From 696edfb8b7e0c69d4755cf71ec5c15451a8cd08f Mon Sep 17 00:00:00 2001 From: VOID404 Date: Fri, 13 Sep 2024 09:48:26 +0200 Subject: [PATCH 1/4] Support `Security.Networking.Filter.Egress.Enabled` --- internal/gardener/shoot/extender/network_filter.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/internal/gardener/shoot/extender/network_filter.go b/internal/gardener/shoot/extender/network_filter.go index 1f07da72..40989f64 100644 --- a/internal/gardener/shoot/extender/network_filter.go +++ b/internal/gardener/shoot/extender/network_filter.go @@ -3,15 +3,16 @@ package extender import ( gardener "github.com/gardener/gardener/pkg/apis/core/v1beta1" imv1 "github.com/kyma-project/infrastructure-manager/api/v1" - "k8s.io/utils/ptr" ) const NetworkFilterType = "shoot-networking-filter" func ExtendWithNetworkFilter(runtime imv1.Runtime, shoot *gardener.Shoot) error { //nolint:revive + networkingFilter := gardener.Extension{ - Type: NetworkFilterType, - Disabled: ptr.To(false), + Type: NetworkFilterType, + // this pointer is safe, because runtime is fully pass-by-value + Disabled: &runtime.Spec.Security.Networking.Filter.Egress.Enabled, } shoot.Spec.Extensions = append(shoot.Spec.Extensions, networkingFilter) From 60735db135209f9717132fcfbb184cd039e859f0 Mon Sep 17 00:00:00 2001 From: VOID404 Date: Mon, 16 Sep 2024 08:18:16 +0200 Subject: [PATCH 2/4] Disable static kubetoken --- internal/gardener/shoot/converter.go | 2 +- .../shoot/extender/kubernetes_version.go | 8 +++++++- .../shoot/extender/kubernetes_version_test.go | 18 ++++++++++++++++-- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/internal/gardener/shoot/converter.go b/internal/gardener/shoot/converter.go index aa819a47..4e6a891b 100644 --- a/internal/gardener/shoot/converter.go +++ b/internal/gardener/shoot/converter.go @@ -74,7 +74,7 @@ func NewConverter(config ConverterConfig) Converter { extenders := []Extend{ extender.ExtendWithAnnotations, extender.ExtendWithLabels, - extender.NewKubernetesVersionExtender(config.Kubernetes.DefaultVersion), + extender.NewKubernetesExtender(config.Kubernetes.DefaultVersion), extender.NewProviderExtender(config.Provider.AWS.EnableIMDSv2, config.MachineImage.DefaultVersion), extender.NewDNSExtender(config.DNS.SecretName, config.DNS.DomainPrefix, config.DNS.ProviderType), extender.ExtendWithOIDC, diff --git a/internal/gardener/shoot/extender/kubernetes_version.go b/internal/gardener/shoot/extender/kubernetes_version.go index fd2c9ca4..91693f26 100644 --- a/internal/gardener/shoot/extender/kubernetes_version.go +++ b/internal/gardener/shoot/extender/kubernetes_version.go @@ -3,9 +3,14 @@ package extender import ( gardener "github.com/gardener/gardener/pkg/apis/core/v1beta1" imv1 "github.com/kyma-project/infrastructure-manager/api/v1" + "k8s.io/utils/ptr" ) -func NewKubernetesVersionExtender(defaultKubernetesVersion string) func(runtime imv1.Runtime, shoot *gardener.Shoot) error { +// NewKubernetesExtender creates a new Kubernetes extender function. +// It sets the Kubernetes version of the Shoot to the version specified in the Runtime. +// If the version is not specified in the Runtime, it sets the version to the `defaultKubernetesVersion`, set in `converter_config.json`. +// It sets the EnableStaticTokenKubeconfig field of the Shoot to false. +func NewKubernetesExtender(defaultKubernetesVersion string) func(runtime imv1.Runtime, shoot *gardener.Shoot) error { return func(runtime imv1.Runtime, shoot *gardener.Shoot) error { kubernetesVersion := runtime.Spec.Shoot.Kubernetes.Version if kubernetesVersion == nil || *kubernetesVersion == "" { @@ -13,6 +18,7 @@ func NewKubernetesVersionExtender(defaultKubernetesVersion string) func(runtime } shoot.Spec.Kubernetes.Version = *kubernetesVersion + shoot.Spec.Kubernetes.EnableStaticTokenKubeconfig = ptr.To(false) return nil } diff --git a/internal/gardener/shoot/extender/kubernetes_version_test.go b/internal/gardener/shoot/extender/kubernetes_version_test.go index 9de870e3..edbf99aa 100644 --- a/internal/gardener/shoot/extender/kubernetes_version_test.go +++ b/internal/gardener/shoot/extender/kubernetes_version_test.go @@ -16,7 +16,7 @@ func TestKubernetesVersionExtender(t *testing.T) { runtime := imv1.Runtime{} // when - kubernetesVersionExtender := NewKubernetesVersionExtender("1.99") + kubernetesVersionExtender := NewKubernetesExtender("1.99") err := kubernetesVersionExtender(runtime, &shoot) // then @@ -24,6 +24,20 @@ func TestKubernetesVersionExtender(t *testing.T) { assert.Equal(t, "1.99", shoot.Spec.Kubernetes.Version) }) + t.Run("Disable static token kubeconfig", func(t *testing.T) { + // given + shoot := fixEmptyGardenerShoot("test", "kcp-system") + runtime := imv1.Runtime{} + + // when + kubernetesVersionExtender := NewKubernetesExtender("1.99") + err := kubernetesVersionExtender(runtime, &shoot) + + // then + require.NoError(t, err) + assert.Equal(t, false, *shoot.Spec.Kubernetes.EnableStaticTokenKubeconfig) + }) + t.Run("Use version provided in the Runtime CR", func(t *testing.T) { // given shoot := fixEmptyGardenerShoot("test", "kcp-system") @@ -38,7 +52,7 @@ func TestKubernetesVersionExtender(t *testing.T) { } // when - kubernetesVersionExtender := NewKubernetesVersionExtender("1.99") + kubernetesVersionExtender := NewKubernetesExtender("1.99") err := kubernetesVersionExtender(runtime, &shoot) // then From 2d3b77aaa5be759474c4c4048b81b651a34263e4 Mon Sep 17 00:00:00 2001 From: VOID404 Date: Mon, 16 Sep 2024 08:19:11 +0200 Subject: [PATCH 3/4] Change kubernetes extender file names --- .../shoot/extender/{kubernetes_version.go => kubernetes.go} | 0 .../extender/{kubernetes_version_test.go => kubernetes_test.go} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename internal/gardener/shoot/extender/{kubernetes_version.go => kubernetes.go} (100%) rename internal/gardener/shoot/extender/{kubernetes_version_test.go => kubernetes_test.go} (100%) diff --git a/internal/gardener/shoot/extender/kubernetes_version.go b/internal/gardener/shoot/extender/kubernetes.go similarity index 100% rename from internal/gardener/shoot/extender/kubernetes_version.go rename to internal/gardener/shoot/extender/kubernetes.go diff --git a/internal/gardener/shoot/extender/kubernetes_version_test.go b/internal/gardener/shoot/extender/kubernetes_test.go similarity index 100% rename from internal/gardener/shoot/extender/kubernetes_version_test.go rename to internal/gardener/shoot/extender/kubernetes_test.go From 75d63d3a0b0f2f86f25489d4b14dc674221116eb Mon Sep 17 00:00:00 2001 From: VOID404 Date: Tue, 17 Sep 2024 09:07:51 +0200 Subject: [PATCH 4/4] Fix lint --- internal/gardener/shoot/extender/network_filter.go | 1 - 1 file changed, 1 deletion(-) diff --git a/internal/gardener/shoot/extender/network_filter.go b/internal/gardener/shoot/extender/network_filter.go index 40989f64..d562342b 100644 --- a/internal/gardener/shoot/extender/network_filter.go +++ b/internal/gardener/shoot/extender/network_filter.go @@ -8,7 +8,6 @@ import ( const NetworkFilterType = "shoot-networking-filter" func ExtendWithNetworkFilter(runtime imv1.Runtime, shoot *gardener.Shoot) error { //nolint:revive - networkingFilter := gardener.Extension{ Type: NetworkFilterType, // this pointer is safe, because runtime is fully pass-by-value