diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 5c5f0b8..8a26930 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -1,2 +1,8 @@ resources: - manager.yaml +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +images: +- name: controller + newName: registry.engen.priv.no/unifi-network-operator-controller + newTag: latest diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 8808a8c..4dc00cc 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -58,13 +58,32 @@ spec: seccompProfile: type: RuntimeDefault containers: - - command: - - /manager - args: + - args: - --leader-elect - --health-probe-bind-address=:8081 image: controller:latest name: manager + env: + - name: UNIFI_URL + valueFrom: + secretKeyRef: + name: unifi-configuration + key: UNIFI_URL + - name: UNIFI_SITE + valueFrom: + secretKeyRef: + name: unifi-configuration + key: UNIFI_SITE + - name: UNIFI_USER + valueFrom: + secretKeyRef: + name: unifi-configuration + key: UNIFI_USERNAME + - name: UNIFI_PASSWORD + valueFrom: + secretKeyRef: + name: unifi-configuration + key: UNIFI_PASSWORD ports: [] securityContext: allowPrivilegeEscalation: false diff --git a/config/network-policy/calicopolicy.yaml b/config/network-policy/calicopolicy.yaml new file mode 100644 index 0000000..600c66d --- /dev/null +++ b/config/network-policy/calicopolicy.yaml @@ -0,0 +1,38 @@ +apiVersion: projectcalico.org/v3 +kind: NetworkPolicy +metadata: + name: default-deny + namespace: unifi-network-operator-system +spec: + ingress: + - action: Deny + egress: + - action: Deny +--- +apiVersion: projectcalico.org/v3 +kind: NetworkPolicy +metadata: + name: allow-all-in-namespace + namespace: unifi-network-operator-system # Change this to your namespace +spec: + ingress: + - action: Allow + source: + namespaceSelector: kubernetes.io/metadata.name == "unifi-network-operator-system" + egress: + - action: Allow + destination: + namespaceSelector: kubernetes.io/metadata.name == "unifi-network-operator-system" + selector: all() # Applies this policy to all pods in the namespace +--- +apiVersion: projectcalico.org/v3 +kind: NetworkPolicy +metadata: + name: allow-all-temporary + namespace: unifi-network-operator-system +spec: + egress: + - action: Allow + ingress: + - action: Allow +--- diff --git a/hack/one_off/generate_network_spec.go b/hack/one_off/generate_network_spec.go deleted file mode 100644 index 6fdc033..0000000 --- a/hack/one_off/generate_network_spec.go +++ /dev/null @@ -1,120 +0,0 @@ -//go:generate go run generate_spec.go - -package main - -import ( - "bytes" - "fmt" - "go/format" - "os" - "reflect" - "strings" - "text/template" - - "github.com/ubiquiti-community/go-unifi/unifi" -) - -// Map Go types to Kubernetes types -var goTypeToK8s = map[string]string{ - "string": "string", - "int": "int", - "int32": "int", - "int64": "int", - "float32": "float64", - "float64": "float64", - "bool": "bool", -} - -// Extract fields from unifi.Network and format them as Go struct fields -func extractFields(t reflect.Type) string { - var fields []string - for i := 0; i < t.NumField(); i++ { - field := t.Field(i) - fieldName := field.Name - fieldType := field.Type.String() - - // Convert Go types to Kubernetes CRD types - k8sType, exists := goTypeToK8s[fieldType] - if !exists { - k8sType = "string" // Default fallback type - } - - // Add kubebuilder validation tag - jsonTag := strings.ToLower(fieldName) - fields = append(fields, fmt.Sprintf("\t%s %s `json:\"%s,omitempty\"`", fieldName, k8sType, jsonTag)) - } - return strings.Join(fields, "\n") -} - -// Define the `UnifiNetworkSpec` struct template -const specTemplate = `package v1 - -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// UnifiNetworkSpec defines the desired state of UnifiNetwork -type UnifiNetworkSpec struct { -{{.Fields}} -} - -// UnifiNetworkStatus defines the observed state of UnifiNetwork -type UnifiNetworkStatus struct { - LastUpdated metav1.Time \`\`json:"lastUpdated,omitempty"\`\` -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status -type UnifiNetwork struct { - metav1.TypeMeta \`\`json:",inline"\`\` - metav1.ObjectMeta \`\`json:"metadata,omitempty"\`\` - - Spec UnifiNetworkSpec \`\`json:"spec,omitempty"\`\` - Status UnifiNetworkStatus \`\`json:"status,omitempty"\`\` -} - -// +kubebuilder:object:root=true -type UnifiNetworkList struct { - metav1.TypeMeta \`\`json:",inline"\`\` - metav1.ListMeta \`\`json:"metadata,omitempty"\`\` - Items []UnifiNetwork \`\`json:"items"\`\` -} -` - -func main() { - // Extract fields from `unifi.Network` - fields := extractFields(reflect.TypeOf(unifi.Network{})) - - // Generate Go code from template - tmpl, err := template.New("spec").Parse(specTemplate) - if err != nil { - fmt.Println("Error parsing template:", err) - return - } - - var output bytes.Buffer - err = tmpl.Execute(&output, struct { - Fields string - }{Fields: fields}) - - if err != nil { - fmt.Println("Error executing template:", err) - return - } - - // Format Go code - formatted, err := format.Source(output.Bytes()) - if err != nil { - fmt.Println("Error formatting code:", err) - return - } - - // Write to `api/v1/unifinetwork_types.go` - err = os.WriteFile("api/v1/unifinetwork_types.go", formatted, 0644) - if err != nil { - fmt.Println("Error writing file:", err) - return - } - - fmt.Println("✅ UnifiNetworkSpec generated successfully in api/v1/unifinetwork_types.go") -} diff --git a/internal/unifi/unifi.go b/internal/unifi/unifi.go index 4e76bfc..7dc5f65 100644 --- a/internal/unifi/unifi.go +++ b/internal/unifi/unifi.go @@ -11,7 +11,7 @@ import ( "net/http/cookiejar" "os" - "github.com/vegardengen/go-unifi/unifi" + "github.com/ubiquiti-community/go-unifi/unifi" ) type UnifiClient struct {