Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies including controller-runtime. #178

Merged
merged 6 commits into from
Apr 22, 2024
Merged

Update dependencies including controller-runtime. #178

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
844d33f
Update dependencies including controller-runtime.
Gerrit91 Apr 16, 2024
48c59fd
Fix.
Gerrit91 Apr 16, 2024
a8ef80d
Remove unnecessary err check.
Gerrit91 Apr 16, 2024
15e548e
Add go generate to generate target.
Gerrit91 Apr 16, 2024
3d0f036
Add mockgen to local bindir.
Gerrit91 Apr 16, 2024
1e5e751
Merge remote-tracking branch 'origin/master' into updates
Gerrit91 Apr 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 10 additions & 1 deletion Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,10 @@ BUILDDATE := $(shell date -Iseconds)
VERSION := $(or ${VERSION},$(shell git describe --tags --exact-match 2> /dev/null || git symbolic-ref -q --short HEAD || git rev-parse --short HEAD))

CONTROLLER_TOOLS_VERSION ?= v0.14.0
MOCKGEN_VERSION ?= $(shell go list -m all | grep go.uber.org/mock | awk '{print $$2}')
LOCALBIN ?= $(shell pwd)/bin
CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
MOCKGEN ?= $(LOCALBIN)/mockgen
ENVTEST ?= $(LOCALBIN)/setup-envtest

all: firewall-controller
Expand Down Expand Up @@ -63,7 +65,8 @@ vet:
go vet ./...

# Generate code
generate: controller-gen manifests
generate: controller-gen mockgen manifests
go generate ./...
$(CONTROLLER_GEN) object paths="./..."

.PHONY: controller-gen
Expand All @@ -76,3 +79,9 @@ $(CONTROLLER_GEN): $(LOCALBIN)
setup-envtest: $(ENVTEST)
$(ENVTEST): $(LOCALBIN)
test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

.PHONY: mockgen
mockgen: $(MOCKGEN)
$(MOCKGEN): $(LOCALBIN)
test -s $(LOCALBIN)/mockgen && $(LOCALBIN)/mockgen -version | grep -q $(MOCKGEN_VERSION) || \
GOBIN=$(LOCALBIN) go install go.uber.org/mock/mockgen@$(MOCKGEN_VERSION)
28 changes: 14 additions & 14 deletions config/crd/bases/metal-stack.io_clusterwidenetworkpolicies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ spec:
properties:
endPort:
description: |-
If set, indicates that the range of ports from port to endPort, inclusive,
endPort indicates that the range of ports from port to endPort if set, inclusive,
should be allowed by the policy. This field cannot be defined if the port field
is not defined or if the port field is defined as a named (string) port.
The endPort must be equal or greater than port.
Expand All @@ -89,16 +89,16 @@ spec:
- type: integer
- type: string
description: |-
The port on the given protocol. This can either be a numerical or named
port represents the port on the given protocol. This can either be a numerical or named
port on a pod. If this field is not provided, this matches all port names and
numbers.
If present, only traffic on the specified protocol AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: |-
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this
field defaults to TCP.
protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
If not specified, this field defaults to TCP.
type: string
type: object
type: array
Expand All @@ -118,14 +118,14 @@ spec:
properties:
cidr:
description: |-
CIDR is a string representing the IP Block
cidr is a string representing the IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
type: string
except:
description: |-
Except is a slice of CIDRs that should not be included within an IP Block
except is a slice of CIDRs that should not be included within an IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
Except values will be rejected if they are outside the CIDR range
Except values will be rejected if they are outside the cidr range
items:
type: string
type: array
Expand Down Expand Up @@ -182,14 +182,14 @@ spec:
properties:
cidr:
description: |-
CIDR is a string representing the IP Block
cidr is a string representing the IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
type: string
except:
description: |-
Except is a slice of CIDRs that should not be included within an IP Block
except is a slice of CIDRs that should not be included within an IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
Except values will be rejected if they are outside the CIDR range
Except values will be rejected if they are outside the cidr range
items:
type: string
type: array
Expand All @@ -210,7 +210,7 @@ spec:
properties:
endPort:
description: |-
If set, indicates that the range of ports from port to endPort, inclusive,
endPort indicates that the range of ports from port to endPort if set, inclusive,
should be allowed by the policy. This field cannot be defined if the port field
is not defined or if the port field is defined as a named (string) port.
The endPort must be equal or greater than port.
Expand All @@ -221,16 +221,16 @@ spec:
- type: integer
- type: string
description: |-
The port on the given protocol. This can either be a numerical or named
port represents the port on the given protocol. This can either be a numerical or named
port on a pod. If this field is not provided, this matches all port names and
numbers.
If present, only traffic on the specified protocol AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: |-
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this
field defaults to TCP.
protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
If not specified, this field defaults to TCP.
type: string
type: object
type: array
Expand Down
6 changes: 3 additions & 3 deletions controllers/clusterwidenetworkpolicy_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ type ClusterwideNetworkPolicyReconciler struct {
// SetupWithManager configures this controller to run in schedule
func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
if r.Interval == 0 {
r.Interval = reconcilationInterval
r.Interval = reconciliationInterval
}

scheduleChan := make(chan event.GenericEvent)
Expand All @@ -58,8 +58,8 @@ func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager)

return ctrl.NewControllerManagedBy(mgr).
For(&firewallv1.ClusterwideNetworkPolicy{}).
Watches(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForObject{}).
Watches(&source.Channel{Source: scheduleChan}, &handler.EnqueueRequestForObject{}).
Watches(&corev1.Service{}, &handler.EnqueueRequestForObject{}).
WatchesRawSource(&source.Channel{Source: scheduleChan}, &handler.EnqueueRequestForObject{}).
Complete(r)
}

Expand Down
5 changes: 2 additions & 3 deletions controllers/droptailer_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/predicate"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
"sigs.k8s.io/controller-runtime/pkg/source"

"github.com/go-logr/logr"
firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1"
Expand Down Expand Up @@ -94,8 +93,8 @@ func (r *DroptailerReconciler) SetupWithManager(mgr ctrl.Manager) error {

return ctrl.NewControllerManagedBy(mgr).
For(&corev1.Pod{}, builder.WithPredicates(droptailerPredicate)).
Watches(&source.Kind{Type: &corev1.Secret{}}, handler.EnqueueRequestsFromMapFunc(func(_ client.Object) []reconcile.Request {
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []reconcile.Request {
ctx, cancel := context.WithTimeout(ctx, 3*time.Second)
defer cancel()

pods := &corev1.PodList{}
Expand Down
8 changes: 4 additions & 4 deletions controllers/firewall_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ type FirewallReconciler struct {
}

const (
reconcilationInterval = 10 * time.Second
reconciliationInterval = 10 * time.Second

nftablesExporterService = "node-exporter"
nftablesExporterNamedPort = "nodeexporter"
Expand All @@ -68,7 +68,7 @@ func (r *FirewallReconciler) SetupWithManager(mgr ctrl.Manager) error {
r.recordFirewallEvent = updater.ShootRecorderNamespaceRewriter(r.Recorder)

return ctrl.NewControllerManagedBy(mgr).
For(&firewallv2.Firewall{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})). // don't trigger a reconcilation for status updates
For(&firewallv2.Firewall{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})). // don't trigger a reconciliation for status updates
WithEventFilter(predicate.NewPredicateFuncs(func(object client.Object) bool {
return object.GetNamespace() == r.Namespace && object.GetName() == r.FirewallName
})).
Expand Down Expand Up @@ -117,9 +117,9 @@ func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
var errs []error
changed, err := network.ReconcileNetwork(f)
if changed && err == nil {
r.recordFirewallEvent(f, corev1.EventTypeNormal, "Network settings", "reconcilation succeeded (frr.conf)")
r.recordFirewallEvent(f, corev1.EventTypeNormal, "Network settings", "reconciliation succeeded (frr.conf)")
} else if changed && err != nil {
r.recordFirewallEvent(f, corev1.EventTypeWarning, "Network settings", fmt.Sprintf("reconcilation failed (frr.conf): %v", err))
r.recordFirewallEvent(f, corev1.EventTypeWarning, "Network settings", fmt.Sprintf("reconciliation failed (frr.conf): %v", err))
}
if err != nil {
errs = append(errs, err)
Expand Down
2 changes: 1 addition & 1 deletion controllers/firewall_monitor_controller.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func (r *FirewallMonitorReconciler) SeedUpdated() {
// SetupWithManager configures this controller to watch for the CRDs in a specific namespace
func (r *FirewallMonitorReconciler) SetupWithManager(mgr ctrl.Manager) error {
if r.Interval == 0 {
r.Interval = reconcilationInterval
r.Interval = reconciliationInterval
}

return ctrl.NewControllerManagedBy(mgr).
Expand Down
38 changes: 16 additions & 22 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,24 @@ require (
github.com/coreos/go-systemd/v22 v22.5.0
github.com/fatih/color v1.16.0
github.com/go-logr/logr v1.4.1
github.com/golang/mock v1.6.0
github.com/google/go-cmp v0.6.0
github.com/google/nftables v0.2.0
github.com/ks2211/go-suricata v0.0.0-20200823200910-986ce1470707
github.com/metal-stack/firewall-controller-manager v0.3.2
github.com/metal-stack/metal-go v0.28.1
github.com/metal-stack/metal-lib v0.15.1
github.com/metal-stack/firewall-controller-manager v0.3.4
github.com/metal-stack/metal-go v0.28.4
github.com/metal-stack/metal-lib v0.16.2
github.com/metal-stack/metal-networker v0.43.0
github.com/metal-stack/v v1.0.3
github.com/miekg/dns v1.1.58
github.com/txn2/txeh v1.5.5
github.com/vishvananda/netlink v1.2.1-beta.2
go.uber.org/mock v0.4.0
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
k8s.io/api v0.28.4
k8s.io/apiextensions-apiserver v0.26.3
k8s.io/apimachinery v0.28.4
k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
k8s.io/utils v0.0.0-20230711102312-30195339c3c7
sigs.k8s.io/controller-runtime v0.14.6
k8s.io/api v0.29.3
k8s.io/apiextensions-apiserver v0.29.3
k8s.io/apimachinery v0.29.3
k8s.io/client-go v0.29.3
sigs.k8s.io/controller-runtime v0.16.5
)

require (
Expand All @@ -49,7 +48,7 @@ require (
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20231205033806-a5a03c77bf08 // indirect
github.com/google/uuid v1.6.0 // indirect
Expand Down Expand Up @@ -77,6 +76,7 @@ require (
github.com/vishvananda/netns v0.0.4 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
go.uber.org/goleak v1.3.0 // indirect
golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
golang.org/x/mod v0.16.0 // indirect
golang.org/x/net v0.22.0 // indirect
golang.org/x/oauth2 v0.18.0 // indirect
Expand All @@ -92,17 +92,11 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/component-base v0.26.3 // indirect
k8s.io/component-base v0.29.3 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace (
k8s.io/api => k8s.io/api v0.26.3
k8s.io/apimachinery => k8s.io/apimachinery v0.26.3
k8s.io/client-go => k8s.io/client-go v0.26.3
k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
Loading
Loading