This basically works already except for the infrastructure resource, which loses the status field. Due to this reason, the infrastructure controller assumes that there is no firewall and tries to create another one.
Instead, when the status field is empty, we should try to find an existing firewall for this cluster and if there is a single one, we don't do anything but update the infrastructure status:
$ k get infrastructure -o yaml
...
status:
...
providerStatus:
apiVersion: metal.provider.extensions.gardener.cloud/v1alpha1
firewall:
machineID: metal:///fra-equ01/00000000-0000-0000-0000-ac1f6bd390b2
succeeded: true
...
This basically works already except for the infrastructure resource, which loses the status field. Due to this reason, the infrastructure controller assumes that there is no firewall and tries to create another one.
Instead, when the status field is empty, we should try to find an existing firewall for this cluster and if there is a single one, we don't do anything but update the infrastructure status: