Add APIServerLoadBalancer setting to enable/disable API server LB, allow adding ports, configure firewall

.github/workflows/go-coverage.yml

@@ -9,12 +9,12 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
       - name: Run go test with coverage
         run: COVER_PROFILE=coverage.txt make test
       - name: Codecov upload

.github/workflows/pr-check.yml

@@ -6,12 +6,12 @@ on:
 jobs:
   lint:
     name: Lint
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Install Go 1.x
         uses: actions/setup-go@v5
         with:
-          go-version: '1.21'
+          go-version: '1.22'
 
       - name: Check out code
         uses: actions/checkout@v4
@@ -21,7 +21,7 @@ jobs:
 
   build:
     name: Test & Build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Install Go 1.x
         uses: actions/setup-go@v5
@@ -30,6 +30,8 @@ jobs:
 
       - name: Check out code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Cache
         uses: actions/cache@v4

.github/workflows/release.yml

@@ -16,11 +16,13 @@ env:
 jobs:
   push:
     name: Push images
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     steps:
       - name: Check out code
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
       # This step is run when the branch is main and no tag is set
       - name: Sets env vars for main
         run: |
@@ -64,7 +66,7 @@ jobs:
 
   release:
     name: Release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
 
     # Run only if previous job has succeeded
     needs: [push]

.golangci.yml

@@ -32,11 +32,12 @@ linters-settings:
 
 linters:
   enable:
-    - gosec
-    - goheader
-    - revive
     - gocyclo
+    - goheader
+    - gosec
     - misspell
+    - revive
+    - staticcheck
 
 run:
   issues-exit-code: 1
@@ -51,3 +52,6 @@ issues:
     - path: _test\.go
       linters:
         - gosec
+    - text: "SA1019: .+LBRuleID is deprecated"
+      linters:
+        - staticcheck

Makefile

@@ -35,6 +35,9 @@ GH_REPO ?= kubernetes-sigs/cluster-api-provider-cloudstack
 # Helper function to get dependency version from go.mod
 get_go_version = $(shell go list -m $1 | awk '{print $$2}')
 
+# Set build time variables including version details
+LDFLAGS := $(shell source ./hack/version.sh; version::ldflags)
+
 # Binaries
 KUSTOMIZE_VER := v4.5.7
 KUSTOMIZE_BIN := kustomize
@@ -92,15 +95,10 @@ MOCKGEN_VER := v1.6.0
 MOCKGEN := $(abspath $(TOOLS_BIN_DIR)/$(MOCKGEN_BIN)-$(MOCKGEN_VER))
 MOCKGEN_PKG := github.com/golang/mock/mockgen
 
-STATIC_CHECK_BIN := staticcheck
-STATIC_CHECK_VER := v0.4.7
-STATIC_CHECK := $(abspath $(TOOLS_BIN_DIR)/staticcheck)
-STATIC_CHECK_PKG := honnef.co/go/tools/cmd/staticcheck
-
 KUBECTL := $(TOOLS_BIN_DIR)/kubectl
 
 # Release
-STAGING_REGISTRY := gcr.io/k8s-staging-capi-cloudstack
+STAGING_REGISTRY := ghcr.io/leaseweb
 STAGING_BUCKET ?= artifacts.k8s-staging-capi-cloudstack.appspot.com
 BUCKET ?= $(STAGING_BUCKET)
 PROD_REGISTRY ?= registry.k8s.io/capi-cloudstack
@@ -112,7 +110,7 @@ RELEASE_ALIAS_TAG ?= $(PULL_BASE_REF)
 # Image URL to use all building/pushing image targets
 REGISTRY ?= $(STAGING_REGISTRY)
 IMAGE_NAME ?= capi-cloudstack-controller
-TAG ?= dev
+TAG ?= develop
 CONTROLLER_IMG ?= $(REGISTRY)/$(IMAGE_NAME)
 IMG ?= $(CONTROLLER_IMG):$(TAG)
 IMG_LOCAL ?= localhost:5000/$(IMAGE_NAME):$(TAG)
@@ -143,7 +141,7 @@ all: build
 ## --------------------------------------
 
 .PHONY: binaries
-binaries: $(CONTROLLER_GEN) $(CONVERSION_GEN) $(GOLANGCI_LINT) $(STATIC_CHECK) $(GINKGO) $(MOCKGEN) $(KUSTOMIZE) $(SETUP_ENVTEST) managers # Builds and installs all binaries
+binaries: $(CONTROLLER_GEN) $(CONVERSION_GEN) $(GOLANGCI_LINT) $(GINKGO) $(MOCKGEN) $(KUSTOMIZE) $(SETUP_ENVTEST) managers # Builds and installs all binaries
 
 .PHONY: managers
 managers:
@@ -167,17 +165,10 @@ vet: ## Run go vet on the whole project.
 	go vet ./...
 
 .PHONY: lint
-lint: $(GOLANGCI_LINT) $(STATIC_CHECK) generate-mocks ## Run linting for the project.
+lint: $(GOLANGCI_LINT) generate-mocks ## Run linting for the project.
 	$(MAKE) fmt
 	$(MAKE) vet
 	$(GOLANGCI_LINT) run -v --timeout 360s ./...
-	$(STATIC_CHECK) ./...
-	@ # The below string of commands checks that ginkgo isn't present in the controllers.
-	@(grep ginkgo ${REPO_ROOT}/controllers/cloudstack*_controller.go | grep -v import && \
-		echo "Remove ginkgo from controllers. This is probably an artifact of testing." \
-		 	 "See the hack/testing_ginkgo_recover_statements.sh file") && exit 1 || \
-		echo "Gingko statements not found in controllers... (passed)"
-
 
 ##@ Generate
 ## --------------------------------------
@@ -186,11 +177,11 @@ lint: $(GOLANGCI_LINT) $(STATIC_CHECK) generate-mocks ## Run linting for the pro
 
 .PHONY: modules
 modules: ## Runs go mod to ensure proper vendoring.
-	go mod tidy -compat=1.21
-	cd $(TOOLS_DIR); go mod tidy -compat=1.21
+	go mod tidy -compat=1.22
+	cd $(TOOLS_DIR); go mod tidy -compat=1.22
 
 .PHONY: generate-all
-generate-all: generate-mocks generate-deepcopy generate-manifests
+generate-all: generate-mocks generate-conversion generate-deepcopy generate-manifests
 
 .PHONY: generate-mocks
 generate-mocks: $(MOCKGEN) generate-deepcopy pkg/mocks/mock_client.go $(shell find ./pkg/mocks -type f -name "mock*.go") ## Generate mocks needed for testing. Primarily mocks of the cloud package.
@@ -235,13 +226,13 @@ MANAGER_BIN_INPUTS=$(shell find ./controllers ./api ./pkg -name "*mock*" -prune
 .PHONY: build
 build: binaries generate-deepcopy lint generate-manifests release-manifests ## Build manager binary.
 $(BIN_DIR)/manager: $(MANAGER_BIN_INPUTS)
-	go build -o $(BIN_DIR)/manager main.go
+	go build -ldflags "${LDFLAGS}" -o $(BIN_DIR)/manager main.go
 
 .PHONY: build-for-docker
 build-for-docker: $(BIN_DIR)/manager-linux-amd64 ## Build manager binary for docker image building.
 $(BIN_DIR)/manager-linux-amd64: $(MANAGER_BIN_INPUTS)
 	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 \
-    	go build -a -ldflags "${ldflags} -extldflags '-static'" \
+    	go build -a -ldflags "${LDFLAGS} -extldflags '-static'" \
     	-o $(BIN_DIR)/manager-linux-amd64 main.go
 
 .PHONY: run
@@ -333,11 +324,8 @@ setup-envtest: $(SETUP_ENVTEST) ## Set up envtest (download kubebuilder assets)
 
 .PHONY: test
 test: ## Run tests.
-test: generate-deepcopy-test generate-manifest-test generate-mocks lint setup-envtest $(GINKGO)
-	@./hack/testing_ginkgo_recover_statements.sh --add # Add ginkgo.GinkgoRecover() statements to controllers.
-	@# The following is a slightly funky way to make sure the ginkgo statements are removed regardless the test results.
-	KUBEBUILDER_ASSETS="$(KUBEBUILDER_ASSETS)" $(GINKGO) --label-filter="!integ" --cover -coverprofile cover.out --covermode=atomic -v ./api/... ./controllers/... ./pkg/...; EXIT_STATUS=$$?;\
-		./hack/testing_ginkgo_recover_statements.sh --remove; exit $$EXIT_STATUS
+test: generate-deepcopy-test generate-manifest-test generate-mocks setup-envtest $(GINKGO)
+	KUBEBUILDER_ASSETS="$(KUBEBUILDER_ASSETS)" $(GINKGO) --label-filter="!integ" --cover -coverprofile cover.out --covermode=atomic -v ./api/... ./controllers/... ./pkg/...
 
 .PHONY: test-pkg
 test-pkg: $(GINKGO)  ## Run pkg tests.
@@ -452,9 +440,6 @@ $(GOLANGCI_LINT_BIN): $(GOLANGCI_LINT) ## Build a local copy of golangci-lint.
 .PHONY: $(MOCKGEN_BIN)
 $(MOCKGEN_BIN): $(MOCKGEN) ## Build a local copy of mockgen.
 
-.PHONY: $(STATIC_CHECK_BIN)
-$(STATIC_CHECK_BIN): $(STATIC_CHECK) ## Build a local copy of staticcheck.
-
 $(CONTROLLER_GEN): # Build controller-gen from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) $(CONTROLLER_GEN_PKG) $(CONTROLLER_GEN_BIN) $(CONTROLLER_GEN_VER)
 
@@ -481,6 +466,3 @@ $(GOLANGCI_LINT): # Build golangci-lint from tools folder.
 
 $(MOCKGEN): # Build mockgen from tools folder.
 	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) $(MOCKGEN_PKG) $(MOCKGEN_BIN) $(MOCKGEN_VER)
-
-$(STATIC_CHECK): # Build golangci-lint from tools folder.
-	GOBIN=$(TOOLS_BIN_DIR) $(GO_INSTALL) $(STATIC_CHECK_PKG) $(STATIC_CHECK_BIN) $(STATIC_CHECK_VER)

api/v1beta1/cloudstackisolatednetwork_conversion.go

@@ -19,6 +19,7 @@ package v1beta1
 import (
 	machineryconversion "k8s.io/apimachinery/pkg/conversion"
 	"sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"
+	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 )
@@ -53,3 +54,19 @@ func (dst *CloudStackIsolatedNetwork) ConvertFrom(srcRaw conversion.Hub) error {
 func Convert_v1beta3_CloudStackIsolatedNetworkSpec_To_v1beta1_CloudStackIsolatedNetworkSpec(in *v1beta3.CloudStackIsolatedNetworkSpec, out *CloudStackIsolatedNetworkSpec, s machineryconversion.Scope) error { // nolint
 	return autoConvert_v1beta3_CloudStackIsolatedNetworkSpec_To_v1beta1_CloudStackIsolatedNetworkSpec(in, out, s)
 }
+
+func Convert_v1beta1_CloudStackIsolatedNetworkStatus_To_v1beta3_CloudStackIsolatedNetworkStatus(in *CloudStackIsolatedNetworkStatus, out *v1beta3.CloudStackIsolatedNetworkStatus, s machineryconversion.Scope) error {
+	out.PublicIPID = in.PublicIPID
+	out.LBRuleID = in.LBRuleID
+	out.APIServerLoadBalancer = &infrav1.LoadBalancer{}
+	out.LoadBalancerRuleIDs = []string{in.LBRuleID}
+	out.Ready = in.Ready
+	return nil
+}
+
+func Convert_v1beta3_CloudStackIsolatedNetworkStatus_To_v1beta1_CloudStackIsolatedNetworkStatus(in *v1beta3.CloudStackIsolatedNetworkStatus, out *CloudStackIsolatedNetworkStatus, s machineryconversion.Scope) error {
+	out.PublicIPID = in.PublicIPID
+	out.LBRuleID = in.LBRuleID
+	out.Ready = in.Ready
+	return nil
+}

api/v1beta1/cloudstackmachinetemplate_conversion.go

@@ -17,13 +17,12 @@ limitations under the License.
 package v1beta1
 
 import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	machineryconversion "k8s.io/apimachinery/pkg/conversion"
 	"sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
-
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 )
 
 func (src *CloudStackMachineTemplate) ConvertTo(dstRaw conversion.Hub) error { // nolint
@@ -43,6 +42,9 @@ func (src *CloudStackMachineTemplate) ConvertTo(dstRaw conversion.Hub) error { /
 	if restored.Spec.Template.Spec.UncompressedUserData != nil {
 		dst.Spec.Template.Spec.UncompressedUserData = restored.Spec.Template.Spec.UncompressedUserData
 	}
+
+	dst.Spec.Template.ObjectMeta = restored.Spec.Template.ObjectMeta
+
 	return nil
 }
 

api/v1beta1/conversion.go

@@ -18,8 +18,7 @@ package v1beta1
 
 import (
 	"context"
-	"fmt"
-
+	"errors"
 	corev1 "k8s.io/api/core/v1"
 	machineryconversion "k8s.io/apimachinery/pkg/conversion"
 	infrav1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"
@@ -51,7 +50,7 @@ func Convert_v1beta1_CloudStackCluster_To_v1beta3_CloudStackCluster(in *CloudSta
 //nolint:golint,revive,stylecheck
 func Convert_v1beta3_CloudStackCluster_To_v1beta1_CloudStackCluster(in *infrav1.CloudStackCluster, out *CloudStackCluster, _ machineryconversion.Scope) error {
 	if len(in.Spec.FailureDomains) < 1 {
-		return fmt.Errorf("infrav1 to v1beta1 conversion not supported when < 1 failure domain is provided. Input CloudStackCluster spec %s", in.Spec)
+		return errors.New("v1beta3 to v1beta1 conversion not supported when < 1 failure domain is provided")
 	}
 	out.ObjectMeta = in.ObjectMeta
 	out.Spec = CloudStackClusterSpec{

api/v1beta1/conversion_test.go

@@ -21,6 +21,7 @@ import (
 	. "github.com/onsi/gomega"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/utils/pointer"
 	v1beta1 "sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta1"
 	"sigs.k8s.io/cluster-api-provider-cloudstack/api/v1beta3"
 	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
@@ -103,6 +104,11 @@ var _ = Describe("Conversion", func() {
 						Host: "endpoint1",
 						Port: 443,
 					},
+					APIServerLoadBalancer: &v1beta3.APIServerLoadBalancer{
+						Enabled:         pointer.Bool(true),
+						AdditionalPorts: []int{},
+						AllowedCIDRs:    []string{},
+					},
 				},
 				Status: v1beta3.CloudStackClusterStatus{},
 			}

api/v1beta1/v1beta1_suite_test.go

@@ -0,0 +1,29 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1_test
+
+import (
+	"testing"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+)
+
+func TestV1beta1(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "V1beta1 Suite")
+}