Search in sources :

Example 26 with NetworkPolicy

use of com.google.container.v1beta1.NetworkPolicy in project strimzi by strimzi.

the class KafkaClusterTest method testNetworkPolicyPeers.

@ParallelTest
public void testNetworkPolicyPeers() {
    NetworkPolicyPeer peer1 = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchExpressions(new LabelSelectorRequirementBuilder().withKey("my-key1").withValues("my-value1").build()).endPodSelector().build();
    NetworkPolicyPeer peer2 = new NetworkPolicyPeerBuilder().withNewNamespaceSelector().withMatchExpressions(new LabelSelectorRequirementBuilder().withKey("my-key2").withValues("my-value2").build()).endNamespaceSelector().build();
    Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withNetworkPolicyPeers(peer1).withTls(false).build(), new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNetworkPolicyPeers(peer2).build(), new GenericKafkaListenerBuilder().withName("external").withPort(9094).withType(KafkaListenerType.ROUTE).withTls(true).withNetworkPolicyPeers(peer1, peer2).build()).endKafka().endSpec().build();
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies
    NetworkPolicy np = k.generateNetworkPolicy(null, null);
    List<NetworkPolicyIngressRule> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9092))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom().get(0), is(peer1));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9093))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom().get(0), is(peer2));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9094))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom().size(), is(2));
    assertThat(rules.get(0).getFrom().contains(peer1), is(true));
    assertThat(rules.get(0).getFrom().contains(peer2), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy) PersistentClaimStorageOverrideBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageOverrideBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) Rack(io.strimzi.api.kafka.model.Rack) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder) Matchers.allOf(org.hamcrest.Matchers.allOf) Set(java.util.Set) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) ZoneId(java.time.ZoneId) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Matchers.containsString(org.hamcrest.Matchers.containsString) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder) GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) PodSpec(io.fabric8.kubernetes.api.model.PodSpec) KafkaListenerAuthenticationCustomBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustomBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) IOException(java.io.IOException) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort) Reconciliation(io.strimzi.operator.common.Reconciliation) Util(io.strimzi.operator.common.Util) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) CoreMatchers(org.hamcrest.CoreMatchers) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) Matchers.hasKey(org.hamcrest.Matchers.hasKey) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) Route(io.fabric8.openshift.api.model.Route) SystemProperty(io.strimzi.api.kafka.model.SystemProperty) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Collectors(java.util.stream.Collectors) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) NodeAddressType(io.strimzi.api.kafka.model.listener.NodeAddressType) RackBuilder(io.strimzi.api.kafka.model.RackBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) Secret(io.fabric8.kubernetes.api.model.Secret) TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Uuid(org.apache.kafka.common.Uuid) PodManagementPolicy(io.strimzi.api.kafka.model.template.PodManagementPolicy) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) WeightedPodAffinityTerm(io.fabric8.kubernetes.api.model.WeightedPodAffinityTerm) EphemeralStorageBuilder(io.strimzi.api.kafka.model.storage.EphemeralStorageBuilder) CertificateParsingException(java.security.cert.CertificateParsingException) HashMap(java.util.HashMap) GenericKafkaListenerConfigurationBootstrap(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrap) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) HashSet(java.util.HashSet) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Collections.emptyMap(java.util.Collections.emptyMap) TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint) Matchers(org.hamcrest.Matchers) TestUtils.set(io.strimzi.test.TestUtils.set) LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Collections(java.util.Collections) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Kafka(io.strimzi.api.kafka.model.Kafka) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 27 with NetworkPolicy

use of com.google.container.v1beta1.NetworkPolicy in project strimzi by strimzi.

the class KafkaClusterTest method testReplicationPortNetworkPolicy.

@ParallelTest
public void testReplicationPortNetworkPolicy() {
    NetworkPolicyPeer kafkaBrokersPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaResources.kafkaStatefulSetName(cluster))).endPodSelector().build();
    NetworkPolicyPeer eoPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaResources.entityOperatorDeploymentName(cluster))).endPodSelector().build();
    NetworkPolicyPeer kafkaExporterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaExporterResources.deploymentName(cluster))).endPodSelector().build();
    NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, CruiseControlResources.deploymentName(cluster))).endPodSelector().build();
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().endNamespaceSelector().build();
    NetworkPolicyPeer clusterOperatorPeerSameNamespace = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().build();
    NetworkPolicyPeer clusterOperatorPeerNamespaceWithLabels = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().withMatchLabels(Collections.singletonMap("nsLabelKey", "nsLabelValue")).endNamespaceSelector().build();
    Kafka kafkaAssembly = ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap());
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies => Different namespace
    NetworkPolicy np = k.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
    // Check Network Policies => Same namespace
    np = k.generateNetworkPolicy(namespace, null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeerSameNamespace), is(true));
    // Check Network Policies => Namespace with Labels
    np = k.generateNetworkPolicy("operator-namespace", Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeerNamespaceWithLabels), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) ExternalTrafficPolicy(io.strimzi.api.kafka.model.template.ExternalTrafficPolicy) PersistentClaimStorageOverrideBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageOverrideBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) KafkaExporterResources(io.strimzi.api.kafka.model.KafkaExporterResources) Rack(io.strimzi.api.kafka.model.Rack) GenericKafkaListenerConfigurationBrokerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBrokerBuilder) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) ResourceRequirements(io.fabric8.kubernetes.api.model.ResourceRequirements) KafkaResources(io.strimzi.api.kafka.model.KafkaResources) Arrays.asList(java.util.Arrays.asList) Map(java.util.Map) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) KafkaJmxOptionsBuilder(io.strimzi.api.kafka.model.KafkaJmxOptionsBuilder) LabelSelectorBuilder(io.fabric8.kubernetes.api.model.LabelSelectorBuilder) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) JbodStorageBuilder(io.strimzi.api.kafka.model.storage.JbodStorageBuilder) Matchers.allOf(org.hamcrest.Matchers.allOf) Set(java.util.Set) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) HasMetadata(io.fabric8.kubernetes.api.model.HasMetadata) ZoneId(java.time.ZoneId) GenericSecretSourceBuilder(io.strimzi.api.kafka.model.GenericSecretSourceBuilder) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) PersistentVolumeClaim(io.fabric8.kubernetes.api.model.PersistentVolumeClaim) Matchers.containsString(org.hamcrest.Matchers.containsString) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) LocalObjectReference(io.fabric8.kubernetes.api.model.LocalObjectReference) OwnerReference(io.fabric8.kubernetes.api.model.OwnerReference) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) PersistentClaimStorageBuilder(io.strimzi.api.kafka.model.storage.PersistentClaimStorageBuilder) GenericKafkaListenerConfigurationBroker(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBroker) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) PodSpec(io.fabric8.kubernetes.api.model.PodSpec) KafkaListenerAuthenticationCustomBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationCustomBuilder) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) KafkaJmxAuthenticationPasswordBuilder(io.strimzi.api.kafka.model.KafkaJmxAuthenticationPasswordBuilder) IOException(java.io.IOException) StatefulSet(io.fabric8.kubernetes.api.model.apps.StatefulSet) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) ContainerPort(io.fabric8.kubernetes.api.model.ContainerPort) Reconciliation(io.strimzi.operator.common.Reconciliation) Util(io.strimzi.operator.common.Util) KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) X509Certificate(java.security.cert.X509Certificate) CoreMatchers.is(org.hamcrest.CoreMatchers.is) CoreMatchers(org.hamcrest.CoreMatchers) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) Matchers.hasKey(org.hamcrest.Matchers.hasKey) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) Route(io.fabric8.openshift.api.model.Route) SystemProperty(io.strimzi.api.kafka.model.SystemProperty) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) KafkaAuthorizationKeycloakBuilder(io.strimzi.api.kafka.model.KafkaAuthorizationKeycloakBuilder) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Collectors(java.util.stream.Collectors) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) List(java.util.List) CertSecretSourceBuilder(io.strimzi.api.kafka.model.CertSecretSourceBuilder) Labels(io.strimzi.operator.common.model.Labels) NodeAddressType(io.strimzi.api.kafka.model.listener.NodeAddressType) RackBuilder(io.strimzi.api.kafka.model.RackBuilder) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) Ingress(io.fabric8.kubernetes.api.model.networking.v1.Ingress) Secret(io.fabric8.kubernetes.api.model.Secret) TopologySpreadConstraintBuilder(io.fabric8.kubernetes.api.model.TopologySpreadConstraintBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Uuid(org.apache.kafka.common.Uuid) PodManagementPolicy(io.strimzi.api.kafka.model.template.PodManagementPolicy) ContainerTemplate(io.strimzi.api.kafka.model.template.ContainerTemplate) Container(io.fabric8.kubernetes.api.model.Container) WeightedPodAffinityTerm(io.fabric8.kubernetes.api.model.WeightedPodAffinityTerm) EphemeralStorageBuilder(io.strimzi.api.kafka.model.storage.EphemeralStorageBuilder) CertificateParsingException(java.security.cert.CertificateParsingException) HashMap(java.util.HashMap) GenericKafkaListenerConfigurationBootstrap(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrap) MetricsAndLogging(io.strimzi.operator.common.MetricsAndLogging) HashSet(java.util.HashSet) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) CertificateExpirationPolicy(io.strimzi.api.kafka.model.CertificateExpirationPolicy) Volume(io.fabric8.kubernetes.api.model.Volume) Matchers.hasEntry(org.hamcrest.Matchers.hasEntry) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Collections.emptyMap(java.util.Collections.emptyMap) TopologySpreadConstraint(io.fabric8.kubernetes.api.model.TopologySpreadConstraint) Matchers(org.hamcrest.Matchers) TestUtils.set(io.strimzi.test.TestUtils.set) LabelSelectorRequirementBuilder(io.fabric8.kubernetes.api.model.LabelSelectorRequirementBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Collections(java.util.Collections) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Kafka(io.strimzi.api.kafka.model.Kafka) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 28 with NetworkPolicy

