Search in sources :

Example 81 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.

the class ZookeeperCluster method generateNetworkPolicy.

/**
 * Generates the NetworkPolicies relevant for ZooKeeper nodes
 *
 * @param operatorNamespace                             Namespace where the Strimzi Cluster Operator runs. Null if not configured.
 * @param operatorNamespaceLabels                       Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
 *
 * @return The network policy.
 */
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
    List<NetworkPolicyIngressRule> rules = new ArrayList<>(2);
    NetworkPolicyPort clientsPort = new NetworkPolicyPort();
    clientsPort.setPort(new IntOrString(CLIENT_TLS_PORT));
    clientsPort.setProtocol("TCP");
    NetworkPolicyPort clusteringPort = new NetworkPolicyPort();
    clusteringPort.setPort(new IntOrString(CLUSTERING_PORT));
    clusteringPort.setProtocol("TCP");
    NetworkPolicyPort leaderElectionPort = new NetworkPolicyPort();
    leaderElectionPort.setPort(new IntOrString(LEADER_ELECTION_PORT));
    leaderElectionPort.setProtocol("TCP");
    NetworkPolicyPeer zookeeperClusterPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector2 = new LabelSelector();
    Map<String, String> expressions2 = new HashMap<>(1);
    expressions2.put(Labels.STRIMZI_NAME_LABEL, KafkaResources.zookeeperStatefulSetName(cluster));
    labelSelector2.setMatchLabels(expressions2);
    zookeeperClusterPeer.setPodSelector(labelSelector2);
    // Zookeeper only ports - 2888 & 3888 which need to be accessed by the Zookeeper cluster members only
    NetworkPolicyIngressRule zookeeperClusteringIngressRule = new NetworkPolicyIngressRuleBuilder().withPorts(clusteringPort, leaderElectionPort).withFrom(zookeeperClusterPeer).build();
    rules.add(zookeeperClusteringIngressRule);
    // Clients port - needs to be access from outside the Zookeeper cluster as well
    NetworkPolicyIngressRule clientsIngressRule = new NetworkPolicyIngressRuleBuilder().withPorts(clientsPort).withFrom().build();
    NetworkPolicyPeer kafkaClusterPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector = new LabelSelector();
    Map<String, String> expressions = new HashMap<>(1);
    expressions.put(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster));
    labelSelector.setMatchLabels(expressions);
    kafkaClusterPeer.setPodSelector(labelSelector);
    NetworkPolicyPeer entityOperatorPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector3 = new LabelSelector();
    Map<String, String> expressions3 = new HashMap<>(1);
    expressions3.put(Labels.STRIMZI_NAME_LABEL, KafkaResources.entityOperatorDeploymentName(cluster));
    labelSelector3.setMatchLabels(expressions3);
    entityOperatorPeer.setPodSelector(labelSelector3);
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector4 = new LabelSelector();
    Map<String, String> expressions4 = new HashMap<>(1);
    expressions4.put(Labels.STRIMZI_KIND_LABEL, "cluster-operator");
    labelSelector4.setMatchLabels(expressions4);
    clusterOperatorPeer.setPodSelector(labelSelector4);
    ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
    // This is a hack because we have no guarantee that the CO namespace has some particular labels
    List<NetworkPolicyPeer> clientsPortPeers = new ArrayList<>(4);
    clientsPortPeers.add(kafkaClusterPeer);
    clientsPortPeers.add(zookeeperClusterPeer);
    clientsPortPeers.add(entityOperatorPeer);
    clientsPortPeers.add(clusterOperatorPeer);
    clientsIngressRule.setFrom(clientsPortPeers);
    rules.add(clientsIngressRule);
    if (isMetricsEnabled) {
        NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
        rules.add(metricsRule);
    }
    if (isJmxEnabled) {
        NetworkPolicyPort jmxPort = new NetworkPolicyPort();
        jmxPort.setPort(new IntOrString(JMX_PORT));
        NetworkPolicyIngressRule jmxRule = new NetworkPolicyIngressRuleBuilder().withPorts(jmxPort).withFrom().build();
        rules.add(jmxRule);
    }
    NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(KafkaResources.zookeeperNetworkPolicyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withPodSelector(labelSelector2).withIngress(rules).endSpec().build();
    LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
    return networkPolicy;
}
Also used : NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) HashMap(java.util.HashMap) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ArrayList(java.util.ArrayList) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder)

