From c2ffce2d4d775a28aedd9676167720f07b8d1dc8 Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Wed, 4 Jun 2025 18:29:26 +0200 Subject: [PATCH 1/5] Do a few less updates --- .../networkconfiguration_controller.go | 32 ++++++++++++------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/internal/controller/networkconfiguration_controller.go b/internal/controller/networkconfiguration_controller.go index 14d91c3..8bf9c9c 100644 --- a/internal/controller/networkconfiguration_controller.go +++ b/internal/controller/networkconfiguration_controller.go @@ -19,6 +19,7 @@ package controller import ( "context" "fmt" + "reflect" "time" "k8s.io/apimachinery/pkg/runtime" @@ -111,10 +112,12 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl Vlan: int64(unifinetwork.VLAN), VlanEnabled: unifinetwork.VLANEnabled, } - networkObj.Spec = networkSpec - err := r.Update(ctx, &networkObj) - if err != nil { - return ctrl.Result{}, err + if !reflect.DeepEqual(networkObj.Spec, networkSpec) { + networkObj.Spec = networkSpec + err := r.Update(ctx, &networkObj) + if err != nil { + return ctrl.Result{}, err + } } } } @@ -210,14 +213,19 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl } else { for _, networkCRD := range networkCRDs.Items { if networkCRD.Spec.Name == unifinetwork.Name { - networkCRD.Spec = networkSpec - } - err := r.Update(ctx, &networkCRD) - if err != nil { - return ctrl.Result{RequeueAfter: 10 * time.Minute}, err - } - if err = r.Status().Update(ctx, &networkCRD); err != nil { - return ctrl.Result{RequeueAfter: 10 * time.Minute}, err + if !reflect.DeepEqual(networkCRD.Spec, networkSpec) { + networkCRD.Spec = networkSpec + err := r.Update(ctx, &networkCRD) + if err != nil { + return ctrl.Result{RequeueAfter: 10 * time.Minute}, err + } + } + if !reflect.DeepEqual(networkCRD.Status, networkStatus) { + networkCRD.Status = networkStatus + if err = r.Status().Update(ctx, &networkCRD); err != nil { + return ctrl.Result{RequeueAfter: 10 * time.Minute}, err + } + } } } } From df9926e3da20aeced1f40e82716d3feeed00d72d Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Wed, 4 Jun 2025 19:10:03 +0200 Subject: [PATCH 2/5] Small fix on updating firewall group/deleting component of it in Unifi --- internal/controller/firewallgroup_controller.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 105b3ae..50c0bb9 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -373,7 +373,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if firewall_group.Name == ipv4_name { if len(ipv4) == 0 { log.Info(fmt.Sprintf("Delete %s", ipv4_name)) - err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) + err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV4Object.ID) if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) @@ -413,7 +413,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if firewall_group.Name == ipv6_name { if len(ipv6) == 0 { log.Info(fmt.Sprintf("Delete %s", ipv6_name)) - err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) + err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV6Object.ID) if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) @@ -453,7 +453,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if firewall_group.Name == tcpports_name { if len(tcpports) == 0 { log.Info(fmt.Sprintf("Delete %s", tcpports_name)) - err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) + err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.TCPPortsObject.ID) if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) @@ -493,7 +493,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if firewall_group.Name == udpports_name { if len(udpports) == 0 { log.Info(fmt.Sprintf("Delete %s", udpports_name)) - err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID) + err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.UDPPortsObject.ID) if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) From d7a444c8d7491d94fb6b1591f4cf9457edbe3303 Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Wed, 4 Jun 2025 20:56:37 +0200 Subject: [PATCH 3/5] Change an ID in Delete firewallgroup --- internal/controller/firewallgroup_controller.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 50c0bb9..9c9972d 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -372,7 +372,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R for _, firewall_group := range firewall_groups { if firewall_group.Name == ipv4_name { if len(ipv4) == 0 { - log.Info(fmt.Sprintf("Delete %s", ipv4_name)) + log.Info(fmt.Sprintf("Delete %s: %s", ipv4_name, firewallGroup.Status.ResourcesManaged.IPV4Object.ID)) err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV4Object.ID) if err != nil { msg := strings.ToLower(err.Error()) @@ -389,7 +389,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R firewallGroup.Status.ResourcesManaged.IPV4Object.Name = "" firewallGroup.Status.ResourcesManaged.IPV4Object.ID = "" } else { - log.Error(err, "Could not delete firewall group") + log.Error(err, "Could not delete firewall group - but tried the new") return reconcile.Result{}, err } } else { From bcffdfede75b241b61de6370e7636f7c5ee3e14d Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Wed, 4 Jun 2025 20:56:52 +0200 Subject: [PATCH 4/5] Change leader election --- cmd/main.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/main.go b/cmd/main.go index 84812cd..6406d76 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -21,11 +21,13 @@ import ( "flag" "os" "path/filepath" + "time" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. _ "k8s.io/client-go/plugin/pkg/client/auth" + "k8s.io/utils/pointer" "k8s.io/apimachinery/pkg/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" @@ -187,6 +189,10 @@ func main() { HealthProbeBindAddress: probeAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "f05533b6.engen.priv.no", + LeaseDuration: pointer.Duration(30 * time.Second), + RenewDeadline: pointer.Duration(20 * time.Second), + RetryPeriod: pointer.Duration(5 * time.Second), + // LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily // when the Manager ends. This requires the binary to immediately end when the // Manager is stopped, otherwise, this setting is unsafe. Setting this significantly From c80473d9e86ac0bb0b8dea97f16bbe959f80bd10 Mon Sep 17 00:00:00 2001 From: Vegard Engen Date: Wed, 4 Jun 2025 22:02:48 +0200 Subject: [PATCH 5/5] workaround for bug? --- internal/controller/firewallgroup_controller.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/controller/firewallgroup_controller.go b/internal/controller/firewallgroup_controller.go index 9c9972d..811f21f 100644 --- a/internal/controller/firewallgroup_controller.go +++ b/internal/controller/firewallgroup_controller.go @@ -377,7 +377,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) - if strings.Contains(msg, "api.err.objectreferredby") { + if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { log.Info("Firewall group is in use. Invoking workaround...!") firewall_group.GroupMembers = []string{"127.0.0.1"} firewall_group.Name = firewall_group.Name + "-deleted" @@ -389,7 +389,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R firewallGroup.Status.ResourcesManaged.IPV4Object.Name = "" firewallGroup.Status.ResourcesManaged.IPV4Object.ID = "" } else { - log.Error(err, "Could not delete firewall group - but tried the new") + log.Error(err, "Could not delete firewall group") return reconcile.Result{}, err } } else { @@ -417,7 +417,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) - if strings.Contains(msg, "api.err.objectreferredby") { + if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { log.Info("Firewall group is in use. Invoking workaround...!") firewall_group.GroupMembers = []string{"::1"} firewall_group.Name = firewall_group.Name + "-deleted" @@ -457,7 +457,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) - if strings.Contains(msg, "api.err.objectreferredby") { + if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { log.Info("Firewall group is in use. Invoking workaround...!") firewall_group.GroupMembers = []string{"0"} firewall_group.Name = firewall_group.Name + "-deleted" @@ -497,7 +497,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R if err != nil { msg := strings.ToLower(err.Error()) log.Info(msg) - if strings.Contains(msg, "api.err.objectreferredby") { + if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { log.Info("Firewall group is in use. Invoking workaround...!") firewall_group.GroupMembers = []string{"127.0.0.1"} firewall_group.Name = firewall_group.Name + "-deleted"