Add boot-from-volume support to server controller

Add support for booting servers from Cinder volumes instead of images.
This enables the boot-from-volume (BFV) pattern where a bootable volume
(created from an image) is used as the root disk.

Design decisions:

1. Boot volume vs data volumes separation:
    - Only the boot volume (bootVolume field) is attached at server creation
    time via Nova's block device mapping
    - Additional data volumes continue to use the existing dynamic attachment
    mechanism (spec.resource.volumes) which attaches volumes after server
    creation
    - This separation allows data volumes to remain mutable (add/remove after
    server creation) while the boot volume is immutable
    - Avoids duplicating volume attachment logic between creation-time and
    runtime mechanisms

2. No deleteOnTermination option:
    - Deliberately not exposing Nova's delete_on_termination flag
    - If enabled, Nova would delete the underlying OpenStack volume when the
    server is deleted, but the ORC Volume resource would remain as an orphan
    - The orphaned Volume resource would then attempt to recreate the volume,
    leading to unexpected behavior
    - Users who want the volume deleted should delete both Server and Volume
    resources, maintaining consistent ORC resource lifecycle management

API Changes:
- Add ServerBootVolumeSpec type with volumeRef and optional tag fields
- Add bootVolume field to ServerResourceSpec (mutually exclusive with imageRef)
- Make imageRef optional (pointer) with CEL validation

Controller Changes:
- Add bootVolumeDependency with deletion guard and unique controller name
- Handle boot-from-volume in CreateResource by building BlockDevice list

Tests & Examples:
- Add kuttl test for server boot-from-volume scenario
- Add config/samples/openstack_v1alpha1_server_boot_from_volume.yaml
- Add examples/bases/boot-from-volume/ with volume and server examples

assisted-by: claude

Author: eshulman2

api/v1alpha1/server_types.go

@@ -60,6 +60,20 @@ type ServerPortSpec struct {
 	PortRef *KubernetesNameRef `json:"portRef,omitempty"`
 }
 
+// ServerBootVolumeSpec defines the boot volume for boot-from-volume server creation.
+// When specified, the server boots from this volume instead of an image.
+type ServerBootVolumeSpec struct {
+	// volumeRef is a reference to a Volume object. The volume must be
+	// bootable (created from an image) and available before server creation.
+	// +required
+	VolumeRef KubernetesNameRef `json:"volumeRef,omitempty"`
+
+	// tag is the device tag applied to the volume.
+	// +kubebuilder:validation:MaxLength:=255
+	// +optional
+	Tag *string `json:"tag,omitempty"`
+}
+
 // +kubebuilder:validation:MinProperties:=1
 type ServerVolumeSpec struct {
 	// volumeRef is a reference to a Volume object. Server creation will wait for
@@ -122,23 +136,32 @@ type ServerInterfaceStatus struct {
 }
 
 // ServerResourceSpec contains the desired state of a server
+// +kubebuilder:validation:XValidation:rule="has(self.imageRef) || has(self.bootVolume)",message="either imageRef or bootVolume must be specified"
+// +kubebuilder:validation:XValidation:rule="!(has(self.imageRef) && has(self.bootVolume))",message="imageRef and bootVolume are mutually exclusive"
 type ServerResourceSpec struct {
 	// name will be the name of the created resource. If not specified, the
 	// name of the ORC object will be used.
 	// +optional
 	Name *OpenStackName `json:"name,omitempty"`
 
 	// imageRef references the image to use for the server instance.
-	// NOTE: This is not required in case of boot from volume.
-	// +required
+	// This field is required unless bootVolume is specified for boot-from-volume.
+	// +optional
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="imageRef is immutable"
-	ImageRef KubernetesNameRef `json:"imageRef,omitempty"`
+	ImageRef *KubernetesNameRef `json:"imageRef,omitempty"`
 
 	// flavorRef references the flavor to use for the server instance.
 	// +required
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="flavorRef is immutable"
 	FlavorRef KubernetesNameRef `json:"flavorRef,omitempty"`
 
+	// bootVolume specifies a volume to boot from instead of an image.
+	// When specified, imageRef must be omitted. The volume must be
+	// bootable (created from an image using imageRef in the Volume spec).
+	// +optional
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="bootVolume is immutable"
+	BootVolume *ServerBootVolumeSpec `json:"bootVolume,omitempty"`
+
 	// userData specifies data which will be made available to the server at
 	// boot time, either via the metadata service or a config drive. It is
 	// typically read by a configuration service such as cloud-init or ignition.

api/v1alpha1/zz_generated.deepcopy.go

@@ -202,6 +202,29 @@ spec:
                     x-kubernetes-validations:
                     - message: availabilityZone is immutable
                       rule: self == oldSelf
+                  bootVolume:
+                    description: |-
+                      bootVolume specifies a volume to boot from instead of an image.
+                      When specified, imageRef must be omitted. The volume must be
+                      bootable (created from an image using imageRef in the Volume spec).
+                    properties:
+                      tag:
+                        description: tag is the device tag applied to the volume.
+                        maxLength: 255
+                        type: string
+                      volumeRef:
+                        description: |-
+                          volumeRef is a reference to a Volume object. The volume must be
+                          bootable (created from an image) and available before server creation.
+                        maxLength: 253
+                        minLength: 1
+                        type: string
+                    required:
+                    - volumeRef
+                    type: object
+                    x-kubernetes-validations:
+                    - message: bootVolume is immutable
+                      rule: self == oldSelf
                   configDrive:
                     description: |-
                       configDrive specifies whether to attach a config drive to the server.
@@ -223,7 +246,7 @@ spec:
                   imageRef:
                     description: |-
                       imageRef references the image to use for the server instance.
-                      NOTE: This is not required in case of boot from volume.
+                      This field is required unless bootVolume is specified for boot-from-volume.
                     maxLength: 253
                     minLength: 1
                     type: string
@@ -354,9 +377,13 @@ spec:
                     x-kubernetes-list-type: atomic
                 required:
                 - flavorRef
-                - imageRef
                 - ports
                 type: object
+                x-kubernetes-validations:
+                - message: either imageRef or bootVolume must be specified
+                  rule: has(self.imageRef) || has(self.bootVolume)
+                - message: imageRef and bootVolume are mutually exclusive
+                  rule: '!(has(self.imageRef) && has(self.bootVolume))'
             required:
             - cloudCredentialsRef
             type: object

cmd/models-schema/zz_generated.openapi.go

@@ -0,0 +1,25 @@
+# Example of creating a server that boots from a Cinder volume instead of an image.
+# This is the boot-from-volume (BFV) pattern.
+#
+# Prerequisites:
+# - A bootable volume created from an image (see openstack_v1alpha1_volume_bootable.yaml)
+# - Network, subnet, and port resources
+# - A flavor
+---
+apiVersion: openstack.k-orc.cloud/v1alpha1
+kind: Server
+metadata:
+  name: server-boot-from-volume-sample
+spec:
+  cloudCredentialsRef:
+    cloudName: openstack
+    secretName: openstack-clouds
+  managementPolicy: managed
+  resource:
+    # Note: No imageRef - booting from volume instead
+    bootVolume:
+      volumeRef: bootable-volume-sample
+    flavorRef: server-sample
+    ports:
+      - portRef: server-sample
+    availabilityZone: nova

config/crd/bases/openstack.k-orc.cloud_servers.yaml

@@ -0,0 +1,6 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- volume.yaml
+- server.yaml

config/samples/openstack_v1alpha1_server_boot_from_volume.yaml

@@ -0,0 +1,18 @@
+---
+# Server that boots from a volume instead of an image
+apiVersion: openstack.k-orc.cloud/v1alpha1
+kind: Server
+metadata:
+  name: server
+spec:
+  cloudCredentialsRef:
+    cloudName: openstack
+    secretName: cloud-config
+  managementPolicy: managed
+  resource:
+    # No imageRef - booting from volume
+    bootVolume:
+      volumeRef: boot-volume
+    flavorRef: flavor
+    ports:
+    - portRef: port

examples/bases/boot-from-volume/kustomization.yaml

@@ -0,0 +1,14 @@
+---
+# Bootable volume created from the cirros image
+apiVersion: openstack.k-orc.cloud/v1alpha1
+kind: Volume
+metadata:
+  name: boot-volume
+spec:
+  cloudCredentialsRef:
+    cloudName: openstack
+    secretName: cloud-config
+  managementPolicy: managed
+  resource:
+    size: 1
+    imageRef: cirros

examples/bases/boot-from-volume/server.yaml

@@ -160,15 +160,45 @@ func (actuator serverActuator) CreateResource(ctx context.Context, obj *orcv1alp
 
 	reconcileStatus := progress.NewReconcileStatus()
 
-	var image *orcv1alpha1.Image
-	{
+	// Determine if we're booting from volume or image
+	bootFromVolume := resource.BootVolume != nil
+
+	var imageID string
+	if !bootFromVolume {
+		// Traditional boot from image
 		dep, imageReconcileStatus := imageDependency.GetDependency(
 			ctx, actuator.k8sClient, obj, func(image *orcv1alpha1.Image) bool {
 				return orcv1alpha1.IsAvailable(image) && image.Status.ID != nil
 			},
 		)
 		reconcileStatus = reconcileStatus.WithReconcileStatus(imageReconcileStatus)
-		image = dep
+		if dep != nil && dep.Status.ID != nil {
+			imageID = *dep.Status.ID
+		}
+	}
+
+	// Resolve boot volume for boot-from-volume
+	var blockDevices []servers.BlockDevice
+	if bootFromVolume {
+		bootVolume, bvReconcileStatus := bootVolumeDependency.GetDependency(
+			ctx, actuator.k8sClient, obj, func(volume *orcv1alpha1.Volume) bool {
+				return orcv1alpha1.IsAvailable(volume) && volume.Status.ID != nil
+			},
+		)
+		reconcileStatus = reconcileStatus.WithReconcileStatus(bvReconcileStatus)
+
+		if bootVolume != nil && bootVolume.Status.ID != nil {
+			bd := servers.BlockDevice{
+				SourceType:      servers.SourceVolume,
+				DestinationType: servers.DestinationVolume,
+				UUID:            *bootVolume.Status.ID,
+				BootIndex:       0, // Always 0 for boot volume
+			}
+			if resource.BootVolume.Tag != nil {
+				bd.Tag = *resource.BootVolume.Tag
+			}
+			blockDevices = append(blockDevices, bd)
+		}
 	}
 
 	flavor, flavorReconcileStatus := dependency.FetchDependency(
@@ -256,14 +286,15 @@ func (actuator serverActuator) CreateResource(ctx context.Context, obj *orcv1alp
 
 	serverCreateOpts := servers.CreateOpts{
 		Name:             getResourceName(obj),
-		ImageRef:         *image.Status.ID,
+		ImageRef:         imageID, // Empty string if boot-from-volume
 		FlavorRef:        *flavor.Status.ID,
 		Networks:         portList,
 		UserData:         userData,
 		Tags:             tags,
 		Metadata:         metadata,
 		AvailabilityZone: resource.AvailabilityZone,
 		ConfigDrive:      resource.ConfigDrive,
+		BlockDevice:      blockDevices, // Boot volume for BFV
 	}
 
 	/* keypairs.CreateOptsExt was merged into servers.CreateOpts in gopher cloud V3