This repository has been archived by the owner on Oct 23, 2023. It is now read-only.
/
runner.go
145 lines (112 loc) · 3.19 KB
/
runner.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
package defaultnetpol
import (
"context"
"github.com/giantswarm/k8sclient/v5/pkg/k8sclient"
"github.com/giantswarm/microerror"
"github.com/giantswarm/micrologger"
"github.com/spf13/cobra"
k8sruntimeclient "sigs.k8s.io/controller-runtime/pkg/client"
"github.com/giantswarm/awscnfm/v15/pkg/client"
"github.com/giantswarm/awscnfm/v15/pkg/env"
"github.com/giantswarm/awscnfm/v15/pkg/key"
)
type runner struct {
flag *flag
logger micrologger.Logger
}
func (r *runner) Run(cmd *cobra.Command, args []string) error {
ctx := context.Background()
err := r.flag.Validate()
if err != nil {
return microerror.Mask(err)
}
err = r.run(ctx, cmd, args)
if err != nil {
return microerror.Mask(err)
}
return nil
}
func (r *runner) run(ctx context.Context, cmd *cobra.Command, args []string) error {
var err error
var cpClients k8sclient.Interface
{
c := client.ControlPlaneConfig{
Logger: r.logger,
KubeConfig: env.ControlPlaneKubeConfig(),
}
cpClients, err = client.NewControlPlane(c)
if err != nil {
return microerror.Mask(err)
}
}
var tcClients k8sclient.Interface
{
c := client.TenantClusterConfig{
ControlPlane: cpClients,
Logger: r.logger,
TenantCluster: r.flag.TenantCluster,
}
tcClients, err = client.NewTenantCluster(c)
if err != nil {
return microerror.Mask(err)
}
}
dockerRegistry, err := key.FetchDockerRegistry(ctx, cpClients.CtrlClient())
if err != nil {
return microerror.Mask(err)
}
err = r.createTestNamespace(ctx, tcClients.CtrlClient())
if err != nil {
return microerror.Mask(err)
}
err = r.createDefaultNetpol(ctx, tcClients.CtrlClient())
if err != nil {
return microerror.Mask(err)
}
err = r.createTestPod(ctx, tcClients.CtrlClient(), dockerRegistry)
if err != nil {
return microerror.Mask(err)
}
err = r.createTestSvc(ctx, tcClients.CtrlClient())
if err != nil {
return microerror.Mask(err)
}
return nil
}
// createTestNamespace will create a test namespace
func (r *runner) createTestNamespace(ctx context.Context, ctrlClient k8sruntimeclient.Client) error {
ns := netPolTestNamespace()
err := ctrlClient.Create(ctx, ns)
if err != nil {
return microerror.Mask(err)
}
return nil
}
// createDefaultNetpol will create a default network policy 'deny-from-all' in the test namespace
func (r *runner) createDefaultNetpol(ctx context.Context, ctrlClient k8sruntimeclient.Client) error {
networkPolicy := defaultNetworkPolicy()
err := ctrlClient.Create(ctx, networkPolicy)
if err != nil {
return microerror.Mask(err)
}
return nil
}
// createTestPod will create a pod running and exposing nginx in the test namespace
// the pod will be used to test the network policy
func (r *runner) createTestPod(ctx context.Context, ctrlClient k8sruntimeclient.Client, dockerRegistry string) error {
pod := nginxTestPod(dockerRegistry)
err := ctrlClient.Create(ctx, pod)
if err != nil {
return microerror.Mask(err)
}
return nil
}
// createTestSvc will create a service pointing to the nginx test pod
func (r *runner) createTestSvc(ctx context.Context, ctrlClient k8sruntimeclient.Client) error {
svc := nginxTestPodService()
err := ctrlClient.Create(ctx, svc)
if err != nil {
return microerror.Mask(err)
}
return nil
}