From df3f2c6946d1fb141e91970468e097ace8d4bd06 Mon Sep 17 00:00:00 2001 From: Markus Wennrich Date: Fri, 19 Jun 2026 09:17:56 +0200 Subject: [PATCH 1/2] use os-installer@fix-external-dns --- controllers/clusterwidenetworkpolicy_controller.go | 2 +- go.mod | 6 ++++-- go.sum | 12 ++++++++---- pkg/dns/dnsproxy.go | 2 +- pkg/network/network.go | 2 +- pkg/nftables/firewall.go | 4 +++- 6 files changed, 18 insertions(+), 10 deletions(-) diff --git a/controllers/clusterwidenetworkpolicy_controller.go b/controllers/clusterwidenetworkpolicy_controller.go index 3fba5316..864dddcc 100644 --- a/controllers/clusterwidenetworkpolicy_controller.go +++ b/controllers/clusterwidenetworkpolicy_controller.go @@ -181,7 +181,7 @@ func (r *ClusterwideNetworkPolicyReconciler) manageDNSProxy( // DNS Proxy is ON and Firewall machine is rebooted. // // There will be at least 2 problems: -// 1. When it's rebooted, metal-networker will generate basic nftables config and apply it. +// 1. When it's rebooted, os-installer will generate basic nftables config and apply it. // In basic config there's now DNAT rules required for DNS Proxy. // 2. DNS Proxy is started by CWNP controller, and it will not be started until some CWNP resource is created/updated/deleted. func (r *ClusterwideNetworkPolicyReconciler) getReconciliationTicker(scheduleChan chan<- event.TypedGenericEvent[*firewallv1.ClusterwideNetworkPolicy]) manager.RunnableFunc { diff --git a/go.mod b/go.mod index 75f9fb69..9c8a9e3f 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/metal-stack/firewall-controller-manager v0.6.1 github.com/metal-stack/metal-go v0.43.3 github.com/metal-stack/metal-lib v0.25.1 - github.com/metal-stack/metal-networker v0.47.0 + github.com/metal-stack/os-installer v0.3.1-0.20260619071037-4aa59da70c73 github.com/metal-stack/v v1.0.3 github.com/miekg/dns v1.1.72 github.com/stretchr/testify v1.11.1 @@ -31,6 +31,7 @@ require ( replace github.com/imdario/mergo => dario.cat/mergo v1.0.0 require ( + buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -69,7 +70,7 @@ require ( github.com/mattn/go-isatty v0.0.22 // indirect github.com/mdlayher/netlink v1.11.2 // indirect github.com/mdlayher/socket v0.6.1 // indirect - github.com/metal-stack/metal-hammer v0.13.17 // indirect + github.com/metal-stack/api v0.0.56 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -79,6 +80,7 @@ require ( github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.68.1 // indirect github.com/prometheus/procfs v0.20.1 // indirect + github.com/samber/lo v1.53.0 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/stretchr/objx v0.5.3 // indirect github.com/vishvananda/netns v0.0.5 // indirect diff --git a/go.sum b/go.sum index ac607161..57d5e664 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 h1:PMmTMyvHScV9Mn8wc6ASge9uRcHy0jtqPd+fM35LmsQ= +buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -124,16 +126,16 @@ github.com/mdlayher/netlink v1.11.2 h1:HKh2jqe+omdSWcQ88nrT7INE61B0NXfiSPFdgL4Yb github.com/mdlayher/netlink v1.11.2/go.mod h1:uT2Yc/QLaZubzDpZIBi9d4GoeLwtp3x1AMeqSRrK2sA= github.com/mdlayher/socket v0.6.1 h1:M7uj2NtuujUY4mYr1C57NmfNiRHbkKpnBxO856lsc3A= github.com/mdlayher/socket v0.6.1/go.mod h1:+/SGtqc9V+5dAuRgQsU0fGBI+oRDiW7O2Obx10OIWfg= +github.com/metal-stack/api v0.0.56 h1:wrW2zUKAOQd2qsRMyEg4Km7jkI688OZGzqas9agxMro= +github.com/metal-stack/api v0.0.56/go.mod h1:hEgtKVD7UnUwUExdA7pbFvVRxNRxSGUnU+bZce46//c= github.com/metal-stack/firewall-controller-manager v0.6.1 h1:JM5oCuye9GBY/QivK9qxY14hNh0xoidAGVkY7td8gnY= github.com/metal-stack/firewall-controller-manager v0.6.1/go.mod h1:bQjb3pVL3R6XPUqWA/WX8ktlzcgVYWDbsFANKcrW3FA= github.com/metal-stack/metal-go v0.43.3 h1:I6N+sea97ICBy/p4ZVGmca3MWV7bvGT5rY3JPnEuW0M= github.com/metal-stack/metal-go v0.43.3/go.mod h1:GSfXrAj55LGsUSMHWGDsmq5n056NG0yb1JM8bgfvKOw= -github.com/metal-stack/metal-hammer v0.13.17 h1:W2IrWmnz6IXpL7Y35RfVgSVO66EVdqeF+/WeopgycMI= -github.com/metal-stack/metal-hammer v0.13.17/go.mod h1:N+AEexkInMf1YHe40CkCSaAK4mkKh8ubB3Zsy1s6uzQ= github.com/metal-stack/metal-lib v0.25.1 h1:z14xNl59ueQavNvMG4wcIZGqVyosNlaNFcy8hUu3SCU= github.com/metal-stack/metal-lib v0.25.1/go.mod h1:FWviUPM7oH1CnmCwkyLjWpd3yuzf6NnR97Xf45P2/Fk= -github.com/metal-stack/metal-networker v0.47.0 h1:DsA7cLfcd/LtTv+bMqCX7a+uGRB4cTbNAguBu0EHNvI= -github.com/metal-stack/metal-networker v0.47.0/go.mod h1:IoxAZQXAc4h5mFGqSKOo7EAp7pYr+qK2B6qgf3kBu+U= +github.com/metal-stack/os-installer v0.3.1-0.20260619071037-4aa59da70c73 h1:DHbOmKebEv8/azgyAIuFjv6dqGqb4aJnPwCz4qmyIe0= +github.com/metal-stack/os-installer v0.3.1-0.20260619071037-4aa59da70c73/go.mod h1:6xET9gtitJ822A34ibORwXv/EC1scvU/mYcdS3i6JxU= github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs= github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg= github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI= @@ -180,6 +182,8 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc= github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik= +github.com/samber/lo v1.53.0 h1:t975lj2py4kJPQ6haz1QMgtId2gtmfktACxIXArw3HM= +github.com/samber/lo v1.53.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U= github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= diff --git a/pkg/dns/dnsproxy.go b/pkg/dns/dnsproxy.go index b9a16212..76592923 100644 --- a/pkg/dns/dnsproxy.go +++ b/pkg/dns/dnsproxy.go @@ -7,7 +7,7 @@ import ( "strconv" "time" - "github.com/metal-stack/metal-networker/pkg/netconf" + netconf "github.com/metal-stack/os-installer/pkg/network" "sigs.k8s.io/controller-runtime/pkg/client" firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" diff --git a/pkg/network/network.go b/pkg/network/network.go index c2306371..b416de25 100644 --- a/pkg/network/network.go +++ b/pkg/network/network.go @@ -9,7 +9,7 @@ import ( "github.com/Masterminds/semver/v3" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" "github.com/metal-stack/metal-go/api/models" - "github.com/metal-stack/metal-networker/pkg/netconf" + netconf "github.com/metal-stack/os-installer/pkg/network" ) const ( diff --git a/pkg/nftables/firewall.go b/pkg/nftables/firewall.go index 9dbdab84..5eb930d4 100644 --- a/pkg/nftables/firewall.go +++ b/pkg/nftables/firewall.go @@ -10,6 +10,8 @@ import ( "path/filepath" "github.com/metal-stack/firewall-controller/v2/pkg/dns" + "github.com/metal-stack/os-installer/pkg/network" + netconf "github.com/metal-stack/os-installer/pkg/network" "github.com/metal-stack/firewall-controller/v2/pkg/network" @@ -20,7 +22,7 @@ import ( "k8s.io/client-go/tools/record" mn "github.com/metal-stack/metal-lib/pkg/net" - "github.com/metal-stack/metal-networker/pkg/netconf" + "github.com/metal-stack/os-installer/pkg/network" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1" From 45abb8f64f2637adbcd181be53ae5565a2643f81 Mon Sep 17 00:00:00 2001 From: Markus Wennrich Date: Fri, 19 Jun 2026 09:46:00 +0200 Subject: [PATCH 2/2] fix --- go.mod | 5 +---- go.sum | 10 ++-------- pkg/nftables/firewall.go | 2 -- 3 files changed, 3 insertions(+), 14 deletions(-) diff --git a/go.mod b/go.mod index 9c8a9e3f..e77b4163 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/metal-stack/firewall-controller-manager v0.6.1 github.com/metal-stack/metal-go v0.43.3 github.com/metal-stack/metal-lib v0.25.1 - github.com/metal-stack/os-installer v0.3.1-0.20260619071037-4aa59da70c73 + github.com/metal-stack/os-installer v0.2.1-0.20260619073856-4bde2f536e04 github.com/metal-stack/v v1.0.3 github.com/miekg/dns v1.1.72 github.com/stretchr/testify v1.11.1 @@ -31,7 +31,6 @@ require ( replace github.com/imdario/mergo => dario.cat/mergo v1.0.0 require ( - buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -70,7 +69,6 @@ require ( github.com/mattn/go-isatty v0.0.22 // indirect github.com/mdlayher/netlink v1.11.2 // indirect github.com/mdlayher/socket v0.6.1 // indirect - github.com/metal-stack/api v0.0.56 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -80,7 +78,6 @@ require ( github.com/prometheus/client_model v0.6.2 // indirect github.com/prometheus/common v0.68.1 // indirect github.com/prometheus/procfs v0.20.1 // indirect - github.com/samber/lo v1.53.0 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/stretchr/objx v0.5.3 // indirect github.com/vishvananda/netns v0.0.5 // indirect diff --git a/go.sum b/go.sum index 57d5e664..ab567d87 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,3 @@ -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1 h1:PMmTMyvHScV9Mn8wc6ASge9uRcHy0jtqPd+fM35LmsQ= -buf.build/gen/go/bufbuild/protovalidate/protocolbuffers/go v1.36.11-20260209202127-80ab13bee0bf.1/go.mod h1:tvtbpgaVXZX4g6Pn+AnzFycuRK3MOz5HJfEGeEllXYM= github.com/Masterminds/semver/v3 v3.4.0 h1:Zog+i5UMtVoCU8oKka5P7i9q9HgrJeGzI9SA1Xbatp0= github.com/Masterminds/semver/v3 v3.4.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -126,16 +124,14 @@ github.com/mdlayher/netlink v1.11.2 h1:HKh2jqe+omdSWcQ88nrT7INE61B0NXfiSPFdgL4Yb github.com/mdlayher/netlink v1.11.2/go.mod h1:uT2Yc/QLaZubzDpZIBi9d4GoeLwtp3x1AMeqSRrK2sA= github.com/mdlayher/socket v0.6.1 h1:M7uj2NtuujUY4mYr1C57NmfNiRHbkKpnBxO856lsc3A= github.com/mdlayher/socket v0.6.1/go.mod h1:+/SGtqc9V+5dAuRgQsU0fGBI+oRDiW7O2Obx10OIWfg= -github.com/metal-stack/api v0.0.56 h1:wrW2zUKAOQd2qsRMyEg4Km7jkI688OZGzqas9agxMro= -github.com/metal-stack/api v0.0.56/go.mod h1:hEgtKVD7UnUwUExdA7pbFvVRxNRxSGUnU+bZce46//c= github.com/metal-stack/firewall-controller-manager v0.6.1 h1:JM5oCuye9GBY/QivK9qxY14hNh0xoidAGVkY7td8gnY= github.com/metal-stack/firewall-controller-manager v0.6.1/go.mod h1:bQjb3pVL3R6XPUqWA/WX8ktlzcgVYWDbsFANKcrW3FA= github.com/metal-stack/metal-go v0.43.3 h1:I6N+sea97ICBy/p4ZVGmca3MWV7bvGT5rY3JPnEuW0M= github.com/metal-stack/metal-go v0.43.3/go.mod h1:GSfXrAj55LGsUSMHWGDsmq5n056NG0yb1JM8bgfvKOw= github.com/metal-stack/metal-lib v0.25.1 h1:z14xNl59ueQavNvMG4wcIZGqVyosNlaNFcy8hUu3SCU= github.com/metal-stack/metal-lib v0.25.1/go.mod h1:FWviUPM7oH1CnmCwkyLjWpd3yuzf6NnR97Xf45P2/Fk= -github.com/metal-stack/os-installer v0.3.1-0.20260619071037-4aa59da70c73 h1:DHbOmKebEv8/azgyAIuFjv6dqGqb4aJnPwCz4qmyIe0= -github.com/metal-stack/os-installer v0.3.1-0.20260619071037-4aa59da70c73/go.mod h1:6xET9gtitJ822A34ibORwXv/EC1scvU/mYcdS3i6JxU= +github.com/metal-stack/os-installer v0.2.1-0.20260619073856-4bde2f536e04 h1:KW+hhQAoYAgyTtv+x85gl5+aa7B96hF+UoAEcoWv7iU= +github.com/metal-stack/os-installer v0.2.1-0.20260619073856-4bde2f536e04/go.mod h1:DIkBi59VCwaTfp2OLmtOuZOrxPRLT9ElGZTKCk5aB2M= github.com/metal-stack/v v1.0.3 h1:Sh2oBlnxrCUD+mVpzfC8HiqL045YWkxs0gpTvkjppqs= github.com/metal-stack/v v1.0.3/go.mod h1:YTahEu7/ishwpYKnp/VaW/7nf8+PInogkfGwLcGPdXg= github.com/miekg/dns v1.1.72 h1:vhmr+TF2A3tuoGNkLDFK9zi36F2LS+hKTRW0Uf8kbzI= @@ -182,8 +178,6 @@ github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0t github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc= github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik= -github.com/samber/lo v1.53.0 h1:t975lj2py4kJPQ6haz1QMgtId2gtmfktACxIXArw3HM= -github.com/samber/lo v1.53.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw= github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U= github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I= diff --git a/pkg/nftables/firewall.go b/pkg/nftables/firewall.go index 5eb930d4..6ba3693d 100644 --- a/pkg/nftables/firewall.go +++ b/pkg/nftables/firewall.go @@ -10,7 +10,6 @@ import ( "path/filepath" "github.com/metal-stack/firewall-controller/v2/pkg/dns" - "github.com/metal-stack/os-installer/pkg/network" netconf "github.com/metal-stack/os-installer/pkg/network" "github.com/metal-stack/firewall-controller/v2/pkg/network" @@ -22,7 +21,6 @@ import ( "k8s.io/client-go/tools/record" mn "github.com/metal-stack/metal-lib/pkg/net" - "github.com/metal-stack/os-installer/pkg/network" firewallv2 "github.com/metal-stack/firewall-controller-manager/api/v2" firewallv1 "github.com/metal-stack/firewall-controller/v2/api/v1"