Skip to content

[GEP-30] Drop webhook code unneeded with RemoveAPIServerProxyLegacyPort #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,3 @@ TODO

vendor
out
certs
6 changes: 1 addition & 5 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -42,11 +42,7 @@ run:
./cmd/$(EXTENSION_PREFIX)-$(NAME) \
--kubeconfig=${KUBECONFIG} \
--ignore-operation-annotation=$(IGNORE_OPERATION_ANNOTATION) \
--leader-election=$(LEADER_ELECTION) \
--webhook-config-mode=url \
--webhook-config-url="host.docker.internal:9443" \
--webhook-config-cert-dir=example/certs \
--webhook-config-server-port=9443
--leader-election=$(LEADER_ELECTION)

.PHONY: debug
debug:
Expand Down
27 changes: 7 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,37 +43,24 @@ Istio configures an envoy proxy using a set of
We can hook into this mechanism and insert additional configuration, which
further limits the access to a specific cluster.

Broadly speaking, there are three different external traffic flows:
Broadly speaking, there are two different external traffic flows:

1. Kubernetes API Listener (via SNI name)
1. Kubernetes Service Listener (internal flow)
1. VPN Listener
2. Apiserver-Proxy / Reversed-VPN Listener

*Please note that this changed with [GEP-30](https://github.com/gardener/gardener/blob/master/docs/proposals/30-apiserver-proxy.md) as the dedicated Kubernetes Service Listener for the apiserver-proxy was removed.*

These ways are described in more detail in the aforementioned GEP. Essentially,
these three ways are all represented by a specific Envoy listener with filters.
these two ways are all represented by a specific Envoy listener with filters.
The extension needs to hook into each of these filters (and their filter chains)
to implement the desired behavior. Unfortunately, all three types of access
to implement the desired behavior. Unfortunately, all types of access
require a unique way of handling them, respectively.

![Listener Overview](./docs/listener-overview.svg)

1. **SNI Access** - The most straightforward approach. Wen can deploy one
additional `EnvoyFilter` per shoot with enabled ACL extension. It contains a
filter patch that matches on the shoot SNI name and specifies an `ALLOW` rule
with the provided IPs.
1. **Internal Flow** - Gardener creates one `EnvoyFilter` per shoot that defines
this listener. Unfortunately, it doesn't have any criteria we could use to
match it with an additional `EvnoyFilter` spec on a per-shoot basis, and
we've tried a lot of things to make it work. On top of that, a behavior that
we see as [a bug in Istio](https://github.com/istio/istio/issues/41536)
prevents us from working with priorities here, which was the closest we got
to make it work. Now instead, the extension deploys a `MutatingWebhook` that
intercepts creations and updates of `EnvoyFilter` resources starting with
`shoot--` (which is their only common feature). We then insert our
rules. To make this work with updates to `Extension` objects, the controller
dealing with 1) also updates a hash annotation on these `EnvoyFilter`
resources every time the respective ACL extension object is updated.
1. **VPN Access** - All VPN traffic moves through the same listener. This
2. **Apiserver-Proxy / VPN Access** - All apiserver-proxy and VPN traffic moves through the same listener. This
requires us to create only a single `EnvoyFilter` for VPN that contains
**all** rules of all shoots that have the extension enabled. And, conversely,
we need to make sure that traffic of all shoots that don't have the
Expand Down
6 changes: 1 addition & 5 deletions charts/gardener-extension-acl/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ metadata:
name: {{ include "name" . }}
namespace: {{ .Release.Namespace }}
labels:
high-availability-config.resources.gardener.cloud/type: webhook
high-availability-config.resources.gardener.cloud/type: controller
{{ include "labels" . | indent 4 }}
spec:
revisionHistoryLimit: 0
Expand Down Expand Up @@ -43,10 +43,6 @@ spec:
{{- if .Values.gardener.version }}
- --gardener-version={{ .Values.gardener.version }}
{{- end }}
- --webhook-config-namespace={{ .Release.Namespace }}
- --webhook-config-service-port={{ .Values.webhookConfig.servicePort }}
- --webhook-config-server-port={{ .Values.webhookConfig.serverPort }}
- --disable-webhooks={{ .Values.disableWebhooks | join "," }}
env:
- name: LEADER_ELECTION_NAMESPACE
valueFrom:
Expand Down
1 change: 1 addition & 0 deletions charts/gardener-extension-acl/templates/rbac.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ rules:
- create
- update
- patch
- delete
- apiGroups:
- networking.istio.io
resources:
Expand Down
20 changes: 0 additions & 20 deletions charts/gardener-extension-acl/templates/service.yaml

This file was deleted.

6 changes: 0 additions & 6 deletions charts/gardener-extension-acl/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,6 @@ controllers:

disableControllers: []

webhookConfig:
servicePort: 443
serverPort: 10250

disableWebhooks: []

additionalAllowedCidrs: []

# imageVectorOverwrite: |
Expand Down
18 changes: 13 additions & 5 deletions cmd/gardener-extension-acl/app/app.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,15 @@ import (
"github.com/spf13/cobra"
istionetworkv1alpha3 "istio.io/client-go/pkg/apis/networking/v1alpha3"
istionetworkv1beta1 "istio.io/client-go/pkg/apis/networking/v1beta1"
admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
componentbaseconfigv1alpha1 "k8s.io/component-base/config/v1alpha1"
"sigs.k8s.io/controller-runtime/pkg/client"
"sigs.k8s.io/controller-runtime/pkg/manager"

"github.com/stackitcloud/gardener-extension-acl/pkg/controller"
"github.com/stackitcloud/gardener-extension-acl/pkg/controller/healthcheck"
"github.com/stackitcloud/gardener-extension-acl/pkg/webhook"
)

// NewControllerManagerCommand creates a new command that is used to start the service controller.
Expand Down Expand Up @@ -95,7 +96,6 @@ func (o *Options) run(ctx context.Context) error {
ctrlConfig := o.extensionOptions.Completed()
ctrlConfig.ApplyHealthCheckConfig(&healthcheck.DefaultAddOptions.HealthCheckConfig)
ctrlConfig.Apply(&controller.DefaultAddOptions.ExtensionConfig)
webhook.DefaultAddOptions.AllowedCIDRs = ctrlConfig.AdditionalAllowedCIDRs

o.controllerOptions.Completed().Apply(&controller.DefaultAddOptions.ControllerOptions)
o.healthOptions.Completed().Apply(&healthcheck.DefaultAddOptions.Controller)
Expand All @@ -105,11 +105,19 @@ func (o *Options) run(ctx context.Context) error {
return fmt.Errorf("could not add controllers to manager: %s", err)
}

if err := o.webhookOptions.Completed().AddToManager(ctx, mgr); err != nil {
return fmt.Errorf("could not add controllers to manager: %s", err)
// TODO(Wieneo): Remove this once a couple extension versions included the migration code
// migration code: remove mutating webhook from cluster as it is not served by this controller anymore
if err := mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
if err := client.IgnoreNotFound(mgr.GetClient().Delete(ctx, &admissionregistrationv1.MutatingWebhookConfiguration{ObjectMeta: metav1.ObjectMeta{Name: ExtensionName}})); err != nil {
return fmt.Errorf("could not delete mutatingwebhook %s: %w", ExtensionName, err)
}
return nil
})); err != nil {
return fmt.Errorf("could not add runnable to manager: %w", err)
}

if err := mgr.Start(ctx); err != nil {
return fmt.Errorf("error running manager: %s", err)
return fmt.Errorf("error running manager: %w", err)
}

return nil
Expand Down
12 changes: 1 addition & 11 deletions cmd/gardener-extension-acl/app/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
"os"

extensionscmdcontroller "github.com/gardener/gardener/extensions/pkg/controller/cmd"
extensionscmdwebhook "github.com/gardener/gardener/extensions/pkg/webhook/cmd"

extensioncmd "github.com/stackitcloud/gardener-extension-acl/pkg/cmd"
)
Expand All @@ -36,7 +35,6 @@ type Options struct {
controllerOptions *extensionscmdcontroller.ControllerOptions
healthOptions *extensionscmdcontroller.ControllerOptions
controllerSwitches *extensionscmdcontroller.SwitchOptions
webhookOptions *extensioncmd.AddToManagerOptions
reconcileOptions *extensionscmdcontroller.ReconcilerOptions
optionAggregator extensionscmdcontroller.OptionAggregator
}
Expand Down Expand Up @@ -65,14 +63,7 @@ func NewOptions() *Options {
MaxConcurrentReconciles: 5,
},
controllerSwitches: extensioncmd.ControllerSwitches(),
webhookOptions: extensioncmd.NewAddToManagerOptions(
ExtensionName,
&extensionscmdwebhook.ServerOptions{
Namespace: os.Getenv("WEBHOOK_CONFIG_NAMESPACE"),
},
extensioncmd.WebhookSwitchOptions(),
),
reconcileOptions: &extensionscmdcontroller.ReconcilerOptions{},
reconcileOptions: &extensionscmdcontroller.ReconcilerOptions{},
}

options.optionAggregator = extensionscmdcontroller.NewOptionAggregator(
Expand All @@ -83,7 +74,6 @@ func NewOptions() *Options {
options.extensionOptions,
extensionscmdcontroller.PrefixOption("healthcheck-", options.healthOptions),
options.controllerSwitches,
options.webhookOptions,
options.reconcileOptions,
)

Expand Down
2 changes: 1 addition & 1 deletion deploy/extension/base/controller-registration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ kind: ControllerDeployment
metadata:
name: acl
helm:
rawChart: H4sIAAAAAAAAA+0ca2/bOLKf9St46gFtF5X8iOPsGihw2TTXDdA2RtLL4rBYBLRE29xIoo6UnLqP++03fOhhSY7sJE22e54PjkwNh0POm6Qzw9wnEeEO+ZiQSFAWOdgLOk/uE7oAB/v76i9A9a967u0Nev39/nAo23uDXq/3BO3fKxdrIBUJ5gg94YwlN+G1vf9OYdYsf3dOgpDOIsbJ3ceQAh4OBmvlD2KvyH/YHwyfoO7dh26H/3P5P0VjnCSERwIlDGmJo+s5idAkpYFPoxmKsXeFZ0S41lP0YU4FEmkcM57AA2hJgGYBm6AQJ94csF8iTgKc0AWBfsm81I4jHwhEZAZvWYSex5xM6Ufio2sKeH974aLTKFgiFqmekiUUE44CGhHXcl+fX54nwBuQOGJhCAQujs6RT7mw3BlNOupTs2+5k0+8oz6zhvmsIz+yr2IRdQpCE5hfGqMpDYiwfnDFdQyfE3wFn0kIz/8F1AvMKUsFOnl9DAPGnP1BvMRyqU9wR+NBk+UuhMd80rEeW6qbwxr7P5pjnrhLHAb3MEab/fe7B1X77+7t7+z/IQDH9IJwKfcRWvQsHMf5V7vndm3LJ8LjNE5U0yH6BeIC8qR2oCnjKJkT9MaoEDo8eotyNXKtCIdkhJoVzFpko3RdGOY7Mpi/GKyx/4SEMbhxIu4jE9w+/xv2wCXs8r8HgFb5X0KMhzgs3CS+bSxozf/29lbl3+8O9vo7//8Q8Pmzg3xIxCDrsqXDtpHz9au1xmlLZBL5CsUq9wzwhATChejhXpGlpqG+pBPI4wjokUtZR9JfobGGxAIHqWHk82dEIy9I/Zw9F5mONzBS71tlUFIZoTUYZnw1Un0WNAKNiTyiurtnJCBYEPc9MFfh7LFFuxG02r/HoimdhTh2aAhVwALyXsYdBvH7mtOEbJIjttn/YFjJ/+DhYLCz/4cAqa90itwLqfOg31LGF0rGp5mIpVo7jmNVUsUrGvkjqKGkerzDsRWSBPs4wSMLIZ36NRtvsx6ZTgKKzQbLUs2SD4S0nY4arFuS/wKNoM8JGgD2VyvjRw0pLle1doS+SCo3Tn2FXm7c34ltbwKt9u+TOGDLENbg1uVgi/3vDw+q8b/XG+72fx4EqoYN8U50cut+nQt/Y/Pe2pARwJzO5g5eYAqNNKDJ0tFhx+VEsJR7YJ6ZorpewFK/kyxjIH9NJnPGrjZxBpaIiSdH42RB5Vx/oQJMffmWhjSBMlS9iQPqYaHZNm7BNB6xFAgpxgXMR3oJzbra4Hq7mVMaagKZcRkCpYWVgKOIJWqPTGRNGzppZMCbE+9KpGEpdhfW3eh9V4T5POYUmP27+8Hw6f4M4hvL3Tx7o3TAfqEmLea4vz8EPgreCgdqGspKIAGyrGvGQflmNYEzx4cVQTgI2DXxN+vBQWg0JA5ouCAcmCz6t4jqx4zHTG0kwMIwmOXyKMBCvF/d3hBLAXJ1fup2DbIckHrk0POk6ry/2WSU2FiUYMhieb4eTpulaVCSWFFa1VJDGadBMGagzcs6cvGu3A3zWUk4DnKcEH+UtumlnMMyOZzIL3Ln9FWJopwJZ0Egy8YC+XwZeaJMXdKbExwkc6Wx29MudW4bx6cCTwLilLqXqZrXR8VbUIU/GI2Q/dKu0tLbyA6DsljZqVOY7DpOdZfTrMdh3qFKG1ylL6OxdDHKXP1Xa9KoCuYKFbVB58gN+Fcd9Szy1xVfgn2fyu44ONSGcUR9Xlu9Assx9uN4Eq883TWUmpex5ghqjOXGbHYKqyzlhmfel1m5qW/DyJKciSQm7jh5CHt1QwRb29uYviNPScp8GTSdM7sGawxIG9CDmbaTI7yJWqb7Br9J8X81r9aIi0SLshvQXunt8eHr47PL47fHRx9OTt9fvj98d3w+Pjw6zjERUqX0PzkLR6VGhKaUBP4Zma62mnYZaUZ5WHRzUazTlLZwmPF78u7wzfEFMHt6dnl6cXz269nJhxqvI2QMpigWOo3VwxaqnCcxZZy8UWUNCfs30Gzo8QUlnIZFXOp1tzOjtsURBLymDGngrCBJKAtEWfqY0wW44Bk5Fh4OsD4GmOJAFOJYsCANyTsZ5URdS1oyj9J4oaSghV+XQQmPg+OTR4UjWJqUrF+LrVZCT6IWeTfl3svK4PIC3qoKzsAnU5wGyTvmA41Bv1ualJnlveT/rfVfzMCvC56qE6BJ6s/I1oVg6/7voHL+39/rHuzqvwcBYySzBD2XSX9T1fMC9Zq2gGKVLRa14pj5r3NF+VkpyrcrGrcp+CCt/FdkistAkxfppHW+dy707ttUvwm02j+fYO+OFwFa7H+wB+9Wz/8ODuT5387+vz1UrVqJG6fJHArdTyrcu1c/qnOPYss3gDUj/IwFZBsD38Z0eRrIWOwgYO0NZ2msArNTLvapAOaAL2iH6DkxCNLpyL8BvFYP19Jq1VOcP6UxsEzUowfJhHn0wdrVYykzk+2Q+7LllAYwZVHnKDeb6g5VnZCn103o0SIh61vu6680mnIsIJ/xkhS6bTSpu/BSoFa+dsAcknQzBhpXtcbVui28OlMhjiAn8vPWFiZKsrtukm3BmhFtjTXbrjORx6FbCgG+luSgbadBF0AVWJg1qtNLVTyvGbQ01doE6wu+zoTXqiRnARHVhgkYJBiabi8wKq+2ZHZbadhQn3CSCFt/g4Q50l++sWLIbfAmdorTkFYuiqFvuyAeA/9Ao5tFqNKkiiTMgHckmLWrFEy/23grqsRMacrZGq0zHT+kQtoNJzNYRX4zn2Eqd9CimdnV0BVYqjtt7r+2sqzm8FPhawZErvFyQ/dxp/D7s7bDbxaFYQizSZMtxA0cAlY9P2jhB/JweZFWhXrd+Xxl17x9PpuUDY+dY/2ZoTX/N7uUdykBWvJ/SP2r9z+6g0F3l/8/BKy92GEM8f5L+Nr5Zsmrrj3unXIWOoAV+E7C1Ea4GKFnv322Y84S5rHAHtkfjsb2S1u+s0eb7ZJ//f3ZdhzgIMj35kFtwKmL/EDkMZiKme8o7+1kexXFyQUwRuVZ9kqqf5v9E33Ubrz6ydgqb4xsQgchvTQ6ssLjyulj65lItpgjBGupWvTKj9spFcchj21mf1rY1P9jHZBvFQba9n/3er2K/+9D487/PwS0+f8sEXvUnVxIN5k6HVpl6gO7Ivlp1GMv5HcKrfa/iPFdfwfWmv8Nq7//PNgf7vZ/HwQqh6RS2iSS5yR+05mPNER5DiyTkmpdCkgJhXdj5h8aNMLv22/onKSB6SxFKt9hWm3TyWZ+yUo10vKJb/5K39V69sMzKz+appG51FI+3/XiVLHKyX9SymHF7PUcuQUJF/ohKvJu9g0TqXYrndzLm4Mh48tbsaC73oYL03P1fCvLyfIrHU1XSmV77Vpp2zk5IOh9mbIQdYs+Gi8lgJLxMrJb4H0353EPDWv8/0Kv6P38ALjN/w/2ar//3+vu6v8HAXN3dDb3uPTmsBjeFU10ddmsGyOVFyRW7UrpyfQ9S8bgOaRdW+UT9RHqy4bSNqn0OkDEeF/lSO39bmhbZb9mDwfvqG1ZYNcSz8Sl/NpPk3uvO2pFG0hbqz5Tkm71LbYMZMBA6SanRKpcNQXy0Lj2hmdxXap0XTUPRlVCVv0m6gj99rtlrVS3Iyu/X6zL4MFgzzTpmneEet3+fjcnl93v07Sar2rqd09R00Up+VuZpyj7Ic1IPRd3pDAki0S1AQ9KJmckZoImaqnnSRKLUacjvPk15p9o8g+fLFz8KeXE9VhYtBdPrrginUv5fx0M8dK9XTMOL43AycxVJ6iyn0vSbs81imz2SSS5VTYTPAP5dt2++xMIONP0kd60N79/t3dxYgc72MEOdrCDHfwF4X81ogeBAFAAAA==
rawChart: H4sIAAAAAAAAA+1b62/juBHfz/orWG+B2z2c5GecOwMLNJdN9xbYPJBsUxRFEdASbfMiiSpJ2et99G/vkJQlWZIjO8k6TU/zIZFG5HDImd9w+PAUc4+EhNvkkyShoCy0seu3XzwmdYAODw70f6Dif/3c7Q+6vYPecKj43UG3232BDh5Viw0UC4k5Qi84Y/KucnXfnylNq+3vzIgf0GnIOHl4G8rAw8Fgo/3B7AX7D3uD4QvUeXjT9fQHt/9LdIGlJDwUSDJkLI4WMxKicUx9j4ZTFGH3Fk+JcKyX6OOMCiTiKGJcwgN4iY+mPhujAEt3BqV/Qpz4WNI5gXpyluPj0AMBIZnCVxaiVxEnE/qJeGhBodyfXjvoPPSXiIW6plIJRYQjn4bEsZy3VzdXEnQDEccsCEDA9fEV8igXljOlsq3/GvUtZ/yZt/XfFWM2bas/q1cxD9uZoDH0L47QhPpEWD86YhHB3zG+hb8ygOf/QNFrzCmLBXr/9gQajDj7nbjScqhHcNuUA5blzIXLPNK2ntqq29MG/B/PMJfOEgf+I7RRh/9e57CI/07/oMH/PghH9JpwZfcRmnctHEXpa6vrdFqWR4TLaSQ16wj9BvMCcpV3oAnjSM4Iepe4EDo6/oBSN3KsEAdkhKodzJqvWuk40MwzAsz/GW3AvyRBBGGciMfIBHfP/4ZdCAlN/rcHqrX/DczxMA8LR0b3nQtq879+f93+vc6g32vi/z7oyxcbeZCIQdbVUgG7hexv36wNQVsVJqGni1j5mj4eE184MHs4t2RpZOiXeAx5HAE/cihrK/lrMjaImGM/ThT58gXR0PVjL1XPQUnFOxQp1y0qqKSM0IYSSfu6pXIvaAgeE7pEV3cuiU+wIM4ZKFfQ7KlNuxXV4t9l4YROAxzZNIBVwBzyXsZtBvP3glNJtskR6/A/GBbyP3g4HDT43wcpf6UT5Fwrnwf/Vja+1jY+X5lYubVt21YhVbyloTeCNZRyj1McWQGR2MMSjyyETOpXDd5qP0oqCVhsViBLs5UeCBmcjirQrcR/BSb4s0QDKP3NWumjmxQ36147Ql+VlDu7viYvBfczwfY2VIt/j0Q+WwYwBvdeDtbg/6DXHxTw3+0eHDb43wcVgQ3znWin6H6bGn9reO8MZAQ0o9OZjeeYApP6VC5tM+04nAgWcxfguXJUx/VZ7LXlMgLxUEpy5vuEbxMPLBERVzXIyZyq7v5GBaB9+YEGVMJKVH+JfOpiYTRPIkPCPGYxCNK6C+iSChRGe73H9WG7uDQ0Alb4SgTkxlYRDkMm9TaZWLG2jNMoIXdG3FsRB7npOwN4ZQBes+eriFNQ9s/Ox0RP51ew4IXa0GttlRG0XutOixnuHQxBj0y3LIYmjLwfKIJEa8E4+N+0ZHNmezAiCPs+WxBvuxocjEYDYoOTC8JByax+jal+Xum4chtFMDAMerk89rEQZ+s7HGIpwK72L51OUlg1SF1y5LrKdc7uRo02G/gzhkSWp+Nh14HNkLbEmtNqTqnIRez7Fwy8eVkunH3LV8N8mjOOjWw7wJ8UPN2YcxgmmxP1ojZP3+QkZsjUz0nhq2Xoirx0JW9GsC9n2mN3l52rXNeORwUe+8TOVc9LTT4fZ1/BFX5nNEStn1pFWWYn2WawMtY4tTPIbtLUVDlf1ThKKxRlQ7T01ISsQoyGq/dmQyZVKLkmRe/R2WoP/k1bP4v0cyGWYM+jqjr2jwwwjqnHS6OXlbIT/NiuKpfv7gZJ1cNYCgQlxVIwJ5uFRZVS4CXf86rcVbeiZRLO805uMPfh5OjtyeXNyYeT44/vz89uzo5OT64ujo5P0pII6bXiXzkLRjkmQhNKfO+STNa5CV/F0VEa9J10utw0DnXBfqXv+9OjdyfXoOz55c359cnl3y/ffyzpOkKJO2TZcLsyPd7BUOksnS+TMvWcKNk/QGZFja9IchpkUbfb2c1J6gZHEIgJKmADFGEKzBtE+/EFp3MIMFNyIlzsY7PPPcG+yMwxZ34ckFMVw0XZS2rm1Vx7gZJgjF+2Qa4cB1irs7ARDE1MNo/FTiNhOlGaV7bV3l2t8/IDeK9l3oo8MsGxL0+ZBzIGvU6uU0kvnzo3/iNQ7fovYhDUBY/1CdA49qZk54Vg7f7voHD+3+t3Dpvz/71QEkOmEr1SGX/Vkuc16lZtAUU6VczWihfMe5s6yq/aUb7fonGX1R7klH8Lk8Wlb8SLeFzb3wev8p5FJKvFPx9j94EXAWrwP+gfFM//Dw+7/Qb/+6AiqrW5cSxnsMr9rLMh5/Znfe6Rbfn6MGaEXzKf7ALwXaDLY1+lKjYC1d5xFkc6b7HzK30qQDnQC/iQXIyTAiroqP8+fNYPC4Va/RSlT3EEKhP96EKulTx6gHb9mEtcFR+WBmw5oT50WZQ1SmFT3KEqC3LNuAnTWijU4pZ75pWGE44FpHuujKHaVp16iC5Z0cJrG+Ag4+0UqBzVklabtvDKSgU4hJTRS7k1SuRst6iybaZaYtqSaq1WWYl0HrqnEeA1ZweDnQpfAFdgwYqpTy/1ynlDo7muljpYHvBNEN7okpz5RBQZYwAkAM3wsxKFTzsqu6s1WrB840SKlnmD9URoXr6zY6ht8Cp1stOQWi2ypu87IC6D+EDDu02o06SCJZIGHyhwxdcpmPm29T5UTplcl1djtAk6XkCFwg0nUxhFfreeQay2z8LpgoxnjN2aBWpsKm0fv+5rm+qZqKDiFOQt8HLLSPKgmfhXA8nvNiFDE8l21mog7tAQSpVThRp9ICVXd2r1rG8qX63tntf3Z5sVxFOnW/9zVJv/J2cY2FjhXiuBuvV/v9strP97wGzy/33QxosdBfQ96UoeYgzTm6frSn1ktyTdrH3qgXymVIv/eYQf+juAGvx3+8Pi738OD4bN/Y+9UOEMQVmbhGqfzKva81NAVMckKu0pJiNQSFL4dsG8o6QY4Y8dN8yeXoXSq8wrf4C9zjO7eOkJu2bS/IFI+skc1P/w4w9WenJDw+REM3/84UaxVpWTf8eUw4i1NmvkZCIcqIeoSKu17uhIsVruYEtdGwkYX95LBVP1PlokNdf3NxECEEFem554Vl0pUvzStaK6YyQoYPLyvBENx5wc5c58leL5wk5W7tnsx+6bNsT/uRnRx/kBWG387/VKv/88bO7/74WSi0PTmctVNIfBcG+pNLenqn1jpPMCaZXuE72fnDF5AZFD4drKn6iMUE8xcmtjFXVASBJ9dSBtHXSClpWPa63h4JS2LAtwrcol81J6Kl4V3suBWssG0dZ6zFSia2NLS01koEDuGo8qVLhnBOKBufF6T3abIHdXKZ2MioKs8jWkEfrnvyyr+m6N+fYSVZ39q/vNL9Hq8vNIP2fH/hgSPKJ5CJlxvCQRE1Tq4ZlJGYlRuy3c2QLzz1T+xSNzB3+OOXFcFmT87MkRt6R9o36LmwjPXbRK2uG5FjiZOnrXW9VzSNzpOonzJXf3lLh1NSWegk06Ts/5BYyy8s6R2V1JfrPYamJ7Qw011FBDDTXUUEMNNdRQQw2V6L8xGdXJAFAAAA==
values:
image: ghcr.io/stackitcloud/gardener-extension-acl:latest
---
Expand Down
4 changes: 0 additions & 4 deletions docs/listener-overview.svg

This file was deleted.

5 changes: 1 addition & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@ require (
github.com/pkg/errors v0.9.1
github.com/spf13/cobra v1.9.1
github.com/spf13/pflag v1.0.6
github.com/tidwall/gjson v1.18.0
golang.org/x/tools v0.32.0
gomodules.xyz/jsonpatch/v2 v2.5.0
gopkg.in/yaml.v3 v3.0.1
istio.io/api v1.25.2
istio.io/client-go v1.25.1
Expand Down Expand Up @@ -98,8 +96,6 @@ require (
github.com/shopspring/decimal v1.4.0 // indirect
github.com/spf13/afero v1.14.0 // indirect
github.com/spf13/cast v1.7.1 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.0 // indirect
github.com/x448/float16 v0.8.4 // indirect
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
Expand All @@ -118,6 +114,7 @@ require (
golang.org/x/term v0.31.0 // indirect
golang.org/x/text v0.24.0 // indirect
golang.org/x/time v0.11.0 // indirect
gomodules.xyz/jsonpatch/v2 v2.5.0 // indirect
google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect
google.golang.org/protobuf v1.36.5 // indirect
gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
Expand Down
6 changes: 0 additions & 6 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -332,12 +332,6 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY=
github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
Expand Down
23 changes: 0 additions & 23 deletions hack/gen-certs.sh

This file was deleted.

Loading