From 009d28588fbf20a0bd2259bfad4c798291d137a8 Mon Sep 17 00:00:00 2001 From: Francesco Torta <62566275+fra98@users.noreply.github.com> Date: Wed, 18 Oct 2023 11:35:40 +0200 Subject: [PATCH] Fix API and Gateway controllers --- .../v1alpha1/gatewayclient_types.go | 2 +- .../v1alpha1/gatewayserver_types.go | 2 +- .../v1alpha1/zz_generated.deepcopy.go | 12 ++- pkg/consts/externalnetwork.go | 17 +++- .../client-operator/client_controller.go | 9 +- .../server-operator/server_controller.go | 9 +- .../external-network/wireguard/utils.go | 95 +++++++++++++++++++ .../wireguard/wggatewayclient_controller.go | 60 +----------- .../wireguard/wggatewayserver_controller.go | 59 +----------- pkg/liqoctl/network/cluster.go | 6 +- pkg/utils/labels/labelSelectors.go | 15 +-- 11 files changed, 153 insertions(+), 133 deletions(-) create mode 100644 pkg/liqo-controller-manager/external-network/wireguard/utils.go diff --git a/apis/networking/v1alpha1/gatewayclient_types.go b/apis/networking/v1alpha1/gatewayclient_types.go index 34eb292cc6..1e838f14be 100644 --- a/apis/networking/v1alpha1/gatewayclient_types.go +++ b/apis/networking/v1alpha1/gatewayclient_types.go @@ -48,7 +48,7 @@ type GatewayClientSpec struct { // GatewayClientStatus defines the observed state of GatewayClient. type GatewayClientStatus struct { // ClientRef specifies the reference to the client. - ClientRef corev1.ObjectReference `json:"clientRef,omitempty"` + ClientRef *corev1.ObjectReference `json:"clientRef,omitempty"` // SecretRef specifies the reference to the secret. SecretRef *corev1.ObjectReference `json:"secretRef,omitempty"` } diff --git a/apis/networking/v1alpha1/gatewayserver_types.go b/apis/networking/v1alpha1/gatewayserver_types.go index 4749e5e6d1..286ae0ca21 100644 --- a/apis/networking/v1alpha1/gatewayserver_types.go +++ b/apis/networking/v1alpha1/gatewayserver_types.go @@ -69,7 +69,7 @@ type EndpointStatus struct { // GatewayServerStatus defines the observed state of GatewayServer. type GatewayServerStatus struct { // ServerRef specifies the reference to the server. - ServerRef corev1.ObjectReference `json:"serverRef,omitempty"` + ServerRef *corev1.ObjectReference `json:"serverRef,omitempty"` // Endpoint specifies the endpoint of the tunnel. Endpoint *EndpointStatus `json:"endpoint,omitempty"` // SecretRef specifies the reference to the secret. diff --git a/apis/networking/v1alpha1/zz_generated.deepcopy.go b/apis/networking/v1alpha1/zz_generated.deepcopy.go index 59d8bbd327..e11f9072ab 100644 --- a/apis/networking/v1alpha1/zz_generated.deepcopy.go +++ b/apis/networking/v1alpha1/zz_generated.deepcopy.go @@ -535,7 +535,11 @@ func (in *GatewayClientSpec) DeepCopy() *GatewayClientSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayClientStatus) DeepCopyInto(out *GatewayClientStatus) { *out = *in - out.ClientRef = in.ClientRef + if in.ClientRef != nil { + in, out := &in.ClientRef, &out.ClientRef + *out = new(v1.ObjectReference) + **out = **in + } if in.SecretRef != nil { in, out := &in.SecretRef, &out.SecretRef *out = new(v1.ObjectReference) @@ -632,7 +636,11 @@ func (in *GatewayServerSpec) DeepCopy() *GatewayServerSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayServerStatus) DeepCopyInto(out *GatewayServerStatus) { *out = *in - out.ServerRef = in.ServerRef + if in.ServerRef != nil { + in, out := &in.ServerRef, &out.ServerRef + *out = new(v1.ObjectReference) + **out = **in + } if in.Endpoint != nil { in, out := &in.Endpoint, &out.Endpoint *out = new(EndpointStatus) diff --git a/pkg/consts/externalnetwork.go b/pkg/consts/externalnetwork.go index e9acccf525..ec6067a824 100644 --- a/pkg/consts/externalnetwork.go +++ b/pkg/consts/externalnetwork.go @@ -15,12 +15,21 @@ package consts const ( - // WgServerNameLabel is the label used to indicate the name of the WireGuard server. - WgServerNameLabel = "liqo.io/wg-server-name" - // WgClientNameLabel is the label used to indicate the name of the WireGuard client. - WgClientNameLabel = "liqo.io/wg-client-name" // ExternalNetworkLabel is the label added to all components that belong to the external network. ExternalNetworkLabel = "liqo.io/external-network" // ExternalNetworkLabelValue is the value of the label added to components that belong to the external network. ExternalNetworkLabelValue = "true" + + // GatewayResourceLabel is the label added to a gateway resource. + GatewayResourceLabel = "networking.liqo.io/gateway-resource" + // GatewayResourceLabelValue is the value of the label added to a gateway resource. + GatewayResourceLabelValue = "true" + + // GatewayTypeServer indicates a Gateway of type server. + GatewayTypeServer = "server" + // GatewayTypeClient indicates a Gateway of type client. + GatewayTypeClient = "client" + + // PublicKeyField is the data field of the secrets containing public keys. + PublicKeyField = "publicKey" ) diff --git a/pkg/liqo-controller-manager/external-network/client-operator/client_controller.go b/pkg/liqo-controller-manager/external-network/client-operator/client_controller.go index dc143847ea..f5487edc2a 100644 --- a/pkg/liqo-controller-manager/external-network/client-operator/client_controller.go +++ b/pkg/liqo-controller-manager/external-network/client-operator/client_controller.go @@ -22,6 +22,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" @@ -47,6 +48,8 @@ type ClientReconciler struct { type templateData struct { Spec networkingv1alpha1.GatewayClientSpec + Name string + Namespace string GatewayUID string ClusterID string } @@ -166,7 +169,7 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne obj.SetGroupVersionKind(objectKind.GroupVersionKind()) obj.SetName(gwClient.Name) obj.SetNamespace(gwClient.Namespace) - obj.SetLabels(objectTemplateMetadata.Labels) + obj.SetLabels(labels.Merge(objectTemplateMetadata.Labels, labels.Set{consts.RemoteClusterID: remoteClusterID})) obj.SetAnnotations(objectTemplateMetadata.Annotations) obj.SetOwnerReferences([]metav1.OwnerReference{ { @@ -179,6 +182,8 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne }) spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{ Spec: gwClient.Spec, + Name: gwClient.Name, + Namespace: gwClient.Namespace, GatewayUID: string(gwClient.UID), ClusterID: remoteClusterID, }) @@ -192,7 +197,7 @@ func (r *ClientReconciler) EnsureGatewayClient(ctx context.Context, gwClient *ne return fmt.Errorf("unable to update the client: %w", err) } - gwClient.Status.ClientRef = corev1.ObjectReference{ + gwClient.Status.ClientRef = &corev1.ObjectReference{ APIVersion: unstructuredObject.GetAPIVersion(), Kind: unstructuredObject.GetKind(), Name: unstructuredObject.GetName(), diff --git a/pkg/liqo-controller-manager/external-network/server-operator/server_controller.go b/pkg/liqo-controller-manager/external-network/server-operator/server_controller.go index 778000be7f..2d202af616 100644 --- a/pkg/liqo-controller-manager/external-network/server-operator/server_controller.go +++ b/pkg/liqo-controller-manager/external-network/server-operator/server_controller.go @@ -22,6 +22,7 @@ import ( apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" @@ -47,6 +48,8 @@ type ServerReconciler struct { type templateData struct { Spec networkingv1alpha1.GatewayServerSpec + Name string + Namespace string GatewayUID string ClusterID string } @@ -166,7 +169,7 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw obj.SetGroupVersionKind(objectKind.GroupVersionKind()) obj.SetName(server.Name) obj.SetNamespace(server.Namespace) - obj.SetLabels(objectTemplateMetadata.Labels) + obj.SetLabels(labels.Merge(objectTemplateMetadata.Labels, labels.Set{consts.RemoteClusterID: remoteClusterID})) obj.SetAnnotations(objectTemplateMetadata.Annotations) obj.SetOwnerReferences([]metav1.OwnerReference{ { @@ -179,6 +182,8 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw }) spec, err := enutils.RenderTemplate(objectTemplateSpec, templateData{ Spec: server.Spec, + Name: server.Name, + Namespace: server.Namespace, GatewayUID: string(server.UID), ClusterID: remoteClusterID, }) @@ -192,7 +197,7 @@ func (r *ServerReconciler) EnsureGatewayServer(ctx context.Context, server *netw return fmt.Errorf("unable to update the server: %w", err) } - server.Status.ServerRef = corev1.ObjectReference{ + server.Status.ServerRef = &corev1.ObjectReference{ APIVersion: unstructuredObject.GetAPIVersion(), Kind: unstructuredObject.GetKind(), Name: unstructuredObject.GetName(), diff --git a/pkg/liqo-controller-manager/external-network/wireguard/utils.go b/pkg/liqo-controller-manager/external-network/wireguard/utils.go new file mode 100644 index 0000000000..e30e9a14d5 --- /dev/null +++ b/pkg/liqo-controller-manager/external-network/wireguard/utils.go @@ -0,0 +1,95 @@ +// Copyright 2019-2023 The Liqo Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package wireguard + +import ( + "context" + "fmt" + + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/klog/v2" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/predicate" + + "github.com/liqotech/liqo/pkg/consts" + liqolabels "github.com/liqotech/liqo/pkg/utils/labels" +) + +func filterWireGuardSecretsPredicate() predicate.Predicate { + filterGatewayResources, err := predicate.LabelSelectorPredicate(liqolabels.GatewayResourceLabelSelector) + utilruntime.Must(err) + + filterResourcesForRemote, err := predicate.LabelSelectorPredicate(liqolabels.ResourceForRemoteClusterLabelSelector) + utilruntime.Must(err) + + return predicate.And(filterGatewayResources, filterResourcesForRemote) +} + +func wireGuardSecretEnquerer(_ context.Context, obj client.Object) []ctrl.Request { + secret, ok := obj.(*corev1.Secret) + if !ok { + return nil + } + + return []ctrl.Request{ + { + NamespacedName: types.NamespacedName{ + Namespace: secret.Namespace, + Name: mapSecretToWireGuardResource(secret.Name), + }, + }, + } +} + +// TODO:: use generic map function after merge. +func mapSecretToWireGuardResource(secretName string) string { + return secretName +} + +func getWireGuardSecret(ctx context.Context, cl client.Client, wgObj metav1.Object) (*corev1.Secret, error) { + wgObjNsName := types.NamespacedName{Name: wgObj.GetName(), Namespace: wgObj.GetNamespace()} + + remoteClusterID, exists := wgObj.GetLabels()[consts.RemoteClusterID] + if !exists { + err := fmt.Errorf("missing %q label in WireGuard gateway %q", consts.RemoteClusterID, wgObjNsName) + klog.Error(err) + return nil, err + } + wgSecretSelector := client.MatchingLabels{ + consts.GatewayResourceLabel: consts.GatewayResourceLabelValue, + consts.RemoteClusterID: remoteClusterID, + } + + var secrets corev1.SecretList + err := cl.List(ctx, &secrets, client.InNamespace(wgObj.GetNamespace()), wgSecretSelector) + if err != nil { + klog.Errorf("Unable to list secrets associated to WireGuard gateway %q: %v", wgObjNsName, err) + return nil, err + } + + switch len(secrets.Items) { + case 0: + klog.Warningf("Secret associated to WireGuard gateway %q not found", wgObjNsName) + return nil, nil + case 1: + return &secrets.Items[0], nil + default: + return nil, fmt.Errorf("found multiple secrets associated to WireGuard gateway %q", wgObjNsName) + } +} diff --git a/pkg/liqo-controller-manager/external-network/wireguard/wggatewayclient_controller.go b/pkg/liqo-controller-manager/external-network/wireguard/wggatewayclient_controller.go index ecc6c26cac..0450905e3c 100644 --- a/pkg/liqo-controller-manager/external-network/wireguard/wggatewayclient_controller.go +++ b/pkg/liqo-controller-manager/external-network/wireguard/wggatewayclient_controller.go @@ -16,7 +16,6 @@ package wireguard import ( "context" - "fmt" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" @@ -25,19 +24,16 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/predicate" networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1" "github.com/liqotech/liqo/pkg/consts" enutils "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/utils" - liqolabels "github.com/liqotech/liqo/pkg/utils/labels" mapsutil "github.com/liqotech/liqo/pkg/utils/maps" ) @@ -130,37 +126,12 @@ func (r *WgGatewayClientReconciler) SetupWithManager(mgr ctrl.Manager) error { Owns(&appsv1.Deployment{}). Owns(&corev1.ServiceAccount{}). Owns(&rbacv1.RoleBinding{}). - Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(r.secretEnquerer), builder.WithPredicates(r.filterSecretsPredicate())). + Watches(&corev1.Secret{}, + handler.EnqueueRequestsFromMapFunc(wireGuardSecretEnquerer), + builder.WithPredicates(filterWireGuardSecretsPredicate())). Complete(r) } -func (r *WgGatewayClientReconciler) filterSecretsPredicate() predicate.Predicate { - filterWgClientSecrets, err := predicate.LabelSelectorPredicate(liqolabels.WgClientNameLabelSelector) - utilruntime.Must(err) - return filterWgClientSecrets -} - -func (r *WgGatewayClientReconciler) secretEnquerer(_ context.Context, obj client.Object) []ctrl.Request { - secret, ok := obj.(*corev1.Secret) - if !ok { - return nil - } - - wgClientName, found := secret.GetLabels()[consts.WgClientNameLabel] - if !found { - return nil - } - - return []ctrl.Request{ - { - NamespacedName: types.NamespacedName{ - Namespace: secret.Namespace, - Name: wgClientName, - }, - }, - } -} - func (r *WgGatewayClientReconciler) ensureDeployment(ctx context.Context, wgClient *networkingv1alpha1.WgGatewayClient, depNsName types.NamespacedName) (*appsv1.Deployment, error) { dep := appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{ @@ -198,7 +169,7 @@ func (r *WgGatewayClientReconciler) mutateFnWgClientDeployment(deployment *appsv } func (r *WgGatewayClientReconciler) handleSecretRefStatus(ctx context.Context, wgClient *networkingv1alpha1.WgGatewayClient) error { - secret, err := r.getWgClientKeysSecret(ctx, wgClient) + secret, err := getWireGuardSecret(ctx, r.Client, wgClient) if err != nil { return err } @@ -216,26 +187,3 @@ func (r *WgGatewayClientReconciler) handleSecretRefStatus(ctx context.Context, w return nil } - -func (r *WgGatewayClientReconciler) getWgClientKeysSecret(ctx context.Context, wgClient *networkingv1alpha1.WgGatewayClient) (*corev1.Secret, error) { - wgClientSelector := client.MatchingLabels{ - consts.WgClientNameLabel: wgClient.Name, // secret created by the WireGuard client with the given name - } - - var secrets corev1.SecretList - err := r.List(ctx, &secrets, client.InNamespace(wgClient.Namespace), wgClientSelector) - if err != nil { - klog.Errorf("Unable to list secrets associated to WireGuard client %s/%s: %v", wgClient.Namespace, wgClient.Name, err) - return nil, err - } - - switch len(secrets.Items) { - case 0: - klog.Warningf("Secret associated to WireGuard client %s/%s not found", wgClient.Namespace, wgClient.Name) - return nil, nil - case 1: - return &secrets.Items[0], nil - default: - return nil, fmt.Errorf("found multiple secrets associated to WireGuard client %s/%s", wgClient.Namespace, wgClient.Name) - } -} diff --git a/pkg/liqo-controller-manager/external-network/wireguard/wggatewayserver_controller.go b/pkg/liqo-controller-manager/external-network/wireguard/wggatewayserver_controller.go index 041093225e..ba792590bd 100644 --- a/pkg/liqo-controller-manager/external-network/wireguard/wggatewayserver_controller.go +++ b/pkg/liqo-controller-manager/external-network/wireguard/wggatewayserver_controller.go @@ -27,21 +27,18 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/klog/v2" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/predicate" networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1" "github.com/liqotech/liqo/pkg/consts" "github.com/liqotech/liqo/pkg/discovery" enutils "github.com/liqotech/liqo/pkg/liqo-controller-manager/external-network/utils" "github.com/liqotech/liqo/pkg/utils" - liqolabels "github.com/liqotech/liqo/pkg/utils/labels" mapsutil "github.com/liqotech/liqo/pkg/utils/maps" ) @@ -151,37 +148,12 @@ func (r *WgGatewayServerReconciler) SetupWithManager(mgr ctrl.Manager) error { Owns(&corev1.Service{}). Owns(&corev1.ServiceAccount{}). Owns(&rbacv1.RoleBinding{}). - Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(r.secretEnquerer), builder.WithPredicates(r.filterSecretsPredicate())). + Watches(&corev1.Secret{}, + handler.EnqueueRequestsFromMapFunc(wireGuardSecretEnquerer), + builder.WithPredicates(filterWireGuardSecretsPredicate())). Complete(r) } -func (r *WgGatewayServerReconciler) filterSecretsPredicate() predicate.Predicate { - filterWgServerSecrets, err := predicate.LabelSelectorPredicate(liqolabels.WgServerNameLabelSelector) - utilruntime.Must(err) - return filterWgServerSecrets -} - -func (r *WgGatewayServerReconciler) secretEnquerer(_ context.Context, obj client.Object) []ctrl.Request { - secret, ok := obj.(*corev1.Secret) - if !ok { - return nil - } - - wgServerName, found := secret.GetLabels()[consts.WgServerNameLabel] - if !found { - return nil - } - - return []ctrl.Request{ - { - NamespacedName: types.NamespacedName{ - Namespace: secret.Namespace, - Name: wgServerName, - }, - }, - } -} - func (r *WgGatewayServerReconciler) ensureDeployment(ctx context.Context, wgServer *networkingv1alpha1.WgGatewayServer, depNsName types.NamespacedName) (*appsv1.Deployment, error) { dep := appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{ @@ -416,7 +388,7 @@ func (r *WgGatewayServerReconciler) forgeEndpointStatusLoadBalancer(service *cor } func (r *WgGatewayServerReconciler) handleSecretRefStatus(ctx context.Context, wgServer *networkingv1alpha1.WgGatewayServer) error { - secret, err := r.getWgServerKeysSecret(ctx, wgServer) + secret, err := getWireGuardSecret(ctx, r.Client, wgServer) if err != nil { return err } @@ -434,26 +406,3 @@ func (r *WgGatewayServerReconciler) handleSecretRefStatus(ctx context.Context, w return nil } - -func (r *WgGatewayServerReconciler) getWgServerKeysSecret(ctx context.Context, wgServer *networkingv1alpha1.WgGatewayServer) (*corev1.Secret, error) { - wgServerSelector := client.MatchingLabels{ - consts.WgServerNameLabel: wgServer.Name, // secret created by the WireGuard server with the given name - } - - var secrets corev1.SecretList - err := r.List(ctx, &secrets, client.InNamespace(wgServer.Namespace), wgServerSelector) - if err != nil { - klog.Errorf("Unable to list secrets associated to WireGuard server %s/%s: %v", wgServer.Namespace, wgServer.Name, err) - return nil, err - } - - switch len(secrets.Items) { - case 0: - klog.Warningf("Secret associated to WireGuard server %s/%s not found", wgServer.Namespace, wgServer.Name) - return nil, nil - case 1: - return &secrets.Items[0], nil - default: - return nil, fmt.Errorf("found multiple secrets associated to WireGuard server %s/%s", wgServer.Namespace, wgServer.Name) - } -} diff --git a/pkg/liqoctl/network/cluster.go b/pkg/liqoctl/network/cluster.go index cd33479751..e5b88bed7b 100644 --- a/pkg/liqoctl/network/cluster.go +++ b/pkg/liqoctl/network/cluster.go @@ -23,7 +23,7 @@ import ( discoveryv1alpha1 "github.com/liqotech/liqo/apis/discovery/v1alpha1" networkingv1alpha1 "github.com/liqotech/liqo/apis/networking/v1alpha1" - "github.com/liqotech/liqo/pkg/discovery" + "github.com/liqotech/liqo/pkg/consts" "github.com/liqotech/liqo/pkg/liqoctl/factory" "github.com/liqotech/liqo/pkg/liqoctl/output" "github.com/liqotech/liqo/pkg/liqoctl/rest/configuration" @@ -98,8 +98,8 @@ func (c *Cluster) SetupConfiguration(ctx context.Context, conf.Labels = make(map[string]string) } if confCopy.Labels != nil { - if cID, ok := confCopy.Labels[discovery.ClusterIDLabel]; ok { - conf.Labels[discovery.ClusterIDLabel] = cID + if cID, ok := confCopy.Labels[consts.RemoteClusterID]; ok { + conf.Labels[consts.RemoteClusterID] = cID } } conf.Spec.Remote = confCopy.Spec.Remote diff --git a/pkg/utils/labels/labelSelectors.go b/pkg/utils/labels/labelSelectors.go index 9da62a5800..3fd120a9fb 100644 --- a/pkg/utils/labels/labelSelectors.go +++ b/pkg/utils/labels/labelSelectors.go @@ -105,21 +105,22 @@ var ( }, } - // WgServerNameLabelSelector selector used to get a secret for a WireGuard gateway server. - WgServerNameLabelSelector = metav1.LabelSelector{ + // GatewayResourceLabelSelector selector is used to get resources related to a gateway. + GatewayResourceLabelSelector = metav1.LabelSelector{ MatchExpressions: []metav1.LabelSelectorRequirement{ { - Key: liqoconst.WgServerNameLabel, - Operator: metav1.LabelSelectorOpExists, + Key: liqoconst.GatewayResourceLabel, + Operator: metav1.LabelSelectorOpIn, + Values: []string{liqoconst.GatewayResourceLabelValue}, }, }, } - // WgClientNameLabelSelector selector used to get a secret for a WireGuard gateway client. - WgClientNameLabelSelector = metav1.LabelSelector{ + // ResourceForRemoteClusterLabelSelector selector is used to get resources related to a remote cluster. + ResourceForRemoteClusterLabelSelector = metav1.LabelSelector{ MatchExpressions: []metav1.LabelSelectorRequirement{ { - Key: liqoconst.WgClientNameLabel, + Key: liqoconst.RemoteClusterID, Operator: metav1.LabelSelectorOpExists, }, },