Skip to content

refactor: Stricter EKS kube-proxy mode in Go API #1323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

refactor: Stricter EKS kube-proxy mode in Go API #1323

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 18 additions & 4 deletions api/v1alpha1/clusterconfig_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,22 @@ func (s EKSClusterConfig) VariableSchema() clusterv1.VariableSchema { //nolint:g
return eksClusterConfigVariableSchema
}

// +kubebuilder:validation:Enum=disabled
type EKSKubeProxyMode string

const (
EKSKubeProxyModeDisabled EKSKubeProxyMode = EKSKubeProxyMode(KubeProxyModeDisabled)
)

// EKSKubeProxy defines the configuration for kube-proxy.
type EKSKubeProxy struct {
// Mode specifies the mode for kube-proxy:
// - disabled means that kube-proxy is disabled.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value cannot be changed after cluster creation"
Mode EKSKubeProxyMode `json:"mode,omitempty"`
}

// EKSClusterConfigSpec defines the desired state of ClusterConfig.
type EKSClusterConfigSpec struct {
// EKS cluster configuration.
Expand All @@ -220,7 +236,7 @@ type EKSClusterConfigSpec struct {

// KubeProxy defines the configuration for kube-proxy.
// +kubebuilder:validation:Optional
KubeProxy *KubeProxy `json:"kubeProxy,omitempty"`
KubeProxy *EKSKubeProxy `json:"kubeProxy,omitempty"`

// +kubebuilder:validation:Optional
Addons *AWSAddons `json:"addons,omitempty"`
Expand Down Expand Up @@ -428,6 +444,7 @@ type CoreDNS struct {
Image *Image `json:"image,omitempty"`
}

// +kubebuilder:validation:Enum=iptables;nftables;disabled
type KubeProxyMode string

const (
Expand All @@ -442,15 +459,12 @@ const (
)

// KubeProxy defines the configuration for kube-proxy.
// This struct is shared across all providers, but EKS only supports the disabled mode.
// The CRD is updated manually to reflect this.
type KubeProxy struct {
// Mode specifies the mode for kube-proxy:
// - iptables means that kube-proxy is installed in iptables mode.
// - nftables means that kube-proxy is installed in nftables mode.
// - disabled means that kube-proxy is disabled.
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Enum=iptables;nftables;disabled
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value cannot be changed after cluster creation"
Mode KubeProxyMode `json:"mode,omitempty"`
}
Expand Down
Loading