Examples with NetworkPolicyPort io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort used on opensource projects

Search in sources :

Example 1 with NetworkPolicyPort

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort in project onos by opennetworkinglab.

the class K8sNetworkPolicyHandler method setAllowRulesByPolicy.

private void setAllowRulesByPolicy(NetworkPolicy policy, boolean install) {
    Map<String, Map<String, List<NetworkPolicyPort>>> white = Maps.newConcurrentMap();
    int nsHash = namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace());
    List<NetworkPolicyIngressRule> ingress = policy.getSpec().getIngress();
    if (ingress != null && ingress.size() == 1) {
        NetworkPolicyIngressRule rule = ingress.get(0);
        if (rule.getFrom().size() == 0 && rule.getPorts().size() == 0) {
            setAllowAllRule(nsHash, DIRECTION_INGRESS, install);
        }
    }
    policy.getSpec().getIngress().forEach(i -> {
        Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
        direction.put(DIRECTION_INGRESS, i.getPorts());
        i.getFrom().forEach(peer -> {
            // IP block
            if (peer.getIpBlock() != null) {
                if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
                    Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
                    blkDirection.put(DIRECTION_INGRESS, i.getPorts());
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> blkDirection);
                    setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_INGRESS, peer.getIpBlock().getExcept(), install);
                } else {
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> direction);
                }
            }
            // POD selector
            Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
            pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
                white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> direction);
                white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> direction);
            });
            // Namespace selector
            setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_INGRESS, install);
        });
    });
    List<NetworkPolicyEgressRule> egress = policy.getSpec().getEgress();
    if (egress != null && egress.size() == 1) {
        NetworkPolicyEgressRule rule = egress.get(0);
        if (rule.getTo().size() == 0 && rule.getPorts().size() == 0) {
            setAllowAllRule(nsHash, DIRECTION_EGRESS, install);
        }
    }
    policy.getSpec().getEgress().forEach(e -> {
        Map<String, List<NetworkPolicyPort>> direction = Maps.newConcurrentMap();
        direction.put(DIRECTION_EGRESS, e.getPorts());
        e.getTo().forEach(peer -> {
            // IP block
            if (peer.getIpBlock() != null) {
                if (peer.getIpBlock().getExcept() != null && peer.getIpBlock().getExcept().size() > 0) {
                    Map<String, List<NetworkPolicyPort>> blkDirection = Maps.newConcurrentMap();
                    blkDirection.put(DIRECTION_EGRESS, e.getPorts());
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
                        if (v != null) {
                            v.put(DIRECTION_EGRESS, e.getPorts());
                            return v;
                        } else {
                            return blkDirection;
                        }
                    });
                    setBlackRules(peer.getIpBlock().getCidr(), DIRECTION_EGRESS, peer.getIpBlock().getExcept(), install);
                } else {