Example 82 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.

the class NetworkPolicyResource method allowNetworkPolicySettingsForEntityOperator.

public static void allowNetworkPolicySettingsForEntityOperator(ExtensionContext extensionContext, String clusterName, String namespace) {
    LabelSelector labelSelector = new LabelSelectorBuilder().addToMatchLabels(Constants.SCRAPER_LABEL_KEY, Constants.SCRAPER_LABEL_VALUE).build();
    String eoDeploymentName = KafkaResources.entityOperatorDeploymentName(clusterName);
    LOGGER.info("Apply NetworkPolicy access to {} from pods with LabelSelector {}", eoDeploymentName, labelSelector);
    NetworkPolicy networkPolicy = NetworkPolicyTemplates.networkPolicyBuilder(namespace, eoDeploymentName, labelSelector).editSpec().editFirstIngress().addNewPort().withNewPort(Constants.TOPIC_OPERATOR_METRICS_PORT).withProtocol("TCP").endPort().addNewPort().withNewPort(Constants.USER_OPERATOR_METRICS_PORT).withProtocol("TCP").endPort().endIngress().withNewPodSelector().addToMatchLabels("strimzi.io/cluster", clusterName).addToMatchLabels("strimzi.io/kind", Kafka.RESOURCE_KIND).addToMatchLabels("strimzi.io/name", eoDeploymentName).endPodSelector().endSpec().build();
    LOGGER.debug("Creating NetworkPolicy: {}", networkPolicy.toString());
    ResourceManager.getInstance().createResource(extensionContext, networkPolicy);
    LOGGER.info("Network policy for LabelSelector {} successfully created", labelSelector);
}
Also used : LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) DefaultNetworkPolicy(io.strimzi.systemtest.enums.DefaultNetworkPolicy) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector)

Example 83 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.

the class NetworkPoliciesIsolatedST method testNPGenerationEnvironmentVariable.

@IsolatedTest("Specific cluster operator for test case")
void testNPGenerationEnvironmentVariable(ExtensionContext extensionContext) {
    assumeTrue(!Environment.isHelmInstall() && !Environment.isOlmInstall());
    final String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    EnvVar networkPolicyGenerationEnv = new EnvVarBuilder().withName("STRIMZI_NETWORK_POLICY_GENERATION").withValue("false").build();
    clusterOperator.unInstall();
    clusterOperator = new SetupClusterOperator.SetupClusterOperatorBuilder().withExtensionContext(extensionContext).withNamespace(clusterOperator.getDeploymentNamespace()).withExtraEnvVars(Collections.singletonList(networkPolicyGenerationEnv)).createInstallation().runInstallation();
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaWithCruiseControl(clusterName, 3, 3).build());
    resourceManager.createResource(extensionContext, KafkaConnectTemplates.kafkaConnect(clusterName, 1).build());
    List<NetworkPolicy> networkPolicyList = kubeClient().getClient().network().networkPolicies().list().getItems().stream().filter(item -> item.getMetadata().getLabels() != null && item.getMetadata().getLabels().containsKey("strimzi.io/name")).collect(Collectors.toList());
    assertThat("List of NetworkPolicies generated by Strimzi is not empty.", networkPolicyList, is(Collections.EMPTY_LIST));
}
Also used : CoreMatchers.is(org.hamcrest.CoreMatchers.is) Arrays(java.util.Arrays) KafkaResource(io.strimzi.systemtest.resources.crd.KafkaResource) MetricsCollector(io.strimzi.systemtest.metrics.MetricsCollector) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Map(java.util.Map) Tag(org.junit.jupiter.api.Tag) ScraperTemplates(io.strimzi.systemtest.templates.specific.ScraperTemplates) BeforeAllOnce(io.strimzi.systemtest.BeforeAllOnce) IsolatedSuite(io.strimzi.systemtest.annotations.IsolatedSuite) KafkaClients(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClients) INTERNAL_CLIENTS_USED(io.strimzi.systemtest.Constants.INTERNAL_CLIENTS_USED) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) Collectors(java.util.stream.Collectors) ClientUtils(io.strimzi.systemtest.utils.ClientUtils) List(java.util.List) Logger(org.apache.logging.log4j.Logger) Namespace(io.fabric8.kubernetes.api.model.Namespace) KafkaTopicTemplates(io.strimzi.systemtest.templates.crd.KafkaTopicTemplates) NamespaceBuilder(io.fabric8.kubernetes.api.model.NamespaceBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) AbstractST(io.strimzi.systemtest.AbstractST) Environment(io.strimzi.systemtest.Environment) Assertions.assertNotNull(org.junit.jupiter.api.Assertions.assertNotNull) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) KafkaConnectTemplates(io.strimzi.systemtest.templates.crd.KafkaConnectTemplates) NetworkPolicyResource(io.strimzi.systemtest.resources.kubernetes.NetworkPolicyResource) CoreMatchers.not(org.hamcrest.CoreMatchers.not) NETWORKPOLICIES_SUPPORTED(io.strimzi.systemtest.Constants.NETWORKPOLICIES_SUPPORTED) HashMap(java.util.HashMap) ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext) TestStorage(io.strimzi.systemtest.storage.TestStorage) ArrayList(java.util.ArrayList) KRaftNotSupported(io.strimzi.systemtest.annotations.KRaftNotSupported) Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) KafkaTemplates(io.strimzi.systemtest.templates.crd.KafkaTemplates) KafkaUtils(io.strimzi.systemtest.utils.kafkaUtils.KafkaUtils) ComponentType(io.strimzi.systemtest.resources.ComponentType) Constants(io.strimzi.systemtest.Constants) KafkaClientsBuilder(io.strimzi.systemtest.kafkaclients.internalClients.KafkaClientsBuilder) SetupClusterOperator(io.strimzi.systemtest.resources.operator.SetupClusterOperator) KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient) IsolatedTest(io.strimzi.systemtest.annotations.IsolatedTest) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) KafkaUserTemplates(io.strimzi.systemtest.templates.crd.KafkaUserTemplates) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) LogManager(org.apache.logging.log4j.LogManager) Collections(java.util.Collections) REGRESSION(io.strimzi.systemtest.Constants.REGRESSION) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) IsolatedTest(io.strimzi.systemtest.annotations.IsolatedTest)

Example 84 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.

the class KafkaClusterTest method testNoNetworkPolicyPeers.

@ParallelTest
public void testNoNetworkPolicyPeers() {
    Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withTls(false).build(), new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).build(), new GenericKafkaListenerBuilder().withName("external").withPort(9094).withType(KafkaListenerType.ROUTE).withTls(true).build()).endKafka().endSpec().build();
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies
    NetworkPolicy np = k.generateNetworkPolicy(null, null);
    List<NetworkPolicyIngressRule> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9092))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom(), is(nullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9093))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom(), is(nullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9094))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom(), is(nullValue()));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy) PersistentClaimStorageOverrideBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageOverrideBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) Rack(io.strimzi.api.kafka.model.Rack) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder) Matchers.allOf(org.hamcrest.Matchers.allOf) Set(java.util.Set) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) ZoneId(java.time.ZoneId) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Matchers.containsString(org.hamcrest.Matchers.containsString) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder) GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) PodSpec(io.fabric8.kubernetes.api.model.PodSpec) KafkaListenerAuthenticationCustomBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustomBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) IOException(java.io.IOException) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort) Reconciliation(io.strimzi.operator.common.Reconciliation) Util(io.strimzi.operator.common.Util) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) CoreMatchers(org.hamcrest.CoreMatchers) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) Matchers.hasKey(org.hamcrest.Matchers.hasKey) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) Route(io.fabric8.openshift.api.model.Route) SystemProperty(io.strimzi.api.kafka.model.SystemProperty) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Collectors(java.util.stream.Collectors) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) NodeAddressType(io.strimzi.api.kafka.model.listener.NodeAddressType) RackBuilder(io.strimzi.api.kafka.model.RackBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) Secret(io.fabric8.kubernetes.api.model.Secret) TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Uuid(org.apache.kafka.common.Uuid) PodManagementPolicy(io.strimzi.api.kafka.model.template.PodManagementPolicy) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) WeightedPodAffinityTerm(io.fabric8.kubernetes.api.model.WeightedPodAffinityTerm) EphemeralStorageBuilder(io.strimzi.api.kafka.model.storage.EphemeralStorageBuilder) CertificateParsingException(java.security.cert.CertificateParsingException) HashMap(java.util.HashMap) GenericKafkaListenerConfigurationBootstrap(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrap) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) HashSet(java.util.HashSet) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Collections.emptyMap(java.util.Collections.emptyMap) TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint) Matchers(org.hamcrest.Matchers) TestUtils.set(io.strimzi.test.TestUtils.set) LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Collections(java.util.Collections) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Kafka(io.strimzi.api.kafka.model.Kafka) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 85 with NetworkPolicy

use of com.google.container.v1.NetworkPolicy in project strimzi by strimzi.

the class KafkaMirrorMaker2ClusterTest method testNetworkPolicyWithConnectorOperatorWithNamespaceLabels.

@ParallelTest
public void testNetworkPolicyWithConnectorOperatorWithNamespaceLabels() {
    KafkaMirrorMaker2 resource = new KafkaMirrorMaker2Builder(this.resourceWithMetrics).build();
    KafkaMirrorMaker2Cluster kc = KafkaMirrorMaker2Cluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    kc.generateMetricsAndLogConfigMap(new MetricsAndLogging(metricsCM, null));
    NetworkPolicy np = kc.generateNetworkPolicy(true, "operator-namespace", Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getMetadata().getName(), is(kc.getName()));
    assertThat(np.getSpec().getPodSelector().getMatchLabels(), is(kc.getSelectorLabels().toMap()));
    assertThat(np.getSpec().getIngress().size(), is(2));
    assertThat(np.getSpec().getIngress().get(0).getPorts().size(), is(1));
    assertThat(np.getSpec().getIngress().get(0).getPorts().get(0).getPort().getIntVal(), is(KafkaConnectCluster.REST_API_PORT));
    assertThat(np.getSpec().getIngress().get(0).getFrom().size(), is(2));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(0).getPodSelector().getMatchLabels(), is(kc.getSelectorLabels().toMap()));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(0).getNamespaceSelector(), is(nullValue()));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(1).getPodSelector().getMatchLabels(), is(singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(1).getNamespaceSelector().getMatchLabels(), is(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getSpec().getIngress().get(1).getPorts().size(), is(1));
    assertThat(np.getSpec().getIngress().get(1).getPorts().get(0).getPort().getIntVal(), is(KafkaConnectCluster.METRICS_PORT));
}
Also used : KafkaMirrorMaker2Builder(io.strimzi.api.kafka.model.KafkaMirrorMaker2Builder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) KafkaMirrorMaker2(io.strimzi.api.kafka.model.KafkaMirrorMaker2) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Aggregations

NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)147 Service (io.fabric8.kubernetes.api.model.Service)101 List (java.util.List)99 CoreMatchers.is (org.hamcrest.CoreMatchers.is)98 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)98 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)96 ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)96 Reconciliation (io.strimzi.operator.common.Reconciliation)96 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)93 Collections.emptyList (java.util.Collections.emptyList)92 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)91 ConfigMapOperator (io.strimzi.operator.common.operator.resource.ConfigMapOperator)84 DeploymentOperator (io.strimzi.operator.common.operator.resource.DeploymentOperator)84 NetworkPolicyOperator (io.strimzi.operator.common.operator.resource.NetworkPolicyOperator)84 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)84 ServiceOperator (io.strimzi.operator.common.operator.resource.ServiceOperator)84 Optional (java.util.Optional)84 AfterAll (org.junit.jupiter.api.AfterAll)84 KafkaVersion (io.strimzi.operator.cluster.model.KafkaVersion)82 ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)82