Network isolation validation

metal-stack / gardener-extension-provider-metal

Implementation of the gardener-extension-controller for metal-stack

MIT License

24 stars 11 forks source link

Network isolation validation #391

Closed robertvolkmann closed 4 weeks ago

robertvolkmann commented 5 months ago

Validate network isolation configuration in a single location rather than performing validation in multiple places

robertvolkmann commented 5 months ago

@vknabel Do want to support empty RegistryMirrors or not? https://github.com/metal-stack/gardener-extension-provider-metal/blob/b38f4e809a4fd20ae5d0b48022f20784a1e32521/pkg/webhook/shoot/mutator.go#L170 https://github.com/metal-stack/gardener-extension-provider-metal/blob/b38f4e809a4fd20ae5d0b48022f20784a1e32521/pkg/webhook/controlplane/ensurer.go#L663

vknabel commented 5 months ago

@robertvolkmann if the network access type is not baseline, the NetworkIsolation and its RegistryMirrors must be set and contain at least one mirror.

majst01 commented 2 months ago

rebase and run in test

vknabel commented 1 month ago

Worked fine in test