feat: implement layering for ProbeSpec

smira · smira · commit 39460365c172 · 2026-01-22T17:49:45.000+04:00
Same as for any other resource - layering per source, and proper merge
across layers, so we can see where it comes from.

Signed-off-by: Andrey Smirnov &lt;andrey.smirnov@siderolabs.com&gt;
diff --git a/hack/release.toml b/hack/release.toml
@@ -160,6 +160,13 @@ For example:
         description = """\
 The nameservers configuration in machine configuration now overwrites any previous layers (defaults, platform, etc.) when specified.
 Previously a smart merge was performed to keep IPv4/IPv6 nameservers from lower layers if the machine configuration specified only one type.
+"""
+
+    [notes.probe_config]
+        title = "ProbeConfig"
+        description = """\
+The TCPProbeConfig configuration document allows to configure TCP probes for network reachability checks.
+This allows to define a custom connectivity condition.
 """
 
 [make_deps]
diff --git a/internal/app/machined/pkg/controllers/network/platform_config_apply.go b/internal/app/machined/pkg/controllers/network/platform_config_apply.go
@@ -378,10 +378,15 @@ func (ctrl *PlatformConfigApplyController) apply(ctx context.Context, r controll
 			idBuilder: func(spec any) (resource.ID, error) {
 				probeSpec := spec.(network.ProbeSpecSpec) //nolint:forcetypeassert
 
-				return probeSpec.ID()
+				id, err := probeSpec.ID()
+				if err != nil {
+					return "", err
+				}
+
+				return network.LayeredID(network.ConfigPlatform, id), nil
 			},
 			resourceBuilder: func(id string) resource.Resource {
-				return network.NewProbeSpec(network.NamespaceName, id)
+				return network.NewProbeSpec(network.ConfigNamespaceName, id)
 			},
 			resourceModifier: func(newSpec any) func(r resource.Resource) error {
 				return func(r resource.Resource) error {
diff --git a/internal/app/machined/pkg/controllers/network/platform_config_apply_test.go b/internal/app/machined/pkg/controllers/network/platform_config_apply_test.go
@@ -248,14 +248,16 @@ func (suite *PlatformConfigApplySuite) TestProbes() {
 	suite.Create(platformConfig)
 
 	ctest.AssertResources(suite, []string{
-		"tcp:example.com:80",
-		"tcp:example.com:443",
+		"platform/tcp:example.com:80",
+		"platform/tcp:example.com:443",
 	}, func(r *network.ProbeSpec, asrt *assert.Assertions) {
 		spec := r.TypedSpec()
 
 		asrt.Equal(time.Second, spec.Interval)
 		asrt.Equal(network.ConfigPlatform, spec.ConfigLayer)
-	})
+	},
+		rtestutils.WithNamespace(network.ConfigNamespaceName),
+	)
 }
 
 func (suite *PlatformConfigApplySuite) TestExternalIPs() {
diff --git a/internal/app/machined/pkg/controllers/network/probe_config.go b/internal/app/machined/pkg/controllers/network/probe_config.go
@@ -81,7 +81,7 @@ func (ctrl *ProbeConfigController) Run(ctx context.Context, r controller.Runtime
 		}
 
 		if err = r.CleanupOutputs(ctx,
-			resource.NewMetadata(network.NamespaceName, network.ProbeSpecType, "", resource.VersionUndefined),
+			resource.NewMetadata(network.ConfigNamespaceName, network.ProbeSpecType, "", resource.VersionUndefined),
 		); err != nil {
 			return fmt.Errorf("error cleaning up outputs: %w", err)
 		}
@@ -100,7 +100,7 @@ func (ctrl *ProbeConfigController) apply(ctx context.Context, r controller.Runti
 		if err := safe.WriterModify(
 			ctx,
 			r,
-			network.NewProbeSpec(network.NamespaceName, id),
+			network.NewProbeSpec(network.ConfigNamespaceName, network.LayeredID(spec.ConfigLayer, id)),
 			func(r *network.ProbeSpec) error {
 				*r.TypedSpec() = spec
 
diff --git a/internal/app/machined/pkg/controllers/network/probe_config_test.go b/internal/app/machined/pkg/controllers/network/probe_config_test.go
@@ -45,15 +45,15 @@ func (suite *ProbeConfigSuite) TestSingleProbe() {
 	ctest.AssertResources(
 		suite,
 		[]string{
-			"tcp:proxy.example.com:3128",
+			"configuration/tcp:proxy.example.com:3128",
 		}, func(r *network.ProbeSpec, asrt *assert.Assertions) {
 			asrt.Equal(time.Second, r.TypedSpec().Interval)
 			asrt.Equal(3, r.TypedSpec().FailureThreshold)
 			asrt.Equal("proxy.example.com:3128", r.TypedSpec().TCP.Endpoint)
 			asrt.Equal(10*time.Second, r.TypedSpec().TCP.Timeout)
 			asrt.Equal(network.ConfigMachineConfiguration, r.TypedSpec().ConfigLayer)
 		},
-		rtestutils.WithNamespace(network.NamespaceName),
+		rtestutils.WithNamespace(network.ConfigNamespaceName),
 	)
 
