Skip to content

Commit

Permalink
Merge master
Browse files Browse the repository at this point in the history
  • Loading branch information
majst01 committed Jan 23, 2024
2 parents bc963e9 + 1fd3598 commit 28ead28
Show file tree
Hide file tree
Showing 5 changed files with 68 additions and 89 deletions.
5 changes: 1 addition & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -6,20 +6,18 @@ require (
github.com/coreos/go-systemd/v22 v22.5.0
github.com/fatih/color v1.16.0
github.com/go-logr/logr v1.4.1
github.com/go-logr/zapr v1.2.4
github.com/golang/mock v1.6.0
github.com/google/go-cmp v0.6.0
github.com/google/nftables v0.1.1-0.20230115205135-9aa6fdf5a28c
github.com/ks2211/go-suricata v0.0.0-20200823200910-986ce1470707
github.com/metal-stack/firewall-controller-manager v0.3.2-0.20240115082359-d2ad341a4113
github.com/metal-stack/metal-go v0.26.2
github.com/metal-stack/metal-lib v0.14.3
github.com/metal-stack/metal-networker v0.40.0
github.com/metal-stack/metal-networker v0.41.0
github.com/metal-stack/v v1.0.3
github.com/miekg/dns v1.1.56
github.com/txn2/txeh v1.5.3
github.com/vishvananda/netlink v1.2.1-beta.2
go.uber.org/zap v1.26.0
go4.org/netipx v0.0.0-20230824141953-6213f710f925
k8s.io/api v0.26.3
k8s.io/apiextensions-apiserver v0.26.3
Expand Down Expand Up @@ -78,7 +76,6 @@ require (
github.com/spf13/pflag v1.0.5 // indirect
github.com/vishvananda/netns v0.0.4 // indirect
go.mongodb.org/mongo-driver v1.13.1 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/mod v0.14.0 // indirect
golang.org/x/net v0.20.0 // indirect
golang.org/x/oauth2 v0.16.0 // indirect
Expand Down
19 changes: 2 additions & 17 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,6 @@ github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAE
github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
Expand Down Expand Up @@ -49,7 +48,6 @@ github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4
github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
Expand Down Expand Up @@ -148,7 +146,6 @@ github.com/jszwec/csvutil v1.8.0/go.mod h1:/E4ONrmGkwmWsk9ae9jpXnv9QT8pLHEPcCirM
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
Expand Down Expand Up @@ -183,8 +180,8 @@ github.com/metal-stack/metal-hammer v0.12.0 h1:t6t73RGmDU1IFkHC7dJxu7xDIZZvwmqmu
github.com/metal-stack/metal-hammer v0.12.0/go.mod h1:MeY/EDYqyFUTk24vEQuaUrfRJf20lIisbqXj28+Bxmc=
github.com/metal-stack/metal-lib v0.14.3 h1:oHtOnGsQC/ySLXzj14mfy7/8bwmCPfD5SD6U4yh8BHU=
github.com/metal-stack/metal-lib v0.14.3/go.mod h1:2wKxFXSCpA1Dr+Rq0ddpQCPKPGMWJp4cpIaVTM4lDi0=
github.com/metal-stack/metal-networker v0.40.0 h1:PH6UQmKJjD4MkaZHvgBE20u0YYiTSDa+z211qM/8ZuU=
github.com/metal-stack/metal-networker v0.40.0/go.mod h1:K7M5RGN/nSBmeuVrkjl1oDxI9fw8CB3VnuPdoumGTnk=
github.com/metal-stack/metal-networker v0.41.0 h1:eefp8nzhF6eBDoGjFR8m+chkGUO5QFuyxffsgQT808c=
github.com/metal-stack/metal-networker v0.41.0/go.mod h1:jdHKFIbPBNHnvies0Tb8DlnPfbKV/HuikxPZH3kC6uA=
github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs=
github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg=
github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
Expand Down Expand Up @@ -254,14 +251,10 @@ github.com/spf13/viper v1.17.0 h1:I5txKw7MJasPL/BrfkbA0Jyo/oELqVmux4pR/UxOMfI=
github.com/spf13/viper v1.17.0/go.mod h1:BmMMMLQXSbcHK6KAOiFLz0l5JHrU89OdIRHvsk0+yVI=
github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag1KpM8ahLw8=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
Expand All @@ -287,14 +280,10 @@ github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5t
go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk=
go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo=
go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU=
go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg=
go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo=
go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so=
go4.org/netipx v0.0.0-20230824141953-6213f710f925 h1:eeQDDVKFkx0g4Hyy8pHgmZaK0EqB4SD6rvKbUdN3ziQ=
Expand All @@ -312,7 +301,6 @@ golang.org/x/exp v0.0.0-20231127185646-65229373498e/go.mod h1:iRJReGqOEeBhDZGkGb
golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
Expand Down Expand Up @@ -395,7 +383,6 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.16.0 h1:GO788SKMRunPIBCXiQyo2AaexLstOrVhuAL5YwsckQM=
golang.org/x/tools v0.16.0/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0=
Expand Down Expand Up @@ -438,7 +425,6 @@ google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I=
google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
Expand All @@ -451,7 +437,6 @@ gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
Expand Down
107 changes: 54 additions & 53 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,13 @@ import (
"context"
"flag"
"fmt"
"log/slog"
"os"
"time"

"github.com/metal-stack/v"

"github.com/go-logr/zapr"
"go.uber.org/zap"
"go.uber.org/zap/zapcore"
"github.com/go-logr/logr"

corev1 "k8s.io/api/core/v1"
apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1"
Expand Down Expand Up @@ -88,73 +87,84 @@ func main() {
return
}

l, err := newZapLogger(logLevel)
if err != nil {
setupLog.Error(err, "unable to parse log level")
os.Exit(1)
}
ctrl.SetLogger(zapr.NewLogger(l.Desugar()))
jsonHandler := slog.NewJSONHandler(os.Stdout, &slog.HandlerOptions{})
l := slog.New(jsonHandler)

l.Infow("using kubeconfig path", "path", kubeconfigPath)
ctrl.SetLogger(logr.FromSlogHandler(jsonHandler))

l.Info("using kubeconfig path", "path", kubeconfigPath)

var (
ctx = ctrl.SetupSignalHandler()
seedConfig = ctrl.GetConfigOrDie()
)

// FIXME validation and controller start should be refactored into own func which returns error
// instead Fatalw or Error and panic here.
var err error
if firewallName == "" {
firewallName, err = os.Hostname()
if err != nil {
l.Fatalw("unable to default firewall name flag to hostname", "error", err)
l.Error("unable to default firewall name flag to hostname", "error", err)
panic(err)
}
}

if kubeconfigPath == "" {
l.Fatalw("kubeconfig path is empty, aborting")
l.Error("kubeconfig path is empty, aborting")
panic(err)
}

seedClient, err := controllerclient.New(seedConfig, controllerclient.Options{
Scheme: scheme,
})
if err != nil {
l.Fatalw("unable to create seed client", "error", err)
l.Error("unable to create seed client", "error", err)
panic(err)
}

rawKubeconfig, err := os.ReadFile(kubeconfigPath)
if err != nil {
l.Fatalw("unable to read kubeconfig", "path", kubeconfigPath, "error", err)
l.Error("unable to read kubeconfig", "path", kubeconfigPath, "error", err)
panic(err)
}

seedNamespace, err := getSeedNamespace(rawKubeconfig)
if err != nil {
l.Fatalw("unable to find seed namespace from kubeconfig", "error", err)
l.Error("unable to find seed namespace from kubeconfig", "error", err)
panic(err)
}

fw, err := findResponsibleFirewall(ctx, seedClient, firewallName, seedNamespace)
if err != nil {
l.Fatalw("unable to find firewall resource to be responsible for", "error", err)
l.Error("unable to find firewall resource to be responsible for", "error", err)
panic(err)
}

l.Infow("found firewall resource to be responsible for", "firewall-name", firewallName, "namespace", seedNamespace)
l.Info("found firewall resource to be responsible for", "firewall-name", firewallName, "namespace", seedNamespace)

shootAccessHelper := helper.NewShootAccessHelper(seedClient, fw.Status.ShootAccess)
if err != nil {
l.Fatalw("unable to construct shoot access helper", "error", err)
l.Error("unable to construct shoot access helper", "error", err)
panic(err)
}

accessTokenUpdater, err := helper.NewShootAccessTokenUpdater(shootAccessHelper, "/etc/firewall-controller")
if err != nil {
l.Fatalw("unable to create shoot access token updater", "error", err)
l.Error("unable to create shoot access token updater", "error", err)
panic(err)
}

err = accessTokenUpdater.UpdateContinuously(ctrl.Log.WithName("token-updater"), ctx)
if err != nil {
l.Fatalw("unable to start token updater", "error", err)
l.Error("unable to start token updater", "error", err)
panic(err)
}

shootConfig, err := shootAccessHelper.RESTConfig(ctx)
if err != nil {
l.Fatalw("unable to create shoot config", "error", err)
l.Error("unable to create shoot config", "error", err)
panic(err)
}

seedMgr, err := ctrl.NewManager(seedConfig, ctrl.Options{
Expand All @@ -168,7 +178,8 @@ func main() {
LeaderElection: false, // leader election does not make sense for this controller, it's always single managed by systemd
})
if err != nil {
l.Fatalw("unable to create seed manager", "error", err)
l.Error("unable to create seed manager", "error", err)
panic(err)
}

shootMgr, err := ctrl.NewManager(shootConfig, ctrl.Options{
Expand All @@ -177,12 +188,14 @@ func main() {
LeaderElection: false,
})
if err != nil {
l.Fatalw("unable to create shoot manager", "error", err)
l.Error("unable to create shoot manager", "error", err)
panic(err)
}

shootClient, err := controllerclient.New(shootConfig, controllerclient.Options{Scheme: scheme})
if err != nil {
l.Fatalw("unable to create shoot client", "error", err)
l.Error("unable to create shoot client", "error", err)
panic(err)
}

updater := updater.New(ctrl.Log.WithName("updater"), shootMgr.GetEventRecorderFor("FirewallController"))
Expand All @@ -209,7 +222,8 @@ func main() {
SeedUpdatedFunc: fwmReconciler.SeedUpdated,
TokenUpdater: accessTokenUpdater,
}).SetupWithManager(seedMgr); err != nil {
l.Fatalw("unable to create firewall controller", "error", err)
l.Error("unable to create firewall controller", "error", err)
panic(err)
}

// Droptailer Reconciler
Expand All @@ -218,7 +232,8 @@ func main() {
Log: ctrl.Log.WithName("controllers").WithName("Droptailer"),
HostsFile: hostsFile,
}).SetupWithManager(shootMgr); err != nil {
l.Fatalw("unable to create droptailer controller", "error", err)
l.Error("unable to create droptailer controller", "error", err)
panic(err)
}

// ClusterwideNetworkPolicy Reconciler
Expand All @@ -230,20 +245,23 @@ func main() {
FirewallName: firewallName,
SeedNamespace: seedNamespace,
}).SetupWithManager(shootMgr); err != nil {
l.Fatalw("unable to create clusterwidenetworkpolicy controller", "error", err)
l.Error("unable to create clusterwidenetworkpolicy controller", "error", err)
panic(err)
}

if err = (&controllers.ClusterwideNetworkPolicyValidationReconciler{
ShootClient: shootMgr.GetClient(),
Log: ctrl.Log.WithName("controllers").WithName("ClusterwideNetworkPolicyValidation"),
Recorder: shootMgr.GetEventRecorderFor("FirewallController"),
}).SetupWithManager(shootMgr); err != nil {
l.Fatalw("unable to create clusterwidenetworkpolicyvalidation controller", "error", err)
l.Error("unable to create clusterwidenetworkpolicyvalidation controller", "error", err)
panic(err)
}

// FirewallMonitorReconciler
if err = (fwmReconciler).SetupWithManager(shootMgr); err != nil {
l.Fatalw("unable to create firewall monitor controller", "error", err)
l.Error("unable to create firewall monitor controller", "error", err)
panic(err)
}

// +kubebuilder:scaffold:builder
Expand All @@ -257,46 +275,29 @@ func main() {
defer cancel()
err = updater.Run(updaterCtx, fw)
if err != nil {
l.Fatalw("unable to update firewall components", "error", err)
l.Error("unable to update firewall components", "error", err)
panic(err)
}

go func() {
l.Infow("starting shoot controller", "version", v.V)
l.Info("starting shoot controller", "version", v.V)
if err := shootMgr.Start(ctx); err != nil {
l.Fatalw("problem running shoot controller", "error", err)
l.Error("problem running shoot controller", "error", err)
panic(err)
}
}()

err = sysctl.Tune(l)
if err != nil {
l.Errorw("unable to tune kernel", "error", err)
l.Error("unable to tune kernel", "error", err)
}

if err := seedMgr.Start(ctx); err != nil {
l.Errorw("problem running seed controller", "error", err)
l.Error("problem running seed controller", "error", err)
panic(err)
}
}

func newZapLogger(levelString string) (*zap.SugaredLogger, error) {
level, err := zap.ParseAtomicLevel(levelString)
if err != nil {
return nil, fmt.Errorf("unable to parse log level: %w", err)
}

cfg := zap.NewProductionConfig()
cfg.Level = level
cfg.EncoderConfig.TimeKey = "timestamp"
cfg.EncoderConfig.EncodeTime = zapcore.RFC3339TimeEncoder

l, err := cfg.Build()
if err != nil {
return nil, fmt.Errorf("can't initialize zap logger: %w", err)
}

return l.Sugar(), nil
}

func findResponsibleFirewall(ctx context.Context, seed controllerclient.Client, firewallName, seedNamespace string) (*firewallv2.Firewall, error) {
fwList := &firewallv2.FirewallList{}
err := seed.List(ctx, fwList, &controllerclient.ListOptions{
Expand Down
Loading

0 comments on commit 28ead28

Please sign in to comment.