Add image url

Reviewed-on: #16

.gitea/workflows/build.yaml

@@ -0,0 +1,26 @@
+name: Build project
+on:
+  push:
+    branches-ignore:
+      - main
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container: golang:1.24
+    steps:
+       - name: Setup SSH
+         run: |
+           mkdir -p ~/.ssh
+           echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+           chmod 600 ~/.ssh/id_rsa
+           ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
+       - name: Install node and go
+         run: apt update && apt -y install nodejs
+       - name: Check out repository code
+         uses: actions/checkout@v4
+       - name: ssh repo
+         run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
+       - name: Build
+         run: go build cmd/main.go
+       - name: Build manifest
+         run: make build-installer

.gitea/workflows/kobuild.yaml

@@ -0,0 +1,28 @@
+name: Publish
+on:
+  push:
+    branches:
+      - main
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container: golang:1.24
+    steps:
+       - name: Setup SSH
+         run: |
+           mkdir -p ~/.ssh
+           echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+           chmod 600 ~/.ssh/id_rsa
+           ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
+       - name: Install node and go
+         run: apt update && apt -y install nodejs
+       - name: Check out repository code
+         uses: actions/checkout@v4
+       - name: ssh repo
+         run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
+       - name: Install ko
+         run: go install github.com/google/ko@latest
+       - name: Build
+         run: KO_DOCKER_REPO=gitea.engen.priv.no/unifi-network-operator-controller PATH=~/go/bin:$PATH ko build --local ./cmd 
+       - name: Build manifest
+         run: make build-installer

.gitea/workflows/publish.yaml

@@ -0,0 +1,61 @@
+name: Publish
+on:
+  push:
+    tags:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container: golang:1.24-bookworm
+    env:
+      GITEA_USER: ${{ secrets.GITEAUSER }}
+      GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
+      GITEA_REGISTRY: gitea.engen.priv.no
+      GITEA_ORG: klauvsteinen
+    steps:
+      - name: Install dependencies
+        run: apt update && apt -y install nodejs bash docker.io
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
+      - name: Check out repository code
+        uses: actions/checkout@v4
+      - name: ssh repo
+        run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
+      - name: Install ko
+        run: go install github.com/google/ko@latest
+      - name: Extract tag (outside container)
+        shell: bash
+        run: |
+          echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+          env
+      - name: Docker login
+        run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
+      - name: Build
+        run: |
+          export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
+          ko publish ./cmd \
+          --tags "$TAG,latest" \
+          --image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
+          --image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
+          --image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
+          --image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
+          --image-label 'dev.chainguard.package.main=' \
+          --bare
+      - name: Build manifest
+        run: |
+          make build-installer
+          curl -X PUT \
+          -H "Authorization: token $GITEA_TOKEN" \
+          -H "Content-Type: application/x-yaml" \
+          --data-binary @./dist/install.yaml \
+          https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
+          curl -X PUT \
+          -H "Authorization: token $GITEA_TOKEN" \
+          -H "Content-Type: application/x-yaml" \
+          --data-binary @./dist/install.yaml \
+          https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/$TAG/install.yaml
+

Makefile

@@ -1,5 +1,5 @@
 # Image URL to use all building/pushing image targets
-IMG ?= registry.engen.priv.no/unifi-network-operator-controller:latest
+IMG ?= gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -8,7 +8,7 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-export KO_DOCKER_REPO=registry.engen.priv.no/unifi-network-operator-controller
+export KO_DOCKER_REPO=gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
 
 # CONTAINER_TOOL defines the container tool to be used for building images.
 # Be aware that the target commands are only tested with Docker which is

PROJECT

@@ -6,7 +6,7 @@ domain: engen.priv.no
 layout:
 - go.kubebuilder.io/v4
 projectName: unifi-network-operator
-repo: github.com/vegardengen/unifi-network-operator
+repo: gitea.engen.priv.no/klauvsteinen/unifi-network-operator
 resources:
 - api:
     crdVersion: v1
@@ -15,7 +15,7 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: Networkconfiguration
-  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
+  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1
@@ -24,7 +24,7 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: FirewallZone
-  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
+  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1
@@ -33,7 +33,7 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: FirewallPolicy
-  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
+  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1
@@ -42,6 +42,6 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: PortForward
-  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
+  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
   version: v1beta1
 version: "3"

cmd/main.go

@@ -21,11 +21,13 @@ import (
 	"flag"
 	"os"
 	"path/filepath"
+	"time"
 
 	// Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.)
 	// to ensure that exec-entrypoint and run can make use of them.
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
+        "k8s.io/utils/pointer"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -37,10 +39,10 @@ import (
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
-	"github.com/vegardengen/unifi-network-operator/internal/controller"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/controller"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
 	// +kubebuilder:scaffold:imports
 )
 
@@ -187,6 +189,10 @@ func main() {
 		HealthProbeBindAddress: probeAddr,
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "f05533b6.engen.priv.no",
+		LeaseDuration:    pointer.Duration(30 * time.Second),
+                RenewDeadline:    pointer.Duration(20 * time.Second),
+                RetryPeriod:      pointer.Duration(5 * time.Second),
+
 		// LeaderElectionReleaseOnCancel defines if the leader should step down voluntarily
 		// when the Manager ends. This requires the binary to immediately end when the
 		// Manager is stopped, otherwise, this setting is unsafe. Setting this significantly

config/manager/kustomization.yaml

@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: registry.engen.priv.no/unifi-network-operator-controller
+  newName: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
   newTag: latest

dist/install.yaml

@@ -0,0 +1,952 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+    control-plane: controller-manager
+  name: unifi-network-operator-system
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: firewallpolicies.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: FirewallPolicy
+    listKind: FirewallPolicyList
+    plural: firewallpolicies
+    singular: firewallpolicy
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: FirewallPolicy is the Schema for the firewallpolicies API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              destination:
+                properties:
+                  firewall_groups:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                    type: array
+                  services:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              match_firewall_groups_in_all_namespaces:
+                type: boolean
+              match_services_in_all_namespaces:
+                type: boolean
+              name:
+                type: string
+              source:
+                properties:
+                  from_networks:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                    type: array
+                  from_zones:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            required:
+            - destination
+            - name
+            - source
+            type: object
+          status:
+            description: FirewallPolicyStatus defines the observed state of FirewallPolicy.
+            properties:
+              resources_managed:
+                properties:
+                  firewall_groups_managed:
+                    items:
+                      properties:
+                        name:
+                          type: string
+                        namespace:
+                          type: string
+                      type: object
+                    type: array
+                  firewall_policies_managed:
+                    items:
+                      properties:
+                        from:
+                          type: string
+                        tcpipv4_id:
+                          type: string
+                        tcpipv6_id:
+                          type: string
+                        to:
+                          type: string
+                        udpipv4_id:
+                          type: string
+                        udpipv6_id:
+                          type: string
+                      required:
+                      - from
+                      - tcpipv4_id
+                      - tcpipv6_id
+                      - to
+                      - udpipv4_id
+                      - udpipv6_id
+                      type: object
+                    type: array
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: firewallzones.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: FirewallZone
+    listKind: FirewallZoneList
+    plural: firewallzones
+    singular: firewallzone
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: FirewallZone is the Schema for the firewallzones API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: FirewallZoneSpec defines the desired state of FirewallZone.
+            properties:
+              _id:
+                type: string
+              default_zone:
+                type: boolean
+              name:
+                type: string
+              network_ids:
+                items:
+                  type: string
+                type: array
+              zone_key:
+                type: string
+            type: object
+          status:
+            description: FirewallZoneStatus defines the observed state of FirewallZone.
+            properties:
+              resources_managed:
+                properties:
+                  firewall_zones_managed:
+                    items:
+                      properties:
+                        id:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: networkconfigurations.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: Networkconfiguration
+    listKind: NetworkconfigurationList
+    plural: networkconfigurations
+    singular: networkconfiguration
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: Networkconfiguration is the Schema for the networkconfigurations
+          API.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: NetworkconfigurationSpec defines the desired state of Networkconfiguration.
+            properties:
+              _id:
+                description: Foo is an example field of Networkconfiguration. Edit
+                  networkconfiguration_types.go to remove/update
+                type: string
+              enabled:
+                type: boolean
+              firewall_zone:
+                type: string
+              gateway_type:
+                type: string
+              ip_subnet:
+                type: string
+              ipv6_interface_type:
+                type: string
+              ipv6_pd_auto_prefixid_enabled:
+                type: boolean
+              ipv6_ra_enabled:
+                type: boolean
+              ipv6_setting_preference:
+                type: string
+              ipv6_subnet:
+                type: string
+              name:
+                type: string
+              networkgroup:
+                type: string
+              purpose:
+                type: string
+              setting_preference:
+                type: string
+              vlan:
+                format: int64
+                type: integer
+              vlan_enabled:
+                type: boolean
+            required:
+            - name
+            type: object
+          status:
+            description: NetworkconfigurationStatus defines the observed state of
+              Networkconfiguration.
+            properties:
+              firewall_zone_id:
+                description: |-
+                  INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
+                  Important: Run "make" to regenerate code after modifying this file
+                type: string
+              ipv6_subnet_status:
+                type: string
+              lastSyncTime:
+                description: LastSyncTime is the last time the object was synced
+                format: date-time
+                type: string
+              resources_managed:
+                properties:
+                  networks_managed:
+                    items:
+                      properties:
+                        id:
+                          type: string
+                        name:
+                          type: string
+                      type: object
+                    type: array
+                type: object
+              syncedWithUnifi:
+                description: SyncedWithUnifi indicates whether the addresses are successfully
+                  pushed
+                type: boolean
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.17.2
+  name: portforwards.unifi.engen.priv.no
+spec:
+  group: unifi.engen.priv.no
+  names:
+    kind: PortForward
+    listKind: PortForwardList
+    plural: portforwards
+    singular: portforward
+  scope: Namespaced
+  versions:
+  - name: v1beta1
+    schema:
+      openAPIV3Schema:
+        description: |-
+          PortForward is a placeholder type to allow future CRD support if needed.
+          Right now, port forwards are managed entirely through annotations on Services.
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            type: object
+          status:
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-controller-manager
+  namespace: unifi-network-operator-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-leader-election-role
+  namespace: unifi-network-operator-system
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - coordination.k8s.io
+  resources:
+  - leases
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-firewallpolicy-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallpolicies
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallpolicies/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-firewallpolicy-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallpolicies
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallpolicies/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-firewallpolicy-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallpolicies
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallpolicies/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-firewallzone-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-firewallzone-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-firewallzone-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallzones/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: unifi-network-operator-manager-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  - services
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallgroups
+  - firewallpolicies
+  - firewallzones
+  - networkconfigurations
+  - portforwards
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallgroups/finalizers
+  - firewallpolicies/finalizers
+  - firewallzones/finalizers
+  - networkconfigurations/finalizers
+  - portforwards/finalizers
+  verbs:
+  - update
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - firewallgroups/status
+  - firewallpolicies/status
+  - firewallzones/status
+  - networkconfigurations/status
+  - portforwards/status
+  verbs:
+  - get
+  - patch
+  - update
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: unifi-network-operator-metrics-auth-role
+rules:
+- apiGroups:
+  - authentication.k8s.io
+  resources:
+  - tokenreviews
+  verbs:
+  - create
+- apiGroups:
+  - authorization.k8s.io
+  resources:
+  - subjectaccessreviews
+  verbs:
+  - create
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: unifi-network-operator-metrics-reader
+rules:
+- nonResourceURLs:
+  - /metrics
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-networkconfiguration-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - networkconfigurations
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - networkconfigurations/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-networkconfiguration-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - networkconfigurations
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - networkconfigurations/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-networkconfiguration-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - networkconfigurations
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - networkconfigurations/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-portforward-admin-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards
+  verbs:
+  - '*'
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-portforward-editor-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-portforward-viewer-role
+rules:
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards
+  verbs:
+  - get
+  - list
+  - watch
+- apiGroups:
+  - unifi.engen.priv.no
+  resources:
+  - portforwards/status
+  verbs:
+  - get
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-leader-election-rolebinding
+  namespace: unifi-network-operator-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: unifi-network-operator-leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: unifi-network-operator-controller-manager
+  namespace: unifi-network-operator-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+  name: unifi-network-operator-manager-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: unifi-network-operator-manager-role
+subjects:
+- kind: ServiceAccount
+  name: unifi-network-operator-controller-manager
+  namespace: unifi-network-operator-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: unifi-network-operator-metrics-auth-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: unifi-network-operator-metrics-auth-role
+subjects:
+- kind: ServiceAccount
+  name: unifi-network-operator-controller-manager
+  namespace: unifi-network-operator-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+    control-plane: controller-manager
+  name: unifi-network-operator-controller-manager-metrics-service
+  namespace: unifi-network-operator-system
+spec:
+  ports:
+  - name: https
+    port: 8443
+    protocol: TCP
+    targetPort: 8443
+  selector:
+    app.kubernetes.io/name: unifi-network-operator
+    control-plane: controller-manager
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: unifi-network-operator
+    control-plane: controller-manager
+  name: unifi-network-operator-controller-manager
+  namespace: unifi-network-operator-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: unifi-network-operator
+      control-plane: controller-manager
+  template:
+    metadata:
+      annotations:
+        kubectl.kubernetes.io/default-container: manager
+      labels:
+        app.kubernetes.io/name: unifi-network-operator
+        control-plane: controller-manager
+    spec:
+      containers:
+      - args:
+        - --metrics-bind-address=:8443
+        - --leader-elect
+        - --health-probe-bind-address=:8081
+        env:
+        - name: UNIFI_URL
+          valueFrom:
+            secretKeyRef:
+              key: UNIFI_URL
+              name: unifi-configuration
+        - name: UNIFI_SITE
+          valueFrom:
+            secretKeyRef:
+              key: UNIFI_SITE
+              name: unifi-configuration
+        - name: UNIFI_USER
+          valueFrom:
+            secretKeyRef:
+              key: UNIFI_USERNAME
+              name: unifi-configuration
+        - name: UNIFI_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              key: UNIFI_PASSWORD
+              name: unifi-configuration
+        image: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+          initialDelaySeconds: 15
+          periodSeconds: 20
+        name: manager
+        ports: []
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8081
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        resources:
+          limits:
+            cpu: 500m
+            memory: 128Mi
+          requests:
+            cpu: 10m
+            memory: 64Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+        volumeMounts: []
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
+      serviceAccountName: unifi-network-operator-controller-manager
+      terminationGracePeriodSeconds: 10
+      volumes: []

go.mod

@@ -1,15 +1,14 @@
-module github.com/vegardengen/unifi-network-operator
+module gitea.engen.priv.no/klauvsteinen/unifi-network-operator
 
 go 1.24.0
 
 toolchain go1.24.1
 
-godebug default=go1.23
 
 require (
 	github.com/onsi/ginkgo/v2 v2.23.4
 	github.com/onsi/gomega v1.37.0
-	github.com/vegardengen/go-unifi v0.0.1-alpha25
+	gitea.engen.priv.no/klauvsteinen/go-unifi v0.0.1-alpha26
 	k8s.io/api v0.32.1
 	k8s.io/apimachinery v0.32.1
 	k8s.io/client-go v0.32.1

go.sum

@@ -1,5 +1,7 @@
 cel.dev/expr v0.23.1 h1:K4KOtPCJQjVggkARsjG9RWXP6O4R73aHeJMa/dmCQQg=
 cel.dev/expr v0.23.1/go.mod h1:hLPLo1W4QUmuYdA72RBX06QTs6MXw941piREPl3Yfiw=
+gitea.engen.priv.no/klauvsteinen/go-unifi v0.0.1-alpha26 h1:nM5XNYGPCR+6U5ypssm5iuwJrubeKwD2axLZeZXl/EQ=
+gitea.engen.priv.no/klauvsteinen/go-unifi v0.0.1-alpha26/go.mod h1:0cA32wEhA7BTHHI4frsPjXFctHkJq9VZe9yrOwVlpQE=
 github.com/antlr4-go/antlr/v4 v4.13.1 h1:SqQKkuVZ+zWkMMNkjy5FZe5mr5WURWnlpmOuzYWrPrQ=
 github.com/antlr4-go/antlr/v4 v4.13.1/go.mod h1:GKmUxMtwp6ZgGwZSva4eWPC5mS6vUAmOABFgjdkM7Nw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=

internal/controller/firewallgroup_controller.go

@@ -38,10 +38,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	//	"sigs.k8s.io/controller-runtime/pkg/source"
 
-	goUnifi "github.com/vegardengen/go-unifi/unifi"
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	goUnifi "gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
 )
 
 const firewallGroupFinalizer = "finalizer.unifi.engen.priv.no/firewallgroup"
@@ -372,12 +372,12 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 	for _, firewall_group := range firewall_groups {
 		if firewall_group.Name == ipv4_name {
 			if len(ipv4) == 0 {
-				log.Info(fmt.Sprintf("Delete %s", ipv4_name))
-				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
+				log.Info(fmt.Sprintf("Delete %s: %s", ipv4_name, firewallGroup.Status.ResourcesManaged.IPV4Object.ID))
+				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV4Object.ID)
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"127.0.0.1"}
 						firewall_group.Name = firewall_group.Name + "-deleted"
@@ -413,11 +413,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 		if firewall_group.Name == ipv6_name {
 			if len(ipv6) == 0 {
 				log.Info(fmt.Sprintf("Delete %s", ipv6_name))
-				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
+				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.IPV6Object.ID)
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"::1"}
 						firewall_group.Name = firewall_group.Name + "-deleted"
@@ -453,11 +453,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 		if firewall_group.Name == tcpports_name {
 			if len(tcpports) == 0 {
 				log.Info(fmt.Sprintf("Delete %s", tcpports_name))
-				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
+				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.TCPPortsObject.ID)
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"0"}
 						firewall_group.Name = firewall_group.Name + "-deleted"
@@ -493,11 +493,11 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 		if firewall_group.Name == udpports_name {
 			if len(udpports) == 0 {
 				log.Info(fmt.Sprintf("Delete %s", udpports_name))
-				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewall_group.ID)
+				err := r.UnifiClient.Client.DeleteFirewallGroup(context.Background(), r.UnifiClient.SiteID, firewallGroup.Status.ResourcesManaged.UDPPortsObject.ID)
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"127.0.0.1"}
 						firewall_group.Name = firewall_group.Name + "-deleted"

internal/controller/firewallgroup_controller_test.go

@@ -27,7 +27,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
 )
 
 var _ = Describe("FirewallGroup Controller", func() {

internal/controller/firewallpolicy_controller.go

@@ -33,10 +33,10 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	goUnifi "github.com/vegardengen/go-unifi/unifi"
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	goUnifi "gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
 )
 
 // FirewallPolicyReconciler reconciles a FirewallPolicy object

internal/controller/firewallpolicy_controller_test.go

@@ -27,7 +27,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
 )
 
 var _ = Describe("FirewallPolicy Controller", func() {

internal/controller/firewallzone_controller.go

@@ -28,9 +28,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
 )
 
 // FirewallZoneReconciler reconciles a FirewallZone object

internal/controller/firewallzone_controller_test.go

@@ -27,7 +27,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
 )
 
 var _ = Describe("FirewallZone Controller", func() {

internal/controller/networkconfiguration_controller.go

@@ -19,6 +19,7 @@ package controller
 import (
 	"context"
 	"fmt"
+	"reflect"
 	"time"
 
 	"k8s.io/apimachinery/pkg/runtime"
@@ -27,9 +28,9 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
-	unifiv1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	unifiv1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
 )
 
 // NetworkconfigurationReconciler reconciles a Networkconfiguration object
@@ -111,10 +112,12 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl
 					Vlan:                      int64(unifinetwork.VLAN),
 					VlanEnabled:               unifinetwork.VLANEnabled,
 				}
-				networkObj.Spec = networkSpec
-				err := r.Update(ctx, &networkObj)
-				if err != nil {
-					return ctrl.Result{}, err
+				if !reflect.DeepEqual(networkObj.Spec, networkSpec) {
+					networkObj.Spec = networkSpec
+					err := r.Update(ctx, &networkObj)
+					if err != nil {
+						return ctrl.Result{}, err
+					}
 				}
 			}
 		}
@@ -210,14 +213,19 @@ func (r *NetworkconfigurationReconciler) Reconcile(ctx context.Context, req ctrl
 			} else {
 				for _, networkCRD := range networkCRDs.Items {
 					if networkCRD.Spec.Name == unifinetwork.Name {
-						networkCRD.Spec = networkSpec
-					}
-					err := r.Update(ctx, &networkCRD)
-					if err != nil {
-						return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-					}
-					if err = r.Status().Update(ctx, &networkCRD); err != nil {
-						return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+						if !reflect.DeepEqual(networkCRD.Spec, networkSpec) {
+							networkCRD.Spec = networkSpec
+							err := r.Update(ctx, &networkCRD)
+							if err != nil {
+								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+							}
+						}
+						if !reflect.DeepEqual(networkCRD.Status, networkStatus) {
+							networkCRD.Status = networkStatus
+							if err = r.Status().Update(ctx, &networkCRD); err != nil {
+								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+							}
+						}
 					}
 				}
 			}

internal/controller/networkconfiguration_controller_test.go

@@ -27,7 +27,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
 )
 
 var _ = Describe("Networkconfiguration Controller", func() {

internal/controller/portforward_controller.go

@@ -18,10 +18,10 @@ import (
 	//	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 	//	"sigs.k8s.io/controller-runtime/pkg/source"
 
-	goUnifi "github.com/vegardengen/go-unifi/unifi"
-	//	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
-	"github.com/vegardengen/unifi-network-operator/internal/config"
-	"github.com/vegardengen/unifi-network-operator/internal/unifi"
+	goUnifi "gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
+	//	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/config"
+	"gitea.engen.priv.no/klauvsteinen/unifi-network-operator/internal/unifi"
 )
 
 type PortForwardReconciler struct {
@@ -133,7 +133,7 @@ func (r *PortForwardReconciler) Reconcile(ctx context.Context, req ctrl.Request)
 				}
 			}
 		} else {
-			_, err := r.UnifiClient.Client.CreatePortForward(context.Background(), r.UnifiClient.SiteID, &goUnifi.PortForward{Name: portforwardname, PfwdInterface: "wan", Src: "any", Log: true, DestinationIPs: []goUnifi.PortForwardDestinationIPs{}, Enabled: true, Fwd: ip, DestinationIP: "any", Proto: "tcp", DstPort: fmt.Sprintf("%d", portMap[port.Name]), SiteID: r.UnifiClient.SiteID, FwdPort: fmt.Sprintf("%d", port.Port)})
+			_, err := r.UnifiClient.Client.CreatePortForward(context.Background(), r.UnifiClient.SiteID, &goUnifi.PortForward{Name: portforwardname, PfwdInterface: "wan", Src: "any", Log: false, DestinationIPs: []goUnifi.PortForwardDestinationIPs{}, Enabled: true, Fwd: ip, DestinationIP: "any", Proto: "tcp", DstPort: fmt.Sprintf("%d", portMap[port.Name]), SiteID: r.UnifiClient.SiteID, FwdPort: fmt.Sprintf("%d", port.Port)})
 			if err != nil {
 				log.Error(err, "Portforward could not be created")
 				return ctrl.Result{RequeueAfter: 10 * time.Minute}, err

internal/controller/portforward_controller_test.go

@@ -27,7 +27,7 @@ import (
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
 )
 
 var _ = Describe("PortForward Controller", func() {

internal/controller/suite_test.go

@@ -32,7 +32,7 @@ import (
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
-	unifiv1beta1 "github.com/vegardengen/unifi-network-operator/api/v1beta1"
+	unifiv1beta1 "gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1"
 	// +kubebuilder:scaffold:imports
 )
 

internal/unifi/unifi.go

@@ -13,7 +13,7 @@ import (
 	"strings"
 	"sync"
 
-	"github.com/vegardengen/go-unifi/unifi"
+	"gitea.engen.priv.no/klauvsteinen/go-unifi/unifi"
 )
 
 type UnifiClient struct {

ko.yaml

@@ -0,0 +1,7 @@
+defaultBaseImage: cgr.dev/chainguard/static:latest
+
+labels:
+  org.opencontainers.image.authors: Vegard Engen <vegard@engen.priv.no>
+  org.opencontainers.image.source: https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator
+  org.opencontainers.image.vendor: Klauvsteinen
+  dev.chainguard.package.main: ""