Skip to content

Commit

Permalink
Update dependencies including controller-runtime. (#178)
Browse files Browse the repository at this point in the history
  • Loading branch information
Gerrit91 authored Apr 22, 2024
1 parent a9deaca commit 2194aad
Show file tree
Hide file tree
Showing 13 changed files with 134 additions and 227 deletions.
11 changes: 10 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,10 @@ BUILDDATE := $(shell date -Iseconds)
VERSION := $(or ${VERSION},$(shell git describe --tags --exact-match 2> /dev/null || git symbolic-ref -q --short HEAD || git rev-parse --short HEAD))

CONTROLLER_TOOLS_VERSION ?= v0.14.0
MOCKGEN_VERSION ?= $(shell go list -m all | grep go.uber.org/mock | awk '{print $$2}')
LOCALBIN ?= $(shell pwd)/bin
CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen
MOCKGEN ?= $(LOCALBIN)/mockgen
ENVTEST ?= $(LOCALBIN)/setup-envtest

all: firewall-controller
Expand Down Expand Up @@ -63,7 +65,8 @@ vet:
go vet ./...

# Generate code
generate: controller-gen manifests
generate: controller-gen mockgen manifests
go generate ./...
$(CONTROLLER_GEN) object paths="./..."

.PHONY: controller-gen
Expand All @@ -76,3 +79,9 @@ $(CONTROLLER_GEN): $(LOCALBIN)
setup-envtest: $(ENVTEST)
$(ENVTEST): $(LOCALBIN)
test -s $(LOCALBIN)/setup-envtest || GOBIN=$(LOCALBIN) go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest

.PHONY: mockgen
mockgen: $(MOCKGEN)
$(MOCKGEN): $(LOCALBIN)
test -s $(LOCALBIN)/mockgen && $(LOCALBIN)/mockgen -version | grep -q $(MOCKGEN_VERSION) || \
GOBIN=$(LOCALBIN) go install go.uber.org/mock/mockgen@$(MOCKGEN_VERSION)
28 changes: 14 additions & 14 deletions config/crd/bases/metal-stack.io_clusterwidenetworkpolicies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ spec:
properties:
endPort:
description: |-
If set, indicates that the range of ports from port to endPort, inclusive,
endPort indicates that the range of ports from port to endPort if set, inclusive,
should be allowed by the policy. This field cannot be defined if the port field
is not defined or if the port field is defined as a named (string) port.
The endPort must be equal or greater than port.
Expand All @@ -89,16 +89,16 @@ spec:
- type: integer
- type: string
description: |-
The port on the given protocol. This can either be a numerical or named
port represents the port on the given protocol. This can either be a numerical or named
port on a pod. If this field is not provided, this matches all port names and
numbers.
If present, only traffic on the specified protocol AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: |-
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this
field defaults to TCP.
protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
If not specified, this field defaults to TCP.
type: string
type: object
type: array
Expand All @@ -118,14 +118,14 @@ spec:
properties:
cidr:
description: |-
CIDR is a string representing the IP Block
cidr is a string representing the IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
type: string
except:
description: |-
Except is a slice of CIDRs that should not be included within an IP Block
except is a slice of CIDRs that should not be included within an IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
Except values will be rejected if they are outside the CIDR range
Except values will be rejected if they are outside the cidr range
items:
type: string
type: array
Expand Down Expand Up @@ -182,14 +182,14 @@ spec:
properties:
cidr:
description: |-
CIDR is a string representing the IP Block
cidr is a string representing the IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
type: string
except:
description: |-
Except is a slice of CIDRs that should not be included within an IP Block
except is a slice of CIDRs that should not be included within an IPBlock
Valid examples are "192.168.1.0/24" or "2001:db8::/64"
Except values will be rejected if they are outside the CIDR range
Except values will be rejected if they are outside the cidr range
items:
type: string
type: array
Expand All @@ -210,7 +210,7 @@ spec:
properties:
endPort:
description: |-
If set, indicates that the range of ports from port to endPort, inclusive,
endPort indicates that the range of ports from port to endPort if set, inclusive,
should be allowed by the policy. This field cannot be defined if the port field
is not defined or if the port field is defined as a named (string) port.
The endPort must be equal or greater than port.
Expand All @@ -221,16 +221,16 @@ spec:
- type: integer
- type: string
description: |-
The port on the given protocol. This can either be a numerical or named
port represents the port on the given protocol. This can either be a numerical or named
port on a pod. If this field is not provided, this matches all port names and
numbers.
If present, only traffic on the specified protocol AND port will be matched.
x-kubernetes-int-or-string: true
protocol:
default: TCP
description: |-
The protocol (TCP, UDP, or SCTP) which traffic must match. If not specified, this
field defaults to TCP.
protocol represents the protocol (TCP, UDP, or SCTP) which traffic must match.
If not specified, this field defaults to TCP.
type: string
type: object
type: array
Expand Down
6 changes: 3 additions & 3 deletions controllers/clusterwidenetworkpolicy_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ type ClusterwideNetworkPolicyReconciler struct {
// SetupWithManager configures this controller to run in schedule
func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager) error {
if r.Interval == 0 {
r.Interval = reconcilationInterval
r.Interval = reconciliationInterval
}

scheduleChan := make(chan event.GenericEvent)
Expand All @@ -58,8 +58,8 @@ func (r *ClusterwideNetworkPolicyReconciler) SetupWithManager(mgr ctrl.Manager)

return ctrl.NewControllerManagedBy(mgr).
For(&firewallv1.ClusterwideNetworkPolicy{}).
Watches(&source.Kind{Type: &corev1.Service{}}, &handler.EnqueueRequestForObject{}).
Watches(&source.Channel{Source: scheduleChan}, &handler.EnqueueRequestForObject{}).
Watches(&corev1.Service{}, &handler.EnqueueRequestForObject{}).
WatchesRawSource(&source.Channel{Source: scheduleChan}, &handler.EnqueueRequestForObject{}).
Complete(r)
}

Expand Down
5 changes: 2 additions & 3 deletions controllers/droptailer_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,6 @@ import (
"sigs.k8s.io/controller-runtime/pkg/handler"
"sigs.k8s.io/controller-runtime/pkg/predicate"
"sigs.k8s.io/controller-runtime/pkg/reconcile"
"sigs.k8s.io/controller-runtime/pkg/source"

"github.com/go-logr/logr"
firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1"
Expand Down Expand Up @@ -94,8 +93,8 @@ func (r *DroptailerReconciler) SetupWithManager(mgr ctrl.Manager) error {

return ctrl.NewControllerManagedBy(mgr).
For(&corev1.Pod{}, builder.WithPredicates(droptailerPredicate)).
Watches(&source.Kind{Type: &corev1.Secret{}}, handler.EnqueueRequestsFromMapFunc(func(_ client.Object) []reconcile.Request {
ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(func(ctx context.Context, _ client.Object) []reconcile.Request {
ctx, cancel := context.WithTimeout(ctx, 3*time.Second)
defer cancel()

pods := &corev1.PodList{}
Expand Down
8 changes: 4 additions & 4 deletions controllers/firewall_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,7 @@ type FirewallReconciler struct {
}

const (
reconcilationInterval = 10 * time.Second
reconciliationInterval = 10 * time.Second

nftablesExporterService = "node-exporter"
nftablesExporterNamedPort = "nodeexporter"
Expand All @@ -68,7 +68,7 @@ func (r *FirewallReconciler) SetupWithManager(mgr ctrl.Manager) error {
r.recordFirewallEvent = updater.ShootRecorderNamespaceRewriter(r.Recorder)