use of com.google.container.v1beta1.NetworkPolicy in project strimzi by strimzi.

the class KafkaConnectClusterTest method testNetworkPolicyWithConnectorOperator.

@ParallelTest
public void testNetworkPolicyWithConnectorOperator() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resourceWithMetrics).build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    NetworkPolicy np = kc.generateNetworkPolicy(true, "operator-namespace", null);
    assertThat(np.getMetadata().getName(), is(kc.getName()));
    assertThat(np.getSpec().getPodSelector().getMatchLabels(), is(kc.getSelectorLabels().toMap()));
    assertThat(np.getSpec().getIngress().size(), is(2));
    assertThat(np.getSpec().getIngress().get(0).getPorts().size(), is(1));
    assertThat(np.getSpec().getIngress().get(0).getPorts().get(0).getPort().getIntVal(), is(KafkaConnectCluster.REST_API_PORT));
    assertThat(np.getSpec().getIngress().get(0).getFrom().size(), is(2));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(0).getPodSelector().getMatchLabels(), is(kc.getSelectorLabels().toMap()));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(0).getNamespaceSelector(), is(nullValue()));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(1).getPodSelector().getMatchLabels(), is(singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(1).getNamespaceSelector().getMatchLabels(), is(nullValue()));
    assertThat(np.getSpec().getIngress().get(1).getPorts().size(), is(1));
    assertThat(np.getSpec().getIngress().get(1).getPorts().get(0).getPort().getIntVal(), is(KafkaConnectCluster.METRICS_PORT));
}
Also used : KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 29 with NetworkPolicy

use of com.google.container.v1beta1.NetworkPolicy in project strimzi by strimzi.

the class KafkaConnectClusterTest method testNetworkPolicyWithConnectorOperatorWithNamespaceLabels.

@ParallelTest
public void testNetworkPolicyWithConnectorOperatorWithNamespaceLabels() {
    KafkaConnect resource = new KafkaConnectBuilder(this.resourceWithMetrics).build();
    KafkaConnectCluster kc = KafkaConnectCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, resource, VERSIONS);
    NetworkPolicy np = kc.generateNetworkPolicy(true, "operator-namespace", Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getMetadata().getName(), is(kc.getName()));
    assertThat(np.getSpec().getPodSelector().getMatchLabels(), is(kc.getSelectorLabels().toMap()));
    assertThat(np.getSpec().getIngress().size(), is(2));
    assertThat(np.getSpec().getIngress().get(0).getPorts().size(), is(1));
    assertThat(np.getSpec().getIngress().get(0).getPorts().get(0).getPort().getIntVal(), is(KafkaConnectCluster.REST_API_PORT));
    assertThat(np.getSpec().getIngress().get(0).getFrom().size(), is(2));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(0).getPodSelector().getMatchLabels(), is(kc.getSelectorLabels().toMap()));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(0).getNamespaceSelector(), is(nullValue()));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(1).getPodSelector().getMatchLabels(), is(singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")));
    assertThat(np.getSpec().getIngress().get(0).getFrom().get(1).getNamespaceSelector().getMatchLabels(), is(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getSpec().getIngress().get(1).getPorts().size(), is(1));
    assertThat(np.getSpec().getIngress().get(1).getPorts().get(0).getPort().getIntVal(), is(KafkaConnectCluster.METRICS_PORT));
}
Also used : KafkaConnectBuilder(io.strimzi.api.kafka.model.KafkaConnectBuilder) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 30 with NetworkPolicy

use of com.google.container.v1beta1.NetworkPolicy in project strimzi by strimzi.

the class CruiseControlReconcilerTest method reconcileDisabledCruiseControl.

@Test
public void reconcileDisabledCruiseControl(VertxTestContext context) {
    ResourceOperatorSupplier supplier = ResourceUtils.supplierWithMocks(false);
    DeploymentOperator mockDepOps = supplier.deploymentOperations;
    SecretOperator mockSecretOps = supplier.secretOperations;
    ServiceAccountOperator mockSaOps = supplier.serviceAccountOperations;
    ServiceOperator mockServiceOps = supplier.serviceOperations;
    NetworkPolicyOperator mockNetPolicyOps = supplier.networkPolicyOperator;
    ConfigMapOperator mockCmOps = supplier.configMapOperations;
    ArgumentCaptor<ServiceAccount> saCaptor = ArgumentCaptor.forClass(ServiceAccount.class);
    when(mockSaOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.serviceAccountName(NAME)), saCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Secret> secretCaptor = ArgumentCaptor.forClass(Secret.class);
    when(mockSecretOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.secretName(NAME)), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockSecretOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.apiSecretName(NAME)), secretCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Service> serviceCaptor = ArgumentCaptor.forClass(Service.class);
    when(mockServiceOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.serviceName(NAME)), serviceCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<NetworkPolicy> netPolicyCaptor = ArgumentCaptor.forClass(NetworkPolicy.class);
    when(mockNetPolicyOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.networkPolicyName(NAME)), netPolicyCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<ConfigMap> cmCaptor = ArgumentCaptor.forClass(ConfigMap.class);
    when(mockCmOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.logAndMetricsConfigMapName(NAME)), cmCaptor.capture())).thenReturn(Future.succeededFuture());
    ArgumentCaptor<Deployment> depCaptor = ArgumentCaptor.forClass(Deployment.class);
    when(mockDepOps.reconcile(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), depCaptor.capture())).thenReturn(Future.succeededFuture());
    when(mockDepOps.waitForObserved(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    when(mockDepOps.readiness(any(), eq(NAMESPACE), eq(CruiseControlResources.deploymentName(NAME)), anyLong(), anyLong())).thenReturn(Future.succeededFuture());
    Kafka kafka = ResourceUtils.createKafka(NAMESPACE, NAME, 3, "foo", 120, 30);
    ClusterCa clusterCa = new ClusterCa(Reconciliation.DUMMY_RECONCILIATION, new OpenSslCertManager(), new PasswordGenerator(10, "a", "a"), NAME, ResourceUtils.createInitialCaCertSecret(NAMESPACE, NAME, AbstractModel.clusterCaCertSecretName(NAME), MockCertManager.clusterCaCert(), MockCertManager.clusterCaCertStore(), "123456"), ResourceUtils.createInitialCaKeySecret(NAMESPACE, NAME, AbstractModel.clusterCaKeySecretName(NAME), MockCertManager.clusterCaKey()));
    CruiseControlReconciler rcnclr = new CruiseControlReconciler(Reconciliation.DUMMY_RECONCILIATION, ResourceUtils.dummyClusterOperatorConfig(), supplier, kafka, VERSIONS, kafka.getSpec().getKafka().getStorage(), clusterCa);
    Checkpoint async = context.checkpoint();
    rcnclr.reconcile(false, null, null, Date::new).onComplete(context.succeeding(v -> context.verify(() -> {
        assertThat(saCaptor.getAllValues().size(), is(1));
        assertThat(saCaptor.getValue(), is(nullValue()));
        assertThat(secretCaptor.getAllValues().size(), is(2));
        assertThat(secretCaptor.getAllValues().get(0), is(nullValue()));
        assertThat(secretCaptor.getAllValues().get(1), is(nullValue()));
        assertThat(serviceCaptor.getAllValues().size(), is(1));
        assertThat(serviceCaptor.getValue(), is(nullValue()));
        assertThat(netPolicyCaptor.getAllValues().size(), is(1));
        assertThat(netPolicyCaptor.getValue(), is(nullValue()));
        assertThat(cmCaptor.getAllValues().size(), is(1));
        assertThat(cmCaptor.getValue(), is(nullValue()));
        assertThat(depCaptor.getAllValues().size(), is(1));
        assertThat(depCaptor.getValue(), is(nullValue()));
        async.flag();
    })));
}
Also used : VertxTestContext(io.vertx.junit5.VertxTestContext) CoreMatchers.is(org.hamcrest.CoreMatchers.is) ArgumentMatchers.any(org.mockito.ArgumentMatchers.any) BrokerCapacityBuilder(io.strimzi.api.kafka.model.balancing.BrokerCapacityBuilder) ArgumentMatchers.anyLong(org.mockito.ArgumentMatchers.anyLong) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) Date(java.util.Date) ArgumentMatchers.eq(org.mockito.ArgumentMatchers.eq) NetworkPolicyOperator(io.strimzi.operator.common.operator.resource.NetworkPolicyOperator) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) ServiceOperator(io.strimzi.operator.common.operator.resource.ServiceOperator) ArgumentCaptor(org.mockito.ArgumentCaptor) ServiceAccountOperator(io.strimzi.operator.common.operator.resource.ServiceAccountOperator) ExtendWith(org.junit.jupiter.api.extension.ExtendWith) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) ConfigMapOperator(io.strimzi.operator.common.operator.resource.ConfigMapOperator) Map(java.util.Map) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) Service(io.fabric8.kubernetes.api.model.Service) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) AbstractModel(io.strimzi.operator.cluster.model.AbstractModel) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator) KafkaVersion(io.strimzi.operator.cluster.model.KafkaVersion) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Mockito.when(org.mockito.Mockito.when) VertxExtension(io.vertx.junit5.VertxExtension) Future(io.vertx.core.Future) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) Test(org.junit.jupiter.api.Test) Reconciliation(io.strimzi.operator.common.Reconciliation) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) Secret(io.fabric8.kubernetes.api.model.Secret) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) Checkpoint(io.vertx.junit5.Checkpoint) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) MockCertManager(io.strimzi.operator.common.operator.MockCertManager) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) ServiceOperator(io.strimzi.operator.common.operator.resource.ServiceOperator) NetworkPolicyOperator(io.strimzi.operator.common.operator.resource.NetworkPolicyOperator) ResourceOperatorSupplier(io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier) PasswordGenerator(io.strimzi.operator.common.PasswordGenerator) DeploymentOperator(io.strimzi.operator.common.operator.resource.DeploymentOperator) ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ClusterCa(io.strimzi.operator.cluster.model.ClusterCa) Service(io.fabric8.kubernetes.api.model.Service) SecretOperator(io.strimzi.operator.common.operator.resource.SecretOperator) Secret(io.fabric8.kubernetes.api.model.Secret) OpenSslCertManager(io.strimzi.certs.OpenSslCertManager) Checkpoint(io.vertx.junit5.Checkpoint) ServiceAccountOperator(io.strimzi.operator.common.operator.resource.ServiceAccountOperator) ConfigMapOperator(io.strimzi.operator.common.operator.resource.ConfigMapOperator) Test(org.junit.jupiter.api.Test)

