refactor: stop using text/template in machined code paths

Reason: `text/template` uses reflect's MethodByName, disabling deadcode
linker phase.

Fixes #11299

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>

Author: smira

Dockerfile

@@ -472,7 +472,6 @@ COPY --from=generate-build /api/resource/*.pb.go /pkg/machinery/api/resource/
 COPY --from=generate-build /api/resource/config/*.pb.go /pkg/machinery/api/resource/config/
 COPY --from=generate-build /api/resource/network/*.pb.go /pkg/machinery/api/resource/network/
 COPY --from=generate-build /api/inspect/*.pb.go /pkg/machinery/api/inspect/
-COPY --from=go-generate /src/pkg/flannel/ /pkg/flannel/
 COPY --from=go-generate /src/pkg/imager/profile/ /pkg/imager/profile/
 COPY --from=go-generate /src/pkg/machinery/resources/ /pkg/machinery/resources/
 COPY --from=go-generate /src/pkg/machinery/config/schemas/ /pkg/machinery/config/schemas/

go.mod

@@ -35,6 +35,7 @@ replace github.com/containerd/containerd/v2 => github.com/smira/containerd/v2 v2
 // Kubernetes dependencies sharing the same version.
 require (
 	k8s.io/api v0.34.0-beta.0
+	k8s.io/apiextensions-apiserver v0.34.0-beta.0
 	k8s.io/apimachinery v0.34.0-beta.0
 	k8s.io/apiserver v0.34.0-beta.0
 	k8s.io/client-go v0.34.0-beta.0

go.sum

@@ -1071,6 +1071,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 k8s.io/api v0.34.0-beta.0 h1:Yok13a6+0GTJYv56+lSNlgRjF46TLUVv+gaijkLdkB4=
 k8s.io/api v0.34.0-beta.0/go.mod h1:OOkMaR1spg7vtjCCQSdxgiRD0Bbp2pcTCBxJtEEb4Pk=
+k8s.io/apiextensions-apiserver v0.34.0-beta.0 h1:zzR2yWEBkfYcjfwM42CwrBwtwLWLBJ/VwYpyP2ldNMI=
+k8s.io/apiextensions-apiserver v0.34.0-beta.0/go.mod h1:lCs/ZFdQjQWkNdEa0CS7qvLAMVDCj3fVXwSmKZ7Fn8E=
 k8s.io/apimachinery v0.34.0-beta.0 h1:C6teSJBCx6ArW7122MM9hQqeGW2w/QQ0lB4x4Z4Iftc=
 k8s.io/apimachinery v0.34.0-beta.0/go.mod h1:TP8uyOuDEOnzGpLOdffo8hPnIjVDljZCxCM/fruV+5M=
 k8s.io/apiserver v0.34.0-beta.0 h1:cLhc6un0qtCb/nwGpkj8020yvs3oUxCu4vLLKEGkd4c=

internal/app/machined/pkg/adapters/k8s/manifest.go

@@ -32,6 +32,28 @@ type manifest struct {
 	*k8s.Manifest
 }
 
+// SetObjects parses manifest from a list of runtime objects.
+func (a manifest) SetObjects(objects []runtime.Object) error {
+	a.Manifest.TypedSpec().Items = make([]k8s.SingleManifest, 0, len(objects))
+
+	for _, obj := range objects {
+		unstructuredObj, err := runtime.DefaultUnstructuredConverter.ToUnstructured(obj)
+		if err != nil {
+			return fmt.Errorf("error converting object to unstructured: %w", err)
+		}
+
+		u := unstructured.Unstructured{Object: unstructuredObj}
+		u.SetGroupVersionKind(obj.GetObjectKind().GroupVersionKind())
+		delete(u.Object, "status") // remove status field if present
+
+		a.Manifest.TypedSpec().Items = append(a.Manifest.TypedSpec().Items, k8s.SingleManifest{
+			Object: u.Object,
+		})
+	}
+
+	return nil
+}
+
 // SetYAML parses manifest from YAML.
 //
 //nolint:gocyclo

internal/app/machined/pkg/controllers/k8s/internal/k8stemplates/apiserver.go

@@ -0,0 +1,61 @@
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this
+// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+package k8stemplates
+
+import (
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	apiserverv1 "k8s.io/apiserver/pkg/apis/apiserver/v1"
+
+	"github.com/siderolabs/talos/pkg/machinery/resources/secrets"
+)
+
+// APIServerEncryptionConfig returns the encryption configuration for the API server.
+func APIServerEncryptionConfig(rootK8sSecrets *secrets.KubernetesRootSpec) runtime.Object {
+	obj := apiserverv1.EncryptionConfiguration{
+		TypeMeta: v1.TypeMeta{
+			Kind:       "EncryptionConfig",
+			APIVersion: apiserverv1.SchemeGroupVersion.Version,
+		},
+		Resources: []apiserverv1.ResourceConfiguration{
+			{
+				Resources: []string{"secrets"},
+				Providers: []apiserverv1.ProviderConfiguration{},
+			},
+		},
+	}
+
+	if rootK8sSecrets.SecretboxEncryptionSecret != "" {
+		obj.Resources[0].Providers = append(obj.Resources[0].Providers, apiserverv1.ProviderConfiguration{
+			Secretbox: &apiserverv1.SecretboxConfiguration{
+				Keys: []apiserverv1.Key{
+					{
+						Name:   "key2",
+						Secret: rootK8sSecrets.SecretboxEncryptionSecret,
+					},
+				},
+			},
+		})
+	}
+
+	if rootK8sSecrets.AESCBCEncryptionSecret != "" {
+		obj.Resources[0].Providers = append(obj.Resources[0].Providers, apiserverv1.ProviderConfiguration{
+			AESCBC: &apiserverv1.AESConfiguration{
+				Keys: []apiserverv1.Key{
+					{
+						Name:   "key1",
+						Secret: rootK8sSecrets.AESCBCEncryptionSecret,
+					},
+				},
+			},
+		})
+	}
+
+	obj.Resources[0].Providers = append(obj.Resources[0].Providers, apiserverv1.ProviderConfiguration{
+		Identity: &apiserverv1.IdentityConfiguration{},
+	})
+
+	return &obj
+}