test

.gitea/workflows/docker-build.yaml

@@ -1,12 +1,11 @@
-name: Build project
+name: Build & Push Linode Webhook
+
 on:
   push:
-    branches-ignore:
-      - main
 jobs:
   build:
     runs-on: ubuntu-latest
-    container: registry.engen.priv.no/gitea-build:0.1.0
+    container: golang:1.24
     steps:
        - name: Setup SSH
          run: |
@@ -22,5 +21,5 @@ jobs:
          run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
        - name: Build
          run: go build cmd/main.go
-       - name: Build manifest
+        
-         run: make build-installer
+

.gitea/workflows/kobuild.yaml

@@ -1,50 +0,0 @@
-name: Publish
-on:
-  push:
-    branches:
-      - main
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    container: registry.engen.priv.no/gitea-build:0.1.0
-    env:
-      GITEA_USER: ${{ secrets.GITEAUSER }}
-      GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
-      GITEA_REGISTRY: gitea.engen.priv.no
-      GITEA_ORG: klauvsteinen
-    steps:
-      - name: Setup SSH
-        run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: ssh repo
-        run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
-      - name: Docker login
-        run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
-      - name: Build
-        run: |
-          export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
-          ko publish ./cmd \
-          --tags "latest" \
-          --image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
-          --image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
-          --image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
-          --image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
-          --image-label 'dev.chainguard.package.main=' \
-          --bare
-      - name: Build manifest
-        run: |
-          make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:latest" build-installer
-          curl -X DELETE \
-          -H "Authorization: token $GITEA_TOKEN" \
-          -H "Content-Type: application/x-yaml" \
-          https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml
-          curl -X PUT \
-          -H "Authorization: token $GITEA_TOKEN" \
-          -H "Content-Type: application/x-yaml" \
-          --data-binary @./dist/install.yaml \
-          https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/latest/install.yaml

.gitea/workflows/publish.yaml

@@ -1,54 +0,0 @@
-name: Publish
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-      - 'v[0-9]+.[0-9]+.[0-9]+-alpha[0-9]+'
-      - 'v[0-9]+.[0-9]+.[0-9]+-beta[0-9]+'
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    container: registry.engen.priv.no/gitea-build:0.1.0
-    env:
-      GITEA_USER: ${{ secrets.GITEAUSER }}
-      GITEA_TOKEN: ${{ secrets.GITEATOKEN }}
-      GITEA_REGISTRY: gitea.engen.priv.no
-      GITEA_ORG: klauvsteinen
-    steps:
-      - name: Setup SSH
-        run: |
-          mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
-          chmod 600 ~/.ssh/id_rsa
-          ssh-keyscan gitea-ssh.engen.priv.no >> ~/.ssh/known_hosts
-      - name: Check out repository code
-        uses: actions/checkout@v4
-      - name: ssh repo
-        run: git config --global url.git@gitea-ssh.engen.priv.no:.insteadOf https://gitea.engen.priv.no/
-      - name: Extract tag (outside container)
-        shell: bash
-        run: |
-          echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
-          env
-      - name: Docker login
-        run: echo "${GITEA_TOKEN}" | docker login "${GITEA_REGISTRY}" --username "${GITEA_USER}" --password-stdin
-      - name: Build
-        run: |
-          export KO_DOCKER_REPO="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller"
-          ko publish ./cmd \
-          --tags "$TAG" \
-          --image-label 'org.opencontainers.image.authors=Klauvsteinen <vegard@engen.priv.no>' \
-          --image-label 'org.opencontainers.image.vendor=Klauvsteinen' \
-          --image-label 'org.opencontainers.image.source=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
-          --image-label 'org.opencontainers.image.url=https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator' \
-          --image-label 'dev.chainguard.package.main=' \
-          --bare
-      - name: Build manifest
-        run: |
-          make IMG="${GITEA_REGISTRY}/${GITEA_ORG}/unifi-network-operator-controller:$TAG" build-installer
-          curl -X PUT \
-          -H "Authorization: token $GITEA_TOKEN" \
-          -H "Content-Type: application/x-yaml" \
-          --data-binary @./dist/install.yaml \
-          https://gitea.engen.priv.no/api/packages/klauvsteinen/generic/unifi-network-operator/$TAG/install.yaml
-

Makefile

@@ -1,5 +1,5 @@
 # Image URL to use all building/pushing image targets
-IMG ?= gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
+IMG ?= registry.engen.priv.no/unifi-network-operator-controller:latest
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -8,7 +8,7 @@ else
 GOBIN=$(shell go env GOBIN)
 endif
 
