Compare commits
15 Commits
11-create-
...
v0.0.1-alp
| Author | SHA1 | Date | |
|---|---|---|---|
| 8765a94893 | |||
| 54ade7cc49 | |||
| bf666f0a89 | |||
| b59fc563f3 | |||
| b444690400 | |||
| bcf73d64bf | |||
| d372e4c7a7 | |||
| c80473d9e8 | |||
| bcffdfede7 | |||
| d7a444c8d7 | |||
| df9926e3da | |||
| c2ffce2d4d | |||
| fc0bda1e7b | |||
| dd4df6ee07 | |||
| 86b58cb5a9 |
14
cmd/main.go
14
cmd/main.go
@@ -21,11 +21,13 @@ import (
|
||||
"flag"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"time"
|
||||
|
||||
// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
|
||||
// to ensure that exec-entrypoint and run can make use of them.
|
||||
_ "k8s.io/client-go/plugin/pkg/client/auth"
|
||||
|
||||
"k8s.io/utils/pointer"
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
||||
clientgoscheme "k8s.io/client-go/kubernetes/scheme"
|
||||
@@ -37,10 +39,10 @@ import (
|
||||
metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
|
||||
"sigs.k8s.io/controller-runtime/pkg/webhook"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/config"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/controller"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/unifi"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/controller"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
|
||||
// +kubebuilder:scaffold:imports
|
||||
)
|
||||
|
||||
@@ -187,6 +189,10 @@ func main() {
|
||||
HealthProbeBindAddress: probeAddr,
|
||||
LeaderElection: enableLeaderElection,
|
||||
LeaderElectionID: "f05533b6.engen.priv.no",
|
||||
LeaseDuration: pointer.Duration(30 * time.Second),
|
||||
RenewDeadline: pointer.Duration(20 * time.Second),
|
||||
RetryPeriod: pointer.Duration(5 * time.Second),
|
||||
|
||||
// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
|
||||
// when the Manager ends. This requires the binary to immediately end when the
|
||||
// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly
|
||||
|
||||
4
go.mod
4
go.mod
@@ -1,4 +1,4 @@
|
||||
module github.com/vegardengen/unifi-network-operator
|
||||
module gitea.engen.priv.no/klauvsteinen/unifi-network-operator
|
||||
|
||||
go 1.24.0
|
||||
|
||||
@@ -9,7 +9,7 @@ godebug default=go1.23
|
||||
require (
|
||||
github.com/onsi/ginkgo/v2 v2.23.4
|
||||
github.com/onsi/gomega v1.37.0
|
||||
github.com/vegardengen/go-unifi v0.0.1-alpha25
|
||||
gitea.engen.priv.no/klauvsteinen/go-unifi v0.0.1-alpha26
|
||||
k8s.io/api v0.32.1
|
||||
k8s.io/apimachinery v0.32.1
|
||||
k8s.io/client-go v0.32.1
|
||||
|
||||
2
go.sum
2
go.sum
@@ -1,5 +1,7 @@
|
||||
cel.dev/expr v0.23.1 h1:K4KOtPCJQjVggkARsjG9RWXP6O4R73aHeJMa/dmCQQg=
|
||||
cel.dev/expr v0.23.1/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
|
||||
gitea.engen.priv.no/klauvsteinen/go-unifi v0.0.1-alpha26 h1:nM5XNYGPCR+6U5ypssm5iuwJrubeKwD2axLZeZXl/EQ=
|
||||
gitea.engen.priv.no/klauvsteinen/go-unifi v0.0.1-alpha26/go.mod h1:0cA32wEhA7BTHHI4frsPjXFctHkJq9VZe9yrOwVlpQE=
|
||||
github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
|
||||
github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
|
||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
|
||||
|
||||
@@ -38,10 +38,10 @@ import (
|
||||
"sigs.k8s.io/controller-runtime/pkg/reconcile"
|
||||
// "sigs.k8s.io/controller-runtime/pkg/source"
|
||||
|
||||
goUnifi "github.com/vegardengen/go-unifi/unifi"
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/config"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/unifi"
|
||||
goUnifi "gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
|
||||
)
|
||||
|
||||
const firewallGroupFinalizer = "finalizer.unifi.engen.priv.no/firewallgroup"
|
||||
@@ -372,12 +372,12 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
||||
for _, firewall_group := range firewall_groups {
|
||||
if firewall_group.Name == ipv4_name {
|
||||
if len(ipv4) == 0 {
|
||||
log.Info(fmt.Sprintf("Delete %s", ipv4_name))
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
|
||||
log.Info(fmt.Sprintf("Delete %s: %s", ipv4_name, firewallGroup.Status.ResourcesManaged.IPV4Object.ID))
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV4Object.ID)
|
||||
if err != nil {
|
||||
msg := strings.ToLower(err.Error())
|
||||
log.Info(msg)
|
||||
if strings.Contains(msg, "api.err.objectreferredby") {
|
||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||
firewall_group.GroupMembers = []string{"127.0.0.1"}
|
||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||
@@ -413,11 +413,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
||||
if firewall_group.Name == ipv6_name {
|
||||
if len(ipv6) == 0 {
|
||||
log.Info(fmt.Sprintf("Delete %s", ipv6_name))
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV6Object.ID)
|
||||
if err != nil {
|
||||
msg := strings.ToLower(err.Error())
|
||||
log.Info(msg)
|
||||
if strings.Contains(msg, "api.err.objectreferredby") {
|
||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||
firewall_group.GroupMembers = []string{"::1"}
|
||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||
@@ -453,11 +453,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
||||
if firewall_group.Name == tcpports_name {
|
||||
if len(tcpports) == 0 {
|
||||
log.Info(fmt.Sprintf("Delete %s", tcpports_name))
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.TCPPortsObject.ID)
|
||||
if err != nil {
|
||||
msg := strings.ToLower(err.Error())
|
||||
log.Info(msg)
|
||||
if strings.Contains(msg, "api.err.objectreferredby") {
|
||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||
firewall_group.GroupMembers = []string{"0"}
|
||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||
@@ -493,11 +493,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
||||
if firewall_group.Name == udpports_name {
|
||||
if len(udpports) == 0 {
|
||||
log.Info(fmt.Sprintf("Delete %s", udpports_name))
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
|
||||
err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.UDPPortsObject.ID)
|
||||
if err != nil {
|
||||
msg := strings.ToLower(err.Error())
|
||||
log.Info(msg)
|
||||
if strings.Contains(msg, "api.err.objectreferredby") {
|
||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||
firewall_group.GroupMembers = []string{"127.0.0.1"}
|
||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
)
|
||||
|
||||
var _ = Describe("FirewallGroup Controller", func() {
|
||||
|
||||
@@ -33,10 +33,10 @@ import (
|
||||
"sigs.k8s.io/controller-runtime/pkg/handler"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
goUnifi "github.com/vegardengen/go-unifi/unifi"
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/config"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/unifi"
|
||||
goUnifi "gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
|
||||
)
|
||||
|
||||
// FirewallPolicyReconciler reconciles a FirewallPolicy object
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
)
|
||||
|
||||
var _ = Describe("FirewallPolicy Controller", func() {
|
||||
|
||||
@@ -28,9 +28,9 @@ import (
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/config"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/unifi"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
|
||||
)
|
||||
|
||||
// FirewallZoneReconciler reconciles a FirewallZone object
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
)
|
||||
|
||||
var _ = Describe("FirewallZone Controller", func() {
|
||||
|
||||
@@ -19,6 +19,7 @@ package controller
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"reflect"
|
||||
"time"
|
||||
|
||||
"k8s.io/apimachinery/pkg/runtime"
|
||||
@@ -27,9 +28,9 @@ import (
|
||||
"sigs.k8s.io/controller-runtime/pkg/client"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log"
|
||||
|
||||
unifiv1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/config"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/unifi"
|
||||
unifiv1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
|
||||
)
|
||||
|
||||
// NetworkconfigurationReconciler reconciles a Networkconfiguration object
|
||||
@@ -111,10 +112,12 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl
|
||||
Vlan: int64(unifinetwork.VLAN),
|
||||
VlanEnabled: unifinetwork.VLANEnabled,
|
||||
}
|
||||
networkObj.Spec = networkSpec
|
||||
err := r.Update(ctx, &networkObj)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, err
|
||||
if !reflect.DeepEqual(networkObj.Spec, networkSpec) {
|
||||
networkObj.Spec = networkSpec
|
||||
err := r.Update(ctx, &networkObj)
|
||||
if err != nil {
|
||||
return ctrl.Result{}, err
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -210,14 +213,19 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl
|
||||
} else {
|
||||
for _, networkCRD := range networkCRDs.Items {
|
||||
if networkCRD.Spec.Name == unifinetwork.Name {
|
||||
networkCRD.Spec = networkSpec
|
||||
}
|
||||
err := r.Update(ctx, &networkCRD)
|
||||
if err != nil {
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
}
|
||||
if err = r.Status().Update(ctx, &networkCRD); err != nil {
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
if !reflect.DeepEqual(networkCRD.Spec, networkSpec) {
|
||||
networkCRD.Spec = networkSpec
|
||||
err := r.Update(ctx, &networkCRD)
|
||||
if err != nil {
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
}
|
||||
}
|
||||
if !reflect.DeepEqual(networkCRD.Status, networkStatus) {
|
||||
networkCRD.Status = networkStatus
|
||||
if err = r.Status().Update(ctx, &networkCRD); err != nil {
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
)
|
||||
|
||||
var _ = Describe("Networkconfiguration Controller", func() {
|
||||
|
||||
@@ -18,10 +18,10 @@ import (
|
||||
// "sigs.k8s.io/controller-runtime/pkg/reconcile"
|
||||
// "sigs.k8s.io/controller-runtime/pkg/source"
|
||||
|
||||
goUnifi "github.com/vegardengen/go-unifi/unifi"
|
||||
// unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/config"
|
||||
"github.com/vegardengen/unifi-network-operator/internal/unifi"
|
||||
goUnifi "gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
|
||||
// unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
|
||||
"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
|
||||
)
|
||||
|
||||
type PortForwardReconciler struct {
|
||||
@@ -119,10 +119,25 @@ func (r *PortForwardReconciler) Reconcile(ctx context.Context, req ctrl.Request)
|
||||
}
|
||||
portforwardname := "k8s-forward-" + svc.Name + "-" + port.Name
|
||||
log.Info(fmt.Sprintf("Should handle %s", portforwardname))
|
||||
_, err := r.UnifiClient.Client.CreatePortForward(context.Background(), r.UnifiClient.SiteID, &goUnifi.PortForward{Name: portforwardname, PfwdInterface: "wan", Src: "any", Log: true, DestinationIPs: []goUnifi.PortForwardDestinationIPs{}, Enabled: true, Fwd: ip, DestinationIP: "any", Proto: "tcp", DstPort: fmt.Sprintf("%d", portMap[port.Name]), SiteID: r.UnifiClient.SiteID, FwdPort: fmt.Sprintf("%d", port.Port)})
|
||||
if err != nil {
|
||||
log.Error(err, "Portforward could not be created")
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
if portforwardindex, found := portforwardnames[portforwardname]; found {
|
||||
if portforwards[portforwardindex].DstPort == fmt.Sprintf("%d", portMap[port.Name]) && portforwards[portforwardindex].Fwd == ip && portforwards[portforwardindex].FwdPort == fmt.Sprintf("%d", port.Port) {
|
||||
log.Info("Portforward already exists and is correct")
|
||||
} else {
|
||||
log.Info("Exists, but need to update")
|
||||
portforwards[portforwardindex].DstPort = fmt.Sprintf("%d", portMap[port.Name])
|
||||
portforwards[portforwardindex].FwdPort = fmt.Sprintf("%d", port.Port)
|
||||
portforwards[portforwardindex].Fwd = ip
|
||||
if _, err := r.UnifiClient.Client.UpdatePortForward(context.Background(), r.UnifiClient.SiteID, &portforwards[portforwardindex]); err != nil {
|
||||
log.Error(err, fmt.Sprintf("Failed to update portforward %s", portforwardname))
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
}
|
||||
}
|
||||
} else {
|
||||
_, err := r.UnifiClient.Client.CreatePortForward(context.Background(), r.UnifiClient.SiteID, &goUnifi.PortForward{Name: portforwardname, PfwdInterface: "wan", Src: "any", Log: false, DestinationIPs: []goUnifi.PortForwardDestinationIPs{}, Enabled: true, Fwd: ip, DestinationIP: "any", Proto: "tcp", DstPort: fmt.Sprintf("%d", portMap[port.Name]), SiteID: r.UnifiClient.SiteID, FwdPort: fmt.Sprintf("%d", port.Port)})
|
||||
if err != nil {
|
||||
log.Error(err, "Portforward could not be created")
|
||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -27,7 +27,7 @@ import (
|
||||
|
||||
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
)
|
||||
|
||||
var _ = Describe("PortForward Controller", func() {
|
||||
|
||||
@@ -32,7 +32,7 @@ import (
|
||||
logf "sigs.k8s.io/controller-runtime/pkg/log"
|
||||
"sigs.k8s.io/controller-runtime/pkg/log/zap"
|
||||
|
||||
unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
|
||||
unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
|
||||
// +kubebuilder:scaffold:imports
|
||||
)
|
||||
|
||||
|
||||
@@ -13,7 +13,7 @@ import (
|
||||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/vegardengen/go-unifi/unifi"
|
||||
"gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
|
||||
)
|
||||
|
||||
type UnifiClient struct {
|
||||
|
||||
Reference in New Issue
Block a user