From 95ddb770e659786bf1b6f7ff4c2de233b6ea7f57 Mon Sep 17 00:00:00 2001
From: Utku Ozdemir <utku.ozdemir@siderolabs.com>
Date: Thu, 30 Jan 2025 11:13:15 +0100
Subject: [PATCH] feat: mount host ca certs into metal agent

Instead of copying ca certs from its image, mount them from the host into the agent container. This way, agent can also use additional ca certificates added via `TrustedRootsConfig` config documents.

Also bump the agent version to `v0.1.0`.

Signed-off-by: Utku Ozdemir <utku.ozdemir@siderolabs.com>
---
 guest-agents/metal-agent/metal-agent.yaml | 7 +++++++
 guest-agents/metal-agent/pkg.yaml         | 4 ----
 guest-agents/vars.yaml                    | 2 +-
 3 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/guest-agents/metal-agent/metal-agent.yaml b/guest-agents/metal-agent/metal-agent.yaml
index 83da21b0..afd40d64 100644
--- a/guest-agents/metal-agent/metal-agent.yaml
+++ b/guest-agents/metal-agent/metal-agent.yaml
@@ -18,8 +18,15 @@ container:
         - rshared
         - rbind
         - rw
+    - source: /etc/ssl/certs
+      destination: /etc/ssl/certs
+      type: bind
+      options:
+        - rbind
+        - ro
 depends:
   - path: /system/run/machined/machine.sock
+  - path: /etc/ssl/certs
   - network:
       - addresses
 restart: always
diff --git a/guest-agents/metal-agent/pkg.yaml b/guest-agents/metal-agent/pkg.yaml
index 9e6a78a1..d8db5e4d 100644
--- a/guest-agents/metal-agent/pkg.yaml
+++ b/guest-agents/metal-agent/pkg.yaml
@@ -7,10 +7,6 @@ dependencies:
     from: /
     to: /rootfs/usr/local/lib/containers/metal-agent
 
-  - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/ca-certificates:{{ .BUILD_ARG_PKGS }}"
-    from: /
-    to: /rootfs/usr/local/lib/containers/metal-agent
-
   - image: "{{ .BUILD_ARG_PKGS_PREFIX }}/openssl:{{ .BUILD_ARG_PKGS }}"
     from: /
     to: /rootfs/usr/local/lib/containers/metal-agent
diff --git a/guest-agents/vars.yaml b/guest-agents/vars.yaml
index 1151e31c..c5df644c 100644
--- a/guest-agents/vars.yaml
+++ b/guest-agents/vars.yaml
@@ -9,4 +9,4 @@ XEN_GUEST_AGENT_VERSION: 0.4.0
 # renovate: datasource=github-releases depName=siderolabs/talos-vmtoolsd
 TALOS_VMTOOLSD_VERSION: v0.6.1
 # renovate: datasource=github-releases depName=siderolabs/talos-metal-agent
-TALOS_METAL_AGENT_VERSION: v0.1.0-beta.1
+TALOS_METAL_AGENT_VERSION: v0.1.0