-export KO_DOCKER_REPO=gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
+export KO_DOCKER_REPO=registry.engen.priv.no/unifi-network-operator-controller
 
 # CONTAINER_TOOL defines the container tool to be used for building images.
 # Be aware that the target commands are only tested with Docker which is

PROJECT

@@ -6,7 +6,7 @@ domain: engen.priv.no
 layout:
 - go.kubebuilder.io/v4
 projectName: unifi-network-operator
-repo: gitea.engen.priv.no/klauvsteinen/unifi-network-operator
+repo: github.com/vegardengen/unifi-network-operator
 resources:
 - api:
     crdVersion: v1
@@ -15,7 +15,7 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: Networkconfiguration
-  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
+  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1
@@ -24,7 +24,7 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: FirewallZone
-  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
+  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1
@@ -33,7 +33,7 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: FirewallPolicy
-  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
+  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
   version: v1beta1
 - api:
     crdVersion: v1
@@ -42,6 +42,6 @@ resources:
   domain: engen.priv.no
   group: unifi
   kind: PortForward
-  path: gitea.engen.priv.no/klauvsteinen/unifi-network-operator/api/v1beta1
+  path: github.com/vegardengen/unifi-network-operator/api/v1beta1
   version: v1beta1
 version: "3"

config/manager/kustomization.yaml

@@ -4,5 +4,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller
+  newName: registry.engen.priv.no/unifi-network-operator-controller
   newTag: latest

