klauvsteinen/unifi-network-operator
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: klauvsteinen:0.0.3
Branches Tags
klauvsteinen:main klauvsteinen:feature/add-helm klauvsteinen:feature/properly-handle-namespaced-services klauvsteinen:feature/properly-handle-firewallgroups-in-same-namespace klauvsteinen:feature/cleanly-delete-empty-resources klauvsteinen:feature/default-namespace-same-as-firewallpolicy-namespace-when-referring-firewallgroup klauvsteinen:feature/add-namespace-to-firewallgroup-and-firewallpolicy-resources klauvsteinen:feature/use-prebuilt-image klauvsteinen:feature/fix-indentation klauvsteinen:feature/create-correct-manifests klauvsteinen:feature/build-alpha-and-beta klauvsteinen:feature/update-image-labels klauvsteinen:feature/generate-manifest klauvsteinen:feature/use-image-from-gitea klauvsteinen:feature/fix-variable klauvsteinen:feature/fix klauvsteinen:feature/fix-push-workflow klauvsteinen:feature/push-to-gitea klauvsteinen:feature/clean_some_files klauvsteinen:feature/fix-publish-pipeline klauvsteinen:feature/kobuild-on-main klauvsteinen:master klauvsteinen:feature/test-cicd-2 klauvsteinen:feature/test-cicd klauvsteinen:39-port-forwards-should-not-log-per-default klauvsteinen:37-optimize-api-usage klauvsteinen:35-fix-portforward-logic klauvsteinen:11-create-port-forward-api klauvsteinen:32-refactor-unifi-firewall-rule-api klauvsteinen:28-add-status-information-to-firewall-rule-resources klauvsteinen:29-create-finalizer-for-cleaning-up-firewallgroup-resources klauvsteinen:12-create-firewall-rule-api klauvsteinen:24-create-network-api klauvsteinen:chore/formatting klauvsteinen:17-create-utility-library klauvsteinen:22-use-reauthentication-method-in-more-reconcilers klauvsteinen:19-create-configmap-with-default-namespace klauvsteinen:13-create-api-for-networks klauvsteinen:14-create-object-for-ports-on-firewall-groups klauvsteinen:9-add-watcher-for-annotations-for-firewall-groups-and-handle-service-updates klauvsteinen:7-handle-annotations-for-firewall-groups-in-normal-reconcile-flow klauvsteinen:4-handle-reauthentication klauvsteinen:feature/create-functionality-to-create-a-unifi-network-object-based-on-an-annotation
klauvsteinen:v0.1.1-beta6 klauvsteinen:v0.1.1-beta5 klauvsteinen:v0.1.1-alpha16 klauvsteinen:v0.1.1-alpha15 klauvsteinen:v0.1.1-alpha14 klauvsteinen:v0.1.1-alpha13 klauvsteinen:v0.1.1-beta4 klauvsteinen:v0.1.1-beta3 klauvsteinen:v0.1.1-beta2 klauvsteinen:v0.1.1-alpha12 klauvsteinen:v.01.1-alpha10 klauvsteinen:v.0.1.1-alpha11 klauvsteinen:v.0.1.1-alpha10 klauvsteinen:v0.1.1-beta1 klauvsteinen:v0.1.1-alpha11 klauvsteinen:v0.1.1-alpha10 klauvsteinen:v0.1.1-alpha9 klauvsteinen:v0.1.1 klauvsteinen:v0.1.1-alpha8 klauvsteinen:v0.1.1-alpha7 klauvsteinen:v0.1.1-alpha6 klauvsteinen:v0.1.1-alpha5 klauvsteinen:v0.1.1-alpha4 klauvsteinen:v0.1.0-alpha3 klauvsteinen:v0.1.1-alpha2 klauvsteinen:v0.1.1-alpha1 klauvsteinen:v0.1.0 klauvsteinen:v0.0.5 klauvsteinen:v0.0.4 klauvsteinen:v0.0.3 klauvsteinen:0.0.3 klauvsteinen:v0.0.2 klauvsteinen:0.0.1 klauvsteinen:v0.0.1 klauvsteinen:v.0.0.1 klauvsteinen:v0.0.1-alpha70 klauvsteinen:v0.0.1-alpha69 klauvsteinen:v0.0.1-alpha68 klauvsteinen:v0.0.1-alpha67 klauvsteinen:v0.0.1-alpha66
