diff --git a/api/v1alpha1/ionoscloudcluster_types.go b/api/v1alpha1/ionoscloudcluster_types.go index 1d1a426..82f2459 100644 --- a/api/v1alpha1/ionoscloudcluster_types.go +++ b/api/v1alpha1/ionoscloudcluster_types.go @@ -80,22 +80,38 @@ const ( LoadBalancerForwardingRuleCreationFailedReason = "LoadBalancerForwardingRuleCreationFailed" ) -// +kubebuilder:validation:Enum=de/txl;de/fra +// +kubebuilder:validation:Enum=es/vlt;fr/par;de/txl;de/fra;gb-lhr;us-ewr;us-las; type Location string +func (r Location) String() string { + return string(r) +} + // IONOSCloudClusterSpec defines the desired state of IONOSCloudCluster +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.dataCenterID) || has(self.dataCenterID)", message="DataCenterID is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.loadBalancerID) || has(self.loadBalancerID)", message="LoadBalancerID is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.publicLanID) || has(self.publicLanID)", message="PublicLanID is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.internetLanID) || has(self.internetLanID)", message="InternetLanID is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.privateLanID) || has(self.privateLanID)", message="PrivateLanID is required once set" type IONOSCloudClusterSpec struct { - // +kubebuilder:validation:Enum=es/vlt;fr/par;de/txl;de/fra;gb-lhr;us-ewr;us-las; - Location string `json:"location"` + + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Location is immutable" + Location Location `json:"location"` + // +kubebuilder:validation:MinLength=1 IdentityName string `json:"identityName"` ControlPlaneEndpoint clusterv1.APIEndpoint `json:"controlPlaneEndpoint"` - DataCenterID string `json:"dataCenterID,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="DataCenterID is immutable" + DataCenterID string `json:"dataCenterID,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="LoadBalancerID is immutable" LoadBalancerID string `json:"loadBalancerID,omitempty"` - PublicLanID *int32 `json:"publicLanID,omitempty"` - InternetLanID *int32 `json:"internetLanID,omitempty"` - PrivateLanID *int32 `json:"privateLanID,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="PublicLanID is immutable" + PublicLanID *int32 `json:"publicLanID,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="InternetLanID is immutable" + InternetLanID *int32 `json:"internetLanID,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="PrivateLanID is immutable" + PrivateLanID *int32 `json:"privateLanID,omitempty"` } // IONOSCloudClusterStatus defines the observed state of IONOSCloudCluster diff --git a/api/v1alpha1/ionoscloudcluster_webhook.go b/api/v1alpha1/ionoscloudcluster_webhook.go deleted file mode 100644 index 68d9df3..0000000 --- a/api/v1alpha1/ionoscloudcluster_webhook.go +++ /dev/null @@ -1,82 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/validation/field" - ctrl "sigs.k8s.io/controller-runtime" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" - "sigs.k8s.io/controller-runtime/pkg/webhook/admission" -) - -// log is for logging in this package. -var ionoscloudclusterlog = logf.Log.WithName("ionoscloudcluster-resource") - -func (r *IONOSCloudCluster) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(r). - Complete() -} - -//+kubebuilder:webhook:path=/validate-infrastructure-cluster-x-k8s-io-v1alpha1-ionoscloudcluster,mutating=false,failurePolicy=fail,sideEffects=None,groups=infrastructure.cluster.x-k8s.io,resources=ionoscloudclusters,verbs=update,versions=v1alpha1,name=vionoscloudcluster.kb.io,admissionReviewVersions=v1 - -var _ webhook.Validator = &IONOSCloudCluster{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *IONOSCloudCluster) ValidateCreate() (admission.Warnings, error) { - ionoscloudclusterlog.Info("validate create", "name", r.Name) - - return nil, nil -} - -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *IONOSCloudCluster) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - ionoscloudclusterlog.Info("validate update", "name", r.Name) - - oldIONOSCloudCluster, _ := old.