dist/install.yaml

@@ -1,952 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-    control-plane: controller-manager
-  name: unifi-network-operator-system
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
-  name: firewallpolicies.unifi.engen.priv.no
-spec:
-  group: unifi.engen.priv.no
-  names:
-    kind: FirewallPolicy
-    listKind: FirewallPolicyList
-    plural: firewallpolicies
-    singular: firewallpolicy
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: FirewallPolicy is the Schema for the firewallpolicies API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            properties:
-              destination:
-                properties:
-                  firewall_groups:
-                    items:
-                      properties:
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                      type: object
-                    type: array
-                  services:
-                    items:
-                      properties:
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              match_firewall_groups_in_all_namespaces:
-                type: boolean
-              match_services_in_all_namespaces:
-                type: boolean
-              name:
-                type: string
-              source:
-                properties:
-                  from_networks:
-                    items:
-                      properties:
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                      type: object
-                    type: array
-                  from_zones:
-                    items:
-                      properties:
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-            required:
-            - destination
-            - name
-            - source
-            type: object
-          status:
-            description: FirewallPolicyStatus defines the observed state of FirewallPolicy.
-            properties:
-              resources_managed:
-                properties:
-                  firewall_groups_managed:
-                    items:
-                      properties:
-                        name:
-                          type: string
-                        namespace:
-                          type: string
-                      type: object
-                    type: array
-                  firewall_policies_managed:
-                    items:
-                      properties:
-                        from:
-                          type: string
-                        tcpipv4_id:
-                          type: string
-                        tcpipv6_id:
-                          type: string
-                        to:
-                          type: string
-                        udpipv4_id:
-                          type: string
-                        udpipv6_id:
-                          type: string
-                      required:
-                      - from
-                      - tcpipv4_id
-                      - tcpipv6_id
-                      - to
-                      - udpipv4_id
-                      - udpipv6_id
-                      type: object
-                    type: array
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
-  name: firewallzones.unifi.engen.priv.no
-spec:
-  group: unifi.engen.priv.no
-  names:
-    kind: FirewallZone
-    listKind: FirewallZoneList
-    plural: firewallzones
-    singular: firewallzone
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: FirewallZone is the Schema for the firewallzones API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: FirewallZoneSpec defines the desired state of FirewallZone.
-            properties:
-              _id:
-                type: string
-              default_zone:
-                type: boolean
-              name:
-                type: string
-              network_ids:
-                items:
-                  type: string
-                type: array
-              zone_key:
-                type: string
-            type: object
-          status:
-            description: FirewallZoneStatus defines the observed state of FirewallZone.
-            properties:
-              resources_managed:
-                properties:
-                  firewall_zones_managed:
-                    items:
-                      properties:
-                        id:
-                          type: string
-                        name:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
-  name: networkconfigurations.unifi.engen.priv.no
-spec:
-  group: unifi.engen.priv.no
-  names:
-    kind: Networkconfiguration
-    listKind: NetworkconfigurationList
-    plural: networkconfigurations
-    singular: networkconfiguration
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: Networkconfiguration is the Schema for the networkconfigurations
-          API.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            description: NetworkconfigurationSpec defines the desired state of Networkconfiguration.
-            properties:
-              _id:
-                description: Foo is an example field of Networkconfiguration. Edit
-                  networkconfiguration_types.go to remove/update
-                type: string
-              enabled:
-                type: boolean
-              firewall_zone:
-                type: string
-              gateway_type:
-                type: string
-              ip_subnet:
-                type: string
-              ipv6_interface_type:
-                type: string
-              ipv6_pd_auto_prefixid_enabled:
-                type: boolean
-              ipv6_ra_enabled:
-                type: boolean
-              ipv6_setting_preference:
-                type: string
-              ipv6_subnet:
-                type: string
-              name:
-                type: string
-              networkgroup:
-                type: string
-              purpose:
-                type: string
-              setting_preference:
-                type: string
-              vlan:
-                format: int64
-                type: integer
-              vlan_enabled:
-                type: boolean
-            required:
-            - name
-            type: object
-          status:
-            description: NetworkconfigurationStatus defines the observed state of
-              Networkconfiguration.
-            properties:
-              firewall_zone_id:
-                description: |-
-                  INSERT ADDITIONAL STATUS FIELD - define observed state of cluster
-                  Important: Run "make" to regenerate code after modifying this file
-                type: string
-              ipv6_subnet_status:
-                type: string
-              lastSyncTime:
-                description: LastSyncTime is the last time the object was synced
-                format: date-time
-                type: string
-              resources_managed:
-                properties:
-                  networks_managed:
-                    items:
-                      properties:
-                        id:
-                          type: string
-                        name:
-                          type: string
-                      type: object
-                    type: array
-                type: object
-              syncedWithUnifi:
-                description: SyncedWithUnifi indicates whether the addresses are successfully
-                  pushed
-                type: boolean
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
-  annotations:
-    controller-gen.kubebuilder.io/version: v0.17.2
-  name: portforwards.unifi.engen.priv.no
-spec:
-  group: unifi.engen.priv.no
-  names:
-    kind: PortForward
-    listKind: PortForwardList
-    plural: portforwards
-    singular: portforward
-  scope: Namespaced
-  versions:
-  - name: v1beta1
-    schema:
-      openAPIV3Schema:
-        description: |-
-          PortForward is a placeholder type to allow future CRD support if needed.
-          Right now, port forwards are managed entirely through annotations on Services.
-        properties:
-          apiVersion:
-            description: |-
-              APIVersion defines the versioned schema of this representation of an object.
-              Servers should convert recognized schemas to the latest internal value, and
-              may reject unrecognized values.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
-            type: string
