From e3566e41f8e01eeea8821c5200ce47efc8b9b6fa Mon Sep 17 00:00:00 2001
From: Evan <ejohnson@akamai.com>
Date: Wed, 3 Apr 2024 17:00:29 -0400
Subject: [PATCH] add support for stackscript based bootstrapping (#211)

* add support for stackscript based bootstrapping
---
 Makefile                                      |   2 +-
 api/v1alpha1/linodemachine_types.go           |   7 -
 api/v1alpha1/zz_generated.deepcopy.go         |  12 --
 cloud/scope/client.go                         |   4 +
 cloud/services/stackscript.sh                 |  21 +++
 cloud/services/stackscripts.go                |  50 ++++++++
 cloud/services/stackscripts_test.go           | 115 +++++++++++++++++
 ...cture.cluster.x-k8s.io_linodemachines.yaml |  22 ----
 ...uster.x-k8s.io_linodemachinetemplates.yaml |  22 ----
 .../linodemachine_controller_helpers.go       |  35 ++++-
 .../linodemachine_controller_helpers_test.go  |   7 +-
 devbox.lock                                   |  42 +++++-
 docs/src/topics/getting-started.md            |   4 +
 mock/client.go                                | 120 ++++++++++++++++++
 util/filter.go                                |  11 +-
 util/filter_test.go                           |   9 ++
 16 files changed, 400 insertions(+), 83 deletions(-)
 create mode 100644 cloud/services/stackscript.sh
 create mode 100644 cloud/services/stackscripts.go
 create mode 100644 cloud/services/stackscripts_test.go

diff --git a/Makefile b/Makefile
index 33b56b00..d23f49cb 100644
--- a/Makefile
+++ b/Makefile
@@ -119,7 +119,7 @@ gosec: ## Run gosec against code.
 
 .PHONY: lint
 lint: ## Run lint against code.
-	docker run --rm -w /workdir -v $(PWD):/workdir golangci/golangci-lint:v1.56.1 golangci-lint run -c .golangci.yml
+	docker run --rm -w /workdir -v $(PWD):/workdir golangci/golangci-lint:v1.57.2 golangci-lint run -c .golangci.yml
 
 .PHONY: nilcheck
 nilcheck: nilaway ## Run nil check against code.
diff --git a/api/v1alpha1/linodemachine_types.go b/api/v1alpha1/linodemachine_types.go
index 8b632ced..72e5e5ee 100644
--- a/api/v1alpha1/linodemachine_types.go
+++ b/api/v1alpha1/linodemachine_types.go
@@ -51,10 +51,6 @@ type LinodeMachineSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	AuthorizedUsers []string `json:"authorizedUsers,omitempty"`
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
-	StackScriptID int `json:"stackscriptId,omitempty"`
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
-	StackScriptData map[string]string `json:"stackscriptData,omitempty"`
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	BackupID int `json:"backupId,omitempty"`
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	Image string `json:"image,omitempty"`
@@ -67,9 +63,6 @@ type LinodeMachineSpec struct {
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	Tags []string `json:"tags,omitempty"`
 	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
-	// +optional
-	Metadata *InstanceMetadataOptions `json:"metadata,omitempty"`
-	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
 	FirewallID int `json:"firewallId,omitempty"`
 
 	// CredentialsRef is a reference to a Secret that contains the credentials
diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
index 25999e53..4c32c353 100644
--- a/api/v1alpha1/zz_generated.deepcopy.go
+++ b/api/v1alpha1/zz_generated.deepcopy.go
@@ -363,13 +363,6 @@ func (in *LinodeMachineSpec) DeepCopyInto(out *LinodeMachineSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.StackScriptData != nil {
-		in, out := &in.StackScriptData, &out.StackScriptData
-		*out = make(map[string]string, len(*in))
-		for key, val := range *in {
-			(*out)[key] = val
-		}
-	}
 	if in.Interfaces != nil {
 		in, out := &in.Interfaces, &out.Interfaces
 		*out = make([]InstanceConfigInterfaceCreateOptions, len(*in))
@@ -382,11 +375,6 @@ func (in *LinodeMachineSpec) DeepCopyInto(out *LinodeMachineSpec) {
 		*out = make([]string, len(*in))
 		copy(*out, *in)
 	}
-	if in.Metadata != nil {
-		in, out := &in.Metadata, &out.Metadata
-		*out = new(InstanceMetadataOptions)
-		**out = **in
-	}
 	if in.CredentialsRef != nil {
 		in, out := &in.CredentialsRef, &out.CredentialsRef
 		*out = new(v1.SecretReference)
diff --git a/cloud/scope/client.go b/cloud/scope/client.go
index 6201247d..ff030aee 100644
--- a/cloud/scope/client.go
+++ b/cloud/scope/client.go
@@ -28,6 +28,10 @@ type LinodeInstanceClient interface {
 	CreateInstanceDisk(ctx context.Context, linodeID int, opts linodego.InstanceDiskCreateOptions) (*linodego.InstanceDisk, error)
 	GetInstance(ctx context.Context, linodeID int) (*linodego.Instance, error)
 	DeleteInstance(ctx context.Context, linodeID int) error
+	GetRegion(ctx context.Context, regionID string) (*linodego.Region, error)
+	GetImage(ctx context.Context, imageID string) (*linodego.Image, error)
+	CreateStackscript(ctx context.Context, opts linodego.StackscriptCreateOptions) (*linodego.Stackscript, error)
+	ListStackscripts(ctx context.Context, opts *linodego.ListOptions) ([]linodego.Stackscript, error)
 	WaitForInstanceDiskStatus(ctx context.Context, instanceID int, diskID int, status linodego.DiskStatus, timeoutSeconds int) (*linodego.InstanceDisk, error)
 }
 
diff --git a/cloud/services/stackscript.sh b/cloud/services/stackscript.sh
new file mode 100644
index 00000000..9d0ab9cd
--- /dev/null
+++ b/cloud/services/stackscript.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+# <UDF name="instancedata" label="instance-data contents(base64 encoded" />
+# <UDF name="userdata" label="user-data file contents (base64 encoded)" />
+
+cat > /etc/cloud/cloud.cfg.d/100_none.cfg <<EOF
+datasource_list: [ "None"]
+datasource:
+  None:
+    metadata:
+      id: $LINODE_ID
+$(echo "${INSTANCEDATA}" | base64 -d | sed "s/^/      /")
+    userdata_raw: |
+$(echo "${USERDATA}" | base64 -d | sed "s/^/      /")
+
+EOF
+
+cloud-init clean
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg init --local
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg init
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg modules --mode=config
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg modules --mode=final
diff --git a/cloud/services/stackscripts.go b/cloud/services/stackscripts.go
new file mode 100644
index 00000000..138a2b02
--- /dev/null
+++ b/cloud/services/stackscripts.go
@@ -0,0 +1,50 @@
+package services
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+
+	"github.com/linode/linodego"
+
+	"github.com/linode/cluster-api-provider-linode/cloud/scope"
+	"github.com/linode/cluster-api-provider-linode/util"
+	"github.com/linode/cluster-api-provider-linode/version"
+
+	_ "embed"
+)
+
+//go:embed stackscript.sh
+var stackscriptTemplate string
+
+func EnsureStackscript(ctx context.Context, machineScope *scope.MachineScope) (int, error) {
+	stackscriptName := fmt.Sprintf("CAPL-%s", version.GetVersion())
+	listFilter := util.Filter{
+		ID:    nil,
+		Label: stackscriptName,
+		Tags:  []string{},
+	}
+	filter, err := listFilter.String()
+	if err != nil {
+		return 0, err
+	}
+	stackscripts, err := machineScope.LinodeClient.ListStackscripts(ctx, &linodego.ListOptions{Filter: filter})
+	if util.IgnoreLinodeAPIError(err, http.StatusNotFound) != nil {
+		return 0, fmt.Errorf("failed to get stackscript with label %s: %w", stackscriptName, err)
+	}
+	if stackscripts != nil {
+		return stackscripts[0].ID, nil
+	}
+	stackscriptCreateOptions := linodego.StackscriptCreateOptions{
+		Label:       fmt.Sprintf("CAPL-%s", version.GetVersion()),
+		Description: fmt.Sprintf("Stackscript for creating CAPL clusters with CAPL controller version %s", version.GetVersion()),
+		Script:      stackscriptTemplate,
+		Images:      []string{"any/all"},
+	}
+	stackscript, err := machineScope.LinodeClient.CreateStackscript(ctx, stackscriptCreateOptions)
+	if err != nil {
+		return 0, fmt.Errorf("failed to create StackScript: %w", err)
+	}
+
+	return stackscript.ID, nil
+}
diff --git a/cloud/services/stackscripts_test.go b/cloud/services/stackscripts_test.go
new file mode 100644
index 00000000..f7112958
--- /dev/null
+++ b/cloud/services/stackscripts_test.go
@@ -0,0 +1,115 @@
+package services
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/linode/linodego"
+	"github.com/stretchr/testify/assert"
+	"go.uber.org/mock/gomock"
+
+	"github.com/linode/cluster-api-provider-linode/cloud/scope"
+	"github.com/linode/cluster-api-provider-linode/mock"
+)
+
+func TestEnsureStackscripts(t *testing.T) {
+	t.Parallel()
+
+	tests := []struct {
+		name          string
+		machineScope  *scope.MachineScope
+		want          int
+		expectedError error
+		expects       func(client *mock.MockLinodeMachineClient)
+	}{
+		{
+			name:         "Success - Successfully get existing StackScript",
+			machineScope: &scope.MachineScope{},
+			want:         1234,
+			expects: func(mockClient *mock.MockLinodeMachineClient) {
+				mockClient.EXPECT().ListStackscripts(gomock.Any(), &linodego.ListOptions{Filter: "{\"label\":\"CAPL-dev\"}"}).Return([]linodego.Stackscript{{
+					Label: "CAPI Test 1",
+					ID:    1234,
+				}}, nil)
+			},
+		},
+		{
+			name:         "Error - failed get existing StackScript",
+			machineScope: &scope.MachineScope{},
+			expects: func(mockClient *mock.MockLinodeMachineClient) {
+				mockClient.EXPECT().ListStackscripts(gomock.Any(), gomock.Any()).Return(nil, fmt.Errorf("failed to get StackScript"))
+			},
+			expectedError: fmt.Errorf("failed to get StackScript"),
+		},
+		{
+			name:         "Success - Successfully created StackScript",
+			machineScope: &scope.MachineScope{},
+			want:         56345,
+			expects: func(mockClient *mock.MockLinodeMachineClient) {
+				mockClient.EXPECT().ListStackscripts(gomock.Any(), gomock.Any()).Return(nil, nil)
+				mockClient.EXPECT().CreateStackscript(gomock.Any(), linodego.StackscriptCreateOptions{
+					Label:       "CAPL-dev",
+					Description: "Stackscript for creating CAPL clusters with CAPL controller version dev",
+					Script: `#!/bin/sh
+# <UDF name="instancedata" label="instance-data contents(base64 encoded" />
+# <UDF name="userdata" label="user-data file contents (base64 encoded)" />
+
+cat > /etc/cloud/cloud.cfg.d/100_none.cfg <<EOF
+datasource_list: [ "None"]
+datasource:
+  None:
+    metadata:
+      id: $LINODE_ID
+$(echo "${INSTANCEDATA}" | base64 -d | sed "s/^/      /")
+    userdata_raw: |
+$(echo "${USERDATA}" | base64 -d | sed "s/^/      /")
+
+EOF
+
+cloud-init clean
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg init --local
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg init
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg modules --mode=config
+cloud-init -f /etc/cloud/cloud.cfg.d/100_none.cfg modules --mode=final
+`,
+					Images: []string{"any/all"},
+				}).Return(&linodego.Stackscript{
+					Label: "CAPI Test 1",
+					ID:    56345,
+				}, nil)
+			},
+		},
+		{
+			name:         "Error - failed create StackScript",
+			machineScope: &scope.MachineScope{},
+			expects: func(mockClient *mock.MockLinodeMachineClient) {
+				mockClient.EXPECT().ListStackscripts(gomock.Any(), gomock.Any()).Return(nil, nil)
+				mockClient.EXPECT().CreateStackscript(gomock.Any(), gomock.Any()).Return(nil, fmt.Errorf("failed to create StackScript"))
+			},
+			expectedError: fmt.Errorf("failed to create StackScript"),
+		},
+	}
+	for _, tt := range tests {
+		testcase := tt
+		t.Run(testcase.name, func(t *testing.T) {
+			t.Parallel()
+
+			ctrl := gomock.NewController(t)
+			defer ctrl.Finish()
+
+			mockClient := mock.NewMockLinodeMachineClient(ctrl)
+
+			testcase.machineScope.LinodeClient = mockClient
+
+			testcase.expects(mockClient)
+
+			got, err := EnsureStackscript(context.Background(), testcase.machineScope)
+			if testcase.expectedError != nil {
+				assert.ErrorContains(t, err, testcase.expectedError.Error())
+			} else {
+				assert.Equal(t, testcase.want, got)
+			}
+		})
+	}
+}
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml
index b4ede303..af67096c 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachines.yaml
@@ -161,16 +161,6 @@ spec:
                 x-kubernetes-validations:
                 - message: Value is immutable
                   rule: self == oldSelf
-              metadata:
-                description: InstanceMetadataOptions defines metadata of instance
-                properties:
-                  userData:
-                    description: UserData expects a Base64-encoded string
-                    type: string
-                type: object
-                x-kubernetes-validations:
-                - message: Value is immutable
-                  rule: self == oldSelf
               privateIp:
                 type: boolean
                 x-kubernetes-validations:
@@ -190,18 +180,6 @@ spec:
                 x-kubernetes-validations:
                 - message: Value is immutable
                   rule: self == oldSelf
-              stackscriptData:
-                additionalProperties:
-                  type: string
-                type: object
-                x-kubernetes-validations:
-                - message: Value is immutable
-                  rule: self == oldSelf
-              stackscriptId:
-                type: integer
-                x-kubernetes-validations:
-                - message: Value is immutable
-                  rule: self == oldSelf
               tags:
                 items:
                   type: string
diff --git a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachinetemplates.yaml b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachinetemplates.yaml
index 8728fcf1..f4d5c1b9 100644
--- a/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachinetemplates.yaml
+++ b/config/crd/bases/infrastructure.cluster.x-k8s.io_linodemachinetemplates.yaml
@@ -150,16 +150,6 @@ spec:
                         x-kubernetes-validations:
                         - message: Value is immutable
                           rule: self == oldSelf
-                      metadata:
-                        description: InstanceMetadataOptions defines metadata of instance
-                        properties:
-                          userData:
-                            description: UserData expects a Base64-encoded string
-                            type: string
-                        type: object
-                        x-kubernetes-validations:
-                        - message: Value is immutable
-                          rule: self == oldSelf
                       privateIp:
                         type: boolean
                         x-kubernetes-validations:
@@ -179,18 +169,6 @@ spec:
                         x-kubernetes-validations:
                         - message: Value is immutable
                           rule: self == oldSelf
-                      stackscriptData:
-                        additionalProperties:
-                          type: string
-                        type: object
-                        x-kubernetes-validations:
-                        - message: Value is immutable
-                          rule: self == oldSelf
-                      stackscriptId:
-                        type: integer
-                        x-kubernetes-validations:
-                        - message: Value is immutable
-                          rule: self == oldSelf
                       tags:
                         items:
                           type: string
diff --git a/controller/linodemachine_controller_helpers.go b/controller/linodemachine_controller_helpers.go
index a36141d3..535f37cf 100644
--- a/controller/linodemachine_controller_helpers.go
+++ b/controller/linodemachine_controller_helpers.go
@@ -23,6 +23,7 @@ import (
 	"encoding/gob"
 	"errors"
 	"fmt"
+	"slices"
 	"sort"
 
 	"github.com/go-logr/logr"
@@ -38,6 +39,7 @@ import (
 
 	infrav1alpha1 "github.com/linode/cluster-api-provider-linode/api/v1alpha1"
 	"github.com/linode/cluster-api-provider-linode/cloud/scope"
+	"github.com/linode/cluster-api-provider-linode/cloud/services"
 	"github.com/linode/cluster-api-provider-linode/util"
 	"github.com/linode/cluster-api-provider-linode/util/reconciler"
 )
@@ -74,8 +76,37 @@ func (r *LinodeMachineReconciler) newCreateConfig(ctx context.Context, machineSc
 
 		return nil, err
 	}
-	createConfig.Metadata = &linodego.InstanceMetadataOptions{
-		UserData: b64.StdEncoding.EncodeToString(bootstrapData),
+
+	region, err := machineScope.LinodeClient.GetRegion(ctx, machineScope.LinodeMachine.Spec.Region)
+	if err != nil {
+		return nil, err
+	}
+	regionMetadataSupport := slices.Contains(region.Capabilities, "Metadata")
+	image, err := machineScope.LinodeClient.GetImage(ctx, machineScope.LinodeMachine.Spec.Image)
+	if err != nil {
+		return nil, err
+	}
+	imageMetadataSupport := slices.Contains(image.Capabilities, "cloud-init")
+	if imageMetadataSupport && regionMetadataSupport {
+		createConfig.Metadata = &linodego.InstanceMetadataOptions{
+			UserData: b64.StdEncoding.EncodeToString(bootstrapData),
+		}
+	} else {
+		logger.Info(fmt.Sprintf("using StackScripts for bootstrapping. imageMetadataSupport: %t, regionMetadataSupport: %t",
+			imageMetadataSupport, regionMetadataSupport))
+		capiStackScriptID, err := services.EnsureStackscript(ctx, machineScope)
+		if err != nil {
+			return nil, err
+		}
+		createConfig.StackScriptID = capiStackScriptID
+		// ###### WARNING, currently label, region and type are supported as cloud-init variables, any changes ######
+		// any changes to this could be potentially backwards incompatible and should be noted through a backwards incompatible version update #####
+		instanceData := fmt.Sprintf("label: %s\nregion: %s\ntype: %s", machineScope.LinodeMachine.Name, machineScope.LinodeMachine.Spec.Region, machineScope.LinodeMachine.Spec.Type)
+		// ###### WARNING ######
+		createConfig.StackScriptData = map[string]string{
+			"instancedata": b64.StdEncoding.EncodeToString([]byte(instanceData)),
+			"userdata":     b64.StdEncoding.EncodeToString(bootstrapData),
+		}
 	}
 
 	if createConfig.Tags == nil {
diff --git a/controller/linodemachine_controller_helpers_test.go b/controller/linodemachine_controller_helpers_test.go
index 5de83d20..c9075eba 100644
--- a/controller/linodemachine_controller_helpers_test.go
+++ b/controller/linodemachine_controller_helpers_test.go
@@ -24,8 +24,6 @@ func TestLinodeMachineSpecToCreateInstanceConfig(t *testing.T) {
 		RootPass:        "rootPass",
 		AuthorizedKeys:  []string{"key"},
 		AuthorizedUsers: []string{"user"},
-		StackScriptID:   1,
-		StackScriptData: map[string]string{"script": "data"},
 		BackupID:        1,
 		Image:           "image",
 		Interfaces: []infrav1alpha1.InstanceConfigInterfaceCreateOptions{
@@ -45,10 +43,7 @@ func TestLinodeMachineSpecToCreateInstanceConfig(t *testing.T) {
 		BackupsEnabled: true,
 		PrivateIP:      true,
 		Tags:           []string{"tag"},
-		Metadata: &infrav1alpha1.InstanceMetadataOptions{
-			UserData: "userdata",
-		},
-		FirewallID: 1,
+		FirewallID:     1,
 	}
 
 	createConfig := linodeMachineSpecToInstanceCreateConfig(machineSpec)
diff --git a/devbox.lock b/devbox.lock
index cb484c0a..520bd792 100644
--- a/devbox.lock
+++ b/devbox.lock
@@ -102,22 +102,50 @@
       }
     },
     "golangci-lint@latest": {
-      "last_modified": "2024-02-24T23:06:34Z",
-      "resolved": "github:NixOS/nixpkgs/9a9dae8f6319600fa9aebde37f340975cab4b8c0#golangci-lint",
+      "last_modified": "2024-03-22T11:26:23Z",
+      "resolved": "github:NixOS/nixpkgs/a3ed7406349a9335cb4c2a71369b697cecd9d351#golangci-lint",
       "source": "devbox-search",
-      "version": "1.56.2",
+      "version": "1.57.1",
       "systems": {
         "aarch64-darwin": {
-          "store_path": "/nix/store/fs44z0nysjiwl2sj2m9x70dbrx2lbyhh-golangci-lint-1.56.2"
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/rbkz66qnxvnla1rms6bd6zky1bi62jwc-golangci-lint-1.57.1",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/rbkz66qnxvnla1rms6bd6zky1bi62jwc-golangci-lint-1.57.1"
         },
         "aarch64-linux": {
-          "store_path": "/nix/store/bs18c2bx56b6xnpf49wb5kzi3vynbqmx-golangci-lint-1.56.2"
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/r5xyf90x7c91j3r34sg6k9wbf4dm1v4q-golangci-lint-1.57.1",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/r5xyf90x7c91j3r34sg6k9wbf4dm1v4q-golangci-lint-1.57.1"
         },
         "x86_64-darwin": {
-          "store_path": "/nix/store/1xhl4b3nk3npq70d651vg4bamfg8xyga-golangci-lint-1.56.2"
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/8yd7j7jcg0sihbrbxnz7drqd6lwlcz6r-golangci-lint-1.57.1",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/8yd7j7jcg0sihbrbxnz7drqd6lwlcz6r-golangci-lint-1.57.1"
         },
         "x86_64-linux": {
-          "store_path": "/nix/store/kc58bqdmjdc6mfilih5pywprs7r7lxrw-golangci-lint-1.56.2"
+          "outputs": [
+            {
+              "name": "out",
+              "path": "/nix/store/7vvwm8q3zx6xiln6rmdh21mqjccbrd9x-golangci-lint-1.57.1",
+              "default": true
+            }
+          ],
+          "store_path": "/nix/store/7vvwm8q3zx6xiln6rmdh21mqjccbrd9x-golangci-lint-1.57.1"
         }
       }
     },
diff --git a/docs/src/topics/getting-started.md b/docs/src/topics/getting-started.md
index 0a22b918..387219f7 100644
--- a/docs/src/topics/getting-started.md
+++ b/docs/src/topics/getting-started.md
@@ -32,6 +32,10 @@ export LINODE_TOKEN=<your linode PAT>
 export LINODE_CONTROL_PLANE_MACHINE_TYPE=g6-standard-2
 export LINODE_MACHINE_TYPE=g6-standard-2
 ```
+```admonish warning
+For Regions and Images that do not yet support Akamai's cloud-init datasource CAPL will automatically use a stackscript shim
+to provision the node. If you are using a custom image ensure the [cloud_init](https://www.linode.com/docs/api/images/#image-create) flag is set correctly on it
+```
 
 ## Register linode locally as an infrastructure provider
 1. Generate local release files 
diff --git a/mock/client.go b/mock/client.go
index ca767a10..c3f40ec3 100644
--- a/mock/client.go
+++ b/mock/client.go
@@ -133,6 +133,21 @@ func (mr *MockLinodeMachineClientMockRecorder) CreateNodeBalancerNode(ctx, nodeb
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateNodeBalancerNode", reflect.TypeOf((*MockLinodeMachineClient)(nil).CreateNodeBalancerNode), ctx, nodebalancerID, configID, opts)
 }
 
+// CreateStackscript mocks base method.
+func (m *MockLinodeMachineClient) CreateStackscript(ctx context.Context, opts linodego.StackscriptCreateOptions) (*linodego.Stackscript, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "CreateStackscript", ctx, opts)
+	ret0, _ := ret[0].(*linodego.Stackscript)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// CreateStackscript indicates an expected call of CreateStackscript.
+func (mr *MockLinodeMachineClientMockRecorder) CreateStackscript(ctx, opts any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateStackscript", reflect.TypeOf((*MockLinodeMachineClient)(nil).CreateStackscript), ctx, opts)
+}
+
 // DeleteInstance mocks base method.
 func (m *MockLinodeMachineClient) DeleteInstance(ctx context.Context, linodeID int) error {
 	m.ctrl.T.Helper()
@@ -175,6 +190,21 @@ func (mr *MockLinodeMachineClientMockRecorder) DeleteNodeBalancerNode(ctx, nodeb
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteNodeBalancerNode", reflect.TypeOf((*MockLinodeMachineClient)(nil).DeleteNodeBalancerNode), ctx, nodebalancerID, configID, nodeID)
 }
 
+// GetImage mocks base method.
+func (m *MockLinodeMachineClient) GetImage(ctx context.Context, imageID string) (*linodego.Image, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetImage", ctx, imageID)
+	ret0, _ := ret[0].(*linodego.Image)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetImage indicates an expected call of GetImage.
+func (mr *MockLinodeMachineClientMockRecorder) GetImage(ctx, imageID any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetImage", reflect.TypeOf((*MockLinodeMachineClient)(nil).GetImage), ctx, imageID)
+}
+
 // GetInstance mocks base method.
 func (m *MockLinodeMachineClient) GetInstance(ctx context.Context, linodeID int) (*linodego.Instance, error) {
 	m.ctrl.T.Helper()
@@ -220,6 +250,21 @@ func (mr *MockLinodeMachineClientMockRecorder) GetInstanceIPAddresses(ctx, linod
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceIPAddresses", reflect.TypeOf((*MockLinodeMachineClient)(nil).GetInstanceIPAddresses), ctx, linodeID)
 }
 
+// GetRegion mocks base method.
+func (m *MockLinodeMachineClient) GetRegion(ctx context.Context, regionID string) (*linodego.Region, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetRegion", ctx, regionID)
+	ret0, _ := ret[0].(*linodego.Region)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetRegion indicates an expected call of GetRegion.
+func (mr *MockLinodeMachineClientMockRecorder) GetRegion(ctx, regionID any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetRegion", reflect.TypeOf((*MockLinodeMachineClient)(nil).GetRegion), ctx, regionID)
+}
+
 // GetVPC mocks base method.
 func (m *MockLinodeMachineClient) GetVPC(ctx context.Context, vpcID int) (*linodego.VPC, error) {
 	m.ctrl.T.Helper()
@@ -280,6 +325,21 @@ func (mr *MockLinodeMachineClientMockRecorder) ListNodeBalancers(ctx, opts any)
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListNodeBalancers", reflect.TypeOf((*MockLinodeMachineClient)(nil).ListNodeBalancers), ctx, opts)
 }
 
+// ListStackscripts mocks base method.
+func (m *MockLinodeMachineClient) ListStackscripts(ctx context.Context, opts *linodego.ListOptions) ([]linodego.Stackscript, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "ListStackscripts", ctx, opts)
+	ret0, _ := ret[0].([]linodego.Stackscript)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ListStackscripts indicates an expected call of ListStackscripts.
+func (mr *MockLinodeMachineClientMockRecorder) ListStackscripts(ctx, opts any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListStackscripts", reflect.TypeOf((*MockLinodeMachineClient)(nil).ListStackscripts), ctx, opts)
+}
+
 // ResizeInstanceDisk mocks base method.
 func (m *MockLinodeMachineClient) ResizeInstanceDisk(ctx context.Context, linodeID, diskID, size int) error {
 	m.ctrl.T.Helper()
@@ -376,6 +436,21 @@ func (mr *MockLinodeInstanceClientMockRecorder) CreateInstanceDisk(ctx, linodeID
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateInstanceDisk", reflect.TypeOf((*MockLinodeInstanceClient)(nil).CreateInstanceDisk), ctx, linodeID, opts)
 }
 
+// CreateStackscript mocks base method.
+func (m *MockLinodeInstanceClient) CreateStackscript(ctx context.Context, opts linodego.StackscriptCreateOptions) (*linodego.Stackscript, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "CreateStackscript", ctx, opts)
+	ret0, _ := ret[0].(*linodego.Stackscript)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// CreateStackscript indicates an expected call of CreateStackscript.
+func (mr *MockLinodeInstanceClientMockRecorder) CreateStackscript(ctx, opts any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CreateStackscript", reflect.TypeOf((*MockLinodeInstanceClient)(nil).CreateStackscript), ctx, opts)
+}
+
 // DeleteInstance mocks base method.
 func (m *MockLinodeInstanceClient) DeleteInstance(ctx context.Context, linodeID int) error {
 	m.ctrl.T.Helper()
@@ -390,6 +465,21 @@ func (mr *MockLinodeInstanceClientMockRecorder) DeleteInstance(ctx, linodeID any
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "DeleteInstance", reflect.TypeOf((*MockLinodeInstanceClient)(nil).DeleteInstance), ctx, linodeID)
 }
 
+// GetImage mocks base method.
+func (m *MockLinodeInstanceClient) GetImage(ctx context.Context, imageID string) (*linodego.Image, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetImage", ctx, imageID)
+	ret0, _ := ret[0].(*linodego.Image)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetImage indicates an expected call of GetImage.
+func (mr *MockLinodeInstanceClientMockRecorder) GetImage(ctx, imageID any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetImage", reflect.TypeOf((*MockLinodeInstanceClient)(nil).GetImage), ctx, imageID)
+}
+
 // GetInstance mocks base method.
 func (m *MockLinodeInstanceClient) GetInstance(ctx context.Context, linodeID int) (*linodego.Instance, error) {
 	m.ctrl.T.Helper()
@@ -435,6 +525,21 @@ func (mr *MockLinodeInstanceClientMockRecorder) GetInstanceIPAddresses(ctx, lino
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetInstanceIPAddresses", reflect.TypeOf((*MockLinodeInstanceClient)(nil).GetInstanceIPAddresses), ctx, linodeID)
 }
 
+// GetRegion mocks base method.
