Compare commits
3 Commits
feature/cl
...
v0.1.1-alp
| Author | SHA1 | Date | |
|---|---|---|---|
| f406d470c1 | |||
| 7d52648e2e | |||
| 0146a0bfba |
@@ -6,7 +6,7 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: registry.engen.priv.no/gitea-build:0.1.0
|
container: golang:1.24
|
||||||
steps:
|
steps:
|
||||||
- name: Setup SSH
|
- name: Setup SSH
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
@@ -6,45 +6,23 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: registry.engen.priv.no/gitea-build:0.1.0
|
container: golang:1.24
|
||||||
env:
|
|
||||||
GITEA_USER: ${{ secrets.GITEAUSER }}
|
|
||||||
GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
|
|
||||||
GITEA_REGISTRY: gitea.engen.priv.no
|
|
||||||
GITEA_ORG: klauvsteinen
|
|
||||||
steps:
|
steps:
|
||||||
- name: Setup SSH
|
- name: Setup SSH
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.ssh
|
mkdir -p ~/.ssh
|
||||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
|
||||||
chmod 600 ~/.ssh/id_rsa
|
chmod 600 ~/.ssh/id_rsa
|
||||||
ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
|
ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
|
||||||
- name: Check out repository code
|
- name: Install node and go
|
||||||
uses: actions/checkout@v4
|
run: apt update && apt -y install nodejs
|
||||||
- name: ssh repo
|
- name: Check out repository code
|
||||||
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
uses: actions/checkout@v4
|
||||||
- name: Docker login
|
- name: ssh repo
|
||||||
run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
|
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
||||||
- name: Build
|
- name: Install ko
|
||||||
run: |
|
run: go install github.com/google/ko@latest
|
||||||
export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
|
- name: Build
|
||||||
ko publish ./cmd \
|
run: KO_DOCKER_REPO=gitea.engen.priv.no/unifi-network-operator-controller PATH=~/go/bin:$PATH ko build --local ./cmd
|
||||||
--tags "latest" \
|
- name: Build manifest
|
||||||
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
|
run: make build-installer
|
||||||
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
|
|
||||||
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
|
||||||
--image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
|
||||||
--image-label 'dev.chainguard.package.main=' \
|
|
||||||
--bare
|
|
||||||
- name: Build manifest
|
|
||||||
run: |
|
|
||||||
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:latest" build-installer
|
|
||||||
curl -X DELETE \
|
|
||||||
-H "Authorization: token $GITEA_TOKEN" \
|
|
||||||
-H "Content-Type: application/x-yaml" \
|
|
||||||
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
|
|
||||||
curl -X PUT \
|
|
||||||
-H "Authorization: token $GITEA_TOKEN" \
|
|
||||||
-H "Content-Type: application/x-yaml" \
|
|
||||||
--data-binary @./dist/install.yaml \
|
|
||||||
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
|
|
||||||
|
|||||||
@@ -8,13 +8,15 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container: registry.engen.priv.no/gitea-build:0.1.0
|
container: golang:1.24-bookworm
|
||||||
env:
|
env:
|
||||||
GITEA_USER: ${{ secrets.GITEAUSER }}
|
GITEA_USER: ${{ secrets.GITEAUSER }}
|
||||||
GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
|
GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
|
||||||
GITEA_REGISTRY: gitea.engen.priv.no
|
GITEA_REGISTRY: gitea.engen.priv.no
|
||||||
GITEA_ORG: klauvsteinen
|
GITEA_ORG: klauvsteinen
|
||||||
steps:
|
steps:
|
||||||
|
- name: Install dependencies
|
||||||
|
run: apt update && apt -y install nodejs bash docker.io
|
||||||
- name: Setup SSH
|
- name: Setup SSH
|
||||||
run: |
|
run: |
|
||||||
mkdir -p ~/.ssh
|
mkdir -p ~/.ssh
|
||||||
@@ -25,6 +27,8 @@ jobs:
|
|||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v4
|
||||||
- name: ssh repo
|
- name: ssh repo
|
||||||
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
||||||
|
- name: Install ko
|
||||||
|
run: go install github.com/google/ko@latest
|
||||||
- name: Extract tag (outside container)
|
- name: Extract tag (outside container)
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
@@ -36,7 +40,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
|
export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
|
||||||
ko publish ./cmd \
|
ko publish ./cmd \
|
||||||
--tags "$TAG" \
|
--tags "$TAG,latest" \
|
||||||
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
|
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
|
||||||
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
|
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
|
||||||
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
||||||
@@ -45,6 +49,16 @@ jobs:
|
|||||||
--bare
|
--bare
|
||||||
- name: Build manifest
|
- name: Build manifest
|
||||||
run: |
|
run: |
|
||||||
|
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:latest" build-installer
|
||||||
|
curl -X DELETE \
|
||||||
|
-H "Authorization: token $GITEA_TOKEN" \
|
||||||
|
-H "Content-Type: application/x-yaml" \
|
||||||
|
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
|
||||||
|
curl -X PUT \
|
||||||
|
-H "Authorization: token $GITEA_TOKEN" \
|
||||||
|
-H "Content-Type: application/x-yaml" \
|
||||||
|
--data-binary @./dist/install.yaml \
|
||||||
|
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
|
||||||
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:$TAG" build-installer
|
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:$TAG" build-installer
|
||||||
curl -X PUT \
|
curl -X PUT \
|
||||||
-H "Authorization: token $GITEA_TOKEN" \
|
-H "Authorization: token $GITEA_TOKEN" \
|
||||||
|
|||||||
@@ -361,10 +361,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
|||||||
log.Error(err, "Could not list network objects")
|
log.Error(err, "Could not list network objects")
|
||||||
return reconcile.Result{}, err
|
return reconcile.Result{}, err
|
||||||
}
|
}
|
||||||
ipv4_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv4"
|
ipv4_name := "k8s-" + firewallGroup.Spec.Name + "-ipv4"
|
||||||
ipv6_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv6"
|
ipv6_name := "k8s-" + firewallGroup.Spec.Name + "-ipv6"
|
||||||
tcpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-tcpports"
|
tcpports_name := "k8s-" + firewallGroup.Spec.Name + "-tcpports"
|
||||||
udpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-udpports"
|
udpports_name := "k8s-" + firewallGroup.Spec.Name + "-udpports"
|
||||||
ipv4_done := false
|
ipv4_done := false
|
||||||
ipv6_done := false
|
ipv6_done := false
|
||||||
tcpports_done := false
|
tcpports_done := false
|
||||||
@@ -377,7 +377,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
msg := strings.ToLower(err.Error())
|
msg := strings.ToLower(err.Error())
|
||||||
log.Info(msg)
|
log.Info(msg)
|
||||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
|
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||||
firewall_group.GroupMembers = []string{"127.0.0.1"}
|
firewall_group.GroupMembers = []string{"127.0.0.1"}
|
||||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||||
@@ -417,7 +417,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
msg := strings.ToLower(err.Error())
|
msg := strings.ToLower(err.Error())
|
||||||
log.Info(msg)
|
log.Info(msg)
|
||||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
|
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||||
firewall_group.GroupMembers = []string{"::1"}
|
firewall_group.GroupMembers = []string{"::1"}
|
||||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||||
@@ -457,7 +457,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
msg := strings.ToLower(err.Error())
|
msg := strings.ToLower(err.Error())
|
||||||
log.Info(msg)
|
log.Info(msg)
|
||||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
|
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||||
firewall_group.GroupMembers = []string{"0"}
|
firewall_group.GroupMembers = []string{"0"}
|
||||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||||
@@ -497,7 +497,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
msg := strings.ToLower(err.Error())
|
msg := strings.ToLower(err.Error())
|
||||||
log.Info(msg)
|
log.Info(msg)
|
||||||
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
|
if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
|
||||||
log.Info("Firewall group is in use. Invoking workaround...!")
|
log.Info("Firewall group is in use. Invoking workaround...!")
|
||||||
firewall_group.GroupMembers = []string{"127.0.0.1"}
|
firewall_group.GroupMembers = []string{"127.0.0.1"}
|
||||||
firewall_group.Name = firewall_group.Name + "-deleted"
|
firewall_group.Name = firewall_group.Name + "-deleted"
|
||||||
|
|||||||
@@ -125,72 +125,70 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name)
|
log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name)
|
||||||
|
|
||||||
if firewallPolicy.Status.ResourcesManaged != nil {
|
if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
|
||||||
if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
|
for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
|
||||||
for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
|
log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
|
||||||
log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
|
if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
|
||||||
if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
|
||||||
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
||||||
if err != nil && !strings.Contains(err.Error(), "not found") {
|
} else {
|
||||||
} else {
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
|
||||||
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
||||||
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
|
}
|
||||||
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
|
if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
|
||||||
if err != nil && !strings.Contains(err.Error(), "not found") {
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
|
||||||
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
||||||
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
|
} else {
|
||||||
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
|
||||||
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
} else {
|
|
||||||
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
|
|
||||||
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
|
}
|
||||||
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
|
if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
|
||||||
if err != nil && !strings.Contains(err.Error(), "not found") {
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
|
||||||
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
||||||
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
|
} else {
|
||||||
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
|
||||||
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
} else {
|
|
||||||
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
|
|
||||||
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
|
}
|
||||||
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
|
if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
|
||||||
if err != nil && !strings.Contains(err.Error(), "not found") {
|
err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
|
||||||
|
if err != nil && !strings.Contains(err.Error(), "not found") {
|
||||||
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
|
} else {
|
||||||
|
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
|
||||||
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
} else {
|
|
||||||
firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
|
|
||||||
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
|
if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
|
||||||
for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
|
for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
|
||||||
var firewallGroupCRD unifiv1beta1.FirewallGroup
|
var firewallGroupCRD unifiv1beta1.FirewallGroup
|
||||||
if firewallGroup.Name != "" {
|
if firewallGroup.Name != "" {
|
||||||
if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
|
if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
}
|
}
|
||||||
if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
|
if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
|
||||||
log.Error(err, "Could not delete firewall group")
|
log.Error(err, "Could not delete firewall group")
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
}
|
}
|
||||||
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
|
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
|
||||||
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
|
firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
|
||||||
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
|
||||||
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -312,7 +310,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
|
// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
|
||||||
|
|
||||||
for _, firewallGroup := range firewallGroupCRDs.Items {
|
for _, firewallGroup := range firewallGroupCRDs.Items {
|
||||||
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == firewallGroup.Namespace)) {
|
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) {
|
||||||
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
||||||
} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
|
} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
|
||||||
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
||||||
@@ -342,7 +340,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
skipService = true
|
skipService = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == service.Namespace)) && !skipService {
|
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) && !skipService {
|
||||||
myServices = append(myServices, service)
|
myServices = append(myServices, service)
|
||||||
} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
|
} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
|
||||||
myServices = append(myServices, service)
|
myServices = append(myServices, service)
|
||||||
@@ -470,7 +468,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
|
|
||||||
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
||||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -505,7 +503,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -543,7 +541,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
||||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -579,7 +577,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -642,7 +640,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
||||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -679,7 +677,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -718,7 +716,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
||||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
@@ -755,7 +753,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
||||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||||
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||||
unifiFirewallPolicy := fillDefaultPolicy()
|
unifiFirewallPolicy := fillDefaultPolicy()
|
||||||
|
|||||||
Reference in New Issue
Block a user