diff --git a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalldeployments.yaml b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalldeployments.yaml index bdbf4f2e4..af0ea8460 100644 --- a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalldeployments.yaml +++ b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalldeployments.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: firewalldeployments.firewall.metal-stack.io spec: group: firewall.metal-stack.io @@ -41,14 +40,19 @@ spec: rolling update for the managed firewalls. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -56,21 +60,22 @@ spec: description: Spec contains the firewall deployment specification. properties: replicas: - description: Replicas is the amount of firewall replicas targeted - to be running. Defaults to 1. + description: |- + Replicas is the amount of firewall replicas targeted to be running. + Defaults to 1. type: integer selector: additionalProperties: type: string - description: Selector is a label query over firewalls that should - match the replicas count. If selector is empty, it is defaulted - to the labels present on the firewall template. Label keys and values - that must match in order to be controlled by this replication controller, - if empty defaulted to labels on firewall template. + description: |- + Selector is a label query over firewalls that should match the replicas count. + If selector is empty, it is defaulted to the labels present on the firewall template. + Label keys and values that must match in order to be controlled by this replication + controller, if empty defaulted to labels on firewall template. type: object strategy: - description: Strategy describes the strategy how firewalls are updated - in case the update requires a physical recreation of the firewalls. + description: |- + Strategy describes the strategy how firewalls are updated in case the update requires a physical recreation of the firewalls. Defaults to RollingUpdate strategy. type: string template: @@ -100,11 +105,10 @@ spec: description: Spec contains the firewall specification. properties: allowedNetworks: - description: AllowedNetworks defines dedicated networks for - which the firewall allows in- and outgoing traffic. The - firewall-controller only enforces this setting in combination - with NetworkAccessType set to forbidden. The node network - is always allowed. + description: |- + AllowedNetworks defines dedicated networks for which the firewall allows in- and outgoing traffic. + The firewall-controller only enforces this setting in combination with NetworkAccessType set to forbidden. + The node network is always allowed. properties: egress: description: Egress defines a list of cidrs which are @@ -161,15 +165,14 @@ spec: type: object type: array image: - description: Image is the os image of the firewall. An update - on this field requires the recreation of the physical firewall - and can therefore lead to traffic interruption for the cluster. + description: |- + Image is the os image of the firewall. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. type: string internalPrefixes: - description: InternalPrefixes specify prefixes which are considered - local to the partition or all regions. This is used for - the traffic counters. Traffic to/from these prefixes is - counted as internal traffic. + description: |- + InternalPrefixes specify prefixes which are considered local to the partition or all regions. This is used for the traffic counters. + Traffic to/from these prefixes is counted as internal traffic. items: type: string type: array @@ -186,12 +189,10 @@ spec: accepted connections in the droptailer log. type: boolean networks: - description: Networks are the networks to which this firewall - is connected. An update on this field requires the recreation - of the physical firewall and can therefore lead to traffic - interruption for the cluster. Detailed information about - the networks are fetched continuously during runtime and - stored in the status.firewallNetworks. + description: |- + Networks are the networks to which this firewall is connected. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. + Detailed information about the networks are fetched continuously during runtime and stored in the status.firewallNetworks. items: type: string type: array @@ -232,24 +233,21 @@ spec: type: object type: array size: - description: Size is the machine size of the firewall. An - update on this field requires the recreation of the physical - firewall and can therefore lead to traffic interruption - for the cluster. + description: |- + Size is the machine size of the firewall. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. type: string sshPublicKeys: - description: SSHPublicKeys are public keys which are added - to the firewall's authorized keys file on creation. It gets - defaulted to the public key of ssh secret as provided by - the controller flags. + description: |- + SSHPublicKeys are public keys which are added to the firewall's authorized keys file on creation. + It gets defaulted to the public key of ssh secret as provided by the controller flags. items: type: string type: array userdata: - description: Userdata contains the userdata used for the creation - of the firewall. It gets defaulted to a userdata matching - for the firewall-controller with connection to Gardener - shoot and seed. + description: |- + Userdata contains the userdata used for the creation of the firewall. + It gets defaulted to a userdata matching for the firewall-controller with connection to Gardener shoot and seed. type: string required: - image diff --git a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallmonitors.yaml b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallmonitors.yaml index 438f5b095..c73f36a7c 100644 --- a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallmonitors.yaml +++ b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallmonitors.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: firewallmonitors.firewall.metal-stack.io spec: group: firewall.metal-stack.io @@ -36,14 +35,16 @@ spec: name: v2 schema: openAPIV3Schema: - description: FirewallMonitor is typically deployed into the shoot cluster - in comparison to the other resources of this controller which are deployed - into the seed cluster's shoot namespace. + description: |- + FirewallMonitor is typically deployed into the shoot cluster in comparison to the other resources of this controller + which are deployed into the seed cluster's shoot namespace. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string conditions: description: Conditions contain the latest available observations of a @@ -89,19 +90,18 @@ spec: controllerVersion: type: string distance: - description: FirewallDistance defines the as-path length of firewalls, - influencing how strong they attract network traffic for routing - traffic in and out of the cluster. This is of particular interest - during rolling firewall updates, i.e. when there is more than a - single firewall running in front of the cluster. During a rolling - update, new firewalls start with a longer distance such that traffic - is only attracted by the existing firewalls ("firewall staging"). - When the new firewall has connected successfully to the firewall - monitor, the deployment controller throws away the old firewalls - and the new firewall takes over the routing. The deployment controller - will then shorten the distance of the new firewall. This approach - reduces service interruption of the external user traffic of the - cluster (for firewall-controller versions that support this feature). + description: |- + FirewallDistance defines the as-path length of firewalls, influencing how strong they attract + network traffic for routing traffic in and out of the cluster. + This is of particular interest during rolling firewall updates, i.e. when there is + more than a single firewall running in front of the cluster. + During a rolling update, new firewalls start with a longer distance such that + traffic is only attracted by the existing firewalls ("firewall staging"). + When the new firewall has connected successfully to the firewall monitor, the deployment + controller throws away the old firewalls and the new firewall takes over the routing. + The deployment controller will then shorten the distance of the new firewall. + This approach reduces service interruption of the external user traffic of the cluster + (for firewall-controller versions that support this feature). type: integer distanceSupported: type: boolean @@ -209,9 +209,12 @@ spec: description: Image is the os image of the firewall. type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string logAcceptedConnections: description: LogAcceptedConnections if set to true, also log accepted diff --git a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalls.yaml b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalls.yaml index bf2cb438c..f0f56f9c9 100644 --- a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalls.yaml +++ b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewalls.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: firewalls.firewall.metal-stack.io spec: group: firewall.metal-stack.io @@ -48,18 +47,24 @@ spec: cluster. It has a 1:1 relationship to a firewall in the metal-stack api. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string distance: - description: Distance defines the as-path length of a firewall. This field - is typically orchestrated by the deployment controller. + description: |- + Distance defines the as-path length of a firewall. + This field is typically orchestrated by the deployment controller. type: integer kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -67,10 +72,10 @@ spec: description: Spec contains the firewall specification. properties: allowedNetworks: - description: AllowedNetworks defines dedicated networks for which - the firewall allows in- and outgoing traffic. The firewall-controller - only enforces this setting in combination with NetworkAccessType - set to forbidden. The node network is always allowed. + description: |- + AllowedNetworks defines dedicated networks for which the firewall allows in- and outgoing traffic. + The firewall-controller only enforces this setting in combination with NetworkAccessType set to forbidden. + The node network is always allowed. properties: egress: description: Egress defines a list of cidrs which are allowed @@ -126,15 +131,14 @@ spec: type: object type: array image: - description: Image is the os image of the firewall. An update on this - field requires the recreation of the physical firewall and can therefore - lead to traffic interruption for the cluster. + description: |- + Image is the os image of the firewall. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. type: string internalPrefixes: - description: InternalPrefixes specify prefixes which are considered - local to the partition or all regions. This is used for the traffic - counters. Traffic to/from these prefixes is counted as internal - traffic. + description: |- + InternalPrefixes specify prefixes which are considered local to the partition or all regions. This is used for the traffic counters. + Traffic to/from these prefixes is counted as internal traffic. items: type: string type: array @@ -151,11 +155,10 @@ spec: connections in the droptailer log. type: boolean networks: - description: Networks are the networks to which this firewall is connected. - An update on this field requires the recreation of the physical - firewall and can therefore lead to traffic interruption for the - cluster. Detailed information about the networks are fetched continuously - during runtime and stored in the status.firewallNetworks. + description: |- + Networks are the networks to which this firewall is connected. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. + Detailed information about the networks are fetched continuously during runtime and stored in the status.firewallNetworks. items: type: string type: array @@ -193,21 +196,21 @@ spec: type: object type: array size: - description: Size is the machine size of the firewall. An update on - this field requires the recreation of the physical firewall and - can therefore lead to traffic interruption for the cluster. + description: |- + Size is the machine size of the firewall. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. type: string sshPublicKeys: - description: SSHPublicKeys are public keys which are added to the - firewall's authorized keys file on creation. It gets defaulted to - the public key of ssh secret as provided by the controller flags. + description: |- + SSHPublicKeys are public keys which are added to the firewall's authorized keys file on creation. + It gets defaulted to the public key of ssh secret as provided by the controller flags. items: type: string type: array userdata: - description: Userdata contains the userdata used for the creation - of the firewall. It gets defaulted to a userdata matching for the - firewall-controller with connection to Gardener shoot and seed. + description: |- + Userdata contains the userdata used for the creation of the firewall. + It gets defaulted to a userdata matching for the firewall-controller with connection to Gardener shoot and seed. type: string required: - image @@ -258,11 +261,10 @@ spec: type: object type: array controllerStatus: - description: ControllerStatus holds the a brief version of the firewall-controller - reconciling this firewall. The firewall-controller itself has only - read-access to resources in the seed, including the firewall status - inside the firewall resource. This will be updated by the firewall - monitor controller. + description: |- + ControllerStatus holds the a brief version of the firewall-controller reconciling this firewall. + The firewall-controller itself has only read-access to resources in the seed, including the firewall status + inside the firewall resource. This will be updated by the firewall monitor controller. properties: actualDistance: description: ActualDistance is the actual distance as reflected @@ -284,14 +286,14 @@ spec: type: string type: object firewallNetworks: - description: FirewallNetworks holds refined information about the - networks that this firewall is connected to. The information is - used by the firewall-controller in order to reconcile this firewall. + description: |- + FirewallNetworks holds refined information about the networks that this firewall is connected to. + The information is used by the firewall-controller in order to reconcile this firewall. See .spec.networks. items: - description: FirewallNetwork holds refined information about a network - that the firewall is connected to. The information is used by - the firewall-controller in order to reconcile the firewall. + description: |- + FirewallNetwork holds refined information about a network that the firewall is connected to. + The information is used by the firewall-controller in order to reconcile the firewall. properties: asn: description: Asn is the autonomous system number of this network. @@ -329,12 +331,9 @@ spec: type: integer required: - asn - - destinationPrefixes - - ips - nat - networkID - networkType - - prefixes - vrf type: object type: array @@ -396,9 +395,9 @@ spec: description: APIServerURL is the URL of the shoot's API server. type: string genericKubeconfigSecretName: - description: GenericKubeconfigSecretName is the secret name of - the generic kubeconfig secret deployed by Gardener to be used - as a template for constructing a shoot client. + description: |- + GenericKubeconfigSecretName is the secret name of the generic kubeconfig secret deployed by Gardener + to be used as a template for constructing a shoot client. type: string namespace: description: Namespace is the namespace in the seed where the diff --git a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallsets.yaml b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallsets.yaml index e752c9a60..ae2878a82 100644 --- a/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallsets.yaml +++ b/charts/internal/crds-firewall/templates/firewall-controller-manager/firewall.metal-stack.io_firewallsets.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.14.0 name: firewallsets.firewall.metal-stack.io spec: group: firewall.metal-stack.io @@ -45,14 +44,19 @@ spec: of firewall replicas is running. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -60,7 +64,8 @@ spec: description: Spec contains the firewall set specification. properties: distance: - description: Distance defines the as-path length of the firewalls. + description: |- + Distance defines the as-path length of the firewalls. This field is typically orchestrated by the deployment controller. type: integer replicas: @@ -70,11 +75,11 @@ spec: selector: additionalProperties: type: string - description: Selector is a label query over firewalls that should - match the replicas count. If selector is empty, it is defaulted - to the labels present on the firewall template. Label keys and values - that must match in order to be controlled by this replication controller, - if empty defaulted to labels on firewall template. + description: |- + Selector is a label query over firewalls that should match the replicas count. + If selector is empty, it is defaulted to the labels present on the firewall template. + Label keys and values that must match in order to be controlled by this replication + controller, if empty defaulted to labels on firewall template. type: object template: description: Template is the firewall spec used for creating the firewalls. @@ -103,11 +108,10 @@ spec: description: Spec contains the firewall specification. properties: allowedNetworks: - description: AllowedNetworks defines dedicated networks for - which the firewall allows in- and outgoing traffic. The - firewall-controller only enforces this setting in combination - with NetworkAccessType set to forbidden. The node network - is always allowed. + description: |- + AllowedNetworks defines dedicated networks for which the firewall allows in- and outgoing traffic. + The firewall-controller only enforces this setting in combination with NetworkAccessType set to forbidden. + The node network is always allowed. properties: egress: description: Egress defines a list of cidrs which are @@ -164,15 +168,14 @@ spec: type: object type: array image: - description: Image is the os image of the firewall. An update - on this field requires the recreation of the physical firewall - and can therefore lead to traffic interruption for the cluster. + description: |- + Image is the os image of the firewall. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. type: string internalPrefixes: - description: InternalPrefixes specify prefixes which are considered - local to the partition or all regions. This is used for - the traffic counters. Traffic to/from these prefixes is - counted as internal traffic. + description: |- + InternalPrefixes specify prefixes which are considered local to the partition or all regions. This is used for the traffic counters. + Traffic to/from these prefixes is counted as internal traffic. items: type: string type: array @@ -189,12 +192,10 @@ spec: accepted connections in the droptailer log. type: boolean networks: - description: Networks are the networks to which this firewall - is connected. An update on this field requires the recreation - of the physical firewall and can therefore lead to traffic - interruption for the cluster. Detailed information about - the networks are fetched continuously during runtime and - stored in the status.firewallNetworks. + description: |- + Networks are the networks to which this firewall is connected. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. + Detailed information about the networks are fetched continuously during runtime and stored in the status.firewallNetworks. items: type: string type: array @@ -235,24 +236,21 @@ spec: type: object type: array size: - description: Size is the machine size of the firewall. An - update on this field requires the recreation of the physical - firewall and can therefore lead to traffic interruption - for the cluster. + description: |- + Size is the machine size of the firewall. + An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster. type: string sshPublicKeys: - description: SSHPublicKeys are public keys which are added - to the firewall's authorized keys file on creation. It gets - defaulted to the public key of ssh secret as provided by - the controller flags. + description: |- + SSHPublicKeys are public keys which are added to the firewall's authorized keys file on creation. + It gets defaulted to the public key of ssh secret as provided by the controller flags. items: type: string type: array userdata: - description: Userdata contains the userdata used for the creation - of the firewall. It gets defaulted to a userdata matching - for the firewall-controller with connection to Gardener - shoot and seed. + description: |- + Userdata contains the userdata used for the creation of the firewall. + It gets defaulted to a userdata matching for the firewall-controller with connection to Gardener shoot and seed. type: string required: - image