...
compare: klauvsteinen:feature/cleanly-delete-empty-resources
Branches Tags
klauvsteinen:feature/add-helm klauvsteinen:main klauvsteinen:feature/properly-handle-namespaced-services klauvsteinen:feature/properly-handle-firewallgroups-in-same-namespace klauvsteinen:feature/cleanly-delete-empty-resources klauvsteinen:feature/default-namespace-same-as-firewallpolicy-namespace-when-referring-firewallgroup klauvsteinen:feature/add-namespace-to-firewallgroup-and-firewallpolicy-resources klauvsteinen:feature/use-prebuilt-image klauvsteinen:feature/fix-indentation klauvsteinen:feature/create-correct-manifests klauvsteinen:feature/build-alpha-and-beta klauvsteinen:feature/update-image-labels klauvsteinen:feature/generate-manifest klauvsteinen:feature/use-image-from-gitea klauvsteinen:feature/fix-variable klauvsteinen:feature/fix klauvsteinen:feature/fix-push-workflow klauvsteinen:feature/push-to-gitea klauvsteinen:feature/clean_some_files klauvsteinen:feature/fix-publish-pipeline klauvsteinen:feature/kobuild-on-main klauvsteinen:master klauvsteinen:feature/test-cicd-2 klauvsteinen:feature/test-cicd klauvsteinen:39-port-forwards-should-not-log-per-default klauvsteinen:37-optimize-api-usage klauvsteinen:35-fix-portforward-logic klauvsteinen:11-create-port-forward-api klauvsteinen:32-refactor-unifi-firewall-rule-api klauvsteinen:28-add-status-information-to-firewall-rule-resources klauvsteinen:29-create-finalizer-for-cleaning-up-firewallgroup-resources klauvsteinen:12-create-firewall-rule-api klauvsteinen:24-create-network-api klauvsteinen:chore/formatting klauvsteinen:17-create-utility-library klauvsteinen:22-use-reauthentication-method-in-more-reconcilers klauvsteinen:19-create-configmap-with-default-namespace klauvsteinen:13-create-api-for-networks klauvsteinen:14-create-object-for-ports-on-firewall-groups klauvsteinen:9-add-watcher-for-annotations-for-firewall-groups-and-handle-service-updates klauvsteinen:7-handle-annotations-for-firewall-groups-in-normal-reconcile-flow klauvsteinen:4-handle-reauthentication klauvsteinen:feature/create-functionality-to-create-a-unifi-network-object-based-on-an-annotation
klauvsteinen:v0.1.1-beta6 klauvsteinen:v0.1.1-beta5 klauvsteinen:v0.1.1-alpha16 klauvsteinen:v0.1.1-alpha15 klauvsteinen:v0.1.1-alpha14 klauvsteinen:v0.1.1-alpha13 klauvsteinen:v0.1.1-beta4 klauvsteinen:v0.1.1-beta3 klauvsteinen:v0.1.1-beta2 klauvsteinen:v0.1.1-alpha12 klauvsteinen:v.01.1-alpha10 klauvsteinen:v.0.1.1-alpha11 klauvsteinen:v.0.1.1-alpha10 klauvsteinen:v0.1.1-beta1 klauvsteinen:v0.1.1-alpha11 klauvsteinen:v0.1.1-alpha10 klauvsteinen:v0.1.1-alpha9 klauvsteinen:v0.1.1 klauvsteinen:v0.1.1-alpha8 klauvsteinen:v0.1.1-alpha7 klauvsteinen:v0.1.1-alpha6 klauvsteinen:v0.1.1-alpha5 klauvsteinen:v0.1.1-alpha4 klauvsteinen:v0.1.0-alpha3 klauvsteinen:v0.1.1-alpha2 klauvsteinen:v0.1.1-alpha1 klauvsteinen:v0.1.0 klauvsteinen:v0.0.5 klauvsteinen:v0.0.4 klauvsteinen:v0.0.3 klauvsteinen:0.0.3 klauvsteinen:v0.0.2 klauvsteinen:0.0.1 klauvsteinen:v0.0.1 klauvsteinen:v.0.0.1 klauvsteinen:v0.0.1-alpha70 klauvsteinen:v0.0.1-alpha69 klauvsteinen:v0.0.1-alpha68 klauvsteinen:v0.0.1-alpha67 klauvsteinen:v0.0.1-alpha66

84 Commits
0.0.3 ... feature/cl

Author SHA1 Message Date
Vegard Engen
37d8060995 Check for nil ResourcesManaged
All checks were successful
Build project / build (push) Successful in 2m0s
Details
Publish / build (push) Successful in 2m4s
Details
2025-06-29 00:44:49 +02:00
Vegard Engen
8623d6cbc0 debug
All checks were successful
Build project / build (push) Successful in 1m52s
Details
Publish / build (push) Successful in 2m2s
Details
2025-06-29 00:24:00 +02:00
Vegard Engen
61606e8a7e debug 2025-06-29 00:23:26 +02:00
Vegard Engen
44d89a5a50 Check for nil instead of length
Some checks failed
Build project / build (push) Failing after 1m7s
Details
2025-06-29 00:17:44 +02:00
Vegard Engen
19f24add0a Check for Status field before checking for managed resources
Some checks failed
Build project / build (push) Failing after 1m9s
Details
Publish / build (push) Failing after 1m20s
Details
2025-06-29 00:11:49 +02:00
Vegard Engen
2e95d29373 Merge pull request 'Check for firewallGroup in same namespace if namespace is not defined' (#31) from feature/default-namespace-same-as-firewallpolicy-namespace-when-referring-firewallgroup into main
All checks were successful
Publish / build (push) Successful in 2m16s
Details 
Reviewed-on: #31
 2025-06-28 21:56:08 +00:00
Vegard Engen
990140ee1c Check for firewallGroup in same namespace if namespace is not defined
All checks were successful
Build project / build (push) Successful in 1m51s
Details
2025-06-28 23:53:51 +02:00
Vegard Engen
24c88264c9 Merge pull request 'Fix namespace matching for firewallgroups in firewallpolicies' (#30) from feature/default-namespace-same-as-firewallpolicy-namespace-when-referring-firewallgroup into main
All checks were successful
Publish / build (push) Successful in 2m1s
Details 
Reviewed-on: #30
 2025-06-28 16:38:11 +00:00
Vegard Engen
938d53fa8f Fix namespace matching for firewallgroups in firewallpolicies
All checks were successful
Build project / build (push) Successful in 1m55s
Details
Publish / build (push) Successful in 2m5s
Details
2025-06-28 18:33:54 +02:00
Vegard Engen
768c61020e Merge pull request 'feature/add-namespace-to-firewallgroup-and-firewallpolicy-resources' (#29) from feature/add-namespace-to-firewallgroup-and-firewallpolicy-resources into main
All checks were successful
Publish / build (push) Successful in 1m58s
Details 
Reviewed-on: #29
 2025-06-27 15:48:14 +00:00
Vegard Engen
8d70a78a50 fix
All checks were successful
Build project / build (push) Successful in 1m47s
Details
Publish / build (push) Successful in 1m59s
Details
2025-06-27 17:01:55 +02:00
Vegard Engen
5885daac55 Fix
Some checks failed
Build project / build (push) Failing after 1m9s
Details
Publish / build (push) Failing after 1m19s
Details
2025-06-27 16:53:44 +02:00
Vegard Engen
440dc04e5b Add namespace to some names
Some checks failed
Build project / build (push) Failing after 1m10s
Details
Publish / build (push) Failing after 1m21s
Details
2025-06-27 16:51:05 +02:00
Vegard Engen
22c8df6833 Add namespace to name of firewallgroups 2025-06-27 16:46:45 +02:00
Vegard Engen
35d95d107c Merge pull request 'Use pre-built image' (#28) from feature/use-prebuilt-image into main
Some checks failed
Publish / build (push) Has been cancelled
Details 
Reviewed-on: #28
 2025-06-26 23:49:34 +00:00
Vegard Engen
4bb45b0128 Use pre-built image
Some checks failed
Build project / build (push) Has been cancelled
Details
Publish / build (push) Successful in 1m54s
Details
2025-06-27 01:47:15 +02:00
Vegard Engen
9eefd08823 Merge pull request 'Add variables' (#27) from feature/fix-indentation into main
Some checks failed
Build project / build (push) Has been cancelled
Details
Publish / build (push) Has been cancelled
Details 
Reviewed-on: #27
 2025-06-26 23:36:27 +00:00
Vegard Engen
d53810b714 Add variables
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-27 01:36:01 +02:00
Vegard Engen
33f1fd5eac Merge pull request 'Need docker on main build' (#26) from feature/fix-indentation into main
Some checks failed
Publish / build (push) Failing after 2m21s
Details 
Reviewed-on: #26
 2025-06-26 23:28:36 +00:00
Vegard Engen
9ae7d91365 Need docker on main build
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-27 01:28:01 +02:00
Vegard Engen
6fe5fdf859 Merge pull request 'Fix indentation' (#25) from feature/fix-indentation into main
Some checks failed
Publish / build (push) Failing after 1m9s
Details 
Reviewed-on: #25
 2025-06-26 23:24:16 +00:00
Vegard Engen
37b5eb830a Fix indentation
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-27 01:23:49 +02:00
Vegard Engen
1834527d43 feature/create-correct-manifests (#23) 
Reviewed-on: #23
 2025-06-26 23:19:55 +00:00
Vegard Engen
b562c200ba Merge pull request 'split up regex' (#22) from feature/build-alpha-and-beta into main
All checks were successful
Publish / build (push) Successful in 2m53s
Details 
Reviewed-on: #22
 2025-06-26 22:19:58 +00:00
Vegard Engen
2485365728 split up regex
Some checks failed
Build project / build (push) Has been cancelled
Details
Publish / build (push) Successful in 3m22s
Details
2025-06-27 00:18:05 +02:00
Vegard Engen
efeaf521fd Merge pull request 'match alpha and beta tags' (#21) from feature/build-alpha-and-beta into main
All checks were successful
Publish / build (push) Successful in 2m55s
Details 
Reviewed-on: #21
 2025-06-26 22:08:57 +00:00
Vegard Engen
7ce8682ecb match alpha and beta tags
All checks were successful
Build project / build (push) Successful in 2m14s
Details
2025-06-27 00:07:04 +02:00
vegard
744e43c1f4 Merge pull request 'Add image url' (#20) from feature/update-image-labels into main
All checks were successful
Publish / build (push) Successful in 3m22s
Details 
Reviewed-on: #20
 2025-06-26 19:35:12 +00:00
Vegard Engen
8095723337 Add image url
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-26 21:34:42 +02:00
vegard
9e7b6123c2 Merge pull request 'Override image labels' (#19) from feature/update-image-labels into main
All checks were successful
Publish / build (push) Successful in 3m15s
Details 
Reviewed-on: #19
 2025-06-26 19:14:46 +00:00
Vegard Engen
062b386f7f Override image labels
All checks were successful
Build project / build (push) Successful in 1m54s
Details
2025-06-26 21:14:23 +02:00
vegard
aca35507ba Merge pull request 'Override image labels' (#18) from feature/update-image-labels into main
Some checks failed
Publish / build (push) Failing after 1m35s
Details 
Reviewed-on: #18
 2025-06-26 19:06:58 +00:00
Vegard Engen
4ede272b70 Override image labels
All checks were successful
Build project / build (push) Successful in 1m58s
Details
2025-06-26 21:06:25 +02:00
vegard
5e413a64e8 Merge pull request 'Add ko.yaml' (#17) from feature/update-image-labels into main
All checks were successful
Publish / build (push) Successful in 3m22s
Details 
Reviewed-on: #17
 2025-06-26 18:22:11 +00:00
Vegard Engen
1cfd5ef55c Add ko.yaml
All checks were successful
Build project / build (push) Successful in 2m1s
Details
2025-06-26 20:21:45 +02:00
vegard
c89dad396b Merge pull request 'feature/generate-manifest' (#16) from feature/generate-manifest into main
All checks were successful
Publish / build (push) Successful in 3m17s
Details 
Reviewed-on: #16
 2025-06-25 18:30:29 +00:00
Vegard Engen
cddda7098c generic in the path
All checks were successful
Build project / build (push) Successful in 1m59s
Details
2025-06-25 20:29:15 +02:00
Vegard Engen
9a186ad190 Add forgotten files
All checks were successful
Build project / build (push) Successful in 1m58s
Details
2025-06-25 17:52:28 +02:00
vegard
4ece12d18b Merge pull request 'Upload manifest' (#15) from feature/generate-manifest into main
All checks were successful
Publish / build (push) Successful in 3m15s
Details 
Reviewed-on: #15
 2025-06-25 15:48:20 +00:00
Vegard Engen
6d0df79c87 Upload manifest
All checks were successful
Build project / build (push) Successful in 1m27s
Details
2025-06-25 17:45:02 +02:00
vegard
445dd7830e Merge pull request 'Use image from gitea' (#14) from feature/use-image-from-gitea into main
All checks were successful
Publish / build (push) Successful in 2m19s
Details 
Reviewed-on: #14
 2025-06-25 15:26:34 +00:00
Vegard Engen
a73aef4f9d Use image from gitea
All checks were successful
Build project / build (push) Successful in 1m29s
Details
2025-06-25 17:25:05 +02:00
vegard
a99de02594 Merge pull request 'Fix variable reference' (#13) from feature/fix-variable into main
All checks were successful
Publish / build (push) Successful in 3m2s
Details 
Reviewed-on: #13
 2025-06-25 15:09:34 +00:00
Vegard Engen
893318ad53 Fix variable reference
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-25 17:09:15 +02:00
vegard
201edb1b82 Merge pull request 'feature/fix' (#12) from feature/fix into main
Some checks failed
Publish / build (push) Failing after 1m34s
Details 
Reviewed-on: #12
 2025-06-25 15:01:09 +00:00
Vegard Engen
b1c0a4ee11 :q:Merge branch 'feature/fix-push-workflow'
All checks were successful
Build project / build (push) Successful in 1m28s
Details
2025-06-25 16:59:39 +02:00
Vegard Engen
13677136a7 Fix variable reference
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-25 16:57:02 +02:00
Vegard Engen
cb296c3881 Fix variable reference 2025-06-25 16:57:02 +02:00
Vegard Engen
3c6b48803d fix secret names 2025-06-25 16:57:02 +02:00
Vegard Engen
f71fa2af8e Add missing sign 2025-06-25 16:57:02 +02:00
Vegard Engen
1819ef2b60 Fix workflow 2025-06-25 16:57:02 +02:00
Vegard Engen
74d7ca84a5 Change package repo 2025-06-25 16:57:02 +02:00
Vegard Engen
0f7ffe3c85 cleanup 2025-06-25 16:57:02 +02:00
Vegard Engen
3020510c6f bare 2025-06-25 16:57:01 +02:00
Vegard Engen
475e226b69 fix 2025-06-25 16:57:01 +02:00
Vegard Engen
a5521013b9 fix 2025-06-25 16:57:01 +02:00
Vegard Engen
4aa3436f28 fix 2025-06-25 16:57:01 +02:00
Vegard Engen
6e32555e9e fix 2025-06-25 16:57:01 +02:00
Vegard Engen
13c23863be fix 2025-06-25 16:57:01 +02:00
Vegard Engen
918b45c940 fix 2025-06-25 16:57:01 +02:00
Vegard Engen
3cb65a5a14 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
4ae70ecf74 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
3aa4d1a24a fix 2025-06-25 16:57:00 +02:00
Vegard Engen
1231bc50e5 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
e1847f4cf9 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
55a206d509 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
00179595e4 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
f09e008fb7 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
14a8155dcf fix 2025-06-25 16:57:00 +02:00
Vegard Engen
93ef66f01d fix 2025-06-25 16:57:00 +02:00
Vegard Engen
80746321a9 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
6423ef7d6e fix 2025-06-25 16:57:00 +02:00
Vegard Engen
fdefd05608 fix 2025-06-25 16:57:00 +02:00
Vegard Engen
760fd3903f fix 2025-06-25 16:57:00 +02:00
Vegard Engen
cda1c7ddff fix 2025-06-25 16:57:00 +02:00
Vegard Engen
1274fe610f fix 2025-06-25 16:57:00 +02:00
Vegard Engen
f091ec148b Tag 2025-06-25 16:57:00 +02:00
Vegard Engen
66e1d854d3 Tag 2025-06-25 16:57:00 +02:00
Vegard Engen
f43c1f3b63 fix tagging 2025-06-25 16:57:00 +02:00
Vegard Engen
0046157633 Fix variable reference (#10)
Some checks failed
Publish / build (push) Failing after 1m33s
Details 
Reviewed-on: #10
Co-authored-by: Vegard Engen <vegard@engen.priv.no>
Co-committed-by: Vegard Engen <vegard@engen.priv.no>
 2025-06-25 14:52:55 +00:00
vegard
56a781a260 Merge pull request 'fix secret names' (#9) from feature/fix-push-workflow into main
Some checks failed
Publish / build (push) Failing after 1m34s
Details 
Reviewed-on: #9
 2025-06-25 14:35:35 +00:00
Vegard Engen
29fb9601fd fix secret names
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-25 16:35:12 +02:00
vegard
c34eea5e13 Merge pull request 'Add missing sign' (#8) from feature/fix-push-workflow into main
Some checks failed
Publish / build (push) Failing after 1m34s
Details 
Reviewed-on: #8
 2025-06-25 14:30:15 +00:00
Vegard Engen
fe90ac7ea4 Add missing sign
Some checks failed
Build project / build (push) Has been cancelled
Details
2025-06-25 16:29:37 +02:00
10 changed files with 153 additions and 105 deletions
Expand all files Collapse all files

4
.gitea/workflows/build.yaml
View File

@@ -6,7 +6,7 @@ on:
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: golang:1.24 container: registry.engen.priv.no/gitea-build:0.1.0
steps: steps:
- name: Setup SSH - name: Setup SSH
run: | run: |
@@ -22,3 +22,5 @@ jobs:
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/ run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
- name: Build - name: Build
run: go build cmd/main.go run: go build cmd/main.go
- name: Build manifest
run: make build-installer

58
.gitea/workflows/kobuild.yaml
View File

@@ -6,21 +6,45 @@ on:
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: golang:1.24 container: registry.engen.priv.no/gitea-build:0.1.0
env:
GITEA_USER: ${{ secrets.GITEAUSER }}
GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
GITEA_REGISTRY: gitea.engen.priv.no
GITEA_ORG: klauvsteinen
steps: steps:
- name: Setup SSH - name: Setup SSH
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
- name: Install node and go - name: Check out repository code
run: apt update && apt -y install nodejs uses: actions/checkout@v4
- name: Check out repository code - name: ssh repo
uses: actions/checkout@v4 run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
- name: ssh repo - name: Docker login
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/ run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
- name: Install ko - name: Build
run: go install github.com/google/ko@latest run: |
- name: Build export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
run: KO_DOCKER_REPO=gitea.engen.priv.no/unifi-network-operator-controller PATH=~/go/bin:$PATH ko build --local ./cmd ko publish ./cmd \
--tags "latest" \
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
--image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
--image-label 'dev.chainguard.package.main=' \
--bare
- name: Build manifest
run: |
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:latest" build-installer
curl -X DELETE \
-H "Authorization: token $GITEA_TOKEN" \
-H "Content-Type: application/x-yaml" \
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
curl -X PUT \
-H "Authorization: token $GITEA_TOKEN" \
-H "Content-Type: application/x-yaml" \
--data-binary @./dist/install.yaml \
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml

33
.gitea/workflows/publish.yaml
View File

@@ -3,18 +3,18 @@ on:
push: push:
tags: tags:
- 'v[0-9]+.[0-9]+.[0-9]+' - 'v[0-9]+.[0-9]+.[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-alpha[0-9]+'
- 'v[0-9]+.[0-9]+.[0-9]+-beta[0-9]+'
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
container: golang:1.24-bookworm container: registry.engen.priv.no/gitea-build:0.1.0
env: env:
GITEA_USER: ${{ secrets.GITEA_USER }} GITEA_USER: ${{ secrets.GITEAUSER }}
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
GITEA_REGISTRY: gitea.engen.priv.no GITEA_REGISTRY: gitea.engen.priv.no
GITEA_ORG: klauvsteinen GITEA_ORG: klauvsteinen
steps: steps:
- name: Install dependencies
run: apt update && apt -y install nodejs bash docker.io
- name: Setup SSH - name: Setup SSH
run: | run: |
mkdir -p ~/.ssh mkdir -p ~/.ssh
@@ -25,8 +25,6 @@ jobs:
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: ssh repo - name: ssh repo
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/ run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
- name: Install ko
run: go install github.com/google/ko@latest
- name: Extract tag (outside container) - name: Extract tag (outside container)
shell: bash shell: bash
run: | run: |
@@ -35,7 +33,22 @@ jobs:
- name: Docker login - name: Docker login
run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
- name: Build - name: Build
env:
KO_DOCKER_REPO: "{$GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller
run: | run: |
ko publish ./cmd --tags "$TAG,latest" --bare export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
ko publish ./cmd \
--tags "$TAG" \
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
--image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
--image-label 'dev.chainguard.package.main=' \
--bare
- name: Build manifest
run: |
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:$TAG" build-installer
curl -X PUT \
-H "Authorization: token $GITEA_TOKEN" \
-H "Content-Type: application/x-yaml" \
--data-binary @./dist/install.yaml \
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/$TAG/install.yaml

4
Makefile
View File

@@ -1,5 +1,5 @@
# Image URL to use all building/pushing image targets # Image URL to use all building/pushing image targets
IMG ?= registry.engen.priv.no/unifi-network-operator-controller:latest IMG ?= gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
ifeq (,$(shell go env GOBIN)) ifeq (,$(shell go env GOBIN))
@@ -8,7 +8,7 @@ else
GOBIN=$(shell go env GOBIN) GOBIN=$(shell go env GOBIN)
endif endif
export KO_DOCKER_REPO=registry.engen.priv.no/unifi-network-operator-controller export KO_DOCKER_REPO=gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
# CONTAINER_TOOL defines the container tool to be used for building images. # CONTAINER_TOOL defines the container tool to be used for building images.
# Be aware that the target commands are only tested with Docker which is # Be aware that the target commands are only tested with Docker which is

