Allow CAPBK to generate JoinConfiguration discovery kubeconfig

Signed-off-by: Vince Prignano <vince@prigna.com>

Makefile

@@ -492,10 +492,11 @@ generate-go-conversions-kubeadm-bootstrap: $(CONVERSION_GEN) ## Generate convers
 		--go-header-file=./hack/boilerplate/boilerplate.generatego.txt \
 		./internal/apis/bootstrap/kubeadm/v1alpha3 \
 		./internal/apis/bootstrap/kubeadm/v1alpha4
-	$(MAKE) clean-generated-conversions SRC_DIRS="./bootstrap/kubeadm/types/upstreamv1beta2,./bootstrap/kubeadm/types/upstreamv1beta3,./bootstrap/kubeadm/types/upstreamv1beta4"
+	$(MAKE) clean-generated-conversions SRC_DIRS="./bootstrap/kubeadm/types/upstreamv1beta1,./bootstrap/kubeadm/types/upstreamv1beta2,./bootstrap/kubeadm/types/upstreamv1beta3,./bootstrap/kubeadm/types/upstreamv1beta4"
 	$(CONVERSION_GEN) \
 		--output-file=zz_generated.conversion.go \
 		--go-header-file=./hack/boilerplate/boilerplate.generatego.txt \
+		./bootstrap/kubeadm/types/upstreamv1beta1 \
 		./bootstrap/kubeadm/types/upstreamv1beta2 \
 		./bootstrap/kubeadm/types/upstreamv1beta3 \
 		./bootstrap/kubeadm/types/upstreamv1beta4

bootstrap/kubeadm/api/v1beta1/kubeadm_types.go

@@ -512,6 +512,143 @@ type BootstrapTokenDiscovery struct {
 type FileDiscovery struct {
 	// KubeConfigPath is used to specify the actual file path or URL to the kubeconfig file from which to load cluster information
 	KubeConfigPath string `json:"kubeConfigPath"`
+
+	// KubeConfig is used (optionally) to generate a KubeConfig based on the KubeadmConfig's information.
+	// The kubeconfig is generated with a server and context matching the KubeadmConfig's name,
+	// Host address (server field) information is automatically populated based on the Cluster's ControlPlaneEndpoint.
+	// Certificate Authority (certificate-authority-data field) is gathered from the cluster's CA secret.
+	// +optional
+	KubeConfig *FileDiscoveryKubeConfig `json:"kubeConfig,omitempty"`
+}
+
+// FileDiscoveryKubeConfig contains elements describing how to generate the kubeconfig for bootstrapping.
+type FileDiscoveryKubeConfig struct {
+	// Cluster contains information about how to communicate with the kubernetes cluster.
+	//
+	// By default the following fields are automatically populated:
+	// - Name with the Cluster's name.
+	// - Server with the Cluster's ControlPlaneEndpoint.
+	// - CertificateAuthorityData with the Cluster's CA certificate.
+	// +optional
+	Cluster *KubeConfigCluster `json:"cluster,omitempty"`
+
+	// User contains information that describes identity information.
+	// This is use to tell the kubernetes cluster who you are.
+	User KubeConfigUser `json:"user"`
+}
+
+// KubeConfigCluster contains information about how to communicate with a kubernetes cluster.
+//
+// Adapted from clientcmdv1.Cluster.
+type KubeConfigCluster struct {
+	// Server is the address of the kubernetes cluster (https://hostname:port).
+	Server string `json:"server"`
+	// TLSServerName is used to check server certificate. If TLSServerName is empty, the hostname used to contact the server is used.
+	// +optional
+	TLSServerName string `json:"tls-server-name,omitempty"`
+	// InsecureSkipTLSVerify skips the validity check for the server's certificate. This will make your HTTPS connections insecure.
+	// +optional
+	InsecureSkipTLSVerify bool `json:"insecure-skip-tls-verify,omitempty"`
+	// CertificateAuthorityData contains PEM-encoded certificate authority certificates. Overrides CertificateAuthority
+	// +optional
+	CertificateAuthorityData []byte `json:"certificate-authority-data,omitempty"`
+	// ProxyURL is the URL to the proxy to be used for all requests made by this
+	// client. URLs with "http", "https", and "socks5" schemes are supported.  If
+	// this configuration is not provided or the empty string, the client
+	// attempts to construct a proxy configuration from http_proxy and
+	// https_proxy environment variables. If these environment variables are not
+	// set, the client does not attempt to proxy requests.
+	//
+	// socks5 proxying does not currently support spdy streaming endpoints (exec,
+	// attach, port forward).
+	// +optional
+	ProxyURL string `json:"proxy-url,omitempty"`
+}
+
+// KubeConfigUser contains information that describes identity information.
+// This is use to tell the kubernetes cluster who you are.
+//
+// Adapted from clientcmdv1.AuthInfo.
+type KubeConfigUser struct {
+	// ClientCertificateData contains PEM-encoded data from a client cert file for TLS. Overrides ClientCertificate
+	// +optional
+	ClientCertificateData []byte `json:"client-certificate-data,omitempty"`
+	// ClientKeyData contains PEM-encoded data from a client key file for TLS. Overrides ClientKey
+	// +optional
+	ClientKeyData []byte `json:"client-key-data,omitempty" datapolicy:"security-key"`
+	// Token is the bearer token for authentication to the kubernetes cluster.
+	// +optional
+	Token string `json:"token,omitempty" datapolicy:"token"`
+	// AuthProvider specifies a custom authentication plugin for the kubernetes cluster.
+	// +optional
+	AuthProvider *KubeConfigAuthProvider `json:"auth-provider,omitempty"`
+	// Exec specifies a custom exec-based authentication plugin for the kubernetes cluster.
+	// +optional
+	Exec *KubeConfigAuthExec `json:"exec,omitempty"`
+}
+
+// KubeConfigAuthProvider holds the configuration for a specified auth provider.
+type KubeConfigAuthProvider struct {
+	// Name is the name of the authentication plugin.
+	Name string `json:"name"`
+
+	// Config holds the parameters for the authentication plugin.
+	Config map[string]string `json:"config"`
+}
+
+// KubeConfigAuthExec specifies a command to provide client credentials. The command is exec'd
+// and outputs structured stdout holding credentials.
+//
+// See the client.authentication.k8s.io API group for specifications of the exact input
+// and output format.
+type KubeConfigAuthExec struct {
+	// Command to execute.
+	Command string `json:"command"`
+	// Arguments to pass to the command when executing it.
+	// +optional
+	Args []string `json:"args,omitempty"`
+	// Env defines additional environment variables to expose to the process. These
+	// are unioned with the host's environment, as well as variables client-go uses
+	// to pass argument to the plugin.
+	// +optional
+	Env []KubeConfigAuthExecEnv `json:"env,omitempty"`
+
+	// Preferred input version of the ExecInfo. The returned ExecCredentials MUST use
+	// the same encoding version as the input.
+	APIVersion string `json:"apiVersion,omitempty"`
+
+	// This text is shown to the user when the executable doesn't seem to be
+	// present. For example, `brew install foo-cli` might be a good InstallHint for
+	// foo-cli on Mac OS systems.
+	InstallHint string `json:"installHint,omitempty"`
+
+	// ProvideClusterInfo determines whether or not to provide cluster information,
+	// which could potentially contain very large CA data, to this exec plugin as a
+	// part of the KUBERNETES_EXEC_INFO environment variable. By default, it is set
+	// to false. Package k8s.io/client-go/tools/auth/exec provides helper methods for
+	// reading this environment variable.
+	ProvideClusterInfo bool `json:"provideClusterInfo"`
+
+	// InteractiveMode determines this plugin's relationship with standard input. Valid
+	// values are "Never" (this exec plugin never uses standard input), "IfAvailable" (this
+	// exec plugin wants to use standard input if it is available), or "Always" (this exec
+	// plugin requires standard input to function). See ExecInteractiveMode values for more
+	// details.
+	//
+	// If APIVersion is client.authentication.k8s.io/v1alpha1 or
+	// client.authentication.k8s.io/v1beta1, then this field is optional and defaults
+	// to "IfAvailable" when unset. Otherwise, this field is required.
+	//
+	// +kubebuilder:validation:Enum=Never;IfAvailable;Always
+	// +optional
+	InteractiveMode string `json:"interactiveMode,omitempty"`
+}
+
+// KubeConfigAuthExecEnv is used for setting environment variables when executing an exec-based
+// credential plugin.
+type KubeConfigAuthExecEnv struct {
+	Name  string `json:"name"`
+	Value string `json:"value"`
 }
 
 // HostPathMount contains elements describing volumes that are mounted from the