From 3d39cc1367b77dd5f4e2427280c71b8354d49a0c Mon Sep 17 00:00:00 2001 From: Le Yao Date: Thu, 20 Jan 2022 19:49:10 -0500 Subject: [PATCH] Migrate Kubebuilder v2 to v3 The minimal updates Signed-off-by: Le Yao Change-Id: Ia33790bd0957534c91e73d01725ea63433c28ef3 --- central-controller/README.md | 2 +- central-controller/deployments/README.md | 4 +- ...k8splugin_v1alpha1_resourcebundlestate_crd.yaml | 170 +- central-controller/deployments/kubernetes/scc.yaml | 4 +- platform/crd-ctrlr/examples/sdewan-controller.yaml | 2303 ++++++++++++-------- platform/crd-ctrlr/src/Makefile | 8 +- platform/crd-ctrlr/src/PROJECT | 2 +- .../src/api/v1alpha1/bucket_permission_webhook.go | 2 +- .../src/api/v1alpha1/label_validate_webhook.go | 2 +- .../src/api/v1alpha1/zz_generated.deepcopy.go | 1 + .../src/config/certmanager/certificate.yaml | 6 +- .../batch.sdewan.akraino.org_cnflocalservices.yaml | 105 +- .../bases/batch.sdewan.akraino.org_cnfnats.yaml | 135 +- .../batch.sdewan.akraino.org_cnfrouterules.yaml | 107 +- .../bases/batch.sdewan.akraino.org_cnfroutes.yaml | 105 +- .../batch.sdewan.akraino.org_cnfservices.yaml | 95 +- .../batch.sdewan.akraino.org_cnfstatuses.yaml | 117 +- .../batch.sdewan.akraino.org_firewalldnats.yaml | 143 +- ...tch.sdewan.akraino.org_firewallforwardings.yaml | 104 +- .../batch.sdewan.akraino.org_firewallrules.yaml | 155 +- .../batch.sdewan.akraino.org_firewallsnats.yaml | 143 +- .../batch.sdewan.akraino.org_firewallzones.yaml | 159 +- .../bases/batch.sdewan.akraino.org_ipsechosts.yaml | 217 +- .../batch.sdewan.akraino.org_ipsecproposals.yaml | 107 +- .../bases/batch.sdewan.akraino.org_ipsecsites.yaml | 221 +- .../batch.sdewan.akraino.org_mwan3policies.yaml | 123 +- .../bases/batch.sdewan.akraino.org_mwan3rules.yaml | 137 +- ...atch.sdewan.akraino.org_sdewanapplications.yaml | 180 +- .../patches/cainjection_in_cnflocalservices.yaml | 10 + .../config/crd/patches/cainjection_in_cnfnats.yaml | 2 +- .../crd/patches/cainjection_in_cnfrouterules.yaml | 4 +- .../crd/patches/cainjection_in_cnfroutes.yaml | 4 +- .../crd/patches/cainjection_in_cnfservices.yaml | 4 +- .../crd/patches/cainjection_in_cnfstatuses.yaml | 4 +- .../crd/patches/cainjection_in_firewalldnats.yaml | 4 +- .../cainjection_in_firewallforwardings.yaml | 4 +- .../crd/patches/cainjection_in_firewallrules.yaml | 4 +- .../crd/patches/cainjection_in_firewallsnats.yaml | 4 +- .../crd/patches/cainjection_in_firewallzones.yaml | 4 +- .../crd/patches/cainjection_in_ipsechosts.yaml | 4 +- .../crd/patches/cainjection_in_ipsecproposals.yaml | 4 +- .../crd/patches/cainjection_in_ipsecsites.yaml | 4 +- .../crd/patches/cainjection_in_mwan3policies.yaml | 4 +- .../crd/patches/cainjection_in_mwan3rules.yaml | 4 +- .../patches/cainjection_in_sdewanapplications.yaml | 4 +- .../crd/patches/webhook_in_cnflocalservices.yaml | 19 + .../src/config/crd/patches/webhook_in_cnfnats.yaml | 2 +- .../crd/patches/webhook_in_cnfrouterules.yaml | 4 +- .../config/crd/patches/webhook_in_cnfroutes.yaml | 4 +- .../config/crd/patches/webhook_in_cnfservices.yaml | 4 +- .../config/crd/patches/webhook_in_cnfstatuses.yaml | 4 +- .../crd/patches/webhook_in_firewalldnats.yaml | 4 +- .../patches/webhook_in_firewallforwardings.yaml | 4 +- .../crd/patches/webhook_in_firewallrules.yaml | 4 +- .../crd/patches/webhook_in_firewallsnats.yaml | 4 +- .../crd/patches/webhook_in_firewallzones.yaml | 4 +- .../config/crd/patches/webhook_in_ipsechosts.yaml | 4 +- .../crd/patches/webhook_in_ipsecproposals.yaml | 4 +- .../config/crd/patches/webhook_in_ipsecsites.yaml | 4 +- .../crd/patches/webhook_in_mwan3policies.yaml | 4 +- .../config/crd/patches/webhook_in_mwan3rules.yaml | 4 +- .../crd/patches/webhook_in_sdewanapplications.yaml | 4 +- .../src/config/default/kustomization.yaml | 4 +- .../config/default/manager_auth_proxy_patch.yaml | 4 +- .../config/default/webhookcainjection_patch.yaml | 4 +- .../crd-ctrlr/src/config/local/webhook_config.yaml | 9 +- platform/crd-ctrlr/src/config/manager/manager.yaml | 2 +- platform/crd-ctrlr/src/config/rbac/role.yaml | 8 + .../crd-ctrlr/src/config/webhook/manifests.yaml | 17 +- .../crd-ctrlr/src/controllers/base_controller.go | 1 + platform/crd-ctrlr/src/controllers/suite_test.go | 104 - platform/crd-ctrlr/src/main.go | 4 +- platform/deployment/README.md | 2 +- 73 files changed, 2755 insertions(+), 2414 deletions(-) create mode 100644 platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnflocalservices.yaml create mode 100644 platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnflocalservices.yaml delete mode 100644 platform/crd-ctrlr/src/controllers/suite_test.go diff --git a/central-controller/README.md b/central-controller/README.md index fce4705..f290a73 100644 --- a/central-controller/README.md +++ b/central-controller/README.md @@ -6,7 +6,7 @@ ###Install dependencies **1. Install cert-manager** -`$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml` +`$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml` **2. Create namespace for SDEWAN Overlay Controller Microservices** diff --git a/central-controller/deployments/README.md b/central-controller/deployments/README.md index ae605f0..520321a 100644 --- a/central-controller/deployments/README.md +++ b/central-controller/deployments/README.md @@ -3,7 +3,7 @@ ### Precondition **1. Install cert-manager** -`$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml` +`$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml` ### Steps to install packages from yaml **1. Create namespace for SDEWAN Central Controller v1Microservices** @@ -23,4 +23,4 @@ **4. install monitor resources** -`$ ./monitor-deploy.sh` \ No newline at end of file +`$ ./monitor-deploy.sh` diff --git a/central-controller/deployments/kubernetes/monitor/crds/k8splugin_v1alpha1_resourcebundlestate_crd.yaml b/central-controller/deployments/kubernetes/monitor/crds/k8splugin_v1alpha1_resourcebundlestate_crd.yaml index bcb9af1..39a3917 100644 --- a/central-controller/deployments/kubernetes/monitor/crds/k8splugin_v1alpha1_resourcebundlestate_crd.yaml +++ b/central-controller/deployments/kubernetes/monitor/crds/k8splugin_v1alpha1_resourcebundlestate_crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: resourcebundlestates.k8splugin.io @@ -10,93 +10,93 @@ spec: plural: resourcebundlestates singular: resourcebundlestate scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - selector: - type: object - required: - - selector - type: object - status: - properties: - podStatuses: - items: - type: object - type: array - ready: - type: boolean - resourceCount: - format: int32 - type: integer - serviceStatuses: - items: - type: object - type: array - configMapStatuses: - items: - type: object - type: array - deploymentStatuses: - items: - type: object - type: array - secretStatuses: - items: - type: object - type: array - daemonSetStatuses: - items: + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + selector: type: object - type: array - ingressStatuses: - items: - type: object - type: array - jobStatuses: - items: - type: object - type: array - statefulSetStatuses: - items: - type: object - type: array - csrStatuses: - items: - type: object - type: array - required: - - ready - - resourceCount - - podStatuses - - serviceStatuses - - configMapStatuses - - deploymentStatuses - - secretStatuses - - daemonSetStatuses - - ingressStatuses - - jobStatuses - - statefulSetStatuses - - csrStatuses - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + required: + - selector + type: object + status: + properties: + podStatuses: + items: + type: object + type: array + ready: + type: boolean + resourceCount: + format: int32 + type: integer + serviceStatuses: + items: + type: object + type: array + configMapStatuses: + items: + type: object + type: array + deploymentStatuses: + items: + type: object + type: array + secretStatuses: + items: + type: object + type: array + daemonSetStatuses: + items: + type: object + type: array + ingressStatuses: + items: + type: object + type: array + jobStatuses: + items: + type: object + type: array + statefulSetStatuses: + items: + type: object + type: array + csrStatuses: + items: + type: object + type: array + required: + - ready + - resourceCount + - podStatuses + - serviceStatuses + - configMapStatuses + - deploymentStatuses + - secretStatuses + - daemonSetStatuses + - ingressStatuses + - jobStatuses + - statefulSetStatuses + - csrStatuses + type: object + type: object served: true storage: true + subresources: + status: {} diff --git a/central-controller/deployments/kubernetes/scc.yaml b/central-controller/deployments/kubernetes/scc.yaml index 4b07d01..2db15e7 100644 --- a/central-controller/deployments/kubernetes/scc.yaml +++ b/central-controller/deployments/kubernetes/scc.yaml @@ -1,6 +1,6 @@ # Resources to create SDEWAN Central Controller v1 Microservices # SCC Config Map -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: scc-rbac @@ -97,4 +97,4 @@ spec: name: scc items: - key: rsync_config.json - path: rsync_config.json \ No newline at end of file + path: rsync_config.json diff --git a/platform/crd-ctrlr/examples/sdewan-controller.yaml b/platform/crd-ctrlr/examples/sdewan-controller.yaml index b5ddfd6..04acc6a 100644 --- a/platform/crd-ctrlr/examples/sdewan-controller.yaml +++ b/platform/crd-ctrlr/examples/sdewan-controller.yaml @@ -5,11 +5,255 @@ metadata: control-plane: controller-manager name: sdewan-system --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: cnflocalservices.batch.sdewan.akraino.org +spec: + group: batch.sdewan.akraino.org + names: + kind: CNFLocalService + listKind: CNFLocalServiceList + plural: cnflocalservices + singular: cnflocalservice + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFLocalService is the Schema for the cnflocalservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFLocalServiceSpec defines the desired state of CNFService + properties: + localport: + type: string + localservice: + type: string + remoteport: + type: string + remoteservice: + type: string + type: object + status: + description: CNFLocalServiceStatus defines the observed state of CNFLocalServiceStatus + properties: + localip: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + localport: + type: string + message: + type: string + remoteips: + items: + type: string + type: array + remoteport: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: cnfnats.batch.sdewan.akraino.org +spec: + group: batch.sdewan.akraino.org + names: + kind: CNFNAT + listKind: CNFNATList + plural: cnfnats + singular: cnfnat + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFNAT is the Schema for the cnfnats API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFNATSpec defines the desired state of CNFNAT + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + index: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proto: + type: string + src: + type: string + src_dip: + type: string + src_dport: + type: string + src_ip: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: cnfrouterules.batch.sdewan.akraino.org +spec: + group: batch.sdewan.akraino.org + names: + kind: CNFRouteRule + listKind: CNFRouteRuleList + plural: cnfrouterules + singular: cnfrouterule + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFRouteRule is the Schema for the cnfrouterules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFRouteRuleSpec defines the desired state of CNFRouteRule + properties: + dst: + type: string + fwmark: + type: string + not: + type: boolean + prio: + type: string + src: + type: string + table: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfroutes.batch.sdewan.akraino.org spec: @@ -20,57 +264,60 @@ spec: plural: cnfroutes singular: cnfroute scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFRoute is the Schema for the cnfroutes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFRouteSpec defines the desired state of CNFRoute - properties: - dev: - type: string - dst: - type: string - gw: - type: string - table: - enum: - - default - - cnf - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFRoute is the Schema for the cnfroutes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFRouteSpec defines the desired state of CNFRoute + properties: + dev: + type: string + dst: + type: string + gw: + type: string + table: + enum: + - default + - cnf + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -78,11 +325,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfservices.batch.sdewan.akraino.org spec: @@ -93,52 +340,55 @@ spec: plural: cnfservices singular: cnfservice scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFService is the Schema for the cnfservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFServiceSpec defines the desired state of CNFService - properties: - dport: - type: string - fullname: - type: string - port: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFService is the Schema for the cnfservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFServiceSpec defines the desired state of CNFService + properties: + dport: + type: string + fullname: + type: string + port: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -146,11 +396,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfstatuses.batch.sdewan.akraino.org spec: @@ -161,60 +411,66 @@ spec: plural: cnfstatuses singular: cnfstatus scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFStatus is the Schema for the cnfstatuses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFStatusSpec defines the desired state of CNFStatus - type: object - status: - description: CNFStatusStatus defines the observed state of CNFStatus - properties: - appliedGeneration: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' - format: int64 - type: integer - appliedTime: - format: date-time - type: string - information: - items: - description: CNFStatusInformation defines the runtime information of a CMF - properties: - ip: - type: string - name: - type: string - namespace: - type: string - node: - type: string - purpose: - type: string - status: - type: string - required: - - name - type: object - type: array - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFStatus is the Schema for the cnfstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFStatusSpec defines the desired state of CNFStatus + type: object + status: + description: CNFStatusStatus defines the observed state of CNFStatus + properties: + appliedGeneration: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + format: int64 + type: integer + appliedTime: + format: date-time + type: string + information: + items: + description: CNFStatusInformation defines the runtime information + of a CNF + properties: + ip: + type: string + name: + type: string + namespace: + type: string + node: + type: string + purpose: + type: string + status: + type: string + required: + - name + type: object + type: array + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -222,11 +478,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewalldnats.batch.sdewan.akraino.org spec: @@ -237,75 +493,79 @@ spec: plural: firewalldnats singular: firewalldnat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallDNAT is the Schema for the firewalldnats API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallDNATSpec defines the desired state of FirewallDNAT - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - family: - type: string - mark: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' - type: string - proto: - type: string - src: - type: string - src_dip: - type: string - src_dport: - type: string - src_ip: - type: string - src_mac: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallDNAT is the Schema for the firewalldnats API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallDNATSpec defines the desired state of FirewallDNAT + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + family: + type: string + mark: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proto: + type: string + src: + type: string + src_dip: + type: string + src_dport: + type: string + src_ip: + type: string + src_mac: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -313,11 +573,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallforwardings.batch.sdewan.akraino.org spec: @@ -328,55 +588,60 @@ spec: plural: firewallforwardings singular: firewallforwarding scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallForwarding is the Schema for the firewallforwardings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallForwardingSpec defines the desired state of FirewallForwarding - properties: - dest: - type: string - family: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' - type: string - src: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallForwarding is the Schema for the firewallforwardings + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallForwardingSpec defines the desired state of FirewallForwarding + properties: + dest: + type: string + family: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + src: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -384,11 +649,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallrules.batch.sdewan.akraino.org spec: @@ -399,81 +664,85 @@ spec: plural: firewallrules singular: firewallrule scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallRule is the Schema for the firewallrules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallRuleSpec defines the desired state of FirewallRule - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - extra: - type: string - family: - type: string - icmp_type: - items: - type: string - type: array - mark: - type: string - name: - description: Foo is an example field of FirewallRule. Edit FirewallRule_types.go to remove/update - type: string - proto: - type: string - set_mark: - type: string - set_xmark: - type: string - src: - type: string - src_ip: - type: string - src_mac: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallRule is the Schema for the firewallrules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallRuleSpec defines the desired state of FirewallRule + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + extra: + type: string + family: + type: string + icmp_type: + items: + type: string + type: array + mark: + type: string + name: + description: Foo is an example field of FirewallRule. Edit FirewallRule_types.go + to remove/update + type: string + proto: + type: string + set_mark: + type: string + set_xmark: + type: string + src: + type: string + src_ip: + type: string + src_mac: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -481,11 +750,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallsnats.batch.sdewan.akraino.org spec: @@ -496,75 +765,79 @@ spec: plural: firewallsnats singular: firewallsnat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallSNAT is the Schema for the firewallsnats API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallSNATSpec defines the desired state of FirewallSNAT - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - family: - type: string - mark: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' - type: string - proto: - type: string - src: - type: string - src_dip: - type: string - src_dport: - type: string - src_ip: - type: string - src_mac: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallSNAT is the Schema for the firewallsnats API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallSNATSpec defines the desired state of FirewallSNAT + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + family: + type: string + mark: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proto: + type: string + src: + type: string + src_dip: + type: string + src_dport: + type: string + src_ip: + type: string + src_mac: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -572,11 +845,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallzones.batch.sdewan.akraino.org spec: @@ -587,85 +860,89 @@ spec: plural: firewallzones singular: firewallzone scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallZone is the Schema for the firewallzones API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallZoneSpec defines the desired state of FirewallZone - properties: - etra_dest: - type: string - extra_src: - type: string - family: - type: string - forward: - type: string - input: - type: string - masq: - type: string - masq_allow_invalid: - type: string - masq_dest: - items: - type: string - type: array - masq_src: - items: - type: string - type: array - mtu_fix: - type: string - name: - description: Foo is an example field of FirewallZone. Edit FirewallZone_types.go to remove/update - type: string - network: - items: - type: string - type: array - output: - type: string - subnet: - items: - type: string - type: array - required: - - network - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallZone is the Schema for the firewallzones API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallZoneSpec defines the desired state of FirewallZone + properties: + etra_dest: + type: string + extra_src: + type: string + family: + type: string + forward: + type: string + input: + type: string + masq: + type: string + masq_allow_invalid: + type: string + masq_dest: + items: + type: string + type: array + masq_src: + items: + type: string + type: array + mtu_fix: + type: string + name: + description: Foo is an example field of FirewallZone. Edit FirewallZone_types.go + to remove/update + type: string + network: + items: + type: string + type: array + output: + type: string + subnet: + items: + type: string + type: array + required: + - network + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -673,11 +950,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: ipsechosts.batch.sdewan.akraino.org spec: @@ -688,113 +965,116 @@ spec: plural: ipsechosts singular: ipsechost scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: IpsecHost is the Schema for the ipsechosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - authentication_method: - type: string - connections: - items: - properties: - conn_type: - type: string - crypto_proposal: - items: - type: string - type: array - if_id: - type: string - local_firewall: - type: string - local_sourceip: - type: string - local_updown: - type: string - mark: - type: string - mode: - type: string - name: - type: string - remote_firewall: - type: string - remote_sourceip: - type: string - remote_subnet: - type: string - remote_updown: - type: string - required: - - conn_type - - mode - - name - type: object - type: array - crypto_proposal: - items: - type: string - type: array - force_crypto_proposal: - type: string - local_identifier: - type: string - local_private_cert: - type: string - local_public_cert: - type: string - name: - type: string - pre_shared_key: - type: string - remote: - type: string - remote_identifier: - type: string - shared_ca: - type: string - type: - type: string - required: - - authentication_method - - connections - - crypto_proposal - - remote - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: IpsecHost is the Schema for the ipsechosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authentication_method: + type: string + connections: + items: + properties: + conn_type: + type: string + crypto_proposal: + items: + type: string + type: array + if_id: + type: string + local_firewall: + type: string + local_sourceip: + type: string + local_updown: + type: string + mark: + type: string + mode: + type: string + name: + type: string + remote_firewall: + type: string + remote_sourceip: + type: string + remote_subnet: + type: string + remote_updown: + type: string + required: + - conn_type + - mode + - name + type: object + type: array + crypto_proposal: + items: + type: string + type: array + force_crypto_proposal: + type: string + local_identifier: + type: string + local_private_cert: + type: string + local_public_cert: + type: string + name: + type: string + pre_shared_key: + type: string + remote: + type: string + remote_identifier: + type: string + shared_ca: + type: string + type: + type: string + required: + - authentication_method + - connections + - crypto_proposal + - remote + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -802,11 +1082,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: ipsecproposals.batch.sdewan.akraino.org spec: @@ -817,58 +1097,61 @@ spec: plural: ipsecproposals singular: ipsecproposal scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: IpsecProposal is the Schema for the ipsecproposals API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IpsecProposalSpec defines the desired state of IpsecProposal - properties: - dh_group: - type: string - encryption_algorithm: - type: string - hash_algorithm: - type: string - name: - type: string - required: - - dh_group - - encryption_algorithm - - hash_algorithm - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: IpsecProposal is the Schema for the ipsecproposals API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IpsecProposalSpec defines the desired state of IpsecProposal + properties: + dh_group: + type: string + encryption_algorithm: + type: string + hash_algorithm: + type: string + name: + type: string + required: + - dh_group + - encryption_algorithm + - hash_algorithm + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -876,11 +1159,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: ipsecsites.batch.sdewan.akraino.org spec: @@ -891,115 +1174,118 @@ spec: plural: ipsecsites singular: ipsecsite scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: IpsecSite is the Schema for the ipsecsites API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IpsecSiteSpec defines the desired state of IpsecSite - properties: - authentication_method: - type: string - connections: - items: - properties: - conn_type: - type: string - crypto_proposal: - items: - type: string - type: array - if_id: - type: string - local_firewall: - type: string - local_subnet: - type: string - local_updown: - type: string - mark: - type: string - mode: - type: string - name: - type: string - remote_firewall: - type: string - remote_sourceip: - type: string - remote_subnet: - type: string - remote_updown: - type: string - required: - - conn_type - - local_subnet - - mode - - name - type: object - type: array - crypto_proposal: - items: - type: string - type: array - force_crypto_proposal: - type: string - local_identifier: - type: string - local_private_cert: - type: string - local_public_cert: - type: string - name: - type: string - pre_shared_key: - type: string - remote: - type: string - remote_identifier: - type: string - shared_ca: - type: string - type: - type: string - required: - - authentication_method - - connections - - crypto_proposal - - remote - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: IpsecSite is the Schema for the ipsecsites API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IpsecSiteSpec defines the desired state of IpsecSite + properties: + authentication_method: + type: string + connections: + items: + properties: + conn_type: + type: string + crypto_proposal: + items: + type: string + type: array + if_id: + type: string + local_firewall: + type: string + local_subnet: + type: string + local_updown: + type: string + mark: + type: string + mode: + type: string + name: + type: string + remote_firewall: + type: string + remote_sourceip: + type: string + remote_subnet: + type: string + remote_updown: + type: string + required: + - conn_type + - local_subnet + - mode + - name + type: object + type: array + crypto_proposal: + items: + type: string + type: array + force_crypto_proposal: + type: string + local_identifier: + type: string + local_private_cert: + type: string + local_public_cert: + type: string + name: + type: string + pre_shared_key: + type: string + remote: + type: string + remote_identifier: + type: string + shared_ca: + type: string + type: + type: string + required: + - authentication_method + - connections + - crypto_proposal + - remote + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1007,11 +1293,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: mwan3policies.batch.sdewan.akraino.org spec: @@ -1022,64 +1308,69 @@ spec: plural: mwan3policies singular: mwan3policy scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mwan3Policy is the Schema for the mwan3policies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - members: - items: - description: Mwan3PolicySpec defines the desired state of Mwan3Policy - properties: - metric: - type: integer - network: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' - type: string - weight: - type: integer - required: - - metric - - network - - weight - type: object - type: array - required: - - members - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Mwan3Policy is the Schema for the mwan3policies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + members: + items: + description: Mwan3PolicySpec defines the desired state of Mwan3Policy + properties: + metric: + type: integer + network: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state + of cluster Important: Run "make" to regenerate code after + modifying this file' + type: string + weight: + type: integer + required: + - metric + - network + - weight + type: object + type: array + required: + - members + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1087,11 +1378,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: mwan3rules.batch.sdewan.akraino.org spec: @@ -1102,73 +1393,76 @@ spec: plural: mwan3rules singular: mwan3rule scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mwan3Rule is the Schema for the mwan3rules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - dest_ip: - type: string - dest_port: - type: string - family: - type: string - policy: - type: string - proto: - type: string - src_ip: - type: string - src_port: - type: string - sticky: - type: string - timeout: - type: string - required: - - dest_ip - - dest_port - - family - - policy - - proto - - src_ip - - src_port - - sticky - - timeout - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Mwan3Rule is the Schema for the mwan3rules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dest_ip: + type: string + dest_port: + type: string + family: + type: string + policy: + type: string + proto: + type: string + src_ip: + type: string + src_port: + type: string + sticky: + type: string + timeout: + type: string + required: + - dest_ip + - dest_port + - family + - policy + - proto + - src_ip + - src_port + - sticky + - timeout + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1176,11 +1470,11 @@ status: conditions: [] storedVersions: [] --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: sdewanapplications.batch.sdewan.akraino.org spec: @@ -1191,78 +1485,98 @@ spec: plural: sdewanapplications singular: sdewanapplication scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: SdewanApplication is the Schema for the sdewanapplications API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SdewanApplicationSpec defines the desired state of SdewanApplication - properties: - appNamespace: - type: string - podSelector: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: SdewanApplication is the Schema for the sdewanapplications API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SdewanApplicationSpec defines the desired state of SdewanApplication + properties: + appNamespace: + type: string + podSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" @@ -1310,6 +1624,14 @@ metadata: sdewan-bucket-type-permission: '{ "*": ["*"]}' name: sdewan-manager-role rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch - apiGroups: - apps resources: @@ -1326,6 +1648,66 @@ rules: - get - list - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnflocalservices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnflocalservices/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfnats + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfnats/status + verbs: + - get + - patch + - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfrouterules + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfrouterules/status + verbs: + - get + - patch + - update - apiGroups: - batch.sdewan.akraino.org resources: @@ -1366,6 +1748,26 @@ rules: - get - patch - update +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfstatuses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - batch.sdewan.akraino.org + resources: + - cnfstatuses/status + verbs: + - get + - patch + - update - apiGroups: - batch.sdewan.akraino.org resources: @@ -1702,8 +2104,8 @@ spec: spec: containers: - args: - - --metrics-addr=127.0.0.1:8080 - - --enable-leader-election + - --metrics-bind-address=127.0.0.1:8080 + - --leader-elect command: - /manager image: integratedcloudnative/sdewan-controller:dev @@ -1715,10 +2117,10 @@ spec: resources: limits: cpu: 100m - memory: 30Mi + memory: 100Mi requests: cpu: 100m - memory: 20Mi + memory: 60Mi volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert @@ -1740,7 +2142,7 @@ spec: defaultMode: 420 secretName: webhook-server-cert --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: sdewan-serving-cert @@ -1754,7 +2156,7 @@ spec: name: sdewan-selfsigned-issuer secretName: webhook-server-cert --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: sdewan-selfsigned-issuer @@ -1762,15 +2164,16 @@ metadata: spec: selfSigned: {} --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: sdewan-system/sdewan-serving-cert name: sdewan-validating-webhook-configuration webhooks: -- clientConfig: - caBundle: Cg== +- admissionReviewVersions: + - v1 + clientConfig: service: name: sdewan-webhook-service namespace: sdewan-system @@ -1781,7 +2184,7 @@ webhooks: - apiGroups: - batch.sdewan.akraino.org apiVersions: - - v1alpha1 + - v1 operations: - CREATE - UPDATE @@ -1794,13 +2197,20 @@ webhooks: - firewallrules - firewallsnats - firewalldnats - - cnfservice + - cnfnats + - cnfroutes + - cnfrouterules + - cnfservices + - cnflocalservices + - cnfstatuses - sdewanapplication - ipsecproposals - ipsechosts - ipsecsites -- clientConfig: - caBundle: Cg== + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: service: name: sdewan-webhook-service namespace: sdewan-system @@ -1813,7 +2223,6 @@ webhooks: - batch.sdewan.akraino.org apiVersions: - v1 - - v1alpha1 operations: - UPDATE resources: @@ -1825,8 +2234,14 @@ webhooks: - firewallrules - firewallsnats - firewalldnats - - cnfservice + - cnfnats + - cnfservices + - cnfroutes + - cnfrouterules + - cnflocalservices + - cnfstatuses - sdewanapplication - ipsecproposals - ipsechosts - ipsecsites + sideEffects: None diff --git a/platform/crd-ctrlr/src/Makefile b/platform/crd-ctrlr/src/Makefile index ec0974d..e1a124b 100644 --- a/platform/crd-ctrlr/src/Makefile +++ b/platform/crd-ctrlr/src/Makefile @@ -4,7 +4,7 @@ # Image URL to use all building/pushing image targets IMG ?= integratedcloudnative/sdewan-controller:dev # Produce CRDs that work back to Kubernetes 1.11 (no version conversion) -CRD_OPTIONS ?= "crd:trivialVersions=true" +CRD_OPTIONS ?= "crd" # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -43,6 +43,10 @@ deploy: manifests uninstall cd config/manager && kustomize edit set image controller=${IMG} kustomize build config/default | kubectl apply -f - +undeploy: manifests + cd config/manager && kustomize edit set image controller=${IMG} + kustomize build config/default | kubectl delete -f - + # Deploy controller in the configured Kubernetes cluster in ~/.kube/config gen-yaml: manifests cd config/manager && kustomize edit set image controller=${IMG} @@ -85,7 +89,7 @@ ifeq (, $(shell which controller-gen)) CONTROLLER_GEN_TMP_DIR=$$(mktemp -d) ;\ cd $$CONTROLLER_GEN_TMP_DIR ;\ go mod init tmp ;\ - go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.5 ;\ + go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.7.0 ;\ rm -rf $$CONTROLLER_GEN_TMP_DIR ;\ } CONTROLLER_GEN=$(GOBIN)/controller-gen diff --git a/platform/crd-ctrlr/src/PROJECT b/platform/crd-ctrlr/src/PROJECT index efe9328..2007d3c 100644 --- a/platform/crd-ctrlr/src/PROJECT +++ b/platform/crd-ctrlr/src/PROJECT @@ -46,4 +46,4 @@ resources: - group: batch kind: CNFRouteRule version: v1alpha1 -version: "2" +version: "3" diff --git a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go index 87c9d3b..42eb5e3 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/bucket_permission_webhook.go @@ -66,7 +66,7 @@ func wildMatchArray(p []rune, pindex int, v []rune, vindex int) bool { return true } -// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfnats;cnfroutes;cnfrouterules;cnfservices;cnflocalservices;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org +// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfnats;cnfroutes;cnfrouterules;cnfservices;cnflocalservices;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1,name=validate-sdewan-bucket.akraino.org,admissionReviewVersions=v1,sideEffects=none // bucketPermissionValidator validates Pods type bucketPermissionValidator struct { diff --git a/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go b/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go index d962ee1..3564748 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/label_validate_webhook.go @@ -29,7 +29,7 @@ func SetupLabelValidateWebhookWithManager(mgr ctrl.Manager) error { return nil } -// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfnats;cnfservices;cnfroutes;cnfrouterules;cnflocalservices;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org +// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfnats;cnfservices;cnfroutes;cnfrouterules;cnflocalservices;cnfstatuses;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1,name=validate-label.akraino.org,admissionReviewVersions=v1,sideEffects=none type labelValidator struct { Client client.Client diff --git a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go index 3afb1e8..046a318 100644 --- a/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go +++ b/platform/crd-ctrlr/src/api/v1alpha1/zz_generated.deepcopy.go @@ -1,3 +1,4 @@ +//go:build !ignore_autogenerated // +build !ignore_autogenerated // SPDX-License-Identifier: Apache-2.0 diff --git a/platform/crd-ctrlr/src/config/certmanager/certificate.yaml b/platform/crd-ctrlr/src/config/certmanager/certificate.yaml index 8954094..4bfa02b 100644 --- a/platform/crd-ctrlr/src/config/certmanager/certificate.yaml +++ b/platform/crd-ctrlr/src/config/certmanager/certificate.yaml @@ -1,9 +1,9 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following manifests contain a self-signed issuer CR and a certificate CR. # More document can be found at https://docs.cert-manager.io # WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for breaking changes -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: selfsigned-issuer @@ -11,7 +11,7 @@ metadata: spec: selfSigned: {} --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml index 8d5d7b7..bcffbc1 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnflocalservices.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnflocalservices.batch.sdewan.akraino.org spec: @@ -15,61 +15,60 @@ spec: plural: cnflocalservices singular: cnflocalservice scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFLocalService is the Schema for the cnflocalservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFLocalServiceSpec defines the desired state of CNFService - properties: - localport: - type: string - localservice: - type: string - remoteport: - type: string - remoteservice: - type: string - type: object - status: - description: CNFLocalServiceStatus defines the observed state of CNFLocalServiceStatus - properties: - localip: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' - type: string - localport: - type: string - message: - type: string - remoteips: - items: - type: string - type: array - remoteport: - type: string - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFLocalService is the Schema for the cnflocalservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFLocalServiceSpec defines the desired state of CNFService + properties: + localport: + type: string + localservice: + type: string + remoteport: + type: string + remoteservice: + type: string + type: object + status: + description: CNFLocalServiceStatus defines the observed state of CNFLocalServiceStatus + properties: + localip: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + localport: + type: string + message: + type: string + remoteips: + items: + type: string + type: array + remoteport: + type: string + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml index d167ff6..df2a61b 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfnats.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfnats.batch.sdewan.akraino.org spec: @@ -15,76 +15,75 @@ spec: plural: cnfnats singular: cnfnat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFNAT is the Schema for the cnfnats API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFNATSpec defines the desired state of CNFNAT - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - index: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - type: string - proto: - type: string - src: - type: string - src_dip: - type: string - src_dport: - type: string - src_ip: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFNAT is the Schema for the cnfnats API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFNATSpec defines the desired state of CNFNAT + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + index: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proto: + type: string + src: + type: string + src_dip: + type: string + src_dport: + type: string + src_ip: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml index a8656e9..caa4ef6 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfrouterules.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfrouterules.batch.sdewan.akraino.org spec: @@ -15,62 +15,61 @@ spec: plural: cnfrouterules singular: cnfrouterule scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFRouteRule is the Schema for the cnfrouterules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFRouteRuleSpec defines the desired state of CNFRouteRule - properties: - dst: - type: string - fwmark: - type: string - not: - type: boolean - prio: - type: string - src: - type: string - table: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFRouteRule is the Schema for the cnfrouterules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFRouteRuleSpec defines the desired state of CNFRouteRule + properties: + dst: + type: string + fwmark: + type: string + not: + type: boolean + prio: + type: string + src: + type: string + table: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfroutes.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfroutes.yaml index d8dd4f4..81c675b 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfroutes.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfroutes.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfroutes.batch.sdewan.akraino.org spec: @@ -15,61 +15,60 @@ spec: plural: cnfroutes singular: cnfroute scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFRoute is the Schema for the cnfroutes API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFRouteSpec defines the desired state of CNFRoute - properties: - dev: - type: string - dst: - type: string - gw: - type: string - table: - enum: - - default - - cnf - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFRoute is the Schema for the cnfroutes API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFRouteSpec defines the desired state of CNFRoute + properties: + dev: + type: string + dst: + type: string + gw: + type: string + table: + enum: + - default + - cnf + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfservices.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfservices.yaml index 948dceb..2bd8f24 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfservices.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfservices.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfservices.batch.sdewan.akraino.org spec: @@ -15,56 +15,55 @@ spec: plural: cnfservices singular: cnfservice scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFService is the Schema for the cnfservices API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFServiceSpec defines the desired state of CNFService - properties: - dport: - type: string - fullname: - type: string - port: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFService is the Schema for the cnfservices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFServiceSpec defines the desired state of CNFService + properties: + dport: + type: string + fullname: + type: string + port: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml index 647f3bc..4d83435 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_cnfstatuses.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: cnfstatuses.batch.sdewan.akraino.org spec: @@ -15,67 +15,66 @@ spec: plural: cnfstatuses singular: cnfstatus scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: CNFStatus is the Schema for the cnfstatuses API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CNFStatusSpec defines the desired state of CNFStatus - type: object - status: - description: CNFStatusStatus defines the observed state of CNFStatus - properties: - appliedGeneration: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' - format: int64 - type: integer - appliedTime: - format: date-time - type: string - information: - items: - description: CNFStatusInformation defines the runtime information - of a CNF - properties: - ip: - type: string - name: - type: string - namespace: - type: string - node: - type: string - purpose: - type: string - status: - type: string - required: - - name - type: object - type: array - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: CNFStatus is the Schema for the cnfstatuses API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CNFStatusSpec defines the desired state of CNFStatus + type: object + status: + description: CNFStatusStatus defines the observed state of CNFStatus + properties: + appliedGeneration: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + format: int64 + type: integer + appliedTime: + format: date-time + type: string + information: + items: + description: CNFStatusInformation defines the runtime information + of a CNF + properties: + ip: + type: string + name: + type: string + namespace: + type: string + node: + type: string + purpose: + type: string + status: + type: string + required: + - name + type: object + type: array + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewalldnats.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewalldnats.yaml index 4fd61ba..55ca867 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewalldnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewalldnats.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewalldnats.batch.sdewan.akraino.org spec: @@ -15,80 +15,79 @@ spec: plural: firewalldnats singular: firewalldnat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallDNAT is the Schema for the firewalldnats API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallDNATSpec defines the desired state of FirewallDNAT - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - family: - type: string - mark: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - type: string - proto: - type: string - src: - type: string - src_dip: - type: string - src_dport: - type: string - src_ip: - type: string - src_mac: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallDNAT is the Schema for the firewalldnats API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallDNATSpec defines the desired state of FirewallDNAT + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + family: + type: string + mark: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proto: + type: string + src: + type: string + src_dip: + type: string + src_dport: + type: string + src_ip: + type: string + src_mac: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallforwardings.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallforwardings.yaml index 4beabd1..d9077e4 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallforwardings.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallforwardings.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallforwardings.batch.sdewan.akraino.org spec: @@ -15,60 +15,60 @@ spec: plural: firewallforwardings singular: firewallforwarding scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallForwarding is the Schema for the firewallforwardings API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallForwardingSpec defines the desired state of FirewallForwarding - properties: - dest: - type: string - family: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - type: string - src: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallForwarding is the Schema for the firewallforwardings + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallForwardingSpec defines the desired state of FirewallForwarding + properties: + dest: + type: string + family: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + src: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallrules.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallrules.yaml index f792280..3cbeed9 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallrules.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallrules.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallrules.batch.sdewan.akraino.org spec: @@ -15,86 +15,85 @@ spec: plural: firewallrules singular: firewallrule scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallRule is the Schema for the firewallrules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallRuleSpec defines the desired state of FirewallRule - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - extra: - type: string - family: - type: string - icmp_type: - items: - type: string - type: array - mark: - type: string - name: - description: Foo is an example field of FirewallRule. Edit FirewallRule_types.go - to remove/update - type: string - proto: - type: string - set_mark: - type: string - set_xmark: - type: string - src: - type: string - src_ip: - type: string - src_mac: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallRule is the Schema for the firewallrules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallRuleSpec defines the desired state of FirewallRule + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + extra: + type: string + family: + type: string + icmp_type: + items: + type: string + type: array + mark: + type: string + name: + description: Foo is an example field of FirewallRule. Edit FirewallRule_types.go + to remove/update + type: string + proto: + type: string + set_mark: + type: string + set_xmark: + type: string + src: + type: string + src_ip: + type: string + src_mac: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallsnats.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallsnats.yaml index bc21ad9..49f2463 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallsnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallsnats.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallsnats.batch.sdewan.akraino.org spec: @@ -15,80 +15,79 @@ spec: plural: firewallsnats singular: firewallsnat scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallSNAT is the Schema for the firewallsnats API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallSNATSpec defines the desired state of FirewallSNAT - properties: - dest: - type: string - dest_ip: - type: string - dest_port: - type: string - family: - type: string - mark: - type: string - name: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - type: string - proto: - type: string - src: - type: string - src_dip: - type: string - src_dport: - type: string - src_ip: - type: string - src_mac: - type: string - src_port: - type: string - target: - type: string - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallSNAT is the Schema for the firewallsnats API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallSNATSpec defines the desired state of FirewallSNAT + properties: + dest: + type: string + dest_ip: + type: string + dest_port: + type: string + family: + type: string + mark: + type: string + name: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + proto: + type: string + src: + type: string + src_dip: + type: string + src_dport: + type: string + src_ip: + type: string + src_mac: + type: string + src_port: + type: string + target: + type: string + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallzones.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallzones.yaml index 5dc1154..61da857 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallzones.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_firewallzones.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: firewallzones.batch.sdewan.akraino.org spec: @@ -15,90 +15,89 @@ spec: plural: firewallzones singular: firewallzone scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: FirewallZone is the Schema for the firewallzones API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallZoneSpec defines the desired state of FirewallZone - properties: - etra_dest: - type: string - extra_src: - type: string - family: - type: string - forward: - type: string - input: - type: string - masq: - type: string - masq_allow_invalid: - type: string - masq_dest: - items: + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: FirewallZone is the Schema for the firewallzones API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: FirewallZoneSpec defines the desired state of FirewallZone + properties: + etra_dest: type: string - type: array - masq_src: - items: + extra_src: type: string - type: array - mtu_fix: - type: string - name: - description: Foo is an example field of FirewallZone. Edit FirewallZone_types.go - to remove/update - type: string - network: - items: + family: type: string - type: array - output: - type: string - subnet: - items: + forward: type: string - type: array - required: - - network - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 + input: + type: string + masq: + type: string + masq_allow_invalid: + type: string + masq_dest: + items: + type: string + type: array + masq_src: + items: + type: string + type: array + mtu_fix: + type: string + name: + description: Foo is an example field of FirewallZone. Edit FirewallZone_types.go + to remove/update + type: string + network: + items: + type: string + type: array + output: + type: string + subnet: + items: + type: string + type: array + required: + - network + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsechosts.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsechosts.yaml index 19211a4..755abed 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsechosts.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsechosts.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: ipsechosts.batch.sdewan.akraino.org spec: @@ -15,117 +15,116 @@ spec: plural: ipsechosts singular: ipsechost scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: IpsecHost is the Schema for the ipsechosts API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - authentication_method: - type: string - connections: - items: - properties: - conn_type: - type: string - crypto_proposal: - items: - type: string - type: array - if_id: - type: string - local_firewall: - type: string - local_sourceip: - type: string - local_updown: - type: string - mark: - type: string - mode: - type: string - name: - type: string - remote_firewall: - type: string - remote_sourceip: - type: string - remote_subnet: - type: string - remote_updown: - type: string - required: - - conn_type - - mode - - name - type: object - type: array - crypto_proposal: - items: - type: string - type: array - force_crypto_proposal: - type: string - local_identifier: - type: string - local_private_cert: - type: string - local_public_cert: - type: string - name: - type: string - pre_shared_key: - type: string - remote: - type: string - remote_identifier: - type: string - shared_ca: - type: string - type: - type: string - required: - - authentication_method - - connections - - crypto_proposal - - remote - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: IpsecHost is the Schema for the ipsechosts API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + authentication_method: + type: string + connections: + items: + properties: + conn_type: + type: string + crypto_proposal: + items: + type: string + type: array + if_id: + type: string + local_firewall: + type: string + local_sourceip: + type: string + local_updown: + type: string + mark: + type: string + mode: + type: string + name: + type: string + remote_firewall: + type: string + remote_sourceip: + type: string + remote_subnet: + type: string + remote_updown: + type: string + required: + - conn_type + - mode + - name + type: object + type: array + crypto_proposal: + items: + type: string + type: array + force_crypto_proposal: + type: string + local_identifier: + type: string + local_private_cert: + type: string + local_public_cert: + type: string + name: + type: string + pre_shared_key: + type: string + remote: + type: string + remote_identifier: + type: string + shared_ca: + type: string + type: + type: string + required: + - authentication_method + - connections + - crypto_proposal + - remote + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml index f8b9b35..77ecc66 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecproposals.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: ipsecproposals.batch.sdewan.akraino.org spec: @@ -15,62 +15,61 @@ spec: plural: ipsecproposals singular: ipsecproposal scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: IpsecProposal is the Schema for the ipsecproposals API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IpsecProposalSpec defines the desired state of IpsecProposal - properties: - dh_group: - type: string - encryption_algorithm: - type: string - hash_algorithm: - type: string - name: - type: string - required: - - dh_group - - encryption_algorithm - - hash_algorithm - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: IpsecProposal is the Schema for the ipsecproposals API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IpsecProposalSpec defines the desired state of IpsecProposal + properties: + dh_group: + type: string + encryption_algorithm: + type: string + hash_algorithm: + type: string + name: + type: string + required: + - dh_group + - encryption_algorithm + - hash_algorithm + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecsites.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecsites.yaml index c7bfced..3477423 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecsites.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_ipsecsites.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: ipsecsites.batch.sdewan.akraino.org spec: @@ -15,119 +15,118 @@ spec: plural: ipsecsites singular: ipsecsite scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: IpsecSite is the Schema for the ipsecsites API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: IpsecSiteSpec defines the desired state of IpsecSite - properties: - authentication_method: - type: string - connections: - items: - properties: - conn_type: - type: string - crypto_proposal: - items: - type: string - type: array - if_id: - type: string - local_firewall: - type: string - local_subnet: - type: string - local_updown: - type: string - mark: - type: string - mode: - type: string - name: - type: string - remote_firewall: - type: string - remote_sourceip: - type: string - remote_subnet: - type: string - remote_updown: - type: string - required: - - conn_type - - local_subnet - - mode - - name - type: object - type: array - crypto_proposal: - items: - type: string - type: array - force_crypto_proposal: - type: string - local_identifier: - type: string - local_private_cert: - type: string - local_public_cert: - type: string - name: - type: string - pre_shared_key: - type: string - remote: - type: string - remote_identifier: - type: string - shared_ca: - type: string - type: - type: string - required: - - authentication_method - - connections - - crypto_proposal - - remote - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: IpsecSite is the Schema for the ipsecsites API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IpsecSiteSpec defines the desired state of IpsecSite + properties: + authentication_method: + type: string + connections: + items: + properties: + conn_type: + type: string + crypto_proposal: + items: + type: string + type: array + if_id: + type: string + local_firewall: + type: string + local_subnet: + type: string + local_updown: + type: string + mark: + type: string + mode: + type: string + name: + type: string + remote_firewall: + type: string + remote_sourceip: + type: string + remote_subnet: + type: string + remote_updown: + type: string + required: + - conn_type + - local_subnet + - mode + - name + type: object + type: array + crypto_proposal: + items: + type: string + type: array + force_crypto_proposal: + type: string + local_identifier: + type: string + local_private_cert: + type: string + local_public_cert: + type: string + name: + type: string + pre_shared_key: + type: string + remote: + type: string + remote_identifier: + type: string + shared_ca: + type: string + type: + type: string + required: + - authentication_method + - connections + - crypto_proposal + - remote + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3policies.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3policies.yaml index 27b7c9f..c4a1f6f 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3policies.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3policies.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: mwan3policies.batch.sdewan.akraino.org spec: @@ -15,70 +15,69 @@ spec: plural: mwan3policies singular: mwan3policy scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mwan3Policy is the Schema for the mwan3policies API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - members: - items: - description: Mwan3PolicySpec defines the desired state of Mwan3Policy - properties: - metric: - type: integer - network: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of - cluster Important: Run "make" to regenerate code after modifying - this file' - type: string - weight: - type: integer - required: - - metric - - network - - weight - type: object - type: array - required: - - members - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Mwan3Policy is the Schema for the mwan3policies API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + members: + items: + description: Mwan3PolicySpec defines the desired state of Mwan3Policy + properties: + metric: + type: integer + network: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state + of cluster Important: Run "make" to regenerate code after + modifying this file' + type: string + weight: + type: integer + required: + - metric + - network + - weight + type: object + type: array + required: + - members + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3rules.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3rules.yaml index f9b1ef7..e83f8a3 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3rules.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_mwan3rules.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: mwan3rules.batch.sdewan.akraino.org spec: @@ -15,77 +15,76 @@ spec: plural: mwan3rules singular: mwan3rule scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Mwan3Rule is the Schema for the mwan3rules API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - dest_ip: - type: string - dest_port: - type: string - family: - type: string - policy: - type: string - proto: - type: string - src_ip: - type: string - src_port: - type: string - sticky: - type: string - timeout: - type: string - required: - - dest_ip - - dest_port - - family - - policy - - proto - - src_ip - - src_port - - sticky - - timeout - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Mwan3Rule is the Schema for the mwan3rules API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + dest_ip: + type: string + dest_port: + type: string + family: + type: string + policy: + type: string + proto: + type: string + src_ip: + type: string + src_port: + type: string + sticky: + type: string + timeout: + type: string + required: + - dest_ip + - dest_port + - family + - policy + - proto + - src_ip + - src_port + - sticky + - timeout + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_sdewanapplications.yaml b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_sdewanapplications.yaml index acea1b0..e9d086c 100644 --- a/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_sdewanapplications.yaml +++ b/platform/crd-ctrlr/src/config/crd/bases/batch.sdewan.akraino.org_sdewanapplications.yaml @@ -1,10 +1,10 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: sdewanapplications.batch.sdewan.akraino.org spec: @@ -15,98 +15,98 @@ spec: plural: sdewanapplications singular: sdewanapplication scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: SdewanApplication is the Schema for the sdewanapplications API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SdewanApplicationSpec defines the desired state of SdewanApplication - properties: - appNamespace: - type: string - podSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: object - status: - description: status subsource used for Sdewan rule CRDs - properties: - appliedGeneration: - format: int64 - type: integer - appliedTime: - format: date-time - type: string - message: - type: string - state: - type: string - required: - - state - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: SdewanApplication is the Schema for the sdewanapplications API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SdewanApplicationSpec defines the desired state of SdewanApplication + properties: + appNamespace: + type: string + podSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + type: object + status: + description: status subsource used for Sdewan rule CRDs + properties: + appliedGeneration: + format: int64 + type: integer + appliedTime: + format: date-time + type: string + message: + type: string + state: + type: string + required: + - state + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnflocalservices.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnflocalservices.yaml new file mode 100644 index 0000000..ef000c3 --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnflocalservices.yaml @@ -0,0 +1,10 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +# The following patch adds a directive for certmanager to inject CA into the CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + name: cnflocalservices.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfnats.yaml index add52c9..814fd7b 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfnats.yaml @@ -2,7 +2,7 @@ # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml index 6a455c0..17f901c 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfrouterules.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml index 2f27183..903316e 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfroutes.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml index c205a2e..e364f07 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfservices.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml index a588221..b2c13b6 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_cnfstatuses.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml index 6e3b7f9..13f86ef 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewalldnats.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml index 3839a25..356668a 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallforwardings.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml index f048624..4ce45ba 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallrules.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml index 79ac1c6..ba4ebe6 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallsnats.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml index a83c6bb..8f0dbe4 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_firewallzones.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml index 1dd8a16..b05dad8 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsechosts.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml index 7acf5c8..00ab675 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecproposals.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml index 15291aa..f5c2e51 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_ipsecsites.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml index 2c1bc72..1f5c8d1 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3policies.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml index 7dc6059..1f10de6 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_mwan3rules.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml index 672441b..4effa6a 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/cainjection_in_sdewanapplications.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnflocalservices.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnflocalservices.yaml new file mode 100644 index 0000000..051c611 --- /dev/null +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnflocalservices.yaml @@ -0,0 +1,19 @@ +# SPDX-License-Identifier: Apache-2.0 +# Copyright (c) 2021 Intel Corporation +# The following patch enables conversion webhook for CRD +# CRD conversion requires k8s 1.13 or later. +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cnflocalservices.batch.sdewan.akraino.org +spec: + conversion: + strategy: Webhook + webhookClientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfnats.yaml index 3652d6a..2b870e5 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfnats.yaml @@ -2,7 +2,7 @@ # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cnfnats.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml index ee82129..3a7568b 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfrouterules.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cnfrouterules.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml index d8f96d2..4344ff9 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfroutes.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cnfroutes.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml index 608d1e4..4f35a20 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfservices.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cnfservices.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml index 82f2da2..45576a8 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_cnfstatuses.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: cnfstatuses.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml index aeed473..f000a73 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewalldnats.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: firewalldnats.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml index 3034564..444d329 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallforwardings.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: firewallforwardings.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml index 0aa15f7..48f3488 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallrules.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: firewallrules.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml index 067f38e..55c0536 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallsnats.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: firewallsnats.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml index f988613..fed3f72 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_firewallzones.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: firewallzones.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml index 4c9adaf..c75d781 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsechosts.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ipsechosts.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml index f5d32a3..eae691e 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecproposals.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ipsecproposals.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml index 48ae67a..e446ea8 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_ipsecsites.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: ipsecsites.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml index c6ce45e..6021e11 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3policies.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: mwan3policies.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml index 128768f..3a3d8b5 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_mwan3rules.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: mwan3rules.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml index 9d062fb..76d8432 100644 --- a/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml +++ b/platform/crd-ctrlr/src/config/crd/patches/webhook_in_sdewanapplications.yaml @@ -1,8 +1,8 @@ -# SPDX-License-Identifier: Apache-2.0 +# SPDX-License-Identifier: Apache-2.0 # Copyright (c) 2021 Intel Corporation # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: sdewanapplications.batch.sdewan.akraino.org diff --git a/platform/crd-ctrlr/src/config/default/kustomization.yaml b/platform/crd-ctrlr/src/config/default/kustomization.yaml index 0068a7f..8df9024 100644 --- a/platform/crd-ctrlr/src/config/default/kustomization.yaml +++ b/platform/crd-ctrlr/src/config/default/kustomization.yaml @@ -55,7 +55,7 @@ vars: objref: kind: Certificate group: cert-manager.io - version: v1alpha2 + version: v1 name: serving-cert # this name should match the one in certificate.yaml fieldref: fieldpath: metadata.namespace @@ -63,7 +63,7 @@ vars: objref: kind: Certificate group: cert-manager.io - version: v1alpha2 + version: v1 name: serving-cert # this name should match the one in certificate.yaml - name: SERVICE_NAMESPACE # namespace of the service objref: diff --git a/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml b/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml index 638bbee..fb9ec13 100644 --- a/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml +++ b/platform/crd-ctrlr/src/config/default/manager_auth_proxy_patch.yaml @@ -23,5 +23,5 @@ spec: name: https - name: manager args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml b/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml index 868d041..a11d00c 100644 --- a/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml +++ b/platform/crd-ctrlr/src/config/default/webhookcainjection_patch.yaml @@ -2,14 +2,14 @@ # Copyright (c) 2021 Intel Corporation # This patch add annotation to admission webhook config and # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -#apiVersion: admissionregistration.k8s.io/v1beta1 +#apiVersion: admissionregistration.k8s.io/v1 #kind: MutatingWebhookConfiguration #metadata: # name: mutating-webhook-configuration # annotations: # cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validating-webhook-configuration diff --git a/platform/crd-ctrlr/src/config/local/webhook_config.yaml b/platform/crd-ctrlr/src/config/local/webhook_config.yaml index 0da6a92..b8ab741 100644 --- a/platform/crd-ctrlr/src/config/local/webhook_config.yaml +++ b/platform/crd-ctrlr/src/config/local/webhook_config.yaml @@ -1,10 +1,10 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: sdewan-validating-webhook-configuration webhooks: - admissionReviewVersions: - - v1beta1 + - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYakNDQWthZ0F3SUJBZ0lRWndqK2VKYTNzU3ZVbUQ1d2EwS2FQREFOQmdrcWhraUc5dzBCQVFzRkFEQVgKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXdIaGNOTWpBd05USTNNREUwTlRNNFdoY05NakF3T0RJMQpNREUwTlRNNFdqQVhNUlV3RXdZRFZRUUtFd3hqWlhKMExXMWhibUZuWlhJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEVzZTMEp3SE9BeitEajhtTmdYMVBteWRHVUNqTXJLL2ptZmlzZHlFMWkKRVIyNkVZY0NhbWdYVlZjbjB3MHRDZ0pJWW5FR0xhMit4WUsxRUJ0WmZhMU85TGdHNWY3OTRxR1JNU1RzUk9DZgo2d2FPTCtvVEhVWm55dndBOTNYYStmT1pQcXBzeSs1OG9zSlZaYlFKZlhqcnJpZXlLbnBGT2o1aDNDK2NmZE1KCmRlMDR4QWJJdktCaHRwcUFoR0k4TFVzTUNEMVVHYjhKM3Y1L2lqd3dUMDZLb3lMVjRUUi9LUFhqK2ZGblBzVjkKMUNxYXZXb2o0VEgvUWtnUlZocFJUN0hxZy80Sm5BUGgzb0M3eHZOanpPejdkRU5iRk9sWWNCZHA2WXM5Vm9pTQo3TnZjQnIxNFNWUDZPdU9yeEVpQXozdUFkVHFFQUxFQ1RZazBQU2xRbVdldEFnTUJBQUdqZ2FVd2dhSXdEZ1lEClZSMFBBUUgvQkFRREFnV2dNQXdHQTFVZEV3RUIvd1FDTUFBd2dZRUdBMVVkRVFSNk1IaUNLSE5rWlhkaGJpMTMKWldKb2IyOXJMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtT0NObk5rWlhkaGJpMTNaV0pvYjI5cgpMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJSmJHOWpZV3hvCmIzTjBnZ2t4TWpjdU1DNHdMakV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUg2SHovMFh6a1lubHQ1S1U0QlQKMmNQZUV6UlBqTUwrd3BVZCtKdGFLRmJkYlZZR2ZYMHg5QTlqVkllcEV4WndPODlrWXVIVXNpYTNYWklXYWpzNgpwNldOMzZHTVJZZWI2aGhxaURvRHFvSTJEdXIzQUN2TnoxWCtxbnAxTGVaVHZtUlM3Tms1MS85Q1NPbTRXb3NOCmczZExyY3NIaTM1ZjgrUVUySkVFTGhiOWJtbHdmOEc1Uy9HRElNZWl0OU1XWEFMVzdqalJ3VHFrbWpscGdIUWkKT1R0TkVvQmtMUWRDVUQ2TjNLbGhIdmhZU29HKzJDNjI2MGN3N2tvVm5KOXUzMXNjUFJVTlhmY2RDQTEvdWNxNQpBV055QkI1Y1lPYlZ0NTdVbHVoRlVpT01XWUEwcUxSMnJuem8vMksxVjJCdkNPYjhVSytxTURCNFcvZkRaM0xmCnBQVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= url: https://localhost:9443/validate-sdewan-bucket-permission @@ -15,7 +15,7 @@ webhooks: - apiGroups: - batch.sdewan.akraino.org apiVersions: - - v1alpha1 + - v1 operations: - CREATE - UPDATE @@ -37,7 +37,7 @@ webhooks: sideEffects: Unknown timeoutSeconds: 30 - admissionReviewVersions: - - v1beta1 + - v1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURYakNDQWthZ0F3SUJBZ0lRWndqK2VKYTNzU3ZVbUQ1d2EwS2FQREFOQmdrcWhraUc5dzBCQVFzRkFEQVgKTVJVd0V3WURWUVFLRXd4alpYSjBMVzFoYm1GblpYSXdIaGNOTWpBd05USTNNREUwTlRNNFdoY05NakF3T0RJMQpNREUwTlRNNFdqQVhNUlV3RXdZRFZRUUtFd3hqWlhKMExXMWhibUZuWlhJd2dnRWlNQTBHQ1NxR1NJYjNEUUVCCkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEVzZTMEp3SE9BeitEajhtTmdYMVBteWRHVUNqTXJLL2ptZmlzZHlFMWkKRVIyNkVZY0NhbWdYVlZjbjB3MHRDZ0pJWW5FR0xhMit4WUsxRUJ0WmZhMU85TGdHNWY3OTRxR1JNU1RzUk9DZgo2d2FPTCtvVEhVWm55dndBOTNYYStmT1pQcXBzeSs1OG9zSlZaYlFKZlhqcnJpZXlLbnBGT2o1aDNDK2NmZE1KCmRlMDR4QWJJdktCaHRwcUFoR0k4TFVzTUNEMVVHYjhKM3Y1L2lqd3dUMDZLb3lMVjRUUi9LUFhqK2ZGblBzVjkKMUNxYXZXb2o0VEgvUWtnUlZocFJUN0hxZy80Sm5BUGgzb0M3eHZOanpPejdkRU5iRk9sWWNCZHA2WXM5Vm9pTQo3TnZjQnIxNFNWUDZPdU9yeEVpQXozdUFkVHFFQUxFQ1RZazBQU2xRbVdldEFnTUJBQUdqZ2FVd2dhSXdEZ1lEClZSMFBBUUgvQkFRREFnV2dNQXdHQTFVZEV3RUIvd1FDTUFBd2dZRUdBMVVkRVFSNk1IaUNLSE5rWlhkaGJpMTMKWldKb2IyOXJMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtT0NObk5rWlhkaGJpMTNaV0pvYjI5cgpMWE5sY25acFkyVXVjMlJsZDJGdUxYTjVjM1JsYlM1emRtTXVZMngxYzNSbGNpNXNiMk5oYklJSmJHOWpZV3hvCmIzTjBnZ2t4TWpjdU1DNHdMakV3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUg2SHovMFh6a1lubHQ1S1U0QlQKMmNQZUV6UlBqTUwrd3BVZCtKdGFLRmJkYlZZR2ZYMHg5QTlqVkllcEV4WndPODlrWXVIVXNpYTNYWklXYWpzNgpwNldOMzZHTVJZZWI2aGhxaURvRHFvSTJEdXIzQUN2TnoxWCtxbnAxTGVaVHZtUlM3Tms1MS85Q1NPbTRXb3NOCmczZExyY3NIaTM1ZjgrUVUySkVFTGhiOWJtbHdmOEc1Uy9HRElNZWl0OU1XWEFMVzdqalJ3VHFrbWpscGdIUWkKT1R0TkVvQmtMUWRDVUQ2TjNLbGhIdmhZU29HKzJDNjI2MGN3N2tvVm5KOXUzMXNjUFJVTlhmY2RDQTEvdWNxNQpBV055QkI1Y1lPYlZ0NTdVbHVoRlVpT01XWUEwcUxSMnJuem8vMksxVjJCdkNPYjhVSytxTURCNFcvZkRaM0xmCnBQVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= url: https://localhost:9443/validate-label @@ -49,7 +49,6 @@ webhooks: - batch.sdewan.akraino.org - apps apiVersions: - - v1alpha1 - v1 operations: - UPDATE diff --git a/platform/crd-ctrlr/src/config/manager/manager.yaml b/platform/crd-ctrlr/src/config/manager/manager.yaml index b38366c..879f633 100644 --- a/platform/crd-ctrlr/src/config/manager/manager.yaml +++ b/platform/crd-ctrlr/src/config/manager/manager.yaml @@ -28,7 +28,7 @@ spec: - command: - /manager args: - - --enable-leader-election + - --leader-elect image: controller:latest name: manager resources: diff --git a/platform/crd-ctrlr/src/config/rbac/role.yaml b/platform/crd-ctrlr/src/config/rbac/role.yaml index 6ece12c..a527690 100644 --- a/platform/crd-ctrlr/src/config/rbac/role.yaml +++ b/platform/crd-ctrlr/src/config/rbac/role.yaml @@ -6,6 +6,14 @@ metadata: creationTimestamp: null name: manager-role rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch - apiGroups: - apps resources: diff --git a/platform/crd-ctrlr/src/config/webhook/manifests.yaml b/platform/crd-ctrlr/src/config/webhook/manifests.yaml index af93287..8eb7bd1 100644 --- a/platform/crd-ctrlr/src/config/webhook/manifests.yaml +++ b/platform/crd-ctrlr/src/config/webhook/manifests.yaml @@ -1,13 +1,14 @@ --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: creationTimestamp: null name: validating-webhook-configuration webhooks: -- clientConfig: - caBundle: Cg== +- admissionReviewVersions: + - v1 + clientConfig: service: name: webhook-service namespace: system @@ -18,7 +19,7 @@ webhooks: - apiGroups: - batch.sdewan.akraino.org apiVersions: - - v1alpha1 + - v1 operations: - CREATE - UPDATE @@ -41,8 +42,10 @@ webhooks: - ipsecproposals - ipsechosts - ipsecsites -- clientConfig: - caBundle: Cg== + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: service: name: webhook-service namespace: system @@ -55,7 +58,6 @@ webhooks: - batch.sdewan.akraino.org apiVersions: - v1 - - v1alpha1 operations: - UPDATE resources: @@ -77,3 +79,4 @@ webhooks: - ipsecproposals - ipsechosts - ipsecsites + sideEffects: None diff --git a/platform/crd-ctrlr/src/controllers/base_controller.go b/platform/crd-ctrlr/src/controllers/base_controller.go index 7b6a78d..7f3e1c7 100644 --- a/platform/crd-ctrlr/src/controllers/base_controller.go +++ b/platform/crd-ctrlr/src/controllers/base_controller.go @@ -228,6 +228,7 @@ func net2iface(net string, deployment appsv1.Deployment) (string, error) { return "", fmt.Errorf("No matched network in annotation: %s", net) } +// +kubebuilder:rbac:groups="",resources=pods,verbs=get;watch;list // +kubebuilder:rbac:groups=apps,resources=deployments,verbs=get;list;watch // +kubebuilder:rbac:groups=apps,resources=deployments/status,verbs=get;list;watch diff --git a/platform/crd-ctrlr/src/controllers/suite_test.go b/platform/crd-ctrlr/src/controllers/suite_test.go deleted file mode 100644 index 22c4c35..0000000 --- a/platform/crd-ctrlr/src/controllers/suite_test.go +++ /dev/null @@ -1,104 +0,0 @@ -// SPDX-License-Identifier: Apache-2.0 -// Copyright (c) 2021 Intel Corporation -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - batchv1alpha1 "sdewan.akraino.org/sdewan/api/v1alpha1" - // +kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - err = batchv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - // +kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/platform/crd-ctrlr/src/main.go b/platform/crd-ctrlr/src/main.go index e90514a..f59e88d 100644 --- a/platform/crd-ctrlr/src/main.go +++ b/platform/crd-ctrlr/src/main.go @@ -39,8 +39,8 @@ func main() { var metricsAddr string var enableLeaderElection bool var checkInterval int - flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.") - flag.BoolVar(&enableLeaderElection, "enable-leader-election", false, + flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080", "The address the metric endpoint binds to.") + flag.BoolVar(&enableLeaderElection, "leader-elect", false, "Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.") flag.IntVar(&checkInterval, "check-interval", 30, "The check interval of CRD Controller (seconds)") diff --git a/platform/deployment/README.md b/platform/deployment/README.md index 4d64290..3e2dbe6 100644 --- a/platform/deployment/README.md +++ b/platform/deployment/README.md @@ -5,7 +5,7 @@ The installation has been verified on kubernetes v1.20. ## Pre-condition **1.Install cert-manager** -`kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.1.0/cert-manager.yaml` +`kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.6.1/cert-manager.yaml` **2.Label the node** -- 2.16.6