Skip to content

Commit 5d2ab95

Browse files
jimmidysonjimmidyson
committed
refactor: Stricter EKS kube-proxy mode in Go API
Use Go types to restrict valid values rather than post-generation edits. This does not change the external schema for Kubernetes API clients, but provides stricter Go API semantics.
1 parent 6a8fa62 commit 5d2ab95

File tree

5 files changed

+504
-452
lines changed

5 files changed

+504
-452
lines changed

api/v1alpha1/clusterconfig_types.go

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -210,6 +210,22 @@ func (s EKSClusterConfig) VariableSchema() clusterv1.VariableSchema { //nolint:g
210210
return eksClusterConfigVariableSchema
211211
}
212212

213+
// +kubebuilder:validation:Enum=disabled
214+
type EKSKubeProxyMode string
215+
216+
const (
217+
EKSKubeProxyModeDisabled EKSKubeProxyMode = EKSKubeProxyMode(KubeProxyModeDisabled)
218+
)
219+
220+
// EKSKubeProxy defines the configuration for kube-proxy.
221+
type EKSKubeProxy struct {
222+
// Mode specifies the mode for kube-proxy:
223+
// - disabled means that kube-proxy is disabled.
224+
// +kubebuilder:validation:Optional
225+
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value cannot be changed after cluster creation"
226+
Mode EKSKubeProxyMode `json:"mode,omitempty"`
227+
}
228+
213229
// EKSClusterConfigSpec defines the desired state of ClusterConfig.
214230
type EKSClusterConfigSpec struct {
215231
// EKS cluster configuration.
@@ -220,7 +236,7 @@ type EKSClusterConfigSpec struct {
220236

221237
// KubeProxy defines the configuration for kube-proxy.
222238
// +kubebuilder:validation:Optional
223-
KubeProxy *KubeProxy `json:"kubeProxy,omitempty"`
239+
KubeProxy *EKSKubeProxy `json:"kubeProxy,omitempty"`
224240

225241
// +kubebuilder:validation:Optional
226242
Addons *AWSAddons `json:"addons,omitempty"`
@@ -428,6 +444,7 @@ type CoreDNS struct {
428444
Image *Image `json:"image,omitempty"`
429445
}
430446

447+
// +kubebuilder:validation:Enum=iptables;nftables;disabled
431448
type KubeProxyMode string
432449

433450
const (
@@ -442,15 +459,12 @@ const (
442459
)
443460

444461
// KubeProxy defines the configuration for kube-proxy.
445-
// This struct is shared across all providers, but EKS only supports the disabled mode.
446-
// The CRD is updated manually to reflect this.
447462
type KubeProxy struct {
448463
// Mode specifies the mode for kube-proxy:
449464
// - iptables means that kube-proxy is installed in iptables mode.
450465
// - nftables means that kube-proxy is installed in nftables mode.
451466
// - disabled means that kube-proxy is disabled.
452467
// +kubebuilder:validation:Optional
453-
// +kubebuilder:validation:Enum=iptables;nftables;disabled
454468
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value cannot be changed after cluster creation"
455469
Mode KubeProxyMode `json:"mode,omitempty"`
456470
}

0 commit comments

Comments
 (0)