Address review comments

Signed-off-by: Artiom Diomin <artiom.diomin@sap.com>

charts/internal/seed-controlplane/charts/ingress-gce/templates/deployment.yaml

@@ -3,8 +3,6 @@ kind: Deployment
 metadata:
   name: ingress-gce
   namespace: {{ .Release.Namespace }}
-  annotations:
-    scheduler.alpha.kubernetes.io/critical-pod: ''
   labels:
     app: kubernetes
     role: glbc
@@ -33,6 +31,7 @@ spec:
 {{- end }}
     spec:
       automountServiceAccountToken: false
+      priorityClassName: system-cluster-critical
       containers:
         - name: glbc
           image: {{ index .Values.images "ingress-gce" }}

imagevector/images.yaml

@@ -257,7 +257,7 @@ images:
       integrity_requirement: 'high'
       availability_requirement: 'low'
 - name: default-http-backend
-  sourceRepository: github.com/kubernetes/ingress-gce
+  sourceRepository: https://github.com/kubernetes/ingress-gce
   repository: europe-docker.pkg.dev/gardener-project/releases/gardener/ingress-default-backend
   tag: "0.20.0"
   labels:

pkg/apis/gcp/types_infrastructure.go

@@ -72,7 +72,7 @@ const (
 	PurposeNodes SubnetPurpose = "nodes"
 	// PurposeInternal is a SubnetPurpose for internal use.
 	PurposeInternal SubnetPurpose = "internal"
-	// PurposeServices is a SubnetPurpose for internal use.
+	// PurposeServices is a SubnetPurpose for services.
 	PurposeServices SubnetPurpose = "services"
 )
 

pkg/apis/gcp/v1alpha1/types_infrastructure.go

@@ -77,7 +77,7 @@ const (
 	PurposeNodes SubnetPurpose = "nodes"
 	// PurposeInternal is a SubnetPurpose for internal use.
 	PurposeInternal SubnetPurpose = "internal"
-	// PurposeServices is a SubnetPurpose for internal use.
+	// PurposeServices is a SubnetPurpose for services.
 	PurposeServices SubnetPurpose = "services"
 )
 

pkg/controller/infrastructure/flow_reconciler.go

@@ -83,8 +83,7 @@ func (f *FlowReconciler) Reconcile(ctx context.Context, infra *extensionsv1alpha
 		Factory:        gcpclient.New(),
 		Client:         f.client,
 		Networking:     cluster.Shoot.Spec.Networking,
-	},
-	)
+	})
 	if err != nil {
 		return fmt.Errorf("failed to create flow context: %v", err)
 	}
@@ -156,11 +155,9 @@ func (f *FlowReconciler) infrastructureStateFromRaw(infra *extensionsv1alpha1.In
 }
 
 func (f *FlowReconciler) migrateFromTerraform(ctx context.Context, infra *extensionsv1alpha1.Infrastructure) (*gcp.InfrastructureState, error) {
-	var (
-		state = &gcp.InfrastructureState{
-			Data: map[string]string{},
-		}
-	)
+	state := &gcp.InfrastructureState{
+		Data: map[string]string{},
+	}
 	// we want to prevent allowing the deletion of infrastructure if there may be still resources in the cloudprovider. We will initialize the data
 	// with a specific "marker" so that the deletion
 	tf, err := internal.NewTerraformer(f.log, f.restConfig, infrainternal.TerraformerPurpose, infra, f.disableProjectedTokenMount)

pkg/controller/infrastructure/infraflow/ensure.go

@@ -97,8 +97,8 @@ func (fctx *FlowContext) ensureUserManagedVPC(ctx context.Context) error {
 }
 
 func (fctx *FlowContext) ensureIPv6CIDRs(ctx context.Context) error {
-	nodeSubnet := fctx.whiteboard.GetObject(ObjectKeyNodeSubnet).(*compute.Subnetwork)
-	if nodeSubnet == nil {
+	nodeSubnet, ok := fctx.whiteboard.GetObject(ObjectKeyNodeSubnet).(*compute.Subnetwork)
+	if !ok || nodeSubnet == nil {
 		return fmt.Errorf("failed to get the subnet for nodes")
 	}
 
@@ -108,8 +108,8 @@ func (fctx *FlowContext) ensureIPv6CIDRs(ctx context.Context) error {
 	}
 	fctx.whiteboard.Set(NodesSubnetIPv6CIDR, nodesIPv6Range)
 
-	srvSubnet := fctx.whiteboard.GetObject(ObjectKeyServicesSubnet).(*compute.Subnetwork)
-	if srvSubnet == nil {
+	srvSubnet, ok := fctx.whiteboard.GetObject(ObjectKeyServicesSubnet).(*compute.Subnetwork)
+	if !ok || srvSubnet == nil {
 		return fmt.Errorf("failed to get the subnet for services")
 	}
 
@@ -427,17 +427,17 @@ func (fctx *FlowContext) ensureFirewallRules(ctx context.Context) error {
 		firewallRuleAllowHealthChecks(shared.FirewallRuleAllowHealthChecksName(fctx.clusterName), vpc.SelfLink, healthCheckSourceRangesIPv4),
 	}
 
-	cidrsipv6 := []*string{}
-	if nodesipv6 := fctx.whiteboard.Get(NodesSubnetIPv6CIDR); ptr.Deref(nodesipv6, "") != "" {
-		cidrsipv6 = append(cidrsipv6, nodesipv6)
+	cidrsIPv6 := []*string{}
+	if nodesIPv6 := fctx.whiteboard.Get(NodesSubnetIPv6CIDR); ptr.Deref(nodesIPv6, "") != "" {
+		cidrsIPv6 = append(cidrsIPv6, nodesIPv6)
 	}
-	if servicesipv6 := fctx.whiteboard.Get(ServicesSubnetIPv6CIDR); ptr.Deref(servicesipv6, "") != "" {
-		cidrsipv6 = append(cidrsipv6, servicesipv6)
+	if servicesIPv6 := fctx.whiteboard.Get(ServicesSubnetIPv6CIDR); ptr.Deref(servicesIPv6, "") != "" {
+		cidrsIPv6 = append(cidrsIPv6, servicesIPv6)
 	}
 
-	if len(cidrsipv6) > 0 {
+	if len(cidrsIPv6) > 0 {
 		rules = append(rules,
-			firewallRuleAllowInternalIPv6(shared.FirewallRuleAllowInternalNameIPv6(fctx.clusterName), vpc.SelfLink, cidrsipv6),
+			firewallRuleAllowInternalIPv6(shared.FirewallRuleAllowInternalNameIPv6(fctx.clusterName), vpc.SelfLink, cidrsIPv6),
 			firewallRuleAllowHealthChecks(shared.FirewallRuleAllowHealthChecksNameIPv6(fctx.clusterName), vpc.SelfLink, healthCheckSourceRangesIPv6),
 		)
 	}

pkg/gcp/types.go

@@ -16,7 +16,7 @@ const (
 	CloudControllerManagerImageName = "cloud-controller-manager"
 	// IngressGCEImageName is the name of the ingress-gce image.
 	IngressGCEImageName = "ingress-gce"
-	// DefaultHTTPBackendImageName is the name of the csi-driver image.
+	// DefaultHTTPBackendImageName is the name of the default-http-backend image.
 	DefaultHTTPBackendImageName = "default-http-backend"
 	// CSIDriverImageName is the name of the csi-driver image.
 	CSIDriverImageName = "csi-driver"