feat: run embedded discovery service in Omni

Run a discovery service instance inside Omni, which can be disabled but is enabled by default. When enabled, it will listen only on the SideroLink interface on port 9093. When enabled, all new clusters will use the embedded discovery service instead of the public one.

Existing clusters will remain unaffected by this change.

Closes #20.

Signed-off-by: Utku Ozdemir <[email protected]>

client/api/omni/specs/omni.proto

@@ -215,6 +215,10 @@ message ClusterSpec {
     bool enable_workload_proxy = 1;
     // DiskEncryption enables disk encryption on all nodes.
     bool disk_encryption = 2;
+    // UseEmbeddedDiscoveryService enables the use of the Omni's embedded discovery service instead of the public one.
+    //
+    // If the discovery service feature is disabled in the machine config, this field is ignored.
+    bool use_embedded_discovery_service = 3;
   }
 
   // InstallImage the installer image to use.

client/pkg/template/internal/models/cluster.go

@@ -26,7 +26,7 @@ import (
 const KindCluster = "Cluster"
 
 // Cluster is a top-level template object.
-type Cluster struct { //nolint:govet
+type Cluster struct {
 	Meta             `yaml:",inline"`
 	SystemExtensions `yaml:",inline"`
 
@@ -50,11 +50,15 @@ type Cluster struct { //nolint:govet
 }
 
 // Features defines cluster-wide features.
-type Features struct {
+type Features struct { //nolint:govet
 	// DiskEncryption enables KMS encryption.
 	DiskEncryption bool `yaml:"diskEncryption,omitempty"`
 	// EnableWorkloadProxy enables workload proxy.
 	EnableWorkloadProxy bool `yaml:"enableWorkloadProxy,omitempty"`
+	// UseEmbeddedDiscoveryService enables the use of embedded discovery service.
+	//
+	// Defaults to true when not set.
+	UseEmbeddedDiscoveryService *bool `yaml:"useEmbeddedDiscoveryService,omitempty"`
 	// BackupConfiguration contains backup configuration settings.
 	BackupConfiguration BackupConfiguration `yaml:"backupConfiguration,omitempty"`
 }
@@ -155,7 +159,8 @@ func (cluster *Cluster) Translate(ctx TranslateContext) ([]resource.Resource, er
 	cluster.Descriptors.Apply(clusterResource)
 
 	clusterResource.TypedSpec().Value.Features = &specs.ClusterSpec_Features{
-		EnableWorkloadProxy: cluster.Features.EnableWorkloadProxy,
+		EnableWorkloadProxy:         cluster.Features.EnableWorkloadProxy,
+		UseEmbeddedDiscoveryService: cluster.Features.UseEmbeddedDiscoveryService == nil || *cluster.Features.UseEmbeddedDiscoveryService,
 	}
 
 	clusterResource.TypedSpec().Value.KubernetesVersion = strings.TrimLeft(cluster.Kubernetes.Version, "v")

client/pkg/template/operations/export.go

@@ -322,6 +322,12 @@ func transformClusterToModel(cluster *omni.Cluster, patches []*omni.ConfigPatch)
 		return models.Cluster{}, err
 	}
 
+	var useEmbeddedDiscoveryService *bool
+
+	if !spec.GetFeatures().GetUseEmbeddedDiscoveryService() {
+		useEmbeddedDiscoveryService = pointer.To(false)
+	}
+
 	return models.Cluster{
 		Meta: models.Meta{
 			Kind: models.KindCluster,
@@ -335,8 +341,9 @@ func transformClusterToModel(cluster *omni.Cluster, patches []*omni.ConfigPatch)
 			Version: "v" + spec.GetTalosVersion(),
 		},
 		Features: models.Features{
-			DiskEncryption:      spec.GetFeatures().GetDiskEncryption(),
-			EnableWorkloadProxy: spec.GetFeatures().GetEnableWorkloadProxy(),
+			DiskEncryption:              spec.GetFeatures().GetDiskEncryption(),
+			EnableWorkloadProxy:         spec.GetFeatures().GetEnableWorkloadProxy(),
+			UseEmbeddedDiscoveryService: useEmbeddedDiscoveryService,
 			BackupConfiguration: models.BackupConfiguration{
 				Interval: backupIntervalDuration,
 			},

client/pkg/template/operations/testdata/export/cluster-resources.yaml

@@ -25,6 +25,7 @@ spec:
   features:
     enableworkloadproxy: true
     diskencryption: true
+    useembeddeddiscoveryservice: true
   backupconfiguration:
     interval:
       seconds: 7200

client/pkg/template/testdata/cluster-valid-bootstrapspec-resources.yaml

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: false
         diskencryption: false
+        useembeddeddiscoveryservice: true
     backupconfiguration: null
 ---
 metadata:

client/pkg/template/testdata/cluster1-resources.yaml

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: false
         diskencryption: true
+        useembeddeddiscoveryservice: false
     backupconfiguration: null
 ---
 metadata:

client/pkg/template/testdata/cluster1.yaml

@@ -6,6 +6,7 @@ talos:
   version: v1.3.0
 features:
   diskEncryption: true
+  useEmbeddedDiscoveryService: false
 patches:
   - file: patches/my-cluster-patch.yaml
   - file: ../testdata/patches/my-registry-mirrors.yaml

client/pkg/template/testdata/cluster2-resources.yaml

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: true
         diskencryption: false
+        useembeddeddiscoveryservice: true
     backupconfiguration: null
 ---
 metadata:

client/pkg/template/testdata/cluster3-resources.yaml

@@ -16,6 +16,7 @@ spec:
     features:
         enableworkloadproxy: false
         diskencryption: false
+        useembeddeddiscoveryservice: true
     backupconfiguration: null
 ---
 metadata:

cmd/omni/main.go

@@ -429,4 +429,17 @@ func init() {
 		config.Config.DisableControllerRuntimeCache,
 		"disable watch-based cache for controller-runtime (affects performance)",
 	)
+
+	rootCmd.Flags().BoolVar(
+		&config.Config.EmbeddedDiscoveryService.Enabled,
+		"embedded-discovery-service-enabled",
+		config.Config.EmbeddedDiscoveryService.Enabled,
+		"enable embedded discovery service, binds only to the siderolink wireguard address",
+	)
+	rootCmd.Flags().IntVar(
+		&config.Config.EmbeddedDiscoveryService.Port,
+		"embedded-discovery-service-endpoint",
+		config.Config.EmbeddedDiscoveryService.Port,
+		"embedded discovery service port to listen on",
+	)
 }

frontend/src/api/omni/specs/omni.pb.ts

@@ -219,6 +219,7 @@ export type TalosConfigSpec = {
 export type ClusterSpecFeatures = {
   enable_workload_proxy?: boolean
   disk_encryption?: boolean
+  use_embedded_discovery_service?: boolean
 }
 
 export type ClusterSpec = {

frontend/src/methods/cluster.ts

@@ -439,6 +439,22 @@ export const setClusterWorkloadProxy = async (clusterID: string, enabled: boolea
   await ResourceService.Update(resource, resource.metadata.version, withRuntime(Runtime.Omni));
 };
 
+export const setUseEmbeddedDiscoveryService = async (clusterID: string, enabled: boolean) => {
+  const resource: ResourceTyped<ClusterSpec> = await ResourceService.Get({
+    type: ClusterType,
+    namespace: DefaultNamespace,
+    id: clusterID
+  }, withRuntime(Runtime.Omni));
+
+  if (!resource.spec.features) {
+    resource.spec.features = {}
+  }
+
+  resource.spec.features.use_embedded_discovery_service = enabled;
+
+  await ResourceService.Update(resource, resource.metadata.version, withRuntime(Runtime.Omni));
+};
+
 export const setClusterEtcdBackupsConfig = async (clusterID: string, spec: ClusterSpec) => {
   const resource: ResourceTyped<ClusterSpec> = await ResourceService.Get({
     type: ClusterType,

frontend/src/states/cluster-management/index.ts

@@ -100,6 +100,7 @@ export type Cluster = {
   features: {
     encryptDisks?: boolean
     enableWorkloadProxy?: boolean
+    useEmbeddedDiscoveryService?: boolean;
   }
   etcdBackupConfig?: EtcdBackupConf,
   patches: Record<string, ConfigPatch>
@@ -119,7 +120,9 @@ export class State {
     talosVersion: DefaultTalosVersion,
     kubernetesVersion: DefaultKubernetesVersion,
     patches: {},
-    features: {},
+    features: {
+      useEmbeddedDiscoveryService: true,
+    },
   };
 
   public index: number = 1;
@@ -289,6 +292,13 @@ export class State {
       }
     }
 
+    if (this.cluster.features.useEmbeddedDiscoveryService) {
+      cluster.spec.features = {
+        ...cluster.spec.features,
+        use_embedded_discovery_service: this.cluster.features?.useEmbeddedDiscoveryService,
+      }
+    }
+
     if (this.cluster.features.encryptDisks) {
       cluster.spec.features = {
         ...cluster.spec.features,

frontend/src/views/cluster/Overview/components/OverviewContent.vue

@@ -157,6 +157,8 @@ included in the LICENSE file.
             </div>
             <div class="flex flex-col gap-2">
               <cluster-workload-proxying-checkbox :checked="enableWorkloadProxy" @click="setClusterWorkloadProxy(context.cluster, !enableWorkloadProxy)" :disabled="!canManageClusterFeatures"/>
+              <embedded-discovery-service-checkbox :checked="useEmbeddedDiscoveryService" @click="setUseEmbeddedDiscoveryService(context.cluster, !useEmbeddedDiscoveryService)"
+                  :disabled="!canManageClusterFeatures"/>
               <cluster-etcd-backup-checkbox :backup-status="backupStatus" @update:cluster="(spec) => setClusterEtcdBackupsConfig(context.cluster, spec)" :cluster="currentCluster.spec"/>
             </div>
           </div>
@@ -198,7 +200,7 @@ import {
   revertKubernetesUpgrade,
   revertTalosUpgrade,
   setClusterWorkloadProxy,
-  setClusterEtcdBackupsConfig,
+  setClusterEtcdBackupsConfig, setUseEmbeddedDiscoveryService,
 } from "@/methods/cluster";
 import {
   ClusterSpec,
@@ -221,6 +223,7 @@ import { setupClusterPermissions } from "@/methods/auth";
 import { setupWorkloadProxyingEnabledFeatureWatch } from "@/methods/features";
 import ClusterWorkloadProxyingCheckbox from "@/views/omni/Clusters/ClusterWorkloadProxyingCheckbox.vue";
 import ClusterEtcdBackupCheckbox from "@/views/omni/Clusters/ClusterEtcdBackupCheckbox.vue";
+import EmbeddedDiscoveryServiceCheckbox from "@/views/omni/Clusters/EmbeddedDiscoveryServiceCheckbox.vue";
 
 type Props = {
   currentCluster: Resource<ClusterSpec>,
@@ -230,9 +233,11 @@ const props = defineProps<Props>()
 const { currentCluster } = toRefs(props);
 
 const enableWorkloadProxy = ref(currentCluster.value.spec.features?.enable_workload_proxy || false);
+const useEmbeddedDiscoveryService = ref(currentCluster.value.spec.features?.use_embedded_discovery_service || false);
 
 watch(currentCluster, (cluster) => {
   enableWorkloadProxy.value = cluster.spec.features?.enable_workload_proxy || false;
+  useEmbeddedDiscoveryService.value = cluster.spec.features?.use_embedded_discovery_service || false;
 });
 
 const { status: backupStatus } = setupBackupStatus();

frontend/src/views/omni/Clusters/EmbeddedDiscoveryServiceCheckbox.vue

@@ -0,0 +1,30 @@
+<!--
+Copyright (c) 2024 Sidero Labs, Inc.
+
+Use of this software is governed by the Business Source License
+included in the LICENSE file.
+-->
+<template>
+  <tooltip placement="bottom">
+    <template #description>
+      <div class="flex flex-col gap-1 p-2">
+        <p>Configure the cluster to use the discovery service embedded in Omni instead of the public one.</p>
+        <p>This will only take effect when:</p>
+        <p>- Omni has the embedded discovery service enabled.</p>
+        <p>- Cluster is on a Talos version which supports connecting to the embedded discovery service (>= v1.5.0).</p>
+      </div>
+    </template>
+    <t-checkbox :checked="checked" label="Use Embedded Discovery Service"/>
+  </tooltip>
+</template>
+
+<script setup lang="ts">
+import TCheckbox from "@/components/common/Checkbox/TCheckbox.vue";
+import Tooltip from "@/components/common/Tooltip/Tooltip.vue";
+
+type Props = {
+  checked?: boolean;
+};
+
+defineProps<Props>();
+</script>

frontend/src/views/omni/Clusters/Management/ClusterCreate.vue

@@ -56,6 +56,7 @@ included in the LICENSE file.
           <t-checkbox :checked="state.cluster.features?.encryptDisks" label="Encrypt Disks" @click="state.cluster.features.encryptDisks = !state.cluster.features.encryptDisks && supportsEncryption" :disabled="!supportsEncryption"/>
         </tooltip>
         <cluster-workload-proxying-checkbox :checked="state.cluster.features.enableWorkloadProxy" @click="() => (state.cluster.features.enableWorkloadProxy = !state.cluster.features.enableWorkloadProxy)" class="h-8"/>
+        <embedded-discovery-service-checkbox :checked="state.cluster.features.useEmbeddedDiscoveryService" @click="() => (state.cluster.features.useEmbeddedDiscoveryService = !state.cluster.features.useEmbeddedDiscoveryService)" class="h-8"/>
         <cluster-etcd-backup-checkbox :backup-status="backupStatus" @update:cluster="(spec) => {
           state.cluster.etcdBackupConfig = spec.backup_configuration
         }" :cluster="{
@@ -169,6 +170,7 @@ import UntaintSingleNode from "@/views/omni/Modals/UntaintSingleNode.vue";
 import MachineSets from "./MachineSets.vue";
 import { initState, PatchID } from "@/states/cluster-management";
 import { setupBackupStatus } from "@/methods";
+import EmbeddedDiscoveryServiceCheckbox from "@/views/omni/Clusters/EmbeddedDiscoveryServiceCheckbox.vue";
 
 const labelContainer: Ref<Resource> = computed(() => {
   return {