                    white.compute(peer.getIpBlock().getCidr(), (k, v) -> {
                        if (v != null) {
                            v.put(DIRECTION_EGRESS, e.getPorts());
                            return v;
                        } else {
                            return direction;
                        }
                    });
                }
            }
            // POD selector
            Set<Pod> pods = podsFromPolicyPeer(peer, policy.getMetadata().getNamespace());
            pods.stream().filter(pod -> pod.getStatus().getPodIP() != null).forEach(pod -> {
                white.compute(shiftIpDomain(pod.getStatus().getPodIP(), SHIFTED_IP_PREFIX) + "/" + HOST_PREFIX, (m, n) -> {
                    if (n != null) {
                        n.put(DIRECTION_EGRESS, e.getPorts());
                        return n;
                    } else {
                        return direction;
                    }
                });
                white.compute(pod.getStatus().getPodIP() + "/" + HOST_PREFIX, (m, n) -> {
                    if (n != null) {
                        n.put(DIRECTION_EGRESS, e.getPorts());
                        return n;
                    } else {
                        return direction;
                    }
                });
            });
            // Namespace selector
            setAllowNamespaceRules(nsHash, namespacesByPolicyPeer(peer), DIRECTION_EGRESS, install);
        });
    });
    setAllowRules(namespaceHashByNamespace(k8sNamespaceService, policy.getMetadata().getNamespace()), white, install);
    setBlackToRouteRules(true);
}
Also used : ACL_INGRESS_WHITE_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_INGRESS_WHITE_TABLE) K8sNetworkingUtil.shiftIpDomain(org.onosproject.k8snetworking.util.K8sNetworkingUtil.shiftIpDomain) CoreService(org.onosproject.core.CoreService) DeviceService(org.onosproject.net.device.DeviceService) Tools.groupedThreads(org.onlab.util.Tools.groupedThreads) PRIORITY_NAMESPACE_RULE(org.onosproject.k8snetworking.api.Constants.PRIORITY_NAMESPACE_RULE) NAMESPACE_TABLE(org.onosproject.k8snetworking.api.Constants.NAMESPACE_TABLE) PRIORITY_CIDR_RULE(org.onosproject.k8snetworking.api.Constants.PRIORITY_CIDR_RULE) DriverService(org.onosproject.net.driver.DriverService) DefaultTrafficTreatment(org.onosproject.net.flow.DefaultTrafficTreatment) K8sNetworkPolicyEvent(org.onosproject.k8snetworking.api.K8sNetworkPolicyEvent) DEFAULT_METADATA_MASK(org.onosproject.k8snetworking.api.Constants.DEFAULT_METADATA_MASK) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) StorageService(org.onosproject.store.service.StorageService) ROUTING_TABLE(org.onosproject.k8snetworking.api.Constants.ROUTING_TABLE) DEFAULT_SEGMENT_ID(org.onosproject.k8snetworking.api.Constants.DEFAULT_SEGMENT_ID) DEFAULT_NAMESPACE_HASH(org.onosproject.k8snetworking.api.Constants.DEFAULT_NAMESPACE_HASH) Map(java.util.Map) SERVICE_IP_CIDR_DEFAULT(org.onosproject.k8snetworking.impl.OsgiPropertyConstants.SERVICE_IP_CIDR_DEFAULT) ApplicationId(org.onosproject.core.ApplicationId) K8sPodService(org.onosproject.k8snetworking.api.K8sPodService) K8sServiceEvent(org.onosproject.k8snetworking.api.K8sServiceEvent) TYPE_IPV4(org.onlab.packet.Ethernet.TYPE_IPV4) K8sPodListener(org.onosproject.k8snetworking.api.K8sPodListener) ACL_EGRESS_BLACK_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_BLACK_TABLE) NodeId(org.onosproject.cluster.NodeId) ImmutableSet(com.google.common.collect.ImmutableSet) K8sNetworkingUtil.namespaceHashByPodIp(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByPodIp) Deactivate(org.osgi.service.component.annotations.Deactivate) K8sNetworkingUtil.namespaceHashByServiceIp(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByServiceIp) ACL_INGRESS_BLACK_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_INGRESS_BLACK_TABLE) Set(java.util.Set) K8sFlowRuleService(org.onosproject.k8snetworking.api.K8sFlowRuleService) Executors.newSingleThreadExecutor(java.util.concurrent.Executors.newSingleThreadExecutor) Sets(com.google.common.collect.Sets) Objects(java.util.Objects) List(java.util.List) Namespace(io.fabric8.kubernetes.api.model.Namespace) K8sNetworkPolicyService(org.onosproject.k8snetworking.api.K8sNetworkPolicyService) ClusterService(org.onosproject.cluster.ClusterService) LabelSelectorRequirement(io.fabric8.kubernetes.api.model.LabelSelectorRequirement) IpPrefix(org.onlab.packet.IpPrefix) ACL_EGRESS_WHITE_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_EGRESS_WHITE_TABLE) K8sServiceService(org.onosproject.k8snetworking.api.K8sServiceService) ACL_TABLE(org.onosproject.k8snetworking.api.Constants.ACL_TABLE) GROUPING_TABLE(org.onosproject.k8snetworking.api.Constants.GROUPING_TABLE) K8sNetworkService(org.onosproject.k8snetworking.api.K8sNetworkService) AtomicReference(java.util.concurrent.atomic.AtomicReference) NetworkPolicyEgressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule) K8sNamespaceListener(org.onosproject.k8snetworking.api.K8sNamespaceListener) Component(org.osgi.service.component.annotations.Component) TrafficSelector(org.onosproject.net.flow.TrafficSelector) K8sNamespaceEvent(org.onosproject.k8snetworking.api.K8sNamespaceEvent) NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) K8sServiceListener(org.onosproject.k8snetworking.api.K8sServiceListener) Activate(org.osgi.service.component.annotations.Activate) Service(io.fabric8.kubernetes.api.model.Service) DefaultTrafficSelector(org.onosproject.net.flow.DefaultTrafficSelector) ExecutorService(java.util.concurrent.ExecutorService) K8S_NETWORKING_APP_ID(org.onosproject.k8snetworking.api.Constants.K8S_NETWORKING_APP_ID) IpAddress(org.onlab.packet.IpAddress) TpPort(org.onlab.packet.TpPort) ComponentConfigService(org.onosproject.cfg.ComponentConfigService) TrafficTreatment(org.onosproject.net.flow.TrafficTreatment) Logger(org.slf4j.Logger) SHIFTED_IP_PREFIX(org.onosproject.k8snetworking.api.Constants.SHIFTED_IP_PREFIX) Pod(io.fabric8.kubernetes.api.model.Pod) Maps(com.google.common.collect.Maps) K8sNamespaceService(org.onosproject.k8snetworking.api.K8sNamespaceService) K8sNetworkPolicyListener(org.onosproject.k8snetworking.api.K8sNetworkPolicyListener) ReferenceCardinality(org.osgi.service.component.annotations.ReferenceCardinality) IPv4(org.onlab.packet.IPv4) DEFAULT_SERVICE_IP_NONE(org.onosproject.k8snetworking.api.Constants.DEFAULT_SERVICE_IP_NONE) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) LoggerFactory.getLogger(org.slf4j.LoggerFactory.getLogger) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) K8sNetworkingUtil.namespaceHashByNamespace(org.onosproject.k8snetworking.util.K8sNetworkingUtil.namespaceHashByNamespace) K8sPodEvent(org.onosproject.k8snetworking.api.K8sPodEvent) K8sNodeService(org.onosproject.k8snode.api.K8sNodeService) Reference(org.osgi.service.component.annotations.Reference) LeadershipService(org.onosproject.cluster.LeadershipService) NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) Pod(io.fabric8.kubernetes.api.model.Pod) NetworkPolicyEgressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyEgressRule) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) List(java.util.List) Map(java.util.Map)