-          kind:
-            description: |-
-              Kind is a string value representing the REST resource this object represents.
-              Servers may infer this from the endpoint the client submits requests to.
-              Cannot be updated.
-              In CamelCase.
-              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
-            type: string
-          metadata:
-            type: object
-          spec:
-            type: object
-          status:
-            type: object
-        type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-controller-manager
-  namespace: unifi-network-operator-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-leader-election-role
-  namespace: unifi-network-operator-system
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - coordination.k8s.io
-  resources:
-  - leases
-  verbs:
-  - get
-  - list
-  - watch
-  - create
-  - update
-  - patch
-  - delete
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-firewallpolicy-admin-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallpolicies
-  verbs:
-  - '*'
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallpolicies/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-firewallpolicy-editor-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallpolicies
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallpolicies/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-firewallpolicy-viewer-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallpolicies
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallpolicies/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-firewallzone-admin-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallzones
-  verbs:
-  - '*'
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallzones/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-firewallzone-editor-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallzones
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallzones/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-firewallzone-viewer-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallzones
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallzones/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: unifi-network-operator-manager-role
-rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  - services
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallgroups
-  - firewallpolicies
-  - firewallzones
-  - networkconfigurations
-  - portforwards
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallgroups/finalizers
-  - firewallpolicies/finalizers
-  - firewallzones/finalizers
-  - networkconfigurations/finalizers
-  - portforwards/finalizers
-  verbs:
-  - update
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - firewallgroups/status
-  - firewallpolicies/status
-  - firewallzones/status
-  - networkconfigurations/status
-  - portforwards/status
-  verbs:
-  - get
-  - patch
-  - update
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: unifi-network-operator-metrics-auth-role
-rules:
-- apiGroups:
-  - authentication.k8s.io
-  resources:
-  - tokenreviews
-  verbs:
-  - create
-- apiGroups:
-  - authorization.k8s.io
-  resources:
-  - subjectaccessreviews
-  verbs:
-  - create
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  name: unifi-network-operator-metrics-reader
-rules:
-- nonResourceURLs:
-  - /metrics
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-networkconfiguration-admin-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - networkconfigurations
-  verbs:
-  - '*'
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - networkconfigurations/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-networkconfiguration-editor-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - networkconfigurations
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - networkconfigurations/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-networkconfiguration-viewer-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - networkconfigurations
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - networkconfigurations/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-portforward-admin-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - portforwards
-  verbs:
-  - '*'
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - portforwards/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-portforward-editor-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - portforwards
-  verbs:
-  - create
-  - delete
-  - get
-  - list
-  - patch
-  - update
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - portforwards/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-portforward-viewer-role
-rules:
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - portforwards
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - unifi.engen.priv.no
-  resources:
-  - portforwards/status
-  verbs:
-  - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-leader-election-rolebinding
-  namespace: unifi-network-operator-system
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: unifi-network-operator-leader-election-role
-subjects:
-- kind: ServiceAccount
-  name: unifi-network-operator-controller-manager
-  namespace: unifi-network-operator-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-  name: unifi-network-operator-manager-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: unifi-network-operator-manager-role
-subjects:
-- kind: ServiceAccount
-  name: unifi-network-operator-controller-manager
-  namespace: unifi-network-operator-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
-  name: unifi-network-operator-metrics-auth-rolebinding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: unifi-network-operator-metrics-auth-role
-subjects:
-- kind: ServiceAccount
-  name: unifi-network-operator-controller-manager
-  namespace: unifi-network-operator-system
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-    control-plane: controller-manager
-  name: unifi-network-operator-controller-manager-metrics-service
-  namespace: unifi-network-operator-system
-spec:
-  ports:
-  - name: https
-    port: 8443
-    protocol: TCP
-    targetPort: 8443
-  selector:
-    app.kubernetes.io/name: unifi-network-operator
-    control-plane: controller-manager
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app.kubernetes.io/managed-by: kustomize
-    app.kubernetes.io/name: unifi-network-operator
-    control-plane: controller-manager
-  name: unifi-network-operator-controller-manager
-  namespace: unifi-network-operator-system
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: unifi-network-operator
-      control-plane: controller-manager
-  template:
-    metadata:
-      annotations:
-        kubectl.kubernetes.io/default-container: manager
-      labels:
-        app.kubernetes.io/name: unifi-network-operator
-        control-plane: controller-manager
-    spec:
-      containers:
-      - args:
-        - --metrics-bind-address=:8443
-        - --leader-elect
-        - --health-probe-bind-address=:8081
-        env:
-        - name: UNIFI_URL
-          valueFrom:
-            secretKeyRef:
-              key: UNIFI_URL
-              name: unifi-configuration
-        - name: UNIFI_SITE
-          valueFrom:
-            secretKeyRef:
-              key: UNIFI_SITE
-              name: unifi-configuration
-        - name: UNIFI_USER
-          valueFrom:
-            secretKeyRef:
-              key: UNIFI_USERNAME
-              name: unifi-configuration
-        - name: UNIFI_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              key: UNIFI_PASSWORD
-              name: unifi-configuration
-        image: gitea.engen.priv.no/klauvsteinen/unifi-network-operator-controller:latest
-        livenessProbe:
-          httpGet:
-            path: /healthz
-            port: 8081
-          initialDelaySeconds: 15
-          periodSeconds: 20
-        name: manager
-        ports: []
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8081
-          initialDelaySeconds: 5
-          periodSeconds: 10
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            drop:
-            - ALL
-        volumeMounts: []
-      securityContext:
-        runAsNonRoot: true
-        seccompProfile:
-          type: RuntimeDefault
-      serviceAccountName: unifi-network-operator-controller-manager
-      terminationGracePeriodSeconds: 10
-      volumes: []

