Examples with NetworkPolicyPeerBuilder io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder used on opensource projects

Search in sources :

Example 16 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project kas-fleetshard by bf2fc6cc711aee1a0c2a.

the class AbstractKafkaCluster method buildListeners.

protected List<GenericKafkaListener> buildListeners(ManagedKafka managedKafka, int replicas) {
    KafkaListenerAuthentication plainOverOauthAuthenticationListener = null;
    KafkaListenerAuthentication oauthAuthenticationListener = null;
    if (SecuritySecretManager.isKafkaAuthenticationEnabled(managedKafka)) {
        ManagedKafkaAuthenticationOAuth managedKafkaAuthenticationOAuth = managedKafka.getSpec().getOauth();
        CertSecretSource ssoTlsCertSecretSource = buildSsoTlsCertSecretSource(managedKafka);
        KafkaListenerAuthenticationOAuthBuilder plainOverOauthAuthenticationListenerBuilder = new KafkaListenerAuthenticationOAuthBuilder().withClientId(managedKafkaAuthenticationOAuth.getClientId()).withJwksEndpointUri(managedKafkaAuthenticationOAuth.getJwksEndpointURI()).withUserNameClaim(managedKafkaAuthenticationOAuth.getUserNameClaim()).withFallbackUserNameClaim(managedKafkaAuthenticationOAuth.getFallbackUserNameClaim()).withCustomClaimCheck(managedKafkaAuthenticationOAuth.getCustomClaimCheck()).withValidIssuerUri(managedKafkaAuthenticationOAuth.getValidIssuerEndpointURI()).withClientSecret(buildSsoClientGenericSecretSource(managedKafka)).withEnablePlain(true).withTokenEndpointUri(managedKafkaAuthenticationOAuth.getTokenEndpointURI());
        if (ssoTlsCertSecretSource != null) {
            plainOverOauthAuthenticationListenerBuilder.withTlsTrustedCertificates(ssoTlsCertSecretSource);
        }
        plainOverOauthAuthenticationListener = plainOverOauthAuthenticationListenerBuilder.build();
        KafkaListenerAuthenticationOAuthBuilder oauthAuthenticationListenerBuilder = new KafkaListenerAuthenticationOAuthBuilder().withClientId(managedKafkaAuthenticationOAuth.getClientId()).withJwksEndpointUri(managedKafkaAuthenticationOAuth.getJwksEndpointURI()).withUserNameClaim(managedKafkaAuthenticationOAuth.getUserNameClaim()).withFallbackUserNameClaim(managedKafkaAuthenticationOAuth.getFallbackUserNameClaim()).withCustomClaimCheck(managedKafkaAuthenticationOAuth.getCustomClaimCheck()).withValidIssuerUri(managedKafkaAuthenticationOAuth.getValidIssuerEndpointURI()).withClientSecret(buildSsoClientGenericSecretSource(managedKafka));
        if (ssoTlsCertSecretSource != null) {
            oauthAuthenticationListenerBuilder.withTlsTrustedCertificates(ssoTlsCertSecretSource);
        }
        oauthAuthenticationListener = oauthAuthenticationListenerBuilder.build();
    }
    KafkaListenerType externalListenerType = kubernetesClient.isAdaptable(OpenShiftClient.class) ? KafkaListenerType.ROUTE : KafkaListenerType.INGRESS;
    // Limit client connections per listener
    Integer totalMaxConnections = Objects.requireNonNullElse(managedKafka.getSpec().getCapacity().getTotalMaxConnections(), this.config.getKafka().getMaxConnections()) / replicas;
    // Limit connection attempts per listener
    Integer maxConnectionAttemptsPerSec = Objects.requireNonNullElse(managedKafka.getSpec().getCapacity().getMaxConnectionAttemptsPerSec(), this.config.getKafka().getConnectionAttemptsPerSec()) / replicas;
    GenericKafkaListenerConfigurationBuilder listenerConfigBuilder = new GenericKafkaListenerConfigurationBuilder().withBootstrap(new GenericKafkaListenerConfigurationBootstrapBuilder().withHost(managedKafka.getSpec().getEndpoint().getBootstrapServerHost()).withAnnotations(Map.of("haproxy.router.openshift.io/balance", "leastconn")).build()).withBrokers(buildBrokerOverrides(managedKafka, replicas)).withBrokerCertChainAndKey(buildTlsCertAndKeySecretSource(managedKafka)).withMaxConnections(totalMaxConnections).withMaxConnectionCreationRate(maxConnectionAttemptsPerSec);
    return Arrays.asList(new GenericKafkaListenerBuilder().withName(EXTERNAL_LISTENER_NAME).withPort(9094).withType(externalListenerType).withTls(true).withAuth(plainOverOauthAuthenticationListener).withConfiguration(listenerConfigBuilder.build()).build(), new GenericKafkaListenerBuilder().withName("oauth").withPort(9095).withType(KafkaListenerType.INTERNAL).withTls(true).withAuth(oauthAuthenticationListener).withNetworkPolicyPeers(new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels("app", AbstractAdminServer.adminServerName(managedKafka)).endPodSelector().build()).build(), new GenericKafkaListenerBuilder().withName("sre").withPort(9096).withType(KafkaListenerType.INTERNAL).withTls(false).build());
}
Also used : KafkaListenerType(io.strimzi.api.kafka.model.listener.arraylistener.KafkaListenerType) GenericKafkaListenerConfigurationBootstrapBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBootstrapBuilder) GenericKafkaListenerConfigurationBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerConfigurationBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) ManagedKafkaAuthenticationOAuth(org.bf2.operator.resources.v1alpha1.ManagedKafkaAuthenticationOAuth) CertSecretSource(io.strimzi.api.kafka.model.CertSecretSource) KafkaListenerAuthenticationOAuthBuilder(io.strimzi.api.kafka.model.listener.KafkaListenerAuthenticationOAuthBuilder) KafkaListenerAuthentication(io.strimzi.api.kafka.model.listener.KafkaListenerAuthentication) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)

Example 17 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class CruiseControlTest method testRestApiPortNetworkPolicyInTheSameNamespace.

@ParallelTest
public void testRestApiPortNetworkPolicyInTheSameNamespace() {
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().build();
    NetworkPolicy np = cc.generateNetworkPolicy(namespace, null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElse(null);
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) DEFAULT_WEBSERVER_SSL_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SSL_ENABLED) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) Matchers.hasItems(org.hamcrest.Matchers.hasItems) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) PersistentClaimStorage(io.strimzi.api.kafka.model.storage.PersistentClaimStorage) DEFAULT_WEBSERVER_SECURITY_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SECURITY_ENABLED) Map(java.util.Map) API_HEALTHCHECK_PATH(io.strimzi.operator.cluster.model.CruiseControl.API_HEALTHCHECK_PATH) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY) Affinity(io.fabric8.kubernetes.api.model.Affinity) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) Capacity(io.strimzi.operator.cluster.model.cruisecontrol.Capacity) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Matchers.allOf(org.hamcrest.Matchers.allOf) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION(io.strimzi.operator.cluster.model.CruiseControl.ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) NodeSelectorTermBuilder(io.fabric8.kubernetes.api.model.NodeSelectorTermBuilder) List(java.util.List) EphemeralStorage(io.strimzi.api.kafka.model.storage.EphemeralStorage) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) Container(io.fabric8.kubernetes.api.model.Container) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SingleVolumeStorage(io.strimzi.api.kafka.model.storage.SingleVolumeStorage) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) JbodStorage(io.strimzi.api.kafka.model.storage.JbodStorage) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Toleration(io.fabric8.kubernetes.api.model.Toleration) TolerationBuilder(io.fabric8.kubernetes.api.model.TolerationBuilder) AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) API_USER_NAME(io.strimzi.operator.cluster.model.CruiseControl.API_USER_NAME) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) BrokerCapacity(io.strimzi.api.kafka.model.balancing.BrokerCapacity) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 18 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class CruiseControlTest method testRestApiPortNetworkPolicy.

@ParallelTest
public void testRestApiPortNetworkPolicy() {
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().endNamespaceSelector().build();
    NetworkPolicy np = cc.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElse(null);
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) DEFAULT_WEBSERVER_SSL_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SSL_ENABLED) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) Matchers.hasItems(org.hamcrest.Matchers.hasItems) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) PersistentClaimStorage(io.strimzi.api.kafka.model.storage.PersistentClaimStorage) DEFAULT_WEBSERVER_SECURITY_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SECURITY_ENABLED) Map(java.util.Map) API_HEALTHCHECK_PATH(io.strimzi.operator.cluster.model.CruiseControl.API_HEALTHCHECK_PATH) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY) Affinity(io.fabric8.kubernetes.api.model.Affinity) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) Capacity(io.strimzi.operator.cluster.model.cruisecontrol.Capacity) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Matchers.allOf(org.hamcrest.Matchers.allOf) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION(io.strimzi.operator.cluster.model.CruiseControl.ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) NodeSelectorTermBuilder(io.fabric8.kubernetes.api.model.NodeSelectorTermBuilder) List(java.util.List) EphemeralStorage(io.strimzi.api.kafka.model.storage.EphemeralStorage) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) Container(io.fabric8.kubernetes.api.model.Container) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SingleVolumeStorage(io.strimzi.api.kafka.model.storage.SingleVolumeStorage) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) JbodStorage(io.strimzi.api.kafka.model.storage.JbodStorage) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Toleration(io.fabric8.kubernetes.api.model.Toleration) TolerationBuilder(io.fabric8.kubernetes.api.model.TolerationBuilder) AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) API_USER_NAME(io.strimzi.operator.cluster.model.CruiseControl.API_USER_NAME) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) BrokerCapacity(io.strimzi.api.kafka.model.balancing.BrokerCapacity) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 19 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class ZookeeperClusterTest method testNetworkPolicyNewKubernetesVersions.

@ParallelTest
public void testNetworkPolicyNewKubernetesVersions() {
    Kafka kafkaAssembly = ResourceUtils.createKafka(namespace, cluster, replicas, image, healthDelay, healthTimeout, jmxMetricsConfig, configurationJson, emptyMap());
    kafkaAssembly.getSpec().getKafka().setRack(new RackBuilder().withTopologyKey("topology-key").build());
    ZookeeperCluster zc = ZookeeperCluster.fromCrd(Reconciliation.DUMMY_RECONCILIATION, kafkaAssembly, VERSIONS);
    // Check Network Policies => Other namespace
    NetworkPolicy np = zc.generateNetworkPolicy("operator-namespace", null);
    LabelSelector podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, ZookeeperCluster.zookeeperClusterName(zc.getCluster())));
    assertThat(np.getSpec().getPodSelector(), is(podSelector));
    List<NetworkPolicyIngressRule> rules = np.getSpec().getIngress();
    assertThat(rules.size(), is(3));
    // Ports 2888 and 3888
    NetworkPolicyIngressRule zooRule = rules.get(0);
    assertThat(zooRule.getPorts().size(), is(2));
    assertThat(zooRule.getPorts().get(0).getPort(), is(new IntOrString(2888)));
    assertThat(zooRule.getPorts().get(1).getPort(), is(new IntOrString(3888)));
    assertThat(zooRule.getFrom().size(), is(1));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, ZookeeperCluster.zookeeperClusterName(zc.getCluster())));
    assertThat(zooRule.getFrom().get(0), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    // Port 2181
    NetworkPolicyIngressRule clientsRule = rules.get(1);
    assertThat(clientsRule.getPorts().size(), is(1));
    assertThat(clientsRule.getPorts().get(0).getPort(), is(new IntOrString(ZookeeperCluster.CLIENT_TLS_PORT)));
    assertThat(clientsRule.getFrom().size(), is(5));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(zc.getCluster())));
    assertThat(clientsRule.getFrom().get(0), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, ZookeeperCluster.zookeeperClusterName(zc.getCluster())));
    assertThat(clientsRule.getFrom().get(1), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, EntityOperator.entityOperatorName(zc.getCluster())));
    assertThat(clientsRule.getFrom().get(2), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator"));
    assertThat(clientsRule.getFrom().get(3), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).withNamespaceSelector(new LabelSelector()).build()));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_NAME_LABEL, CruiseControl.cruiseControlName(zc.getCluster())));
    assertThat(clientsRule.getFrom().get(4), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    // Port 9404
    NetworkPolicyIngressRule metricsRule = rules.get(2);
    assertThat(metricsRule.getPorts().size(), is(1));
    assertThat(metricsRule.getPorts().get(0).getPort(), is(new IntOrString(9404)));
    assertThat(metricsRule.getFrom().size(), is(0));
    // Check Network Policies => The same namespace
    np = zc.generateNetworkPolicy(namespace, null);
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator"));
    assertThat(np.getSpec().getIngress().get(1).getFrom().get(3), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    // Check Network Policies => The same namespace with namespace labels
    np = zc.generateNetworkPolicy(namespace, Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator"));
    assertThat(np.getSpec().getIngress().get(1).getFrom().get(3), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).build()));
    // Check Network Policies => Other namespace with namespace labels
    np = zc.generateNetworkPolicy("operator-namespace", Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    podSelector = new LabelSelector();
    podSelector.setMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator"));
    LabelSelector namespaceSelector = new LabelSelector();
    namespaceSelector.setMatchLabels(Collections.singletonMap("nsLabelKey", "nsLabelValue"));
    assertThat(np.getSpec().getIngress().get(1).getFrom().get(3), is(new NetworkPolicyPeerBuilder().withPodSelector(podSelector).withNamespaceSelector(namespaceSelector).build()));
}
Also used : RackBuilder(io.strimzi.api.kafka.model.RackBuilder) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Kafka(io.strimzi.api.kafka.model.Kafka) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 20 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi by strimzi.

