Validate fields

api/v1alpha1/ionoscloudcluster_types.go

@@ -80,22 +80,38 @@ const (
 	LoadBalancerForwardingRuleCreationFailedReason = "LoadBalancerForwardingRuleCreationFailed"
 )
 
-// +kubebuilder:validation:Enum=de/txl;de/fra
+// +kubebuilder:validation:Enum=es/vlt;fr/par;de/txl;de/fra;gb-lhr;us-ewr;us-las;
 type Location string
 
+func (r Location) String() string {
+	return string(r)
+}
+
 // IONOSCloudClusterSpec defines the desired state of IONOSCloudCluster
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.dataCenterID) || has(self.dataCenterID)", message="DataCenterID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.loadBalancerID) || has(self.loadBalancerID)", message="LoadBalancerID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.publicLanID) || has(self.publicLanID)", message="PublicLanID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.internetLanID) || has(self.internetLanID)", message="InternetLanID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.privateLanID) || has(self.privateLanID)", message="PrivateLanID is required once set"
 type IONOSCloudClusterSpec struct {
-	// +kubebuilder:validation:Enum=es/vlt;fr/par;de/txl;de/fra;gb-lhr;us-ewr;us-las;
-	Location string `json:"location"`
+
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Location is immutable"
+	Location Location `json:"location"`
+
 	// +kubebuilder:validation:MinLength=1
 	IdentityName         string                `json:"identityName"`
 	ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"`
 
-	DataCenterID   string `json:"dataCenterID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="DataCenterID is immutable"
+	DataCenterID string `json:"dataCenterID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="LoadBalancerID is immutable"
 	LoadBalancerID string `json:"loadBalancerID,omitempty"`
-	PublicLanID    *int32 `json:"publicLanID,omitempty"`
-	InternetLanID  *int32 `json:"internetLanID,omitempty"`
-	PrivateLanID   *int32 `json:"privateLanID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="PublicLanID is immutable"
+	PublicLanID *int32 `json:"publicLanID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="InternetLanID is immutable"
+	InternetLanID *int32 `json:"internetLanID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="PrivateLanID is immutable"
+	PrivateLanID *int32 `json:"privateLanID,omitempty"`
 }
 
 // IONOSCloudClusterStatus defines the observed state of IONOSCloudCluster

api/v1alpha1/ionoscloudmachine_types.go

@@ -31,36 +31,47 @@ const (
 )
 
 // IONOSCloudMachineSpec defines the desired state of IONOSCloudMachine
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.providerID) || has(self.providerID)", message="ProviderID is required once set"
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ip) || has(self.ip)", message="IP is required once set"
 type IONOSCloudMachineSpec struct {
 	// The name of the  resource.
 	Name *string `json:"name,omitempty"`
 
 	// The availability zone in which the server should be provisioned.
 	// +kubebuilder:default=AUTO
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="AvailabilityZone is immutable"
 	AvailabilityZone *string `json:"availabilityZone,omitempty"`
 	// The total number of cores for the enterprise server.
 	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Cores is immutable"
 	Cores *int32 `json:"cores"`
 	// CPU architecture on which server gets provisioned; not all CPU architectures are available in all datacenter regions; available CPU architectures can be retrieved from the datacenter resource; must not be provided for CUBE servers.
 	// +kubebuilder:validation:MinLength=1
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="CpuFamily is immutable"
 	CpuFamily *string `json:"cpuFamily"`
 	// The memory size for the enterprise server in MB, such as 2048.
 	// +kubebuilder:validation:Minimum=256
 	// +kubebuilder:validation:MultipleOf=256
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Ram is immutable"
 	Ram        *int32          `json:"ram"`
 	BootVolume IONOSVolumeSpec `json:"bootVolume"`
 
-	// primary ip of the virtual machine.
-	IP                 *string `json:"ip,omitempty"`
-	ProviderID         string  `json:"providerID,omitempty"`
-	NetworkInterfaceID string  `json:"networkInterfaceID,omitempty"`
-	VolumeID           string  `json:"volumeID,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="IP is immutable"
+	IP *string `json:"ip,omitempty"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ProviderID is immutable"
+	ProviderID string `json:"providerID,omitempty"`
 }
+
+// +kubebuilder:validation:XValidation:rule="!has(oldSelf.sshKeys) || has(self.sshKeys)", message="SSHKeys is required once set"
 type IONOSVolumeSpec struct {
-	Type  string `json:"type"`
-	Size  string `json:"size"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Type is immutable"
+	Type string `json:"type"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Size is immutable"
+	Size string `json:"size"`
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Image is immutable"
 	Image string `json:"image"`
 	// Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation.
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="SSHKeys is immutable"
 	SSHKeys *[]string `json:"sshKeys,omitempty"`
 }
 