internal/controller/firewallgroup_controller.go

@@ -361,10 +361,10 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 		log.Error(err, "Could not list network objects")
 		return reconcile.Result{}, err
 	}
-	ipv4_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv4"
+	ipv4_name := "k8s-" + firewallGroup.Spec.Name + "-ipv4"
-	ipv6_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-ipv6"
+	ipv6_name := "k8s-" + firewallGroup.Spec.Name + "-ipv6"
-	tcpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-tcpports"
+	tcpports_name := "k8s-" + firewallGroup.Spec.Name + "-tcpports"
-	udpports_name := "k8s-" + firewallGroup.Namespace + "/" + firewallGroup.Name + "-udpports"
+	udpports_name := "k8s-" + firewallGroup.Spec.Name + "-udpports"
 	ipv4_done := false
 	ipv6_done := false
 	tcpports_done := false
@@ -377,7 +377,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"127.0.0.1"}
 						firewall_group.Name = firewall_group.Name + "-deleted"
@@ -417,7 +417,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"::1"}
 						firewall_group.Name = firewall_group.Name + "-deleted"
@@ -457,7 +457,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"0"}
 						firewall_group.Name = firewall_group.Name + "-deleted"
@@ -497,7 +497,7 @@ func (r *FirewallGroupReconciler) Reconcile(ctx context.Context, req reconcile.R
 				if err != nil {
 					msg := strings.ToLower(err.Error())
 					log.Info(msg)
-					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg, "invalid character") {
+					if strings.Contains(msg, "api.err.objectreferredby") || strings.Contains(msg,"invalid character") {
 						log.Info("Firewall group is in use. Invoking workaround...!")
 						firewall_group.GroupMembers = []string{"127.0.0.1"}
 						firewall_group.Name = firewall_group.Name + "-deleted"

internal/controller/firewallpolicy_controller.go

@@ -125,72 +125,70 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 			}
 			log.Info("Running finalizer logic for FirewallPolicy", "name", firewallPolicy.Name)
 
-			if firewallPolicy.Status.ResourcesManaged != nil {
+			if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
-				if len(firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies) > 0 {
+				for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
-					for i, UnifiFirewallPolicy := range firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies {
+					log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
-						log.Info(fmt.Sprintf("From: %s to: %s TcpIpv4: %s UdpIpv4: %s TcpIpv6: %s UdpIpv6: %s", UnifiFirewallPolicy.From, UnifiFirewallPolicy.To, UnifiFirewallPolicy.TcpIpv4ID, UnifiFirewallPolicy.UdpIpv4ID, UnifiFirewallPolicy.TcpIpv6ID, UnifiFirewallPolicy.UdpIpv6ID))
+					if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
-						if len(UnifiFirewallPolicy.TcpIpv4ID) > 0 {
+						err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
-							err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv4ID)
+						if err != nil && !strings.Contains(err.Error(), "not found") {
-							if err != nil && !strings.Contains(err.Error(), "not found") {
+						} else {
-							} else {
+							firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
-								firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv4ID = ""
+							if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
-								if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
+								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-									return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-								}
 							}
 						}
-						if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
+					}
-							err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
+					if len(UnifiFirewallPolicy.UdpIpv4ID) > 0 {
-							if err != nil && !strings.Contains(err.Error(), "not found") {
+						err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv4ID)
+						if err != nil && !strings.Contains(err.Error(), "not found") {
+							return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+						} else {
+							firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
+							if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
 								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-							} else {
-								firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv4ID = ""
-								if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
-									return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-								}
 							}
 						}
-						if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
+					}
-							err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
+					if len(UnifiFirewallPolicy.TcpIpv6ID) > 0 {
-							if err != nil && !strings.Contains(err.Error(), "not found") {
+						err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.TcpIpv6ID)
+						if err != nil && !strings.Contains(err.Error(), "not found") {
+							return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+						} else {
+							firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
+							if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
 								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-							} else {
-								firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].TcpIpv6ID = ""
-								if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
-									return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-								}
 							}
 						}
-						if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
+					}
-							err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
+					if len(UnifiFirewallPolicy.UdpIpv6ID) > 0 {
-							if err != nil && !strings.Contains(err.Error(), "not found") {
+						err := r.UnifiClient.Client.DeleteFirewallPolicy(context.Background(), r.UnifiClient.SiteID, UnifiFirewallPolicy.UdpIpv6ID)
+						if err != nil && !strings.Contains(err.Error(), "not found") {
+							return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+						} else {
+							firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
+							if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
 								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-							} else {
-								firewallPolicy.Status.ResourcesManaged.UnifiFirewallPolicies[i].UdpIpv6ID = ""
-								if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
-									return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-								}
 							}
 						}
 					}
 				}
+			}
 