 	// Update the probe config
@@ -68,17 +68,17 @@ func (suite *ProbeConfigSuite) TestSingleProbe() {
 	ctest.AssertResources(
 		suite,
 		[]string{
-			"tcp:proxy.example.com:3128",
+			"configuration/tcp:proxy.example.com:3128",
 		}, func(r *network.ProbeSpec, asrt *assert.Assertions) {
 			asrt.Equal(5, r.TypedSpec().FailureThreshold)
 		},
-		rtestutils.WithNamespace(network.NamespaceName),
+		rtestutils.WithNamespace(network.ConfigNamespaceName),
 	)
 
 	// Remove the config
 	suite.Destroy(cfg)
 
-	ctest.AssertNoResource[*network.ProbeSpec](suite, "tcp:proxy.example.com:3128", rtestutils.WithNamespace(network.NamespaceName))
+	ctest.AssertNoResource[*network.ProbeSpec](suite, "configuration/tcp:proxy.example.com:3128", rtestutils.WithNamespace(network.ConfigNamespaceName))
 }
 
 func (suite *ProbeConfigSuite) TestMultipleProbes() {
@@ -106,30 +106,30 @@ func (suite *ProbeConfigSuite) TestMultipleProbes() {
 	ctest.AssertResources(
 		suite,
 		[]string{
-			"tcp:proxy.example.com:3128",
+			"configuration/tcp:proxy.example.com:3128",
 		}, func(r *network.ProbeSpec, asrt *assert.Assertions) {
 			asrt.Equal("proxy.example.com:3128", r.TypedSpec().TCP.Endpoint)
 			asrt.Equal(3, r.TypedSpec().FailureThreshold)
 		},
-		rtestutils.WithNamespace(network.NamespaceName),
+		rtestutils.WithNamespace(network.ConfigNamespaceName),
 	)
 
 	ctest.AssertResources(
 		suite,
 		[]string{
-			"tcp:8.8.8.8:53",
+			"configuration/tcp:8.8.8.8:53",
 		}, func(r *network.ProbeSpec, asrt *assert.Assertions) {
 			asrt.Equal("8.8.8.8:53", r.TypedSpec().TCP.Endpoint)
 			asrt.Equal(2, r.TypedSpec().FailureThreshold)
 		},
-		rtestutils.WithNamespace(network.NamespaceName),
+		rtestutils.WithNamespace(network.ConfigNamespaceName),
 	)
 
 	suite.Destroy(cfg)
 
 	// Verify both probes are removed
-	ctest.AssertNoResource[*network.ProbeSpec](suite, "tcp:proxy.example.com:3128", rtestutils.WithNamespace(network.NamespaceName))
-	ctest.AssertNoResource[*network.ProbeSpec](suite, "tcp:8.8.8.8:53", rtestutils.WithNamespace(network.NamespaceName))
+	ctest.AssertNoResource[*network.ProbeSpec](suite, "configuration/tcp:proxy.example.com:3128", rtestutils.WithNamespace(network.ConfigNamespaceName))
+	ctest.AssertNoResource[*network.ProbeSpec](suite, "configuration/tcp:8.8.8.8:53", rtestutils.WithNamespace(network.ConfigNamespaceName))
 }
 
