use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyTest2.
@Test
public void setNetworkPolicyTest2() throws Exception {
Operation expectedResponse = Operation.newBuilder().setName("name3373707").setZone("zone3744684").setDetail("detail-1335224239").setStatusMessage("statusMessage-958704715").setSelfLink("selfLink1191800166").setTargetLink("targetLink486368555").setLocation("location1901043637").setStartTime("startTime-2129294769").setEndTime("endTime-1607243192").setProgress(OperationProgress.newBuilder().build()).addAllClusterConditions(new ArrayList<StatusCondition>()).addAllNodepoolConditions(new ArrayList<StatusCondition>()).setError(Status.newBuilder().build()).build();
mockClusterManager.addResponse(expectedResponse);
String projectId = "projectId-894832108";
String zone = "zone3744684";
String clusterId = "clusterId561939637";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
Operation actualResponse = client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
Assert.assertEquals(expectedResponse, actualResponse);
List<AbstractMessage> actualRequests = mockClusterManager.getRequests();
Assert.assertEquals(1, actualRequests.size());
SetNetworkPolicyRequest actualRequest = ((SetNetworkPolicyRequest) actualRequests.get(0));
Assert.assertEquals(projectId, actualRequest.getProjectId());
Assert.assertEquals(zone, actualRequest.getZone());
Assert.assertEquals(clusterId, actualRequest.getClusterId());
Assert.assertEquals(networkPolicy, actualRequest.getNetworkPolicy());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyExceptionTest.
@Test
public void setNetworkPolicyExceptionTest() throws Exception {
StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
mockClusterManager.addException(exception);
try {
String name = "name3373707";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
client.setNetworkPolicy(name, networkPolicy);
Assert.fail("No exception raised");
} catch (InvalidArgumentException e) {
// Expected exception.
}
}
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyExceptionTest2.
@Test
public void setNetworkPolicyExceptionTest2() throws Exception {
StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
mockClusterManager.addException(exception);
try {
String projectId = "projectId-894832108";
String zone = "zone3744684";
String clusterId = "clusterId561939637";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
Assert.fail("No exception raised");
} catch (InvalidArgumentException e) {
// Expected exception.
}
}
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyExceptionTest.
@Test
public void setNetworkPolicyExceptionTest() throws Exception {
StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
mockClusterManager.addException(exception);
try {
String projectId = "projectId-894832108";
String zone = "zone3744684";
String clusterId = "clusterId561939637";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
Assert.fail("No exception raised");
} catch (InvalidArgumentException e) {
// Expected exception.
}
}
use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.
the class KafkaCluster method generateNetworkPolicy.
/**
* Generates the NetworkPolicies relevant for Kafka brokers
*
* @param operatorNamespace Namespace where the Strimzi Cluster Operator runs. Null if not configured.
* @param operatorNamespaceLabels Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
*
* @return The network policy.
*/
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
// Internal peers => Strimzi components which need access
NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_KIND_LABEL, "cluster-operator").endPodSelector().build();
ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
NetworkPolicyPeer kafkaClusterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster)).endPodSelector().build();
NetworkPolicyPeer entityOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.entityOperatorDeploymentName(cluster)).endPodSelector().build();
NetworkPolicyPeer kafkaExporterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaExporterResources.deploymentName(cluster)).endPodSelector().build();
NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, CruiseControlResources.deploymentName(cluster)).endPodSelector().build();
// List of network policy rules for all ports
// Default size is number of listeners configured by the user + 4 (Control Plane listener, replication listener, metrics and JMX)
List<NetworkPolicyIngressRule> rules = new ArrayList<>(listeners.size() + 4);
// Control Plane rule covers the control plane listener.
// Control plane listener is used by Kafka for internal coordination only
NetworkPolicyIngressRule controlPlaneRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(CONTROLPLANE_PORT).withProtocol("TCP").endPort().build();
controlPlaneRule.setFrom(List.of(kafkaClusterPeer));
rules.add(controlPlaneRule);
// Replication rule covers the replication listener.
// Replication listener is used by Kafka but also by our own tools => Operators, Cruise Control, and Kafka Exporter
NetworkPolicyIngressRule replicationRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(REPLICATION_PORT).withProtocol("TCP").endPort().build();
replicationRule.setFrom(List.of(clusterOperatorPeer, kafkaClusterPeer, entityOperatorPeer, kafkaExporterPeer, cruiseControlPeer));
rules.add(replicationRule);
// User-configured listeners are by default open for all. Users can pass peers in the Kafka CR.
for (GenericKafkaListener listener : listeners) {
NetworkPolicyIngressRule plainRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(listener.getPort()).withProtocol("TCP").endPort().withFrom(listener.getNetworkPolicyPeers()).build();
rules.add(plainRule);
}
// The Metrics port (if enabled) is opened to all by default
if (isMetricsEnabled) {
NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
rules.add(metricsRule);
}
// The JMX port (if enabled) is opened to all by default
if (isJmxEnabled) {
NetworkPolicyIngressRule jmxRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(JMX_PORT).withProtocol("TCP").endPort().withFrom().build();
rules.add(jmxRule);
}
// Build the final network policy with all rules covering all the ports
NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(KafkaResources.kafkaNetworkPolicyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster)).endPodSelector().withIngress(rules).endSpec().build();
LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
return networkPolicy;
}
Aggregations