the class CruiseControl method generateNetworkPolicy.

/**
 * Generates the NetworkPolicies relevant for Cruise Control
 *
 * @param operatorNamespace                             Namespace where the Strimzi Cluster Operator runs. Null if not configured.
 * @param operatorNamespaceLabels                       Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
 *
 * @return The network policy.
 */
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
    List<NetworkPolicyIngressRule> rules = new ArrayList<>(1);
    // CO can access the REST API
    NetworkPolicyIngressRule restApiRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(REST_API_PORT).withProtocol("TCP").endPort().build();
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_KIND_LABEL, "cluster-operator").endPodSelector().build();
    ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
    restApiRule.setFrom(Collections.singletonList(clusterOperatorPeer));
    rules.add(restApiRule);
    if (isMetricsEnabled) {
        NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
        rules.add(metricsRule);
    }
    NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(policyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withNewPodSelector().addToMatchLabels(Labels.STRIMZI_NAME_LABEL, cruiseControlName(cluster)).endPodSelector().withIngress(rules).endSpec().build();
    LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
    return networkPolicy;
}
Also used : NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ArrayList(java.util.ArrayList) NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder) NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)

Aggregations

NetworkPolicyPeerBuilder (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)26 NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)21 NetworkPolicyIngressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)20 NetworkPolicyPeer (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)18 ArrayList (java.util.ArrayList)18 HashMap (java.util.HashMap)16 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)15 Kafka (io.strimzi.api.kafka.model.Kafka)14 ParallelTest (io.strimzi.test.annotations.ParallelTest)14 ConfigMapKeySelectorBuilder (io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)12 Container (io.fabric8.kubernetes.api.model.Container)12 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)12 HostAlias (io.fabric8.kubernetes.api.model.HostAlias)12 HostAliasBuilder (io.fabric8.kubernetes.api.model.HostAliasBuilder)12 PodSecurityContextBuilder (io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)12 Quantity (io.fabric8.kubernetes.api.model.Quantity)12 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)12 SecurityContext (io.fabric8.kubernetes.api.model.SecurityContext)12 SecurityContextBuilder (io.fabric8.kubernetes.api.model.SecurityContextBuilder)12 Service (io.fabric8.kubernetes.api.model.Service)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial