This implementation will resolve the issue that two firewalls will appear after the shoot migration.
However, the firewall-controller looses the connection to the API server because the endpoint has changed and it has no fitting credentials. For now, this requires manual action and update the ca, the token and the API endpoint in the firewall's seed kubeconfig to the freshly created service account secret.
The PR also cleans up old migration code used in the worker controller for migrating to the firewall-controller-manager.
The compatibility for the old firewall-controller v1 is now dropped. Make sure that all firewall images that still ship with firewall-controller v1 are set to deprecated in the metal-api and that all firewalls are migrated to the firewall-controller-manager and running firewall-controller v2. Clusters that still use deprecated firewall images shipping must update to a current firewall image as the recreation of a firewall with an old image is not possible anymore.
References #306.
This implementation will resolve the issue that two firewalls will appear after the shoot migration.
However, the firewall-controller looses the connection to the API server because the endpoint has changed and it has no fitting credentials. For now, this requires manual action and update the
ca, thetokenand the API endpoint in the firewall's seed kubeconfig to the freshly created service account secret.The PR also cleans up old migration code used in the worker controller for migrating to the firewall-controller-manager.