Aggregations

NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)147 Service (io.fabric8.kubernetes.api.model.Service)101 List (java.util.List)99 CoreMatchers.is (org.hamcrest.CoreMatchers.is)98 MatcherAssert.assertThat (org.hamcrest.MatcherAssert.assertThat)98 KafkaVersionTestUtils (io.strimzi.operator.cluster.KafkaVersionTestUtils)96 ResourceUtils (io.strimzi.operator.cluster.ResourceUtils)96 Reconciliation (io.strimzi.operator.common.Reconciliation)96 ConfigMap (io.fabric8.kubernetes.api.model.ConfigMap)93 Collections.emptyList (java.util.Collections.emptyList)92 Deployment (io.fabric8.kubernetes.api.model.apps.Deployment)91 ConfigMapOperator (io.strimzi.operator.common.operator.resource.ConfigMapOperator)84 DeploymentOperator (io.strimzi.operator.common.operator.resource.DeploymentOperator)84 NetworkPolicyOperator (io.strimzi.operator.common.operator.resource.NetworkPolicyOperator)84 SecretOperator (io.strimzi.operator.common.operator.resource.SecretOperator)84 ServiceOperator (io.strimzi.operator.common.operator.resource.ServiceOperator)84 Optional (java.util.Optional)84 AfterAll (org.junit.jupiter.api.AfterAll)84 KafkaVersion (io.strimzi.operator.cluster.model.KafkaVersion)82 ResourceOperatorSupplier (io.strimzi.operator.cluster.operator.resource.ResourceOperatorSupplier)82