metal-stack · mwindower · Apr 7, 2021 · Mar 31, 2021 · Mar 31, 2021 · Apr 1, 2021
@@ -32,13 +32,17 @@ jobs:
         username: ${{ secrets.DOCKER_REGISTRY_USER }}
         password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
 
+    - name: Build
+      run: |
+        make
+
     - name: Lint
       uses: golangci/golangci-lint-action@v2
       with:
         version: v1.32.2
         args: --timeout=3m
 
-    - name: build the Docker images
+    - name: Build and Push Docker Image
       run: |
         make docker-build
         make docker-push

@@ -37,13 +37,17 @@ jobs:
         password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
       if: steps.fork.outputs.is_fork_pr == 'false'
 
+    - name: Build
+      run: |
+        make
+
     - name: Lint
       uses: golangci/golangci-lint-action@v2
       with:
         version: v1.32.2
         args: --timeout=3m
 
-    - name: Build
+    - name: Build Docker Image
       run: |
         export GITHUB_TAG_NAME=${GITHUB_HEAD_REF##*/}
         make docker-build

@@ -27,7 +27,7 @@ jobs:
 
     - name: Get release
       id: get_release
-      uses: bruceadams/get-release@v1.2.1
+      uses: bruceadams/get-release@v1.2.2
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -38,13 +38,17 @@ jobs:
         username: ${{ secrets.DOCKER_REGISTRY_USER }}
         password: ${{ secrets.DOCKER_REGISTRY_TOKEN }}
 
+    - name: Build
+      run: |
+        make
+
     - name: Lint
       uses: golangci/golangci-lint-action@v2
       with:
         version: v1.32.2
         args: --timeout=3m
 
-    - name: Build the Docker images
+    - name: Build and Push Docker Image
       run: |
         export GITHUB_TAG_NAME=${GITHUB_REF##*/}
         make docker-build

@@ -31,3 +31,5 @@ nftables.v4
 *.swp
 *.swo
 *~
+
+pkg/network/frr.firewall.tpl
@@ -9,6 +9,9 @@ DOCKER_TAG := $(or ${GITHUB_TAG_NAME}, latest)
 DOCKER_IMG ?= ghcr.io/metal-stack/firewall-controller:${DOCKER_TAG}
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
 CRD_OPTIONS ?= "crd:trivialVersions=true"
+# this version is used to include template from the metal-networker to the firewall-controller
+# version should be not that far away from the compile dependency in go.mod
+METAL_NETWORKER_VERSION := v0.6.1
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -30,7 +33,7 @@ test-integration: generate fmt vet manifests
 	go test ./... -v Integration
 
 clean:
-	rm -rf bin/* statik/statik.go
+	rm -rf bin/* statik/statik.go pkg/network/frr.firewall.tpl
 
 # Build firewall-controller binary
 firewall-controller: statik generate fmt vet test
@@ -65,7 +68,7 @@ deploy: manifests
 
 # Generate manifests e.g. CRD, RBAC etc.
 manifests: controller-gen
-	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./api/...;./controllers/..." output:crd:artifacts:config=config/crd/bases
 
 # Run go fmt against code
 fmt:
@@ -77,6 +80,8 @@ vet:
 
 # Generate code
 generate: controller-gen statik manifests
+	wget https://raw.githubusercontent.com/metal-stack/metal-networker/${METAL_NETWORKER_VERSION}/internal/netconf/tpl/frr.firewall.tpl -O ./pkg/network/frr.firewall.tpl
+	$(STATIK) -src=pkg/network -include='*.tpl' -dest=pkg/network -ns networker
 	$(STATIK) -src=pkg/nftables -include='*.tpl' -dest=pkg/nftables -ns tpl
 	$(STATIK) -src=config/crd/bases -ns crd
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./..."

@@ -44,6 +44,7 @@ import (
 
 	firewallv1 "github.com/metal-stack/firewall-controller/api/v1"
 	"github.com/metal-stack/firewall-controller/pkg/collector"
+	"github.com/metal-stack/firewall-controller/pkg/network"
 	"github.com/metal-stack/firewall-controller/pkg/nftables"
 	"github.com/metal-stack/firewall-controller/pkg/suricata"
 	"github.com/metal-stack/firewall-controller/pkg/updater"
@@ -130,6 +131,18 @@ func (r *FirewallReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) {
 		errors = multierror.Append(errors, err)
 	}
 
+	log.Info("reconciling network settings")
+	changed, err := network.ReconcileNetwork(f, log)
+	if changed && err == nil {
+		r.recorder.Event(&f, "Info", "Network settings", "reconcilation succeeded (frr.conf)")
+	} else if changed && err != nil {
+		r.recorder.Event(&f, "Warning", "Network settings", fmt.Sprintf("reconcilation failed (frr.conf): %v", err))
+	}
+
+	if err != nil {
+		errors = multierror.Append(errors, err)
+	}
+
 	log.Info("reconciling firewall services")
 	if err = r.reconcileFirewallServices(ctx, f, log); err != nil {
 		errors = multierror.Append(errors, err)

@@ -4,9 +4,9 @@ go 1.15
 
 require (
 	cloud.google.com/go v0.72.0 // indirect
-	github.com/go-logr/logr v0.3.0
+	github.com/go-logr/logr v0.4.0
 	github.com/go-logr/zapr v0.3.0 // indirect
-	github.com/google/go-cmp v0.5.2
+	github.com/google/go-cmp v0.5.5
 	github.com/google/go-github v17.0.0+incompatible
 	github.com/google/go-querystring v1.0.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
@@ -16,15 +16,13 @@ require (
 	github.com/imdario/mergo v0.3.11 // indirect
 	github.com/ks2211/go-suricata v0.0.0-20200823200910-986ce1470707
 	github.com/mdlayher/netlink v1.1.1 // indirect
-	github.com/metal-stack/metal-lib v0.6.6
-	github.com/metal-stack/v v1.0.2
-	github.com/onsi/ginkgo v1.14.2 // indirect
-	github.com/prometheus/common v0.14.0 // indirect
-	github.com/prometheus/procfs v0.2.0 // indirect
+	github.com/metal-stack/metal-go v0.14.0
+	github.com/metal-stack/metal-lib v0.7.2
+	github.com/metal-stack/metal-networker v0.6.2-0.20210406084831-decec21c5643
+	github.com/metal-stack/v v1.0.3
 	github.com/rakyll/statik v0.1.7
 	github.com/txn2/txeh v1.3.0
 	github.com/vishvananda/netlink v1.1.0
-	go.uber.org/multierr v1.6.0 // indirect
 	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
 	gomodules.xyz/jsonpatch/v2 v2.1.0 // indirect
 	k8s.io/api v0.18.9