Examples with NetworkPolicyPeerBuilder io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder used on opensource projects

Search in sources :

Example 21 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi-kafka-operator by strimzi.

the class CruiseControlTest method testRestApiPortNetworkPolicyWithNamespaceLabels.

@ParallelTest
public void testRestApiPortNetworkPolicyWithNamespaceLabels() {
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().withMatchLabels(Collections.singletonMap("nsLabelKey", "nsLabelValue")).endNamespaceSelector().build();
    NetworkPolicy np = cc.generateNetworkPolicy(null, Labels.fromMap(Collections.singletonMap("nsLabelKey", "nsLabelValue")));
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElseThrow();
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) DEFAULT_WEBSERVER_SSL_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SSL_ENABLED) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) Matchers.hasItems(org.hamcrest.Matchers.hasItems) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) PersistentClaimStorage(io.strimzi.api.kafka.model.storage.PersistentClaimStorage) DEFAULT_WEBSERVER_SECURITY_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SECURITY_ENABLED) Map(java.util.Map) API_HEALTHCHECK_PATH(io.strimzi.operator.cluster.model.CruiseControl.API_HEALTHCHECK_PATH) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY) Affinity(io.fabric8.kubernetes.api.model.Affinity) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) Capacity(io.strimzi.operator.cluster.model.cruisecontrol.Capacity) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Matchers.allOf(org.hamcrest.Matchers.allOf) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION(io.strimzi.operator.cluster.model.CruiseControl.ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) NodeSelectorTermBuilder(io.fabric8.kubernetes.api.model.NodeSelectorTermBuilder) List(java.util.List) EphemeralStorage(io.strimzi.api.kafka.model.storage.EphemeralStorage) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) Container(io.fabric8.kubernetes.api.model.Container) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SingleVolumeStorage(io.strimzi.api.kafka.model.storage.SingleVolumeStorage) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) JbodStorage(io.strimzi.api.kafka.model.storage.JbodStorage) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Toleration(io.fabric8.kubernetes.api.model.Toleration) TolerationBuilder(io.fabric8.kubernetes.api.model.TolerationBuilder) AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) API_USER_NAME(io.strimzi.operator.cluster.model.CruiseControl.API_USER_NAME) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) BrokerCapacity(io.strimzi.api.kafka.model.balancing.BrokerCapacity) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 22 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi-kafka-operator by strimzi.

the class CruiseControlTest method testRestApiPortNetworkPolicyInTheSameNamespace.

@ParallelTest
public void testRestApiPortNetworkPolicyInTheSameNamespace() {
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().build();
    NetworkPolicy np = cc.generateNetworkPolicy(namespace, null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElse(null);
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) DEFAULT_WEBSERVER_SSL_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SSL_ENABLED) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) Matchers.hasItems(org.hamcrest.Matchers.hasItems) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) PersistentClaimStorage(io.strimzi.api.kafka.model.storage.PersistentClaimStorage) DEFAULT_WEBSERVER_SECURITY_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SECURITY_ENABLED) Map(java.util.Map) API_HEALTHCHECK_PATH(io.strimzi.operator.cluster.model.CruiseControl.API_HEALTHCHECK_PATH) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY) Affinity(io.fabric8.kubernetes.api.model.Affinity) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) Capacity(io.strimzi.operator.cluster.model.cruisecontrol.Capacity) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Matchers.allOf(org.hamcrest.Matchers.allOf) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION(io.strimzi.operator.cluster.model.CruiseControl.ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) NodeSelectorTermBuilder(io.fabric8.kubernetes.api.model.NodeSelectorTermBuilder) List(java.util.List) EphemeralStorage(io.strimzi.api.kafka.model.storage.EphemeralStorage) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) Container(io.fabric8.kubernetes.api.model.Container) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SingleVolumeStorage(io.strimzi.api.kafka.model.storage.SingleVolumeStorage) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) JbodStorage(io.strimzi.api.kafka.model.storage.JbodStorage) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Toleration(io.fabric8.kubernetes.api.model.Toleration) TolerationBuilder(io.fabric8.kubernetes.api.model.TolerationBuilder) AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) API_USER_NAME(io.strimzi.operator.cluster.model.CruiseControl.API_USER_NAME) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) BrokerCapacity(io.strimzi.api.kafka.model.balancing.BrokerCapacity) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 23 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi-kafka-operator by strimzi.

the class CruiseControlTest method testRestApiPortNetworkPolicy.

@ParallelTest
public void testRestApiPortNetworkPolicy() {
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(Collections.singletonMap(Labels.STRIMZI_KIND_LABEL, "cluster-operator")).endPodSelector().withNewNamespaceSelector().endNamespaceSelector().build();
    NetworkPolicy np = cc.generateNetworkPolicy("operator-namespace", null);
    assertThat(np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).findFirst().orElse(null), is(notNullValue()));
    List<NetworkPolicyPeer> rules = np.getSpec().getIngress().stream().filter(ing -> ing.getPorts().get(0).getPort().equals(new IntOrString(CruiseControl.REST_API_PORT))).map(NetworkPolicyIngressRule::getFrom).findFirst().orElse(null);
    assertThat(rules.size(), is(1));
    assertThat(rules.contains(clusterOperatorPeer), is(true));
}
Also used : Quantity(io.fabric8.kubernetes.api.model.Quantity) VolumeMount(io.fabric8.kubernetes.api.model.VolumeMount) CoreMatchers.is(org.hamcrest.CoreMatchers.is) DEFAULT_WEBSERVER_SSL_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SSL_ENABLED) CoreMatchers.hasItem(org.hamcrest.CoreMatchers.hasItem) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) Storage(io.strimzi.api.kafka.model.storage.Storage) ParallelSuite(io.strimzi.test.annotations.ParallelSuite) SecurityContextBuilder(io.fabric8.kubernetes.api.model.SecurityContextBuilder) Matchers.hasItems(org.hamcrest.Matchers.hasItems) PodDisruptionBudget(io.fabric8.kubernetes.api.model.policy.v1.PodDisruptionBudget) Collections.singletonList(java.util.Collections.singletonList) CoreMatchers.notNullValue(org.hamcrest.CoreMatchers.notNullValue) AfterAll(org.junit.jupiter.api.AfterAll) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) PersistentClaimStorage(io.strimzi.api.kafka.model.storage.PersistentClaimStorage) DEFAULT_WEBSERVER_SECURITY_ENABLED(io.strimzi.operator.cluster.model.CruiseControl.DEFAULT_WEBSERVER_SECURITY_ENABLED) Map(java.util.Map) API_HEALTHCHECK_PATH(io.strimzi.operator.cluster.model.CruiseControl.API_HEALTHCHECK_PATH) ContainerEnvVar(io.strimzi.api.kafka.model.ContainerEnvVar) ResourceUtils(io.strimzi.operator.cluster.ResourceUtils) CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_DEFAULT_GOALS_CONFIG_KEY) Affinity(io.fabric8.kubernetes.api.model.Affinity) IpFamilyPolicy(io.strimzi.api.kafka.model.template.IpFamilyPolicy) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) Capacity(io.strimzi.operator.cluster.model.cruisecontrol.Capacity) ParallelTest(io.strimzi.test.annotations.ParallelTest) Collections.emptyList(java.util.Collections.emptyList) Matchers.allOf(org.hamcrest.Matchers.allOf) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION(io.strimzi.operator.cluster.model.CruiseControl.ENV_VAR_CRUISE_CONTROL_CAPACITY_CONFIGURATION) CruiseControlResources(io.strimzi.api.kafka.model.CruiseControlResources) NodeSelectorTermBuilder(io.fabric8.kubernetes.api.model.NodeSelectorTermBuilder) List(java.util.List) EphemeralStorage(io.strimzi.api.kafka.model.storage.EphemeralStorage) Labels(io.strimzi.operator.common.model.Labels) PodSecurityContextBuilder(io.fabric8.kubernetes.api.model.PodSecurityContextBuilder) Matchers.contains(org.hamcrest.Matchers.contains) Matchers.containsInAnyOrder(org.hamcrest.Matchers.containsInAnyOrder) CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters.CRUISE_CONTROL_ANOMALY_DETECTION_CONFIG_KEY) HostAliasBuilder(io.fabric8.kubernetes.api.model.HostAliasBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) Assertions.assertThrows(org.junit.jupiter.api.Assertions.assertThrows) EnvVar(io.fabric8.kubernetes.api.model.EnvVar) Container(io.fabric8.kubernetes.api.model.Container) CruiseControlSpecBuilder(io.strimzi.api.kafka.model.CruiseControlSpecBuilder) CoreMatchers.equalTo(org.hamcrest.CoreMatchers.equalTo) ResourceRequirementsBuilder(io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder) SingleVolumeStorage(io.strimzi.api.kafka.model.storage.SingleVolumeStorage) IpFamily(io.strimzi.api.kafka.model.template.IpFamily) HashMap(java.util.HashMap) KafkaBuilder(io.strimzi.api.kafka.model.KafkaBuilder) ArrayList(java.util.ArrayList) Matchers.hasProperty(org.hamcrest.Matchers.hasProperty) HostAlias(io.fabric8.kubernetes.api.model.HostAlias) JmxPrometheusExporterMetrics(io.strimzi.api.kafka.model.JmxPrometheusExporterMetrics) SecurityContext(io.fabric8.kubernetes.api.model.SecurityContext) JmxPrometheusExporterMetricsBuilder(io.strimzi.api.kafka.model.JmxPrometheusExporterMetricsBuilder) KafkaVersionTestUtils(io.strimzi.operator.cluster.KafkaVersionTestUtils) InlineLogging(io.strimzi.api.kafka.model.InlineLogging) MetricsConfig(io.strimzi.api.kafka.model.MetricsConfig) TestUtils(io.strimzi.test.TestUtils) Collections.singletonMap(java.util.Collections.singletonMap) Service(io.fabric8.kubernetes.api.model.Service) MatcherAssert.assertThat(org.hamcrest.MatcherAssert.assertThat) Assertions.assertEquals(org.junit.jupiter.api.Assertions.assertEquals) CoreMatchers.nullValue(org.hamcrest.CoreMatchers.nullValue) Volume(io.fabric8.kubernetes.api.model.Volume) JbodStorage(io.strimzi.api.kafka.model.storage.JbodStorage) CruiseControlConfigurationParameters(io.strimzi.operator.cluster.operator.resource.cruisecontrol.CruiseControlConfigurationParameters) Toleration(io.fabric8.kubernetes.api.model.Toleration) TolerationBuilder(io.fabric8.kubernetes.api.model.TolerationBuilder) AffinityBuilder(io.fabric8.kubernetes.api.model.AffinityBuilder) Reconciliation(io.strimzi.operator.common.Reconciliation) SystemPropertyBuilder(io.strimzi.api.kafka.model.SystemPropertyBuilder) ConfigMapKeySelectorBuilder(io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) API_USER_NAME(io.strimzi.operator.cluster.model.CruiseControl.API_USER_NAME) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) CruiseControlSpec(io.strimzi.api.kafka.model.CruiseControlSpec) ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount) Kafka(io.strimzi.api.kafka.model.Kafka) Deployment(io.fabric8.kubernetes.api.model.apps.Deployment) Collections(java.util.Collections) BrokerCapacity(io.strimzi.api.kafka.model.balancing.BrokerCapacity) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) ParallelTest(io.strimzi.test.annotations.ParallelTest)

