[feat] - implement AddressSet CRD and support in firewall controller

PROJECT

@@ -163,8 +163,8 @@ resources:
   path: github.com/linode/cluster-api-provider-linode/api/v1alpha2
   version: v1alpha2
   webhooks:
-    validation: true
     defaulting: true
+    validation: true
     webhookVersion: v1
 - api:
     crdVersion: v1
@@ -178,4 +178,12 @@ resources:
   webhooks:
     validation: true
     webhookVersion: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: cluster.x-k8s.io
+  group: infrastructure
+  kind: AddressSet
+  path: github.com/linode/cluster-api-provider-linode/api/v1alpha2
+  version: v1alpha2
 version: "3"

Tiltfile

@@ -99,6 +99,7 @@ if os.getenv("INSTALL_RKE2_PROVIDER", "false") == "true":
     )
 capl_resources = [
     "capl-system:namespace",
+    "addresssets.infrastructure.cluster.x-k8s.io:customresourcedefinition",
     "linodeclusters.infrastructure.cluster.x-k8s.io:customresourcedefinition",
     "linodemachines.infrastructure.cluster.x-k8s.io:customresourcedefinition",
     "linodeclustertemplates.infrastructure.cluster.x-k8s.io:customresourcedefinition",

api/v1alpha2/addressset_types.go

@@ -0,0 +1,58 @@
+/*
+Copyright 2023 Akamai Technologies, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1alpha2
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// AddressSetSpec defines the desired state of AddressSet
+type AddressSetSpec struct {
+	IPv4 *[]string `json:"ipv4,omitempty"`
+	IPv6 *[]string `json:"ipv6,omitempty"`
+}
+
+// AddressSetStatus defines the observed state of AddressSet
+type AddressSetStatus struct {
+}
+
+// +kubebuilder:object:root=true
+// +kubebuilder:subresource:status
+// +kubebuilder:resource:path=addressset,scope=Namespaced,categories=cluster-api,shortName=addrset
+// +kubebuilder:metadata:labels="clusterctl.cluster.x-k8s.io/move-hierarchy=true"
+
+// AddressSet is the Schema for the addresssets API
+type AddressSet struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AddressSetSpec   `json:"spec,omitempty"`
+	Status AddressSetStatus `json:"status,omitempty"`
+}
+
+//+kubebuilder:object:root=true
+
+// AddressSetList contains a list of AddressSet
+type AddressSetList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AddressSet `json:"items"`
+}
+
+func init() {
+	SchemeBuilder.Register(&AddressSet{}, &AddressSetList{})
+}

api/v1alpha2/linodefirewall_types.go

@@ -69,7 +69,10 @@ type FirewallRule struct {
 	Ports       string `json:"ports,omitempty"`
 	// +kubebuilder:validation:Enum=TCP;UDP;ICMP;IPENCAP
 	Protocol  linodego.NetworkProtocol `json:"protocol"`
-	Addresses *NetworkAddresses        `json:"addresses"`
+	Addresses *NetworkAddresses        `json:"addresses,omitempty"`
+	// AddressSetRefs is a list of references to AddressSets as an alternative to
+	// using Addresses but can be used in conjunction with it
+	AddressSetRefs []*corev1.ObjectReference `json:"addressSetRefs,omitempty"`
 }
 
 // NetworkAddresses holds a list of IPv4 and IPv6 addresses

config/crd/bases/infrastructure.cluster.x-k8s.io_addressset.yaml

@@ -0,0 +1,64 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.5
+  labels:
+    clusterctl.cluster.x-k8s.io/move-hierarchy: "true"
+  name: addressset.infrastructure.cluster.x-k8s.io
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    categories:
+    - cluster-api
+    kind: AddressSet
+    listKind: AddressSetList
+    plural: addressset
+    shortNames:
+    - addrset
+    singular: addressset
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: AddressSet is the Schema for the addresssets API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AddressSetSpec defines the desired state of AddressSet
+            properties:
+              ipv4:
+                items:
+                  type: string
+                type: array
+              ipv6:
+                items:
+                  type: string
+                type: array
+            type: object
+          status:
+            description: AddressSetStatus defines the observed state of AddressSet
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}

config/crd/bases/infrastructure.cluster.x-k8s.io_addresssets.yaml

@@ -0,0 +1,58 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.16.5
+  name: addresssets.infrastructure.cluster.x-k8s.io
+spec:
+  group: infrastructure.cluster.x-k8s.io
+  names:
+    kind: AddressSet
+    listKind: AddressSetList
+    plural: addresssets
+    singular: addressset
+  scope: Namespaced
+  versions:
+  - name: v1alpha2
+    schema:
+      openAPIV3Schema:
+        description: AddressSet is the Schema for the addresssets API
+        properties:
+          apiVersion:
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+            type: string
+          kind:
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: AddressSetSpec defines the desired state of AddressSet
+            properties:
+              ipv4:
+                items:
+                  type: string
+                type: array
+              ipv6:
+                items:
+                  type: string
+                type: array
+            type: object
+          status:
+            description: AddressSetStatus defines the observed state of AddressSet
+            type: object
+        type: object
+    served: true
+    storage: true
+    subresources:
+      status: {}