Example 2 with NetworkPolicyPort

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort in project strimzi by strimzi.

the class ZookeeperCluster method generateNetworkPolicy.

/**
 * Generates the NetworkPolicies relevant for ZooKeeper nodes
 *
 * @param operatorNamespace                             Namespace where the Strimzi Cluster Operator runs. Null if not configured.
 * @param operatorNamespaceLabels                       Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
 *
 * @return The network policy.
 */
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
    List<NetworkPolicyIngressRule> rules = new ArrayList<>(2);
    NetworkPolicyPort clientsPort = new NetworkPolicyPort();
    clientsPort.setPort(new IntOrString(CLIENT_TLS_PORT));
    clientsPort.setProtocol("TCP");
    NetworkPolicyPort clusteringPort = new NetworkPolicyPort();
    clusteringPort.setPort(new IntOrString(CLUSTERING_PORT));
    clusteringPort.setProtocol("TCP");
    NetworkPolicyPort leaderElectionPort = new NetworkPolicyPort();
    leaderElectionPort.setPort(new IntOrString(LEADER_ELECTION_PORT));
    leaderElectionPort.setProtocol("TCP");
    NetworkPolicyPeer zookeeperClusterPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector2 = new LabelSelector();
    Map<String, String> expressions2 = new HashMap<>(1);
    expressions2.put(Labels.STRIMZI_NAME_LABEL, zookeeperClusterName(cluster));
    labelSelector2.setMatchLabels(expressions2);
    zookeeperClusterPeer.setPodSelector(labelSelector2);
    // Zookeeper only ports - 2888 & 3888 which need to be accessed by the Zookeeper cluster members only
    NetworkPolicyIngressRule zookeeperClusteringIngressRule = new NetworkPolicyIngressRuleBuilder().withPorts(clusteringPort, leaderElectionPort).withFrom(zookeeperClusterPeer).build();
    rules.add(zookeeperClusteringIngressRule);
    // Clients port - needs to be access from outside the Zookeeper cluster as well
    NetworkPolicyIngressRule clientsIngressRule = new NetworkPolicyIngressRuleBuilder().withPorts(clientsPort).withFrom().build();
    NetworkPolicyPeer kafkaClusterPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector = new LabelSelector();
    Map<String, String> expressions = new HashMap<>(1);
    expressions.put(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(cluster));
    labelSelector.setMatchLabels(expressions);
    kafkaClusterPeer.setPodSelector(labelSelector);
    NetworkPolicyPeer entityOperatorPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector3 = new LabelSelector();
    Map<String, String> expressions3 = new HashMap<>(1);
    expressions3.put(Labels.STRIMZI_NAME_LABEL, EntityOperator.entityOperatorName(cluster));
    labelSelector3.setMatchLabels(expressions3);
    entityOperatorPeer.setPodSelector(labelSelector3);
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector4 = new LabelSelector();
    Map<String, String> expressions4 = new HashMap<>(1);
    expressions4.put(Labels.STRIMZI_KIND_LABEL, "cluster-operator");
    labelSelector4.setMatchLabels(expressions4);
    clusterOperatorPeer.setPodSelector(labelSelector4);
    ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
    NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector5 = new LabelSelector();
    Map<String, String> expressions5 = new HashMap<>(1);
    expressions5.put(Labels.STRIMZI_NAME_LABEL, CruiseControl.cruiseControlName(cluster));
    labelSelector5.setMatchLabels(expressions5);
    cruiseControlPeer.setPodSelector(labelSelector5);
    // This is a hack because we have no guarantee that the CO namespace has some particular labels
    List<NetworkPolicyPeer> clientsPortPeers = new ArrayList<>(4);
    clientsPortPeers.add(kafkaClusterPeer);
    clientsPortPeers.add(zookeeperClusterPeer);
    clientsPortPeers.add(entityOperatorPeer);
    clientsPortPeers.add(clusterOperatorPeer);
    clientsPortPeers.add(cruiseControlPeer);
    clientsIngressRule.setFrom(clientsPortPeers);
    rules.add(clientsIngressRule);
    if (isMetricsEnabled) {
        NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
        rules.add(metricsRule);
    }
    if (isJmxEnabled) {
        NetworkPolicyPort jmxPort = new NetworkPolicyPort();
        jmxPort.setPort(new IntOrString(JMX_PORT));
        NetworkPolicyIngressRule jmxRule = new NetworkPolicyIngressRuleBuilder().withPorts(jmxPort).withFrom().build();
        rules.add(jmxRule);
    }
    NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(policyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withPodSelector(labelSelector2).withIngress(rules).endSpec().build();
    LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
    return networkPolicy;
}
Also used : NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) HashMap(java.util.HashMap) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ArrayList(java.util.ArrayList) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder)

Example 3 with NetworkPolicyPort

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort in project strimzi-kafka-operator by strimzi.

the class ZookeeperCluster method generateNetworkPolicy.

