Examples with NetworkPolicyPeerBuilder io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder used on opensource projects

Example 6 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class KafkaClusterTest method testReplicationPortNetworkPolicy.

@ParallelTest
public void testReplicationPortNetworkPolicy() {
    NetworkPolicyPeer kafkaBrokersPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(cluster))).endPodSelector().build();
    NetworkPolicyPeer eoPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, EntityOperator.entityOperatorName(cluster))).endPodSelector().build();
    NetworkPolicyPeer kafkaExporterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaExporter.kafkaExporterName(cluster))).endPodSelector().build();
    NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, CruiseControl.cruiseControlName(cluster))).endPodSelector().build();
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().endNamespaceSelector().build();
    NetworkPolicyPeer clusterOperatorPeerSameNamespace = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().build();
    NetworkPolicyPeer clusterOperatorPeerNamespaceWithLabels = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().withMatchLabels(Collections.singletonMap("nsLabelKey", "nsLabelValue")).endNamespaceSelector().build();
    Kafka kafkaAssembly = ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap());
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies => Different namespace
    NetworkPolicy np = k.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
    // Check Network Policies => Same namespace
    np = k.generateNetworkPolicy(namespace, null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeerSameNamespace), is(true));
    // Check Network Policies => Namespace with Labels
    np = k.generateNetworkPolicy("operator-namespace", Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeerNamespaceWithLabels), is(true));
}

Example 7 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class KafkaClusterTest method testControlPlanePortNetworkPolicy.

@ParallelTest
public void testControlPlanePortNetworkPolicy() {
    NetworkPolicyPeer kafkaBrokersPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(cluster))).endPodSelector().build();
    Kafka kafkaAssembly = ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap());
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies => Different namespace
    NetworkPolicy np = k.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.CONTROLPLANE_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.CONTROLPLANE_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
}

Example 8 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class KafkaClusterTest method testNetworkPolicyPeers.

@ParallelTest
public void testNetworkPolicyPeers() {
    NetworkPolicyPeer peer1 = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchExpressions(new LabelSelectorRequirementBuilder().withKey("my-key1").withValues("my-value1").build()).endPodSelector().build();
    NetworkPolicyPeer peer2 = new NetworkPolicyPeerBuilder().withNewNamespaceSelector().withMatchExpressions(new LabelSelectorRequirementBuilder().withKey("my-key2").withValues("my-value2").build()).endNamespaceSelector().build();
    Kafka kafkaAssembly = new KafkaBuilder(ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap())).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName("plain").withPort(9092).withType(KafkaListenerType.INTERNAL).withNetworkPolicyPeers(peer1).withTls(false).build(), new GenericKafkaListenerBuilder().withName("tls").withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNetworkPolicyPeers(peer2).build(), new GenericKafkaListenerBuilder().withName("external").withPort(9094).withType(KafkaListenerType.ROUTE).withTls(true).withNetworkPolicyPeers(peer1, peer2).build()).endKafka().endSpec().build();
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies
    NetworkPolicy np = k.generateNetworkPolicy(null, null);
    List<NetworkPolicyIngressRule> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9092))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom().get(0), is(peer1));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9093))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom().get(0), is(peer2));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(9094))).collect(Collectors.toList());
    assertThat(rules.size(), is(1));
    assertThat(rules.get(0).getFrom().size(), is(2));
    assertThat(rules.get(0).getFrom().contains(peer1), is(true));
    assertThat(rules.get(0).getFrom().contains(peer2), is(true));
}

Example 9 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaClusterTest method testReplicationPortNetworkPolicy.

@ParallelTest
public void testReplicationPortNetworkPolicy() {
    NetworkPolicyPeer kafkaBrokersPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(cluster))).endPodSelector().build();
    NetworkPolicyPeer eoPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, EntityOperator.entityOperatorName(cluster))).endPodSelector().build();
    NetworkPolicyPeer kafkaExporterPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaExporter.kafkaExporterName(cluster))).endPodSelector().build();
    NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, CruiseControl.cruiseControlName(cluster))).endPodSelector().build();
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().endNamespaceSelector().build();
    NetworkPolicyPeer clusterOperatorPeerSameNamespace = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().build();
    NetworkPolicyPeer clusterOperatorPeerNamespaceWithLabels = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().withMatchLabels(Collections.singletonMap("nsLabelKey", "nsLabelValue")).endNamespaceSelector().build();
    Kafka kafkaAssembly = ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap());
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies => Different namespace
    NetworkPolicy np = k.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
    // Check Network Policies => Same namespace
    np = k.generateNetworkPolicy(namespace, null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeerSameNamespace), is(true));
    // Check Network Policies => Namespace with Labels
    np = k.generateNetworkPolicy("operator-namespace", Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).findFirst().orElse(null), is(notNullValue()));
    rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.REPLICATION_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(5));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
    assertThat(rules.contains(eoPeer), is(true));
    assertThat(rules.contains(kafkaExporterPeer), is(true));
    assertThat(rules.contains(cruiseControlPeer), is(true));
    assertThat(rules.contains(clusterOperatorPeerNamespaceWithLabels), is(true));
}

Example 10 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi-kafka-operator by strimzi.

the class KafkaClusterTest method testControlPlanePortNetworkPolicy.

@ParallelTest
public void testControlPlanePortNetworkPolicy() {
    NetworkPolicyPeer kafkaBrokersPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(cluster))).endPodSelector().build();
    Kafka kafkaAssembly = ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configuration, emptyMap());
    KafkaCluster k = KafkaCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies => Different namespace
    NetworkPolicy np = k.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.CONTROLPLANE_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(KafkaCluster.CONTROLPLANE_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(kafkaBrokersPeer), is(true));
}