Skip to content

Commit d15576b

Browse files
majst01majst01
committed
Migrate to apiv2 and use os-installer
1 parent 506fae2 commit d15576b

15 files changed

Lines changed: 465 additions & 212 deletions

Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -89,4 +89,4 @@ go-mocks:
8989
--tmpfs /.cache:uid=$$(id -u),gid=$$(id -g) \
9090
-w /work \
9191
-v ${PWD}:/work \
92-
vektra/mockery:v3.6.4
92+
vektra/mockery:v3.7.0

controllers/clusterwidenetworkpolicy_controller.go

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@ import (
77

88
"go4.org/netipx"
99

10+
apiv2 "github.com/metal-stack/api/go/metalstack/api/v2"
1011
"github.com/metal-stack/firewall-controller/v2/pkg/dns"
1112
"github.com/metal-stack/firewall-controller/v2/pkg/helper"
1213
"github.com/metal-stack/firewall-controller/v2/pkg/nftables"
@@ -46,6 +47,9 @@ type ClusterwideNetworkPolicyReconciler struct {
4647
Interval time.Duration
4748
DnsProxy *dns.DNSProxy
4849
SkipDNS bool
50+
51+
DefaultRouteIp string
52+
MachineAllocation *apiv2.MachineAllocation
4953
}
5054

5155
// SetupWithManager configures this controller to run in schedule
@@ -106,7 +110,7 @@ func (r *ClusterwideNetworkPolicyReconciler) Reconcile(ctx context.Context, _ ct
106110
}
107111
cwnps.Items = validCwnps
108112

109-
nftablesFirewall := nftables.NewFirewall(f, &cwnps, &services, r.DnsProxy, r.Log, r.Recorder)
113+
nftablesFirewall := nftables.NewFirewall(f, &cwnps, &services, r.DnsProxy, r.Log, r.Recorder, r.MachineAllocation)
110114
if err := r.manageDNSProxy(f, cwnps, nftablesFirewall); err != nil {
111115
return ctrl.Result{}, err
112116
}
@@ -145,7 +149,14 @@ func (r *ClusterwideNetworkPolicyReconciler) manageDNSProxy(
145149

146150
if enableDNS && r.DnsProxy == nil {
147151
r.Log.Info("DNS Proxy is initialized")
148-
if r.DnsProxy, err = dns.NewDNSProxy(r.Ctx, f.Spec.DNSServerAddress, f.Spec.DNSPort, r.ShootClient, ctrl.Log.WithName("DNS proxy")); err != nil {
152+
dnsProxyConfig := &dns.DNSProxyConfig{
153+
Log: ctrl.Log.WithName("DNS proxy"),
154+
DNSServer: f.Spec.DNSServerAddress,
155+
Port: f.Spec.DNSPort,
156+
ShootClient: r.ShootClient,
157+
BindAddress: r.DefaultRouteIp,
158+
}
159+
if r.DnsProxy, err = dns.NewDNSProxy(r.Ctx, dnsProxyConfig); err != nil {
149160
return fmt.Errorf("failed to init DNS proxy: %w", err)
150161
}
151162
go r.DnsProxy.Run()

controllers/firewall_controller.go

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ import (
1111

1212
"github.com/Masterminds/semver/v3"
1313
"github.com/go-logr/logr"
14+
apiv2 "github.com/metal-stack/api/go/metalstack/api/v2"
1415
mn "github.com/metal-stack/metal-lib/pkg/net"
1516
corev1 "k8s.io/api/core/v1"
1617
apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -52,7 +53,8 @@ type FirewallReconciler struct {
5253

5354
SeedUpdatedFunc func()
5455

55-
FrrVersion *semver.Version
56+
FrrVersion *semver.Version
57+
MachineAllocation *apiv2.MachineAllocation
5658
}
5759

5860
const (
@@ -90,7 +92,14 @@ func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
9092
if apierrors.IsNotFound(err) {
9193
r.Log.Info("flushing k8s firewall rules")
9294

93-
defaultFw := nftables.NewFirewall(&firewallv2.Firewall{}, &firewallv1.ClusterwideNetworkPolicyList{}, &corev1.ServiceList{}, nil, logr.Discard(), r.Recorder)
95+
defaultFw := nftables.NewFirewall(
96+
&firewallv2.Firewall{},
97+
&firewallv1.ClusterwideNetworkPolicyList{},
98+
&corev1.ServiceList{},
99+
nil, logr.Discard(),
100+
r.Recorder,
101+
r.MachineAllocation,
102+
)
94103

95104
flushErr := defaultFw.Flush()
96105
if flushErr != nil {
@@ -119,7 +128,8 @@ func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
119128
r.Log.Info("reconciling network settings")
120129

121130
var errs []error
122-
changed, err := network.ReconcileNetwork(f, r.FrrVersion)
131+
nw := network.NewNetwork(r.Log, r.MachineAllocation)
132+
changed, err := nw.ReconcileNetwork(f, r.FrrVersion)
123133
if changed && err == nil {
124134
r.recordFirewallEvent(f, corev1.EventTypeNormal, "Network settings", "reconciliation succeeded (frr.conf)")
125135
} else if changed && err != nil {

go.mod

Lines changed: 30 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -10,10 +10,10 @@ require (
1010
github.com/google/go-cmp v0.7.0
1111
github.com/google/nftables v0.3.0
1212
github.com/ks2211/go-suricata v0.0.0-20200823200910-986ce1470707
13+
github.com/metal-stack/api v0.0.55-0.20260316085710-1f98c8226b9e
1314
github.com/metal-stack/firewall-controller-manager v0.6.0
14-
github.com/metal-stack/metal-go v0.43.0
1515
github.com/metal-stack/metal-lib v0.24.0
16-
github.com/metal-stack/os-installer v0.2.0
16+
github.com/metal-stack/os-installer v0.2.1-0.20260319072654-2f5a75d683f8
1717
github.com/metal-stack/v v1.0.3
1818
github.com/miekg/dns v1.1.72
1919
github.com/stretchr/testify v1.11.1
@@ -31,19 +31,27 @@ require (
3131
replace github.com/imdario/mergo => dario.cat/mergo v1.0.0
3232

3333
require (
34+
buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 // indirect
35+
buf.build/go/protovalidate v1.1.3 // indirect
36+
buf.build/go/protoyaml v0.6.0 // indirect
37+
cel.dev/expr v0.25.1 // indirect
38+
dario.cat/mergo v1.0.2 // indirect
39+
github.com/Masterminds/goutils v1.1.1 // indirect
40+
github.com/Masterminds/sprig/v3 v3.3.0 // indirect
41+
github.com/ajeddeloh/go-json v0.0.0-20200220154158-5ae607161559 // indirect
42+
github.com/antlr4-go/antlr/v4 v4.13.1 // indirect
3443
github.com/beorn7/perks v1.0.1 // indirect
3544
github.com/cespare/xxhash/v2 v2.3.0 // indirect
45+
github.com/coreos/go-semver v0.3.1 // indirect
46+
github.com/coreos/go-systemd v0.0.0-20191104093116-d3cd4ed1dbcf // indirect
3647
github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
3748
github.com/emicklei/go-restful/v3 v3.13.0 // indirect
3849
github.com/evanphx/json-patch/v5 v5.9.11 // indirect
50+
github.com/flatcar/ignition v0.36.2 // indirect
3951
github.com/fsnotify/fsnotify v1.9.0 // indirect
4052
github.com/fxamacker/cbor/v2 v2.9.0 // indirect
41-
github.com/go-openapi/analysis v0.24.3 // indirect
42-
github.com/go-openapi/errors v0.22.7 // indirect
4353
github.com/go-openapi/jsonpointer v0.22.5 // indirect
4454
github.com/go-openapi/jsonreference v0.21.5 // indirect
45-
github.com/go-openapi/loads v0.23.3 // indirect
46-
github.com/go-openapi/spec v0.22.4 // indirect
4755
github.com/go-openapi/strfmt v0.26.1 // indirect
4856
github.com/go-openapi/swag v0.25.5 // indirect
4957
github.com/go-openapi/swag/cmdutils v0.25.5 // indirect
@@ -57,34 +65,43 @@ require (
5765
github.com/go-openapi/swag/stringutils v0.25.5 // indirect
5866
github.com/go-openapi/swag/typeutils v0.25.5 // indirect
5967
github.com/go-openapi/swag/yamlutils v0.25.5 // indirect
60-
github.com/go-openapi/validate v0.25.2 // indirect
61-
github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
68+
github.com/go-openapi/testify/enable/yaml/v2 v2.4.1 // indirect
69+
github.com/go-openapi/testify/v2 v2.4.1 // indirect
6270
github.com/godbus/dbus/v5 v5.2.2 // indirect
6371
github.com/google/btree v1.1.3 // indirect
72+
github.com/google/cel-go v0.27.0 // indirect
6473
github.com/google/gnostic-models v0.7.1 // indirect
6574
github.com/google/uuid v1.6.0 // indirect
75+
github.com/huandu/xstrings v1.5.0 // indirect
6676
github.com/json-iterator/go v1.1.12 // indirect
67-
github.com/klauspost/compress v1.18.4 // indirect
68-
github.com/kr/text v0.2.0 // indirect
6977
github.com/mattn/go-colorable v0.1.14 // indirect
7078
github.com/mattn/go-isatty v0.0.20 // indirect
7179
github.com/mdlayher/netlink v1.9.0 // indirect
7280
github.com/mdlayher/socket v0.5.1 // indirect
81+
github.com/mitchellh/copystructure v1.2.0 // indirect
82+
github.com/mitchellh/reflectwalk v1.0.2 // indirect
7383
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
7484
github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect
7585
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
76-
github.com/oklog/ulid/v2 v2.1.1 // indirect
7786
github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
7887
github.com/prometheus/client_golang v1.23.2 // indirect
7988
github.com/prometheus/client_model v0.6.2 // indirect
8089
github.com/prometheus/common v0.67.5 // indirect
8190
github.com/prometheus/procfs v0.20.1 // indirect
91+
github.com/samber/lo v1.53.0 // indirect
92+
github.com/shopspring/decimal v1.4.0 // indirect
93+
github.com/spf13/afero v1.15.0 // indirect
94+
github.com/spf13/cast v1.10.0 // indirect
8295
github.com/spf13/pflag v1.0.10 // indirect
8396
github.com/stretchr/objx v0.5.3 // indirect
97+
github.com/vincent-petithory/dataurl v1.0.0 // indirect
8498
github.com/vishvananda/netns v0.0.5 // indirect
8599
github.com/x448/float16 v0.8.4 // indirect
86100
go.yaml.in/yaml/v2 v2.4.4 // indirect
87101
go.yaml.in/yaml/v3 v3.0.4 // indirect
102+
go4.org v0.0.0-20260112195520-a5071408f32f // indirect
103+
golang.org/x/crypto v0.49.0 // indirect
104+
golang.org/x/exp v0.0.0-20260312153236-7ab1446f8b90 // indirect
88105
golang.org/x/mod v0.34.0 // indirect
89106
golang.org/x/net v0.52.0 // indirect
90107
golang.org/x/oauth2 v0.36.0 // indirect
@@ -95,6 +112,8 @@ require (
95112
golang.org/x/time v0.15.0 // indirect
96113
golang.org/x/tools v0.43.0 // indirect
97114
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
115+
google.golang.org/genproto/googleapis/api v0.0.0-20260316180232-0b37fe3546d5 // indirect
116+
google.golang.org/genproto/googleapis/rpc v0.0.0-20260316180232-0b37fe3546d5 // indirect
98117
google.golang.org/protobuf v1.36.11 // indirect
99118
gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect
100119
gopkg.in/inf.v0 v0.9.1 // indirect

0 commit comments

Comments
 (0)