return ctrl.NewControllerManagedBy(mgr).
For(&firewallv2.Firewall{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})). // don't trigger a reconcilation for status updates
For(&firewallv2.Firewall{}, builder.WithPredicates(predicate.GenerationChangedPredicate{})). // don't trigger a reconciliation for status updates
WithEventFilter(predicate.NewPredicateFuncs(func(object client.Object) bool {
return object.GetNamespace() == r.Namespace && object.GetName() == r.FirewallName
})).
Expand Down Expand Up @@ -117,9 +117,9 @@ func (r *FirewallReconciler) Reconcile(ctx context.Context, req ctrl.Request) (c
var errs []error
changed, err := network.ReconcileNetwork(f)
if changed && err == nil {
r.recordFirewallEvent(f, corev1.EventTypeNormal, "Network settings", "reconcilation succeeded (frr.conf)")
r.recordFirewallEvent(f, corev1.EventTypeNormal, "Network settings", "reconciliation succeeded (frr.conf)")
} else if changed && err != nil {
r.recordFirewallEvent(f, corev1.EventTypeWarning, "Network settings", fmt.Sprintf("reconcilation failed (frr.conf): %v", err))
r.recordFirewallEvent(f, corev1.EventTypeWarning, "Network settings", fmt.Sprintf("reconciliation failed (frr.conf): %v", err))
}
if err != nil {
errs = append(errs, err)
Expand Down
2 changes: 1 addition & 1 deletion controllers/firewall_monitor_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ func (r *FirewallMonitorReconciler) SeedUpdated() {
// SetupWithManager configures this controller to watch for the CRDs in a specific namespace
func (r *FirewallMonitorReconciler) SetupWithManager(mgr ctrl.Manager) error {
if r.Interval == 0 {
r.Interval = reconcilationInterval
r.Interval = reconciliationInterval
}

return ctrl.NewControllerManagedBy(mgr).
Expand Down
38 changes: 16 additions & 22 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,25 +6,24 @@ require (
github.com/coreos/go-systemd/v22 v22.5.0
github.com/fatih/color v1.16.0
github.com/go-logr/logr v1.4.1
github.com/golang/mock v1.6.0
github.com/google/go-cmp v0.6.0
github.com/google/nftables v0.2.0
github.com/ks2211/go-suricata v0.0.0-20200823200910-986ce1470707
github.com/metal-stack/firewall-controller-manager v0.3.2
github.com/metal-stack/metal-go v0.28.1
github.com/metal-stack/metal-lib v0.15.1
github.com/metal-stack/firewall-controller-manager v0.3.4
github.com/metal-stack/metal-go v0.28.4
github.com/metal-stack/metal-lib v0.16.2
github.com/metal-stack/metal-networker v0.43.0
github.com/metal-stack/v v1.0.3
github.com/miekg/dns v1.1.58
github.com/txn2/txeh v1.5.5
github.com/vishvananda/netlink v1.2.1-beta.2
go.uber.org/mock v0.4.0
go4.org/netipx v0.0.0-20231129151722-fdeea329fbba
k8s.io/api v0.28.4
k8s.io/apiextensions-apiserver v0.26.3
k8s.io/apimachinery v0.28.4
k8s.io/client-go v11.0.1-0.20190409021438-1a26190bd76a+incompatible
k8s.io/utils v0.0.0-20230711102312-30195339c3c7
sigs.k8s.io/controller-runtime v0.14.6
k8s.io/api v0.29.3
k8s.io/apiextensions-apiserver v0.29.3
k8s.io/apimachinery v0.29.3
k8s.io/client-go v0.29.3
sigs.k8s.io/controller-runtime v0.16.5
)

require (
Expand All @@ -49,7 +48,7 @@ require (
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/gnostic v0.6.9 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20231205033806-a5a03c77bf08 // indirect
github.com/google/uuid v1.6.0 // indirect
Expand Down Expand Up @@ -77,6 +76,7 @@ require (
github.com/vishvananda/netns v0.0.4 // indirect
go.mongodb.org/mongo-driver v1.14.0 // indirect
go.uber.org/goleak v1.3.0 // indirect
golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
golang.org/x/mod v0.16.0 // indirect
golang.org/x/net v0.22.0 // indirect
golang.org/x/oauth2 v0.18.0 // indirect
Expand All @@ -92,17 +92,11 @@ require (
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/component-base v0.26.3 // indirect
k8s.io/component-base v0.29.3 // indirect
k8s.io/klog/v2 v2.110.1 // indirect
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
k8s.io/utils v0.0.0-20240310230437-4693a0247e57 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

replace (
k8s.io/api => k8s.io/api v0.26.3
k8s.io/apimachinery => k8s.io/apimachinery v0.26.3
k8s.io/client-go => k8s.io/client-go v0.26.3
k8s.io/kube-openapi => k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
sigs.k8s.io/yaml v1.4.0 // indirect
)
Loading

0 comments on commit 2194aad

Please sign in to comment.