 func TestProbeConfigSuite(t *testing.T) {
diff --git a/internal/app/machined/pkg/controllers/network/probe_merge.go b/internal/app/machined/pkg/controllers/network/probe_merge.go
@@ -0,0 +1,51 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+// Package network provides controllers which manage network resources.
+package network
+
+import (
+	"cmp"
+
+	"github.com/cosi-project/runtime/pkg/controller"
+	"github.com/cosi-project/runtime/pkg/resource"
+	"github.com/cosi-project/runtime/pkg/safe"
+	"go.uber.org/zap"
+
+	"github.com/siderolabs/talos/pkg/machinery/resources/network"
+)
+
+// NewProbeMergeController initializes a ProbeMergeController.
+//
+// ProbeMergeController merges network.ProbeSpec in network.ConfigNamespace and produces final network.ProbeSpec in network.Namespace.
+func NewProbeMergeController() controller.Controller {
+	return GenericMergeController(
+		network.ConfigNamespaceName,
+		network.NamespaceName,
+		func(logger *zap.Logger, list safe.List[*network.ProbeSpec]) map[resource.ID]*network.ProbeSpecSpec {
+			// sort by link name, configuration layer
+			list.SortFunc(func(left, right *network.ProbeSpec) int {
+				return cmp.Compare(left.TypedSpec().ConfigLayer, right.TypedSpec().ConfigLayer)
+			})
+
+			// build final probe definition merging multiple layers
+			probes := make(map[string]*network.ProbeSpecSpec, list.Len())
+
+			for probe := range list.All() {
+				id, err := probe.TypedSpec().ID()
+				if err != nil {
+					logger.Warn("error getting probe ID", zap.Error(err))
+
+					continue
+				}
+
+				// no way to actually have multiple probes with the same ID in different layers,
+				// so we can just merge them one by one
+				probes[id] = probe.TypedSpec()
+			}
+
+			return probes
+		},
+	)
+}
diff --git a/internal/app/machined/pkg/controllers/network/probe_merge_test.go b/internal/app/machined/pkg/controllers/network/probe_merge_test.go
@@ -0,0 +1,89 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package network_test
+
+import (
+	"testing"
+	"time"
+
+	"github.com/cosi-project/runtime/pkg/resource"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/suite"
+
+	"github.com/siderolabs/talos/internal/app/machined/pkg/controllers/ctest"
+	netctrl "github.com/siderolabs/talos/internal/app/machined/pkg/controllers/network"
+	"github.com/siderolabs/talos/pkg/machinery/resources/network"
+)
+
+type ProbeMergeSuite struct {
+	ctest.DefaultSuite
+}
+
+func (suite *ProbeMergeSuite) TestMerge() {
+	p1 := network.NewProbeSpec(network.ConfigNamespaceName, "configuration/tcp:proxy.example.com:3128")
+	*p1.TypedSpec() = network.ProbeSpecSpec{
+		Interval:         time.Second,
+		FailureThreshold: 3,
+		TCP: network.TCPProbeSpec{
+			Endpoint: "proxy.example.com:3128",
+			Timeout:  10 * time.Second,
+		},
+		ConfigLayer: network.ConfigMachineConfiguration,
+	}
+
+	p2 := network.NewProbeSpec(network.ConfigNamespaceName, "platform/tcp:proxy.example.com:3128")
+	*p2.TypedSpec() = network.ProbeSpecSpec{
+		Interval:         5 * time.Second,
+		FailureThreshold: 5,
+		TCP: network.TCPProbeSpec{
+			Endpoint: "proxy.example.com:3128",
+			Timeout:  5 * time.Second,
+		},
+		ConfigLayer: network.ConfigPlatform,
+	}
+
+	p3 := network.NewProbeSpec(network.ConfigNamespaceName, "configuration/tcp:google.com:80")
+	*p3.TypedSpec() = network.ProbeSpecSpec{
+		Interval:         2 * time.Second,
+		FailureThreshold: 4,
+		TCP: network.TCPProbeSpec{
+			Endpoint: "google.com:80",
+			Timeout:  3 * time.Second,
+		},
+		ConfigLayer: network.ConfigMachineConfiguration,
+	}
+
+	for _, res := range []resource.Resource{p1, p2, p3} {
+		suite.Create(res)
+	}
+
+	ctest.AssertResources(suite, []resource.ID{"tcp:proxy.example.com:3128", "tcp:google.com:80"},
+		func(p *network.ProbeSpec, asrt *assert.Assertions) {
+			if p.Metadata().ID() == "tcp:proxy.example.com:3128" {
+				asrt.Equal(time.Second, p.TypedSpec().Interval)
+				asrt.Equal(3, p.TypedSpec().FailureThreshold)
+				asrt.Equal("proxy.example.com:3128", p.TypedSpec().TCP.Endpoint)
+				asrt.Equal(10*time.Second, p.TypedSpec().TCP.Timeout)
+			}
+		},
+	)
+
+	suite.Destroy(p3)
+
+	ctest.AssertNoResource[*network.ProbeSpec](suite, "tcp:google.com:80")
+}
+
+func TestProbeMergeSuite(t *testing.T) {
+	t.Parallel()
+
+	suite.Run(t, &ProbeMergeSuite{
+		DefaultSuite: ctest.DefaultSuite{
+			Timeout: 5 * time.Second,
+			AfterSetup: func(s *ctest.DefaultSuite) {
+				s.Require().NoError(s.Runtime().RegisterController(netctrl.NewProbeMergeController()))
+			},
+		},
+	})
+}
diff --git a/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go b/internal/app/machined/pkg/runtime/v1alpha2/v1alpha2_controller.go
@@ -355,6 +355,8 @@ func (ctrl *Controller) Run(ctx context.Context, drainer *runtime.Drainer) error
 		&network.PlatformConfigLoadController{},
 		&network.PlatformConfigStoreController{},
 		&network.ProbeController{},
+		&network.ProbeConfigController{},
+		network.NewProbeMergeController(),
 		&network.ResolverConfigController{
 			Cmdline: procfs.ProcCmdline(),
 		},
@@ -369,7 +371,6 @@ func (ctrl *Controller) Run(ctx context.Context, drainer *runtime.Drainer) error
 		&network.StatusController{
 			V1Alpha1Mode: ctrl.v1alpha1Runtime.State().Platform().Mode(),
 		},
-		&network.ProbeConfigController{},
 		&network.TimeServerConfigController{
 			Cmdline: procfs.ProcCmdline(),
 		},
