Infrastructure work for implementing ipsec API

This is a change based on the api PR (openshift/api#1667) before its approval, the api vendoring is from a private commit - this is needed only for testing until the api PR is merged. Signed-off-by: Josh Salomon <[email protected]>
yuvalk · Jan 8, 2024 · 0132b47 · 0132b47
1 parent e23d612
commit 0132b47
Show file tree

Hide file tree

Showing 42 changed files with 6,566 additions and 98 deletions.
diff --git a/go.mod b/go.mod
@@ -157,3 +157,5 @@ require (
 	k8s.io/kms v0.28.4 // indirect
 	k8s.io/kube-aggregator v0.28.2 // indirect
 )
+
+replace github.com/openshift/api => github.com/JoshSalomon/api v0.0.0-20231221144852-f64e08c811a7
diff --git a/go.sum b/go.sum
@@ -36,6 +36,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/JoshSalomon/api v0.0.0-20231221144852-f64e08c811a7 h1:lqgeKXDRyt3EpCoa3upqvEEqLCrjoPlKolNcxltM3rc=
+github.com/JoshSalomon/api v0.0.0-20231221144852-f64e08c811a7/go.mod h1:qNtV0315F+f8ld52TLtPvrfivZpdimOzTi3kn9IVbtU=
 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
 github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
 github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww=
@@ -315,8 +317,6 @@ github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7J
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.27.7 h1:fVih9JD6ogIiHUN6ePK7HJidyEDpWGVB5mzM7cWNXoU=
 github.com/onsi/gomega v1.27.7/go.mod h1:1p8OOlwo2iUUDsHnOrjE5UKYJ+e3W8eQ3qSlRahPmr4=
-github.com/openshift/api v0.0.0-20231205121914-b5716b30456a h1:HdOIa5C84YZaiJ70IdPf5W0JUGOLjxCwf1PTPLpJ0QY=
-github.com/openshift/api v0.0.0-20231205121914-b5716b30456a/go.mod h1:qNtV0315F+f8ld52TLtPvrfivZpdimOzTi3kn9IVbtU=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d h1:RR4ah7FfaPR1WePizm0jlrsbmPu91xQZnAsVVreQV1k=
 github.com/openshift/build-machinery-go v0.0.0-20220913142420-e25cf57ea46d/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE=
 github.com/openshift/client-go v0.0.0-20230926161409-848405da69e1 h1:W1N/3nVciqmjPjn2xldHjb0AwwCQzlGxLvX5BCgE8H4=

diff --git a/manifests/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml b/manifests/0000_70_cluster-network-operator_01-CustomNoUpgrade.crd.yaml
@@ -445,9 +445,19 @@ spec:
                             type: integer
                         type: object
                       ipsecConfig:
-                        description: ipsecConfig enables and configures IPsec for
-                          pods on the pod network within the cluster.
+                        description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
                         type: object
+                        default:
+                          mode: Disabled
+                        properties:
+                          mode:
+                            description: Mode defines the ipsec configuration level, 'Off' disable ipsec on the node level, 'External' enables ipsec on the node level but requires the user to configure it (mostly for externl communication), and 'Full' enables ipsec on the node level and configures it for secure communciation between pods in the cluster (the user needs to configure it for external secure communciation).
+                            type: string
+                            default: Disabled
+                            enum:
+                              - Disabled
+                              - External
+                              - Full
                       mtu:
                         description: mtu is the MTU to use for the tunnel interface.
                           This must be 100 bytes smaller than the uplink mtu. Default

diff --git a/manifests/0000_70_cluster-network-operator_01-Default.crd.yaml b/manifests/0000_70_cluster-network-operator_01-Default.crd.yaml
@@ -445,9 +445,19 @@ spec:
                             type: integer
                         type: object
                       ipsecConfig:
-                        description: ipsecConfig enables and configures IPsec for
-                          pods on the pod network within the cluster.
+                        description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
                         type: object
+                        default:
+                          mode: Disabled
+                        properties:
+                          mode:
+                            description: Mode defines the ipsec configuration level, 'Off' disable ipsec on the node level, 'External' enables ipsec on the node level but requires the user to configure it (mostly for externl communication), and 'Full' enables ipsec on the node level and configures it for secure communciation between pods in the cluster (the user needs to configure it for external secure communciation).
+                            type: string
+                            default: Disabled
+                            enum:
+                              - Disabled
+                              - External
+                              - Full
                       mtu:
                         description: mtu is the MTU to use for the tunnel interface.
                           This must be 100 bytes smaller than the uplink mtu. Default

diff --git a/manifests/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml b/manifests/0000_70_cluster-network-operator_01-TechPreviewNoUpgrade.crd.yaml
@@ -445,9 +445,19 @@ spec:
                             type: integer
                         type: object
                       ipsecConfig:
-                        description: ipsecConfig enables and configures IPsec for
-                          pods on the pod network within the cluster.
+                        description: ipsecConfig enables and configures IPsec for pods on the pod network within the cluster.
                         type: object
+                        default:
+                          mode: Disabled
+                        properties:
+                          mode:
+                            description: Mode defines the ipsec configuration level, 'Off' disable ipsec on the node level, 'External' enables ipsec on the node level but requires the user to configure it (mostly for externl communication), and 'Full' enables ipsec on the node level and configures it for secure communciation between pods in the cluster (the user needs to configure it for external secure communciation).
+                            type: string
+                            default: Disabled
+                            enum:
+                              - Disabled
+                              - External
+                              - Full
                       mtu:
                         description: mtu is the MTU to use for the tunnel interface.
                           This must be 100 bytes smaller than the uplink mtu. Default

diff --git a/vendor/github.com/openshift/api/Dockerfile.rhel8 b/vendor/github.com/openshift/api/Dockerfile.rhel8
diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile