feat: implement image cache configuration

Implement a feature flag, a resource which controls the flow.

This controls the volume configuration, mounting, etc.

Fixes #9767

Signed-off-by: Andrey Smirnov <[email protected]>

Author: smira

api/resource/definitions/cri/cri.proto

@@ -6,6 +6,13 @@ option go_package = "github.com/siderolabs/talos/pkg/machinery/api/resource/defi
 option java_package = "dev.talos.api.resource.definitions.cri";
 
 import "google/protobuf/struct.proto";
+import "resource/definitions/enums/enums.proto";
+
+// ImageCacheConfigSpec represents the ImageCacheConfig.
+message ImageCacheConfigSpec {
+  talos.resource.definitions.enums.CriImageCacheStatus status = 1;
+  repeated string roots = 2;
+}
 
 // SeccompProfileSpec represents the SeccompProfile.
 message SeccompProfileSpec {

api/resource/definitions/enums/enums.proto

@@ -396,6 +396,14 @@ enum BlockVolumeType {
   VOLUME_TYPE_TMPFS = 2;
 }
 
+// CriImageCacheStatus describes image cache status type.
+enum CriImageCacheStatus {
+  IMAGE_CACHE_STATUS_UNKNOWN = 0;
+  IMAGE_CACHE_STATUS_DISABLED = 1;
+  IMAGE_CACHE_STATUS_PREPARING = 2;
+  IMAGE_CACHE_STATUS_READY = 3;
+}
+
 // KubespanPeerState is KubeSpan peer current state.
 enum KubespanPeerState {
   PEER_STATE_UNKNOWN = 0;

go.mod

@@ -88,6 +88,7 @@ require (
 	github.com/godbus/dbus/v5 v5.1.0
 	github.com/golang/mock v1.6.0
 	github.com/google/cadvisor v0.51.0
+	github.com/google/cel-go v0.22.0
 	github.com/google/go-containerregistry v0.20.2
 	github.com/google/go-tpm v0.9.1
 	github.com/google/nftables v0.2.0
@@ -140,7 +141,7 @@ require (
 	github.com/siderolabs/gen v0.7.0
 	github.com/siderolabs/go-api-signature v0.3.6
 	github.com/siderolabs/go-blockdevice v0.4.8
-	github.com/siderolabs/go-blockdevice/v2 v2.0.5
+	github.com/siderolabs/go-blockdevice/v2 v2.0.6
 	github.com/siderolabs/go-circular v0.2.1
 	github.com/siderolabs/go-cmd v0.1.3
 	github.com/siderolabs/go-copy v0.1.0
@@ -160,7 +161,6 @@ require (
 	github.com/siderolabs/kms-client v0.1.0
 	github.com/siderolabs/net v0.4.0
 	github.com/siderolabs/proto-codec v0.1.1
-	github.com/siderolabs/protoenc v0.2.1 // indirect
 	github.com/siderolabs/siderolink v0.3.11
 	github.com/siderolabs/talos/pkg/machinery v1.9.0-alpha.2
 	github.com/spf13/cobra v1.8.1
@@ -177,7 +177,6 @@ require (
 	go.etcd.io/etcd/etcdutl/v3 v3.5.17
 	go.uber.org/zap v1.27.0
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/net v0.31.0
 	golang.org/x/oauth2 v0.24.0
 	golang.org/x/sync v0.9.0
@@ -267,7 +266,6 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/google/btree v1.1.2 // indirect
-	github.com/google/cel-go v0.22.0 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
@@ -328,6 +326,7 @@ require (
 	github.com/prometheus/common v0.55.0 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
+	github.com/siderolabs/protoenc v0.2.1 // indirect
 	github.com/siderolabs/tcpproxy v0.1.0 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
@@ -353,6 +352,7 @@ require (
 	go.opentelemetry.io/otel/trace v1.31.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.29.0 // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
 	golang.org/x/mod v0.21.0 // indirect
 	golang.org/x/tools v0.26.0 // indirect
 	golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect

go.sum

@@ -648,8 +648,8 @@ github.com/siderolabs/go-api-signature v0.3.6 h1:wDIsXbpl7Oa/FXvxB6uz4VL9INA9fmr
 github.com/siderolabs/go-api-signature v0.3.6/go.mod h1:hoH13AfunHflxbXfh+NoploqV13ZTDfQ1mQJWNVSW9U=
 github.com/siderolabs/go-blockdevice v0.4.8 h1:KfdWvIx0Jft5YVuCsFIJFwjWEF1oqtzkgX9PeU9cX4c=
 github.com/siderolabs/go-blockdevice v0.4.8/go.mod h1:4PeOuk71pReJj1JQEXDE7kIIQJPVe8a+HZQa+qjxSEA=
-github.com/siderolabs/go-blockdevice/v2 v2.0.5 h1:VLmIdDB/1P30Inrpe94FQAz4WUpByGwun5ZeTekxIQc=
-github.com/siderolabs/go-blockdevice/v2 v2.0.5/go.mod h1:74htzCV913UzaLZ4H+NBXkwWlYnBJIq5m/379ZEcu8w=
+github.com/siderolabs/go-blockdevice/v2 v2.0.6 h1:/NAy3MbNZhjLWo28asZyS/hmf86PEPDMc9i6wIcgbwI=
+github.com/siderolabs/go-blockdevice/v2 v2.0.6/go.mod h1:74htzCV913UzaLZ4H+NBXkwWlYnBJIq5m/379ZEcu8w=
 github.com/siderolabs/go-circular v0.2.1 h1:a++iVCn9jyhICX3POQZZX8n72p2h5JGdGU6w1ulmpcA=
 github.com/siderolabs/go-circular v0.2.1/go.mod h1:ZDItzVyXK+B/XuqTBV5MtQtSv06VI+oCmWGRnNCATo8=
 github.com/siderolabs/go-cmd v0.1.3 h1:JrgZwqhJQeoec3QRON0LK+fv+0y7d0DyY7zsfkO6ciw=

internal/app/machined/pkg/controllers/block/internal/volumes/format.go

@@ -22,7 +22,7 @@ import (
 
 // Format establishes a filesystem on a block device.
 //
-//nolint:gocyclo
+//nolint:gocyclo,cyclop
 func Format(ctx context.Context, logger *zap.Logger, volumeContext ManagerContext) error {
 	// lock either the parent device or the device itself
 	devPath := volumeContext.Status.ParentLocation
@@ -111,6 +111,16 @@ func Format(ctx context.Context, logger *zap.Logger, volumeContext ManagerContex
 		if err = makefs.XFS(volumeContext.Status.MountLocation, makefsOptions...); err != nil {
 			return fmt.Errorf("error formatting XFS: %w", err)
 		}
+	case block.FilesystemTypeEXT4:
+		var makefsOptions []makefs.Option
+
+		if volumeContext.Cfg.TypedSpec().Provisioning.FilesystemSpec.Label != "" {
+			makefsOptions = append(makefsOptions, makefs.WithLabel(volumeContext.Cfg.TypedSpec().Provisioning.FilesystemSpec.Label))
+		}
+
+		if err = makefs.Ext4(volumeContext.Status.MountLocation, makefsOptions...); err != nil {
+			return fmt.Errorf("error formatting ext4: %w", err)
+		}
 	default:
 		return fmt.Errorf("unsupported filesystem type: %s", volumeContext.Cfg.TypedSpec().Provisioning.FilesystemSpec.Type)
 	}
@@ -148,6 +158,14 @@ func GrowFilesystem(logger *zap.Logger, volumeContext ManagerContext) error {
 			return fmt.Errorf("error growing XFS: %w", err)
 		}
 
+		return nil
+	case block.FilesystemTypeEXT4:
+		logger.Info("growing ext4 filesystem", zap.String("device", volumeContext.Status.MountLocation))
+
+		if err := makefs.Ext4Resize(volumeContext.Status.MountLocation); err != nil {
+			return fmt.Errorf("error growing ext4: %w", err)
+		}
+
 		return nil
 	default:
 		return fmt.Errorf("unsupported filesystem type to grow: %s", volumeContext.Cfg.TypedSpec().Provisioning.FilesystemSpec.Type)

internal/app/machined/pkg/controllers/block/volume_config.go

@@ -209,7 +209,7 @@ func (ctrl *VolumeConfigController) Run(ctx context.Context, r controller.Runtim
 
 func (ctrl *VolumeConfigController) manageEphemeral(config cfg.Config) func(vc *block.VolumeConfig) error {
 	return func(vc *block.VolumeConfig) error {
-		extraVolumeConfig := config.Volumes().ByName(constants.EphemeralPartitionLabel)
+		extraVolumeConfig, _ := config.Volumes().ByName(constants.EphemeralPartitionLabel)
 
 		vc.TypedSpec().Type = block.VolumeTypePartition
 

internal/app/machined/pkg/controllers/cri/cri.go

@@ -2,4 +2,5 @@
 // License, v. 2.0. If a copy of the MPL was not distributed with this
 // file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+// Package cri provides CRI related controllers.
 package cri