10
PROJECT
View File

@@ -6,7 +6,7 @@ domain: engen.priv.no
layout: layout:
- go.kubebuilder.io/v4 - go.kubebuilder.io/v4
projectName: unifi-network-operator projectName: unifi-network-operator
repo: github.com/vegardengen/unifi-network-operator repo: gitea.engen.priv.no/klauvsteinen/unifi-network-operator
resources: resources:
- api: - api:
crdVersion: v1 crdVersion: v1
@@ -15,7 +15,7 @@ resources:
domain: engen.priv.no domain: engen.priv.no
group: unifi group: unifi
kind: Networkconfiguration kind: Networkconfiguration
path: github.com/vegardengen/unifi-network-operator/api/v1beta1 path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
version: v1beta1 version: v1beta1
- api: - api:
crdVersion: v1 crdVersion: v1
@@ -24,7 +24,7 @@ resources:
domain: engen.priv.no domain: engen.priv.no
group: unifi group: unifi
kind: FirewallZone kind: FirewallZone
path: github.com/vegardengen/unifi-network-operator/api/v1beta1 path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
version: v1beta1 version: v1beta1
- api: - api:
crdVersion: v1 crdVersion: v1
@@ -33,7 +33,7 @@ resources:
domain: engen.priv.no domain: engen.priv.no
group: unifi group: unifi
kind: FirewallPolicy kind: FirewallPolicy
path: github.com/vegardengen/unifi-network-operator/api/v1beta1 path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
version: v1beta1 version: v1beta1
- api: - api:
crdVersion: v1 crdVersion: v1
@@ -42,6 +42,6 @@ resources:
domain: engen.priv.no domain: engen.priv.no
group: unifi group: unifi
kind: PortForward kind: PortForward
path: github.com/vegardengen/unifi-network-operator/api/v1beta1 path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
version: v1beta1 version: v1beta1
version: "3" version: "3"

2
config/manager/kustomization.yaml
View File

@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization kind: Kustomization
images: images:
- name: controller - name: controller
newName: registry.engen.priv.no/unifi-network-operator-controller newName: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
newTag: latest newTag: latest

2
dist/install.yaml vendored
View File

@@ -915,7 +915,7 @@ spec:
secretKeyRef: secretKeyRef:
key: UNIFI_PASSWORD key: UNIFI_PASSWORD
name: unifi-configuration name: unifi-configuration
image: registry.engen.priv.no/unifi-network-operator-controller:latest image: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
livenessProbe: livenessProbe:
httpGet: httpGet:
path: /healthz path: /healthz

16
internal/controller/firewallgroup_controller.go
View File

@@ -361,10 +361,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
log.Error(err, "Could not list network objects") log.Error(err, "Could not list network objects")
return reconcile.Result{}, err return reconcile.Result{}, err
} }
ipv4_name := "k8s-" + firewallGroup.Spec.Name + "-ipv4" ipv4_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv4"
ipv6_name := "k8s-" + firewallGroup.Spec.Name + "-ipv6" ipv6_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv6"
tcpports_name := "k8s-" + firewallGroup.Spec.Name + "-tcpports" tcpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-tcpports"
udpports_name := "k8s-" + firewallGroup.Spec.Name + "-udpports" udpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-udpports"
ipv4_done := false ipv4_done := false
ipv6_done := false ipv6_done := false
tcpports_done := false tcpports_done := false
@@ -377,7 +377,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
if err != nil { if err != nil {
msg := strings.ToLower(err.Error()) msg := strings.ToLower(err.Error())
log.Info(msg) log.Info(msg)
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
log.Info("Firewall group is in use. Invoking workaround...!") log.Info("Firewall group is in use. Invoking workaround...!")
firewall_group.GroupMembers = []string{"127.0.0.1"} firewall_group.GroupMembers = []string{"127.0.0.1"}
firewall_group.Name = firewall_group.Name + "-deleted" firewall_group.Name = firewall_group.Name + "-deleted"
@@ -417,7 +417,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
if err != nil { if err != nil {
msg := strings.ToLower(err.Error()) msg := strings.ToLower(err.Error())
log.Info(msg) log.Info(msg)
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
log.Info("Firewall group is in use. Invoking workaround...!") log.Info("Firewall group is in use. Invoking workaround...!")
firewall_group.GroupMembers = []string{"::1"} firewall_group.GroupMembers = []string{"::1"}
firewall_group.Name = firewall_group.Name + "-deleted" firewall_group.Name = firewall_group.Name + "-deleted"
@@ -457,7 +457,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
if err != nil { if err != nil {
msg := strings.ToLower(err.Error()) msg := strings.ToLower(err.Error())
log.Info(msg) log.Info(msg)
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
log.Info("Firewall group is in use. Invoking workaround...!") log.Info("Firewall group is in use. Invoking workaround...!")
firewall_group.GroupMembers = []string{"0"} firewall_group.GroupMembers = []string{"0"}
firewall_group.Name = firewall_group.Name + "-deleted" firewall_group.Name = firewall_group.Name + "-deleted"
@@ -497,7 +497,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
if err != nil { if err != nil {
msg := strings.ToLower(err.Error()) msg := strings.ToLower(err.Error())
log.Info(msg) log.Info(msg)
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") { if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
log.Info("Firewall group is in use. Invoking workaround...!") log.Info("Firewall group is in use. Invoking workaround...!")
firewall_group.GroupMembers = []string{"127.0.0.1"} firewall_group.GroupMembers = []string{"127.0.0.1"}
firewall_group.Name = firewall_group.Name + "-deleted" firewall_group.Name = firewall_group.Name + "-deleted"

122
internal/controller/firewallpolicy_controller.go
View File

@@ -125,70 +125,72 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name) log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name)
if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 { if firewallPolicy.Status.ResourcesManaged != nil {
for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies { if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID)) for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 { log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID) if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
if err != nil && !strings.Contains(err.Error(), "not found") { err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
} else { if err != nil && !strings.Contains(err.Error(), "not found") {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = "" } else {
if err := r.Status().Update(ctx, &firewallPolicy); err != nil { firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
}
} }
} }
} if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 { err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID) if err != nil && !strings.Contains(err.Error(), "not found") {
if err != nil && !strings.Contains(err.Error(), "not found") {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} else {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} else {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
}
} }
} }
} if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 { err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID) if err != nil && !strings.Contains(err.Error(), "not found") {
if err != nil && !strings.Contains(err.Error(), "not found") {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} else {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} else {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
}
} }
} }
} if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 { err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID) if err != nil && !strings.Contains(err.Error(), "not found") {
if err != nil && !strings.Contains(err.Error(), "not found") {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} else {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} else {
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
}
} }
} }
} }
} }
}
if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 { if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups { for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
var firewallGroupCRD unifiv1beta1.FirewallGroup var firewallGroupCRD unifiv1beta1.FirewallGroup
if firewallGroup.Name != "" { if firewallGroup.Name != "" {
if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil { if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} }
if err := r.Delete(ctx, &firewallGroupCRD); err != nil { if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
log.Error(err, "Could not delete firewall group") log.Error(err, "Could not delete firewall group")
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
} }
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = "" firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = "" firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
if err := r.Status().Update(ctx, &firewallPolicy); err != nil { if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
}
} }
} }
} }
@@ -310,7 +312,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource. // Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
for _, firewallGroup := range firewallGroupCRDs.Items { for _, firewallGroup := range firewallGroupCRDs.Items {
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) { if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == firewallGroup.Namespace)) {
myFirewallGroups = append(myFirewallGroups, firewallGroup) myFirewallGroups = append(myFirewallGroups, firewallGroup)
} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found { } else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
myFirewallGroups = append(myFirewallGroups, firewallGroup) myFirewallGroups = append(myFirewallGroups, firewallGroup)
@@ -340,7 +342,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
skipService = true skipService = true
} }
} }
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) && !skipService { if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == service.Namespace)) && !skipService {
myServices = append(myServices, service) myServices = append(myServices, service)
} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService { } else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
myServices = append(myServices, service) myServices = append(myServices, service)
@@ -468,7 +470,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 { if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -503,7 +505,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
} }
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -541,7 +543,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 { if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -577,7 +579,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
} }
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -640,7 +642,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 { if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -677,7 +679,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
} }
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -716,7 +718,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 { if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 { if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()
@@ -753,7 +755,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
} }
} }
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 { if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp" policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
if _, found := unifiFirewallpolicyNames[policyname]; !found { if _, found := unifiFirewallpolicyNames[policyname]; !found {
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname)) log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
unifiFirewallPolicy := fillDefaultPolicy() unifiFirewallPolicy := fillDefaultPolicy()

7
ko.yaml Normal file
View File

@@ -0,0 +1,7 @@
defaultBaseImage: cgr.dev/chainguard/static:latest
labels:
org.opencontainers.image.authors: Vegard Engen <vegard@engen.priv.no>
org.opencontainers.image.source: https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator
org.opencontainers.image.vendor: Klauvsteinen
dev.chainguard.package.main: ""