/**
 * Generates the NetworkPolicies relevant for ZooKeeper nodes
 *
 * @param operatorNamespace                             Namespace where the Strimzi Cluster Operator runs. Null if not configured.
 * @param operatorNamespaceLabels                       Labels of the namespace where the Strimzi Cluster Operator runs. Null if not configured.
 *
 * @return The network policy.
 */
public NetworkPolicy generateNetworkPolicy(String operatorNamespace, Labels operatorNamespaceLabels) {
    List<NetworkPolicyIngressRule> rules = new ArrayList<>(2);
    NetworkPolicyPort clientsPort = new NetworkPolicyPort();
    clientsPort.setPort(new IntOrString(CLIENT_TLS_PORT));
    clientsPort.setProtocol("TCP");
    NetworkPolicyPort clusteringPort = new NetworkPolicyPort();
    clusteringPort.setPort(new IntOrString(CLUSTERING_PORT));
    clusteringPort.setProtocol("TCP");
    NetworkPolicyPort leaderElectionPort = new NetworkPolicyPort();
    leaderElectionPort.setPort(new IntOrString(LEADER_ELECTION_PORT));
    leaderElectionPort.setProtocol("TCP");
    NetworkPolicyPeer zookeeperClusterPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector2 = new LabelSelector();
    Map<String, String> expressions2 = new HashMap<>(1);
    expressions2.put(Labels.STRIMZI_NAME_LABEL, zookeeperClusterName(cluster));
    labelSelector2.setMatchLabels(expressions2);
    zookeeperClusterPeer.setPodSelector(labelSelector2);
    // Zookeeper only ports - 2888 & 3888 which need to be accessed by the Zookeeper cluster members only
    NetworkPolicyIngressRule zookeeperClusteringIngressRule = new NetworkPolicyIngressRuleBuilder().withPorts(clusteringPort, leaderElectionPort).withFrom(zookeeperClusterPeer).build();
    rules.add(zookeeperClusteringIngressRule);
    // Clients port - needs to be access from outside the Zookeeper cluster as well
    NetworkPolicyIngressRule clientsIngressRule = new NetworkPolicyIngressRuleBuilder().withPorts(clientsPort).withFrom().build();
    NetworkPolicyPeer kafkaClusterPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector = new LabelSelector();
    Map<String, String> expressions = new HashMap<>(1);
    expressions.put(Labels.STRIMZI_NAME_LABEL, KafkaCluster.kafkaClusterName(cluster));
    labelSelector.setMatchLabels(expressions);
    kafkaClusterPeer.setPodSelector(labelSelector);
    NetworkPolicyPeer entityOperatorPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector3 = new LabelSelector();
    Map<String, String> expressions3 = new HashMap<>(1);
    expressions3.put(Labels.STRIMZI_NAME_LABEL, EntityOperator.entityOperatorName(cluster));
    labelSelector3.setMatchLabels(expressions3);
    entityOperatorPeer.setPodSelector(labelSelector3);
    NetworkPolicyPeer clusterOperatorPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector4 = new LabelSelector();
    Map<String, String> expressions4 = new HashMap<>(1);
    expressions4.put(Labels.STRIMZI_KIND_LABEL, "cluster-operator");
    labelSelector4.setMatchLabels(expressions4);
    clusterOperatorPeer.setPodSelector(labelSelector4);
    ModelUtils.setClusterOperatorNetworkPolicyNamespaceSelector(clusterOperatorPeer, namespace, operatorNamespace, operatorNamespaceLabels);
    NetworkPolicyPeer cruiseControlPeer = new NetworkPolicyPeer();
    LabelSelector labelSelector5 = new LabelSelector();
    Map<String, String> expressions5 = new HashMap<>(1);
    expressions5.put(Labels.STRIMZI_NAME_LABEL, CruiseControl.cruiseControlName(cluster));
    labelSelector5.setMatchLabels(expressions5);
    cruiseControlPeer.setPodSelector(labelSelector5);
    // This is a hack because we have no guarantee that the CO namespace has some particular labels
    List<NetworkPolicyPeer> clientsPortPeers = new ArrayList<>(4);
    clientsPortPeers.add(kafkaClusterPeer);
    clientsPortPeers.add(zookeeperClusterPeer);
    clientsPortPeers.add(entityOperatorPeer);
    clientsPortPeers.add(clusterOperatorPeer);
    clientsPortPeers.add(cruiseControlPeer);
    clientsIngressRule.setFrom(clientsPortPeers);
    rules.add(clientsIngressRule);
    if (isMetricsEnabled) {
        NetworkPolicyIngressRule metricsRule = new NetworkPolicyIngressRuleBuilder().addNewPort().withNewPort(METRICS_PORT).withProtocol("TCP").endPort().withFrom().build();
        rules.add(metricsRule);
    }
    if (isJmxEnabled) {
        NetworkPolicyPort jmxPort = new NetworkPolicyPort();
        jmxPort.setPort(new IntOrString(JMX_PORT));
        NetworkPolicyIngressRule jmxRule = new NetworkPolicyIngressRuleBuilder().withPorts(jmxPort).withFrom().build();
        rules.add(jmxRule);
    }
    NetworkPolicy networkPolicy = new NetworkPolicyBuilder().withNewMetadata().withName(policyName(cluster)).withNamespace(namespace).withLabels(labels.toMap()).withOwnerReferences(createOwnerReference()).endMetadata().withNewSpec().withPodSelector(labelSelector2).withIngress(rules).endSpec().build();
    LOGGER.traceCr(reconciliation, "Created network policy {}", networkPolicy);
    return networkPolicy;
}
Also used : NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) NetworkPolicyPeer(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer) HashMap(java.util.HashMap) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) ArrayList(java.util.ArrayList) LabelSelector(io.fabric8.kubernetes.api.model.LabelSelector) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder) NetworkPolicyIngressRule(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule) NetworkPolicyIngressRuleBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder)

Example 4 with NetworkPolicyPort

use of io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort in project debezium by debezium.

the class OcpKafkaConnectController method allowServiceAccess.

