Search in sources :

Example 76 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.

the class ClusterManagerClientTest method setNetworkPolicyTest2.

@Test
public void setNetworkPolicyTest2() throws Exception {
    Operation expectedResponse = Operation.newBuilder().setName("name3373707").setZone("zone3744684").setDetail("detail-1335224239").setStatusMessage("statusMessage-958704715").setSelfLink("selfLink1191800166").setTargetLink("targetLink486368555").setLocation("location1901043637").setStartTime("startTime-2129294769").setEndTime("endTime-1607243192").setProgress(OperationProgress.newBuilder().build()).addAllClusterConditions(new ArrayList<StatusCondition>()).addAllNodepoolConditions(new ArrayList<StatusCondition>()).setError(Status.newBuilder().build()).build();
    mockClusterManager.addResponse(expectedResponse);
    String projectId = "projectId-894832108";
    String zone = "zone3744684";
    String clusterId = "clusterId561939637";
    NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
    Operation actualResponse = client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
    Assert.assertEquals(expectedResponse, actualResponse);
    List<AbstractMessage> actualRequests = mockClusterManager.getRequests();
    Assert.assertEquals(1, actualRequests.size());
    SetNetworkPolicyRequest actualRequest = ((SetNetworkPolicyRequest) actualRequests.get(0));
    Assert.assertEquals(projectId, actualRequest.getProjectId());
    Assert.assertEquals(zone, actualRequest.getZone());
    Assert.assertEquals(clusterId, actualRequest.getClusterId());
    Assert.assertEquals(networkPolicy, actualRequest.getNetworkPolicy());
    Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used : AbstractMessage(com.google.protobuf.AbstractMessage) NetworkPolicy(com.google.container.v1.NetworkPolicy) SetNetworkPolicyRequest(com.google.container.v1.SetNetworkPolicyRequest) ArrayList(java.util.ArrayList) Operation(com.google.container.v1.Operation) StatusCondition(com.google.container.v1.StatusCondition) Test(org.junit.Test)

Example 77 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.

the class ClusterManagerClientTest method setNetworkPolicyExceptionTest.

@Test
public void setNetworkPolicyExceptionTest() throws Exception {
    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
    mockClusterManager.addException(exception);
    try {
        String name = "name3373707";
        NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
        client.setNetworkPolicy(name, networkPolicy);
        Assert.fail("No exception raised");
    } catch (InvalidArgumentException e) {
    // Expected exception.
    }
}
Also used : InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException) NetworkPolicy(com.google.container.v1.NetworkPolicy) StatusRuntimeException(io.grpc.StatusRuntimeException) Test(org.junit.Test)

Example 78 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.

the class ClusterManagerClientTest method setNetworkPolicyExceptionTest2.

@Test
public void setNetworkPolicyExceptionTest2() throws Exception {
    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
    mockClusterManager.addException(exception);
    try {
        String projectId = "projectId-894832108";
        String zone = "zone3744684";
        String clusterId = "clusterId561939637";
        NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
        client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
        Assert.fail("No exception raised");
    } catch (InvalidArgumentException e) {
    // Expected exception.
    }
}
Also used : InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException) NetworkPolicy(com.google.container.v1.NetworkPolicy) StatusRuntimeException(io.grpc.StatusRuntimeException) Test(org.junit.Test)

Example 79 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.

the class ClusterManagerClientTest method setNetworkPolicyExceptionTest.

@Test
public void setNetworkPolicyExceptionTest() throws Exception {
    StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
    mockClusterManager.addException(exception);
    try {
        String projectId = "projectId-894832108";
        String zone = "zone3744684";
        String clusterId = "clusterId561939637";
        NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
        client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
        Assert.fail("No exception raised");
    } catch (InvalidArgumentException e) {
    // Expected exception.
    }
}
Also used : InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException) NetworkPolicy(com.google.container.v1beta1.NetworkPolicy) StatusRuntimeException(io.grpc.StatusRuntimeException) Test(org.junit.Test)

Example 80 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.

the class KafkaCluster method generateNetworkPolicy.

/**
 * Generates the NetworkPolicies relevant for Kafka brokers
 *
 * @param operatorNamespace                             Namespace where the Strimzi Cluster Operator runs. Null if not configured.
 * @param operatorNamespaceLabels                       Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
 *
 * @return The network policy.
 */
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
    // Internal peers => Strimzi components which need access
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_KIND_LABEL, "cluster-operator").endPodSelector().build();
    ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
    NetworkPolicyPeer kafkaClusterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster)).endPodSelector().build();
    NetworkPolicyPeer entityOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.entityOperatorDeploymentName(cluster)).endPodSelector().build();
    NetworkPolicyPeer kafkaExporterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaExporterResources.deploymentName(cluster)).endPodSelector().build();
    NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, CruiseControlResources.deploymentName(cluster)).endPodSelector().build();
    // List of network policy rules for all ports
    // Default size is number of listeners configured by the user + 4 (Control Plane listener, replication listener, metrics and JMX)
    List<NetworkPolicyIngressRule> rules = new ArrayList<>(listeners.size() + 4);
    // Control Plane rule covers the control plane listener.
    // Control plane listener is used by Kafka for internal coordination only
    NetworkPolicyIngressRule controlPlaneRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(CONTROLPLANE_PORT).withProtocol("TCP").endPort().build();
    controlPlaneRule.setFrom(List.of(kafkaClusterPeer));
    rules.add(controlPlaneRule);
    // Replication rule covers the replication listener.
    // Replication listener is used by Kafka but also by our own tools => Operators, Cruise Control, and Kafka Exporter
    NetworkPolicyIngressRule replicationRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(REPLICATION_PORT).withProtocol("TCP").endPort().build();
    replicationRule.setFrom(List.of(clusterOperatorPeer, kafkaClusterPeer, entityOperatorPeer, kafkaExporterPeer, cruiseControlPeer));
    rules.add(replicationRule);
    // User-configured listeners are by default open for all. Users can pass peers in the Kafka CR.
    for (GenericKafkaListener listener : listeners) {
        NetworkPolicyIngressRule plainRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(listener.getPort()).withProtocol("TCP").endPort().withFrom(listener.getNetworkPolicyPeers()).build();
        rules.add(plainRule);
    }
    // The Metrics port (if enabled) is opened to all by default
    if (isMetricsEnabled) {
        NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
        rules.add(metricsRule);
    }
    // The JMX port (if enabled) is opened to all by default
    if (isJmxEnabled) {
        NetworkPolicyIngressRule jmxRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(JMX_PORT).withProtocol("TCP").endPort().withFrom().build();
        rules.add(jmxRule);
    }
    // Build the final network policy with all rules covering all the ports
    NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(KafkaResources.kafkaNetworkPolicyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster)).endPodSelector().withIngress(rules).endSpec().build();
    LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
    return networkPolicy;
}
Also used : NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ArrayList(java.util.ArrayList) NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder) NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)

Aggregations

NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)147 Service (io.fabric8.kubernetes.api.model.Service)101 List (java.util.List)99 CoreMatchers.is (org.hamcrest.CoreMatchers.is)98 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)98 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)96 ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)96 Reconciliation (io.strimzi.operator.common.Reconciliation)96 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)93 Collections.emptyList (java.util.Collections.emptyList)92 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)91 ConfigMapOperator (io.strimzi.operator.common.operator.resource.ConfigMapOperator)84 DeploymentOperator (io.strimzi.operator.common.operator.resource.DeploymentOperator)84 NetworkPolicyOperator (io.strimzi.operator.common.operator.resource.NetworkPolicyOperator)84 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)84 ServiceOperator (io.strimzi.operator.common.operator.resource.ServiceOperator)84 Optional (java.util.Optional)84 AfterAll (org.junit.jupiter.api.AfterAll)84 KafkaVersion (io.strimzi.operator.cluster.model.KafkaVersion)82 ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)82