sigs.k8s.io/cluster-api-provider-azure@v1.14.3/test/e2e/kubernetes/networkpolicy/networkpolicy.go

sigs.k8s.io/cluster-api-provider-azure@v1.14.3/test/e2e/kubernetes/networkpolicy/networkpolicy.go (about)

     1  //go:build e2e
     2  // +build e2e
     3  
     4  /*
     5  Copyright 2020 The Kubernetes Authors.
     6  
     7  Licensed under the Apache License, Version 2.0 (the "License");
     8  you may not use this file except in compliance with the License.
     9  You may obtain a copy of the License at
    10  
    11      http://www.apache.org/licenses/LICENSE-2.0
    12  
    13  Unless required by applicable law or agreed to in writing, software
    14  distributed under the License is distributed on an "AS IS" BASIS,
    15  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    16  See the License for the specific language governing permissions and
    17  limitations under the License.
    18  */
    19  
    20  package networkpolicy
    21  
    22  import (
    23  	"context"
    24  	"fmt"
    25  	"log"
    26  	"os"
    27  	"path/filepath"
    28  	"time"
    29  
    30  	. "github.com/onsi/gomega"
    31  	corev1 "k8s.io/api/core/v1"
    32  	networkingv1 "k8s.io/api/networking/v1"
    33  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    34  	"k8s.io/client-go/kubernetes"
    35  	restclient "k8s.io/client-go/rest"
    36  	"k8s.io/kubectl/pkg/scheme"
    37  	e2e_pod "sigs.k8s.io/cluster-api-provider-azure/test/e2e/kubernetes/pod"
    38  )
    39  
    40  const (
    41  	networkPolicyOperationTimeout             = 30 * time.Second
    42  	networkPolicyOperationSleepBetweenRetries = 3 * time.Second
    43  )
    44  
    45  // CreateNetworkPolicyFromFile will create a NetworkPolicy from file with a name
    46  func CreateNetworkPolicyFromFile(ctx context.Context, clientset *kubernetes.Clientset, filename, namespace string) error {
    47  	data, err := os.ReadFile(filename)
    48  	if err != nil {
    49  		return err
    50  	}
    51  
    52  	decode := scheme.Codecs.UniversalDeserializer().Decode
    53  
    54  	obj, _, err := decode(data, nil, nil)
    55  	if err != nil {
    56  		return err
    57  	}
    58  
    59  	switch o := obj.(type) {
    60  	case *networkingv1.NetworkPolicy:
    61  		return createNetworkPolicyV1(ctx, clientset, namespace, obj.(*networkingv1.NetworkPolicy))
    62  	default:
    63  		return fmt.Errorf("unsupported k8s manifest type %T", o)
    64  	}
    65  }
    66  
    67  func createNetworkPolicyV1(ctx context.Context, clientset *kubernetes.Clientset, namespace string, networkPolicy *networkingv1.NetworkPolicy) error {
    68  	Eventually(func(g Gomega) {
    69  		_, err := clientset.NetworkingV1().NetworkPolicies(namespace).Create(ctx, networkPolicy, metav1.CreateOptions{})
    70  		if err != nil {
    71  			log.Printf("failed trying to create NetworkPolicy (%s):%s\n", networkPolicy.Name, err.Error())
    72  		}
    73  		g.Expect(err).NotTo(HaveOccurred())
    74  	}, networkPolicyOperationTimeout, networkPolicyOperationSleepBetweenRetries).Should(Succeed())
    75  	return nil
    76  }
    77  
    78  // DeleteNetworkPolicy will create a NetworkPolicy from file with a name
    79  func DeleteNetworkPolicy(ctx context.Context, clientset *kubernetes.Clientset, name, namespace string) {
    80  	opts := metav1.DeleteOptions{}
    81  	Eventually(func(g Gomega) {
    82  		err := clientset.NetworkingV1().NetworkPolicies(namespace).Delete(ctx, name, opts)
    83  		if err != nil {
    84  			log.Printf("failed trying to delete NetworkPolicy (%s):%s\n", name, err.Error())
    85  		}
    86  		g.Expect(err).NotTo(HaveOccurred())
    87  	}, networkPolicyOperationTimeout, networkPolicyOperationSleepBetweenRetries).Should(Succeed())
    88  }
    89  
    90  func EnsureOutboundInternetAccess(clientset *kubernetes.Clientset, config *restclient.Config, pods []corev1.Pod) {
    91  	for _, pod := range pods {
    92  		CheckOutboundConnection(clientset, config, pod)
    93  	}
    94  }
    95  
    96  func EnsureConnectivityResultBetweenPods(clientset *kubernetes.Clientset, config *restclient.Config, fromPods []corev1.Pod, toPods []corev1.Pod, shouldHaveConnection bool) {
    97  	for _, fromPod := range fromPods {
    98  		for _, toPod := range toPods {
    99  			command := []string{"curl", "-S", "-s", "-o", "/dev/null", toPod.Status.PodIP}
   100  			err := e2e_pod.Exec(clientset, config, fromPod, command, shouldHaveConnection)
   101  			Expect(err).NotTo(HaveOccurred())
   102  		}
   103  	}
   104  }
   105  
   106  func CheckOutboundConnection(clientset *kubernetes.Clientset, config *restclient.Config, pod corev1.Pod) {
   107  	command := []string{"curl", "-S", "-s", "-o", "/dev/null", "www.bing.com"}
   108  	err := e2e_pod.Exec(clientset, config, pod, command, true)
   109  	Expect(err).NotTo(HaveOccurred())
   110  }
   111  
   112  func ApplyNetworkPolicy(ctx context.Context, clientset *kubernetes.Clientset, nwpolicyName string, namespace string, nwpolicyFileName string, policyDir string) {
   113  	err := CreateNetworkPolicyFromFile(ctx, clientset, filepath.Join(policyDir, nwpolicyFileName), namespace)
   114  	Expect(err).NotTo(HaveOccurred())
   115  }