(*IONOSCloudCluster) - var allErrs field.ErrorList - if oldIONOSCloudCluster.Spec.DataCenterID != "" && r.Spec.DataCenterID != oldIONOSCloudCluster.Spec.DataCenterID { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "dataCenterID"), "cannot be modified")) - } - - if oldIONOSCloudCluster.Spec.Location != "" && r.Spec.Location != oldIONOSCloudCluster.Spec.Location { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "location"), "cannot be modified")) - } - - if oldIONOSCloudCluster.Spec.ControlPlaneEndpoint.Host != "" && r.Spec.ControlPlaneEndpoint.Host != oldIONOSCloudCluster.Spec.ControlPlaneEndpoint.Host { - allErrs = append(allErrs, field.Forbidden(field.NewPath("spec", "location", "controlPlaneEndpoint", "host"), "cannot be modified")) - } - - if allErrs != nil { - return nil, apierrors.NewInvalid( - schema.GroupKind{Group: "infrastructure.cluster.x-k8s.io", Kind: "IONOSCloudCluster"}, - r.Name, allErrs) - } - - return nil, nil -} - -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *IONOSCloudCluster) ValidateDelete() (admission.Warnings, error) { - ionoscloudclusterlog.Info("validate delete", "name", r.Name) - - return nil, nil -} diff --git a/api/v1alpha1/ionoscloudmachine_types.go b/api/v1alpha1/ionoscloudmachine_types.go index f0d1772..96da379 100644 --- a/api/v1alpha1/ionoscloudmachine_types.go +++ b/api/v1alpha1/ionoscloudmachine_types.go @@ -31,36 +31,47 @@ const ( ) // IONOSCloudMachineSpec defines the desired state of IONOSCloudMachine +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.providerID) || has(self.providerID)", message="ProviderID is required once set" +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.ip) || has(self.ip)", message="IP is required once set" type IONOSCloudMachineSpec struct { // The name of the resource. Name *string `json:"name,omitempty"` // The availability zone in which the server should be provisioned. // +kubebuilder:default=AUTO + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="AvailabilityZone is immutable" AvailabilityZone *string `json:"availabilityZone,omitempty"` // The total number of cores for the enterprise server. // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Cores is immutable" Cores *int32 `json:"cores"` // CPU architecture on which server gets provisioned; not all CPU architectures are available in all datacenter regions; available CPU architectures can be retrieved from the datacenter resource; must not be provided for CUBE servers. // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="CpuFamily is immutable" CpuFamily *string `json:"cpuFamily"` // The memory size for the enterprise server in MB, such as 2048. // +kubebuilder:validation:Minimum=256 // +kubebuilder:validation:MultipleOf=256 + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Ram is immutable" Ram *int32 `json:"ram"` BootVolume IONOSVolumeSpec `json:"bootVolume"` - // primary ip of the virtual machine. - IP *string `json:"ip,omitempty"` - ProviderID string `json:"providerID,omitempty"` - NetworkInterfaceID string `json:"networkInterfaceID,omitempty"` - VolumeID string `json:"volumeID,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="IP is immutable" + IP *string `json:"ip,omitempty"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="ProviderID is immutable" + ProviderID string `json:"providerID,omitempty"` } + +// +kubebuilder:validation:XValidation:rule="!has(oldSelf.sshKeys) || has(self.sshKeys)", message="SSHKeys is required once set" type IONOSVolumeSpec struct { - Type string `json:"type"` - Size string `json:"size"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Type is immutable" + Type string `json:"type"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Size is immutable" + Size string `json:"size"` + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Image is immutable" Image string `json:"image"` // Public SSH keys are set on the image as authorized keys for appropriate SSH login to the instance using the corresponding private key. This field may only be set in creation requests. When reading, it always returns null. SSH keys are only supported if a public Linux image is used for the volume creation. + // +kubebuilder:validation:XValidation:rule="self == oldSelf",message="SSHKeys is immutable" SSHKeys *[]string `json:"sshKeys,omitempty"` } diff --git a/api/v1alpha1/ionoscloudmachine_webhook.go b/api/v1alpha1/ionoscloudmachine_webhook.go deleted file mode 100644 index 25fdb30..0000000 --- a/api/v1alpha1/ionoscloudmachine_webhook.go +++ /dev/null @@ -1,93 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package v1alpha1 - -import ( - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" - "sigs.k8s.io/controller-runtime/pkg/webhook/admission" -) - -// log is for logging in this package. -var ionoscloudmachinelog = logf.Log.WithName("ionoscloudmachine-resource") - -func (r *IONOSCloudMachine) SetupWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr). - For(r). - Complete() -} - -//+kubebuilder:webhook:path=/validate-infrastructure-cluster-x-k8s-io-v1alpha1-ionoscloudmachine,mutating=false,failurePolicy=fail,sideEffects=None,groups=infrastructure.cluster.x-k8s.io,resources=ionoscloudmachines,verbs=update,versions=v1alpha1,name=vionoscloudmachine.kb.io,admissionReviewVersions=v1 - -var _ webhook.Validator = &IONOSCloudMachine{} - -// ValidateCreate implements webhook.Validator so a webhook will be registered for the type -func (r *IONOSCloudMachine) ValidateCreate() (admission.Warnings, error) { - ionoscloudmachinelog.Info("validate create", "name", r.Name) - - return nil, nil -} - -// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type -func (r *IONOSCloudMachine) ValidateUpdate(old runtime.Object) (admission.Warnings, error) { - ionoscloudmachinelog.Info("validate update", "name", r.Name) - - //newIONOSCloudMachine, err := runtime.DefaultUnstructuredConverter.ToUnstructured(r) - //if err != nil { - // return nil, apierrors.NewInternalError(errors.Wrap(err, "failed to convert new IONOSCloudMachine to unstructured object")) - //} - // - //oldIONOSCloudMachine, err := runtime.DefaultUnstructuredConverter.ToUnstructured(old) - //if err != nil { - // return nil, apierrors.NewInternalError(errors.Wrap(err, "failed to convert old IONOSCloudMachine to unstructured object")) - //} - // - //var allErrs field.ErrorList - // - //newVSphereMachineSpec := newIONOSCloudMachine["spec"].(map[string]interface{}) - //oldVSphereMachineSpec := oldIONOSCloudMachine["spec"].(map[string]interface{}) - // - //// allow changes to providerID - //delete(oldVSphereMachineSpec, "providerID") - //delete(newVSphereMachineSpec, "providerID") - // - //// allow changes to providerID - //delete(oldVSphereMachineSpec, "providerID") - //delete(newVSphereMachineSpec, "providerID") - // - // - //if !reflect.DeepEqual(oldVSphereMachineSpec, newVSphereMachineSpec) { - // allErrs = append(allErrs, field.Forbidden(field.NewPath("spec"), "cannot be modified")) - //} - // - //if allErrs != nil { - // return nil, apierrors.NewInvalid( - // schema.GroupKind{Group: "infrastructure.cluster.x-k8s.io", Kind: "IONOSCloudMachine"}, - // r.Name, allErrs) - //} - - return nil, nil -} - -// ValidateDelete implements webhook.Validator so a webhook will be registered for the type -func (r *IONOSCloudMachine) ValidateDelete() (admission.Warnings, error) { - ionoscloudmachinelog.Info("validate delete", "name", r.Name) - - return nil, nil -} diff --git a/api/v1alpha1/webhook_suite_test.go b/api/v1alpha1/webhook_suite_test.go index 8ffd2e2..c42e119 100644 --- a/api/v1alpha1/webhook_suite_test.go +++ b/api/v1alpha1/webhook_suite_test.go @@ -18,15 +18,10 @@ package v1alpha1 import ( "context" - "crypto/tls" - "fmt" - "net" - "path/filepath" - "testing" - "time" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + "path/filepath" + "testing" admissionv1 "k8s.io/api/admission/v1" //+kubebuilder:scaffold:imports @@ -63,9 +58,6 @@ var _ = BeforeSuite(func() { testEnv = &envtest.Environment{ CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: false, - WebhookInstallOptions: envtest.WebhookInstallOptions{ - Paths: []string{filepath.Join("..", "..", "config", "webhook")}, - }, } var err error @@ -88,43 +80,18 @@ var _ = BeforeSuite(func() { Expect(k8sClient).NotTo(BeNil()) // start webhook server using Manager - webhookInstallOptions := &testEnv.WebhookInstallOptions mgr, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme, - Host: webhookInstallOptions.LocalServingHost, - Port: webhookInstallOptions.LocalServingPort, - CertDir: webhookInstallOptions.LocalServingCertDir, LeaderElection: false, MetricsBindAddress: "0", }) Expect(err).NotTo(HaveOccurred()) - err = (&IONOSCloudCluster{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - - err = (&IONOSCloudMachine{}).SetupWebhookWithManager(mgr) - Expect(err).NotTo(HaveOccurred()) - - //+kubebuilder:scaffold:webhook - go func() { defer GinkgoRecover() err = mgr.Start(ctx) Expect(err).NotTo(HaveOccurred()) }() - - // wait for the webhook server to get ready - dialer := &net.Dialer{Timeout: time.Second} - addrPort := fmt.Sprintf("%s:%d", webhookInstallOptions.LocalServingHost, webhookInstallOptions.LocalServingPort) - Eventually(func() error { - conn, err := tls.DialWithDialer(dialer, "tcp", addrPort, &tls.Config{InsecureSkipVerify: true}) - if err != nil { - return err - } - conn.Close() - return nil - }).Should(Succeed()) - }) var _ = AfterSuite(func() { diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 312558e..7abe577 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -22,7 +22,7 @@ limitations under the License. package v1alpha1 import ( - "k8s.io/apimachinery/pkg/runtime" + runtime "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/cluster-api/api/v1beta1" ) diff --git a/cmd/main.go b/cmd/main.go index 6580635..0ccf0da 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -119,14 +119,6 @@ func main() { os.Exit(1) } - if err = (&infrastructurev1alpha1.IONOSCloudCluster{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "IONOSCloudCluster") - os.Exit(1) - } - if err = (&infrastructurev1alpha1.IONOSCloudMachine{}).SetupWebhookWithManager(mgr); err != nil { - setupLog.Error(err, "unable to create webhook", "webhook", "IONOSCloudMachine") - os.Exit(1) - } if err = (&controller.IONOSCloudClusterIdentityReconciler{ ControllerContext: &context.ControllerContext{ Context: goctx.Background(), diff --git a/config/crd/kustomization.yaml b/config/crd/kustomization.yaml index b945883..853c5e6 100644 --- a/config/crd/kustomization.yaml +++ b/config/crd/kustomization.yaml @@ -9,11 +9,11 @@ resources: - bases/infrastructure.cluster.x-k8s.io_ionoscloudclusteridentities.yaml #+kubebuilder:scaffold:crdkustomizeresource -patches: +#patches: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD -- path: patches/webhook_in_ionoscloudclusters.yaml -- path: patches/webhook_in_ionoscloudmachines.yaml +#- path: patches/webhook_in_ionoscloudclusters.yaml +#- path: patches/webhook_in_ionoscloudmachines.yaml #- path: patches/webhook_in_ionoscloudclustertemplates.yaml #- path: patches/webhook_in_ionoscloudmachinetemplates.yaml #- path: patches/webhook_in_ionoscloudidentities.yaml @@ -21,8 +21,8 @@ patches: # [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD -- path: patches/cainjection_in_ionoscloudclusters.yaml -- path: patches/cainjection_in_ionoscloudmachines.yaml +#- path: patches/cainjection_in_ionoscloudclusters.yaml +#- path: patches/cainjection_in_ionoscloudmachines.yaml #- path: patches/cainjection_in_ionoscloudclustertemplates.yaml #- path: patches/cainjection_in_ionoscloudmachinetemplates.yaml #- path: patches/cainjection_in_ionoscloudidentities.yaml diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 5c8e5ad..6a5caa6 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -23,9 +23,9 @@ resources: - ../manager # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- ../webhook +#- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -- ../certmanager +#- ../certmanager # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. #- ../prometheus @@ -39,109 +39,109 @@ patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in # crd/kustomization.yaml -- manager_webhook_patch.yaml +#- manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. # Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. # 'CERTMANAGER' needs to be enabled to use ca injection -- webhookcainjection_patch.yaml +#- webhookcainjection_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. # Uncomment the following replacements to add the cert-manager CA injection annotations -replacements: - - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldPath: .metadata.namespace # namespace of the certificate CR - targets: - - select: - kind: ValidatingWebhookConfiguration - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 0 - create: true - - select: - kind: MutatingWebhookConfiguration - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 0 - create: true - - select: - kind: CustomResourceDefinition - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 0 - create: true - - source: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldPath: .metadata.name - targets: - - select: - kind: ValidatingWebhookConfiguration - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 1 - create: true - - select: - kind: MutatingWebhookConfiguration - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 1 - create: true - - select: - kind: CustomResourceDefinition - fieldPaths: - - .metadata.annotations.[cert-manager.io/inject-ca-from] - options: - delimiter: '/' - index: 1 - create: true - - source: # Add cert-manager annotation to the webhook Service - kind: Service - version: v1 - name: webhook-service - fieldPath: .metadata.name # namespace of the service - targets: - - select: - kind: Certificate - group: cert-manager.io - version: v1 - fieldPaths: - - .spec.dnsNames.0 - - .spec.dnsNames.1 - options: - delimiter: '.' - index: 0 - create: true - - source: - kind: Service - version: v1 - name: webhook-service - fieldPath: .metadata.namespace # namespace of the service - targets: - - select: - kind: Certificate - group: cert-manager.io - version: v1 - fieldPaths: - - .spec.dnsNames.0 - - .spec.dnsNames.1 - options: - delimiter: '.' - index: 1 - create: true +#replacements: +# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.namespace # namespace of the certificate CR +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 0 +# create: true +# - source: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# name: serving-cert # this name should match the one in certificate.yaml +# fieldPath: .metadata.name +# targets: +# - select: +# kind: ValidatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: MutatingWebhookConfiguration +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - select: +# kind: CustomResourceDefinition +# fieldPaths: +# - .metadata.annotations.[cert-manager.io/inject-ca-from] +# options: +# delimiter: '/' +# index: 1 +# create: true +# - source: # Add cert-manager annotation to the webhook Service +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.name # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 0 +# create: true +# - source: +# kind: Service +# version: v1 +# name: webhook-service +# fieldPath: .metadata.namespace # namespace of the service +# targets: +# - select: +# kind: Certificate +# group: cert-manager.io +# version: v1 +# fieldPaths: +# - .spec.dnsNames.0 +# - .spec.dnsNames.1 +# options: +# delimiter: '.' +# index: 1 +# create: true diff --git a/config/samples/readme.md b/config/samples/readme.md index 1dc94ee..257441d 100644 --- a/config/samples/readme.md +++ b/config/samples/readme.md @@ -19,7 +19,7 @@ curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/d sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum} -cilium install --version 1.13.5 +cilium install --version 1.14.1 **CCM** See https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager diff --git a/internal/controller/ionoscloudmachine_controller_test.go b/internal/controller/ionoscloudmachine_controller_test.go index 9ed2f22..8c6ec66 100644 --- a/internal/controller/ionoscloudmachine_controller_test.go +++ b/internal/controller/ionoscloudmachine_controller_test.go @@ -137,10 +137,8 @@ var _ = Describe("IONOSCloudMachine controller", func() { BootVolume: v1alpha1.IONOSVolumeSpec{ Size: "2048", }, - IP: nil, - ProviderID: "", - NetworkInterfaceID: "", - VolumeID: "", + IP: nil, + ProviderID: "", }, } identitySecret = &v1.Secret{ diff --git a/internal/ionos/apiclient.go b/internal/ionos/apiclient.go index c508343..92af1fc 100644 --- a/internal/ionos/apiclient.go +++ b/internal/ionos/apiclient.go @@ -3,6 +3,7 @@ package ionos import ( "context" "fmt" + "github.com/GDATASoftwareAG/cluster-api-provider-ionoscloud/api/v1alpha1" ionoscloud "github.com/ionos-cloud/sdk-go/v6" "strings" "sync" @@ -16,7 +17,7 @@ var ( ) type DatacenterAPI interface { - CreateDatacenter(ctx context.Context, name, location string) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) + CreateDatacenter(ctx context.Context, name string, location v1alpha1.Location) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) GetDatacenter(ctx context.Context, datacenterId string) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) DeleteDatacenter(ctx context.Context, datacenterId string) (*ionoscloud.APIResponse, error) } @@ -94,10 +95,10 @@ func (c *APIClient) DeleteDatacenter(ctx context.Context, datacenterId string) ( return c.client.DataCentersApi.DatacentersDelete(ctx, datacenterId).Execute() } -func (c *APIClient) CreateDatacenter(ctx context.Context, name, location string) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) { +func (c *APIClient) CreateDatacenter(ctx context.Context, name string, location v1alpha1.Location) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) { datacenter := ionoscloud.Datacenter{ Properties: &ionoscloud.DatacenterProperties{ - Location: &location, + Location: ionoscloud.ToPtr(location.String()), Name: &name, }, } diff --git a/testing/fakeClient.go b/testing/fakeClient.go index 59769a8..b65b890 100644 --- a/testing/fakeClient.go +++ b/testing/fakeClient.go @@ -3,6 +3,7 @@ package testing import ( "context" "fmt" + "github.com/GDATASoftwareAG/cluster-api-provider-ionoscloud/api/v1alpha1" "github.com/GDATASoftwareAG/cluster-api-provider-ionoscloud/internal/ionos" ionoscloud "github.com/ionos-cloud/sdk-go/v6" "github.com/pkg/errors" @@ -236,7 +237,7 @@ func (f FakeClient) GetServer(_ context.Context, datacenterId, serverId string) nil } -func (f FakeClient) CreateDatacenter(_ context.Context, name, location string) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) { +func (f FakeClient) CreateDatacenter(_ context.Context, name string, location v1alpha1.Location) (ionoscloud.Datacenter, *ionoscloud.APIResponse, error) { uid := string(uuid.NewUUID()) dc := ionoscloud.Datacenter{ Id: ionoscloud.ToPtr(uid), @@ -255,7 +256,7 @@ func (f FakeClient) CreateDatacenter(_ context.Context, name, location string) ( }, }, Properties: &ionoscloud.DatacenterProperties{ - Location: ionoscloud.ToPtr(location), + Location: ionoscloud.ToPtr(location.String()), Name: ionoscloud.ToPtr(name), }, }