/**
 * Creates network policy allowing access to ports exposed by Kafka Connect
 *
 * @return
 */
public NetworkPolicy allowServiceAccess() {
    LOGGER.info("Creating NetworkPolicy allowing public access to " + kafkaConnect.getMetadata().getName() + "'s services");
    Map<String, String> labels = new HashMap<>();
    labels.put("strimzi.io/cluster", kafkaConnect.getMetadata().getName());
    labels.put("strimzi.io/kind", "KafkaConnect");
    labels.put("strimzi.io/name", kafkaConnect.getMetadata().getName() + "-connect");
    List<NetworkPolicyPort> ports = Stream.of(8083, 8404, 9404).map(IntOrString::new).map(p -> new NetworkPolicyPortBuilder().withProtocol("TCP").withPort(p).build()).collect(Collectors.toList());
    return ocpUtils.createNetworkPolicy(project, kafkaConnect.getMetadata().getName() + "-allowed", labels, ports);
}
Also used : WaitConditions(io.debezium.testing.system.tools.WaitConditions) Crds.kafkaConnectOperation(io.strimzi.api.kafka.Crds.kafkaConnectOperation) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) LoggerFactory(org.slf4j.LoggerFactory) MINUTES(java.util.concurrent.TimeUnit.MINUTES) HashMap(java.util.HashMap) Crds(io.strimzi.api.kafka.Crds) WaitConditions.scaled(io.debezium.testing.system.tools.WaitConditions.scaled) RestPrometheusMetricReader(io.debezium.testing.system.tools.kafka.connectors.RestPrometheusMetricReader) Route(io.fabric8.openshift.api.model.Route) Map(java.util.Map) NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) NetworkPolicyPortBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPortBuilder) Service(io.fabric8.kubernetes.api.model.Service) CustomResourceConnectorDeployer(io.debezium.testing.system.tools.kafka.connectors.CustomResourceConnectorDeployer) KafkaConnect(io.strimzi.api.kafka.model.KafkaConnect) Awaitility.await(org.awaitility.Awaitility.await) Logger(org.slf4j.Logger) ConnectorMetricsReader(io.debezium.testing.system.tools.kafka.connectors.ConnectorMetricsReader) JsonConnectorDeployer(io.debezium.testing.system.tools.kafka.connectors.JsonConnectorDeployer) OpenShiftUtils(io.debezium.testing.system.tools.OpenShiftUtils) IOException(java.io.IOException) OpenShiftClient(io.fabric8.openshift.client.OpenShiftClient) Collectors(java.util.stream.Collectors) HttpUtils(io.debezium.testing.system.tools.HttpUtils) List(java.util.List) Stream(java.util.stream.Stream) OkHttpClient(okhttp3.OkHttpClient) NetworkPolicy(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy) HttpUrl(okhttp3.HttpUrl) ConnectorDeployer(io.debezium.testing.system.tools.kafka.connectors.ConnectorDeployer) SECONDS(java.util.concurrent.TimeUnit.SECONDS) NetworkPolicyPort(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort) HashMap(java.util.HashMap) IntOrString(io.fabric8.kubernetes.api.model.IntOrString) NetworkPolicyPortBuilder(io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPortBuilder) IntOrString(io.fabric8.kubernetes.api.model.IntOrString)

Aggregations

NetworkPolicy (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicy)4 NetworkPolicyPort (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPort)4 IntOrString (io.fabric8.kubernetes.api.model.IntOrString)3 NetworkPolicyIngressRule (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRule)3 NetworkPolicyPeer (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyPeer)3 HashMap (java.util.HashMap)3 LabelSelector (io.fabric8.kubernetes.api.model.LabelSelector)2 Service (io.fabric8.kubernetes.api.model.Service)2 NetworkPolicyBuilder (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyBuilder)2 NetworkPolicyIngressRuleBuilder (io.fabric8.kubernetes.api.model.networking.v1.NetworkPolicyIngressRuleBuilder)2 ArrayList (java.util.ArrayList)2 List (java.util.List)2 Map (java.util.Map)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 Maps (com.google.common.collect.Maps)1 Sets (com.google.common.collect.Sets)1 HttpUtils (io.debezium.testing.system.tools.HttpUtils)1 OpenShiftUtils (io.debezium.testing.system.tools.OpenShiftUtils)1 WaitConditions (io.debezium.testing.system.tools.WaitConditions)1 WaitConditions.scaled (io.debezium.testing.system.tools.WaitConditions.scaled)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial