Compare commits
83 Commits
feature/fi
...
v0.1.1-alp
| Author | SHA1 | Date | |
|---|---|---|---|
| 3a63034e26 | |||
| 2e95d29373 | |||
| 990140ee1c | |||
| 24c88264c9 | |||
| 938d53fa8f | |||
| 768c61020e | |||
| 8d70a78a50 | |||
| 5885daac55 | |||
| 440dc04e5b | |||
| 22c8df6833 | |||
| 35d95d107c | |||
| 4bb45b0128 | |||
| 9eefd08823 | |||
| d53810b714 | |||
| 33f1fd5eac | |||
| 9ae7d91365 | |||
| 6fe5fdf859 | |||
| 37b5eb830a | |||
| 1834527d43 | |||
| b562c200ba | |||
| 2485365728 | |||
| efeaf521fd | |||
| 7ce8682ecb | |||
| 744e43c1f4 | |||
| 8095723337 | |||
| 9e7b6123c2 | |||
| 062b386f7f | |||
| aca35507ba | |||
| 4ede272b70 | |||
| 5e413a64e8 | |||
| 1cfd5ef55c | |||
| c89dad396b | |||
| cddda7098c | |||
| 9a186ad190 | |||
| 4ece12d18b | |||
| 6d0df79c87 | |||
| 445dd7830e | |||
| a73aef4f9d | |||
| a99de02594 | |||
| 893318ad53 | |||
| 201edb1b82 | |||
| b1c0a4ee11 | |||
| 0046157633 | |||
| 56a781a260 | |||
| 29fb9601fd | |||
| c34eea5e13 | |||
| fe90ac7ea4 | |||
| 31679a3f53 | |||
| de38c76e24 | |||
| 2a396ad981 | |||
| f147ec8108 | |||
| b6a2b73eb8 | |||
| 2304e33586 | |||
| a40f1342fe | |||
| bd8d1f7c01 | |||
| ac47c880ed | |||
| 481091160b | |||
| 14e4fe1c46 | |||
| 4901dfbad5 | |||
| c454c78478 | |||
| c30e27efc4 | |||
| f2a943de3c | |||
| 720865c984 | |||
| 913a24a613 | |||
| 719ba853bc | |||
| 4e26fe02f5 | |||
| cd61d5c82a | |||
| 6983253c9e | |||
| 1d7c7c864e | |||
| 1a2def25bf | |||
| 6c8503bf15 | |||
| b9b86e0d5d | |||
| 2c9659409c | |||
| 20c4dda5ad | |||
| bb28850ca5 | |||
| f08c165628 | |||
| 46e6217557 | |||
| 36f337434d | |||
| 3f14d82679 | |||
| 2817272082 | |||
| 1545f05d53 | |||
| 47116c70b5 | |||
| 7e6573deb4 |
@@ -6,7 +6,7 @@ on:
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
container: golang:1.24
|
||||
container: registry.engen.priv.no/gitea-build:0.1.0
|
||||
steps:
|
||||
- name: Setup SSH
|
||||
run: |
|
||||
@@ -22,3 +22,5 @@ jobs:
|
||||
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
||||
- name: Build
|
||||
run: go build cmd/main.go
|
||||
- name: Build manifest
|
||||
run: make build-installer
|
||||
|
||||
@@ -6,7 +6,12 @@ on:
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
container: golang:1.24
|
||||
container: registry.engen.priv.no/gitea-build:0.1.0
|
||||
env:
|
||||
GITEA_USER: ${{ secrets.GITEAUSER }}
|
||||
GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
|
||||
GITEA_REGISTRY: gitea.engen.priv.no
|
||||
GITEA_ORG: klauvsteinen
|
||||
steps:
|
||||
- name: Setup SSH
|
||||
run: |
|
||||
@@ -14,13 +19,32 @@ jobs:
|
||||
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
|
||||
- name: Install node and go
|
||||
run: apt update && apt -y install nodejs
|
||||
- name: Check out repository code
|
||||
uses: actions/checkout@v4
|
||||
- name: ssh repo
|
||||
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
||||
- name: Install ko
|
||||
run: go install github.com/google/ko@latest
|
||||
- name: Docker login
|
||||
run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
|
||||
- name: Build
|
||||
run: KO_DOCKER_REPO=gitea.engen.priv.no/unifi-network-operator-controller PATH=~/go/bin:$PATH ko build --local ./cmd
|
||||
run: |
|
||||
export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
|
||||
ko publish ./cmd \
|
||||
--tags "latest" \
|
||||
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
|
||||
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
|
||||
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
||||
--image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
||||
--image-label 'dev.chainguard.package.main=' \
|
||||
--bare
|
||||
- name: Build manifest
|
||||
run: |
|
||||
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:latest" build-installer
|
||||
curl -X DELETE \
|
||||
-H "Authorization: token $GITEA_TOKEN" \
|
||||
-H "Content-Type: application/x-yaml" \
|
||||
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
|
||||
curl -X PUT \
|
||||
-H "Authorization: token $GITEA_TOKEN" \
|
||||
-H "Content-Type: application/x-yaml" \
|
||||
--data-binary @./dist/install.yaml \
|
||||
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
|
||||
|
||||
@@ -3,18 +3,18 @@ on:
|
||||
push:
|
||||
tags:
|
||||
- 'v[0-9]+.[0-9]+.[0-9]+'
|
||||
- 'v[0-9]+.[0-9]+.[0-9]+-alpha[0-9]+'
|
||||
- 'v[0-9]+.[0-9]+.[0-9]+-beta[0-9]+'
|
||||
jobs:
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
container: golang:1.24-bookworm
|
||||
container: registry.engen.priv.no/gitea-build:0.1.0
|
||||
env:
|
||||
GITEA_USER: ${{ secrets.GITEAUSER }}
|
||||
GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
|
||||
GITEA_REGISTRY: gitea.engen.priv.no
|
||||
GITEA_ORG: klauvsteinen
|
||||
steps:
|
||||
- name: Install dependencies
|
||||
run: apt update && apt -y install nodejs bash docker.io
|
||||
- name: Setup SSH
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
@@ -25,8 +25,6 @@ jobs:
|
||||
uses: actions/checkout@v4
|
||||
- name: ssh repo
|
||||
run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
|
||||
- name: Install ko
|
||||
run: go install github.com/google/ko@latest
|
||||
- name: Extract tag (outside container)
|
||||
shell: bash
|
||||
run: |
|
||||
@@ -35,7 +33,22 @@ jobs:
|
||||
- name: Docker login
|
||||
run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
|
||||
- name: Build
|
||||
env:
|
||||
KO_DOCKER_REPO: ${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller
|
||||
run: |
|
||||
ko publish ./cmd --tags "$TAG,latest" --bare
|
||||
export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
|
||||
ko publish ./cmd \
|
||||
--tags "$TAG" \
|
||||
--image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
|
||||
--image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
|
||||
--image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
||||
--image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
|
||||
--image-label 'dev.chainguard.package.main=' \
|
||||
--bare
|
||||
- name: Build manifest
|
||||
run: |
|
||||
make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:$TAG" build-installer
|
||||
curl -X PUT \
|
||||
-H "Authorization: token $GITEA_TOKEN" \
|
||||
-H "Content-Type: application/x-yaml" \
|
||||
--data-binary @./dist/install.yaml \
|
||||
https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/$TAG/install.yaml
|
||||
|
||||
|
||||
4
Makefile
4
Makefile
@@ -1,5 +1,5 @@
|
||||
# Image URL to use all building/pushing image targets
|
||||
IMG ?= registry.engen.priv.no/unifi-network-operator-controller:latest
|
||||
IMG ?= gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
|
||||
|
||||
# Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
|
||||
ifeq (,$(shell go env GOBIN))
|
||||
@@ -8,7 +8,7 @@ else
|
||||
GOBIN=$(shell go env GOBIN)