+func (m *MockLinodeInstanceClient) GetRegion(ctx context.Context, regionID string) (*linodego.Region, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "GetRegion", ctx, regionID)
+	ret0, _ := ret[0].(*linodego.Region)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// GetRegion indicates an expected call of GetRegion.
+func (mr *MockLinodeInstanceClientMockRecorder) GetRegion(ctx, regionID any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetRegion", reflect.TypeOf((*MockLinodeInstanceClient)(nil).GetRegion), ctx, regionID)
+}
+
 // ListInstanceConfigs mocks base method.
 func (m *MockLinodeInstanceClient) ListInstanceConfigs(ctx context.Context, linodeID int, opts *linodego.ListOptions) ([]linodego.InstanceConfig, error) {
 	m.ctrl.T.Helper()
@@ -465,6 +570,21 @@ func (mr *MockLinodeInstanceClientMockRecorder) ListInstances(ctx, opts any) *go
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListInstances", reflect.TypeOf((*MockLinodeInstanceClient)(nil).ListInstances), ctx, opts)
 }
 
+// ListStackscripts mocks base method.
+func (m *MockLinodeInstanceClient) ListStackscripts(ctx context.Context, opts *linodego.ListOptions) ([]linodego.Stackscript, error) {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "ListStackscripts", ctx, opts)
+	ret0, _ := ret[0].([]linodego.Stackscript)
+	ret1, _ := ret[1].(error)
+	return ret0, ret1
+}
+
+// ListStackscripts indicates an expected call of ListStackscripts.
+func (mr *MockLinodeInstanceClientMockRecorder) ListStackscripts(ctx, opts any) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ListStackscripts", reflect.TypeOf((*MockLinodeInstanceClient)(nil).ListStackscripts), ctx, opts)
+}
+
 // ResizeInstanceDisk mocks base method.
 func (m *MockLinodeInstanceClient) ResizeInstanceDisk(ctx context.Context, linodeID, diskID, size int) error {
 	m.ctrl.T.Helper()
diff --git a/util/filter.go b/util/filter.go
index 77aa972b..4c88e376 100644
--- a/util/filter.go
+++ b/util/filter.go
@@ -2,6 +2,7 @@ package util
 
 import (
 	"encoding/json"
+	"maps"
 	"strconv"
 	"strings"
 )
@@ -11,16 +12,17 @@ import (
 // The fields within Filter are prioritized so that only the most-specific
 // field is present when Filter is marshaled to JSON.
 type Filter struct {
-	ID    *int     // Filter on the resource's ID (most specific).
-	Label string   // Filter on the resource's label.
-	Tags  []string // Filter resources by their tags (least specific).
+	ID                *int              // Filter on the resource's ID (most specific).
+	Label             string            // Filter on the resource's label.
+	Tags              []string          // Filter resources by their tags (least specific).
+	AdditionalFilters map[string]string // Filter resources by additional parameters
 }
 
 // MarshalJSON returns a JSON-encoded representation of a [Filter].
 // The resulting encoded value will have exactly 1 (one) field present.
 // See [Filter] for details on the value precedence.
 func (f Filter) MarshalJSON() ([]byte, error) {
-	filter := make(map[string]string, 1)
+	filter := make(map[string]string, len(f.AdditionalFilters)+1)
 	switch {
 	case f.ID != nil:
 		filter["id"] = strconv.Itoa(*f.ID)
@@ -30,6 +32,7 @@ func (f Filter) MarshalJSON() ([]byte, error) {
 		filter["tags"] = strings.Join(f.Tags, ",")
 	}
 
+	maps.Copy(filter, f.AdditionalFilters)
 	return json.Marshal(filter)
 }
 
diff --git a/util/filter_test.go b/util/filter_test.go
index c2d03c29..4af6a17b 100644
--- a/util/filter_test.go
+++ b/util/filter_test.go
@@ -32,6 +32,15 @@ func TestString(t *testing.T) {
 			Tags:  []string{"testtag"},
 		},
 		expectErr: false,
+	}, {
+		name: "success additional info",
+		filter: Filter{
+			ID:                nil,
+			Label:             "",
+			Tags:              []string{"testtag"},
+			AdditionalFilters: map[string]string{"mine": "true"},
+		},
+		expectErr: false,
 	}, {
 		name: "failure unmarshal",
 		filter: Filter{