-				if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
+			if len(firewallPolicy.Status.ResourcesManaged.FirewallGroups) > 0 {
-					for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
+				for i, firewallGroup := range firewallPolicy.Status.ResourcesManaged.FirewallGroups {
-						var firewallGroupCRD unifiv1beta1.FirewallGroup
+					var firewallGroupCRD unifiv1beta1.FirewallGroup
-						if firewallGroup.Name != "" {
+					if firewallGroup.Name != "" {
-							if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
+						if err := r.Get(ctx, types.NamespacedName{Name: firewallGroup.Name, Namespace: firewallGroup.Namespace}, &firewallGroupCRD); err != nil {
-								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+							return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-							}
+						}
-							if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
+						if err := r.Delete(ctx, &firewallGroupCRD); err != nil {
-								log.Error(err, "Could not delete firewall group")
+							log.Error(err, "Could not delete firewall group")
-								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+							return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-							}
+						}
-							firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
+						firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Name = ""
-							firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
+						firewallPolicy.Status.ResourcesManaged.FirewallGroups[i].Namespace = ""
-							if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
+						if err := r.Status().Update(ctx, &firewallPolicy); err != nil {
-								return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
+							return ctrl.Result{RequeueAfter: 10 * time.Minute}, err
-							}
 						}
 					}
 				}
@@ -312,7 +310,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 	// Run through all firewall groups. Add them to the myFirewallGroups list if they either have an annotations or is specified in the resource.
 
 	for _, firewallGroup := range firewallGroupCRDs.Items {
-		if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == firewallGroup.Namespace)) {
+		if val, found := firewallGroup.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) {
 			myFirewallGroups = append(myFirewallGroups, firewallGroup)
 		} else if _, found := destination_groups[firewallGroup.Namespace+"/"+firewallGroup.Name]; found {
 			myFirewallGroups = append(myFirewallGroups, firewallGroup)
@@ -342,7 +340,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				skipService = true
 			}
 		}
-		if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == service.Namespace)) && !skipService {
+		if val, found := service.Annotations["unifi.engen.priv.no/firewall-policy"]; found && ((strings.Contains(val, "/") && val == firewallPolicy.Namespace+"/"+firewallPolicy.Name) || (val == firewallPolicy.Name && firewallPolicy.Namespace == defaultNs)) && !skipService {
 			myServices = append(myServices, service)
 		} else if _, found := destination_services[service.Namespace+"/"+service.Name]; found && !skipService {
 			myServices = append(myServices, service)
@@ -470,7 +468,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 
 				if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
 					if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -505,7 +503,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 						}
 					}
 					if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -543,7 +541,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				}
 				if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
 					if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -579,7 +577,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 						}
 					}
 					if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "zone:" + zoneCRDs.Items[zoneIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", zoneCRDs.Items[zoneIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -642,7 +640,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				}
 				if len(firewallGroup.Status.ResolvedIPV4Addresses) > 0 {
 					if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-tcp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv4 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -679,7 +677,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 						}
 					}
 					if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv4-udp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv4 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -718,7 +716,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 				}
 				if len(firewallGroup.Status.ResolvedIPV6Addresses) > 0 {
 					if len(firewallGroup.Status.ResolvedTCPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-tcp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv6 tcp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()
@@ -755,7 +753,7 @@ func (r *FirewallPolicyReconciler) Reconcile(ctx context.Context, req ctrl.Reque
 						}
 					}
 					if len(firewallGroup.Status.ResolvedUDPPorts) > 0 {
-						policyname := "k8s-fw-" + firewallPolicy.Namespace + "/" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
+						policyname := "k8s-fw-" + firewallPolicy.Name + "-" + "network:" + networkCRDs.Items[networkIndex].Name + "-" + firewallGroup.Name + "-ipv6-udp"
 						if _, found := unifiFirewallpolicyNames[policyname]; !found {
 							log.Info(fmt.Sprintf("Creating ipv6 udp firewallpolicy for %s to %s: %s", networkCRDs.Items[networkIndex].Name, firewallGroup.Name, policyname))
 							unifiFirewallPolicy := fillDefaultPolicy()

ko.yaml

@@ -1,7 +0,0 @@
-defaultBaseImage: cgr.dev/chainguard/static:latest
-
-labels:
-  org.opencontainers.image.authors: Vegard Engen <vegard@engen.priv.no>
-  org.opencontainers.image.source: https://gitea.engen.priv.no/klauvsteinen/unifi-network-operator
-  org.opencontainers.image.vendor: Klauvsteinen
-  dev.chainguard.package.main: ""

riktig

@@ -0,0 +1 @@
+Riktig fil

tester

@@ -0,0 +1 @@
+ddd