Example 24 with NetworkPolicyPeerBuilder

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder in project strimzi-kafka-operator by strimzi.

the class NetworkPoliciesIsolatedST method testNetworkPoliciesWithTlsListener.

@IsolatedTest("Specific cluster operator for test case")
@Tag(INTERNAL_CLIENTS_USED)
void testNetworkPoliciesWithTlsListener(ExtensionContext extensionContext) {
    String clusterName = mapWithClusterNames.get(extensionContext.getDisplayName());
    clusterOperator.unInstall();
    clusterOperator = new SetupClusterOperator.SetupClusterOperatorBuilder().withExtensionContext(BeforeAllOnce.getSharedExtensionContext()).withNamespace(namespace).createInstallation().runInstallation();
    String allowedKafkaClientsName = clusterName + "-" + Constants.KAFKA_CLIENTS + "-allow";
    String deniedKafkaClientsName = clusterName + "-" + Constants.KAFKA_CLIENTS + "-deny";
    Map<String, String> matchLabelsForTls = new HashMap<>();
    matchLabelsForTls.put("app", allowedKafkaClientsName);
    resourceManager.createResource(extensionContext, KafkaTemplates.kafkaEphemeral(clusterName, 1, 1).editSpec().editKafka().withListeners(new GenericKafkaListenerBuilder().withName(Constants.TLS_LISTENER_DEFAULT_NAME).withPort(9093).withType(KafkaListenerType.INTERNAL).withTls(true).withNewKafkaListenerAuthenticationScramSha512Auth().endKafkaListenerAuthenticationScramSha512Auth().withNetworkPolicyPeers(new NetworkPolicyPeerBuilder().withNewPodSelector().withMatchLabels(matchLabelsForTls).endPodSelector().build()).build()).endKafka().endSpec().build());
    String topic0 = "topic-example-0";
    String topic1 = "topic-example-1";
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topic0).build());
    resourceManager.createResource(extensionContext, KafkaTopicTemplates.topic(clusterName, topic1).build());
    String userName = "user-example";
    KafkaUser kafkaUser = KafkaUserTemplates.scramShaUser(clusterName, userName).build();
    resourceManager.createResource(extensionContext, kafkaUser);
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(true, allowedKafkaClientsName, kafkaUser).build());
    String allowedKafkaClientsPodName = kubeClient().listPodsByPrefixInName(allowedKafkaClientsName).get(0).getMetadata().getName();
    LOGGER.info("Verifying that {} pod is able to exchange messages", allowedKafkaClientsPodName);
    InternalKafkaClient internalKafkaClient = new InternalKafkaClient.Builder().withUsingPodName(allowedKafkaClientsPodName).withTopicName(topic0).withNamespaceName(namespace).withClusterName(clusterName).withMessageCount(MESSAGE_COUNT).withKafkaUsername(userName).withListenerName(Constants.TLS_LISTENER_DEFAULT_NAME).build();
    internalKafkaClient.checkProducedAndConsumedMessages(internalKafkaClient.sendMessagesTls(), internalKafkaClient.receiveMessagesTls());
    resourceManager.createResource(extensionContext, KafkaClientsTemplates.kafkaClients(true, deniedKafkaClientsName, kafkaUser).build());
    String deniedKafkaClientsPodName = kubeClient().listPodsByPrefixInName(deniedKafkaClientsName).get(0).getMetadata().getName();
    InternalKafkaClient newInternalKafkaClient = internalKafkaClient.toBuilder().withUsingPodName(deniedKafkaClientsPodName).withTopicName(topic1).withConsumerGroupName(ClientUtils.generateRandomConsumerGroup()).build();
    LOGGER.info("Verifying that {} pod is not able to exchange messages", deniedKafkaClientsPodName);
    assertThrows(AssertionError.class, () -> {
        newInternalKafkaClient.checkProducedAndConsumedMessages(newInternalKafkaClient.sendMessagesTls(), newInternalKafkaClient.receiveMessagesTls());
    });
}
Also used : SetupClusterOperator(io.strimzi.systemtest.resources.operator.SetupClusterOperator) HashMap(java.util.HashMap) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) EnvVarBuilder(io.fabric8.kubernetes.api.model.EnvVarBuilder) GenericKafkaListenerBuilder(io.strimzi.api.kafka.model.listener.arraylistener.GenericKafkaListenerBuilder) NamespaceBuilder(io.fabric8.kubernetes.api.model.NamespaceBuilder) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) InternalKafkaClient(io.strimzi.systemtest.kafkaclients.clients.InternalKafkaClient) KafkaUser(io.strimzi.api.kafka.model.KafkaUser) NetworkPolicyPeerBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder) IsolatedTest(io.strimzi.systemtest.annotations.IsolatedTest) Tag(org.junit.jupiter.api.Tag)

Aggregations

NetworkPolicyPeerBuilder (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeerBuilder)24 NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)20 NetworkPolicyIngressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)20 NetworkPolicyPeer (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)18 ArrayList (java.util.ArrayList)18 HashMap (java.util.HashMap)16 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)14 Kafka (io.strimzi.api.kafka.model.Kafka)14 ParallelTest (io.strimzi.test.annotations.ParallelTest)14 ConfigMapKeySelectorBuilder (io.fabric8.kubernetes.api.model.ConfigMapKeySelectorBuilder)12 Container (io.fabric8.kubernetes.api.model.Container)12 EnvVar (io.fabric8.kubernetes.api.model.EnvVar)12 HostAlias (io.fabric8.kubernetes.api.model.HostAlias)12 HostAliasBuilder (io.fabric8.kubernetes.api.model.HostAliasBuilder)12 PodSecurityContextBuilder (io.fabric8.kubernetes.api.model.PodSecurityContextBuilder)12 Quantity (io.fabric8.kubernetes.api.model.Quantity)12 ResourceRequirementsBuilder (io.fabric8.kubernetes.api.model.ResourceRequirementsBuilder)12 SecurityContext (io.fabric8.kubernetes.api.model.SecurityContext)12 SecurityContextBuilder (io.fabric8.kubernetes.api.model.SecurityContextBuilder)12 Service (io.fabric8.kubernetes.api.model.Service)12
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial