Runtime refactoring and NetworkPolicy support (#2016)

2020-10-14 02:54:05 +13:00
parent 5e35d89b38
commit 1a962e46fd
13 changed files with 877 additions and 362 deletions
--- a/util/kubernetes/api/request.go
+++ b/util/kubernetes/api/request.go
@@ -168,6 +168,9 @@ func (r *Request) request() (*http.Request, error) {
 	case "deployment":
 		// /apis/apps/v1/namespaces/{namespace}/deployments/{name}
 		url = fmt.Sprintf("%s/apis/apps/v1/namespaces/%s/%ss/", r.host, r.namespace, r.resource)
+	case "networkpolicy", "networkpolicies":
+		// /apis/networking.k8s.io/v1/namespaces/{namespace}/networkpolicies
+		url = fmt.Sprintf("%s/apis/networking.k8s.io/v1/namespaces/%s/networkpolicies/", r.host, r.namespace)
 	default:
 		// /api/v1/namespaces/{namespace}/{resource}
 		url = fmt.Sprintf("%s/api/v1/namespaces/%s/%ss/", r.host, r.namespace, r.resource)
--- a/util/kubernetes/client/client.go
+++ b/util/kubernetes/client/client.go
@@ -156,6 +156,8 @@ func (c *client) Update(r *Resource, opts ...UpdateOption) error {
 		req.Body(r.Value.(*Deployment))
 	case "pod":
 		req.Body(r.Value.(*Pod))
+	case "networkpolicy", "networkpolicies":
+		req.Body(r.Value.(*NetworkPolicy))
 	default:
 		return errors.New("unsupported resource")
 	}
--- a/util/kubernetes/client/templates.go
+++ b/util/kubernetes/client/templates.go
@@ -1,11 +1,13 @@
 package client

 var templates = map[string]string{
-	"deployment":     deploymentTmpl,
-	"service":        serviceTmpl,
-	"namespace":      namespaceTmpl,
-	"secret":         secretTmpl,
-	"serviceaccount": serviceAccountTmpl,
+	"deployment":      deploymentTmpl,
+	"service":         serviceTmpl,
+	"namespace":       namespaceTmpl,
+	"secret":          secretTmpl,
+	"serviceaccount":  serviceAccountTmpl,
+	"networkpolicies": networkPolicyTmpl,
+	"networkpolicy":   networkPolicyTmpl,
 }

 var deploymentTmpl = `
@@ -239,3 +241,31 @@ imagePullSecrets:
 {{- end }}
 {{- end }}
 `
+
+var networkPolicyTmpl = `
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: "{{ .Metadata.Name }}"
+  namespace: "{{ .Metadata.Namespace }}"
+  labels:
+    {{- with .Metadata.Labels }}
+    {{- range $key, $value := . }}
+    {{ $key }}: "{{ $value }}"
+    {{- end }}
+    {{- end }}
+spec:
+  podSelector:
+    matchLabels:
+  ingress:
+  - from: # Allow pods in this namespace to talk to each other
+    - podSelector: {}
+  - from: # Allow pods in the namespaces bearing the specified labels to talk to pods in this namespace:
+    - namespaceSelector:
+        matchLabels:
+          {{- with .AllowedLabels }}
+          {{- range $key, $value := . }}
+          {{ $key }}: "{{ $value }}"
+          {{- end }}
+          {{- end }}
+`
--- a/util/kubernetes/client/types.go
+++ b/util/kubernetes/client/types.go
@@ -267,3 +267,9 @@ type VolumeMount struct {
 	Name      string `json:"name"`
 	MountPath string `json:"mountPath"`
 }
+
+// NetworkPolicy is a Kubernetes Namespace
+type NetworkPolicy struct {
+	AllowedLabels map[string]string `json:"allowedLabels,omitempty"`
+	Metadata      *Metadata         `json:"metadata,omitempty"`
+}