status-im
/
cs-codex-dist-tests
mirror of
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update network policies

This commit is contained in:
Veaceslav Doina 2023-05-30 22:41:34 +03:00
parent 87f3b9ec00
commit 9bd896633b
No known key found for this signature in database
GPG Key ID: 351E7AA9BD0DFEB8
1 changed files with 65 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
KubernetesWorkflow/K8sController.cs
View File

@ -148,10 +148,7 @@ namespace KubernetesWorkflow
}, },
Spec = new V1NetworkPolicySpec Spec = new V1NetworkPolicySpec
{ {
PodSelector = new V1LabelSelector PodSelector = new V1LabelSelector {},
{
MatchLabels = GetSelector()
},
PolicyTypes = new[] PolicyTypes = new[]
{ {
"Ingress", "Ingress",
@ -165,16 +162,23 @@ namespace KubernetesWorkflow
{ {
new V1NetworkPolicyPeer new V1NetworkPolicyPeer
{ {
NamespaceSelector = new V1LabelSelector PodSelector = new V1LabelSelector {}
{
MatchLabels = GetMyNamespaceSelector()
}
} }
} }
} }
}, },
Egress = new List<V1NetworkPolicyEgressRule> Egress = new List<V1NetworkPolicyEgressRule>
{ {
new V1NetworkPolicyEgressRule
{
To = new List<V1NetworkPolicyPeer>
{
new V1NetworkPolicyPeer
{
PodSelector = new V1LabelSelector {}
}
}
},
new V1NetworkPolicyEgressRule new V1NetworkPolicyEgressRule
{ {
To = new List<V1NetworkPolicyPeer> To = new List<V1NetworkPolicyPeer>
@ -183,11 +187,62 @@ namespace KubernetesWorkflow
{ {
NamespaceSelector = new V1LabelSelector NamespaceSelector = new V1LabelSelector
{ {
MatchLabels = GetMyNamespaceSelector() MatchLabels = new Dictionary<string, string> { { "kubernetes.io/metadata.name", "kube-system" } }
} }
},
new V1NetworkPolicyPeer
{
PodSelector = new V1LabelSelector
{
MatchLabels = new Dictionary<string, string> { { "k8s-app", "kube-dns" } }
}
}
},
Ports = new List<V1NetworkPolicyPort>
{
new V1NetworkPolicyPort
{
Port = new IntstrIntOrString
{
Value = "53"
},
Protocol = "UDP"
}
}
},
new V1NetworkPolicyEgressRule
{
To = new List<V1NetworkPolicyPeer>
{
new V1NetworkPolicyPeer
{
IpBlock = new V1IPBlock
{
Cidr = "0.0.0.0/0"
}
}
},
Ports = new List<V1NetworkPolicyPort>
{
new V1NetworkPolicyPort
{
Port = new IntstrIntOrString
{
Value = "80"
},
Protocol = "TCP"
},
new V1NetworkPolicyPort
{
Port = new IntstrIntOrString
{
Value = "443"
},
Protocol = "TCP"
} }
} }
} }
} }
} }
}; };
@ -255,11 +310,6 @@ namespace KubernetesWorkflow
return new Dictionary<string, string> { { "codex-test-node", "dist-test-" + workflowNumberSource.WorkflowNumber } }; return new Dictionary<string, string> { { "codex-test-node", "dist-test-" + workflowNumberSource.WorkflowNumber } };
} }
private IDictionary<string, string> GetMyNamespaceSelector()
{
return new Dictionary<string, string> { { "name", "thatisincorrect" } };
}
private V1ObjectMeta CreateDeploymentMetadata() private V1ObjectMeta CreateDeploymentMetadata()
{ {
return new V1ObjectMeta return new V1ObjectMeta
@ -333,7 +383,7 @@ namespace KubernetesWorkflow
if (!ports.Any()) if (!ports.Any())
{ {
// None of these container-recipes wish to expose anything via a serice port. // None of these container-recipes wish to expose anything via a service port.
// So, we don't have to create a service. // So, we don't have to create a service.
return (string.Empty, result); return (string.Empty, result);
} }