feat: Add IPAM integration

- Added RBAC rules
- Fixed reconcile

Signed-off-by: appkins <[email protected]>

Author: appkins

.goreleaser.yaml

@@ -2,7 +2,7 @@ version: 2
 
 env:
   - REGISTRY={{ if index .Env "REGISTRY"  }}{{ .Env.REGISTRY }}{{ else }}ghcr.io{{ end }}
-  - IMAGE_NAME={{ if index .Env "IMAGE_NAME"  }}{{ .Env.IMAGE_NAME }}{{ else }}{{.GitURL | trimprefix "https://" | trimprefix "github.com/" | trimsuffix ".git"}}{{ end }}
+  - IMAGE_NAME={{ if index .Env "IMAGE_NAME"  }}{{ .Env.IMAGE_NAME }}{{ else }}{{.GitURL | trimprefix "https://" | trimprefix "git@" | trimprefix "github.com" | trimprefix ":" | trimprefix "/" | trimsuffix ".git"}}{{ end }}
   - BINARY=capt
   - IS_RELEASE={{ if index .Env "IS_RELEASE" }}{{ .Env.IS_RELEASE }}{{ else }}true{{ end }}
 
@@ -60,4 +60,4 @@ kos:
     creation_time: "{{.CommitTimestamp}}"
     ko_data_creation_time: "{{.CommitTimestamp}}"
     sbom: none
-    local_domain: ghcr.io/tinkerbell-community/cluster-api-provider-tinkerbell
+    disable: "{{ .IsSnapshot }}"

config/rbac/role.yaml

@@ -54,6 +54,34 @@ rules:
   - get
   - patch
   - update
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddressclaims
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddressclaims/status
+  verbs:
+  - get
+  - patch
+  - update
+- apiGroups:
+  - ipam.cluster.x-k8s.io
+  resources:
+  - ipaddresses
+  verbs:
+  - get
+  - list
+  - watch
 - apiGroups:
   - tinkerbell.org
   resources:

controller/machine/hardware.go

@@ -2,6 +2,7 @@ package machine
 
 import (
 	"fmt"
+	"maps"
 	"sort"
 	"strings"
 
@@ -84,9 +85,7 @@ func (scope *machineReconcileScope) patchHardwareAnnotations(hw *tinkv1.Hardware
 		hw.Annotations = map[string]string{}
 	}
 
-	for k, v := range annotations {
-		hw.Annotations[k] = v
-	}
+	maps.Copy(hw.Annotations, annotations)
 
 	if err := patchHelper.Patch(scope.ctx, hw); err != nil {
 		return fmt.Errorf("patching Hardware object: %w", err)
@@ -152,6 +151,14 @@ func (scope *machineReconcileScope) ensureHardware() (*tinkv1.Hardware, error) {
 		return nil, fmt.Errorf("ensuring Hardware user data: %w", err)
 	}
 
+	// Check if IPAM pool is configured and handle IP allocation
+	poolRef := scope.getIPAMPoolRef()
+	if poolRef != nil {
+		if err := scope.reconcileIPAM(hw, poolRef); err != nil {
+			return hw, fmt.Errorf("failed to reconcile IPAM: %w", err)
+		}
+	}
+
 	return hw, scope.setStatus(hw)
 }
 

controller/machine/tinkerbellmachine.go

@@ -56,6 +56,9 @@ type TinkerbellMachineReconciler struct {
 // +kubebuilder:rbac:groups=tinkerbell.org,resources=templates;templates/status,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=tinkerbell.org,resources=workflows;workflows/status,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups=bmc.tinkerbell.org,resources=jobs,verbs=get;list;watch;create
+// +kubebuilder:rbac:groups=ipam.cluster.x-k8s.io,resources=ipaddressclaims,verbs=get;list;watch;create;update;patch;delete
+// +kubebuilder:rbac:groups=ipam.cluster.x-k8s.io,resources=ipaddressclaims/status,verbs=get;update;patch
+// +kubebuilder:rbac:groups=ipam.cluster.x-k8s.io,resources=ipaddresses,verbs=get;list;watch
 
 // Reconcile ensures that all Tinkerbell machines are aligned with a given spec.
 //