diff --git a/.github/workflows/latest.yaml b/.github/workflows/latest.yaml index 517492a60..97cd2063e 100644 --- a/.github/workflows/latest.yaml +++ b/.github/workflows/latest.yaml @@ -19,6 +19,11 @@ jobs: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + - name: Set up Go 1.16 + uses: actions/setup-go@v2.1.3 + with: + go-version: '1.16.x' + - name: Check (lint) and Test run: | make test-in-docker diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml index 799b7e2b9..05713f447 100644 --- a/.github/workflows/pull_request.yaml +++ b/.github/workflows/pull_request.yaml @@ -24,6 +24,11 @@ jobs: password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} if: steps.fork.outputs.is_fork_pr == 'false' + - name: Set up Go 1.16 + uses: actions/setup-go@v2.1.3 + with: + go-version: '1.16.x' + - name: Check (lint) and Test run: | make test-in-docker diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 345f66f83..d703e36db 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -19,6 +19,11 @@ jobs: username: ${{ secrets.DOCKER_REGISTRY_USER }} password: ${{ secrets.DOCKER_REGISTRY_TOKEN }} + - name: Set up Go 1.16 + uses: actions/setup-go@v2.1.3 + with: + go-version: '1.16.x' + - name: Check (lint) and Test run: | make test-in-docker diff --git a/charts/internal/crds-firewall/templates/metal-stack.io_firewalls.yaml b/charts/internal/crds-firewall/templates/metal-stack.io_firewalls.yaml index 415640c5d..f44537e7b 100644 --- a/charts/internal/crds-firewall/templates/metal-stack.io_firewalls.yaml +++ b/charts/internal/crds-firewall/templates/metal-stack.io_firewalls.yaml @@ -14,231 +14,235 @@ spec: listKind: FirewallList plural: firewalls shortNames: - - fw + - fw singular: firewall scope: Namespaced versions: - - additionalPrinterColumns: - - jsonPath: .spec.interval - name: Interval - type: string - - jsonPath: .spec.internalprefixes - name: InternalPrefixes - type: string - name: v1 - schema: - openAPIV3Schema: - description: Firewall is the Schema for the firewalls API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation + - additionalPrinterColumns: + - jsonPath: .spec.interval + name: Interval + type: string + - jsonPath: .spec.internalprefixes + name: InternalPrefixes + type: string + name: v1 + schema: + openAPIV3Schema: + description: Firewall is the Schema for the firewalls API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: FirewallSpec defines the desired state of Firewall - properties: - controllerVersion: - description: ControllerVersion holds the firewall-controller version - to reconcile. - type: string - dryrun: - description: DryRun if set to true, firewall rules are not applied - type: boolean - egressRules: - description: EgressRules - items: - description: EgressRuleSNAT holds a Source-NAT rule - properties: - ips: - items: - type: string - type: array - networkid: - type: string - required: - - ips - - networkid - type: object - type: array - firewallNetworks: - description: FirewallNetworks holds the networks known at the metal-api - for this firewall machine - items: - properties: - asn: - format: int64 - type: integer - destinationprefixes: - items: + type: string + metadata: + type: object + spec: + description: FirewallSpec defines the desired state of Firewall + properties: + controllerVersion: + description: ControllerVersion holds the firewall-controller version + to reconcile. + type: string + dryrun: + description: DryRun if set to true, firewall rules are not applied + type: boolean + egressRules: + description: EgressRules + items: + description: EgressRuleSNAT holds a Source-NAT rule + properties: + ips: + items: + type: string + type: array + networkid: type: string - type: array - ips: - items: + required: + - ips + - networkid + type: object + type: array + enableIDS: + description: EnableIDS specifies if we need to enable IDS on the firewall + machine + type: boolean + firewallNetworks: + description: FirewallNetworks holds the networks known at the metal-api + for this firewall machine + items: + properties: + asn: + format: int64 + type: integer + destinationprefixes: + items: + type: string + type: array + ips: + items: + type: string + type: array + nat: + type: boolean + networkid: type: string - type: array - nat: - type: boolean - networkid: - type: string - networktype: - type: string - prefixes: - items: + networktype: type: string - type: array - vrf: - format: int64 - type: integer - required: - - asn - - destinationprefixes - - ips - - nat - - networkid - - networktype - - prefixes - - vrf - type: object - type: array - internalprefixes: - description: 'InternalPrefixes specify prefixes which are considered + prefixes: + items: + type: string + type: array + vrf: + format: int64 + type: integer + required: + - asn + - destinationprefixes + - ips + - nat + - networkid + - networktype + - prefixes + - vrf + type: object + type: array + internalprefixes: + description: 'InternalPrefixes specify prefixes which are considered local to the partition or all regions. Traffic to/from these prefixes is accounted as internal traffic TODO: align to camel-case - rename to internalPrefixes' - items: + items: + type: string + type: array + interval: + description: Interval on which rule reconciliation should happen + type: string + ipv4rulefile: + description: TrafficControl defines where to store the generated ipv4 + firewall rules on disk + type: string + rateLimits: + description: RateLimits allows configuration of rate limit rules for + interfaces. + items: + description: RateLimit contains the rate limit rule for a network. + properties: + networkid: + description: NetworkID specifies the network which should be + rate limited + type: string + rate: + description: Rate is the input rate in MiB/s + format: int32 + type: integer + required: + - networkid + - rate + type: object + type: array + signature: + description: Signature of firewall attributes generated by GEPM. + type: string + required: + - signature + type: object + status: + description: FirewallStatus defines the observed state of Firewall + properties: + lastRun: + format: date-time + type: string + message: type: string - type: array - interval: - description: Interval on which rule reconciliation should happen - type: string - ipv4rulefile: - description: TrafficControl defines where to store the generated ipv4 - firewall rules on disk - type: string - rateLimits: - description: RateLimits allows configuration of rate limit rules for - interfaces. - items: - description: RateLimit contains the rate limit rule for a network. + stats: + description: FirewallStats contains firewall statistics properties: - networkid: - description: NetworkID specifies the network which should be - rate limited - type: string - rate: - description: Rate is the input rate in MiB/s - format: int32 - type: integer - required: - - networkid - - rate - type: object - type: array - signature: - description: Signature of firewall attributes generated by GEPM. - type: string - required: - - signature - type: object - status: - description: FirewallStatus defines the observed state of Firewall - properties: - lastRun: - format: date-time - type: string - message: - type: string - stats: - description: FirewallStats contains firewall statistics - properties: - devices: - additionalProperties: - description: DeviceStat contains statistics of a device - properties: - in: - format: int64 - type: integer - out: - format: int64 - type: integer - total: - description: 'Deprecated: TotalBytes is kept for backwards + devices: + additionalProperties: + description: DeviceStat contains statistics of a device + properties: + in: + format: int64 + type: integer + out: + format: int64 + type: integer + total: + description: 'Deprecated: TotalBytes is kept for backwards compatibility' - format: int64 - type: integer - required: - - in - - out - - total - type: object - description: DeviceStatsByDevice contains DeviceStatistics grouped - by device name - type: object - idsstats: - additionalProperties: - properties: - drop: - type: integer - invalidchecksums: - type: integer - packets: - type: integer - required: - - drop - - invalidchecksums - - packets + format: int64 + type: integer + required: + - in + - out + - total + type: object + description: DeviceStatsByDevice contains DeviceStatistics grouped + by device name type: object - type: object - rules: - additionalProperties: + idsstats: additionalProperties: - description: RuleStat contains the statistics for a single - nftables rule properties: - counter: - description: Counter holds values of a nftables counter - object - properties: - bytes: - format: int64 - type: integer - packets: - format: int64 - type: integer - required: - - bytes - - packets - type: object + drop: + type: integer + invalidchecksums: + type: integer + packets: + type: integer required: - - counter + - drop + - invalidchecksums + - packets type: object - description: RuleStats contains firewall rule statistics of - all rules of an action type: object - description: 'RuleStatsByAction contains firewall rule statistics + rules: + additionalProperties: + additionalProperties: + description: RuleStat contains the statistics for a single + nftables rule + properties: + counter: + description: Counter holds values of a nftables counter + object + properties: + bytes: + format: int64 + type: integer + packets: + format: int64 + type: integer + required: + - bytes + - packets + type: object + required: + - counter + type: object + description: RuleStats contains firewall rule statistics of + all rules of an action + type: object + description: 'RuleStatsByAction contains firewall rule statistics groups by action: e.g. accept, drop, policy, masquerade' - type: object - required: - - devices - - idsstats - - rules - type: object - required: - - stats - type: object - type: object - served: true - storage: true - subresources: - status: {} + type: object + required: + - devices + - idsstats + - rules + type: object + required: + - stats + type: object + type: object + served: true + storage: true + subresources: + status: {} status: acceptedNames: kind: ""