api/v1alpha1/webhook_suite_test.go

@@ -18,15 +18,10 @@ package v1alpha1
 
 import (
 	"context"
-	"crypto/tls"
-	"fmt"
-	"net"
-	"path/filepath"
-	"testing"
-	"time"
-
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	"path/filepath"
+	"testing"
 
 	admissionv1 "k8s.io/api/admission/v1"
 	//+kubebuilder:scaffold:imports
@@ -63,9 +58,6 @@ var _ = BeforeSuite(func() {
 	testEnv = &envtest.Environment{
 		CRDDirectoryPaths:     []string{filepath.Join("..", "..", "config", "crd", "bases")},
 		ErrorIfCRDPathMissing: false,
-		WebhookInstallOptions: envtest.WebhookInstallOptions{
-			Paths: []string{filepath.Join("..", "..", "config", "webhook")},
-		},
 	}
 
 	var err error
@@ -88,43 +80,18 @@ var _ = BeforeSuite(func() {
 	Expect(k8sClient).NotTo(BeNil())
 
 	// start webhook server using Manager
-	webhookInstallOptions := &testEnv.WebhookInstallOptions
 	mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 		Scheme:             scheme,
-		Host:               webhookInstallOptions.LocalServingHost,
-		Port:               webhookInstallOptions.LocalServingPort,
-		CertDir:            webhookInstallOptions.LocalServingCertDir,
 		LeaderElection:     false,
 		MetricsBindAddress: "0",
 	})
 	Expect(err).NotTo(HaveOccurred())
 
-	err = (&IONOSCloudCluster{}).SetupWebhookWithManager(mgr)
-	Expect(err).NotTo(HaveOccurred())
-
-	err = (&IONOSCloudMachine{}).SetupWebhookWithManager(mgr)
-	Expect(err).NotTo(HaveOccurred())
-
-	//+kubebuilder:scaffold:webhook
-
 	go func() {
 		defer GinkgoRecover()
 		err = mgr.Start(ctx)
 		Expect(err).NotTo(HaveOccurred())
 	}()
-
-	// wait for the webhook server to get ready
-	dialer := &net.Dialer{Timeout: time.Second}
-	addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort)
-	Eventually(func() error {
-		conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true})
-		if err != nil {
-			return err
-		}
-		conn.Close()
-		return nil
-	}).Should(Succeed())
-
 })
 
 var _ = AfterSuite(func() {

cmd/main.go

@@ -119,14 +119,6 @@ func main() {
 		os.Exit(1)
 	}
 
-	if err = (&infrastructurev1alpha1.IONOSCloudCluster{}).SetupWebhookWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create webhook", "webhook", "IONOSCloudCluster")
-		os.Exit(1)
-	}
-	if err = (&infrastructurev1alpha1.IONOSCloudMachine{}).SetupWebhookWithManager(mgr); err != nil {
-		setupLog.Error(err, "unable to create webhook", "webhook", "IONOSCloudMachine")
-		os.Exit(1)
-	}
 	if err = (&controller.IONOSCloudClusterIdentityReconciler{
 		ControllerContext: &context.ControllerContext{
 			Context:            goctx.Background(),

config/crd/kustomization.yaml

@@ -9,20 +9,20 @@ resources:
 - bases/infrastructure.cluster.x-k8s.io_ionoscloudclusteridentities.yaml
 #+kubebuilder:scaffold:crdkustomizeresource
 
-patches:
+#patches:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-- path: patches/webhook_in_ionoscloudclusters.yaml
-- path: patches/webhook_in_ionoscloudmachines.yaml
+#- path: patches/webhook_in_ionoscloudclusters.yaml
+#- path: patches/webhook_in_ionoscloudmachines.yaml
 #- path: patches/webhook_in_ionoscloudclustertemplates.yaml
 #- path: patches/webhook_in_ionoscloudmachinetemplates.yaml
 #- path: patches/webhook_in_ionoscloudidentities.yaml
 #+kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-- path: patches/cainjection_in_ionoscloudclusters.yaml
-- path: patches/cainjection_in_ionoscloudmachines.yaml
+#- path: patches/cainjection_in_ionoscloudclusters.yaml
+#- path: patches/cainjection_in_ionoscloudmachines.yaml
 #- path: patches/cainjection_in_ionoscloudclustertemplates.yaml
 #- path: patches/cainjection_in_ionoscloudmachinetemplates.yaml
 #- path: patches/cainjection_in_ionoscloudidentities.yaml