From fa99ef1a112c66dac3897eba1448b884a0bc9871 Mon Sep 17 00:00:00 2001 From: Antonio Ojea Date: Tue, 14 May 2024 17:18:36 +0000 Subject: [PATCH] install network policies --- .../installnetworkpolicies/networkpolicies.go | 75 +++++++++++++++++++ pkg/cluster/internal/create/create.go | 4 +- 2 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 pkg/cluster/internal/create/actions/installnetworkpolicies/networkpolicies.go diff --git a/pkg/cluster/internal/create/actions/installnetworkpolicies/networkpolicies.go b/pkg/cluster/internal/create/actions/installnetworkpolicies/networkpolicies.go new file mode 100644 index 0000000000..7562797009 --- /dev/null +++ b/pkg/cluster/internal/create/actions/installnetworkpolicies/networkpolicies.go @@ -0,0 +1,75 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Package installnetworkpolicies implements the install Network Policy action +package installnetworkpolicies + +import ( + "bytes" + "strings" + + "sigs.k8s.io/kind/pkg/errors" + + "sigs.k8s.io/kind/pkg/cluster/internal/create/actions" + "sigs.k8s.io/kind/pkg/cluster/nodeutils" +) + +type action struct{} + +// NewAction returns a new action for installing storage +func NewAction() actions.Action { + return &action{} +} + +// Execute runs the action +func (a *action) Execute(ctx *actions.ActionContext) error { + ctx.Status.Start("Installing Network Policies 🔒") + defer ctx.Status.End(false) + + allNodes, err := ctx.Nodes() + if err != nil { + return err + } + + // get the target node for this task + controlPlanes, err := nodeutils.ControlPlaneNodes(allNodes) + if err != nil { + return err + } + node := controlPlanes[0] // kind expects at least one always + + // read the manifest from the node + var raw bytes.Buffer + if err := node.Command("cat", "/kind/manifests/default-network-policy.yaml").SetStdout(&raw).Run(); err != nil { + return errors.Wrap(err, "failed to read Network Policies manifest") + } + manifest := raw.String() + + // apply the manifest + in := strings.NewReader(manifest) + cmd := node.Command( + "kubectl", + "--kubeconfig=/etc/kubernetes/admin.conf", "apply", "-f", "-", + ) + cmd.SetStdin(in) + if err := cmd.Run(); err != nil { + return err + } + + // mark success + ctx.Status.End(true) + return nil +} diff --git a/pkg/cluster/internal/create/create.go b/pkg/cluster/internal/create/create.go index 351ba6c754..c9fc25d743 100644 --- a/pkg/cluster/internal/create/create.go +++ b/pkg/cluster/internal/create/create.go @@ -34,6 +34,7 @@ import ( "sigs.k8s.io/kind/pkg/cluster/internal/create/actions" configaction "sigs.k8s.io/kind/pkg/cluster/internal/create/actions/config" "sigs.k8s.io/kind/pkg/cluster/internal/create/actions/installcni" + "sigs.k8s.io/kind/pkg/cluster/internal/create/actions/installnetworkpolicies" "sigs.k8s.io/kind/pkg/cluster/internal/create/actions/installstorage" "sigs.k8s.io/kind/pkg/cluster/internal/create/actions/kubeadminit" "sigs.k8s.io/kind/pkg/cluster/internal/create/actions/kubeadmjoin" @@ -118,7 +119,8 @@ func Cluster(logger log.Logger, p providers.Provider, opts *ClusterOptions) erro // this step might be skipped, but is next after init if !opts.Config.Networking.DisableDefaultCNI { actionsToRun = append(actionsToRun, - installcni.NewAction(), // install CNI + installcni.NewAction(), // install CNI + installnetworkpolicies.NewAction(), // install Network Policies ) } // add remaining steps