Skip to content

Commit

Permalink
refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
AshleyDumaine committed Mar 6, 2024
1 parent ead385c commit aff43d1
Show file tree
Hide file tree
Showing 17 changed files with 382 additions and 419 deletions.
37 changes: 29 additions & 8 deletions api/v1alpha1/linodecluster_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,15 +46,10 @@ type LinodeClusterSpec struct {
// +optional
CredentialsRef *corev1.SecretReference `json:"credentialsRef,omitempty"`

// ControlPlaneFirewall encapsulates all things related to the Firewall for the
// control plane nodes.
// +optional
// ControlPlaneFirewallRefs contains a list of LinodeFirewall references to restrict traffic
// to/from the control plane nodes
ControlPlaneFirewallRefs []*corev1.ObjectReference `json:"controlPlaneFirewallRefs,omitempty"`

// +optional
// WorkerFirewallRefs contains a list of LinodeFirewall references to restrict traffic
// to/from the worker nodes
WorkerFirewallRefs []*corev1.ObjectReference `json:"workerFirewallRefs,omitempty"`
ControlPlaneFirewall FirewallSpec `json:"controlPlaneFirewall,omitempty"`
}

// LinodeClusterStatus defines the observed state of LinodeCluster
Expand Down Expand Up @@ -123,6 +118,32 @@ type NetworkSpec struct {
NodeBalancerConfigID *int `json:"nodeBalancerConfigID,omitempty"`
}

// FirewallSpec encapsulates Linode Firewall configuration for nodes.
type FirewallSpec struct {
// Enabled specifies if the default api server firewall should be enabled
// +kubebuilder:default:=true
// +optional
Enabled bool `json:"enabled,omitempty"`
// AllowedIPV4Addresses specifies additional IPV4 addresses aside from the worker nodes
// that should be permitted to reach the K8s API server
// Per the Linode API:
// Must contain only valid IPv4 addresses or networks (both must be in ip/mask format)
// +optional
// +kubebuilder:default:={"0.0.0.0/0"}
AllowedIPV4Addresses []string `json:"allowedIPV4Addresses,omitempty"`
// AllowedIPV6Addresses specifies additional IPV6 addresses aside from the worker nodes
// that should be permitted to reach the K8s API server
// +optional
// +kubebuilder:default:={"::/0"}
AllowedIPV6Addresses []string `json:"allowedIPV6Addresses,omitempty"`
// AllowSSH specifies if SSH should be permitted for the firewall
// +optional
AllowSSH bool `json:"allowSSH,omitempty"`
// FirewallID is the ID of the Cloud Firewall.
// +optional
FirewallID *int `json:"firewallID,omitempty"`
}

// +kubebuilder:object:root=true

// LinodeClusterList contains a list of LinodeCluster
Expand Down
4 changes: 4 additions & 0 deletions api/v1alpha1/linodefirewall_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,10 @@ type LinodeFirewallSpec struct {
// +optional
FirewallID *int `json:"firewallID,omitempty"`

// +optional
// ClusterUID is used by the LinodeCluster controller to associate a Cloud Firewall to a LinodeCluster
ClusterUID string `json:"clusterUID,omitempty"`

// +optional
// +kubebuilder:default=false
Enabled bool `json:"enabled,omitempty"`
Expand Down
58 changes: 36 additions & 22 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

30 changes: 18 additions & 12 deletions cloud/scope/cluster.go
Original file line number Diff line number Diff line change
Expand Up @@ -32,9 +32,10 @@ import (

// ClusterScopeParams defines the input parameters used to create a new Scope.
type ClusterScopeParams struct {
Client client.Client
Cluster *clusterv1.Cluster
LinodeCluster *infrav1alpha1.LinodeCluster
Client client.Client
Cluster *clusterv1.Cluster
LinodeCluster *infrav1alpha1.LinodeCluster
ControlPlaneFirewall *infrav1alpha1.LinodeFirewall
}

func validateClusterScopeParams(params ClusterScopeParams) error {
Expand All @@ -44,6 +45,9 @@ func validateClusterScopeParams(params ClusterScopeParams) error {
if params.LinodeCluster == nil {
return errors.New("linodeCluster is required when creating a ClusterScope")
}
if params.ControlPlaneFirewall == nil {
return errors.New("controlPlaneFirewall is required when creating a ClusterScope")
}

return nil
}
Expand Down Expand Up @@ -71,22 +75,24 @@ func NewClusterScope(ctx context.Context, apiKey string, params ClusterScopePara
}

return &ClusterScope{
client: params.Client,
Cluster: params.Cluster,
LinodeClient: linodeClient,
LinodeCluster: params.LinodeCluster,
PatchHelper: helper,
client: params.Client,
Cluster: params.Cluster,
LinodeClient: linodeClient,
LinodeCluster: params.LinodeCluster,
ControlPlaneFirewall: params.ControlPlaneFirewall,
PatchHelper: helper,
}, nil
}

// ClusterScope defines the basic context for an actuator to operate upon.
type ClusterScope struct {
client client.Client

PatchHelper *patch.Helper
LinodeClient *linodego.Client
Cluster *clusterv1.Cluster
LinodeCluster *infrav1alpha1.LinodeCluster
PatchHelper *patch.Helper
LinodeClient *linodego.Client
Cluster *clusterv1.Cluster
LinodeCluster *infrav1alpha1.LinodeCluster
ControlPlaneFirewall *infrav1alpha1.LinodeFirewall
}

// PatchObject persists the cluster configuration and status.
Expand Down
7 changes: 0 additions & 7 deletions cloud/scope/firewall.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,14 +35,12 @@ type FirewallScope struct {

PatchHelper *patch.Helper
LinodeClient *linodego.Client
LinodeCluster *infrav1alpha1.LinodeCluster
LinodeFirewall *infrav1alpha1.LinodeFirewall
}

// FirewallScopeParams defines the input parameters used to create a new Scope.
type FirewallScopeParams struct {
Client client.Client
LinodeCluster *infrav1alpha1.LinodeCluster
LinodeFirewall *infrav1alpha1.LinodeFirewall
}

Expand All @@ -51,10 +49,6 @@ func validateFirewallScopeParams(params FirewallScopeParams) error {
return errors.New("linodeFirewall is required when creating a FirewallScope")
}

if params.LinodeCluster == nil {
return errors.New("linodeCluster is required when creating a FirewallScope")
}

return nil
}

Expand All @@ -76,7 +70,6 @@ func NewFirewallScope(apiKey string, params FirewallScopeParams) (*FirewallScope
client: params.Client,
LinodeClient: linodeClient,
LinodeFirewall: params.LinodeFirewall,
LinodeCluster: params.LinodeCluster,
PatchHelper: helper,
}, nil
}
Expand Down
Loading

0 comments on commit aff43d1

Please sign in to comment.