Merge pull request #14 from codex-storage/fix/check-network-policies
Fix/check network policies
This commit is contained in:
Ben Bierens
GitHub
commit
1d919544af
|
|
@ -7,10 +7,10 @@ namespace DistTestCore.Codex
|
|||
public class CodexContainerRecipe : ContainerRecipeFactory
|
||||
{
|
||||
#if Arm64
|
||||
public const string DockerImage = "emizzle/nim-codex-arm64:sha-c7af585";
|
||||
public const string DockerImage = "codexstorage/nim-codex:sha-7b88ea0";
|
||||
#else
|
||||
//public const string DockerImage = "thatbenbierens/nim-codex:sha-9716635";
|
||||
public const string DockerImage = "thatbenbierens/codexlocal:latest";
|
||||
//public const string DockerImage = "codexstorage/nim-codex:sha-7b88ea0";
|
||||
public const string DockerImage = "codexstorage/nim-codex:sha-7b88ea0";
|
||||
#endif
|
||||
public const string MetricsPortTag = "metrics_port";
|
||||
public const string DiscoveryPortTag = "discovery-port";
|
||||
|
|
|
|||
|
|
@ -148,10 +148,7 @@ namespace KubernetesWorkflow
|
|||
},
|
||||
Spec = new V1NetworkPolicySpec
|
||||
{
|
||||
PodSelector = new V1LabelSelector
|
||||
{
|
||||
MatchLabels = GetSelector()
|
||||
},
|
||||
PodSelector = new V1LabelSelector {},
|
||||
PolicyTypes = new[]
|
||||
{
|
||||
"Ingress",
|
||||
|
|
@ -165,16 +162,23 @@ namespace KubernetesWorkflow
|
|||
{
|
||||
new V1NetworkPolicyPeer
|
||||
{
|
||||
NamespaceSelector = new V1LabelSelector
|
||||
{
|
||||
MatchLabels = GetMyNamespaceSelector()
|
||||
}
|
||||
PodSelector = new V1LabelSelector {}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
Egress = new List<V1NetworkPolicyEgressRule>
|
||||
{
|
||||
new V1NetworkPolicyEgressRule
|
||||
{
|
||||
To = new List<V1NetworkPolicyPeer>
|
||||
{
|
||||
new V1NetworkPolicyPeer
|
||||
{
|
||||
PodSelector = new V1LabelSelector {}
|
||||
}
|
||||
}
|
||||
},
|
||||
new V1NetworkPolicyEgressRule
|
||||
{
|
||||
To = new List<V1NetworkPolicyPeer>
|
||||
|
|
@ -183,11 +187,62 @@ namespace KubernetesWorkflow
|
|||
{
|
||||
NamespaceSelector = new V1LabelSelector
|
||||
{
|
||||
MatchLabels = GetMyNamespaceSelector()
|
||||
MatchLabels = new Dictionary<string, string> { { "kubernetes.io/metadata.name", "kube-system" } }
|
||||
}
|
||||
},
|
||||
new V1NetworkPolicyPeer
|
||||
{
|
||||
PodSelector = new V1LabelSelector
|
||||
{
|
||||
MatchLabels = new Dictionary<string, string> { { "k8s-app", "kube-dns" } }
|
||||
}
|
||||
}
|
||||
},
|
||||
Ports = new List<V1NetworkPolicyPort>
|
||||
{
|
||||
new V1NetworkPolicyPort
|
||||
{
|
||||
Port = new IntstrIntOrString
|
||||
{
|
||||
Value = "53"
|
||||
},
|
||||
Protocol = "UDP"
|
||||
}
|
||||
}
|
||||
},
|
||||
new V1NetworkPolicyEgressRule
|
||||
{
|
||||
To = new List<V1NetworkPolicyPeer>
|
||||
{
|
||||
new V1NetworkPolicyPeer
|
||||
{
|
||||
IpBlock = new V1IPBlock
|
||||
{
|
||||
Cidr = "0.0.0.0/0"
|
||||
}
|
||||
}
|
||||
},
|
||||
Ports = new List<V1NetworkPolicyPort>
|
||||
{
|
||||
new V1NetworkPolicyPort
|
||||
{
|
||||
Port = new IntstrIntOrString
|
||||
{
|
||||
Value = "80"
|
||||
},
|
||||
Protocol = "TCP"
|
||||
},
|
||||
new V1NetworkPolicyPort
|
||||
{
|
||||
Port = new IntstrIntOrString
|
||||
{
|
||||
Value = "443"
|
||||
},
|
||||
Protocol = "TCP"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
};
|
||||
|
|
@ -255,11 +310,6 @@ namespace KubernetesWorkflow
|
|||
return new Dictionary<string, string> { { "codex-test-node", "dist-test-" + workflowNumberSource.WorkflowNumber } };
|
||||
}
|
||||
|
||||
private IDictionary<string, string> GetMyNamespaceSelector()
|
||||
{
|
||||
return new Dictionary<string, string> { { "name", "thatisincorrect" } };
|
||||
}
|
||||
|
||||
private V1ObjectMeta CreateDeploymentMetadata()
|
||||
{
|
||||
return new V1ObjectMeta
|
||||
|
|
@ -333,7 +383,7 @@ namespace KubernetesWorkflow
|
|||
|
||||
if (!ports.Any())
|
||||
{
|
||||
// None of these container-recipes wish to expose anything via a serice port.
|
||||
// None of these container-recipes wish to expose anything via a service port.
|
||||
// So, we don't have to create a service.
|
||||
return (string.Empty, result);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,10 @@
|
|||
# Distributed System Tests for Nim-Codex
|
||||
|
||||
Using a common dotnet unit-test framework and a few other libraries, this project allows you to write tests that use multiple Codex node instances in various configurations to test the distributed system in a controlled, reproducable environment.
|
||||
|
||||
Nim-Codex: https://github.com/status-im/nim-codex
|
||||
Using a common dotnet unit-test framework and a few other libraries, this project allows you to write tests that use multiple Codex node instances in various configurations to test the distributed system in a controlled, reproducible environment.
|
||||
|
||||
|
||||
Nim-Codex: https://github.com/codex-storage/nim-codex
|
||||
Dotnet: v6.0
|
||||
Kubernetes: v1.25.4
|
||||
Dotnet-kubernetes SDK: v10.1.4 https://github.com/kubernetes-client/csharp
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ spec:
|
|||
spec:
|
||||
containers:
|
||||
- name: codex-node1
|
||||
image: thatbenbierens/nim-codex:sha-b204837
|
||||
image: codexstorage/nim-codex:sha-7b88ea0
|
||||
ports:
|
||||
- containerPort: 8080
|
||||
name: api-1
|
||||
|
|
@ -38,7 +38,7 @@ spec:
|
|||
- name: LISTEN_ADDRS
|
||||
value: "/ip4/0.0.0.0/tcp/8082"
|
||||
- name: codex-node2
|
||||
image: thatbenbierens/nim-codex:sha-b204837
|
||||
image: codexstorage/nim-codex:sha-7b88ea0
|
||||
ports:
|
||||
- containerPort: 8083
|
||||
name: api-2
|
||||
|
|
|
|||
Loading…
Reference in New Issue