Remove firewall integration (#40)

Author: robertvolkmann

Makefile

@@ -77,9 +77,7 @@ update-test-crds:
 	go mod tidy
 	rm -rf test/external-crds
 	mkdir -p test/external-crds/cluster-api
-	mkdir -p test/external-crds/firewall-controller-manager
 	cp -f $(shell go list -mod=mod -m -f '{{.Dir}}' all | grep sigs.k8s.io/cluster-api)/config/crd/bases/* test/external-crds/cluster-api
-	cp -f $(shell go list -mod=mod -m -f '{{.Dir}}' all | grep metal-stack/firewall-controller-manager)/config/crds/* test/external-crds/firewall-controller-manager
 
 .PHONY: fmt
 fmt: ## Run go fmt against code.

api/v1alpha1/metalstackcluster_types.go

@@ -22,7 +22,6 @@ import (
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	capierrors "sigs.k8s.io/cluster-api/errors" //nolint:staticcheck
 
-	fcmv2 "github.com/metal-stack/firewall-controller-manager/api/v2"
 	"github.com/metal-stack/metal-lib/pkg/tag"
 )
 
@@ -34,7 +33,6 @@ const (
 
 	ClusterNodeNetworkEnsured          clusterv1.ConditionType = "ClusterNodeNetworkEnsured"
 	ClusterControlPlaneEndpointEnsured clusterv1.ConditionType = "ClusterControlPlaneEndpointEnsured"
-	ClusterFirewallDeploymentReady     clusterv1.ConditionType = "ClusterFirewallDeploymentReady"
 )
 
 var (
@@ -67,11 +65,6 @@ type MetalStackClusterSpec struct {
 
 	// Partition is the data center partition in which the resources are created.
 	Partition string `json:"partition"`
-
-	// Firewall describes the firewall for this cluster.
-	// If not provided this will automatically be created during reconcile.
-	// +optional
-	Firewall *Firewall `json:"firewall,omitempty"`
 }
 
 // APIEndpoint represents a reachable Kubernetes API endpoint.
@@ -83,31 +76,6 @@ type APIEndpoint struct {
 	Port int `json:"port"`
 }
 
-// Firewall defines parameters for the firewall creation along with configuration for the firewall-controller.
-type Firewall struct {
-	// Size is the machine size of the firewall.
-	// An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
-	Size string `json:"size"`
-	// Image is the os image of the firewall.
-	// An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
-	Image string `json:"image"`
-	// AdditionalNetworks are the networks to which this firewall is connected.
-	// An update on this field requires the recreation of the physical firewall and can therefore lead to traffic interruption for the cluster.
-	// +optional
-	AdditionalNetworks []string `json:"networks,omitempty"`
-
-	// RateLimits allows configuration of rate limit rules for interfaces.
-	// +optional
-	RateLimits []fcmv2.RateLimit `json:"rateLimits,omitempty"`
-	// EgressRules contains egress rules configured for this firewall.
-	// +optional
-	EgressRules []fcmv2.EgressRuleSNAT `json:"egressRules,omitempty"`
-
-	// LogAcceptedConnections if set to true, also log accepted connections in the droptailer log.
-	// +optional
-	LogAcceptedConnections *bool `json:"logAcceptedConnections,omitempty"`
-}
-
 // MetalStackClusterStatus defines the observed state of MetalStackCluster.
 type MetalStackClusterStatus struct {
 	// Ready denotes that the cluster is ready.

api/v1alpha1/zz_generated.deepcopy.go

@@ -11,10 +11,4 @@
     - name: ansible-common
     - name: metal-roles
     - name: prometheus
-    - name: firewall-controller-manager
-      vars:
-        firewall_controller_manager_namespace: capms-system
-        firewall_controller_manager_ca: "{{ lookup('file', playbook_dir + '/fcm-certs/ca.pem') }}"
-        firewall_controller_manager_cert: "{{ lookup('file', playbook_dir + '/fcm-certs/tls.crt') }}"
-        firewall_controller_manager_cert_key: "{{ lookup('file', playbook_dir + '/fcm-certs/tls.key') }}"
     - name: cluster-api