - file: patches/my-cluster-patch.yaml
   - file: ../testdata/patches/my-registry-mirrors.yaml

client/pkg/template/testdata/cluster1-resources.yaml

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: true
         diskencryption: false
+        useembeddeddiscoveryservice: true
     backupconfiguration: null
 ---
 metadata: