Example 76 with NetworkPolicy
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyTest2.
@Test
public void setNetworkPolicyTest2() throws Exception {
Operation expectedResponse = Operation.newBuilder().setName("name3373707").setZone("zone3744684").setDetail("detail-1335224239").setStatusMessage("statusMessage-958704715").setSelfLink("selfLink1191800166").setTargetLink("targetLink486368555").setLocation("location1901043637").setStartTime("startTime-2129294769").setEndTime("endTime-1607243192").setProgress(OperationProgress.newBuilder().build()).addAllClusterConditions(new ArrayList<StatusCondition>()).addAllNodepoolConditions(new ArrayList<StatusCondition>()).setError(Status.newBuilder().build()).build();
mockClusterManager.addResponse(expectedResponse);
String projectId = "projectId-894832108";
String zone = "zone3744684";
String clusterId = "clusterId561939637";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
Operation actualResponse = client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
Assert.assertEquals(expectedResponse, actualResponse);
List<AbstractMessage> actualRequests = mockClusterManager.getRequests();
Assert.assertEquals(1, actualRequests.size());
SetNetworkPolicyRequest actualRequest = ((SetNetworkPolicyRequest) actualRequests.get(0));
Assert.assertEquals(projectId, actualRequest.getProjectId());
Assert.assertEquals(zone, actualRequest.getZone());
Assert.assertEquals(clusterId, actualRequest.getClusterId());
Assert.assertEquals(networkPolicy, actualRequest.getNetworkPolicy());
Assert.assertTrue(channelProvider.isHeaderSent(ApiClientHeaderProvider.getDefaultApiClientHeaderKey(), GaxGrpcProperties.getDefaultApiClientHeaderPattern()));
}
Also used :
AbstractMessage(com.google.protobuf.AbstractMessage)
NetworkPolicy(com.google.container.v1.NetworkPolicy)
SetNetworkPolicyRequest(com.google.container.v1.SetNetworkPolicyRequest)
ArrayList(java.util.ArrayList)
Operation(com.google.container.v1.Operation)
StatusCondition(com.google.container.v1.StatusCondition)
Test(org.junit.Test)
Example 77 with NetworkPolicy
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyExceptionTest.
@Test
public void setNetworkPolicyExceptionTest() throws Exception {
StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
mockClusterManager.addException(exception);
try {
String name = "name3373707";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
client.setNetworkPolicy(name, networkPolicy);
Assert.fail("No exception raised");
} catch (InvalidArgumentException e) {
// Expected exception.
}
}
Also used :
InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException)
NetworkPolicy(com.google.container.v1.NetworkPolicy)
StatusRuntimeException(io.grpc.StatusRuntimeException)
Test(org.junit.Test)
Example 78 with NetworkPolicy
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyExceptionTest2.
@Test
public void setNetworkPolicyExceptionTest2() throws Exception {
StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
mockClusterManager.addException(exception);
try {
String projectId = "projectId-894832108";
String zone = "zone3744684";
String clusterId = "clusterId561939637";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
Assert.fail("No exception raised");
} catch (InvalidArgumentException e) {
// Expected exception.
}
}
Also used :
InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException)
NetworkPolicy(com.google.container.v1.NetworkPolicy)
StatusRuntimeException(io.grpc.StatusRuntimeException)
Test(org.junit.Test)
Example 79 with NetworkPolicy
use of com.google.container.v1.NetworkPolicy in project java-container by googleapis.
the class ClusterManagerClientTest method setNetworkPolicyExceptionTest.
@Test
public void setNetworkPolicyExceptionTest() throws Exception {
StatusRuntimeException exception = new StatusRuntimeException(io.grpc.Status.INVALID_ARGUMENT);
mockClusterManager.addException(exception);
try {
String projectId = "projectId-894832108";
String zone = "zone3744684";
String clusterId = "clusterId561939637";
NetworkPolicy networkPolicy = NetworkPolicy.newBuilder().build();
client.setNetworkPolicy(projectId, zone, clusterId, networkPolicy);
Assert.fail("No exception raised");
} catch (InvalidArgumentException e) {
// Expected exception.
}
}
Also used :
InvalidArgumentException(com.google.api.gax.rpc.InvalidArgumentException)
NetworkPolicy(com.google.container.v1beta1.NetworkPolicy)
StatusRuntimeException(io.grpc.StatusRuntimeException)
Test(org.junit.Test)
Example 80 with NetworkPolicy
use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.
the class KafkaCluster method generateNetworkPolicy.
/**
* Generates the NetworkPolicies relevant for Kafka brokers
*
* @param operatorNamespace Namespace where the Strimzi Cluster Operator runs. Null if not configured.
* @param operatorNamespaceLabels Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
*
* @return The network policy.
*/
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
// Internal peers => Strimzi components which need access
NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_KIND_LABEL, "cluster-operator").endPodSelector().build();
ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
NetworkPolicyPeer kafkaClusterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster)).endPodSelector().build();
NetworkPolicyPeer entityOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.entityOperatorDeploymentName(cluster)).endPodSelector().build();
NetworkPolicyPeer kafkaExporterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaExporterResources.deploymentName(cluster)).endPodSelector().build();
NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, CruiseControlResources.deploymentName(cluster)).endPodSelector().build();
// List of network policy rules for all ports
// Default size is number of listeners configured by the user + 4 (Control Plane listener, replication listener, metrics and JMX)
List<NetworkPolicyIngressRule> rules = new ArrayList<>(listeners.size() + 4);
// Control Plane rule covers the control plane listener.
// Control plane listener is used by Kafka for internal coordination only
NetworkPolicyIngressRule controlPlaneRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(CONTROLPLANE_PORT).withProtocol("TCP").endPort().build();
controlPlaneRule.setFrom(List.of(kafkaClusterPeer));
rules.add(controlPlaneRule);
// Replication rule covers the replication listener.
// Replication listener is used by Kafka but also by our own tools => Operators, Cruise Control, and Kafka Exporter
NetworkPolicyIngressRule replicationRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(REPLICATION_PORT).withProtocol("TCP").endPort().build();
replicationRule.setFrom(List.of(clusterOperatorPeer, kafkaClusterPeer, entityOperatorPeer, kafkaExporterPeer, cruiseControlPeer));
rules.add(replicationRule);
// User-configured listeners are by default open for all. Users can pass peers in the Kafka CR.
for (GenericKafkaListener listener : listeners) {
NetworkPolicyIngressRule plainRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(listener.getPort()).withProtocol("TCP").endPort().withFrom(listener.getNetworkPolicyPeers()).build();
rules.add(plainRule);
}
// The Metrics port (if enabled) is opened to all by default
if (isMetricsEnabled) {
NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
rules.add(metricsRule);
}
// The JMX port (if enabled) is opened to all by default
if (isJmxEnabled) {
NetworkPolicyIngressRule jmxRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(JMX_PORT).withProtocol("TCP").endPort().withFrom().build();
rules.add(jmxRule);
}
// Build the final network policy with all rules covering all the ports
NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(KafkaResources.kafkaNetworkPolicyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster)).endPodSelector().withIngress(rules).endSpec().build();
LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
return networkPolicy;
}
Also used :
NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)
GenericKafkaListener(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListener)
NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)
NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)
ArrayList(java.util.ArrayList)
NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder)
NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder)
NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)
Aggregations
NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)147
Service (io.fabric8.kubernetes.api.model.Service)101
List (java.util.List)99
CoreMatchers.is (org.hamcrest.CoreMatchers.is)98
MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)98
KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)96
ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)96
Reconciliation (io.strimzi.operator.common.Reconciliation)96
ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)93
Collections.emptyList (java.util.Collections.emptyList)92
Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)91
ConfigMapOperator (io.strimzi.operator.common.operator.resource.ConfigMapOperator)84
DeploymentOperator (io.strimzi.operator.common.operator.resource.DeploymentOperator)84
NetworkPolicyOperator (io.strimzi.operator.common.operator.resource.NetworkPolicyOperator)84
SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)84
ServiceOperator (io.strimzi.operator.common.operator.resource.ServiceOperator)84
Optional (java.util.Optional)84
AfterAll (org.junit.jupiter.api.AfterAll)84
KafkaVersion (io.strimzi.operator.cluster.model.KafkaVersion)82
ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)82
