Firewall auto updates (#303)

fi-ts · May 31, 2024 · 4a22f2b · 4a22f2b
1 parent 0a0d89a
commit 4a22f2b
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 6 deletions.
diff --git a/cmd/cluster.go b/cmd/cluster.go
@@ -237,7 +237,8 @@ func newClusterCmd(c *config) *cobra.Command {
 	clusterCreateCmd.Flags().Duration("draintimeout", 0, "period (e.g. \"3h\") after which a draining node will be forcefully deleted. [optional]")
 	clusterCreateCmd.Flags().Bool("encrypted-storage-classes", false, "enables the deployment of encrypted duros storage classes into the cluster. please refer to the user manual to properly use volume encryption. [optional]")
 	clusterCreateCmd.Flags().BoolP("autoupdate-kubernetes", "", false, "enables automatic updates of the kubernetes patch version of the cluster [optional]")
-	clusterCreateCmd.Flags().BoolP("autoupdate-machineimages", "", false, "enables automatic updates of the worker node images of the cluster, be aware that this deletes worker nodes! [optional]")
+	clusterCreateCmd.Flags().BoolP("autoupdate-machineimages", "", false, "enables automatic updates of the worker node images of the cluster, be aware that this rolls worker nodes! [optional]")
+	clusterCreateCmd.Flags().Bool("autoupdate-firewallimage", false, "enables automatic updates of the firewall image, be aware that this rolls firewalls! [optional]")
 	clusterCreateCmd.Flags().String("maintenance-begin", "220000+0100", "defines the beginning of the nightly maintenance time window (e.g. for autoupdates) in the format HHMMSS+ZONE, e.g. \"220000+0100\". [optional]")
 	clusterCreateCmd.Flags().String("maintenance-end", "233000+0100", "defines the end of the nightly maintenance time window (e.g. for autoupdates) in the format HHMMSS+ZONE, e.g. \"233000+0100\". [optional]")
 	clusterCreateCmd.Flags().String("default-storage-class", "", "set default storage class to given name, must be one of the managed storage classes")
@@ -331,6 +332,7 @@ func newClusterCmd(c *config) *cobra.Command {
 	clusterUpdateCmd.Flags().String("maxunavailable", "", "max number (e.g. 0) or percentage (e.g. 10%) of workers that can be unavailable during a update of the cluster.")
 	clusterUpdateCmd.Flags().BoolP("autoupdate-kubernetes", "", false, "enables automatic updates of the kubernetes patch version of the cluster")
 	clusterUpdateCmd.Flags().BoolP("autoupdate-machineimages", "", false, "enables automatic updates of the worker node images of the cluster, be aware that this deletes worker nodes!")
+	clusterUpdateCmd.Flags().Bool("autoupdate-firewallimage", false, "enables automatic updates of the firewall image, be aware that this rolls firewalls! [optional]")
 	clusterUpdateCmd.Flags().String("maintenance-begin", "", "defines the beginning of the nightly maintenance time window (e.g. for autoupdates) in the format HHMMSS+ZONE, e.g. \"220000+0100\". [optional]")
 	clusterUpdateCmd.Flags().String("maintenance-end", "", "defines the end of the nightly maintenance time window (e.g. for autoupdates) in the format HHMMSS+ZONE, e.g. \"233000+0100\". [optional]")
 	clusterUpdateCmd.Flags().Bool("encrypted-storage-classes", false, "enables the deployment of encrypted duros storage classes into the cluster. please refer to the user manual to properly use volume encryption.")
@@ -626,7 +628,11 @@ WARNING: You are going to create a cluster that has no default internet access w
 		NetworkAccessType:         networkAccessType,
 	}
 
-	if viper.IsSet("autoupdate-kubernetes") || viper.IsSet("autoupdate-machineimages") || purpose == string(v1beta1.ShootPurposeEvaluation) {
+	if viper.IsSet("autoupdate-kubernetes") ||
+		viper.IsSet("autoupdate-machineimages") ||
+		viper.IsSet("autoupdate-firewallimage") ||
+		purpose == string(v1beta1.ShootPurposeEvaluation) {
+
 		scr.Maintenance.AutoUpdate = &models.V1MaintenanceAutoUpdate{}
 
 		// default to true for evaluation clusters
@@ -641,6 +647,10 @@ WARNING: You are going to create a cluster that has no default internet access w
 			auto := viper.GetBool("autoupdate-machineimages")
 			scr.Maintenance.AutoUpdate.MachineImage = &auto
 		}
+		if viper.IsSet("autoupdate-firewallimage") {
+			auto := viper.GetBool("autoupdate-firewallimage")
+			scr.Maintenance.AutoUpdate.FirewallImage = &auto
+		}
 	}
 
 	if viper.IsSet("max-pods-per-node") {
@@ -992,6 +1002,7 @@ func (c *config) updateCluster(args []string) error {
 			AutoUpdate: &models.V1MaintenanceAutoUpdate{
 				KubernetesVersion: current.Maintenance.AutoUpdate.KubernetesVersion,
 				MachineImage:      current.Maintenance.AutoUpdate.MachineImage,
+				FirewallImage:     current.Maintenance.AutoUpdate.FirewallImage,
 			},
 		},
 		ClusterFeatures:           &clusterFeatures,
@@ -1153,6 +1164,10 @@ func (c *config) updateCluster(args []string) error {
 		auto := viper.GetBool("autoupdate-machineimages")
 		cur.Maintenance.AutoUpdate.MachineImage = &auto
 	}
+	if viper.IsSet("autoupdate-firewallimage") {
+		auto := viper.GetBool("autoupdate-firewallimage")
+		cur.Maintenance.AutoUpdate.FirewallImage = &auto
+	}
 	if viper.IsSet("maintenance-begin") {
 		begin := viper.GetString("maintenance-begin")
 		if cur.Maintenance.TimeWindow == nil {

diff --git a/cmd/helper/helper.go b/cmd/helper/helper.go
@@ -146,7 +146,7 @@ func Edit(id string, getFunc func(id string) ([]byte, error), updateFunc func(fi
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(tmpfile.Name(), content, os.ModePerm)
+	err = os.WriteFile(tmpfile.Name(), content, os.ModePerm) //nolint:gosec
 	if err != nil {
 		return err
 	}

diff --git a/go.mod b/go.mod
@@ -8,7 +8,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1
 	github.com/fatih/color v1.16.0
 	github.com/fi-ts/accounting-go v0.9.1
-	github.com/fi-ts/cloud-go v0.26.5
+	github.com/fi-ts/cloud-go v0.26.6
 	github.com/gardener/gardener v1.80.0
 	github.com/gardener/machine-controller-manager v0.50.1
 	github.com/go-openapi/runtime v0.28.0

diff --git a/go.sum b/go.sum
@@ -96,8 +96,8 @@ github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
 github.com/fi-ts/accounting-go v0.9.1 h1:NFcsGg6l3tsK87khKgHQCtP242hiLsFYMPtKU+aX+Sg=
 github.com/fi-ts/accounting-go v0.9.1/go.mod h1:8ga8xix70wTxZNwdb0Ye4cEmL1miY6SeUio4vQLMBaI=
-github.com/fi-ts/cloud-go v0.26.5 h1:vqJ8Zxk/RDO8BeffaKgAX0ptueGKPGk7GhjgNq+bqXc=
-github.com/fi-ts/cloud-go v0.26.5/go.mod h1:FFod3G37QPbDDL7umk09EBAJocTSe68nY4gF6tOJSko=
+github.com/fi-ts/cloud-go v0.26.6 h1:QqvDoPehzwfHN/luAmCtKkgB1xaA2Clg3Ek0xM07ASE=
+github.com/fi-ts/cloud-go v0.26.6/go.mod h1:FFod3G37QPbDDL7umk09EBAJocTSe68nY4gF6tOJSko=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
 github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=