|
||||
endif
|
||||
|
||||
export KO_DOCKER_REPO=registry.engen.priv.no/unifi-network-operator-controller
|
||||
export KO_DOCKER_REPO=gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
|
||||
|
||||
# CONTAINER_TOOL defines the container tool to be used for building images.
|
||||
# Be aware that the target commands are only tested with Docker which is
|
||||
|
||||
10
PROJECT
10
PROJECT
@@ -6,7 +6,7 @@ domain: engen.priv.no
|
||||
layout:
|
||||
- go.kubebuilder.io/v4
|
||||
projectName: unifi-network-operator
|
||||
repo: github.com/vegardengen/unifi-network-operator
|
||||
repo: gitea.engen.priv.no/klauvsteinen/unifi-network-operator
|
||||
resources:
|
||||
- api:
|
||||
crdVersion: v1
|
||||
@@ -15,7 +15,7 @@ resources:
|
||||
domain: engen.priv.no
|
||||
group: unifi
|
||||
kind: Networkconfiguration
|
||||
path: github.com/vegardengen/unifi-network-operator/api/v1beta1
|
||||
path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
|
||||
version: v1beta1
|
||||
- api:
|
||||
crdVersion: v1
|
||||
@@ -24,7 +24,7 @@ resources:
|
||||
domain: engen.priv.no
|
||||
group: unifi
|
||||
kind: FirewallZone
|
||||
path: github.com/vegardengen/unifi-network-operator/api/v1beta1
|
||||
path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
|
||||
version: v1beta1
|
||||
- api:
|
||||
crdVersion: v1
|
||||
@@ -33,7 +33,7 @@ resources:
|
||||
domain: engen.priv.no
|
||||
group: unifi
|
||||
kind: FirewallPolicy
|
||||
path: github.com/vegardengen/unifi-network-operator/api/v1beta1
|
||||
path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
|
||||
version: v1beta1
|
||||
- api:
|
||||
crdVersion: v1
|
||||
@@ -42,6 +42,6 @@ resources:
|
||||
domain: engen.priv.no
|
||||
group: unifi
|
||||
kind: PortForward
|
||||
path: github.com/vegardengen/unifi-network-operator/api/v1beta1
|
||||
path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
|
||||
version: v1beta1
|
||||
version: "3"
|
||||
|
||||
@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
images:
|
||||
- name: controller
|
||||
newName: registry.engen.priv.no/unifi-network-operator-controller
|
||||
newName: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
|
||||
newTag: latest
|
||||
|
||||
2
dist/install.yaml
vendored
2
dist/install.yaml
vendored
@@ -915,7 +915,7 @@ spec:
|
||||
secretKeyRef:
|
||||
key: UNIFI_PASSWORD
|
||||
name: unifi-configuration
|
||||
image: registry.engen.priv.no/unifi-network-operator-controller:latest
|
||||
image: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /healthz
|
||||
|
||||
@@ -361,10 +361,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
|
||||
log.Error(err, "Could not list network objects")
|
||||
return reconcile.Result{}, err
|
||||
}
|
||||
ipv4_name := "k8s-" + firewallGroup.Spec.Name + "-ipv4"
|
||||
ipv6_name := "k8s-" + firewallGroup.Spec.Name + "-ipv6"
|
||||
tcpports_name := "k8s-" + firewallGroup.Spec.Name + "-tcpports"
|
||||
udpports_name := "k8s-" + firewallGroup.Spec.Name + "-udpports"
|
||||
ipv4_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv4"
|
||||
ipv6_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv6"
|
||||
tcpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-tcpports"
|
||||
udpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-udpports"
|
||||
ipv4_done := false
|
||||
ipv6_done := false
|
||||
tcpports_done := false
|
||||
|
||||
@@ -285,7 +285,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
// This will be used when running through all firewall groups and servics known, to see if a rule should be added.
|
||||
|
||||
for _, dest_group := range firewallPolicy.Spec.Destination.FirewallGroups {
|
||||
namespace := defaultNs
|
||||
namespace := firewallPolicy.Namespace
|
||||
if len(dest_group.Namespace) > 0 {
|
||||
namespace = dest_group.Namespace
|
||||
}
|
||||
@@ -310,7 +310,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
|
||||
|
||||
for _, firewallGroup := range firewallGroupCRDs.Items {
|
||||
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) {
|
||||
if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == firewallGroup.Namespace)) {
|
||||
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
||||
} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
|
||||
myFirewallGroups = append(myFirewallGroups, firewallGroup)
|
||||
@@ -340,7 +340,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
skipService = true
|
||||
}
|
||||
}
|
||||
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) && !skipService {
|
||||
if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == service.Namespace)) && !skipService {
|
||||
myServices = append(myServices, service)
|
||||
} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
|
||||
myServices = append(myServices, service)
|
||||
@@ -468,7 +468,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
|
||||
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -503,7 +503,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -541,7 +541,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -577,7 +577,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -640,7 +640,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
|
||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -677,7 +677,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -716,7 +716,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
|
||||
if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
@@ -753,7 +753,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
|
||||
}
|
||||
}
|
||||
if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
|
||||
policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
||||
policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
|
||||
if _, found := unifiFirewallpolicyNames[policyname]; !found {
|
||||
log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
|
||||
unifiFirewallPolicy := fillDefaultPolicy()
|
||||
|
||||
7
ko.yaml
Normal file
7
ko.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
defaultBaseImage: cgr.dev/chainguard/static:latest
|
||||
|
||||
labels:
|
||||
org.opencontainers.image.authors: Vegard Engen <vegard@engen.priv.no>
|
||||
org.opencontainers.image.source: https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator
|
||||
org.opencontainers.image.vendor: Klauvsteinen
|
||||
dev.chainguard.package.main: ""
|
||||
Reference in New Issue
Block a user