Skip to content

Commit

Permalink
Implement shoot migration for firewall-controller-manager.
Browse files Browse the repository at this point in the history
  • Loading branch information
Gerrit91 committed May 5, 2023
1 parent 42ddf6f commit 62296db
Show file tree
Hide file tree
Showing 12 changed files with 694 additions and 563 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ tools/vendor
VERSION
helm
.vscode
hack/tools/bin/*
hack/tools/bin/*
gardener-extension-provider-metal
4 changes: 4 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -55,6 +55,10 @@ start-admission-metal:
# Rules related to binary build, Docker image build and release #
#################################################################

.PHONY: build
build:
go build -ldflags $(LD_FLAGS) -tags netgo ./cmd/gardener-extension-provider-metal

.PHONY: install
install: revendor $(HELM)
@LD_FLAGS="-w -X github.com/gardener/$(EXTENSION_PREFIX)-$(NAME)/pkg/version.Version=$(VERSION)" \
Expand Down
4 changes: 2 additions & 2 deletions example/controller-registration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ metadata:
name: provider-metal
type: helm
providerConfig:
chart: H4sIAAAAAAAAA+0ca2/bRjKf+SsWSgu0hxP1sOwUBHI413FT9xJbsH0pDodDsCJXEiOKyy5J22qa/36zL3JJkaJop3abcmDA5HLnsbszszP70AIzj4SE9cldQsLYp2E/YvTG96BoTRIcDJ49GIYALw4PxX+A8n/xPDqYjMaH46MjXj46OhhOnqHDh7NuhjROMEPoGaM02VWv6fufFBaN43+yxCyxN3gd3JcHH+CjyaR2/MeT0viPh+Px4TM0/JwNrYO/+PjjyH9HGB93B92MLBxF+evQHsOf5ZHYZX6UiMJj9CMJ1sjlSoHmlKFkSdBrpUToLdcYNFUKhDKdskK8Jg5qVDbrpsz8qfvnS4dm+/eoay/oQ3g02f/hwYuS/38xGXb2/ygwGCyos+AagBOC4iXqu6hn2wP4uyGhR9lg4SfLdGa7dD3QypI/LLG7Gmj0vkvDhNEgAN1hZOHHCZSCRtlAtqhUyEZffePiBElO704vr84uzr9Vr+QOr6OADOrI8bkInciP0wCHxJFEz8I5w1ArdZOU6cKfKVsRJl96ljUYoCnIjBdE+TAS4llAYlTohjSKqPJvqtAPF8LVuZQx4iYolw0VZLMik/of3301239CYDCgV+J7R4Kt47/x8GA47uK/x4A24/9+SYIIJmg7iVrFgg3+fzQeH5XGf3zUxX+PAx8/9pFH5n5IUI8HaT3U//TJag7UOB7MD6K2ZRIJ8IwEsQ2BpL0iG0lOvKQzwkICemT7dMBZFWjUkLjBQapk+vgR+aEbpF4mqY0U4g5BtnHLAnIqDqqpofgLTtut8ENQntAlAt2+JAHBMbHPQbhKyTLR/DXMEFIyhPgXf46WOJ4y+H6HevESjw+PHGD7jrMHVry+neAFyjAi5ofJHPW+jv/5dVyuyUhEYz+hbLOLBLSRVBF07k0QGmu0uzwgHokCulmTMFFRfqYc8QBSD7O7ntoq/jrQxv9DzDP3F2sc9cXg30AcRFmfwmjeMj8htWsETfH/5Oig5P9f8KLO/z8CKO9TsOp3YmAv9LhK31dYJlj5oefwEBz04S2OLK4pHk6wA55ApvrV3rpacRRSDKFzhSsVxdLJSMfsVLhzTv43KARdTtCE19biCI7x+6KWOug3TmRnq4vkDKf21EP2WeFe9t9yNbDB/o8ORqOS/R+MDsad/T8GfC7DznTjdzVmySUzYQTQ7/fFf7MhQnFtrcd2ptqxrQhorbfdgKYeRB84iJZ4JAhlXaDye9kZqczvrZK/VPTcwAdZoWYITgSqyRaCvKVyR5SCsK5LIl4OgiXXm4jEoqsY+SX1GfFQr4G+vU0A+XGG32uSrwpfiSw6WZe2lMrAbCeOiZjJ8UvUtlcAox1fjpDxm6UsTlpyFDjteEqU4pRSrVVr7C4hcj4TM5iWs1AorCeh/+ELYjuRayezas5kwUgcvyJx4odC7zP22192yFBBplYQQTxxPW0iMUzGILp+5baE4/hc+6AyJ8C0FYqd1czHFtAxuB4/2TRjq4qGYmB3lUa5JLG7JF4a1AsiEWxdzxTDI0GCr0IcxUuaTAnzqddEpgIl9y8wfRF2nHp+ouWTC5qVVM3qtqqnSWFeeE2voiANV3vQKtQ3iVVrVG11yWhJ3Gu6ImEzJ10zx+UKddeMKKoVOP5Ilb03MeQVC5hTyvbD5BVzzCSIT/ft0bxugfPJ8Q8+17xC/FrHXVbObe67bZODiYCmIV/ePr3ja96E7TP2W0h7KMBOHMkyJMktZatrhudz380Nrp0oRSrbXLjGQL0QB+ey5i4X1ky/TCzv7tHQmFT1NABE84YtQbHCGpdWwdkkYmtcs2FRnV420IoKasqdZY2GNdBxcXXrgSLhkt2LJmDuovovsrk/4RXZlGmXDKQ0D3kpo/FemqnnE4HRbB+11bOxxSzx+SSqlahWZ4ukSnhGc8d7xQIiOZ6mQXBFXEb4vOFSj3ivqLvSwfFPVxfnWtRS9dybVGJVdVwLhl9qVv540Cb/zxdw2y0ANOX/k6NJOf8/OBp2+f9jgJk265V4mQG/ykZ771WA3yX3jyMiQgFGbnwu548+92+bN/4aYl40FF+iwHdxXHAmqvCETwGSaQyy8CU+R+VRibt8s58cR5KAtgRFwOgUEUmFIU10SqSd9p7Lq9l8BkHbKk7XxlK7MMLqddPCMHwjNnDQV/a1ktL+Hjp+ipMl6u21ct/7VjRZbj6BDKZcpTmxRtSdS0P3ELZBrD2V6LtsJleKJKSnYYIhPWbZWPWbNFuFjrz/HNQrrx6bW2SfPjlbn+VGWa9Ih09yUwpqWsxKJUaUfSx0O12vcejlGtZHgwofLrVmuYkIM2oWPbt5XAdoAk+zbl+NW38OKcTLASSkg+quUeM1MNbmymQ4l4gf1AE+d7zATRmDsekzwl+AQfyyGAcoubJngW3nmFeb0I3NfuGc/ML5n/a8iviN3BYhBS40InJpsJ87gFoGAuVCYxxnCGXat+LQUvsWSLwmyW/JbEnpSg9w5rJf7vDYtdgxYeBG+jzANqVStVSoLStNS1kGp+b5MY90DV0sNE59zldjeXr1gfoh6v29V0dL8a4i9LP6VEOFhDemZUmP8Ob0+NXp5fvTN6cn12cX5+/Pj9+eXk2PT06zmgiJcwI/MLp2jEKE5j4JvEsyL5aqcu7unGwasbNhuO/koeU9e3v8+vQdCHtx+f7i3enlz5dn11uyOmggTqgZO2ODyq2yXXMAH/R4u8O0hshRNzhnXndr/WQfdUHcfyXUpYGDrk+m5XSFkZimzCUFdc8Kq9KlHOM3FO7KAUWv0SBdk7c8nKhosjQGQ9Q1ryhHuNl3PnTE63ZVq4TZGnWjHiPYuwgDmI3ACZL6kefj47vkWCbY583z5nPE10pCvvyalXD18Y4hPz+u+ISyBfVXKYQKiyu5lApPZ8KHquLTO+Km5sbKc9UvIg64KgR8+qPoEB78nd5FfHnaDNjyGn20IpvaY0HZwaEtPITkhABc0VlY8VlYXwVDznKPQ0hFtIRGNKCLjVgD6RUPJ+n1IR1zSAXeindKGujqrT/TZe2986fBI3OcBslbyNsdNBkP1adW6r2fcreXt8lYdsj+BS41tMn/wV5hGmWpuAoyS70F2W8hoPH8/6R0/h8eXnT7/48CyiQXCfqGZ2RV2fO3aFQ+AhSJvGRwM5qBiugFgyn1XmXq8b1Qjz/GygGE0f8O8Q32Ax4CCvJxOmts8INXDP4MLqON/bMZdu9zEbDB/ieHo63z36Nhd/7vUYAfnzEtW4wxTpMlZf6v8krL6jsRT+Sng+Qu8iUNSBv7bmO5LA14pNLnp3peM5pGImzpI+MkT/EIj1UI9XlVtdcdyxdjFaGiZAA6kKTyQ3ERoLLMrC4z7sJz/hmii5kShztDEZj6sXy45d5EPEXZUxpBX5LtZmdNa2y1XMfxstKiEL2/9baJu5QyT53PUGO9TVf44hI1F9KFKmnbEdTlws/Lb6VlKqjKX4Qv5kewKvv1trETez3xjy9yi4dZhlGr8xLBW/siSyjc8zIrRL6hl8YHtVEMeUptN2STXlx6HUBOhAP/V61bELFC4ikeY7EtlqmxDL5VrdCLqK8r5vs1GlGkbYUXtUkamzYDdkG2CmZgn9ASWZ7X2Pr0gc7kA0SL+cMAshSpoGkiLtOphN81D9fJ6pDt+F5DHRfEomvdl+KCgZ9/Vf0ughR/LxtQh6XsGEfCsCrHimM2kwI9orGLg12jDjQSCDYC6BldXY5zifhzeZKxzwMZf+67qM4vqmoJdleVDOeQSd/iICiM6q3PXUnbrtKk7HY8szetubqgqKRN3PXWdhNzsfW9Bz1vj5kE6oB0zFcan7+2cfQPmcqAI1/6ZV5cem0lwIMm+u+lif9u8z2wUMukupt2SGhlh3SNSKRBHgj4P8D8IYxHIl8VFrE+T37y1NFce2gT/6spo3UK0Jj/D8fb9z+7+P9RoPL8vzKNP0b2nohz6MrUz6aFtHy/fftsm6KvDshNJgcioy/uJ4gFVczAf7bannjqEXwY3MP+Vci4vxtosv/xpHz/ZzIedud/HgV22b+eGp/UDTx1B33h0Gz/csPqIT8A1mD/B6PD8vrfcPJi0tn/Y4A8zyRyDn1+yUGLpct4JmBkWVWHjEo/CcFnz4WDxFzB4+nION10HNziTWxZ5jK7g0ZWnumgj58syzgFoq77ZYt0cg2+dLLFQYcWKi3P7agoF+h2Uao7oOOgOYbc1bK2D6Q46L//s0rHS0QZpO9VO5z8sDrfv/XVDa7nxl5nhNNYnoURxyQsuc8ru+jSHKD8N5nyTV/zcRbQ2WCNecg0mKV+4A0E6YE8RM2PdFl6m92gKkd9QekiIO/zI3ISt4/X3tFEoYmR7h3Yw54qyH64bWSPRvbdn7tVo61W9f7xkrdsLD/Ytm1ZhZjQseSpCH20hUeYlpt9qr4HWnULFEfCQHilwYeYhlpX8xuZlTXEXcnRUG5Wq4uMowP+WrwvyPWy8hKf+pBdwCtde8gv3+kCfZ1OcizckMvux1l6R337zptVf/Uou1MhTU5s6FdeDKqoWHG3R7as+gZOdv9GvYv0IGth9kSMUnlpRA5q+fLdlkAVl+oqhM4uv1myAfw6m/4g7qjpl2kmnnGTTH9UN8Os0tgVLqxU9lj5Ygn3xDX3OOpucVjZLwZJQ9Bi6RlCXcnugrkOOuiggw466KCDDjrooIMOOuiggw466KCDDjrooIMOOuiggw466KCDzw7/BzU958cAeAAA
chart: H4sIAAAAAAAAA+0ca2/bRjKf+SsWSg9oDyfqaacgkMO5idv6LrEF25ficDgEK3IlMaK47JK0rab57zf7IpcUKYp2arcpBwZMLnceuzszO7MPLTHzSEhYn9wlJIx9GvYjRm98D4o2JMHB4NmDYQjw4uhI/Aco/xfPo8l0ND4aHx/z8tHxZDh9ho4ezroZ0jjBDKFnjNJkX72m739QWDaO/6sVZom9xZvgvjz4AB9Pp7XjP56Wxn88HI+PnqHh52xoHfzJxx9H/jvC+Lg76GZk4SjKX4f2eGhPLI/ELvOjRBSeoB9JsEEuVwq0oAwlK4J+UEqE3nKNQTOlQCjTKSvEG+KgRmWzbsrMn7p/vnRotn+PuvaSPoRHk/0fTV6U/P+L6bCz/0eBwWBJnSXXAJwQFK9Q30U92x7A3w0JPcoGSz9ZpXPbpZuBVpb8YYXd9UCj910aJowGAegOI0s/TqAUNMoGskWlQjb66msXJ0hyend6eXV2cf6NeiV3eBMFZFBHjs9F6JX8OAtwSBxJ9CxcMAy1UjdJmS78ibI1YfKlZ1mDAZqBzHhJlA8jIZ4HJEaFbkijiCr/pgr9cClcnUsZI26CctlQQTYrMqn//t1Xs/0nBAYDeiW+dyTYOv4bDyfDcRf/PQa0Gf/3KxJEMEHbSdQqFmzw/6Px+Lg0/uPjLv57HPj4sY88svBDgno8SOuh/qdPVnOgxvFgfhC1LZNIgOckiG0IJO012Upy4iWdExYS0CPbpwPOqkCjhsQNDlIl08ePyA/dIPUySW2kEPcIsotbFpBTcVBNDcVfcNpthR+C8oQuEej2JQkIjol9DsJVSpaJ5m9ghpCSIcS/+Au0wvGMwfc71ItXeHx07ADbd5w9sOL17QQvUYYRMT9MFqj3l/gff4nLNRmJaOwnlG33kYA2kiqCzr0JQmONdpcHxCNRQLcbEiYqys+UIx5A6mF211NbxZ8H2vh/iHkW/nKDo74Y/BuIgyjrUxjNW+YnpHaNoCn+nx5PSv7/BS/q/P8jgPI+Bat+Jwb2Qo+r9H2FZYK1H3oOD8FBH97iyOKa4uEEO+AJZKpf7a2rFUchxRA6V7hSUSydjHTMToU75+R/hULQ5QRNeW0tjuAYvy9qqYN+5UT2trpIznBqTz1knxXuZf8tVwMb7P94MhqV7H8ymow7+38M+FyGnenGb2rMkktmwgig3++L/2ZDhOLaWo/tTLVjWxHQWm+7AU09iD5wEK3wSBDKukDl97IzUpnfWyV/qei5gQ+yQs0QnAhUky0EeUvljigFYV2XRLwcBEuutxGJRVcx8nPqM+KhXgN9e5cA8uMMv9ckXxW+Ell0si5tKZWB2U4cEzGT4+eoba8ARju+HCHjN09ZnLTkKHDa8ZQoxSmlWqs22F1B5HwmZjAtZ6FQWE9C/8MXxPYi105m1ZzJkpE4fk3ixA+F3mfsd7/skaGCTK0ggnjietpEYpiMQXT9ym0Jx/G59kFlToBpKxQ7q5mPLaBjcD1+sm3GVhUNxcDuOo1ySWJ3Rbw0qBdEIti6nimGR4IEX4U4ilc0mRHmU6+JTAVK7l9g+iLsJPX8RMsnFzQrqZrVbVVPk8K88JpeRUEarg+gVahvEqvWqNrqktGKuNd0TcJmTrpmjssV6q4ZUVQrcPyRKntvYsgrFjBnlB2GySvmmEkQnx7ao3ndAudXJ9/7XPMK8Wsdd1k5t7lvd00OJgKahnx5+/SOr3kTdsjY7yAdoAB7cSTLkCS3lK2vGV4sfDc3uHaiFKnscuEaA/VCHJzLmvtcWDP9MrG8u0dDY1LV0wAQzRu2AsUKa1xaBWeTiK1xzYZFdXrZQCsqqCl3ljUa1kDHxdWtB4qES3YvmoC5j+q/yPb+hNdkW6ZdMpDSPOSljMYHaaaeTwRGs33UVs/GFrPE55OoVqJanS2SKuEZzR0fFAuI5HiWBsEVcRnh84ZLPeK9pu5aB8f/vLo416KWqufepBKrquNaMPxSs/LHgzb5f76A224BoCn/nx5Py/n/5HjY5f+PAWbarFfiZQb8Ohvtg1cBfpPcP46ICAUYufG5nD/63L9t3/gbiHnRUHyJAt/FccGZqMJXfAqQTGOQhS/xOSqPStzVm8PkOJYEtCUoAkaniEgqDGmiUyLttA9cXs3mMwja1nG6MZbahRFWr5sWhuFrsYGDvrKvlZT2d9DxM5ysUO+glfveN6LJcvMJZDDlKs2JNaLuXRq6h7ANYh2oRN9mM7lSJCE9DRMM6THLxqrfpNkqdOT956BeefXY3CL79MnZ+Sw3ynpFOnySm1FQ02JWKjGi7GOh2+lmg0Mv17A+GlT4cKk1q21EmFGz6NnN4zpAE3iadftq3PoLSCFeDiAhHVR3jRqvgbE2VybDuUT8oA7wueMFbsoYjE2fEf4CDOKXxThAyZU9C2w7x7zahm5s9gvn5BfO/7TnVcRv5LYMKXChEZFLg/3cAdQyECgXGuMkQyjTvhWHltq3QOI1SX5L5itK13qAM5f9co/HrsWOCQM30ucBtimVqqVCbVlpVsoyODXPj3mka+hioXHqc74ay9OrD9QPUe9vvTpaincVoZ/UpxoqJLwxLUt6hDenJ69PL9+fvjl9dX12cf7+/OTt6dXs5NVpVhMhcU7ge0Y3jlGI0MIngXdJFsVSVc7dnZNNI3Y2DPedPLS8Z29Pfjh9B8JeXL6/eHd6+dPl2fWOrA4aiBNqxs7YoHKrbN8cwAc93u0wrSFy1A3OmdfdWT85RF0Q918JdWngoOtXs3K6wkhMU+aSgrpnhVXpUo7xKwr35YCi12iQbshbHk5UNFkagyHqhleUI9zsOx864nW7qlXC7Iy6UY8R7F2EAcxG4ARJ/cjz8fFdciIT7PPmefM54mslIV9+zUq4+ngnkJ+fVHxC2YL66xRCheWVXEqFpzPhQ1Xx6R1xU3Nj5bnqFxEHXBUCPv1RdAgP/k7vIr48bQZseY0+WpNt7bGg7ODQDh5CckIArugsrPgsrK+CIWd5wCGkIlpCIxrQ5VasgfSKh5P0+pCOOaQC78Q7JQ109daf6bIO3vnT4JEFToPkLeTtDpqOh+pTK/U+TLnby9tkLHtk/wKXGtrk/2CvMI2yVFwFmafekhy2ENB4/n9aOv8PDy+6/f9HAWWSywR9zTOyquz5GzQqHwGKRF4yuBnNQUX0gsGMeq8z9fhOqMfvY+UAwuh/h/gG+wEPAQX5OJ03NvjBKwZ/BJfRxv7ZHLv3uQjYYP/To9HO+e/RsDv/9yjAj8+Yli3GGKfJijL/F3mlZf2tiCfy00FyF/mSBqSNfbexXJYGPFLp81M9PzCaRiJs6SPjJE/xCI9VCPV5VbXXHcsXYxWhomQAOpCk8kNxEaCyzKwuM+7Cc/4Zoou5Eoc7QxGY+rF8uOXeRDxF2VMaQV+S3WZnTWtstVzH8bLSohC9v/Z2ibuUMk+dz1BjvUtX+OISNRfShSpp2xHU5cLPy2+lZSqoyl+EL+ZHsCr79baxE3s98Y8vcouHeYZRq/MSwdv4Ikso3PMyK0S+oZfGB7VRDHlKbTdkk15ceh1AToQD/xetWxCxQuIpHmOxLZapsQy+Va3Qi6ivK+b7NRpRpG2FF7VJGps2A3ZBdgrmYJ/QElme19j59IHO5QNEi/nDALIUqaBpIi7TqYTfNQ/XyeqQ7fheQx0XxKIb3ZfigoGff1X9LoIU/yAbUIel7BhHwrAqx4pjNpMCPaKxi4N9ow40Egg2AugZXV2Oc4n4c3mSsc8DGX/hu6jOL6pqCXbXlQwXkEnf4iAojOqtz11J267SpOx2PLM3rbm6oKikTdz11nYTc7H1fQA974CZBOqAdMxXGp+/tnH0D5nKgCNf+mVeXHptJcCDJvrvpIn/ZvM9sFDLpLqb9khoZYd0jUikQR4I+D/A/CGMRyJfFRaxPk9+8tTRXHtoE/+rKaN1CtCY/w/Hu/c/u/j/UaDy/L8yjd9H9p6Ic+jK1M9mhbT8sH37bJuirw7ITacTkdEX9xPEgipm4D9bbU889Qg+DO5h/ypkPNwNNNn/eFq+/zMdD7vzP48C++xfT41P6gaeuoO+cGi2f7lh9ZAfAGuw/8noqLz+N5y+mHb2/xggzzOJnEOfX3LQcuUyngkYWVbVIaPST0Lw2XPpIDFX8Hg6Mk43nQS3eBtblrnM7qCRlWc66OMnyzJOgajrftkinVyDL51scdCRhUrLc3sqygW6fZTqDug4aIEhd7Ws3QMpDvrv/6zS8RJRBul71Q4nP6zO9299dYPrubHXGeE0lmdhxDEJS+7zyi66NAco/02mfNPXfJwHdD7YYB4yDeapH3gDQXogD1HzI12W3mY3qMpRX1K6DMj7/IicxO3jjXc8VWhipHsTe9hTBdkPt43s0ci++2O3arTTqt7fX/KWjeUH27YtqxATOpY8FaGPtvAI03KzT9X3QKtugeJIGAivNPgQ01Dran4js7KGuCs5GsrNanWRcTThr8X7glwvKy/xqQ/ZBbzStYf88p0u0NfpJMfCDbnsfpyld9R377xZ9VePsjsV0uTEhn7lxaCKihV3e2TLqm/gZPdv1LtID7IWZk/EKJWXRuSgli/f7QhUcamuQujs8pslG8Cvs+kP4o6afpll4hk3yfRHdTPMKo1d4cJKZY+VL5ZwT1xzj6PuFoeV/WKQNAQtlp4h1JXsLpjroIMOOuiggw466KCDDjrooIMOOuiggw466KCDDjrooIMOOuiggw46+Ozwf7uTf68AeAAA
values:
image:
tag: v0.20.2
tag: v0.20.3
---
apiVersion: core.gardener.cloud/v1beta1
kind: ControllerRegistration
Expand Down
213 changes: 143 additions & 70 deletions pkg/controller/worker/actuator.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,8 @@ package worker

import (
"context"
"fmt"
"time"

"github.com/gardener/gardener/extensions/pkg/util"

Expand All @@ -12,10 +14,14 @@ import (
apismetal "github.com/metal-stack/gardener-extension-provider-metal/pkg/apis/metal"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/imagevector"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/metal"
metalclient "github.com/metal-stack/gardener-extension-provider-metal/pkg/metal/client"
metalv1alpha1 "github.com/metal-stack/machine-controller-manager-provider-metal/pkg/provider/migration/legacy-api/machine/v1alpha1"
metalgo "github.com/metal-stack/metal-go"
"github.com/metal-stack/metal-go/api/models"

extensionsv1alpha1 "github.com/gardener/gardener/pkg/apis/extensions/v1alpha1"
gardener "github.com/gardener/gardener/pkg/client/kubernetes"
"github.com/metal-stack/metal-lib/pkg/cache"

"github.com/go-logr/logr"

Expand All @@ -28,35 +34,148 @@ import (
"sigs.k8s.io/controller-runtime/pkg/log"
)

type delegateFactory struct {
logger logr.Logger
type (
// actuator reconciles the cluster's worker nodes and the firewalls.
//
// why is the firewall reconciliation here and not in the controlplane controller?
// the controlplane controller deploys the firewall-controller-manager including validating and mutating webhooks
// this has to be running before we can create a firewall deployment because the mutating webhook is creating the userdata
// the worker controller acts after the controlplane controller, also the terms and responsibilities are pretty similar between machine-controller-manager and firewall-controller-manager,
// so this place seems to be a valid fit.
actuator struct {
workerActuator worker.Actuator

logger logr.Logger
controllerConfig config.ControllerConfiguration
networkCache *cache.Cache[*cacheKey, *models.V1NetworkResponse]

client client.Client
scheme *runtime.Scheme
decoder runtime.Decoder
}

delegateFactory struct {
logger logr.Logger

restConfig *rest.Config

client client.Client
scheme *runtime.Scheme
decoder runtime.Decoder

dataGetter func(ctx context.Context, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) (*additionalData, error)

machineImageMapping []config.MachineImage
}

workerDelegate struct {
logger logr.Logger

restConfig *rest.Config
client client.Client
scheme *runtime.Scheme
decoder runtime.Decoder

client client.Client
scheme *runtime.Scheme
decoder runtime.Decoder
machineImageMapping []config.MachineImage
seedChartApplier gardener.ChartApplier
serverVersion string

cluster *extensionscontroller.Cluster
worker *extensionsv1alpha1.Worker

machineClasses []map[string]interface{}
machineDeployments worker.MachineDeployments
machineImages []apismetal.MachineImage

additionalData *additionalData
}
)

func (a *actuator) InjectScheme(scheme *runtime.Scheme) error {
a.scheme = scheme
a.decoder = serializer.NewCodecFactory(a.scheme).UniversalDecoder()
return nil
}

machineImageMapping []config.MachineImage
controllerConfig config.ControllerConfiguration
func (a *actuator) InjectClient(client client.Client) error {
a.client = client
return nil
}

// NewActuator creates a new Actuator that updates the status of the handled WorkerPoolConfigs.
func NewActuator(machineImages []config.MachineImage, controllerConfig config.ControllerConfiguration) worker.Actuator {
logger := log.Log.WithName("metal-worker-actuator")

a := &actuator{
logger: logger,
controllerConfig: controllerConfig,
networkCache: cache.New(15*time.Minute, func(ctx context.Context, accessor *cacheKey) (*models.V1NetworkResponse, error) {
mclient, ok := ctx.Value("client").(metalgo.Client)
if !ok {
return nil, fmt.Errorf("no client passed in context")
}

privateNetwork, err := metalclient.GetPrivateNetworkFromNodeNetwork(ctx, mclient, accessor.projectID, accessor.nodeCIDR)
if err != nil {
return nil, err
}

return privateNetwork, nil
}),
}

delegateFactory := &delegateFactory{
logger: log.Log.WithName("worker-actuator"),
machineImageMapping: machineImages,
controllerConfig: controllerConfig,
dataGetter: a.getAdditionalData,
}
return genericactuator.NewActuator(
log.Log.WithName("metal-worker-actuator"),

a.workerActuator = genericactuator.NewActuator(
logger,
delegateFactory,
metal.MachineControllerManagerName,
mcmChart,
mcmShootChart,
imagevector.ImageVector(),
extensionscontroller.ChartRendererFactoryFunc(util.NewChartRendererForShoot),
)

return a
}

func (a *actuator) Reconcile(ctx context.Context, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) error {
err := a.firewallReconcile(ctx, worker, cluster)
if err != nil {
return err
}

return a.workerActuator.Reconcile(ctx, worker, cluster)
}

func (a *actuator) Delete(ctx context.Context, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) error {
err := a.workerActuator.Delete(ctx, worker, cluster)
if err != nil {
return err
}

return a.firewallDelete(ctx, cluster)
}

func (a *actuator) Migrate(ctx context.Context, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) error {
err := a.workerActuator.Migrate(ctx, worker, cluster)
if err != nil {
return err
}

return a.firewallMigrate(ctx, cluster)
}

func (a *actuator) Restore(ctx context.Context, worker *extensionsv1alpha1.Worker, cluster *extensionscontroller.Cluster) error {
err := a.firewallRestore(ctx, worker, cluster)
if err != nil {
return err
}

return a.workerActuator.Restore(ctx, worker, cluster)
}

func (d *delegateFactory) InjectScheme(scheme *runtime.Scheme) error {
Expand Down Expand Up @@ -95,70 +214,24 @@ func (d *delegateFactory) WorkerDelegate(ctx context.Context, worker *extensions
return nil, err
}

return NewWorkerDelegate(
d.logger,
d.client,
d.scheme,
d.decoder,

d.machineImageMapping,
seedChartApplier,
serverVersion.GitVersion,

worker,
cluster,
d.controllerConfig,
), nil
}

type workerDelegate struct {
logger logr.Logger

client client.Client
scheme *runtime.Scheme
decoder runtime.Decoder

machineImageMapping []config.MachineImage
seedChartApplier gardener.ChartApplier
serverVersion string

cluster *extensionscontroller.Cluster
worker *extensionsv1alpha1.Worker

machineClasses []map[string]interface{}
machineDeployments worker.MachineDeployments
machineImages []apismetal.MachineImage

controllerConfig config.ControllerConfiguration
}

// NewWorkerDelegate creates a new context for a worker reconciliation.
func NewWorkerDelegate(
logger logr.Logger,
client client.Client,
scheme *runtime.Scheme,
decoder runtime.Decoder,

machineImageMapping []config.MachineImage,
seedChartApplier gardener.ChartApplier,
serverVersion string,

worker *extensionsv1alpha1.Worker,
cluster *extensionscontroller.Cluster,
controllerConfig config.ControllerConfiguration,
additionalData, err := d.dataGetter(ctx, worker, cluster)
if err != nil {
return nil, err
}

) genericactuator.WorkerDelegate {
return &workerDelegate{
logger: logger,
client: client,
scheme: scheme,
decoder: decoder,
logger: d.logger,
client: d.client,
scheme: d.scheme,
decoder: d.decoder,

machineImageMapping: machineImageMapping,
machineImageMapping: d.machineImageMapping,
seedChartApplier: seedChartApplier,
serverVersion: serverVersion,
serverVersion: serverVersion.GitVersion,

cluster: cluster,
worker: worker,
}

additionalData: additionalData,
}, nil
}
50 changes: 50 additions & 0 deletions pkg/controller/worker/firewall_delete.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
package worker

import (
"context"
"errors"
"fmt"
"time"

extensionscontroller "github.com/gardener/gardener/extensions/pkg/controller"
retryutils "github.com/gardener/gardener/pkg/utils/retry"
fcmv2 "github.com/metal-stack/firewall-controller-manager/api/v2"
"github.com/metal-stack/gardener-extension-provider-metal/pkg/metal"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/controller-runtime/pkg/client"
)

func (a *actuator) firewallDelete(ctx context.Context, cluster *extensionscontroller.Cluster) error {
a.logger.Info("ensuring firewall deployment gets deleted")

return retryutils.UntilTimeout(ctx, 5*time.Second, 2*time.Minute, func(ctx context.Context) (bool, error) {
deploy := &fcmv2.FirewallDeployment{
ObjectMeta: metav1.ObjectMeta{
Name: metal.FirewallDeploymentName,
Namespace: cluster.ObjectMeta.Name,
},
}

err := a.client.Get(ctx, client.ObjectKeyFromObject(deploy), deploy)
if err != nil {
if apierrors.IsNotFound(err) {
a.logger.Info("firewall deployment deletion succeeded")
return retryutils.Ok()
}
return retryutils.SevereError(fmt.Errorf("error getting firewall deployment: %w", err))
}

if deploy.DeletionTimestamp == nil {
a.logger.Info("deleting firewall deployment")
err = a.client.Delete(ctx, deploy)
if err != nil {
return retryutils.SevereError(fmt.Errorf("error deleting firewall deployment: %w", err))
}

return retryutils.MinorError(errors.New("firewall deployment is still ongoing"))
}

return retryutils.MinorError(errors.New("firewall deployment is still ongoing"))
})
}
Loading

0 comments on commit 62296db

Please sign in to comment.